diff options
| -rwxr-xr-x | selftest/target/Samba4.pm | 22 | ||||
| -rwxr-xr-x | source4/selftest/tests.py | 4 |
2 files changed, 24 insertions, 2 deletions
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index cdbbea4c7b..91db4f87bd 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -821,6 +821,18 @@ sub provision_raw_step2($$$) return undef; } + my $ldbmodify = Samba::bindir_path($self, "ldbmodify"); + my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm})); + my $user_dn = "cn=testallowed,cn=users,$base_dn"; + open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb"); + print LDIF "dn: $user_dn +changetype: modify +replace: userPrincipalName +userPrincipalName: testallowed_upn\@$ctx->{realm} +- +"; + close(LDIF); + $samba_tool_cmd = Samba::bindir_path($self, "samba-tool") . " user add --configfile=$ctx->{smb_conf} testdenied $ctx->{password}"; unless (system($samba_tool_cmd) == 0) { @@ -828,6 +840,16 @@ sub provision_raw_step2($$$) return undef; } + my $user_dn = "cn=testdenied,cn=users,$base_dn"; + open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb"); + print LDIF "dn: $user_dn +changetype: modify +replace: userPrincipalName +userPrincipalName: testdenied_upn\@$ctx->{realm}.upn +- +"; + close(LDIF); + $samba_tool_cmd = Samba::bindir_path($self, "samba-tool") . " group addmembers --configfile=$ctx->{smb_conf} 'Allowed RODC Password Replication Group' testallowed"; unless (system($samba_tool_cmd) == 0) { diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index ec202b4881..09486fa961 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -556,7 +556,7 @@ for env in ["dc", "rodc", "promoted_dc", "plugin_s4_dc", "fl2000dc", "fl2003dc", plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'] + extra_options, "samba4.krb5.kdc with specified account") - plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestdenied%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'] + extra_options, + plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestdenied%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM', '--option=torture:krb5-upn=testdenied_upn@$REALM.upn'] + extra_options, "samba4.krb5.kdc with account DENIED permission to replicate to an RODC") # These last two tests are for users cached at the RODC @@ -567,7 +567,7 @@ for env in ["dc", "rodc", "promoted_dc", "plugin_s4_dc", "fl2000dc", "fl2003dc", plansmbtorture4testsuite('krb5.kdc', "%s:local" % env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-P', '--workgroup=$DOMAIN', '--realm=$REALM'] + extra_options, "samba4.krb5.kdc with machine account") - plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestallowed%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM'] + extra_options, + plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '-Utestallowed%$PASSWORD', '--workgroup=$DOMAIN', '--realm=$REALM', '--option=torture:krb5-upn=testallowed_upn@$REALM'] + extra_options, "samba4.krb5.kdc with account ALLOWED permission to replicate to an RODC") # TODO: Verifying the databases really should be a part of the |