The branch, master has been updated via e3cfb99d286 net: add hint which options can be used with net ads dns register command via 529ef99d7c5 testprogs: add test for new net ads dns register --dns-ttl option via 0ea27849062 docs: documentation for new net --dns-ttl option via 36ed126f4c3 net: add new --dns-ttl option to specify the ttl of dns records via a320089a248 testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh: verify test results ($failed) via 350fe63a192 testprogs/blackbox/test_special_group.sh: verify test results ($failed) via ca3fbde2c8d testprogs/blackbox/test_net_ads_dns.sh: verify test results ($failed) via 74dbfc4da6d testprogs: net ads dns: do not increase the $failed counter in "net ads dns" when test is OK via cc3696f51d1 testprogs: remove used records in "net ads dns" tests via 8f53f32bfff testprogs: use more unique names in "net ads dns" tests via 80d58ead5e1 testprogs: remove only used dns records in "net ads dns" tests via 9fa659cc1fd testprogs: use uniqe names in "net ads dns" tests to avoid conflicts via 582621109b5 testprogs: adapt return values of testit_expect_failure_grep and testit_grep_count to function description via 1b2627fc705 testprogs: net ads dns tests: remove test user after usage. via 5e62d580f45 testprogs: fix some "net ads dns" tests from c28f61b6bbd Add a git-blame-ignore-revs file
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit e3cfb99d2864ba288a152a2b4ff35fc9ec65fead Author: Björn Baumbach <b...@sernet.de> Date: Thu Feb 16 19:20:14 2023 +0100 net: add hint which options can be used with net ads dns register command Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Björn Baumbach <b...@sernet.de> Autobuild-Date(master): Fri Mar 3 12:52:00 UTC 2023 on atb-devel-224 commit 529ef99d7c546de5a655de83a87b6de98459cc07 Author: Björn Baumbach <b...@sernet.de> Date: Tue Feb 21 18:00:41 2023 +0100 testprogs: add test for new net ads dns register --dns-ttl option Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 0ea2784906241468dc5b01f0b452dd8821cd1a2f Author: Björn Baumbach <b...@sernet.de> Date: Thu Feb 23 17:09:22 2023 +0100 docs: documentation for new net --dns-ttl option Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 36ed126f4c3d91ba3154bd78c8becff9a15a4769 Author: Björn Baumbach <b...@sernet.de> Date: Thu Feb 16 18:36:37 2023 +0100 net: add new --dns-ttl option to specify the ttl of dns records Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a320089a248fe307fb29d92436c72e24917e9f90 Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 22 19:29:02 2023 +0000 testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh: verify test results ($failed) Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 350fe63a192c33944a2891ebd873bbc55442ea3d Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 22 19:28:26 2023 +0000 testprogs/blackbox/test_special_group.sh: verify test results ($failed) Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit ca3fbde2c8d7ab78e02776c6e196d8294278b199 Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 22 19:26:34 2023 +0000 testprogs/blackbox/test_net_ads_dns.sh: verify test results ($failed) Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 74dbfc4da6d8693ea3a1b1ac174dba83151cff7a Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 22 19:20:51 2023 +0000 testprogs: net ads dns: do not increase the $failed counter in "net ads dns" when test is OK Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit cc3696f51d10796841ffd26aea5fae7e3154b803 Author: Björn Baumbach <b...