[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Wed Sep 4 03:26:03 MDT 2013
The branch, master has been updated
via 38e4396 torture: Ensure that GSSAPI and SPNEGO packets are accepted by dlz_bind9
via 16b26ea selftest: Add a basic test of samba_upgradedns
via 013c499 selftest: Start internal DNS server on domain provisioned for BIND9_DLZ
via e281037 selftest: Test creation of the dns-SERVER account during selftest
via d19c437 scripting/samba_upgradedns: Tighten up exception and attribute list handling
via b106d90 scripting/join.py: Handle creating the dns-NAME account during a DC join
from bdab6f9 Optimization. Don't do the retry logic if sitename_fetch() returned NULL, we already did a NULL query.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 38e43961c01f6f491b069e7106fe2a2ec80bd840
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 28 21:00:28 2012 +1100
torture: Ensure that GSSAPI and SPNEGO packets are accepted by dlz_bind9
This exercises some more of the dlz_bind9 code outside BIND, by
sending in a ticket to be access checked, wrapped either in SPNEGO or
just in GSSAPI.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Sep 4 11:25:10 CEST 2013 on sn-devel-104
commit 16b26eafa75280e576333975cff5dd1505c118fa
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 28 10:06:39 2012 +1100
selftest: Add a basic test of samba_upgradedns
This does not check that the command runs correctly, but does at least check
that the command runs to completion without errors.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 013c4990c6f1412dd25592bf177ceffab4b5d16d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Dec 28 09:25:11 2012 +1100
selftest: Start internal DNS server on domain provisioned for BIND9_DLZ
This shows that the internal server can use the dns-SERVER account.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit e281037c9bfa68ca3dc564ec7a36e5c790024902
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Dec 26 10:03:47 2012 +1100
selftest: Test creation of the dns-SERVER account during selftest
We do this by having the samba-tool domain dcpromo for promoted_vampire_dc also create a
dns-SERVER account.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit d19c437a36b26e71c24bc25e672d714e21ba50bd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Dec 24 09:12:04 2012 +1100
scripting/samba_upgradedns: Tighten up exception and attribute list handling
This avoids asking for attributes that will not be used, and looks only for the
expected exceptions, rather than all exceptions.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit b106d9090e8f8f44f02059d2ced3d10066787060
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Dec 24 08:56:50 2012 +1100
scripting/join.py: Handle creating the dns-NAME account during a DC join
This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the
domain.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/join.py | 73 +++++++++++++++++++++++--
python/samba/provision/sambadns.py | 11 +++-
selftest/target/Samba4.pm | 4 +-
source4/scripting/bin/samba_upgradedns | 30 +++++++----
source4/selftest/tests.py | 3 +-
source4/setup/secrets_dns.ldif | 2 +-
source4/torture/dns/dlz_bind9.c | 78 +++++++++++++++++++++++++++
source4/torture/winbind/winbind.c | 1 +
testprogs/blackbox/test_samba_upgradedns.sh | 37 +++++++++++++
9 files changed, 218 insertions(+), 21 deletions(-)
create mode 100755 testprogs/blackbox/test_samba_upgradedns.sh
Changeset truncated at 500 lines:
diff --git a/python/samba/join.py b/python/samba/join.py
index c55c22c..b2f4da4 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -26,9 +26,12 @@ from samba.ndr import ndr_pack
from samba.dcerpc import security, drsuapi, misc, nbt, lsa, drsblobs
from samba.credentials import Credentials, DONT_USE_KERBEROS
from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN
+from samba.provision.common import setup_path
from samba.schema import Schema
from samba.net import Net
from samba.provision.sambadns import setup_bind9_dns
+from samba import read_and_sub_file
