The branch, master has been updated via 38e4396 torture: Ensure that GSSAPI and SPNEGO packets are accepted by dlz_bind9 via 16b26ea selftest: Add a basic test of samba_upgradedns via 013c499 selftest: Start internal DNS server on domain provisioned for BIND9_DLZ via e281037 selftest: Test creation of the dns-SERVER account during selftest via d19c437 scripting/samba_upgradedns: Tighten up exception and attribute list handling via b106d90 scripting/join.py: Handle creating the dns-NAME account during a DC join from bdab6f9 Optimization. Don't do the retry logic if sitename_fetch() returned NULL, we already did a NULL query.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 38e43961c01f6f491b069e7106fe2a2ec80bd840 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Dec 28 21:00:28 2012 +1100 torture: Ensure that GSSAPI and SPNEGO packets are accepted by dlz_bind9 This exercises some more of the dlz_bind9 code outside BIND, by sending in a ticket to be access checked, wrapped either in SPNEGO or just in GSSAPI. Andrew Bartlett Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Wed Sep 4 11:25:10 CEST 2013 on sn-devel-104 commit 16b26eafa75280e576333975cff5dd1505c118fa Author: Andrew Bartlett <abart...@samba.org> Date: Fri Dec 28 10:06:39 2012 +1100 selftest: Add a basic test of samba_upgradedns This does not check that the command runs correctly, but does at least check that the command runs to completion without errors. Andrew Bartlett Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 013c4990c6f1412dd25592bf177ceffab4b5d16d Author: Andrew Bartlett <abart...@samba.org> Date: Fri Dec 28 09:25:11 2012 +1100 selftest: Start internal DNS server on domain provisioned for BIND9_DLZ This shows that the internal server can use the dns-SERVER account. Andrew Bartlett Reviewed-by: Stefan Metzmacher <me...@samba.org> Signed-off-by: Andrew Bartlett <abart...@samba.org> commit e281037c9bfa68ca3dc564ec7a36e5c790024902 Author: Andrew Bartlett <abart...@samba.org> Date: Wed Dec 26 10:03:47 2012 +1100 selftest: Test creation of the dns-SERVER account during selftest We do this by having the samba-tool domain dcpromo for promoted_vampire_dc also create a dns-SERVER account. Andrew Bartlett Reviewed-by: Stefan Metzmacher <me...@samba.org> Signed-off-by: Andrew Bartlett <abart...@samba.org> commit d19c437a36b26e71c24bc25e672d714e21ba50bd Author: Andrew Bartlett <abart...@samba.org> Date: Mon Dec 24 09:12:04 2012 +1100 scripting/samba_upgradedns: Tighten up exception and attribute list handling This avoids asking for attributes that will not be used, and looks only for the expected exceptions, rather than all exceptions. Andrew Bartlett Reviewed-by: Stefan Metzmacher <me...@samba.org> Signed-off-by: Andrew Bartlett <abart...@samba.org> commit b106d9090e8f8f44f02059d2ced3d10066787060 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Dec 24 08:56:50 2012 +1100 scripting/join.py: Handle creating the dns-NAME account during a DC join This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the domain. Andrew Bartlett Reviewed-by: Stefan Metzmacher <me...@samba.org> Signed-off-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: python/samba/join.py | 73 +++++++++++++++++++++++-- python/samba/provision/sambadns.py | 11 +++- selftest/target/Samba4.pm | 4 +- source4/scripting/bin/samba_upgradedns | 30 +++++++---- source4/selftest/tests.py | 3 +- source4/setup/secrets_dns.ldif | 2 +- source4/torture/dns/dlz_bind9.c | 78 +++++++++++++++++++++++++++ source4/torture/winbind/winbind.c | 1 + testprogs/blackbox/test_samba_upgradedns.sh | 37 +++++++++++++ 9 files changed, 218 insertions(+), 21 deletions(-) create mode 100755 testprogs/blackbox/test_samba_upgradedns.sh Changeset truncated at 500 lines: diff --git a/python/samba/join.py b/python/samba/join.py index c55c22c..b2f4da4 100644 --- a/python/samba/join.py +++ b/python/samba/join.py @@ -26,9 +26,12 @@ from samba.ndr import ndr_pack from samba.dcerpc import security, drsuapi, misc, nbt, lsa, drsblobs from samba.credentials import Credentials, DONT_USE_KERBEROS from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN +from samba.provision.common import setup_path from