search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
testprogs: Make testit_expect_failure() return 0 on success
[Samba.git] / testprogs / blackbox / test_net_ads_dns.sh
blobf4240503ca03f284aad0522f6c5ef3e40c622bd3
1 #!/bin/sh
2 # Blackbox tests for net ads dns register etc.
3 # Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org>
4 # Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org>
5
6 if [ $# -lt 6 ]; then
7 cat <<EOF
8 Usage: test_net_ads_dns.sh SERVER DC_USERNAME DC_PASSWORD REALM USER PASS
9 EOF
10 exit 1
11 fi
12
13 SERVER=$1
14 DC_USERNAME=$2
15 DC_PASSWORD=$3
16 REALM=$4
17 USERNAME=$5
18 PASSWORD=$6
19 shift 6
20 failed=0
21
22 samba4bindir="$BINDIR"
23
24 samba_tool="$samba4bindir/samba-tool"
25 net_tool="$samba4bindir/net"
26 smbpasswd="$samba4bindir/smbpasswd"
27 texpect="$samba4bindir/texpect"
28
29 newuser="$samba_tool user create"
30 groupaddmem="$samba_tool group addmembers"
31
32 . $(dirname $0)/subunit.sh
33 . "$(dirname "${0}")/common_test_fns.inc"
34
35 ldbmodify=$(system_or_builddir_binary ldbmodify "${BINDIR}")
36 ldbsearch=$(system_or_builddir_binary ldbsearch "${BINDIR}")
37
38 UID_WRAPPER_ROOT=1
39 export UID_WRAPPER_ROOT
40
41 IPADDRESS=10.1.4.111
42 IP6ADDRESS=fd00:1a1a::1:5ee:bad:c0de
43 IPADDRMAC=10.1.4.124
44 UNPRIVIP=10.1.4.130
45 ADMINNAME=testname.$$
46 MACHINENAME=membername.$$
47 UNPRIVNAME=unprivname.$$
48 UNPRIVUSER=unprivuser.$$
49 UNPRIVPASS=UnPrivPass1
50
51 # These tests check that privileged users can add DNS names and that
52 # unprivileged users cannot do so.
53 echo "Starting ..."
54
55 testit "admin user should be able to add a DNS entry $ADMINNAME.$REALM $IPADDRESS $IP6ADDRESS" \
56 $VALGRIND $net_tool ads dns register $ADMINNAME.$REALM $IPADDRESS $IP6ADDRESS -U$DC_USERNAME%$DC_PASSWORD ||
57 failed=$(expr $failed + 1)
58
59 testit_grep_count \
60 "We should be able to see the new name $ADMINNAME.$REALM $IPADDRESS" \
61 "$IPADDRESS" \
62 1 \
63 dig @$SERVER +short -t a $ADMINNAME.$REALM ||
64 failed=$(expr $failed + 1)
65 testit_grep_count \
66 "We should be able to see the new name $ADMINNAME.$REALM $IP6ADDRESS" \
67 "$IP6ADDRESS" \
68 1 \
69 dig @$SERVER +short -t aaaa $ADMINNAME.$REALM ||
70 failed=$(expr $failed + 1)
71
72 testit "We should be able to unregister the name $ADMINNAME.$REALM" \
73 $VALGRIND $net_tool ads dns unregister $ADMINNAME.$REALM -U$DC_USERNAME%$DC_PASSWORD ||
74 failed=$(expr $failed + 1)
75
76 testit_grep_count \
77 "The name $ADMINNAME.$REALM $IPADDRESS should not be there any longer" \
78 "$IPADDRESS" \
79 0 \
80 dig @$SERVER +short -t a $ADMINNAME.$REALM ||
81 failed=$(expr $failed + 1)
82
83 testit_grep_count \
84 "The name $ADMINNAME.$REALM $IP6ADDRESS should not be there any longer" \
85 "$IP6ADDRESS" \
86 0 \
87 dig @$SERVER +short -t aaaa $ADMINNAME.$REALM ||
88 failed=$(expr $failed + 1)
89
90 # prime the kpasswd server, see "git blame" for an explanation
91 $VALGRIND $net_tool user add $UNPRIVUSER $UNPRIVPASS -U$DC_USERNAME%$DC_PASSWORD
92 $VALGRIND $net_tool user delete $UNPRIVUSER -U$DC_USERNAME%$DC_PASSWORD
93
94 # This should be an expect_failure test ...
95 testit "Adding an unprivileged user" $VALGRIND $net_tool user add $UNPRIVUSER $UNPRIVPASS -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
96
97 BASEDN=$($VALGRIND $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -b '' --scope=base defaultNamingContext | grep defaultNamingContext | sed -e 's!^defaultNamingContext: !!')
