search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dsdb-samldb: Only allow known and settable userAccountControl bits to be set
[Samba.git] / source4 / torture / dns / dlz_bind9.c
blobde07f67e8140e5a57fac4b6838484a126c96032d
1 /*
2 Unix SMB/CIFS implementation.
3 SMB torture tester
4 Copyright (C) Andrew Bartlett 2012
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "torture/smbtorture.h"
22 #include "dlz_minimal.h"
23 #include <talloc.h>
24 #include <ldb.h>
25 #include "lib/param/param.h"
26 #include "dsdb/samdb/samdb.h"
27 #include "dsdb/common/util.h"
28 #include "auth/session.h"
29 #include "auth/gensec/gensec.h"
30 #include "auth/credentials/credentials.h"
31 #include "lib/cmdline/popt_common.h"
32
33 struct torture_context *tctx_static;
34
35 static void dlz_bind9_log_wrapper(int level, const char *fmt, ...)
36 {
37 va_list ap;
38 char *msg;
39 va_start(ap, fmt);
40 msg = talloc_vasprintf(NULL, fmt, ap);
41 torture_comment(tctx_static, "%s\n", msg);
42 TALLOC_FREE(msg);
43 va_end(ap);
44 }
45
46 static bool test_dlz_bind9_version(struct torture_context *tctx)
47 {
48 unsigned int flags = 0;
49 torture_assert_int_equal(tctx, dlz_version(&flags),
50 DLZ_DLOPEN_VERSION, "got wrong DLZ version");
51 return true;
52 }
53
54 static bool test_dlz_bind9_create(struct torture_context *tctx)
55 {
56 void *dbdata;
57 const char *argv[] = {
58 "samba_dlz",
59 "-H",
60 lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
61 NULL
62 };
63 tctx_static = tctx;
64 torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata,
65 "log", dlz_bind9_log_wrapper, NULL), ISC_R_SUCCESS,
66 "Failed to create samba_dlz");
67
68 dlz_destroy(dbdata);
69
70 return true;
71 }
72
73 static isc_result_t dlz_bind9_writeable_zone_hook(dns_view_t *view,
74 const char *zone_name)
75 {
76 struct torture_context *tctx = talloc_get_type((void *)view, struct torture_context);
77 struct ldb_context *samdb = samdb_connect_url(tctx, NULL, tctx->lp_ctx,
78 system_session(tctx->lp_ctx),
79 0, lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"));
80 struct ldb_message *msg;
81 int ret;
82 const char *attrs[] = {
83 NULL
84 };
85 if (!samdb) {
86 torture_fail(tctx, "Failed to connect to samdb");
87 return ISC_R_FAILURE;
88 }
89
90 ret = dsdb_search_one(samdb, tctx, &msg, NULL,
91 LDB_SCOPE_SUBTREE, attrs, DSDB_SEARCH_SEARCH_ALL_PARTITIONS,
92 "(&(objectClass=dnsZone)(name=%s))", zone_name);
93 if (ret != LDB_SUCCESS) {
94 torture_fail(tctx, talloc_asprintf(tctx, "Failed to search for %s: %s", zone_name, ldb_errstring(samdb)));
95 return ISC_R_FAILURE;
96 }
97 talloc_free(msg);
98
99 return ISC_R_SUCCESS;
100 }
101
102 static bool test_dlz_bind9_configure(struct torture_context *tctx)
103 {
104 void *dbdata;
105 const char *argv[] = {
106 "samba_dlz",
107 "-H",
108 lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
109 NULL
110 };
111 tctx_static = tctx;
112 torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata,
113 "log", dlz_bind9_log_wrapper,
114 "writeable_zone", dlz_bind9_writeable_zone_hook, NULL),
115 ISC_R_SUCCESS,
116 "Failed to create samba_dlz");
117
118 torture_assert_int_equal(tctx, dlz_configure((void*)tctx, dbdata),
119 ISC_R_SUCCESS,
120 "Failed to configure samba_dlz");
121
122 dlz_destroy(dbdata);
123
124 return true;
125 }
126
127 /*
128 * Test that a ticket obtained for the DNS service will be accepted on the Samba DLZ side
129 *
130 */
131 static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech)
132 {
133 NTSTATUS status;
134
135 struct gensec_security *gensec_client_context;
136
137 DATA_BLOB client_to_server, server_to_client;
138
139 void *dbdata;
140 const char *argv[] = {
141 "samba_dlz",
142 "-H",
143 lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
144 NULL
145 };
146 tctx_static = tctx;
147 torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata,
148 "log", dlz_bind9_log_wrapper,
149 "writeable_zone", dlz_bind9_writeable_zone_hook, NULL),
150 ISC_R_SUCCESS,
151 "Failed to create samba_dlz");
152
153 torture_assert_int_equal(tctx, dlz_configure((void*)tctx, dbdata),
154 ISC_R_SUCCESS,
155 "Failed to configure samba_dlz");
156
157 status = gensec_client_start(tctx, &gensec_client_context,
158 lpcfg_gensec_settings(tctx, tctx->lp_ctx));
159 torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
160
161 /*
162 * dlz_bind9 use the special dns/host.domain account
163 */
164 status = gensec_set_target_hostname(gensec_client_context,
165 talloc_asprintf(tctx,
166 "%s.%s",
167 torture_setting_string(tctx, "host", NULL),