@sernet.de> Date: Fri Feb 24 16:52:05 2023 +0100 testprogs: remove used records in "net ads dns" tests Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 8f53f32bffff61c35cbd06b9e74408e680fb6abb Author: Björn Baumbach <b...@sernet.de> Date: Fri Feb 24 16:27:17 2023 +0100 testprogs: use more unique names in "net ads dns" tests ADMINNAME can be used for records, created by the AD admin MACHINENAME for records, created by the machine (-P) UNPRIVNAME for records, created by the unprivileged user Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 80d58ead5e1e23c95cb9da45737f1b7228854efb Author: Björn Baumbach <b...@sernet.de> Date: Fri Feb 24 16:35:02 2023 +0100 testprogs: remove only used dns records in "net ads dns" tests $NAME was not added here in this section, but $UNPRIV. Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9fa659cc1fd8a4ff05ce70923317113571345e4f Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 22 19:15:23 2023 +0000 testprogs: use uniqe names in "net ads dns" tests to avoid conflicts Avoid conflicts when running the same tests multiple times. Reduces the needs to cleanup all objects properly. Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 582621109b5d95f61b76e5381de9f1c546cea698 Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 22 19:02:38 2023 +0000 testprogs: adapt return values of testit_expect_failure_grep and testit_grep_count to function description Improves logic when calling tests and make use of the $failed counter. Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1b2627fc7051d1ca165be529f545b5e10b82c272 Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 22 15:57:54 2023 +0100 testprogs: net ads dns tests: remove test user after usage. Not required anymore and would produce errors, when the test runs a second time. Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5e62d580f45ed51b10af4d85ede8ec1bbaea0f72 Author: Björn Baumbach <b...@sernet.de> Date: Wed Feb 22 15:22:58 2023 +0100 testprogs: fix some "net ads dns" tests Use testit_grep_count instead of greping the output of testit. Running testit with "| grep" falsifies the test results. Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages/net.8.xml | 13 ++ lib/addns/dns.h | 1 + lib/addns/dnsrecord.c | 13 +- source3/utils/net.c | 7 + source3/utils/net.h | 1 + source3/utils/net_ads.c | 3 +- source3/utils/net_ads_join_dns.c | 6 + source3/utils/net_dns.c | 28 +++- source3/utils/net_dns.h | 7 +- testprogs/blackbox/subunit.sh | 4 +- testprogs/blackbox/test_net_ads_dns.sh | 144 ++++++++++++++++++--- testprogs/blackbox/test_special_group.sh | 2 +- .../blackbox/test_weak_disable_ntlmssp_ldap.sh | 2 +- 13 files changed, 195 insertions(+), 36 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml index 497a8114057..f98b56694d2 100644 --- a/docs-xml/manpages/net.8.xml +++ b/docs-xml/manpages/net.8.xml @@ -59,6 +59,7 @@ <arg choice="opt">-f|--force</arg> <arg choice="opt">--request-timeout seconds</arg> <arg choice="opt">-t|--timeout seconds</arg> + <arg choice="opt">--dns-ttl TTL-IN-SECONDS</arg> <arg choice="opt">-i|--stdin</arg> </cmdsynopsis> </refsynopsisdiv> @@ -389,6 +390,18 @@ directory.</para></listitem> </varlistentry> + <!-- Options for net ads dns register (and ads join) --> + <varlistentry> + <term>--dns-ttl TTL-IN-SECONDS</term> + <listitem><para> + Specify the Time to Live (TTL) of DNS records. + DNS records will be created or updated with the given TTL. + The TTL is specified in seconds. Can be used with "net ads dns + register" and "net ads join". + The default is 3600 seconds. + </para></listitem> + </varlistentry> + &cmdline.common.samba.client; &cmdline.common.connection; &cmdline.common.credentials; diff --git a/lib/addns/dns.h b/lib/addns/dns.h index 685cded966b..1f61d6e5bda 