+from base64 import b64encode
import logging
import talloc
import random
@@ -179,6 +182,19 @@ class dc_join(object):
attrs=["msDS-krbTgtLink"])
if res:
ctx.del_noerror(res[0].dn, recursive=True)
+
+ res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(),
+ expression='(&(sAMAccountName=%s)(servicePrincipalName=%s))' % (ldb.binary_encode("dns-%s" % ctx.myname), ldb.binary_encode("dns/%s" % ctx.dnshostname)),
+ attrs=[])
+ if res:
+ ctx.del_noerror(res[0].dn, recursive=True)
+
+ res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(),
+ expression='(sAMAccountName=%s)' % ldb.binary_encode("dns-%s" % ctx.myname),
+ attrs=[])
+ if res:
+ raise RuntimeError("Not removing account %s which looks like a Samba DNS service account but does not have servicePrincipalName=%s" % (ldb.binary_encode("dns-%s" % ctx.myname), ldb.binary_encode("dns/%s" % ctx.dnshostname)))
+
if ctx.connection_dn is not None:
ctx.del_noerror(ctx.connection_dn)
if ctx.krbtgt_dn is not None:
@@ -579,6 +595,56 @@ class dc_join(object):
"userAccountControl")
ctx.samdb.modify(m)
+ if ctx.dns_backend.startswith("BIND9_"):
+ ctx.dnspass = samba.generate_random_password(128, 255)
+
+ recs = ctx.samdb.parse_ldif(read_and_sub_file(setup_path("provision_dns_add_samba.ldif"),
+ {"DNSDOMAIN": ctx.dnsdomain,
+ "DOMAINDN": ctx.base_dn,
+ "HOSTNAME" : ctx.myname,
+ "DNSPASS_B64": b64encode(ctx.dnspass),
+ "DNSNAME" : ctx.dnshostname}))
+ for changetype, msg in recs:
+ assert changetype == ldb.CHANGETYPE_NONE
+ print "Adding DNS account %s with dns/ SPN" % msg["dn"]
+
+ # Remove dns password (we will set it as a modify, as we can't do clearTextPassword over LDAP)
+ del msg["clearTextPassword"]
+ # Remove isCriticalSystemObject for similar reasons, it cannot be set over LDAP
+ del msg["isCriticalSystemObject"]
+ try:
+ ctx.samdb.add(msg)
+ dns_acct_dn = msg["dn"]
+ except ldb.LdbError, (num, _):
+ if num != ldb.ERR_ENTRY_ALREADY_EXISTS:
+ raise
+
+ # The account password set operation should normally be done over
+ # LDAP. Windows 2000 DCs however allow this only with SSL
+ # connections which are hard to set up and otherwise refuse with
+ # ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet
+ # over SAMR.
+ print "Setting account password for %s" % ctx.samname
+ try:
+ ctx.samdb.setpassword("(&(objectClass=user)(samAccountName=dns-%s))"
+ % ldb.binary_encode(ctx.myname),
+ ctx.dnspass,
+ force_change_at_next_login=False,
+ username=ctx.samname)
+ except ldb.LdbError, (num, _):
+ if num != ldb.ERR_UNWILLING_TO_PERFORM:
+ pass
+ ctx.net.set_password(account_name="dns-" % ctx.myname,
+ domain_name=ctx.domain_name,
+ newpassword=ctx.dnspass)
+
+ res = ctx.samdb.search(base=dns_acct_dn, scope=ldb.SCOPE_BASE,
+ attrs=["msDS-KeyVersionNumber"])
+ if "msDS-KeyVersionNumber" in res[0]:
+ ctx.dns_key_version_number = int(res[0]["msDS-KeyVersionNumber"][0])
+ else:
+ ctx.dns_key_version_number = None
+
def join_add_objects2(ctx):
"""add the various objects needed for the join, for subdomains post replication"""
@@ -861,13 +927,12 @@ class dc_join(object):
key_version_number=ctx.key_version_number)
if ctx.dns_backend.startswith("BIND9_"):
- dnspass = samba.generate_random_password(128, 255)
-
setup_bind9_dns(ctx.local_samdb, secrets_ldb, security.dom_sid(ctx.domsid),
ctx.names, ctx.paths, ctx.lp, logger,
dns_backend=ctx.dns_backend,
- dnspass=dnspass, os_level=ctx.behavior_version,
- targetdir=ctx.targetdir)
+ dnspass=ctx.dnspass, os_level=ctx.behavior_version,
+ targetdir=ctx.targetdir,
+ key_version_number=ctx.dns_key_version_number)
def join_setup_trusts(ctx):
"""provision the local SAM."""
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index a5a45cf..4acc24b 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -620,7 +620,7 @@ def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname,
def secretsdb_setup_dns(secretsdb, names, private_dir, realm,
- dnsdomain, dns_keytab_path, dnspass):
+ dnsdomain, dns_keytab_path, dnspass, key_version_number):
"""Add DNS specific bits to a secrets database.
