The branch, master has been updated
via e3cfb99d286 net: add hint which options can be used with net ads
dns register command
via 529ef99d7c5 testprogs: add test for new net ads dns register
--dns-ttl option
via 0ea27849062 docs: documentation for new net --dns-ttl option
via 36ed126f4c3 net: add new --dns-ttl option to specify the ttl of dns
records
via a320089a248 testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh:
verify test results ($failed)
via 350fe63a192 testprogs/blackbox/test_special_group.sh: verify test
results ($failed)
via ca3fbde2c8d testprogs/blackbox/test_net_ads_dns.sh: verify test
results ($failed)
via 74dbfc4da6d testprogs: net ads dns: do not increase the $failed
counter in "net ads dns" when test is OK
via cc3696f51d1 testprogs: remove used records in "net ads dns" tests
via 8f53f32bfff testprogs: use more unique names in "net ads dns" tests
via 80d58ead5e1 testprogs: remove only used dns records in "net ads
dns" tests
via 9fa659cc1fd testprogs: use uniqe names in "net ads dns" tests to
avoid conflicts
via 582621109b5 testprogs: adapt return values of
testit_expect_failure_grep and testit_grep_count to function description
via 1b2627fc705 testprogs: net ads dns tests: remove test user after
usage.
via 5e62d580f45 testprogs: fix some "net ads dns" tests
from c28f61b6bbd Add a git-blame-ignore-revs file
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e3cfb99d2864ba288a152a2b4ff35fc9ec65fead
Author: Björn Baumbach <b...@sernet.de>
Date: Thu Feb 16 19:20:14 2023 +0100
net: add hint which options can be used with net ads dns register command
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Björn Baumbach <b...@sernet.de>
Autobuild-Date(master): Fri Mar 3 12:52:00 UTC 2023 on atb-devel-224
commit 529ef99d7c546de5a655de83a87b6de98459cc07
Author: Björn Baumbach <b...@sernet.de>
Date: Tue Feb 21 18:00:41 2023 +0100
testprogs: add test for new net ads dns register --dns-ttl option
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 0ea2784906241468dc5b01f0b452dd8821cd1a2f
Author: Björn Baumbach <b...@sernet.de>
Date: Thu Feb 23 17:09:22 2023 +0100
docs: documentation for new net --dns-ttl option
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 36ed126f4c3d91ba3154bd78c8becff9a15a4769
Author: Björn Baumbach <b...@sernet.de>
Date: Thu Feb 16 18:36:37 2023 +0100
net: add new --dns-ttl option to specify the ttl of dns records
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit a320089a248fe307fb29d92436c72e24917e9f90
Author: Björn Baumbach <b...@sernet.de>
Date: Wed Feb 22 19:29:02 2023 +0000
testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh: verify test results
($failed)
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 350fe63a192c33944a2891ebd873bbc55442ea3d
Author: Björn Baumbach <b...@sernet.de>
Date: Wed Feb 22 19:28:26 2023 +0000
testprogs/blackbox/test_special_group.sh: verify test results ($failed)
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit ca3fbde2c8d7ab78e02776c6e196d8294278b199
Author: Björn Baumbach <b...@sernet.de>
Date: Wed Feb 22 19:26:34 2023 +0000
testprogs/blackbox/test_net_ads_dns.sh: verify test results ($failed)
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 74dbfc4da6d8693ea3a1b1ac174dba83151cff7a
Author: Björn Baumbach <b...@sernet.de>
Date: Wed Feb 22 19:20:51 2023 +0000
testprogs: net ads dns: do not increase the $failed counter in "net ads
dns" when test is OK
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit cc3696f51d10796841ffd26aea5fae7e3154b803
Author: Björn Baumbach <b...@sernet.de>
Date: Fri Feb 24 16:52:05 2023 +0100
testprogs: remove used records in "net ads dns" tests
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 8f53f32bffff61c35cbd06b9e74408e680fb6abb
Author: Björn Baumbach <b...@sernet.de>
Date: Fri Feb 24 16:27:17 2023 +0100
testprogs: use more unique names in "net ads dns" tests
ADMINNAME can be used for records, created by the AD admin
MACHINENAME for records, created by the machine (-P)
UNPRIVNAME for records, created by the unprivileged user
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 80d58ead5e1e23c95cb9da45737f1b7228854efb
Author: Björn Baumbach <b...@sernet.de>
Date: Fri Feb 24 16:35:02 2023 +0100
testprogs: remove only used dns records in "net ads dns" tests
$NAME was not added here in this section, but $UNPRIV.