100644 --- a/lib/addns/dns.h +++ b/lib/addns/dns.h @@ -290,6 +290,7 @@ DNS_ERROR dns_create_update_request(TALLOC_CTX *mem_ctx, const char *hostname, const struct sockaddr_storage *ip_addr, size_t num_adds, + uint32_t ttl, struct dns_update_request **preq); /* from dnssock.c */ diff --git a/lib/addns/dnsrecord.c b/lib/addns/dnsrecord.c index e6e205e6832..c1a65956909 100644 --- a/lib/addns/dnsrecord.c +++ b/lib/addns/dnsrecord.c @@ -408,6 +408,7 @@ DNS_ERROR dns_create_update_request(TALLOC_CTX *mem_ctx, const char *hostname, const struct sockaddr_storage *ss_addrs, size_t num_addrs, + uint32_t ttl, struct dns_update_request **preq) { struct dns_update_request *req = NULL; @@ -448,11 +449,19 @@ DNS_ERROR dns_create_update_request(TALLOC_CTX *mem_ctx, switch(ss_addrs[i].ss_family) { case AF_INET: - err = dns_create_a_record(req, hostname, 3600, &ss_addrs[i], &rec); + err = dns_create_a_record(req, + hostname, + ttl, + &ss_addrs[i], + &rec); break; #ifdef HAVE_IPV6 case AF_INET6: - err = dns_create_aaaa_record(req, hostname, 3600, &ss_addrs[i], &rec); + err = dns_create_aaaa_record(req, + hostname, + ttl, + &ss_addrs[i], + &rec); break; #endif default: diff --git a/source3/utils/net.c b/source3/utils/net.c index 679f04db22b..8272d8c4696 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -1225,6 +1225,13 @@ static struct functable net_func[] = { .arg = &c->opt_follow_symlink, .descrip = "follow symlinks", }, + /* Options for 'net ads dns register' */ + { + .longName = "dns-ttl", + .argInfo = POPT_ARG_INT, + .arg = &c->opt_dns_ttl, + .descrip = "TTL in seconds of DNS records", + }, POPT_COMMON_SAMBA POPT_COMMON_CONNECTION POPT_COMMON_CREDENTIALS diff --git a/source3/utils/net.h b/source3/utils/net.h index e092eef5fdc..b21cf410529 100644 --- a/source3/utils/net.h +++ b/source3/utils/net.h @@ -90,6 +90,7 @@ struct net_context { int opt_continue_on_error; int opt_recursive; int opt_follow_symlink; + int opt_dns_ttl; int opt_have_ip; struct sockaddr_storage opt_dest_ip; diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 4bca90d5c8c..2c5786a6e65 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1892,7 +1892,8 @@ static int net_ads_dns_register(struct net_context *c, int argc, const char **ar if (c->display_usage) { d_printf( "%s\n" - "net ads dns register [hostname [IP [IP...]]]\n" + "net ads dns register [hostname [IP [IP...]]] " + "[--force] [--dns-ttl TTL]\n" " %s\n", _("Usage:"), _("Register hostname with DNS\n")); diff --git a/source3/utils/net_ads_join_dns.c b/source3/utils/net_ads_join_dns.c index 7c98b0ee27f..3437f96ee58 100644 --- a/source3/utils/net_ads_join_dns.c +++ b/source3/utils/net_ads_join_dns.c @@ -56,6 +56,11 @@ static NTSTATUS net_update_dns_internal(struct net_context *c, fstring dns_server; const char *dnsdomain = NULL; char *root_domain = NULL; + uint32_t ttl = 3600; + + if (c->opt_dns_ttl > 0) { + ttl = MIN(c->opt_dns_ttl, UINT32_MAX); + } if ( (dnsdomain = strchr_m( machine_name, '.')) == NULL ) { d_printf(_("No DNS domain configured for %s. " @@ -158,6 +163,7 @@ static NTSTATUS net_update_dns_internal(struct net_context *c, addrs, num_addrs, flags, + ttl, remove_host); if (ERR_DNS_IS_OK(dns_err)) { status = NT_STATUS_OK; diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c index 751a6c120e0..9850ba40299 100644 --- a/source3/utils/net_dns.c +++ b/source3/utils/net_dns.c @@ -30,9 +30,13 @@ *********************************************************************/ DNS_ERROR DoDNSUpdate(char *pszServerName, - const char *pszDomainName, const char *pszHostName, - const struct sockaddr_storage *sslist, size_t num_addrs, - uint32_t flags, bool