selftest: Add ldapcmp to ensure upgradeprovision of a fresh DB is a no-op

Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d7936ee20c20635d62657cb821ff6dc4eb5fe33c)

diff --git a/selftest/knownfail b/selftest/knownfail
index 84eb7699347fcb4a086680a85657d8c929249c8b..efcb9f23adacc1e8c078f500fdb59594c35f153d 100644 (file)
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -159,6 +159,8 @@
 ^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4
 ^samba4.blackbox.kinit\(.*\).kinit with user password for expired password\(.*\) # We need to work out why this fails only during the pw change
 ^samba4.blackbox.dbcheck\(vampire_dc\).dbcheck\(vampire_dc:local\) # Due to replicating with --domain-critical-only we fail dbcheck on this database
+^samba4.blackbox.upgradeprovision.*.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right
+^samba4.blackbox.upgradeprovision.*.ldapcmp_full_sd\(none\) # Due to something rewriting the NT ACL on DNS objects and not getting the DC ACL right
 ^samba3.smb2.create.gentest
 ^samba3.smb2.create.blob
 ^samba3.smb2.create.open

diff --git a/source4/setup/tests/blackbox_upgradeprovision.sh b/source4/setup/tests/blackbox_upgradeprovision.sh
index 1ff76952e36651b79dd14562ad97a96f78aa7c33..8e4c2cc4f9e497b5f5db45b3cf23d4e01ad9d27e 100755 (executable)
--- a/source4/setup/tests/blackbox_upgradeprovision.sh
+++ b/source4/setup/tests/blackbox_upgradeprovision.sh
@@ -14,11 +14,18 @@ shift 1
 
 [ ! -d $PREFIX ] && mkdir $PREFIX
 
+upgradeprovision_reference() {
+  if [ -d $PREFIX/upgradeprovision_reference ]; then
+    rm -fr $PREFIX/upgradeprovision_reference
+  fi
+       $PYTHON $BINDIR/samba-tool domain provision --host-name=bar --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/upgradeprovision_reference" --server-role="dc" --use-ntvfs
+}
+
 upgradeprovision() {
   if [ -d $PREFIX/upgradeprovision ]; then
     rm -fr $PREFIX/upgradeprovision
   fi
-       $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/upgradeprovision" --server-role="dc" --use-ntvfs
+       $PYTHON $BINDIR/samba-tool domain provision --host-name=bar --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/upgradeprovision" --server-role="dc" --use-ntvfs
        $PYTHON $BINDIR/samba_upgradeprovision -s "$PREFIX/upgradeprovision/etc/smb.conf" --debugchange
 }
 
@@ -30,6 +37,26 @@ upgradeprovision_full() {
        $PYTHON $BINDIR/samba_upgradeprovision -s "$PREFIX/upgradeprovision_full/etc/smb.conf" --full --debugchange
 }
 
+# The ldapcmp runs here are to ensure that a 'null' run of
+# upgradeprovision (because we did a provision with the same template)
+# really doesn't change anything.
+
+ldapcmp() {
+        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn
+}
+
+ldapcmp_full() {
+        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn
+}
+
+ldapcmp_sd() {
+        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn
+}
+
+ldapcmp_full_sd() {
+        $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn
+}
+
 if [ -d $PREFIX/upgradeprovision ]; then
   rm -fr $PREFIX/upgradeprovision
 fi
@@ -40,5 +67,10 @@ fi
 
 testit "upgradeprovision" upgradeprovision
 testit "upgradeprovision_full" upgradeprovision_full
+testit "upgradeprovision_reference" upgradeprovision_reference
+testit "ldapcmp" ldapcmp
+testit "ldapcmp_full" ldapcmp_full
+testit "ldapcmp_sd" ldapcmp_sd
+testit "ldapcmp_full_sd" ldapcmp_full_sd
 
 exit $failed