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 9fa659cc1fd8a4ff05ce70923317113571345e4f
Author: Björn Baumbach <b...@sernet.de>
Date: Wed Feb 22 19:15:23 2023 +0000
testprogs: use uniqe names in "net ads dns" tests to avoid conflicts
Avoid conflicts when running the same tests multiple times.
Reduces the needs to cleanup all objects properly.
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 582621109b5d95f61b76e5381de9f1c546cea698
Author: Björn Baumbach <b...@sernet.de>
Date: Wed Feb 22 19:02:38 2023 +0000
testprogs: adapt return values of testit_expect_failure_grep and
testit_grep_count to function description
Improves logic when calling tests and make use of the $failed counter.
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 1b2627fc7051d1ca165be529f545b5e10b82c272
Author: Björn Baumbach <b...@sernet.de>
Date: Wed Feb 22 15:57:54 2023 +0100
testprogs: net ads dns tests: remove test user after usage.
Not required anymore and would produce errors, when the test runs
a second time.
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 5e62d580f45ed51b10af4d85ede8ec1bbaea0f72
Author: Björn Baumbach <b...@sernet.de>
Date: Wed Feb 22 15:22:58 2023 +0100
testprogs: fix some "net ads dns" tests
Use testit_grep_count instead of greping the output of testit.
Running testit with "| grep" falsifies the test results.
Signed-off-by: Björn Baumbach <b...@sernet.de>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/net.8.xml | 13 ++
lib/addns/dns.h | 1 +
lib/addns/dnsrecord.c | 13 +-
source3/utils/net.c | 7 +
source3/utils/net.h | 1 +
source3/utils/net_ads.c | 3 +-
source3/utils/net_ads_join_dns.c | 6 +
source3/utils/net_dns.c | 28 +++-
source3/utils/net_dns.h | 7 +-
testprogs/blackbox/subunit.sh | 4 +-
testprogs/blackbox/test_net_ads_dns.sh | 144 ++++++++++++++++++---
testprogs/blackbox/test_special_group.sh | 2 +-
.../blackbox/test_weak_disable_ntlmssp_ldap.sh | 2 +-
13 files changed, 195 insertions(+), 36 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 497a8114057..f98b56694d2 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -59,6 +59,7 @@
<arg choice="opt">-f|--force</arg>
<arg choice="opt">--request-timeout seconds</arg>
<arg choice="opt">-t|--timeout seconds</arg>
+ <arg choice="opt">--dns-ttl TTL-IN-SECONDS</arg>
<arg choice="opt">-i|--stdin</arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -389,6 +390,18 @@
directory.</para></listitem>
</varlistentry>
+ <!-- Options for net ads dns register (and ads join) -->
+ <varlistentry>
+ <term>--dns-ttl TTL-IN-SECONDS</term>
+ <listitem><para>
+ Specify the Time to Live (TTL) of DNS records.
+ DNS records will be created or updated with the given TTL.
+ The TTL is specified in seconds. Can be used with "net ads dns
+ register" and "net ads join".
+ The default is 3600 seconds.