168 lpcfg_dnsdomain(tctx->lp_ctx)));
169 torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed");
170
171 status = gensec_set_target_service(gensec_client_context, "dns");
172 torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_service failed");
173
174 status = gensec_set_credentials(gensec_client_context, cmdline_credentials);
175 torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
176
177 status = gensec_start_mech_by_sasl_name(gensec_client_context, mech);
178 torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
179
180 server_to_client = data_blob(NULL, 0);
181
182 /* Do one step of the client-server update dance */
183 status = gensec_update(gensec_client_context, tctx, server_to_client, &client_to_server);
184 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
185 torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
186 }
187
188 torture_assert_int_equal(tctx, dlz_ssumatch(cli_credentials_get_username(cmdline_credentials),
189 lpcfg_dnsdomain(tctx->lp_ctx),
190 "127.0.0.1", "type", "key",
191 client_to_server.length,
192 client_to_server.data,
193 dbdata),
194 ISC_TRUE,
195 "Failed to check key for update rights samba_dlz");
196
197 dlz_destroy(dbdata);
198
199 return true;
200 }
201
202 static bool test_dlz_bind9_gssapi(struct torture_context *tctx)
203 {
204 return test_dlz_bind9_gensec(tctx, "GSSAPI");
205 }
206
207 static bool test_dlz_bind9_spnego(struct torture_context *tctx)
208 {
209 return test_dlz_bind9_gensec(tctx, "GSS-SPNEGO");
210 }
211
212 struct test_expected_record {
213 const char *name;
214 const char *type;
215 const char *data;
216 int ttl;
217 bool printed;
218 };
219
220 struct test_expected_rr {
221 struct torture_context *tctx;
222 const char *query_name;
223 size_t num_records;
224 struct test_expected_record *records;
225 size_t num_rr;
226 };
227
228 static bool dlz_bind9_putnamedrr_torture_hook(struct test_expected_rr *expected,
229 const char *name,
230 const char *type,
231 dns_ttl_t ttl,
232 const char *data)
233 {
234 size_t i;
235
236 torture_assert(expected->tctx, name != NULL,
237 talloc_asprintf(expected->tctx,
238 "Got unnamed record type[%s] data[%s]\n",
239 type, data));
240
241 expected->num_rr++;
242 torture_comment(expected->tctx, "%u: name[%s] type[%s] ttl[%u] data[%s]\n",
243 (unsigned)expected->num_rr, name, type, (unsigned)ttl, data);
244
245 for (i = 0; i < expected->num_records; i++) {
246 if (expected->records[i].name != NULL) {
247 if (strcmp(name, expected->records[i].name) != 0) {
248 continue;
249 }
250 }
251
252 if (strcmp(type, expected->records[i].type) != 0) {
253 continue;
254 }
255
256 if (expected->records[i].data != NULL) {
257 if (strcmp(data, expected->records[i].data) != 0) {
258 continue;
259 }
260 }
261
262 torture_assert_int_equal(expected->tctx, ttl,
263 expected->records[i].ttl,
264 talloc_asprintf(expected->tctx,
265 "TTL did not match expectations for type %s",
266 type));
267
268 expected->records[i].printed = true;
269 }
270
271 return true;
272 }
273
274 static isc_result_t dlz_bind9_putrr_hook(dns_sdlzlookup_t *lookup,
275 const char *type,
276 dns_ttl_t ttl,
277 const char *data)
278 {
279 struct test_expected_rr *expected =
280 talloc_get_type_abort(lookup, struct test_expected_rr);
281 bool ok;
282
283 ok = dlz_bind9_putnamedrr_torture_hook(expected, expected->query_name,
284 type, ttl, data);
285 if (!ok) {
286 return ISC_R_FAILURE;
287 }
288
289 return ISC_R_SUCCESS;
290 }
291
292 static isc_result_t dlz_bind9_putnamedrr_hook(dns_sdlzallnodes_t *allnodes,
293 const char *name,
294 const char *type,
295 dns_ttl_t ttl,
296 const char *data)
297 {
298 struct test_expected_rr *expected =
299 talloc_get_type_abort(allnodes, struct test_expected_rr);
300 bool ok;
301
302 ok = dlz_bind9_putnamedrr_torture_hook(expected, name, type, ttl, data);
303 if (!ok) {
304 return ISC_R_FAILURE;
305 }
306
307 return ISC_R_SUCCESS;
308 }
309
310 /*
311 * Tests some lookups
312 */
313 static bool test_dlz_bind9_lookup(struct torture_context *tctx)
314 {
315 size_t i;
316 void *dbdata;
317 const char *argv[] = {
318 "samba_dlz",
319 "-H",
320 lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
321 NULL
322 };
323 struct test_expected_rr *expected1 = NULL;
324 struct test_expected_rr *expected2 = NULL;
325
326 tctx_static = tctx;
327 torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata,
328 "log", dlz_bind9_log_wrapper,
329 "writeable_zone", dlz_bind9_writeable_zone_hook,
330 "putrr", dlz_bind9_putrr_hook,
331 "putnamedrr", dlz_bind9_putnamedrr_hook,