98
99 LDIF="dn: CN=$UNPRIVUSER,CN=users,${BASEDN}+changetype: modify+replace: userAccountControl+userAccountControl: 512"
100
101 echo $LDIF | tr '+' '\n' | $VALGRIND $ldbmodify -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -i
102 STATUS=$?
103
104 testit "We should have enabled the account" test $STATUS -eq 0 || failed=$(expr $failed + 1)
105
106 #Unprivileged users should be able to add new names
107 testit "Unprivileged users should be able to add new names" $net_tool ads dns register $UNPRIVNAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=$(expr $failed + 1)
108
109 # This should work as well
110 testit "machine account should be able to add a DNS entry net ads dns register $MACHINENAME.$REALM $IPADDRMAC -P" \
111 $net_tool ads dns register $MACHINENAME.$REALM $IPADDRMAC -P ||
112 failed=$(expr $failed + 1)
113
114 testit_grep_count \
115 "We should be able to see the new name $MACHINENAME.$REALM" \
116 "$IPADDRMAC" \
117 1 \
118 dig @$SERVER +short -t a $MACHINENAME.$REALM ||
119 failed=$(expr $failed + 1)
120
121 #Unprivileged users should not be able to overwrite other's names
122 testit_expect_failure \
123 "Unprivileged users should not be able to modify existing names" \
124 $net_tool ads dns register $MACHINENAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS ||
125 failed=$(expr $failed + 1)
126
127 testit "We should be able to unregister the name $UNPRIVNAME.$REALM $IPADDRESS" \
128 $VALGRIND $net_tool ads dns unregister $UNPRIVNAME.$REALM -U$UNPRIVUSER%$UNPRIVPASS ||
129 failed=$(expr $failed + 1)
130 testit "We should be able to unregister the name $MACHINENAME.$REALM $IPADDRESS" \
131 $VALGRIND $net_tool ads dns unregister $MACHINENAME.$REALM -P ||
132 failed=$(expr $failed + 1)
133
134 # Remove the unprivileged user, which is not required anymore
135 $VALGRIND $net_tool user delete $UNPRIVUSER -U$DC_USERNAME%$DC_PASSWORD
136
137 testit_grep_count \
138 "The name $UNPRIVNAME.$REALM ($IPADDRESS) should not be there any longer" \
139 "$IPADDRESS" \
140 0 \
141 dig @$SERVER +short -t a $UNPRIVNAME.$REALM ||
142 failed=$(expr $failed + 1)
143 testit_grep_count \
144 "The name $UNPRIVNAME.$REALM ($IP6ADDRESS) should not be there any longer" \
145 "$IP6ADDRESS" \
146 0 \
147 dig @$SERVER +short -t aaaa $UNPRIVNAME.$REALM ||
148 failed=$(expr $failed + 1)
149 testit_grep_count \
150 "The name $MACHINENAME.$REALM ($IPADDRESS) should not be there any longer" \
151 "$IPADDRESS" \
152 0 \
153 dig @$SERVER +short -t a $MACHINENAME.$REALM ||
154 failed=$(expr $failed + 1)
155 testit_grep_count \
156 "The name $MACHINENAME.$REALM ($IP6ADDRESS) should not be there any longer" \
157 "$IP6ADDRESS" \
158 0 \
159 dig @$SERVER +short -t aaaa $MACHINENAME.$REALM ||
160 failed=$(expr $failed + 1)
161
162 # Tests with --dns-ttl option
163 testit "net ads dns register with default TTL" \
164 $net_tool ads dns register $MACHINENAME.$REALM $IPADDRMAC -P ||
165 failed=$(expr $failed + 1)
166 TTL=$(dig @$SERVER.$REALM +noall +ttlid +answer -t A $MACHINENAME.$REALM |
167 awk '{ print $2 }')
168 testit "Verify default TTL of 3600 seconds" \
169 test "$TTL" = "3600" ||
170 failed=$(expr $failed + 1)
171
172 testit "Update record with TTL of 60 seconds" \
173 $net_tool ads dns register --dns-ttl 60 --force $MACHINENAME.$REALM $IPADDRMAC -P ||
174 failed=$(expr $failed + 1)
175 TTL=$(dig @$SERVER.$REALM +noall +ttlid +answer -t A $MACHINENAME.$REALM |
176 awk '{ print $2 }')
177 testit "Verify new TTL of 60 seconds" \
178 test "$TTL" = "60" ||
179 failed=$(expr $failed + 1)
180
181 testit "We should be able to unregister the name $MACHINENAME.$REALM $IPADDRESS" \
182 $VALGRIND $net_tool ads dns unregister $MACHINENAME.$REALM -P ||
183 failed=$(expr $failed + 1)
184
185 testit_grep_count \
186 "The name $MACHINENAME.$REALM ($IPADDRESS) should not be there any longer" \
187 "$IPADDRESS" \
188 0 \
189 dig @$SERVER.$REALM +short -t A $MACHINENAME.$REALM ||
190 failed=$(expr $failed + 1)
191 testit_grep_count \
192 "The name $MACHINENAME.$REALM ($IP6ADDRESS) should not be there any longer" \
193 "$IP6ADDRESS" \
194 0 \
195 dig @$SERVER.$REALM +short -t AAAA $MACHINENAME.$REALM ||
196 failed=$(expr $failed + 1)
197
198 testok $0 $failed
Samba GIT mirror