testprogs: Do not export UID_WRAPPER_ROOT in test_net_ads_dns.sh There is not need for root here. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
testprogs: Make testit_expect_failure() return 0 on success This is the behaviour that most existing callers expect, but the function actually returns a non-zero status code in that case. Adjust all callers expecting the opposite behaviour to match. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
testprogs: add test for new net ads dns register --dns-ttl option Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
testprogs/blackbox/test_net_ads_dns.sh: verify test results ($failed) Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
testprogs: net ads dns: do not increase the $failed counter in "net ads dns" when test is OK Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
testprogs: remove used records in "net ads dns" tests Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
testprogs: remove only used dns records in "net ads dns" tests $NAME was not added here in this section, but $UNPRIV. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
testprogs: use uniqe names in "net ads dns" tests to avoid conflicts Avoid conflicts when running the same tests multiple times. Reduces the needs to cleanup all objects properly. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
testprogs: net ads dns tests: remove test user after usage. Not required anymore and would produce errors, when the test runs a second time. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
testprogs: Use system_or_builddir_binary() for test_net_ads_dns Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
testprogs: If built against system db use the system tools in test_net_ads_dns.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
testprogs: Reformat test_net_ads_dns.sh shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_dns.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
test: Prime the kpasswd server I was getting this failure: [102(815)/143 at 10m59s] samba4.blackbox.net_ads_dns(ad_member:local)(ad_member:local) UNEXPECTED(failure): samba4.blackbox.net_ads_dns(ad_member:local).Adding an unprivileged user(ad_member:local) REASON: Exception: Exception: Could not add user unprivuser. Error setting password Incorrect net address My preliminary analysis shows that the KRB5KRB_AP_ERR_BADADDR error message is triggered by the libkrb5 client code. I have not yet shown this to happen with pure libkrb5, but my theory is the following: k5_privsafe_check_addrs() fails under the following circumstances: The kpasswd server is contacted on IPv4 and is slow to reply. After waiting a bit, libkrb5 also tries to contact kpasswd on IPv6. kpasswd_sendto_msg_callback() for the IPv6 request changes the authentication context's local_addr to IPv6. Then the IPv4 request is replied to, and then k5_privsafe_check_addrs() bails on the address family in ac->local_addr (IPv6) vs the one received and via the IPv4 connection. libkrb5's src/lib/krb5/os/changepw.c has this comment: /* * TBD: Does this tamper w/ the auth context in such a way * to break us? Yes - provide 1 per conn-state / host... */ I think we're hit by this. This patch hacks around the situation by priming the kpasswd server without error checking. If the initial v4 request is quick enough because the kpasswd server is already started up properly, everything works flawlessly. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
testprogs: Consistantly use kinit -c $KRB5CCNAME We want to be really clear which credentials cache we use. The kerberos_kinit() shell function uses this internally. -c is the common option between MIT and Heimdal, and is equivilant to --cache Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jul 5 23:51:43 UTC 2021 on sn-devel-184
tests: Use ldbsearch '--scope instead of '-s' We should use long options in tests to make clear what we are trying to do. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
tests: also test net ads dns (un)register with IPv6 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13706 Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
testprogs/blackbox: don't use hardcoded values in test_net_ads_dns.sh Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
testprogs/blackbox: Improve the net ads dns register tests. More tests are added that add an unprivileged user, enable their account, and then test that they can add IP addressed but that they cannot modify other user's IP addresses. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Sun Jul 3 14:24:59 CEST 2016 on sn-devel-144