1#!/bin/sh 2# Blackbox tests for net ads dns register etc. 3# Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org> 4# Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org> 5 6if [ $# -lt 6 ]; then 7cat <<EOF 8Usage: test_net_ads_dns.sh SERVER DC_USERNAME DC_PASSWORD REALM USER PASS 9EOF 10exit 1; 11fi 12 13SERVER=$1 14DC_USERNAME=$2 15DC_PASSWORD=$3 16REALM=$4 17USERNAME=$5 18PASSWORD=$6 19shift 6 20failed=0 21 22samba4bindir="$BINDIR" 23samba4kinit=kinit 24if test -x $BINDIR/samba4kinit; then 25 samba4kinit=$BINDIR/samba4kinit 26fi 27 28samba_tool="$samba4bindir/samba-tool" 29net_tool="$samba4bindir/net" 30smbpasswd="$samba4bindir/smbpasswd" 31texpect="$samba4bindir/texpect" 32samba4kpasswd=kpasswd 33if test -x $BINDIR/samba4kpasswd; then 34 samba4kpasswd=$BINDIR/samba4kpasswd 35fi 36ldbsearch="$samba4bindir/ldbsearch" 37ldbmodify="$samba4bindir/ldbmodify" 38 39newuser="$samba_tool user create" 40groupaddmem="$samba_tool group addmembers" 41 42. `dirname $0`/subunit.sh 43 44UID_WRAPPER_ROOT=1 45export UID_WRAPPER_ROOT 46 47IPADDRESS=10.1.4.111 48IPADDRMAC=10.1.4.124 49UNPRIVIP=10.1.4.130 50NAME=testname 51UNPRIVNAME=unprivname 52UNPRIVUSER=unprivuser 53UNPRIVPASS=UnPrivPass1 54 55# These tests check that privileged users can add DNS names and that 56# unprivileged users cannot do so. 57echo "Starting ..." 58 59testit "admin user should be able to add a DNS entry $NAME.$REALM $IPADDRESS" $VALGRIND $net_tool ads dns register $NAME.$REALM $IPADDRESS -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` 60 61# The complicated pipeline is to ensure that we remove exclamation points 62# and spaces from the output. Thew will screw up the comparison syntax. 63testit "We should be able to see the new name $NAME.$REALM" [ X"`$VALGRIND $net_tool ads dns gethostbyname $SERVER $NAME.$REALM -U$DC_USERNAME%$DC_PASSWORD | tr \! N | tr " " B`" = X"$IPADDRESS" ] || failed=`expr $failed + 1` 64 65testit "We should be able to unregister the name $NAME.$REALM $IPADDRESS" $VALGRIND $net_tool ads dns unregister $NAME.$REALM -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` 66 67# The complicated pipeline is to ensure that we remove exclamation points 68# and spaces from the output. Thew will screw up the comparison syntax. 69testit "The name $NAME.$REALM should not be there any longer" test X"`$net_tool ads dns gethostbyname $SERVER $NAME.$REALM -U$DC_USERNAME%$DC_PASSWORD | tr " " B | tr \! N`" != X"$IPADDRESS" || failed=`expr $failed + 1` 70 71# This should be an expect_failure test ... 72testit "Adding an unprivileged user" $VALGRIND $net_tool user add $UNPRIVUSER $UNPRIVPASS -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` 73 74BASEDN=$($VALGRIND $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -b '' -s base defaultNamingContext | grep defaultNamingContext | sed -e 's!^defaultNamingContext: !!') 75 76LDIF="dn: CN=$UNPRIVUSER,CN=users,${BASEDN}+changetype: modify+replace: userAccountControl+userAccountControl: 512" 77 78echo $LDIF | tr '+' '\n' | $VALGRIND $ldbmodify -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -i 79STATUS=$? 80 81testit "We should have enabled the account" test $STATUS -eq 0 || failed=`expr $failed + 1` 82 83#Unprivileged users should be able to add new names 84testit "Unprivileged users should be able to add new names" $net_tool ads dns register $UNPRIVNAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=`expr $failed + 1` 85 86# This should work as well 87testit "machine account should be able to add a DNS entry net ads dns register membername.$REALM $IPADDRMAC -P " $net_tool ads dns register membername.$REALM $IPADDRMAC -P || failed=`expr $failed + 1` 88 89# The complicated pipeline is to ensure that we remove exclamation points 90# and spaces from the output. Thew will screw up the comparison syntax. 91testit "We should be able to see the new name membername.$REALM using -P" [ X"`$VALGRIND $net_tool ads dns gethostbyname $SERVER membername.$REALM -P | tr \! N | tr " " B`" = X"$IPADDRMAC" ] || failed=`expr $failed + 1` 92 93#Unprivileged users should not be able to overwrite other's names 94testit_expect_failure "Unprivileged users should not be able modify existing names" $net_tool ads dns register membername.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=`expr $failed + 1` 95 96testit "We should be able to unregister the name $NAME.$REALM $IPADDRESS" $VALGRIND $net_tool ads dns unregister $NAME.$REALM -P || failed=`expr $failed + 1` 97 98# The complicated pipeline is to ensure that we remove exclamation points 99# and spaces from the output. Thew will screw up the comparison syntax. 100testit "The name $NAME.$REALM should not be there any longer" test X"`$net_tool ads dns gethostbyname $SERVER $NAME.$REALM -P | tr " " B | tr \! N`" != X"$IPADDRESS" || failed=`expr $failed + 1` 101 102exit $failed 103