+ </para></listitem>
+ </varlistentry>
+
&cmdline.common.samba.client;
&cmdline.common.connection;
&cmdline.common.credentials;
diff --git a/lib/addns/dns.h b/lib/addns/dns.h
index 685cded966b..1f61d6e5bda 100644
--- a/lib/addns/dns.h
+++ b/lib/addns/dns.h
@@ -290,6 +290,7 @@ DNS_ERROR dns_create_update_request(TALLOC_CTX *mem_ctx,
const char *hostname,
const struct sockaddr_storage *ip_addr,
size_t num_adds,
+ uint32_t ttl,
struct dns_update_request **preq);
/* from dnssock.c */
diff --git a/lib/addns/dnsrecord.c b/lib/addns/dnsrecord.c
index e6e205e6832..c1a65956909 100644
--- a/lib/addns/dnsrecord.c
+++ b/lib/addns/dnsrecord.c
@@ -408,6 +408,7 @@ DNS_ERROR dns_create_update_request(TALLOC_CTX *mem_ctx,
const char *hostname,
const struct sockaddr_storage *ss_addrs,
size_t num_addrs,
+ uint32_t ttl,
struct dns_update_request **preq)
{
struct dns_update_request *req = NULL;
@@ -448,11 +449,19 @@ DNS_ERROR dns_create_update_request(TALLOC_CTX *mem_ctx,
switch(ss_addrs[i].ss_family) {
case AF_INET:
- err = dns_create_a_record(req, hostname, 3600,
&ss_addrs[i], &rec);
+ err = dns_create_a_record(req,
+ hostname,
+ ttl,
+ &ss_addrs[i],
+ &rec);
break;
#ifdef HAVE_IPV6
case AF_INET6:
- err = dns_create_aaaa_record(req, hostname, 3600,
&ss_addrs[i], &rec);
+ err = dns_create_aaaa_record(req,
+ hostname,
+ ttl,
+ &ss_addrs[i],
+ &rec);
break;
#endif
default:
diff --git a/source3/utils/net.c b/source3/utils/net.c
index 679f04db22b..8272d8c4696 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -1225,6 +1225,13 @@ static struct functable net_func[] = {
.arg = &c->opt_follow_symlink,
.descrip = "follow symlinks",
},
+ /* Options for 'net ads dns register' */
+ {
+ .longName = "dns-ttl",
+ .argInfo = POPT_ARG_INT,
+ .arg = &c->opt_dns_ttl,
+ .descrip = "TTL in seconds of DNS records",
+ },
POPT_COMMON_SAMBA
POPT_COMMON_CONNECTION
POPT_COMMON_CREDENTIALS
diff --git a/source3/utils/net.h b/source3/utils/net.h
index e092eef5fdc..b21cf410529 100644
--- a/source3/utils/net.h
+++ b/source3/utils/net.h
@@ -90,6 +90,7 @@ struct net_context {
int opt_continue_on_error;
int opt_recursive;
int opt_follow_symlink;
+ int opt_dns_ttl;
int opt_have_ip;
struct sockaddr_storage opt_dest_ip;
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 4bca90d5c8c..2c5786a6e65 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -1892,7 +1892,8 @@ static int net_ads_dns_register(struct net_context *c,
int argc, const char **ar
if (c->display_usage) {
d_printf( "%s\n"
- "net ads dns register [hostname [IP [IP...]]]\n"
+ "net ads dns register [hostname [IP [IP...]]] "
+ "[--force] [--dns-ttl TTL]\n"
" %s\n",
_("Usage:"),
_("Register hostname with DNS\n"));
diff --git a/source3/utils/net_ads_join_dns.c b/source3/utils/net_ads_join_dns.c
index 7c98b0ee27f..3437f96ee58 100644
--- a/source3/utils/net_ads_join_dns.c
+++ b/source3/utils/net_ads_join_dns.c
@@ -56,6 +56,11 @@ static NTSTATUS net_update_dns_internal(struct net_context
*c,
fstring dns_server;
const char *dnsdomain = NULL;
char *root_domain = NULL;
