[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Apr 21 10:05:01 UTC 2021
The branch, master has been updated
via 0f29b8c2fee samba-tool: add dns zoneoptions for aging control
via 38fe888f95f docs: Expand the "log level" docs on audit logging
via d03e7ffcff3 docs: underline special words in the audit logging part of "log level" in man smb.conf
via 364b8be9816 docs: Further discourage the use of the "event notification" options
via a778a3a6420 docs: Add proper explination on why transactions need to be audited.
via 2e533664e75 docs: Add missing documentation on dsdb_group_audit and dsdb_group_audit_json
via 0d30d74e898 debug: Synchronise "log level" in smb.conf with the code
from 58c6c031f5d libcli: Fix parsing access flags from multiple tables
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0f29b8c2fee0d6bcc5b83ef237518539179de465
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue Apr 20 00:07:50 2021 +1200
samba-tool: add dns zoneoptions for aging control
This adds a subcommand for altering zone parameters.
At the moment the only options are related to record aging (a.k.a
scavenging). The code is structured to make it easy to add more
integer or boolean options, but it is not clear that this would be
useful; many other parameters are not used or would only have
deleterious effects.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 21 10:04:14 UTC 2021 on sn-devel-184
commit 38fe888f95f8d22736080ed521939be932e7bca0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Apr 16 10:43:07 2021 +1200
docs: Expand the "log level" docs on audit logging
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d03e7ffcff32452bb92f2ced9f06cbeab9843e04
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Apr 15 14:40:30 2021 +1200
docs: underline special words in the audit logging part of "log level" in man smb.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 364b8be9816b34b2a1b07c6259345c406d68c9f2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Apr 15 14:45:07 2021 +1200
docs: Further discourage the use of the "event notification" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a778a3a6420f094a953563b87f84457fdebd20a3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Apr 15 14:44:22 2021 +1200
docs: Add proper explination on why transactions need to be audited.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2e533664e756ccde8fc1b3e41e70437c9e7bafcd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Apr 15 14:39:49 2021 +1200
docs: Add missing documentation on dsdb_group_audit and dsdb_group_audit_json
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0d30d74e89829cc7b4faa6ba835e3d90c1c410aa
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Apr 15 13:52:38 2021 +1200
debug: Synchronise "log level" in smb.conf with the code
This is done by pasting in the contents of default_classname_table[]
in lib/util/debug.c into
cut -f 2 -d \"| xargs -i sh -c 'echo "\t<listitem><para><parameter moreinfo=\"none\">{}</parameter></para></listitem>"'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/logging/loglevel.xml | 108 +++++++++++++++------
.../smbdotconf/logon/autheventnotification.xml | 17 ++--
docs-xml/smbdotconf/misc/dsdbeventnotification.xml | 14 ++-
.../misc/dsdbgroupchangenotification.xml | 16 +--
.../misc/dsdbpasswordeventnotification.xml | 16 +--
python/samba/netcmd/dns.py | 89 +++++++++++++++++
python/samba/tests/samba_tool/dnscmd.py | 54 +++++++++++
7 files changed, 262 insertions(+), 52 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/logging/loglevel.xml b/docs-xml/smbdotconf/logging/loglevel.xml
index 273765c6fbe..4c6bb5e7e73 100644
--- a/docs-xml/smbdotconf/logging/loglevel.xml
+++ b/docs-xml/smbdotconf/logging/loglevel.xml
@@ -24,8 +24,6 @@
<listitem><para><parameter moreinfo="none">printdrivers</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">lanman</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">smb</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">smb2</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">smb2_credits</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">rpc_parse</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">rpc_srv</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">rpc_cli</parameter></para></listitem>
@@ -41,19 +39,24 @@
