2 # Blackbox tests for net ads dns register etc.
3 # Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org>
8 Usage: test_net_ads_dns.sh SERVER DC_USERNAME DC_PASSWORD REALM USER PASS
22 samba4bindir
="$BINDIR"
24 if test -x $BINDIR/samba4kinit
; then
25 samba4kinit
=$BINDIR/samba4kinit
28 samba_tool
="$samba4bindir/samba-tool"
29 net_tool
="$samba4bindir/net"
30 smbpasswd
="$samba4bindir/smbpasswd"
31 texpect
="$samba4bindir/texpect"
33 if test -x $BINDIR/samba4kpasswd
; then
34 samba4kpasswd
=$BINDIR/samba4kpasswd
36 ldbsearch
="$samba4bindir/ldbsearch"
37 ldbmodify
="$samba4bindir/ldbmodify"
39 newuser
="$samba_tool user create"
40 groupaddmem
="$samba_tool group addmembers"
42 .
`dirname $0`/subunit.sh
45 export UID_WRAPPER_ROOT
53 UNPRIVPASS
=UnPrivPass1
55 # These tests check that privileged users can add DNS names and that
56 # unprivileged users cannot do so.
59 testit
"admin user should be able to add a DNS entry $NAME.$REALM $IPADDRESS" $VALGRIND $net_tool ads dns register
$NAME.
$REALM $IPADDRESS -U$DC_USERNAME%$DC_PASSWORD || failed
=`expr $failed + 1`
61 # The complicated pipeline is to ensure that we remove exclamation points
62 # and spaces from the output. Thew will screw up the comparison syntax.
63 testit
"We should be able to see the new name $NAME.$REALM" [ X
"`$VALGRIND $net_tool ads dns gethostbyname $SERVER $NAME.$REALM -U$DC_USERNAME%$DC_PASSWORD | tr \! N | tr " " B`" = X
"$IPADDRESS" ] || failed
=`expr $failed + 1`
65 testit
"We should be able to unregister the name $NAME.$REALM $IPADDRESS" $VALGRIND $net_tool ads dns unregister
$NAME.
$REALM -U$DC_USERNAME%$DC_PASSWORD || failed
=`expr $failed + 1`
67 # The complicated pipeline is to ensure that we remove exclamation points
68 # and spaces from the output. Thew will screw up the comparison syntax.
69 testit
"The name $NAME.$REALM should not be there any longer" test X
"`$net_tool ads dns gethostbyname $SERVER $NAME.$REALM -U$DC_USERNAME%$DC_PASSWORD | tr " " B | tr \! N`" != X
"$IPADDRESS" || failed
=`expr $failed + 1`
71 # This should be an expect_failure test ...
72 testit
"Adding an unprivileged user" $VALGRIND $net_tool user add
$UNPRIVUSER $UNPRIVPASS -U$DC_USERNAME%$DC_PASSWORD || failed
=`expr $failed + 1`
74 BASEDN
=$
($VALGRIND $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap
://$SERVER.
$REALM -b '' -s base defaultNamingContext |
grep defaultNamingContext |
sed -e 's!^defaultNamingContext: !!')
76 LDIF
="dn: CN=$UNPRIVUSER,CN=users,${BASEDN}+changetype: modify+replace: userAccountControl+userAccountControl: 512"
78 echo $LDIF |
tr '+' '\n' |
$VALGRIND $ldbmodify -U$DC_USERNAME%$DC_PASSWORD -H ldap
://$SERVER.
$REALM -i
81 testit
"We should have enabled the account" test $STATUS -eq 0 || failed
=`expr $failed + 1`
83 #Unprivileged users should be able to add new names
84 testit
"Unprivileged users should be able to add new names" $net_tool ads dns register
$UNPRIVNAME.
$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed
=`expr $failed + 1`
86 # This should work as well
87 testit
"machine account should be able to add a DNS entry net ads dns register membername.$REALM $IPADDRMAC -P " $net_tool ads dns register membername.
$REALM $IPADDRMAC -P || failed
=`expr $failed + 1`
89 # The complicated pipeline is to ensure that we remove exclamation points
90 # and spaces from the output. Thew will screw up the comparison syntax.
91 testit
"We should be able to see the new name membername.$REALM using -P" [ X
"`$VALGRIND $net_tool ads dns gethostbyname $SERVER membername.$REALM -P | tr \! N | tr " " B`" = X
"$IPADDRMAC" ] || failed
=`expr $failed + 1`
93 #Unprivileged users should not be able to overwrite other's names
94 testit_expect_failure
"Unprivileged users should not be able modify existing names" $net_tool ads dns register membername.
$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed
=`expr $failed + 1`
96 testit
"We should be able to unregister the name $NAME.$REALM $IPADDRESS" $VALGRIND $net_tool ads dns unregister
$NAME.
$REALM -P || failed
=`expr $failed + 1`
98 # The complicated pipeline is to ensure that we remove exclamation points
99 # and spaces from the output. Thew will screw up the comparison syntax.
100 testit
"The name $NAME.$REALM should not be there any longer" test X
"`$net_tool ads dns gethostbyname $SERVER $NAME.$REALM -P | tr " " B | tr \! N`" != X
"$IPADDRESS" || failed
=`expr $failed + 1`