332 NULL),
333 ISC_R_SUCCESS,
334 "Failed to create samba_dlz");
335
336 torture_assert_int_equal(tctx, dlz_configure((void*)tctx, dbdata),
337 ISC_R_SUCCESS,
338 "Failed to configure samba_dlz");
339
340 expected1 = talloc_zero(tctx, struct test_expected_rr);
341 torture_assert(tctx, expected1 != NULL, "talloc failed");
342 expected1->tctx = tctx;
343
344 expected1->query_name = "@";
345
346 expected1->num_records = 4;
347 expected1->records = talloc_zero_array(expected1,
348 struct test_expected_record,
349 expected1->num_records);
350 torture_assert(tctx, expected1->records != NULL, "talloc failed");
351
352 expected1->records[0].name = expected1->query_name;
353 expected1->records[0].type = "soa";
354 expected1->records[0].ttl = 3600;
355 expected1->records[0].data = talloc_asprintf(expected1->records,
356 "%s.%s. hostmaster.%s. 1 900 600 86400 3600",
357 torture_setting_string(tctx, "host", NULL),
358 lpcfg_dnsdomain(tctx->lp_ctx),
359 lpcfg_dnsdomain(tctx->lp_ctx));
360 torture_assert(tctx, expected1->records[0].data != NULL, "talloc failed");
361
362 expected1->records[1].name = expected1->query_name;
363 expected1->records[1].type = "ns";
364 expected1->records[1].ttl = 900;
365 expected1->records[1].data = talloc_asprintf(expected1->records, "%s.%s.",
366 torture_setting_string(tctx, "host", NULL),
367 lpcfg_dnsdomain(tctx->lp_ctx));
368 torture_assert(tctx, expected1->records[1].data != NULL, "talloc failed");
369
370 expected1->records[2].name = expected1->query_name;
371 expected1->records[2].type = "aaaa";
372 expected1->records[2].ttl = 900;
373
374 expected1->records[3].name = expected1->query_name;
375 expected1->records[3].type = "a";
376 expected1->records[3].ttl = 900;
377
378 torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
379 expected1->query_name, dbdata,
380 (dns_sdlzlookup_t *)expected1),
381 ISC_R_SUCCESS,
382 "Failed to lookup @");
383 for (i = 0; i < expected1->num_records; i++) {
384 torture_assert(tctx, expected1->records[i].printed,
385 talloc_asprintf(tctx,
386 "Failed to have putrr callback run for type %s",
387 expected1->records[i].type));
388 }
389 torture_assert_int_equal(tctx, expected1->num_rr,
390 expected1->num_records,
391 "Got too much data");
392
393 expected2 = talloc_zero(tctx, struct test_expected_rr);
394 torture_assert(tctx, expected2 != NULL, "talloc failed");
395 expected2->tctx = tctx;
396
397 expected2->query_name = torture_setting_string(tctx, "host", NULL);
398 torture_assert(tctx, expected2->query_name != NULL, "unknown host");
399
400 expected2->num_records = 2;
401 expected2->records = talloc_zero_array(expected2,
402 struct test_expected_record,
403 expected2->num_records);
404 torture_assert(tctx, expected2->records != NULL, "talloc failed");
405
406 expected2->records[0].name = expected2->query_name;
407 expected2->records[0].type = "aaaa";
408 expected2->records[0].ttl = 900;
409
410 expected2->records[1].name = expected2->query_name;
411 expected2->records[1].type = "a";
412 expected2->records[1].ttl = 900;
413
414 torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
415 expected2->query_name, dbdata,
416 (dns_sdlzlookup_t *)expected2),
417 ISC_R_SUCCESS,
418 "Failed to lookup hostname");
419 for (i = 0; i < expected2->num_records; i++) {
420 torture_assert(tctx, expected2->records[i].printed,
421 talloc_asprintf(tctx,
422 "Failed to have putrr callback run name[%s] for type %s",
423 expected2->records[i].name,
424 expected2->records[i].type));
425 }
426 torture_assert_int_equal(tctx, expected2->num_rr,
427 expected2->num_records,
428 "Got too much data");
429
430 dlz_destroy(dbdata);
431
432 return true;
433 }
434
435 /*
436 * Test some zone dumps
437 */
438 static bool test_dlz_bind9_zonedump(struct torture_context *tctx)
439 {
440 size_t i;
441 void *dbdata;
442 const char *argv[] = {
443 "samba_dlz",
444 "-H",
445 lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
446 NULL
447 };
448 struct test_expected_rr *expected1 = NULL;
449
450 tctx_static = tctx;
451 torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata,
452 "log", dlz_bind9_log_wrapper,
453 "writeable_zone", dlz_bind9_writeable_zone_hook,
454 "putrr", dlz_bind9_putrr_hook,
455 "putnamedrr", dlz_bind9_putnamedrr_hook,
456 NULL),
457 ISC_R_SUCCESS,
458 "Failed to create samba_dlz");
459
460 torture_assert_int_equal(tctx, dlz_configure((void*)tctx, dbdata),
461 ISC_R_SUCCESS,
462 "Failed to configure samba_dlz");
463
464 expected1 = talloc_zero(tctx, struct test_expected_rr);