:param secretsdb: Ldb Handle to the secrets database
@@ -632,11 +632,15 @@ def secretsdb_setup_dns(secretsdb, names, private_dir, realm,
except OSError:
pass
+ if key_version_number is None:
+ key_version_number = 1
+
setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), {
"REALM": realm,
"DNSDOMAIN": dnsdomain,
"DNS_KEYTAB": dns_keytab_path,
"DNSPASS_B64": b64encode(dnspass),
+ "KEY_VERSION_NUMBER": str(key_version_number),
"HOSTNAME": names.hostname,
"DNSNAME" : '%s.%s' % (
names.netbiosname.lower(), names.dnsdomain.lower())
@@ -1074,7 +1078,7 @@ def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger,
def setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger,
dns_backend, os_level, site=None, dnspass=None, hostip=None,
- hostip6=None, targetdir=None):
+ hostip6=None, targetdir=None, key_version_number=None):
"""Provision DNS information (assuming BIND9 backend in DC role)
:param samdb: LDB object connected to sam.ldb file
@@ -1107,7 +1111,8 @@ def setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger,
secretsdb_setup_dns(secretsdb, names,
paths.private_dir, realm=names.realm,
dnsdomain=names.dnsdomain,
- dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
+ dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
+ key_version_number=key_version_number)
create_dns_dir(logger, paths)
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index e574b48..37f7102 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1069,7 +1069,7 @@ sub provision_promoted_dc($$$)
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
$cmd .= "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
- $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
+ $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs --dns-backend=BIND9_DLZ";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
@@ -1520,7 +1520,7 @@ sub provision_chgdcpass($$)
"chgdcpassword.samba.example.com",
"2008",
"chgDCpass1",
- undef, "server services = -dns", "",
+ undef, "", "",
$extra_provision_options);
return undef unless(defined $ret);
diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index b7af98c..6b208c9 100755
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -284,7 +284,7 @@ if __name__ == '__main__':
expression='(sAMAccountName=DnsAdmins)',
attrs=['objectSid'])
dnsadmins_sid = ndr_unpack(security.dom_sid, msg[0]['objectSid'][0])
- except Exception, e:
+ except IndexError:
logger.info("Adding DNS accounts")
add_dns_accounts(ldbs.sam, domaindn)
dnsadmins_sid = get_dnsadmins_sid(ldbs.sam, domaindn)
@@ -314,7 +314,7 @@ if __name__ == '__main__':
msg = ldbs.sam.search(base=names.configdn, scope=ldb.SCOPE_DEFAULT,
expression=expression, attrs=['nCName'])
ncname = msg[0]['nCName'][0]
- except Exception, e:
+ except IndexError:
logger.info("Creating DNS partitions")
logger.info("Looking up IPv4 addresses")
@@ -415,16 +415,17 @@ if __name__ == '__main__':
dn = 'samAccountName=dns-%s,CN=Principals' % hostname
msg = ldbs.secrets.search(expression='(dn=%s)' % dn, attrs=['secret'])
dnssecret = msg[0]['secret'][0]
- except Exception:
+ except IndexError:
+
logger.info("Adding dns-%s account" % hostname)
try:
msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
expression='(sAMAccountName=dns-%s)' % (hostname),
- attrs=['clearTextPassword'])
+ attrs=[])
dn = msg[0].dn
ldbs.sam.delete(dn)
- except Exception:
+ except IndexError:
pass
dnspass = samba.generate_random_password(128, 255)
@@ -436,10 +437,19 @@ if __name__ == '__main__':
"DNSNAME" : dnsname }
)
+ res = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
+ expression='(sAMAccountName=dns-%s)' % (hostname),
+ attrs=["msDS-KeyVersionNumber"])
+ if "msDS-KeyVersionNumber" in res[0]:
+ dns_key_version_number = int(res[0]["msDS-KeyVersionNumber"][0])
+ else:
+ dns_key_version_number = None
+
secretsdb_setup_dns(ldbs.secrets, names,
paths.private_dir, realm=names.realm,
dnsdomain=names.dnsdomain,
- dns_keytab_path=paths.dns_keytab, dnspass=dnspass)
+ dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
+ key_version_number=dns_key_version_number)
else:
logger.info("dns-%s account already exists" % hostname)