<listitem><para><parameter moreinfo="none">msdfs</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">dmapi</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">registry</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">scavenger</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">dns</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">ldb</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">tevent</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">auth_audit</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">auth_json_audit</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">kerberos</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">dsdb_audit</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">dsdb_json_audit</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">dsdb_password_audit</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">dsdb_password_json_audit</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">dsdb_transaction_audit</parameter></para></listitem>
- <listitem><para><parameter moreinfo="none">dsdb_transaction_json_audit</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">scavenger</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">dns</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ldb</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">tevent</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">auth_audit</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">auth_json_audit</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">kerberos</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">drs_repl</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">smb2</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">smb2_credits</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">dsdb_audit</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">dsdb_json_audit</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">dsdb_password_audit</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">dsdb_password_json_audit</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">dsdb_transaction_audit</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">dsdb_transaction_json_audit</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">dsdb_group_audit</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">dsdb_group_json_audit</parameter></para></listitem>
</itemizedlist>
<para>To configure the logging for specific classes to go into a different
@@ -62,9 +65,9 @@
full_audit:1@/var/log/audit.log</parameter>.</para>
<para>Authentication and authorization audit information is logged
- under the auth_audit, and if Samba was not compiled with
+ under the <parameter>auth_audit</parameter>, and if Samba was not compiled with
--without-json, a JSON representation is logged under
- auth_json_audit.</para>
+ <parameter>auth_json_audit</parameter>.</para>
<para>Support is comprehensive for all authentication and authorisation
of user accounts in the Samba Active Directory Domain Controller,
@@ -72,7 +75,8 @@
the file server, NTLM authentication, SMB and RPC authorization is
covered.</para>
- <para>Log levels for auth_audit and auth_audit_json are:</para>
+ <para>Log levels for <parameter>auth_audit</parameter> and
+ <parameter>auth_audit_json</parameter> are:</para>
<itemizedlist>
<listitem><para>2: Authentication Failure</para></listitem>
<listitem><para>3: Authentication Success</para></listitem>
@@ -80,21 +84,69 @@
<listitem><para>5: Anonymous Authentication and Authorization Success</para></listitem>
</itemizedlist>
- <para>Changes to the sam.ldb database are logged
- under the dsdb_audit and a JSON representation is logged under
- dsdb_json_audit.</para>
+ <para>Changes to the AD DC <command moreinfo="none">sam.ldb</command>
+ database are logged under the <parameter>dsdb_audit</parameter>
+ and a JSON representation is logged under
+ <parameter>dsdb_json_audit</parameter>.</para>
+
+ <para>Group membership changes to the AD DC <command
+ moreinfo="none">sam.ldb</command> database are logged under the
+ <parameter>dsdb_group_audit</parameter> and a JSON representation
+ is logged under
+ <parameter>dsdb_group_json_audit</parameter>.</para>
+
+ <para>Log levels for <parameter>dsdb_audit</parameter>,
+ <parameter>dsdb_json_audit</parameter>,
+ <parameter>dsdb_group_audit</parameter>,
+ <parameter>dsdb_group_json_audit</parameter> and
+ <parameter>dsdb_json_audit</parameter> are:</para>
+ <itemizedlist>
+ <listitem><para>5: Database modifications</para></listitem>
+ <listitem><para>5: Replicated updates from another DC</para></listitem>
+ </itemizedlist>
- <para>Password changes and Password resets are logged under
- dsdb_password_audit and a JSON representation is logged under the
- dsdb_password_json_audit.</para>