+ uint32_t ttl = 3600;
+
+ if (c->opt_dns_ttl > 0) {
+ ttl = MIN(c->opt_dns_ttl, UINT32_MAX);
+ }
if ( (dnsdomain = strchr_m( machine_name, '.')) == NULL ) {
d_printf(_("No DNS domain configured for %s. "
@@ -158,6 +163,7 @@ static NTSTATUS net_update_dns_internal(struct net_context
*c,
addrs,
num_addrs,
flags,
+ ttl,
remove_host);
if (ERR_DNS_IS_OK(dns_err)) {
status = NT_STATUS_OK;
diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c
index 751a6c120e0..9850ba40299 100644
--- a/source3/utils/net_dns.c
+++ b/source3/utils/net_dns.c
@@ -30,9 +30,13 @@
*********************************************************************/
DNS_ERROR DoDNSUpdate(char *pszServerName,
- const char *pszDomainName, const char *pszHostName,
- const struct sockaddr_storage *sslist, size_t num_addrs,
- uint32_t flags, bool remove_host)
+ const char *pszDomainName,
+ const char *pszHostName,
+ const struct sockaddr_storage *sslist,
+ size_t num_addrs,
+ uint32_t flags,
+ uint32_t ttl,
+ bool remove_host)
{
DNS_ERROR err;
struct dns_connection *conn;
@@ -91,8 +95,13 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
* First try without signing
*/
- err = dns_create_update_request(mem_ctx, pszDomainName,
pszHostName,
- sslist, num_addrs, &req);
+ err = dns_create_update_request(mem_ctx,
+ pszDomainName,
+ pszHostName,
+ sslist,
+ num_addrs,
+ ttl,
+ &req);
if (!ERR_DNS_IS_OK(err)) goto error;
err = dns_update_transaction(mem_ctx, conn, req, &resp);
@@ -115,8 +124,13 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
gss_ctx_id_t gss_context;
char *keyname;
- err = dns_create_update_request(mem_ctx, pszDomainName,
pszHostName,
- sslist, num_addrs, &req);
+ err = dns_create_update_request(mem_ctx,
+ pszDomainName,
+ pszHostName,
+ sslist,
+ num_addrs,
+ ttl,
+ &req);
if (!ERR_DNS_IS_OK(err)) goto error;
if (!(keyname = dns_generate_keyname( mem_ctx ))) {
diff --git a/source3/utils/net_dns.h b/source3/utils/net_dns.h
index f53e9546e23..4569e1c3328 100644
--- a/source3/utils/net_dns.h
+++ b/source3/utils/net_dns.h
@@ -33,9 +33,12 @@
#include "../lib/addns/dns.h"
DNS_ERROR DoDNSUpdate(char *pszServerName,
- const char *pszDomainName, const char *pszHostName,
+ const char *pszDomainName,
+ const char *pszHostName,
const struct sockaddr_storage *sslist,
size_t num_addrs,
- uint32_t flags, bool remove_host);
+ uint32_t flags,
+ uint32_t ttl,
+ bool remove_host);
#endif /* defined(HAVE_KRB5) */
diff --git a/testprogs/blackbox/subunit.sh b/testprogs/blackbox/subunit.sh
index 08bbeefd1e2..50eac3af968 100755
--- a/testprogs/blackbox/subunit.sh
+++ b/testprogs/blackbox/subunit.sh
@@ -146,8 +146,9 @@ testit_grep_count()
printf 'GREP: "%s" found "%d" times, expected "%d" in output:\n%s'\
"$grep" "$found" "$num" "$output" |
subunit_fail_test "$name"
+ return 1
fi
- return $status
+ return 0
}
testit_expect_failure()
@@ -188,6 +189,7 @@ testit_expect_failure_grep()
subunit_pass_test "$name"
else
printf 'GREP: "%s" not found in output:\n%s' "$grep" "$output"
| subunit_fail_test "$name"