@@ -463,9 +473,9 @@ if __name__ == '__main__':
# Check if dns-HOSTNAME account exists and delete it if required
try:
dn_str = 'samAccountName=dns-%s,CN=Principals' % hostname
- msg = ldbs.secrets.search(expression='(dn=%s)' % dn_str, attrs=['secret'])
+ msg = ldbs.secrets.search(expression='(dn=%s)' % dn_str, attrs=[])
dn = msg[0].dn
- except Exception:
+ except IndexError:
dn = None
if dn is not None:
@@ -477,9 +487,9 @@ if __name__ == '__main__':
try:
msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
expression='(sAMAccountName=dns-%s)' % (hostname),
- attrs=['clearTextPassword'])
+ attrs=[])
dn = msg[0].dn
- except Exception:
+ except IndexError:
dn = None
if dn is not None:
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 10b8a25..e738d1d 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -283,7 +283,7 @@ for t in smbtorture4_testsuites("dns_internal."):
# Local tests
for t in smbtorture4_testsuites("dlz_bind9."):
#The dlz_bind9 tests needs to look at the DNS database
- plansmbtorture4testsuite(t, "chgdcpass:local", "ncalrpc:localhost")
+ plansmbtorture4testsuite(t, "chgdcpass:local", ["ncalrpc:$SERVER", '-U$USERNAME%$PASSWORD'])
planpythontestsuite("s3dc", "samba.tests.libsmb_samba_internal");
@@ -312,6 +312,7 @@ plantestsuite("samba4.blackbox.rfc2307_mapping(dc:local)", "dc:local", [os.path.
plantestsuite("samba4.blackbox.wbinfo(dc:local)", "dc:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "dc"])
plantestsuite("samba4.blackbox.wbinfo(s4member:local)", "s4member:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', "s4member"])
plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/chgdcpass', smbclient4])
+plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass'])
plantestsuite_loadlist("samba4.rpc.echo against NetBIOS alias", "dc", [valgrindify(smbtorture4), "$LISTOPT", 'ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD', 'rpc.echo'])
# Tests using the "Simple" NTVFS backend
diff --git a/source4/setup/secrets_dns.ldif b/source4/setup/secrets_dns.ldif
index 67fd66b..192c06d 100644
--- a/source4/setup/secrets_dns.ldif
+++ b/source4/setup/secrets_dns.ldif
@@ -5,7 +5,7 @@ objectClass: secret
objectClass: kerberosSecret
realm: ${REALM}
servicePrincipalName: DNS/${DNSNAME}
-msDS-KeyVersionNumber: 1
+msDS-KeyVersionNumber: ${KEY_VERSION_NUMBER}
privateKeytab: ${DNS_KEYTAB}
secret:: ${DNSPASS_B64}
samAccountName: dns-${HOSTNAME}
diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c
index 18d65a3..d7d1736 100644
--- a/source4/torture/dns/dlz_bind9.c
+++ b/source4/torture/dns/dlz_bind9.c
@@ -26,6 +26,9 @@
#include "dsdb/samdb/samdb.h"
#include "dsdb/common/util.h"
#include "auth/session.h"
+#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/popt_common.h"
struct torture_context *tctx_static;
@@ -121,7 +124,80 @@ static bool test_dlz_bind9_configure(struct torture_context *tctx)
return true;
}
+/*
+ * Test that a ticket obtained for the DNS service will be accepted on the Samba DLZ side
+ *
+ */
+static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech)
+{
+ NTSTATUS status;
+
+ struct gensec_security *gensec_client_context;
+
+ DATA_BLOB client_to_server, server_to_client;
+
+ void *dbdata;
+ const char *argv[] = {
+ "samba_dlz",
+ "-H",
+ lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+ NULL
+ };
+ tctx_static = tctx;
+ torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, discard_const_p(char *, argv), &dbdata,
+ "log", dlz_bind9_log_wrapper,
+ "writeable_zone", dlz_bind9_writeable_zone_hook, NULL),
+ ISC_R_SUCCESS,
+ "Failed to create samba_dlz");
+
+ torture_assert_int_equal(tctx, dlz_configure((void*)tctx, dbdata),
+ ISC_R_SUCCESS,
+ "Failed to configure samba_dlz");
+
+ status = gensec_client_start(tctx, &gensec_client_context,
+ lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+ torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
+
+ status = gensec_set_target_hostname(gensec_client_context, torture_setting_string(tctx, "host", NULL));
+ torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed");
+