+ <para>Password changes and Password resets in the AD DC are logged
+ under <parameter>dsdb_password_audit</parameter> and a JSON
+ representation is logged under the
+ <parameter>dsdb_password_json_audit</parameter>. Password changes
+ will also appears as authentication events via
+ <parameter>auth_audit</parameter> and
+ <parameter>auth_audit_json</parameter>.</para>
+
+ <para>Log levels for <parameter>dsdb_password_audit</parameter> and
+ <parameter>dsdb_password_json_audit</parameter> are:</para>
+ <itemizedlist>
+ <listitem><para>5: Successful password changes and resets</para></listitem>
+ </itemizedlist>
<para>Transaction rollbacks and prepare commit failures are logged under
- the dsdb_transaction_audit and a JSON representation is logged under the
- password_json_audit. Logging the transaction details allows the
- identification of password and sam.ldb operations that have been rolled
- back.</para>
+ the <parameter>dsdb_transaction_audit</parameter> and a JSON representation is logged under the
+ <parameter>dsdb_transaction_json_audit</parameter>. </para>
+
+ <para>Log levels for <parameter>dsdb_transaction_audit</parameter> and
+ <parameter>dsdb_transaction_json</parameter> are:</para>
+
+ <itemizedlist>
+ <listitem><para>5: Transaction failure (rollback)</para></listitem>
+ <listitem><para>10: Transaction success (commit)</para></listitem>
+ </itemizedlist>
+ <para>Transaction roll-backs are possible in Samba, and whilst
+ they rarely reflect anything more than the failure of an
+ individual operation (say due to the add of a conflicting record),
+ they are possible. Audit logs are already generated and sent to
+ the system logs before the transaction is complete. Logging the
+ transaction details allows the identification of password and
+ <command moreinfo="none">sam.ldb</command> operations that have
+ been rolled back, and so have not actually persisted.</para>
+ <warning><para> Changes to <command
+ moreinfo="none">sam.ldb</command> made locally by the <command
+ moreinfo="none">root</command> user with direct access to the
+ database are not logged to the system logs, but to the
+ administrator's own console. While less than ideal, any user able
+ to make such modifications could disable the audit logging in any
+ case. </para></warning>
</description>
<value type="default">0</value>
<value type="example">3 passdb:5 auth:10 winbind:2</value>
diff --git a/docs-xml/smbdotconf/logon/autheventnotification.xml b/docs-xml/smbdotconf/logon/autheventnotification.xml
index 1ae2dbfb61a..87ccf02a8f4 100644
--- a/docs-xml/smbdotconf/logon/autheventnotification.xml
+++ b/docs-xml/smbdotconf/logon/autheventnotification.xml
@@ -10,16 +10,19 @@
registering as the service
<filename moreinfo="none">auth_event</filename>.</para>
- <para>This should be considered a developer option (it assists
- in the Samba testsuite) rather than a facility for external
- auditing, as message delivery is not guaranteed (a feature
- that the testsuite works around). Additionally Samba must be
- compiled with the jansson support for this option to be
- effective.</para>
+ <para>This is <emphasis>not</emphasis> needed for the audit
+ logging described in <smbconfoption name="log level"/>.</para>
+
+ <para>Instead, this should instead be considered a developer
+ option (it assists in the Samba testsuite) rather than a
+ facility for external auditing, as message delivery is not
+ guaranteed (a feature that the testsuite works around).</para>
<para>The authentication events are also logged via the normal
logging methods when the <smbconfoption name="log level"/> is
- set appropriately.</para>
+ set appropriately, say to
+ <command moreinfo="none">auth_json_audit:3</command>.</para>
+
</description>
<value type="default">no</value>
diff --git a/docs-xml/smbdotconf/misc/dsdbeventnotification.xml b/docs-xml/smbdotconf/misc/dsdbeventnotification.xml
index 7df46e1d68c..279ac3d29ef 100644
--- a/docs-xml/smbdotconf/misc/dsdbeventnotification.xml
+++ b/docs-xml/smbdotconf/misc/dsdbeventnotification.xml
@@ -10,14 +10,18 @@
registering as the service
<filename moreinfo="none">dsdb_event</filename>.</para>
- <para>This should be considered a developer option (it assists
- in the Samba testsuite) rather than a facility for external
- auditing, as message delivery is not guaranteed (a feature
- that the testsuite works around).</para>
+ <para>This is <emphasis>not</emphasis> needed for the audit
+ logging described in <smbconfoption name="log level"/>.</para>
+
+ <para>Instead, this should instead be considered a developer