+ return 1
fi
return 0
}
diff --git a/testprogs/blackbox/test_net_ads_dns.sh
b/testprogs/blackbox/test_net_ads_dns.sh
index 072a4c5c311..8a85913c68a 100755
--- a/testprogs/blackbox/test_net_ads_dns.sh
+++ b/testprogs/blackbox/test_net_ads_dns.sh
@@ -42,24 +42,50 @@ IPADDRESS=10.1.4.111
IP6ADDRESS=fd00:1a1a::1:5ee:bad:c0de
IPADDRMAC=10.1.4.124
UNPRIVIP=10.1.4.130
-NAME=testname
-UNPRIVNAME=unprivname
-UNPRIVUSER=unprivuser
+ADMINNAME=testname.$$
+MACHINENAME=membername.$$
+UNPRIVNAME=unprivname.$$
+UNPRIVUSER=unprivuser.$$
UNPRIVPASS=UnPrivPass1
# These tests check that privileged users can add DNS names and that
# unprivileged users cannot do so.
echo "Starting ..."
-testit "admin user should be able to add a DNS entry $NAME.$REALM $IPADDRESS
$IP6ADDRESS" $VALGRIND $net_tool ads dns register $NAME.$REALM $IPADDRESS
$IP6ADDRESS -U$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
-
-testit "We should be able to see the new name $NAME.$REALM $IPADDRESS" dig
@$SERVER +short -t a $NAME.$REALM | grep -q $IPADDRESS || failed=$(expr $failed
+ 1)
-testit "We should be able to see the new name $NAME.$REALM $IP6ADDRESS" dig
@$SERVER +short -t aaaa $NAME.$REALM | grep -q $IP6ADDRESS || failed=$(expr
$failed + 1)
-
-testit "We should be able to unregister the name $NAME.$REALM" $VALGRIND
$net_tool ads dns unregister $NAME.$REALM -U$DC_USERNAME%$DC_PASSWORD ||
failed=$(expr $failed + 1)
-
-testit "The name $NAME.$REALM $IPADDRESS should not be there any longer" dig
@$SERVER +short -t a $NAME.$REALM | grep -q $IPADDRESS && failed=$(expr $failed
+ 1)
-testit "The name $NAME.$REALM $IP6ADDRESS should not be there any longer" dig
@$SERVER +short -t aaaa $NAME.$REALM | grep -q $IP6ADDRESS && failed=$(expr
$failed + 1)
+testit "admin user should be able to add a DNS entry $ADMINNAME.$REALM
$IPADDRESS $IP6ADDRESS" \
+ $VALGRIND $net_tool ads dns register $ADMINNAME.$REALM $IPADDRESS
$IP6ADDRESS -U$DC_USERNAME%$DC_PASSWORD ||
+ failed=$(expr $failed + 1)
+
+testit_grep_count \
+ "We should be able to see the new name $ADMINNAME.$REALM $IPADDRESS" \
+ "$IPADDRESS" \
+ 1 \
+ dig @$SERVER +short -t a $ADMINNAME.$REALM ||
+ failed=$(expr $failed + 1)
+testit_grep_count \
+ "We should be able to see the new name $ADMINNAME.$REALM $IP6ADDRESS" \
+ "$IP6ADDRESS" \
+ 1 \
+ dig @$SERVER +short -t aaaa $ADMINNAME.$REALM ||
+ failed=$(expr $failed + 1)
+
+testit "We should be able to unregister the name $ADMINNAME.$REALM" \
+ $VALGRIND $net_tool ads dns unregister $ADMINNAME.$REALM
-U$DC_USERNAME%$DC_PASSWORD ||
+ failed=$(expr $failed + 1)
+
+testit_grep_count \
+ "The name $ADMINNAME.$REALM $IPADDRESS should not be there any longer" \
+ "$IPADDRESS" \
+ 0 \
+ dig @$SERVER +short -t a $ADMINNAME.$REALM ||
+ failed=$(expr $failed + 1)
+
+testit_grep_count \
+ "The name $ADMINNAME.$REALM $IP6ADDRESS should not be there any longer"
\
+ "$IP6ADDRESS" \
+ 0 \
+ dig @$SERVER +short -t aaaa $ADMINNAME.$REALM ||