465 torture_assert(tctx, expected1 != NULL, "talloc failed");
466 expected1->tctx = tctx;
467
468 expected1->num_records = 7;
469 expected1->records = talloc_zero_array(expected1,
470 struct test_expected_record,
471 expected1->num_records);
472 torture_assert(tctx, expected1->records != NULL, "talloc failed");
473
474 expected1->records[0].name = talloc_asprintf(expected1->records,
475 "%s.", lpcfg_dnsdomain(tctx->lp_ctx));
476 expected1->records[0].type = "soa";
477 expected1->records[0].ttl = 3600;
478 expected1->records[0].data = talloc_asprintf(expected1->records,
479 "%s.%s. hostmaster.%s. 1 900 600 86400 3600",
480 torture_setting_string(tctx, "host", NULL),
481 lpcfg_dnsdomain(tctx->lp_ctx),
482 lpcfg_dnsdomain(tctx->lp_ctx));
483 torture_assert(tctx, expected1->records[0].data != NULL, "talloc failed");
484
485 expected1->records[1].name = talloc_asprintf(expected1->records,
486 "%s.", lpcfg_dnsdomain(tctx->lp_ctx));
487 expected1->records[1].type = "ns";
488 expected1->records[1].ttl = 900;
489 expected1->records[1].data = talloc_asprintf(expected1->records, "%s.%s.",
490 torture_setting_string(tctx, "host", NULL),
491 lpcfg_dnsdomain(tctx->lp_ctx));
492 torture_assert(tctx, expected1->records[1].data != NULL, "talloc failed");
493
494 expected1->records[2].name = talloc_asprintf(expected1->records,
495 "%s.", lpcfg_dnsdomain(tctx->lp_ctx));
496 expected1->records[2].type = "aaaa";
497 expected1->records[2].ttl = 900;
498
499 expected1->records[3].name = talloc_asprintf(expected1->records,
500 "%s.", lpcfg_dnsdomain(tctx->lp_ctx));
501 expected1->records[3].type = "a";
502 expected1->records[3].ttl = 900;
503
504 expected1->records[4].name = talloc_asprintf(expected1->records, "%s.%s.",
505 torture_setting_string(tctx, "host", NULL),
506 lpcfg_dnsdomain(tctx->lp_ctx));
507 torture_assert(tctx, expected1->records[4].name != NULL, "unknown host");
508 expected1->records[4].type = "aaaa";
509 expected1->records[4].ttl = 900;
510
511 expected1->records[5].name = talloc_asprintf(expected1->records, "%s.%s.",
512 torture_setting_string(tctx, "host", NULL),
513 lpcfg_dnsdomain(tctx->lp_ctx));
514 torture_assert(tctx, expected1->records[5].name != NULL, "unknown host");
515 expected1->records[5].type = "a";
516 expected1->records[5].ttl = 900;
517
518 /*
519 * We expect multiple srv records
520 */
521 expected1->records[6].name = NULL;
522 expected1->records[6].type = "srv";
523 expected1->records[6].ttl = 900;
524
525 torture_assert_int_equal(tctx, dlz_allnodes(lpcfg_dnsdomain(tctx->lp_ctx),
526 dbdata, (dns_sdlzallnodes_t *)expected1),
527 ISC_R_SUCCESS,
528 "Failed to configure samba_dlz");
529 for (i = 0; i < expected1->num_records; i++) {
530 torture_assert(tctx, expected1->records[i].printed,
531 talloc_asprintf(tctx,
532 "Failed to have putrr callback run name[%s] for type %s",
533 expected1->records[i].name,
534 expected1->records[i].type));
535 }
536 torture_assert_int_equal(tctx, expected1->num_rr, 24,
537 "Got wrong record count");
538
539 dlz_destroy(dbdata);
540
541 return true;
542 }
543
544 /*
545 * Test some updates
546 */
547 static bool test_dlz_bind9_update01(struct torture_context *tctx)
548 {
549 NTSTATUS status;
550 struct gensec_security *gensec_client_context;
551 DATA_BLOB client_to_server, server_to_client;
552 void *dbdata;
553 void *version = NULL;
554 const char *argv[] = {
555 "samba_dlz",
556 "-H",
557 lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
558 NULL
559 };
560 struct test_expected_rr *expected1 = NULL;
561 char *name = NULL;
562 char *data0 = NULL;
563 char *data1 = NULL;
564 char *data2 = NULL;
565 bool ret = false;
566
567 tctx_static = tctx;
568 torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, argv, &dbdata,
569 "log", dlz_bind9_log_wrapper,
570 "writeable_zone", dlz_bind9_writeable_zone_hook,
571 "putrr", dlz_bind9_putrr_hook,
572 "putnamedrr", dlz_bind9_putnamedrr_hook,
573 NULL),
574 ISC_R_SUCCESS,
575 "Failed to create samba_dlz");
576
577 torture_assert_int_equal(tctx, dlz_configure((void*)tctx, dbdata),
578 ISC_R_SUCCESS,
579 "Failed to configure samba_dlz");
580
581 expected1 = talloc_zero(tctx, struct test_expected_rr);
582 torture_assert(tctx, expected1 != NULL, "talloc failed");
583 expected1->tctx = tctx;
584
585 expected1->query_name = __func__;
586
587 name = talloc_asprintf(expected1, "%s.%s",
588 expected1->query_name,
589 lpcfg_dnsdomain(tctx->lp_ctx));
590 torture_assert(tctx, name != NULL, "talloc failed");
591
592 expected1->num_records = 2;
593 expected1->records = talloc_zero_array(expected1,