samba.schema import Schema from samba.net import Net from samba.provision.sambadns import setup_bind9_dns +from samba import read_and_sub_file +from base64 import b64encode import logging import talloc import random @@ -179,6 +182,19 @@ class dc_join(object): attrs=["msDS-krbTgtLink"]) if res: ctx.del_noerror(res[0].dn, recursive=True) + + res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(), + expression='(&(sAMAccountName=%s)(servicePrincipalName=%s))' % (ldb.binary_encode("dns-%s" % ctx.myname), ldb.binary_encode("dns/%s" % ctx.dnshostname)), + attrs=[]) + if res: + ctx.del_noerror(res[0].dn, recursive=True) + + res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(), + expression='(sAMAccountName=%s)' % ldb.binary_encode("dns-%s" % ctx.myname), + attrs=[]) + if res: + raise RuntimeError("Not removing account %s which looks like a Samba DNS service account but does not have servicePrincipalName=%s" % (ldb.binary_encode("dns-%s" % ctx.myname), ldb.binary_encode("dns/%s" % ctx.dnshostname))) + if ctx.connection_dn is not None: ctx.del_noerror(ctx.connection_dn) if ctx.krbtgt_dn is not None: @@ -579,6 +595,56 @@ class dc_join(object): "userAccountControl") ctx.samdb.modify(m) + if ctx.dns_backend.startswith("BIND9_"): + ctx.dnspass = samba.generate_random_password(128, 255) + + recs = ctx.samdb.parse_ldif(read_and_sub_file(setup_path("provision_dns_add_samba.ldif"), + {"DNSDOMAIN": ctx.dnsdomain, + "DOMAINDN": ctx.base_dn, + "HOSTNAME" : ctx.myname, + "DNSPASS_B64": b64encode(ctx.dnspass), + "DNSNAME" : ctx.dnshostname})) + for changetype, msg in recs: + assert changetype == ldb.CHANGETYPE_NONE + print "Adding DNS account %s with dns/ SPN" % msg["dn"] + + # Remove dns password (we will set it as a modify, as we can't do clearTextPassword over LDAP) + del msg["clearTextPassword"] + # Remove isCriticalSystemObject for similar reasons, it cannot be set over LDAP + del msg["isCriticalSystemObject"] + try: + ctx.samdb.add(msg) + dns_acct_dn = msg["dn"] + except ldb.LdbError, (num, _): + if num != ldb.ERR_ENTRY_ALREADY_EXISTS: + raise + + # The account password set operation should normally be done over + # LDAP. Windows 2000 DCs however allow this only with SSL + # connections which are hard to set up and otherwise refuse with + # ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet + # over SAMR. + print "Setting account password for %s" % ctx.samname + try: + ctx.samdb.setpassword("(&(objectClass=user)(samAccountName=dns-%s))" + % ldb.binary_encode(ctx.myname), + ctx.dnspass, + force_change_at_next_login=False, + username=ctx.samname) + except ldb.LdbError, (num, _): + if num != ldb.ERR_UNWILLING_TO_PERFORM: + pass + ctx.net.set_password(account_name="dns-" % ctx.myname, + domain_name=ctx.domain_name, + newpassword=ctx.dnspass) + + res = ctx.samdb.search(base=dns_acct_dn, scope=ldb.SCOPE_BASE, + attrs=["msDS-KeyVersionNumber"]) + if "msDS-KeyVersionNumber" in res[0]: + ctx.dns_key_version_number = int(res[0]["msDS-KeyVersionNumber"][0]) + else: + ctx.dns_key_version_number = None + def join_add_objects2(ctx): """add the various objects needed for the join, for subdomains post replication""" @@ -861,13 +927,12 @@ class dc_join(object): key_version_number=ctx.key_version_number) if ctx.dns_backend.startswith("BIND9_"): - dnspass = samba.generate_random_password(128, 255) - setup_bind9_dns(ctx.local_samdb, secrets_ldb, security.dom_sid(ctx.domsid), ctx.names, ctx.paths, ctx.lp, logger, dns_backend=ctx.dns_backend, - dnspass=dnspass, os_level=ctx.behavior_version, - targetdir=ctx.targetdir) + dnspass=ctx.dnspass, os_level=ctx.behavior_version, + targetdir=ctx.targetdir, + key_version_number=ctx.dns_key_version_number) def join_setup_trusts(ctx): """provision the local SAM.""" diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py index a5a45cf..4acc24b 100644 --- a/python/samba/provision/sambadns.py +++ b/python/samba/provision/sambadns.py @@ -620,7 +620,7 @@ def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname, def secretsdb_setup_dns(secretsdb, names, private_dir, realm, - dnsdomain, dns_keytab_path, dnspass): + dnsdomain, dns_keytab_path, dnspass, key_version_number): """Add DNS specific bits to a secrets database. :param secretsdb: Ldb Handle to the secrets database @@ -632,11 +632,15 @@ def secretsdb_setup_dns(secretsdb, names, private_dir, realm, except OSError: pass + if key_version_number is None: + key_version_number = 1 + setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), { "REALM": realm, "DNSDOMAIN": dnsdomain, "DNS_KEYTAB": dns_keytab_path, "DNSPASS_B64": b64encode(dnspass), + "KEY_VERSION_NUMBER": str(key_version_number), "HOSTNAME": names.hostname, "DNSNAME" : '%s.