From 21e76e2379934e55a4e9fc3b9cbea890a8fb535f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 8 Jun 2017 16:20:42 +1200 Subject: [PATCH] selftest: run dns tests in multiple envs This will let us check the negative behaviour: that updates against RODCs fail and un-authenticated updates fail. Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam --- python/samba/tests/dns.py | 154 +++++++++++++++++++++++++------------- selftest/knownfail.d/dns | 55 ++++++++++++++ source4/selftest/tests.py | 2 + 3 files changed, 159 insertions(+), 52 deletions(-) create mode 100644 selftest/knownfail.d/dns diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py index 93a7a7a2b32..43eccddd957 100644 --- a/python/samba/tests/dns.py +++ b/python/samba/tests/dns.py @@ -26,7 +26,7 @@ from samba.tests import TestCase from samba.dcerpc import dns, dnsp, dnsserver from samba.netcmd.dns import TXTRecord, dns_record_match, data_to_dns_record from samba.tests.subunitrun import SubunitOptions, TestProgram -from samba import werror +from samba import werror, WERRORError import samba.getopt as options import optparse @@ -800,57 +800,70 @@ class TestComplexQueries(DNSTest): def setUp(self): super(TestComplexQueries, self).setUp() - name = "cname_test.%s" % self.get_dns_domain() - rdata = "%s.%s" % (self.server, self.get_dns_domain()) - self.make_dns_update(name, rdata, dns.DNS_QTYPE_CNAME) def tearDown(self): super(TestComplexQueries, self).tearDown() - p = self.make_name_packet(dns.DNS_OPCODE_UPDATE) - updates = [] - name = self.get_dns_domain() + def test_one_a_query(self): + "create a query packet containing one query record" - u = self.make_name_question(name, dns.DNS_QTYPE_SOA, dns.DNS_QCLASS_IN) - updates.append(u) - self.finish_name_packet(p, updates) + name = "cname_test.%s" % self.get_dns_domain() + rdata = "%s.%s" % (self.server, self.get_dns_domain()) + self.make_dns_update(name, rdata, dns.DNS_QTYPE_CNAME) - updates = [] - r = dns.res_rec() - r.name = "cname_test.%s" % self.get_dns_domain() - r.rr_type = dns.DNS_QTYPE_CNAME - r.rr_class = dns.DNS_QCLASS_NONE - r.ttl = 0 - r.length = 0xffff - r.rdata = "%s.%s" % (self.server, self.get_dns_domain()) - updates.append(r) - p.nscount = len(updates) - p.nsrecs = updates + try: - response = self.dns_transaction_udp(p) - self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK) + # Create the record + name = "cname_test.%s" % self.get_dns_domain() + rdata = "%s.%s" % (self.server, self.get_dns_domain()) + self.make_dns_update(name, rdata, dns.DNS_QTYPE_CNAME) - def test_one_a_query(self): - "create a query packet containing one query record" - p = self.make_name_packet(dns.DNS_OPCODE_QUERY) - questions = [] + p = self.make_name_packet(dns.DNS_OPCODE_QUERY) + questions = [] - name = "cname_test.%s" % self.get_dns_domain() - q = self.make_name_question(name, dns.DNS_QTYPE_A, dns.DNS_QCLASS_IN) - print "asking for ", q.name - questions.append(q) + # Check the record + name = "cname_test.%s" % self.get_dns_domain() + q = self.make_name_question(name, dns.DNS_QTYPE_A, dns.DNS_QCLASS_IN) + print "asking for ", q.name + questions.append(q) - self.finish_name_packet(p, questions) - response = self.dns_transaction_udp(p) - self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK) - self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY) - self.assertEquals(response.ancount, 2) - self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_CNAME) - self.assertEquals(response.answers[0].rdata, "%s.%s" % - (self.server, self.get_dns_domain())) - self.assertEquals(response.answers[1].rr_type, dns.DNS_QTYPE_A) - self.assertEquals(response.answers[1].rdata, - self.server_ip) + self.finish_name_packet(p, questions) + response = self.dns_transaction_udp(p) + self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK) + self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY) + self.assertEquals(response.ancount, 2) + self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_CNAME) + self.assertEquals(response.answers[0].rdata, "%s.%s" % + (self.server, self.get_dns_domain())) + self.assertEquals(response.answers[1].rr_type, dns.DNS_QTYPE_A) + self.assertEquals(response.answers[1].rdata, + self.server_ip) + + finally: + # Delete the record + p = self.make_name_packet(dns.DNS_OPCODE_UPDATE) + updates = [] + + name = self.get_dns_domain() + + u = self.make_name_question(name, dns.DNS_QTYPE_SOA, dns.DNS_QCLASS_IN) + updates.append(u) + self.finish_name_packet(p, updates) + + updates = [] + r = dns.res_rec() + r.name = "cname_test.