594 struct test_expected_record,
595 expected1->num_records);
596 torture_assert(tctx, expected1->records != NULL, "talloc failed");
597
598 expected1->records[0].name = expected1->query_name;
599 expected1->records[0].type = "a";
600 expected1->records[0].ttl = 3600;
601 expected1->records[0].data = "127.1.2.3";
602 expected1->records[0].printed = false;
603
604 data0 = talloc_asprintf(expected1,
605 "%s.\t" "%u\t" "%s\t" "%s\t" "%s",
606 name,
607 (unsigned)expected1->records[0].ttl,
608 "in",
609 expected1->records[0].type,
610 expected1->records[0].data);
611 torture_assert(tctx, data0 != NULL, "talloc failed");
612
613 expected1->records[1].name = expected1->query_name;
614 expected1->records[1].type = "a";
615 expected1->records[1].ttl = 3600;
616 expected1->records[1].data = "127.3.2.1";
617 expected1->records[1].printed = false;
618
619 data1 = talloc_asprintf(expected1,
620 "%s.\t" "%u\t" "%s\t" "%s\t" "%s",
621 name,
622 (unsigned)expected1->records[1].ttl,
623 "in",
624 expected1->records[1].type,
625 expected1->records[1].data);
626 torture_assert(tctx, data1 != NULL, "talloc failed");
627
628 data2 = talloc_asprintf(expected1,
629 "%s.\t" "0\t" "in\t" "a\t" "127.3.3.3",
630 name);
631 torture_assert(tctx, data2 != NULL, "talloc failed");
632
633 /*
634 * Prepare session info
635 */
636 status = gensec_client_start(tctx, &gensec_client_context,
637 lpcfg_gensec_settings(tctx, tctx->lp_ctx));
638 torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
639
640 /*
641 * dlz_bind9 use the special dns/host.domain account
642 */
643 status = gensec_set_target_hostname(gensec_client_context,
644 talloc_asprintf(tctx,
645 "%s.%s",
646 torture_setting_string(tctx, "host", NULL),
647 lpcfg_dnsdomain(tctx->lp_ctx)));
648 torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed");
649
650 status = gensec_set_target_service(gensec_client_context, "dns");
651 torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_service failed");
652
653 status = gensec_set_credentials(gensec_client_context, cmdline_credentials);
654 torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
655
656 status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSS-SPNEGO");
657 torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
658
659 server_to_client = data_blob(NULL, 0);
660
661 /* Do one step of the client-server update dance */
662 status = gensec_update(gensec_client_context, tctx, server_to_client, &client_to_server);
663 if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
664 torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
665 }
666
667 torture_assert_int_equal(tctx, dlz_ssumatch(cli_credentials_get_username(cmdline_credentials),
668 name,
669 "127.0.0.1",
670 expected1->records[0].type,
671 "key",
672 client_to_server.length,
673 client_to_server.data,
674 dbdata),
675 ISC_TRUE,
676 "Failed to check key for update rights samba_dlz");
677
678 /*
679 * We test the following:
680 *
681 * 1. lookup the records => NOT_FOUND
682 * 2. delete all records => NOT_FOUND
683 * 3. delete 1st record => NOT_FOUND
684 * 4. create 1st record => SUCCESS
685 * 5. lookup the records => found 1st
686 * 6. create 2nd record => SUCCESS
687 * 7. lookup the records => found 1st and 2nd
688 * 8. delete unknown record => NOT_FOUND
689 * 9. lookup the records => found 1st and 2nd
690 * 10. delete 1st record => SUCCESS
691 * 11. lookup the records => found 2nd
692 * 12. delete 2nd record => SUCCESS
693 * 13. lookup the records => NOT_FOUND
694 * 14. create 1st record => SUCCESS
695 * 15. lookup the records => found 1st
696 * 16. create 2nd record => SUCCESS
697 * 17. lookup the records => found 1st and 2nd
698 * 18. update 1st record => SUCCESS
699 * 19. lookup the records => found 1st and 2nd
700 * 20. delete all unknown type records => NOT_FOUND
701 * 21. lookup the records => found 1st and 2nd
702 * 22. delete all records => SUCCESS
703 * 23. lookup the records => NOT_FOUND
704 */
705
706 /* Step 1. */
707 expected1->num_rr = 0;
708 expected1->records[0].printed = false;
709 expected1->records[1].printed = false;
710 torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
711 expected1->query_name, dbdata,
712 (dns_sdlzlookup_t *)expected1),
713 ISC_R_NOTFOUND,
714 "Found hostname");
715 torture_assert_int_equal(tctx, expected1->num_rr, 0,
716 "Got wrong record count");
717
718 /* Step 2. */
719 torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
720 dbdata, &version),
721 ISC_R_SUCCESS,
722 "Failed to start transaction");
723 torture_assert_int_equal_goto(tctx,