remove_host) + const char *pszDomainName, + const char *pszHostName, + const struct sockaddr_storage *sslist, + size_t num_addrs, + uint32_t flags, + uint32_t ttl, + bool remove_host) { DNS_ERROR err; struct dns_connection *conn; @@ -91,8 +95,13 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, * First try without signing */ - err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName, - sslist, num_addrs, &req); + err = dns_create_update_request(mem_ctx, + pszDomainName, + pszHostName, + sslist, + num_addrs, + ttl, + &req); if (!ERR_DNS_IS_OK(err)) goto error; err = dns_update_transaction(mem_ctx, conn, req, &resp); @@ -115,8 +124,13 @@ DNS_ERROR DoDNSUpdate(char *pszServerName, gss_ctx_id_t gss_context; char *keyname; - err = dns_create_update_request(mem_ctx, pszDomainName, pszHostName, - sslist, num_addrs, &req); + err = dns_create_update_request(mem_ctx, + pszDomainName, + pszHostName, + sslist, + num_addrs, + ttl, + &req); if (!ERR_DNS_IS_OK(err)) goto error; if (!(keyname = dns_generate_keyname( mem_ctx ))) { diff --git a/source3/utils/net_dns.h b/source3/utils/net_dns.h index f53e9546e23..4569e1c3328 100644 --- a/source3/utils/net_dns.h +++ b/source3/utils/net_dns.h @@ -33,9 +33,12 @@ #include "../lib/addns/dns.h" DNS_ERROR DoDNSUpdate(char *pszServerName, - const char *pszDomainName, const char *pszHostName, + const char *pszDomainName, + const char *pszHostName, const struct sockaddr_storage *sslist, size_t num_addrs, - uint32_t flags, bool remove_host); + uint32_t flags, + uint32_t ttl, + bool remove_host); #endif /* defined(HAVE_KRB5) */ diff --git a/testprogs/blackbox/subunit.sh b/testprogs/blackbox/subunit.sh index 08bbeefd1e2..50eac3af968 100755 --- a/testprogs/blackbox/subunit.sh +++ b/testprogs/blackbox/subunit.sh @@ -146,8 +146,9 @@ testit_grep_count() printf 'GREP: "%s" found "%d" times, expected "%d" in output:\n%s'\ "$grep" "$found" "$num" "$output" | subunit_fail_test "$name" + return 1 fi - return $status + return 0 } testit_expect_failure() @@ -188,6 +189,7 @@ testit_expect_failure_grep() subunit_pass_test "$name" else printf 'GREP: "%s" not found in output:\n%s' "$grep" "$output" | subunit_fail_test "$name" + return 1 fi return 0 } diff --git a/testprogs/blackbox/test_net_ads_dns.sh b/testprogs/blackbox/test_net_ads_dns.sh index 072a4c5c311..8a85913c68a 100755 --- a/testprogs/blackbox/test_net_ads_dns.sh +++ b/testprogs/blackbox/test_net_ads_dns.sh @@ -42,24 +42,50 @@ IPADDRESS=10.1.4.111 IP6ADDRESS=fd00:1a1a::1:5ee:bad:c0de IPADDRMAC=10.1.4.124 UNPRIVIP=10.1.4.130 -NAME=testname -UNPRIVNAME=unprivname -UNPRIVUSER=unprivuser +ADMINNAME=testname.$$ +MACHINENAME=membername.$$ +UNPRIVNAME=unprivname.$$ +UNPRIVUSER=unprivuser.$$ UNPRIVPASS=UnPrivPass1 # These tests check that privileged users can add DNS names and that # unprivileged users cannot do so. echo "Starting ..." -testit "admin user should be able to add a DNS entry $NAME.$REALM $IPADDRESS $IP6ADDRESS" $VALGRIND $net_tool ads dns register $NAME.$REALM $IPADDRESS $IP6ADDRESS -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1) - -testit "We should be able to see the new name $NAME.$REALM $IPADDRESS" dig @$SERVER +short -t a $NAME.$REALM | grep -q $IPADDRESS || failed=$(expr $failed + 1) -testit "We should be able to see the new name $NAME.$REALM $IP6ADDRESS" dig @$SERVER +short -t aaaa $NAME.$REALM | grep -q $IP6ADDRESS || failed=$(expr $failed + 1) - -testit "We should be able to unregister the name $NAME.$REALM" $VALGRIND $net_tool ads dns unregister $NAME.$REALM -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1) - -testit "The name $NAME.