%s" % self.get_dns_domain() + r.rr_type = dns.DNS_QTYPE_CNAME + r.rr_class = dns.DNS_QCLASS_NONE + r.ttl = 0 + r.length = 0xffff + r.rdata = "%s.%s" % (self.server, self.get_dns_domain()) + updates.append(r) + p.nscount = len(updates) + p.nsrecs = updates + + response = self.dns_transaction_udp(p) + self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK) def test_cname_two_chain(self): name0 = "cnamechain0.%s" % self.get_dns_domain() @@ -1012,14 +1025,17 @@ class TestZones(DNSTest): zone_create.fAllowUpdate = dnsp.DNS_ZONE_UPDATE_SECURE zone_create.fAging = 0 zone_create.dwDpFlags = dnsserver.DNS_DP_DOMAIN_DEFAULT - self.rpc_conn.DnssrvOperation2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, - 0, - self.server_ip, - None, - 0, - 'ZoneCreate', - dnsserver.DNSSRV_TYPEID_ZONE_CREATE, - zone_create) + try: + self.rpc_conn.DnssrvOperation2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, + 0, + self.server_ip, + None, + 0, + 'ZoneCreate', + dnsserver.DNSSRV_TYPEID_ZONE_CREATE, + zone_create) + except WERRORError as e: + self.fail(str(e)) def delete_zone(self, zone): self.rpc_conn.DnssrvOperation2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, @@ -1080,7 +1096,10 @@ class TestRPCRoundtrip(DNSTest): self.rpc_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, 0, self.server_ip, self.get_dns_domain(), name, add_rec_buf, None) + except WERRORError as e: + self.fail(str(e)) + try: self.check_query_txt(prefix, txt) finally: self.rpc_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, @@ -1132,6 +1151,10 @@ class TestRPCRoundtrip(DNSTest): 0, self.server_ip, self.get_dns_domain(), name, add_rec_buf, None) + except WERRORError as e: + self.fail(str(e)) + + try: self.check_query_txt(prefix, txt) finally: self.rpc_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, @@ -1150,6 +1173,10 @@ class TestRPCRoundtrip(DNSTest): 0, self.server_ip, self.get_dns_domain(), name, add_rec_buf, None) + except WERRORError as e: + self.fail(str(e)) + + try: self.check_query_txt(prefix, txt) finally: self.rpc_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, @@ -1167,7 +1194,10 @@ class TestRPCRoundtrip(DNSTest): self.rpc_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, 0, self.server_ip, self.get_dns_domain(), name, add_rec_buf, None) + except WERRORError as e: + self.fail(str(e)) + try: self.check_query_txt(prefix, txt) finally: self.rpc_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, @@ -1210,7 +1240,11 @@ class TestRPCRoundtrip(DNSTest): 0, self.server_ip, self.get_dns_domain(), name, add_rec_buf, None) - self.check_query_txt(prefix, ['NULL']) + except WERRORError as e: + self.fail(str(e)) + + try: + self.check_query_txt(prefix, ['NULL']) finally: self.rpc_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, 0, self.server_ip, self.get_dns_domain(), @@ -1241,7 +1275,11 @@ class TestRPCRoundtrip(DNSTest): 0, self.server_ip, self.get_dns_domain(), name, add_rec_buf, None) - self.check_query_txt(prefix, txt) + except WERRORError as e: + self.fail(str(e)) + + try: + self.check_query_txt(prefix, txt) finally: self.rpc_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, 0, self.server_ip, self.get_dns_domain(), @@ -1275,7 +1313,12 @@ class TestRPCRoundtrip(DNSTest): 0, self.server_ip, self.get_dns_domain(), name, add_rec_buf, None) + except WERRORError as e: + self.fail(str(e)) + + try: self.check_query_txt(prefix, txt) + finally: self.rpc_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, 0, self.server_ip, self.get_dns_domain(), @@ -1311,6 +1354,10 @@ class TestRPCRoundtrip(DNSTest): 0, self.server_ip, self.get_dns_domain(), name, add_rec_buf, None) + except WERRORError as e: + self.fail(str(e)) + + try: self.check_query_txt(prefix, txt) finally: self.rpc_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, @@ -1341,7 +1388,10 @@ class TestRPCRoundtrip(DNSTest): self.rpc_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, 0, self.server_ip, self.get_dns_domain(), name, add_rec_buf, None) + except WERRORError as e: + self.fail(str(e)) + try: self.check_query_txt(prefix, txt) finally: self.rpc_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, diff --git a/selftest/knownfail.d/dns b/selftest/knownfail.d/dns new file mode 100644 index 00000000000..6553c1fffe0 --- /dev/null +++ b/selftest/knownfail.d/dns @@ -0,0 +1,55 @@ +# These tests are expected to fail because we want to ensure that +# unauthenicated updates are not permitted against the default +# configuration, nor against an RODC + +samba.tests.dns.