%s' % ( names.netbiosname.lower(), names.dnsdomain.lower()) @@ -1074,7 +1078,7 @@ def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, def setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, dns_backend, os_level, site=None, dnspass=None, hostip=None, - hostip6=None, targetdir=None): + hostip6=None, targetdir=None, key_version_number=None): """Provision DNS information (assuming BIND9 backend in DC role) :param samdb: LDB object connected to sam.ldb file @@ -1107,7 +1111,8 @@ def setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, secretsdb_setup_dns(secretsdb, names, paths.private_dir, realm=names.realm, dnsdomain=names.dnsdomain, - dns_keytab_path=paths.dns_keytab, dnspass=dnspass) + dns_keytab_path=paths.dns_keytab, dnspass=dnspass, + key_version_number=key_version_number) create_dns_dir(logger, paths) diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index e574b48..37f7102 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -1069,7 +1069,7 @@ sub provision_promoted_dc($$$) $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; $cmd .= "$samba_tool domain dcpromo $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}"; $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}"; - $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs"; + $cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs --dns-backend=BIND9_DLZ"; unless (system($cmd) == 0) { warn("Join failed\n$cmd"); @@ -1520,7 +1520,7 @@ sub provision_chgdcpass($$) "chgdcpassword.samba.example.com", "2008", "chgDCpass1", - undef, "server services = -dns", "", + undef, "", "", $extra_provision_options); return undef unless(defined $ret); diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns index b7af98c..6b208c9 100755 --- a/source4/scripting/bin/samba_upgradedns +++ b/source4/scripting/bin/samba_upgradedns @@ -284,7 +284,7 @@ if __name__ == '__main__': expression='(sAMAccountName=DnsAdmins)', attrs=['objectSid']) dnsadmins_sid = ndr_unpack(security.dom_sid, msg[0]['objectSid'][0]) - except Exception, e: + except IndexError: logger.info("Adding DNS accounts") add_dns_accounts(ldbs.sam, domaindn) dnsadmins_sid = get_dnsadmins_sid(ldbs.sam, domaindn) @@ -314,7 +314,7 @@ if __name__ == '__main__': msg = ldbs.sam.search(base=names.configdn, scope=ldb.SCOPE_DEFAULT, expression=expression, attrs=['nCName']) ncname = msg[0]['nCName'][0] - except Exception, e: + except IndexError: logger.info("Creating DNS partitions") logger.info("Looking up IPv4 addresses") @@ -415,16 +415,17 @@ if __name__ == '__main__': dn = 'samAccountName=dns-%s,CN=Principals' % hostname msg = ldbs.secrets.search(expression='(dn=%s)' % dn, attrs=['secret']) dnssecret = msg[0]['secret'][0] - except Exception: + except IndexError: + logger.info("Adding dns-%s account" % hostname) try: msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT, expression='(sAMAccountName=dns-%s)' % (hostname), - attrs=['clearTextPassword']) + attrs=[]) dn = msg[0].dn ldbs.sam.delete(dn) - except Exception: + except IndexError: pass dnspass = samba.generate_random_password(128, 255) @@ -436,10 +437,19 @@ if __name__ == '__main__': "DNSNAME" : dnsname } ) + res = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT, + expression='(sAMAccountName=dns-%s)' % (hostname), + attrs=["msDS-KeyVersionNumber"]) + if "msDS-KeyVersionNumber" in res[0]: + dns_key_version_number = int(res[0]["msDS-KeyVersionNumber"][0]) + else: + dns_key_version_number = None + secretsdb_setup_dns(ldbs.secrets, names, paths.private_dir, realm=names.realm, dnsdomain=names.dnsdomain, - dns_keytab_path=paths.dns_keytab, dnspass=dnspass) + dns_keytab_path=paths.dns_keytab, dnspass=dnspass, + key_version_number=dns_key_version_number) else: logger.info("dns-%s account already exists" % hostname) @@ -463,9 +473,9 @@ if __name__ == '__main__': # Check if dns-HOSTNAME account exists and delete it if required try: dn_str = 'samAccountName=dns-%s,CN=Principals' % hostname - msg = ldbs.secrets.search(expression='(dn=%s)' % dn_str, attrs=['secret']) + msg = ldbs.secrets.search(expression='(dn=%s)' % dn_str, attrs=[]) dn = msg[0].dn - except Exception: + except IndexError: dn = None if dn is not None: @@ -477,9 +487,9 @@ if __name__ == '__main__': try: msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT, expression='(sAMAccountName=dns-%s)' % (hostname), - attrs=['clearTextPassword']) + attrs=[]) dn = msg[0].dn - except Exception: + except IndexError: dn = None if dn is not None: diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 10b8a25..e738d1d 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -283,7 +283,7 @@ for t in smbtorture4_testsuites("dns_internal."): # Local tests for t in smbtorture4_testsuites("dlz_bind9."): #The dlz_bind9 tests needs to look at the DNS database - plansmbtorture4testsuite(t, "chgdcpass:local", "ncalrpc:localhost") + plansmbtorture4testsuite(t, "chgdcpass:local", ["ncalrpc:$SERVER", '-U$USERNAME%$PASSWORD']) planpythontestsuite("s3dc", "samba.tests.libsmb_samba_internal"); @@ -312,6 +312,7 @@ plantestsuite("samba4.blackbox.rfc2307_mapping(dc:local)", "dc:local", [os.path. plantestsuite("samba4.blackbox.wbinfo(dc:local)", "dc:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "dc"]) plantestsuite("samba4.blackbox.wbinfo(s4member:local)", "s4member:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', "s4member"]) plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/chgdcpass', smbclient4]) +plantestsuite("samba4.blackbox.samba_upgradedns(chgdcpass:local)", "chgdcpass:local", [os.path.join(bbdir, "test_samba_upgradedns.sh"), '$SERVER', '$REALM', '$PREFIX', '$SELFTEST_PREFIX/chgdcpass']) plantestsuite_loadlist("samba4.rpc.echo against NetBIOS alias", "dc", [valgrindify(smbtorture4), "$LISTOPT", 'ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD', 'rpc.echo']) # Tests using the "Simple" NTVFS backend diff --git a/source4/setup/secrets_dns.ldif b/source4/setup/secrets_dns.ldif index 67fd66b..192c06d 100644 --- a/source4/setup/secrets_dns.ldif +++ b/source4/setup/secrets_dns.ldif @@ -5,7 +5,7 @@ objectClass: secret objectClass: kerberosSecret realm: ${REALM} servicePrincipalName: DNS/${DNSNAME} -msDS-KeyVersionNumber: 1 +msDS-KeyVersionNumber: ${KEY_VERSION_NUMBER} privateKeytab: ${DNS_KEYTAB} secret:: ${DNSPASS_B64} samAccountName: dns-${HOSTNAME} diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c index 18d65a3..d7d1736 100644 --- a/source4/torture/dns/dlz_bind9.c +++ b/source4/torture/dns/dlz_bind9.c @@ -26,6 +26,9 @@ #include "dsdb/samdb/samdb.h" #include "dsdb/common/util.h" #include "auth/session.h" +#include "auth/gensec/gensec.h" +#include "auth/credentials/credentials.h" +#include "lib/cmdline/popt_common.h" struct torture_context *tctx_static; @@ -121,7 +124,80 @@ static bool test_dlz_bind9_configure(struct torture_context *tctx) return true; } +/* + * Test that a ticket obtained for the DNS service will be accepted on the Samba DLZ side + * + */ +static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech) +{ + NTSTATUS status; + + struct gensec_security *gensec_client_context; + + DATA_BLOB client_to_server, server_to_client; + + void *dbdata; + const char *argv[] = { + "samba_dlz", + "-H", + lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), + NULL + }; + tctx_static = tctx; + torture_assert_int_equal(tctx, dlz_create("samba_dlz", 3, discard_const_p(char *, argv), &dbdata, + "log", dlz_bind9_log_wrapper, + "writeable_zone", dlz_bind9_writeable_zone_hook, NULL), + ISC_R_SUCCESS, + "Failed to create samba_dlz"); + + torture_assert_int_equal(tctx, dlz_configure((void*)tctx, dbdata), + ISC_R_SUCCESS, + "Failed to configure samba_dlz"); + + status = gensec_client_start(tctx, &gensec_client_context, + lpcfg_gensec_settings(tctx, tctx->lp_ctx)); + torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed"); + + status = gensec_set_target_hostname(gensec_client_context, torture_setting_string(tctx, "host", NULL)); + torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed"); + + status = gensec_set_credentials(gensec_client_context, cmdline_credentials); + torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed"); + + status = gensec_start_mech_by_sasl_name(gensec_client_context, mech); + torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed"); + + server_to_client = data_blob(NULL, 0); + + /* Do one step of the client-server update dance */ + status = gensec_update(gensec_client_context, tctx, tctx->ev, server_to_client, &client_to_server); + if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {; + torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed"); + } + + torture_assert_int_equal(tctx, dlz_ssumatch(cli_credentials_get_username(cmdline_credentials), + lpcfg_dnsdomain(tctx->lp_ctx), + "127.0.0.1", "type", "key", + client_to_server.length, + client_to_server.data, + dbdata), + ISC_R_SUCCESS, + "Failed to check key for update rights samba_dlz"); + dlz_destroy(dbdata); + + return true; +} + +static bool test_dlz_bind9_gssapi(struct torture_context *tctx) +{ + return test_dlz_bind9_gensec(tctx, "GSSAPI"); +} + +static bool test_dlz_bind9_spnego(struct torture_context *tctx) +{ + return test_dlz_bind9_gensec(tctx, "GSS-SPNEGO"); +} static struct torture_suite *dlz_bind9_suite(TALLOC_CTX *ctx) { @@ -132,6 +208,8 @@ static struct torture_suite *dlz_bind9_suite(TALLOC_CTX *ctx) torture_suite_add_simple_test(suite, "version", test_dlz_bind9_version); torture_suite_add_simple_test(suite, "create", test_dlz_bind9_create); torture_suite_add_simple_test(suite, "configure", test_dlz_bind9_configure); + torture_suite_add_simple_test(suite, "gssapi", test_dlz_bind9_gssapi); + torture_suite_add_simple_test(suite, "spnego", test_dlz_bind9_spnego); return suite; } diff --git a/source4/torture/winbind/winbind.c b/source4/torture/winbind/winbind.c index 5956834..65382a9 100644 --- a/source4/torture/winbind/winbind.c +++ b/source4/torture/winbind/winbind.c @@ -201,6 +201,7 @@ static bool torture_winbind_pac(struct torture_context *tctx) torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed"); status = gensec_set_target_hostname(gensec_client_context, cli_credentials_get_workstation(cmdline_credentials)); + torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed"); status = gensec_set_credentials(gensec_client_context, cmdline_credentials); torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed"); diff --git a/testprogs/blackbox/test_samba_upgradedns.sh b/testprogs/blackbox/test_samba_upgradedns.sh new file mode 100755 index 0000000..a080f73 --- /dev/null +++ b/testprogs/blackbox/test_samba_upgradedns.sh @@ -0,0 +1,37 @@ +#!/bin/sh +# Blackbox tests for the samba_upgradedns +# Copyright (C) 2006-2007 Jelmer Vernooij <jel...@samba.org> +# Copyright (C) 2006-2012 Andrew Bartlett <abart...@samba.org> + +if [ $# -lt 4 ]; then +cat <<EOF +Usage: test_samba_upgradedns.sh SERVER REALM PREFIX PROVDIR +EOF +exit 1; +fi + +SERVER=$1 +REALM=$2 +PREFIX=$3 +PROVDIR=$4 +shift 4 +failed=0 + +samba4bindir="$BINDIR" +samba4srcdir="$SRCDIR/source4" +samba4kinit="$samba4bindir/samba4kinit" + +. `dirname $0`/subunit.sh + +testit "run samba_upgradedns converting to bind9 DLZ" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=BIND9_DLZ -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1` + +testit "run samba_upgradedns converting to internal" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=SAMBA_INTERNAL -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1` + +testit "run samba_upgradedns converting to internal (2nd time)" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=SAMBA_INTERNAL -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1` + +testit "run samba_upgradedns converting to bind9 DLZ (2nd time)" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=BIND9_DLZ -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1` + +testit "run samba_upgradedns converting to bind9 DLZ (3rd time)" $samba4srcdir/scripting/bin/samba_upgradedns --dns-backend=BIND9_DLZ -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1` + + +exit $failed -- Samba Shared Repository