+ option (it assists in the Samba testsuite) rather than a
+ facility for external auditing, as message delivery is not
+ guaranteed (a feature that the testsuite works around).</para>
<para>The Samba database events are also logged via the normal
logging methods when the <smbconfoption name="log level"/> is
- set appropriately.</para>
+ set appropriately, say to
+ <command moreinfo="none">dsdb_json_audit:5</command>.</para>
</description>
diff --git a/docs-xml/smbdotconf/misc/dsdbgroupchangenotification.xml b/docs-xml/smbdotconf/misc/dsdbgroupchangenotification.xml
index 6354979538b..3972e72b60f 100644
--- a/docs-xml/smbdotconf/misc/dsdbgroupchangenotification.xml
+++ b/docs-xml/smbdotconf/misc/dsdbgroupchangenotification.xml
@@ -10,14 +10,18 @@
registering as the service
<filename moreinfo="none">dsdb_group_event</filename>.</para>
- <para>This should be considered a developer option (it assists
- in the Samba testsuite) rather than a facility for external
- auditing, as message delivery is not guaranteed (a feature
- that the testsuite works around).</para>
+ <para>This is <emphasis>not</emphasis> needed for the audit
+ logging described in <smbconfoption name="log level"/>.</para>
- <para>The group events are also logged via the normal
+ <para>Instead, this should instead be considered a developer
+ option (it assists in the Samba testsuite) rather than a
+ facility for external auditing, as message delivery is not
+ guaranteed (a feature that the testsuite works around).</para>
+
+ <para>The Samba database events are also logged via the normal
logging methods when the <smbconfoption name="log level"/> is
- set appropriately.</para>
+ set appropriately, say to
+ <command moreinfo="none">dsdb_group_json_audit:5</command>.</para>
</description>
diff --git a/docs-xml/smbdotconf/misc/dsdbpasswordeventnotification.xml b/docs-xml/smbdotconf/misc/dsdbpasswordeventnotification.xml
index 984321b98fc..cd2cc98ff42 100644
--- a/docs-xml/smbdotconf/misc/dsdbpasswordeventnotification.xml
+++ b/docs-xml/smbdotconf/misc/dsdbpasswordeventnotification.xml
@@ -10,14 +10,18 @@
events by registering as the service
<filename moreinfo="none">password_event</filename>.</para>
- <para>This should be considered a developer option (it assists
- in the Samba testsuite) rather than a facility for external
- auditing, as message delivery is not guaranteed (a feature
- that the testsuite works around).</para>
+ <para>This is <emphasis>not</emphasis> needed for the audit
+ logging described in <smbconfoption name="log level"/>.</para>
- <para>The password events are also logged via the normal
+ <para>Instead, this should instead be considered a developer
+ option (it assists in the Samba testsuite) rather than a
+ facility for external auditing, as message delivery is not
+ guaranteed (a feature that the testsuite works around).</para>
+
+ <para>The Samba database events are also logged via the normal
logging methods when the <smbconfoption name="log level"/> is
- set appropriately.</para>
+ set appropriately, say to
+ <command moreinfo="none">dsdb_password_json_audit:5</command>.</para>
</description>
diff --git a/python/samba/netcmd/dns.py b/python/samba/netcmd/dns.py
index a267c4105b5..11ca90b1f3e 100644
--- a/python/samba/netcmd/dns.py
+++ b/python/samba/netcmd/dns.py
@@ -505,6 +505,94 @@ class cmd_serverinfo(Command):
print_serverinfo(self.outf, typeid, res)
+def _add_integer_options(table, takes_options, integer_properties):
+ """Generate options for cmd_zoneoptions"""
+ for k, doc, _min, _max in table:
+ o = '--' + k.lower()
+ opt = Option(o,
+ help=f"{doc} [{_min}-{_max}]",
+ type="int",
+ dest=k)
+ takes_options.append(opt)
+ integer_properties.append((k, _min, _max, o))
+
+
+class cmd_zoneoptions(Command):
+ """Change zone aging options."""
+
+ synopsis = '%prog <server> <zone> [options]'
+
+ takes_args = ['server', 'zone']
+
+ takes_optiongroups = {
+ "sambaopts": options.SambaOptions,
+ "versionopts": options.VersionOptions,
+ "credopts": options.CredentialsOptions,
+ }
+
+ takes_options = [
+ Option('--client-version', help='Client Version',
+ default='longhorn', metavar='w2k|dotnet|longhorn',
+ choices=['w2k', 'dotnet', 'longhorn'], dest='cli_ver'),
+ ]
+
+ integer_properties = []
+ # Any zone parameter that is stored as an integer (which is most of
+ # them) can be added to this table. The name should be the dnsp
+ # mixed case name, which will get munged into a lowercase name for
+ # the option. (e.g. "Aging" becomes "--aging").
+ #
+ # Note: just because we add a name here doesn't mean we will use
+ # it.
