[SCM] Samba Shared Repository - branch master updated

Richard Sharpe sharpe at samba.org
Sun Jul 3 12:25:03 UTC 2016 

The branch, master has been updated
       via  1444196 testprogs/blackbox: Improve the net ads dns register tests.
      from  2352e49 selftest: Add test for domain join + kerberos-only auth

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 1444196521d705d86650fb5b508a0cedd0a5c830
Author: Richard Sharpe <rsharpe at samba.org>
Date:   Thu Jun 30 21:07:19 2016 -0700

    testprogs/blackbox: Improve the net ads dns register tests.
    
    More tests are added that add an unprivileged user, enable their
    account, and then test that they can add IP addressed but that they
    cannot modify other user's IP addresses.
    
    Signed-off-by: Richard Sharpe <rsharpe at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Richard Sharpe <sharpe at samba.org>
    Autobuild-Date(master): Sun Jul  3 14:24:59 CEST 2016 on sn-devel-144

-----------------------------------------------------------------------

Summary of changes:
 testprogs/blackbox/test_net_ads_dns.sh | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/testprogs/blackbox/test_net_ads_dns.sh b/testprogs/blackbox/test_net_ads_dns.sh
index 41bc63d..8f9a91b 100755
--- a/testprogs/blackbox/test_net_ads_dns.sh
+++ b/testprogs/blackbox/test_net_ads_dns.sh
@@ -44,7 +44,11 @@ export UID_WRAPPER_ROOT
 
 IPADDRESS=10.1.4.111
 IPADDRMAC=10.1.4.124
+UNPRIVIP=10.1.4.130
 NAME=testname
+UNPRIVNAME=unprivname
+UNPRIVUSER=unprivuser
+UNPRIVPASS=UnPrivPass1
 
 # These tests check that privileged users can add DNS names and that
 # unprivileged users cannot do so.
@@ -63,7 +67,17 @@ testit "We should be able to unregister the name $NAME.$REALM $IPADDRESS" $VALGR
 testit "The name $NAME.$REALM should not be there any longer" test X"`$net_tool ads dns gethostbyname $SERVER $NAME.$REALM -U$DC_USERNAME%$DC_PASSWORD | tr " " B | tr \! N`" != X"$IPADDRESS" || failed=`expr $failed + 1`
 
 # This should be an expect_failure test ...
-# testit "unprivileged users should not be able to add a DNS entry" $VALGRIND $net_tool ads dns register funnyname2.$REALM 10.1.4.112 -U$USERNAME%$PASSWORD && failed=`expr $failed + 1`
+testit "Adding an unprivileged user" $VALGRIND $net_tool user add $UNPRIVUSER $UNPRIVPASS -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+
+LDIF="dn: CN=$UNPRIVUSER,CN=users,DC=samba,DC=example,DC=com+changetype: modify+replace: userAccountControl+userAccountControl: 512"
+
+echo $LDIF | tr '+' '\n' | ./bin/ldbmodify -Uadministrator%locDCpass1 -H ldap://localdc.samba.example.com -i
+STATUS=$?
+
+testit "We should have enabled the account" test $STATUS -eq 0 || failed=`expr $failed + 1`
+
+#Unprivileged users should be able to add new names
+testit "Unprivileged users should be able to add new names" $net_tool ads dns register $UNPRIVNAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=`expr $failed + 1`
 
 # This should work as well
 testit "machine account should be able to add a DNS entry net ads dns register membername.$REALM $IPADDRMAC -P " $net_tool ads dns register membername.$REALM $IPADDRMAC -P || failed=`expr $failed + 1`
@@ -72,6 +86,9 @@ testit "machine account should be able to add a DNS entry net ads dns register m
 # and spaces from the output. Thew will screw up the comparison syntax.
 testit "We should be able to see the new name membername.$REALM using -P" [ X"`$VALGRIND $net_tool ads dns gethostbyname $SERVER membername.$REALM -P | tr \! N | tr " " B`" = X"$IPADDRMAC" ] || failed=`expr $failed + 1`
 
+#Unprivileged users should not be able to overwrite other's names
+testit_expect_failure "Unprivileged users should not be able modify existing names" $net_tool ads dns register membername.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=`expr $failed + 1`
+
 testit "We should be able to unregister the name $NAME.$REALM $IPADDRESS" $VALGRIND $net_tool ads dns unregister $NAME.$REALM -P || failed=`expr $failed + 1`
 
 # The complicated pipeline is to ensure that we remove exclamation points


-- 
Samba Shared Repository

More information about the samba-cvs mailing list