724 dlz_delrdataset(name,
725 expected1->records[0].type,
726 dbdata, version),
727 ISC_R_NOTFOUND, ret, cancel_version,
728 talloc_asprintf(tctx, "Deleted name[%s] type[%s]\n",
729 name, expected1->records[0].type));
730 dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), false, dbdata, &version);
731
732 /* Step 3. */
733 torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
734 dbdata, &version),
735 ISC_R_SUCCESS,
736 "Failed to start transaction");
737 torture_assert_int_equal_goto(tctx,
738 dlz_subrdataset(name, data0, dbdata, version),
739 ISC_R_NOTFOUND, ret, cancel_version,
740 talloc_asprintf(tctx, "Deleted name[%s] data[%s]\n",
741 name, data0));
742 dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), false, dbdata, &version);
743
744 /* Step 4. */
745 torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
746 dbdata, &version),
747 ISC_R_SUCCESS,
748 "Failed to start transaction");
749 torture_assert_int_equal_goto(tctx,
750 dlz_addrdataset(name, data0, dbdata, version),
751 ISC_R_SUCCESS, ret, cancel_version,
752 talloc_asprintf(tctx, "Failed to add name[%s] data[%s]\n",
753 name, data0));
754 dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
755
756 /* Step 5. */
757 expected1->num_rr = 0;
758 expected1->records[0].printed = false;
759 expected1->records[1].printed = false;
760 torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
761 expected1->query_name, dbdata,
762 (dns_sdlzlookup_t *)expected1),
763 ISC_R_SUCCESS,
764 "Not found hostname");
765 torture_assert(tctx, expected1->records[0].printed,
766 talloc_asprintf(tctx,
767 "Failed to have putrr callback run name[%s] for type %s",
768 expected1->records[0].name,
769 expected1->records[0].type));
770 torture_assert_int_equal(tctx, expected1->num_rr, 1,
771 "Got wrong record count");
772
773 /* Step 6. */
774 torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
775 dbdata, &version),
776 ISC_R_SUCCESS,
777 "Failed to start transaction");
778 torture_assert_int_equal_goto(tctx,
779 dlz_addrdataset(name, data1, dbdata, version),
780 ISC_R_SUCCESS, ret, cancel_version,
781 talloc_asprintf(tctx, "Failed to add name[%s] data[%s]\n",
782 name, data1));
783 dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
784
785 /* Step 7. */
786 expected1->num_rr = 0;
787 expected1->records[0].printed = false;
788 expected1->records[1].printed = false;
789 torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
790 expected1->query_name, dbdata,
791 (dns_sdlzlookup_t *)expected1),
792 ISC_R_SUCCESS,
793 "Not found hostname");
794 torture_assert(tctx, expected1->records[0].printed,
795 talloc_asprintf(tctx,
796 "Failed to have putrr callback run name[%s] for type %s",
797 expected1->records[0].name,
798 expected1->records[0].type));
799 torture_assert(tctx, expected1->records[1].printed,
800 talloc_asprintf(tctx,
801 "Failed to have putrr callback run name[%s] for type %s",
802 expected1->records[1].name,
803 expected1->records[1].type));
804 torture_assert_int_equal(tctx, expected1->num_rr, 2,
805 "Got wrong record count");
806
807 /* Step 8. */
808 torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
809 dbdata, &version),
810 ISC_R_SUCCESS,
811 "Failed to start transaction");
812 torture_assert_int_equal_goto(tctx,
813 dlz_subrdataset(name, data2, dbdata, version),
814 ISC_R_NOTFOUND, ret, cancel_version,
815 talloc_asprintf(tctx, "Deleted name[%s] data[%s]\n",
816 name, data2));
817 dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
818
819 /* Step 9. */
820 expected1->num_rr = 0;
821 expected1->records[0].printed = false;
822 expected1->records[1].printed = false;
823 torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
824 expected1->query_name, dbdata,
825 (dns_sdlzlookup_t *)expected1),
826 ISC_R_SUCCESS,
827 "Not found hostname");
828 torture_assert(tctx, expected1->records[0].printed,
829 talloc_asprintf(tctx,
830 "Failed to have putrr callback run name[%s] for type %s",
831 expected1->records[0].name,
832 expected1->records[0].type));
833 torture_assert(tctx, expected1->records[1].printed,
834 talloc_asprintf(tctx,
835 "Failed to have putrr callback run name[%s] for type %s",
836 expected1->records[1].name,
837 expected1->records[1].type));
838 torture_assert_int_equal(tctx, expected1->num_rr, 2,
839 "Got wrong record count");
840
841 /* Step 10. */
842 torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
843 dbdata, &version),
844 ISC_R_SUCCESS,
845 "Failed to start transaction");
846 torture_assert_int_equal_goto(tctx,