+ _add_integer_options([
+ # ( name, help-string, min, max )
+ ('Aging', 'Enable record aging', 0, 1),
+ ('NoRefreshInterval',
+ 'Aging no refresh interval in hours (0: use default)',
+ 0, 10 * 365 * 24),
+ ('RefreshInterval',
+ 'Aging refresh interval in hours (0: use default)',
+ 0, 10 * 365 * 24),
+ ],
+ takes_options,
+ integer_properties)
+
+ def run(self, server, zone, cli_ver, sambaopts=None, credopts=None,
+ versionopts=None, **kwargs):
+ self.lp = sambaopts.get_loadparm()
+ self.creds = credopts.get_credentials(self.lp)
+ dns_conn = dns_connect(server, self.lp, self.creds)
+
+ client_version = dns_client_version(cli_ver)
+ nap_type = dnsserver.DNSSRV_TYPEID_NAME_AND_PARAM
+
+ for k, _min, _max, o in self.integer_properties:
+ if kwargs.get(k) is None:
+ continue
+ v = kwargs[k]
+ if _min is not None and v < _min:
+ raise CommandError(f"{o} must be at least {_min}")
+ if _max is not None and v > _max:
+ raise CommandError(f"{o} can't exceed {_max}")
+
+ name_param = dnsserver.DNS_RPC_NAME_AND_PARAM()
+ name_param.dwParam = v
+ name_param.pszNodeName = k
+ try:
+ dns_conn.DnssrvOperation2(client_version,
+ 0,
+ server,
+ zone,
+ 0,
+ 'ResetDwordProperty',
+ nap_type,
+ name_param)
+ except WERRORError as e:
+ raise CommandError(f"Could not set {k} to {v}") from None
+
+ print(f"Set {k} to {v}", file=self.outf)
+
+
class cmd_zoneinfo(Command):
"""Query for zone information."""
@@ -1065,6 +1153,7 @@ class cmd_dns(SuperCommand):
subcommands = {}
subcommands['serverinfo'] = cmd_serverinfo()
+ subcommands['zoneoptions'] = cmd_zoneoptions()
subcommands['zoneinfo'] = cmd_zoneinfo()
subcommands['zonelist'] = cmd_zonelist()
subcommands['zonecreate'] = cmd_zonecreate()
diff --git a/python/samba/tests/samba_tool/dnscmd.py b/python/samba/tests/samba_tool/dnscmd.py
index 356b2c46d05..0048e390ce5 100644
--- a/python/samba/tests/samba_tool/dnscmd.py
+++ b/python/samba/tests/samba_tool/dnscmd.py
@@ -17,6 +17,7 @@
import os
import ldb
+import re
from samba.auth import system_session
from samba.samdb import SamDB
@@ -910,3 +911,56 @@ class DnsCmdTestCase(SambaToolCmdTest):
err,
"Failed to print zoneinfo")
self.assertTrue(out != '')
+
+ def test_zoneoptions(self):
+ for options, vals, error in (
+ (['--aging=1'], {'fAging': 'TRUE'}, False),
+ (['--aging=0'], {'fAging': 'FALSE'}, False),
+ (['--aging=-1'], {'fAging': 'FALSE'}, True),
+ (['--aging=2'], {}, True),
+ (['--aging=2', '--norefreshinterval=1'], {}, True),
+ (['--aging=1', '--norefreshinterval=1'],
+ {'fAging': 'TRUE', 'dwNoRefreshInterval': '1'}, False),
+ (['--aging=1', '--norefreshinterval=0'],
+ {'fAging': 'TRUE', 'dwNoRefreshInterval': '0'}, False),
+ (['--aging=0', '--norefreshinterval=99', '--refreshinterval=99'],
+ {'fAging': 'FALSE',
+ 'dwNoRefreshInterval': '99',
+ 'dwRefreshInterval': '99'}, False),
+ (['--aging=0', '--norefreshinterval=-99', '--refreshinterval=99'],
+ {}, True),
+ (['--refreshinterval=9999999'], {}, True),
+ (['--norefreshinterval=9999999'], {}, True),
+ ):
+ result, out, err = self.runsubcmd("dns",
+ "zoneoptions",
+ os.environ["SERVER"],
+ self.zone,
+ self.creds_string,
+ *options)
+ if error:
+ self.assertCmdFail(result, "zoneoptions should fail")
+ else:
+ self.assertCmdSuccess(result,
+ out,
+ err,
+ "zoneoptions shouldn't fail")
+
+
+ info_r, info_out, info_err = self.runsubcmd("dns",
+ "zoneinfo",
+ os.environ["SERVER"],
+ self.zone,
+ self.creds_string)
+
+ self.assertCmdSuccess(info_r,
+ info_out,
+ info_err,
+ "zoneinfo shouldn't fail after zoneoptions")
+
+ info = {k: v for k, v in re.findall(r'^\s*(\w+)\s*:\s*(\w+)\s*$',
+ info_out,
+ re.MULTILINE)}
+ for k, v in vals.items():
+ self.assertIn(k, info)
+ self.assertEqual(v, info[k])
--
Samba Shared Repository
More information about the samba-cvs
mailing list