$REALM $IPADDRESS should not be there any longer" dig @$SERVER +short -t a $NAME.$REALM | grep -q $IPADDRESS && failed=$(expr $failed + 1) -testit "The name $NAME.$REALM $IP6ADDRESS should not be there any longer" dig @$SERVER +short -t aaaa $NAME.$REALM | grep -q $IP6ADDRESS && failed=$(expr $failed + 1) +testit "admin user should be able to add a DNS entry $ADMINNAME.$REALM $IPADDRESS $IP6ADDRESS" \ + $VALGRIND $net_tool ads dns register $ADMINNAME.$REALM $IPADDRESS $IP6ADDRESS -U$DC_USERNAME%$DC_PASSWORD || + failed=$(expr $failed + 1) + +testit_grep_count \ + "We should be able to see the new name $ADMINNAME.$REALM $IPADDRESS" \ + "$IPADDRESS" \ + 1 \ + dig @$SERVER +short -t a $ADMINNAME.$REALM || + failed=$(expr $failed + 1) +testit_grep_count \ + "We should be able to see the new name $ADMINNAME.$REALM $IP6ADDRESS" \ + "$IP6ADDRESS" \ + 1 \ + dig @$SERVER +short -t aaaa $ADMINNAME.$REALM || + failed=$(expr $failed + 1) + +testit "We should be able to unregister the name $ADMINNAME.$REALM" \ + $VALGRIND $net_tool ads dns unregister $ADMINNAME.$REALM -U$DC_USERNAME%$DC_PASSWORD || + failed=$(expr $failed + 1) + +testit_grep_count \ + "The name $ADMINNAME.$REALM $IPADDRESS should not be there any longer" \ + "$IPADDRESS" \ + 0 \ + dig @$SERVER +short -t a $ADMINNAME.$REALM || + failed=$(expr $failed + 1) + +testit_grep_count \ + "The name $ADMINNAME.$REALM $IP6ADDRESS should not be there any longer" \ + "$IP6ADDRESS" \ + 0 \ + dig @$SERVER +short -t aaaa $ADMINNAME.$REALM || + failed=$(expr $failed + 1) # prime the kpasswd server, see "git blame" for an explanation $VALGRIND $net_tool user add $UNPRIVUSER $UNPRIVPASS -U$DC_USERNAME%$DC_PASSWORD @@ -81,16 +107,92 @@ testit "We should have enabled the account" test $STATUS -eq 0 || failed=$(expr testit "Unprivileged users should be able to add new names" $net_tool ads dns register $UNPRIVNAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=$(expr $failed + 1) # This should work as well -testit "machine account should be able to add a DNS entry net ads dns register membername.$REALM $IPADDRMAC -P " $net_tool ads dns register membername.$REALM $IPADDRMAC -P || failed=$(expr $failed + 1) +testit "machine account should be able to add a DNS entry net ads dns register $MACHINENAME.$REALM $IPADDRMAC -P" \ + $net_tool ads dns register $MACHINENAME.$REALM $IPADDRMAC -P || + failed=$(expr $failed + 1) -testit "We should be able to see the new name membername.$REALM" dig @$SERVER +short -t a membername.$REALM | grep -q $IPADDRMAC || failed=$(expr $failed + 1) +testit_grep_count \ + "We should be able to see the new name $MACHINENAME.$REALM" \ + "$IPADDRMAC" \ + 1 \ + dig @$SERVER +short -t a $MACHINENAME.$REALM || + failed=$(expr $failed + 1) #Unprivileged users should not be able to overwrite other's names -testit_expect_failure "Unprivileged users should not be able to modify existing names" $net_tool ads dns register membername.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS || failed=$(expr $failed + 1) - -testit "We should be able to unregister the name $NAME.$REALM $IPADDRESS" $VALGRIND $net_tool ads dns unregister $NAME.$REALM -P || failed=$(expr $failed + 1) - -testit "The name $NAME.$REALM ($IPADDRESS) should not be there any longer" dig @$SERVER +short -t a $NAME.$REALM | grep -q $IPADDRESS && failed=$(expr $failed + 1) -testit "The name $NAME.$REALM ($IP6ADDRESS) should not be there any longer" dig @$SERVER +short -t aaaa $NAME.$REALM | grep -q $IP6ADDRESS && failed=$(expr $failed + 1) +testit_expect_failure \ + "Unprivileged users should not be able to modify existing names" \ + $net_tool ads dns register $MACHINENAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS && + failed=$(expr $failed + 1) + +testit "We should be able to unregister the name $UNPRIVNAME.