847 dlz_subrdataset(name, data0, dbdata, version),
848 ISC_R_SUCCESS, ret, cancel_version,
849 talloc_asprintf(tctx, "Failed to delete name[%s] data[%s]\n",
850 name, data0));
851 dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
852
853 /* Step 11. */
854 expected1->num_rr = 0;
855 expected1->records[0].printed = false;
856 expected1->records[1].printed = false;
857 torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
858 expected1->query_name, dbdata,
859 (dns_sdlzlookup_t *)expected1),
860 ISC_R_SUCCESS,
861 "Not found hostname");
862 torture_assert(tctx, expected1->records[1].printed,
863 talloc_asprintf(tctx,
864 "Failed to have putrr callback run name[%s] for type %s",
865 expected1->records[1].name,
866 expected1->records[1].type));
867 torture_assert_int_equal(tctx, expected1->num_rr, 1,
868 "Got wrong record count");
869
870 /* Step 12. */
871 torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
872 dbdata, &version),
873 ISC_R_SUCCESS,
874 "Failed to start transaction");
875 torture_assert_int_equal_goto(tctx,
876 dlz_subrdataset(name, data1, dbdata, version),
877 ISC_R_SUCCESS, ret, cancel_version,
878 talloc_asprintf(tctx, "Failed to delete name[%s] data[%s]\n",
879 name, data1));
880 dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
881
882 /* Step 13. */
883 expected1->num_rr = 0;
884 expected1->records[0].printed = false;
885 expected1->records[1].printed = false;
886 torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
887 expected1->query_name, dbdata,
888 (dns_sdlzlookup_t *)expected1),
889 ISC_R_NOTFOUND,
890 "Found hostname");
891 torture_assert_int_equal(tctx, expected1->num_rr, 0,
892 "Got wrong record count");
893
894 /* Step 14. */
895 torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
896 dbdata, &version),
897 ISC_R_SUCCESS,
898 "Failed to start transaction");
899 torture_assert_int_equal_goto(tctx,
900 dlz_addrdataset(name, data0, dbdata, version),
901 ISC_R_SUCCESS, ret, cancel_version,
902 talloc_asprintf(tctx, "Failed to add name[%s] data[%s]\n",
903 name, data0));
904 dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
905
906 /* Step 15. */
907 expected1->num_rr = 0;
908 expected1->records[0].printed = false;
909 expected1->records[1].printed = false;
910 torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
911 expected1->query_name, dbdata,
912 (dns_sdlzlookup_t *)expected1),
913 ISC_R_SUCCESS,
914 "Not found hostname");
915 torture_assert(tctx, expected1->records[0].printed,
916 talloc_asprintf(tctx,
917 "Failed to have putrr callback run name[%s] for type %s",
918 expected1->records[0].name,
919 expected1->records[0].type));
920 torture_assert_int_equal(tctx, expected1->num_rr, 1,
921 "Got wrong record count");
922
923 /* Step 16. */
924 torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
925 dbdata, &version),
926 ISC_R_SUCCESS,
927 "Failed to start transaction");
928 torture_assert_int_equal_goto(tctx,
929 dlz_addrdataset(name, data1, dbdata, version),
930 ISC_R_SUCCESS, ret, cancel_version,
931 talloc_asprintf(tctx, "Failed to add name[%s] data[%s]\n",
932 name, data1));
933 dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
934
935 /* Step 17. */
936 expected1->num_rr = 0;
937 expected1->records[0].printed = false;
938 expected1->records[1].printed = false;
939 torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
940 expected1->query_name, dbdata,
941 (dns_sdlzlookup_t *)expected1),
942 ISC_R_SUCCESS,
943 "Not found hostname");
944 torture_assert(tctx, expected1->records[0].printed,
945 talloc_asprintf(tctx,
946 "Failed to have putrr callback run name[%s] for type %s",
947 expected1->records[0].name,
948 expected1->records[0].type));
949 torture_assert(tctx, expected1->records[1].printed,
950 talloc_asprintf(tctx,
951 "Failed to have putrr callback run name[%s] for type %s",
952 expected1->records[1].name,
953 expected1->records[1].type));
954 torture_assert_int_equal(tctx, expected1->num_rr, 2,
955 "Got wrong record count");
956
957 /* Step 18. */
958 torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
959 dbdata, &version),
960 ISC_R_SUCCESS,
961 "Failed to start transaction");
962 torture_assert_int_equal_goto(tctx,
963 dlz_addrdataset(name, data0, dbdata, version),
964 ISC_R_SUCCESS, ret, cancel_version,
965 talloc_asprintf(tctx, "Failed to update name[%s] data[%s]\n",
966 name, data0));
967 dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
968
969 /* Step 19. */
970 expected1->num_rr = 0;
971 expected1->records[0].printed = false;
972 expected1->records[1].printed = false;
