selftest: Add more RODC tests to avoid regressions here
authorAndrew Bartlett <abartlet@samba.org>
Thu, 23 Mar 2017 23:12:43 +0000 (12:12 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 27 Mar 2017 18:08:18 +0000 (20:08 +0200)
This ensures that the RODC can authenticatate users over wbinfo, normal services and SamLogon
including in particular the important need-to-be-forwarded case

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
selftest/knownfail
source3/script/tests/test_rpcclient_samlogon.sh
source4/selftest/tests.py

index cfd4b359a5eb31a42bdf6330935f15553d7081a4..b25038064c3c458811d46f06f4e0e473ec8abaad 100644 (file)
 ^samba.wbinfo_simple.\(ad_dc:local\).--allocate-gid
 ^samba.wbinfo_simple.\(chgdcpass:local\).--allocate-uid
 ^samba.wbinfo_simple.\(chgdcpass:local\).--allocate-gid
+^samba.wbinfo_simple.\(rodc:local\).--allocate-uid
+^samba.wbinfo_simple.\(rodc:local\).--allocate-gid
 #
 # These do not work against winbindd in member mode for unknown reasons
 #
index a41ae44d25f7c6915b0a6fe1c30ba07a3334ee67..26f0f88ed808711f1877a35f7940a1540d4003d3 100755 (executable)
@@ -10,16 +10,16 @@ fi
 USERNAME="$1"
 PASSWORD="$2"
 shift 2
-ADDARGS="$*"
+ADDARGS="$@"
 
 rpcclient_samlogon_schannel_seal()
 {
-       $VALGRIND $BINDIR/rpcclient -U% -c "schannel;samlogon $USERNAME $PASSWORD;samlogon $USERNAME $PASSWORD" $@
+       $VALGRIND $BINDIR/rpcclient -U% -c "schannel;samlogon '$USERNAME' '$PASSWORD';samlogon '$USERNAME' '$PASSWORD'" $@
 }
 
 rpcclient_samlogon_schannel_sign()
 {
-       $VALGRIND $BINDIR/rpcclient -U% -c "schannelsign;samlogon $USERNAME $PASSWORD;samlogon $USERNAME $PASSWORD" $@
+       $VALGRIND $BINDIR/rpcclient -U% -c "schannelsign;samlogon '$USERNAME' '$PASSWORD';samlogon '$USERNAME' '$PASSWORD'" $@
 }
 
 incdir=`dirname $0`/../../../testprogs/blackbox
index f661bf2d95bceff9f6de75422aac7a0941045d3e..890d41ed713f7dae32d2a8ea3613279ae56220a4 100755 (executable)
@@ -484,7 +484,7 @@ for env in ["nt4_dc", "fl2003dc"]:
     for t in winbind_wbclient_tests:
         plansmbtorture4testsuite(t, "%s:local" % env, '//$SERVER/tmp -U$DC_USERNAME%$DC_PASSWORD')
 
-for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "s4member", "chgdcpass"]:
+for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "s4member", "chgdcpass", "rodc"]:
     tests = ["--ping", "--separator",
              "--own-domain",
              "--all-domains",
@@ -661,8 +661,21 @@ plansmbtorture4testsuite(t, "vampire_dc", ['$SERVER', '-U$USERNAME%$PASSWORD', '
 for env in ['rodc']:
     plansmbtorture4testsuite('rpc.echo', env, ['ncacn_np:$SERVER', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
     plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "yes", '-P', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo")
+    plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", '-Utestallowed\ account%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testallowed")
+    plansmbtorture4testsuite('rpc.echo', "%s:local" % env, ['ncacn_np:$SERVER', "-k", "no", '-Utestdenied%$DC_PASSWORD', '--workgroup=$DOMAIN'], modname="samba4.rpc.echo.testdenied")
 planpythontestsuite("rodc:local", "samba.tests.samba_tool.rodc")
 
+plantestsuite("samba.blackbox.rpcclient_samlogon", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
+                                                                 "$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
+
+plantestsuite("samba.blackbox.rpcclient_samlogon_testallowed", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
+                                                                             "testallowed\ account", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
+
+plantestsuite("samba.blackbox.rpcclient_samlogon_testdenied", "rodc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"),
+                                                                            "testdenied", "$DC_PASSWORD", "ncacn_np:$SERVER", configuration])
+
+
+
 plantestsuite("samba4.blackbox.provision-backend", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_provision-backend.sh"), '$PREFIX/provision'])
 
 # Test renaming the DC