+ status = gensec_set_credentials(gensec_client_context, cmdline_credentials);
+ torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
+
+ status = gensec_start_mech_by_sasl_name(gensec_client_context, mech);
+ torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
+
+ server_to_client = data_blob(NULL, 0);
+
+ /* Do one step of the client-server update dance */
+ status = gensec_update(gensec_client_context, tctx, tctx->ev, server_to_client, &client_to_server);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
+ torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
+ }
+
+ torture_assert_int_equal(tctx, dlz_ssumatch(cli_credentials_get_username(cmdline_credentials),
+ lpcfg_dnsdomain(tctx->lp_ctx),
+ "127.0.0.1", "type", "key",
+ client_to_server.length,
+ client_to_server.data,
+ dbdata),
+ ISC_R_SUCCESS,
+ "Failed to check key for update rights samba_dlz");
+ dlz_destroy(dbdata);
+
+ return true;
+}
+
+static bool test_dlz_bind9_gssapi(struct torture_context *tctx)
+{
+ return test_dlz_bind9_gensec(tctx, "GSSAPI");
+}
+
+static bool test_dlz_bind9_spnego(struct torture_context *tctx)
+{
+ return test_dlz_bind9_gensec(tctx, "GSS-SPNEGO");
+}
static struct torture_suite *dlz_bind9_suite(TALLOC_CTX *ctx)
{
@@ -132,6 +208,8 @@ static struct torture_suite *dlz_bind9_suite(TALLOC_CTX *ctx)
torture_suite_add_simple_test(suite, "version", test_dlz_bind9_version);
torture_suite_add_simple_test(suite, "create", test_dlz_bind9_create);
torture_suite_add_simple_test(suite, "configure", test_dlz_bind9_configure);
+ torture_suite_add_simple_test(suite, "gssapi", test_dlz_bind9_gssapi);
+ torture_suite_add_simple_test(suite, "spnego", test_dlz_bind9_spnego);
return suite;
}
diff --git a/source4/torture/winbind/winbind.c b/source4/torture/winbind/winbind.c
index 5956834..65382a9 100644
--- a/source4/torture/winbind/winbind.c
+++ b/source4/torture/winbind/winbind.c
@@ -201,6 +201,7 @@ static bool torture_winbind_pac(struct torture_context *tctx)
torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
status = gensec_set_target_hostname(gensec_client_context, cli_credentials_get_workstation(cmdline_credentials));
+ torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed");
status = gensec_set_credentials(gensec_client_context, cmdline_credentials);
torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
diff --git a/testprogs/blackbox/test_samba_upgradedns.sh b/testprogs/blackbox/test_samba_upgradedns.sh
new file mode 100755
index 0000000..a080f73
--- /dev/null
+++ b/testprogs/blackbox/test_samba_upgradedns.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+# Blackbox tests for the samba_upgradedns
+# Copyright (C) 2006-2007 Jelmer Vernooij <jelmer at samba.org>
+# Copyright (C) 2006-2012 Andrew Bartlett <abartlet at samba.org>
+
+if [ $# -lt 4 ]; then
+cat <<EOF
+Usage: test_samba_upgradedns.sh SERVER REALM PREFIX PROVDIR
+EOF
+exit 1;
+fi
+
+SERVER=$1
+REALM=$2
+PREFIX=$3
+PROVDIR=$4
+shift 4
+failed=0
+
+samba4bindir="$BINDIR"
+samba4srcdir="$SRCDIR/source4"
+samba4kinit="$samba4bindir/samba4kinit"
+
+. `dirname $0`/subunit.sh
+
+testit "run samba_upgradedns converting to bind9 DLZ" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=BIND9_DLZ -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
+
+testit "run samba_upgradedns converting to internal" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=SAMBA_INTERNAL -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
+
+testit "run samba_upgradedns converting to internal (2nd time)" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=SAMBA_INTERNAL -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
+
+testit "run samba_upgradedns converting to bind9 DLZ (2nd time)" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=BIND9_DLZ -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
+
+testit "run samba_upgradedns converting to bind9 DLZ (3rd time)" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=BIND9_DLZ -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
+
+
+exit $failed
--
Samba Shared Repository
More information about the samba-cvs
mailing list