+ failed=$(expr $failed + 1)
# prime the kpasswd server, see "git blame" for an explanation
$VALGRIND $net_tool user add $UNPRIVUSER $UNPRIVPASS
-U$DC_USERNAME%$DC_PASSWORD
@@ -81,16 +107,92 @@ testit "We should have enabled the account" test $STATUS
-eq 0 || failed=$(expr
testit "Unprivileged users should be able to add new names" $net_tool ads dns
register $UNPRIVNAME.$REALM $UNPRIVIP -U$UNPRIVUSER%$UNPRIVPASS ||
failed=$(expr $failed + 1)
# This should work as well
-testit "machine account should be able to add a DNS entry net ads dns register
membername.$REALM $IPADDRMAC -P " $net_tool ads dns register membername.$REALM
$IPADDRMAC -P || failed=$(expr $failed + 1)
+testit "machine account should be able to add a DNS entry net ads dns register
$MACHINENAME.$REALM $IPADDRMAC -P" \
+ $net_tool ads dns register $MACHINENAME.$REALM $IPADDRMAC -P ||
+ failed=$(expr $failed + 1)
-testit "We should be able to see the new name membername.$REALM" dig @$SERVER
+short -t a membername.$REALM | grep -q $IPADDRMAC || failed=$(expr $failed + 1)
+testit_grep_count \
+ "We should be able to see the new name $MACHINENAME.$REALM" \
+ "$IPADDRMAC" \
+ 1 \
+ dig @$SERVER +short -t a $MACHINENAME.$REALM ||
+ failed=$(expr $failed + 1)
#Unprivileged users should not be able to overwrite other's names
-testit_expect_failure "Unprivileged users should not be able to modify
existing names" $net_tool ads dns register membername.$REALM $UNPRIVIP
-U$UNPRIVUSER%$UNPRIVPASS || failed=$(expr $failed + 1)
-
-testit "We should be able to unregister the name $NAME.$REALM $IPADDRESS"
$VALGRIND $net_tool ads dns unregister $NAME.$REALM -P || failed=$(expr $failed
+ 1)
-
-testit "The name $NAME.$REALM ($IPADDRESS) should not be there any longer" dig
@$SERVER +short -t a $NAME.$REALM | grep -q $IPADDRESS && failed=$(expr $failed
+ 1)
-testit "The name $NAME.$REALM ($IP6ADDRESS) should not be there any longer"
dig @$SERVER +short -t aaaa $NAME.$REALM | grep -q $IP6ADDRESS && failed=$(expr
$failed + 1)
+testit_expect_failure \
+ "Unprivileged users should not be able to modify existing names" \
+ $net_tool ads dns register $MACHINENAME.$REALM $UNPRIVIP
-U$UNPRIVUSER%$UNPRIVPASS &&
+ failed=$(expr $failed + 1)
+
+testit "We should be able to unregister the name $UNPRIVNAME.$REALM
$IPADDRESS" \
+ $VALGRIND $net_tool ads dns unregister $UNPRIVNAME.$REALM
-U$UNPRIVUSER%$UNPRIVPASS ||
+ failed=$(expr $failed + 1)
+testit "We should be able to unregister the name $MACHINENAME.$REALM
$IPADDRESS" \
+ $VALGRIND $net_tool ads dns unregister $MACHINENAME.$REALM -P ||
+ failed=$(expr $failed + 1)
+
+# Remove the unprivileged user, which is not required anymore
+$VALGRIND $net_tool user delete $UNPRIVUSER -U$DC_USERNAME%$DC_PASSWORD
-exit $failed
+testit_grep_count \
+ "The name $UNPRIVNAME.$REALM ($IPADDRESS) should not be there any
longer" \
+ "$IPADDRESS" \
+ 0 \