973 torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
974 expected1->query_name, dbdata,
975 (dns_sdlzlookup_t *)expected1),
976 ISC_R_SUCCESS,
977 "Not found hostname");
978 torture_assert(tctx, expected1->records[0].printed,
979 talloc_asprintf(tctx,
980 "Failed to have putrr callback run name[%s] for type %s",
981 expected1->records[0].name,
982 expected1->records[0].type));
983 torture_assert(tctx, expected1->records[1].printed,
984 talloc_asprintf(tctx,
985 "Failed to have putrr callback run name[%s] for type %s",
986 expected1->records[1].name,
987 expected1->records[1].type));
988 torture_assert_int_equal(tctx, expected1->num_rr, 2,
989 "Got wrong record count");
990
991 /* Step 20. */
992 torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
993 dbdata, &version),
994 ISC_R_SUCCESS,
995 "Failed to start transaction");
996 torture_assert_int_equal_goto(tctx,
997 dlz_delrdataset(name, "txt", dbdata, version),
998 ISC_R_FAILURE, ret, cancel_version,
999 talloc_asprintf(tctx, "Deleted name[%s] type[%s]\n",
1000 name, "txt"));
1001 dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), false, dbdata, &version);
1002
1003 /* Step 21. */
1004 expected1->num_rr = 0;
1005 expected1->records[0].printed = false;
1006 expected1->records[1].printed = false;
1007 torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
1008 expected1->query_name, dbdata,
1009 (dns_sdlzlookup_t *)expected1),
1010 ISC_R_SUCCESS,
1011 "Not found hostname");
1012 torture_assert(tctx, expected1->records[0].printed,
1013 talloc_asprintf(tctx,
1014 "Failed to have putrr callback run name[%s] for type %s",
1015 expected1->records[0].name,
1016 expected1->records[0].type));
1017 torture_assert(tctx, expected1->records[1].printed,
1018 talloc_asprintf(tctx,
1019 "Failed to have putrr callback run name[%s] for type %s",
1020 expected1->records[1].name,
1021 expected1->records[1].type));
1022 torture_assert_int_equal(tctx, expected1->num_rr, 2,
1023 "Got wrong record count");
1024
1025 /* Step 22. */
1026 torture_assert_int_equal(tctx, dlz_newversion(lpcfg_dnsdomain(tctx->lp_ctx),
1027 dbdata, &version),
1028 ISC_R_SUCCESS,
1029 "Failed to start transaction");
1030 torture_assert_int_equal_goto(tctx,
1031 dlz_delrdataset(name,
1032 expected1->records[0].type,
1033 dbdata, version),
1034 ISC_R_SUCCESS, ret, cancel_version,
1035 talloc_asprintf(tctx, "Failed to delete name[%s] type[%s]\n",
1036 name, expected1->records[0].type));
1037 dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), true, dbdata, &version);
1038
1039 /* Step 23. */
1040 expected1->num_rr = 0;
1041 expected1->records[0].printed = false;
1042 expected1->records[1].printed = false;
1043 torture_assert_int_equal(tctx, dlz_lookup(lpcfg_dnsdomain(tctx->lp_ctx),
1044 expected1->query_name, dbdata,
1045 (dns_sdlzlookup_t *)expected1),
1046 ISC_R_NOTFOUND,
1047 "Found hostname");
1048 torture_assert_int_equal(tctx, expected1->num_rr, 0,
1049 "Got wrong record count");
1050
1051 dlz_destroy(dbdata);
1052
1053 return true;
1054
1055 cancel_version:
1056 dlz_closeversion(lpcfg_dnsdomain(tctx->lp_ctx), false, dbdata, &version);
1057 return ret;
1058 }
1059
1060 static struct torture_suite *dlz_bind9_suite(TALLOC_CTX *ctx)
1061 {
1062 struct torture_suite *suite = torture_suite_create(ctx, "dlz_bind9");
1063
1064 suite->description = talloc_strdup(suite,
1065 "Tests for the BIND 9 DLZ module");
1066 torture_suite_add_simple_test(suite, "version", test_dlz_bind9_version);
1067 torture_suite_add_simple_test(suite, "create", test_dlz_bind9_create);
1068 torture_suite_add_simple_test(suite, "configure", test_dlz_bind9_configure);
1069 torture_suite_add_simple_test(suite, "gssapi", test_dlz_bind9_gssapi);
1070 torture_suite_add_simple_test(suite, "spnego", test_dlz_bind9_spnego);
1071 torture_suite_add_simple_test(suite, "lookup", test_dlz_bind9_lookup);
1072 torture_suite_add_simple_test(suite, "zonedump", test_dlz_bind9_zonedump);
1073 torture_suite_add_simple_test(suite, "update01", test_dlz_bind9_update01);
1074 return suite;
1075 }
1076
1077 /**
1078 * DNS torture module initialization
1079 */
1080 NTSTATUS torture_bind_dns_init(void);
1081 NTSTATUS torture_bind_dns_init(void)
1082 {
1083 struct torture_suite *suite;
1084 TALLOC_CTX *mem_ctx = talloc_autofree_context();
1085
1086 /* register DNS related test cases */
1087 suite = dlz_bind9_suite(mem_ctx);
1088 if (!suite) return NT_STATUS_NO_MEMORY;
1089 torture_register_suite(suite);
1090
1091 return NT_STATUS_OK;
1092 }
Samba GIT mirror