__main__.TestDNSUpdates.test_delete_record\(rodc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_readd_record\(rodc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_update_add_mx_record\(rodc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_update_add_txt_record\(rodc:local\) +samba.tests.dns.__main__.TestInvalidQueries.test_one_a_query\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_empty_txt_records\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_hex_char_txt_record\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_null_char_txt_record\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_null_padded_txt_record\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_slash_txt_record\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_two_txt_records\(rodc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_delete_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_readd_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_update_add_mx_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestDNSUpdates.test_update_add_txt_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestInvalidQueries.test_one_a_query\(vampire_dc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_empty_txt_records\(vampire_dc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_hex_char_txt_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_null_char_txt_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_null_padded_txt_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_slash_txt_record\(vampire_dc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_two_txt_records\(vampire_dc:local\) +samba.tests.dns.__main__.TestComplexQueries.test_cname_two_chain\(rodc:local\) +samba.tests.dns.__main__.TestComplexQueries.test_one_a_query\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_empty_rpc_to_dns\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_hex_rpc_to_dns\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_null_char_rpc_to_dns\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_padding_rpc_to_dns\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_slash_rpc_to_dns\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_two_rpc_to_dns\(rodc:local\) +samba.tests.dns.__main__.TestRPCRoundtrip.test_update_add_txt_rpc_to_dns\(rodc:local\) +samba.tests.dns.__main__.TestZones.test_soa_query\(rodc:local\) +samba.tests.dns.__main__.TestComplexQueries.test_cname_two_chain\(vampire_dc:local\) +samba.tests.dns.__main__.TestComplexQueries.test_one_a_query\(vampire_dc:local\) + +# The SOA override should not pass against the RODC, it must not overstamp +samba.tests.dns.__main__.TestSimpleQueries.test_one_SOA_query\(rodc:local\) + +# The very first DC will have DNS records, but subsequent DCs only get entries into +# the dns_hosts_file in our selftest env +samba.tests.dns.__main__.TestSimpleQueries.test_one_SOA_query\(vampire_dc:local\) +samba.tests.dns.__main__.TestSimpleQueries.test_one_a_query\(vampire_dc:local\) +samba.tests.dns.__main__.TestSimpleQueries.test_one_a_query_tcp\(vampire_dc:local\) +samba.tests.dns.__main__.TestSimpleQueries.test_one_mx_query\(vampire_dc:local\) +samba.tests.dns.__main__.TestSimpleQueries.test_qtype_all_query\(vampire_dc:local\) +samba.tests.dns.__main__.TestSimpleQueries.test_soa_hostname_query\(vampire_dc:local\) +samba.tests.dns.__main__.TestSimpleQueries.test_one_a_query\(rodc:local\) +samba.tests.dns.__main__.TestSimpleQueries.test_one_a_query_tcp\(rodc:local\) +samba.tests.dns.__main__.TestSimpleQueries.test_one_mx_query\(rodc:local\) +samba.tests.dns.__main__.TestSimpleQueries.test_qtype_all_query\(rodc:local\) +samba.tests.dns.__main__.TestSimpleQueries.test_soa_hostname_query\(rodc:local\) diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 7c601c35af4..071660bb418 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -361,6 +361,8 @@ for f in sorted(os.listdir(os.path.join(samba4srcdir, "../pidl/tests"))): # DNS tests plantestsuite_loadlist("samba.tests.dns", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) +plantestsuite_loadlist("samba.tests.dns", "rodc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) +plantestsuite_loadlist("samba.tests.dns", "vampire_dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) plantestsuite_loadlist("samba.tests.dns_forwarder", "fl2003dc:local", [python, os.path.join(srcdir(), "python/samba/tests/dns_forwarder.py"), '$SERVER', '$SERVER_IP', '$DNS_FORWARDER1', '$DNS_FORWARDER2', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) -- 2.47.2