[PATCH] Add test for 'net ads (join|leave)
Uri Simchoni
uri at samba.org
Wed Nov 4 14:47:21 UTC 2015
On 11/01/2015 08:13 PM, Andrew Bartlett wrote:
> On Sun, 2015-11-01 at 14:26 +0200, Uri Simchoni wrote:
>> "source" is bash-specific. We should use "." instead.
>>
>> But before fixing and pushing, Andrew's comment seems correct to me -
>> wouldn't "net join" change the shared secret between the running
>> server
>> and the domain and thus affect the server? It seems like it would be
>> better to run it with an smb.conf which has "netbios name" set to
>> some
>> bogus name, and this way the test would run on an a different
>> account.
>>
>> (I tried just passing a command line option to net, but it didn't
>> manage
>> to pass unharmed through the subunit functions, because of the
>> space).
> I think you should pass in a whole smb.conf, pointing at a different
> location (to get an effect like samba-tool domain join's --targetdir).
>
> I any case, to specify options with spaces, remember that our smb.conf
> parser is whitespace insensitive except for inside the option value, so
> you can omit the spaces, eg --option=ntlmauth=true
>
> Andrew Bartlett
>
I pushed it as-is with the fix to "source", because I've delayed it long
enough, and am proposing the attached patch set to run the test in
client env, so as not to impact the running server and avoid potential
future "flakiness" introduced by that.
I'm not sure how the running server is supposed to handle change of
shared secret, perhaps it recovers gracefully from that, but the
recovery will occur in a different test and is not the subject of this
test, so we should not be doing it.
Thanks,
Uri.
-------------- next part --------------
From 44ba822050e28c6b29087e2e094438e43515aea0 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Wed, 4 Nov 2015 07:22:36 +0200
Subject: [PATCH 1/3] selftest: support ads in client env
add "security=ads" to client env to support client tool
testing in AD environment.
Signed-off-by: Uri Simchoni <uri at samba.org>
---
selftest/selftest.pl | 1 +
1 file changed, 1 insertion(+)
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index db5da05..6e33d48 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -524,6 +524,7 @@ sub write_clientconf($$$)
}
if (defined($vars->{REALM})) {
print CF "\trealm = $vars->{REALM}\n";
+ print CF "\tsecurity = ads\n";
}
if ($opt_socket_wrapper) {
print CF "\tinterfaces = $interfaces\n";
--
2.4.3
From 80a06c3a72b088b2238e139e02ec3a8900448dff Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Wed, 4 Nov 2015 07:31:47 +0200
Subject: [PATCH 2/3] selftest: run net ads join test in client env
Running in client env does not affect the running server.
Signed-off-by: Uri Simchoni <uri at samba.org>
---
source4/selftest/tests.py | 2 +-
testprogs/blackbox/test_net_ads.sh | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 1425323..574800d 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -330,7 +330,7 @@ plantestsuite("samba4.blackbox.gentest(ad_dc_ntvfs)", "ad_dc_ntvfs", [os.path.jo
plantestsuite("samba4.blackbox.rfc2307_mapping(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_rfc2307_mapping.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "$SERVER", "$UID_RFC2307TEST", "$GID_RFC2307TEST", configuration])
plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/chgdcpass', smbclient4])
plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass'])
-plantestsuite("samba4.blackbox.net_ads(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD'])
+plantestsuite("samba4.blackbox.net_ads(ad_member:client)", "ad_member:client", [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD'])
plantestsuite_loadlist("samba4.rpc.echo against NetBIOS alias", "ad_dc_ntvfs", [valgrindify(smbtorture4), "$LISTOPT", "$LOADLIST", 'ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD', 'rpc.echo'])
# Tests using the "Simple" NTVFS backend
diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh
index 487014d..974a583 100755
--- a/testprogs/blackbox/test_net_ads.sh
+++ b/testprogs/blackbox/test_net_ads.sh
@@ -16,6 +16,8 @@ net_tool="$BINDIR/net"
# Load test functions
. `dirname $0`/subunit.sh
+testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
testit "join+server" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD -S$DC_SERVER || failed=`expr $failed + 1`
@@ -31,5 +33,7 @@ testit_expect_failure "leave+invalid_server" $VALGRIND $net_tool ads leave -U$DC
testit "testjoin" $VALGRIND $net_tool ads testjoin -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
testit "testjoin_machine_account" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
+##Goodbye...
+testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
exit $failed
--
2.4.3
From c91540f9d17599f34b7cc158dc12f72d80d8fc0d Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Wed, 4 Nov 2015 07:32:57 +0200
Subject: [PATCH 3/3] selftest: add some test cases to net ads join
Perform a testjoin between steps to verify join status
Perform most testjoins with machine account because that's
the more common case.
Signed-off-by: Uri Simchoni <uri at samba.org>
---
testprogs/blackbox/test_net_ads.sh | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh
index 974a583..2ff3827 100755
--- a/testprogs/blackbox/test_net_ads.sh
+++ b/testprogs/blackbox/test_net_ads.sh
@@ -18,8 +18,12 @@ net_tool="$BINDIR/net"
testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
+
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
+
testit "join+server" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD -S$DC_SERVER || failed=`expr $failed + 1`
testit "leave+server" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD -S$DC_SERVER || failed=`expr $failed + 1`
@@ -30,9 +34,8 @@ testit "join+server" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD ||
testit_expect_failure "leave+invalid_server" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD -SINVALID && failed=`expr $failed + 1`
-testit "testjoin" $VALGRIND $net_tool ads testjoin -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+testit "testjoin user+password" $VALGRIND $net_tool ads testjoin -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
-testit "testjoin_machine_account" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
##Goodbye...
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
--
2.4.3
More information about the samba-technical
mailing list