$REALM $IPADDRESS" \ + $VALGRIND $net_tool ads dns unregister $UNPRIVNAME.$REALM -U$UNPRIVUSER%$UNPRIVPASS || + failed=$(expr $failed + 1) +testit "We should be able to unregister the name $MACHINENAME.$REALM $IPADDRESS" \ + $VALGRIND $net_tool ads dns unregister $MACHINENAME.$REALM -P || + failed=$(expr $failed + 1) + +# Remove the unprivileged user, which is not required anymore +$VALGRIND $net_tool user delete $UNPRIVUSER -U$DC_USERNAME%$DC_PASSWORD -exit $failed +testit_grep_count \ + "The name $UNPRIVNAME.$REALM ($IPADDRESS) should not be there any longer" \ + "$IPADDRESS" \ + 0 \ + dig @$SERVER +short -t a $UNPRIVNAME.$REALM || + failed=$(expr $failed + 1) +testit_grep_count \ + "The name $UNPRIVNAME.$REALM ($IP6ADDRESS) should not be there any longer" \ + "$IP6ADDRESS" \ + 0 \ + dig @$SERVER +short -t aaaa $UNPRIVNAME.$REALM || + failed=$(expr $failed + 1) +testit_grep_count \ + "The name $MACHINENAME.$REALM ($IPADDRESS) should not be there any longer" \ + "$IPADDRESS" \ + 0 \ + dig @$SERVER +short -t a $MACHINENAME.$REALM || + failed=$(expr $failed + 1) +testit_grep_count \ + "The name $MACHINENAME.$REALM ($IP6ADDRESS) should not be there any longer" \ + "$IP6ADDRESS" \ + 0 \ + dig @$SERVER +short -t aaaa $MACHINENAME.$REALM || + failed=$(expr $failed + 1) + +# Tests with --dns-ttl option +testit "net ads dns register with default TTL" \ + $net_tool ads dns register $MACHINENAME.$REALM $IPADDRMAC -P || + failed=$(expr $failed + 1) +TTL=$(dig @$SERVER.$REALM +noall +ttlid +answer -t A $MACHINENAME.$REALM | + awk '{ print $2 }') +testit "Verify default TTL of 3600 seconds" \ + test "$TTL" = "3600" || + failed=$(expr $failed + 1) + +testit "Update record with TTL of 60 seconds" \ + $net_tool ads dns register --dns-ttl 60 --force $MACHINENAME.$REALM $IPADDRMAC -P || + failed=$(expr $failed + 1) +TTL=$(dig @$SERVER.$REALM +noall +ttlid +answer -t A $MACHINENAME.$REALM | + awk '{ print $2 }') +testit "Verify new TTL of 60 seconds" \ + test "$TTL" = "60" || + failed=$(expr $failed + 1) + +testit "We should be able to unregister the name $MACHINENAME.$REALM $IPADDRESS" \ + $VALGRIND $net_tool ads dns unregister $MACHINENAME.$REALM -P || + failed=$(expr $failed + 1) + +testit_grep_count \ + "The name $MACHINENAME.$REALM ($IPADDRESS) should not be there any longer" \ + "$IPADDRESS" \ + 0 \ + dig @$SERVER.$REALM +short -t A $MACHINENAME.$REALM || + failed=$(expr $failed + 1) +testit_grep_count \ + "The name $MACHINENAME.$REALM ($IP6ADDRESS) should not be there any longer" \ + "$IP6ADDRESS" \ + 0 \ + dig @$SERVER.$REALM +short -t AAAA $MACHINENAME.$REALM || + failed=$(expr $failed + 1) + +testok $0 $failed diff --git a/testprogs/blackbox/test_special_group.sh b/testprogs/blackbox/test_special_group.sh index c587d5be4cf..f0e86985cf6 100755 --- a/testprogs/blackbox/test_special_group.sh +++ b/testprogs/blackbox/test_special_group.sh @@ -55,4 +55,4 @@ testit_expect_failure_grep "add_duplicate_special_group" "Failed to add group.*a cleanup_output_directories -exit $failed +testok $0 $failed diff --git a/testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh b/testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh index efd6c974826..1e619811d48 100755 --- a/testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh +++ b/testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh @@ -38,4 +38,4 @@ testit_expect_failure_grep "net_ads_search.ntlm" "We can't fallback to NTLMSSP, unset GNUTLS_FORCE_FIPS_MODE -exit $failed +testok $0 $failed -- Samba Shared Repository