+ dig @$SERVER +short -t a $UNPRIVNAME.$REALM ||
+ failed=$(expr $failed + 1)
+testit_grep_count \
+ "The name $UNPRIVNAME.$REALM ($IP6ADDRESS) should not be there any
longer" \
+ "$IP6ADDRESS" \
+ 0 \
+ dig @$SERVER +short -t aaaa $UNPRIVNAME.$REALM ||
+ failed=$(expr $failed + 1)
+testit_grep_count \
+ "The name $MACHINENAME.$REALM ($IPADDRESS) should not be there any
longer" \
+ "$IPADDRESS" \
+ 0 \
+ dig @$SERVER +short -t a $MACHINENAME.$REALM ||
+ failed=$(expr $failed + 1)
+testit_grep_count \
+ "The name $MACHINENAME.$REALM ($IP6ADDRESS) should not be there any
longer" \
+ "$IP6ADDRESS" \
+ 0 \
+ dig @$SERVER +short -t aaaa $MACHINENAME.$REALM ||
+ failed=$(expr $failed + 1)
+
+# Tests with --dns-ttl option
+testit "net ads dns register with default TTL" \
+ $net_tool ads dns register $MACHINENAME.$REALM $IPADDRMAC -P ||
+ failed=$(expr $failed + 1)
+TTL=$(dig @$SERVER.$REALM +noall +ttlid +answer -t A $MACHINENAME.$REALM |
+ awk '{ print $2 }')
+testit "Verify default TTL of 3600 seconds" \
+ test "$TTL" = "3600" ||
+ failed=$(expr $failed + 1)
+
+testit "Update record with TTL of 60 seconds" \
+ $net_tool ads dns register --dns-ttl 60 --force $MACHINENAME.$REALM
$IPADDRMAC -P ||
+ failed=$(expr $failed + 1)
+TTL=$(dig @$SERVER.$REALM +noall +ttlid +answer -t A $MACHINENAME.$REALM |
+ awk '{ print $2 }')
+testit "Verify new TTL of 60 seconds" \
+ test "$TTL" = "60" ||
+ failed=$(expr $failed + 1)
+
+testit "We should be able to unregister the name $MACHINENAME.$REALM
$IPADDRESS" \
+ $VALGRIND $net_tool ads dns unregister $MACHINENAME.$REALM -P ||
+ failed=$(expr $failed + 1)
+
+testit_grep_count \
+ "The name $MACHINENAME.$REALM ($IPADDRESS) should not be there any
longer" \
+ "$IPADDRESS" \
+ 0 \
+ dig @$SERVER.$REALM +short -t A $MACHINENAME.$REALM ||
+ failed=$(expr $failed + 1)
+testit_grep_count \
+ "The name $MACHINENAME.$REALM ($IP6ADDRESS) should not be there any
longer" \
+ "$IP6ADDRESS" \
+ 0 \
+ dig @$SERVER.$REALM +short -t AAAA $MACHINENAME.$REALM ||
+ failed=$(expr $failed + 1)
+
+testok $0 $failed
diff --git a/testprogs/blackbox/test_special_group.sh
b/testprogs/blackbox/test_special_group.sh
index c587d5be4cf..f0e86985cf6 100755
--- a/testprogs/blackbox/test_special_group.sh
+++ b/testprogs/blackbox/test_special_group.sh
@@ -55,4 +55,4 @@ testit_expect_failure_grep "add_duplicate_special_group"
"Failed to add group.*a
cleanup_output_directories
-exit $failed
+testok $0 $failed
diff --git a/testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh
b/testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh
index efd6c974826..1e619811d48 100755
--- a/testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh
+++ b/testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh
@@ -38,4 +38,4 @@ testit_expect_failure_grep "net_ads_search.ntlm" "We can't
fallback to NTLMSSP,
unset GNUTLS_FORCE_FIPS_MODE
-exit $failed
+testok $0 $failed
--
Samba Shared Repository
