summaryrefslogtreecommitdiffstats
path: root/source4/setup/tests
diff options
context:
space:
mode:
Diffstat (limited to 'source4/setup/tests')
-rwxr-xr-xsource4/setup/tests/blackbox_group.sh261
-rwxr-xr-xsource4/setup/tests/blackbox_newuser.sh41
-rwxr-xr-xsource4/setup/tests/blackbox_provision.sh108
-rwxr-xr-xsource4/setup/tests/blackbox_s3upgrade.sh99
-rwxr-xr-xsource4/setup/tests/blackbox_setpassword.sh32
-rwxr-xr-xsource4/setup/tests/blackbox_spn.sh31
-rwxr-xr-xsource4/setup/tests/blackbox_start_backup.sh82
-rwxr-xr-xsource4/setup/tests/blackbox_supported_features.sh86
-rwxr-xr-xsource4/setup/tests/blackbox_upgradeprovision.sh87
-rwxr-xr-xsource4/setup/tests/provision_fileperms.sh68
10 files changed, 895 insertions, 0 deletions
diff --git a/source4/setup/tests/blackbox_group.sh b/source4/setup/tests/blackbox_group.sh
new file mode 100755
index 0000000..2f48037
--- /dev/null
+++ b/source4/setup/tests/blackbox_group.sh
@@ -0,0 +1,261 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+ cat <<EOF
+Usage: blackbox_group.sh PREFIX
+EOF
+ exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+rm -rf $PREFIX/simple-dc
+mkdir -p $PREFIX
+testit "simple-dc" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --use-ntvfs
+samba_tool="./bin/samba-tool"
+
+CONFIG="--configfile=$PREFIX/simple-dc/etc/smb.conf"
+
+#creation of two test users
+testit "user add" $PYTHON $samba_tool user create $CONFIG --given-name="User" --surname="Tester" --initial="UT" testuser testp@ssw0Rd
+testit "user add" $PYTHON $samba_tool user create $CONFIG --given-name="User1" --surname="Tester" --initial="UT" testuser1 testp@ssw0Rd
+
+# test samba-tool user getgroups command
+user_getgroups_primary_only()
+{
+ res=$($PYTHON $samba_tool user getgroups $CONFIG testuser)
+
+ primary_group=$(echo $res)
+ echo $primary_group | grep -q "^Domain Users$" || return 1
+}
+testit "user getgroups primary only" user_getgroups_primary_only
+
+#test creation of six different groups
+testit "group add" $PYTHON $samba_tool group add $CONFIG --group-scope='Domain' --group-type='Security' --description='DomainSecurityGroup' --mail-address='dsg@samba.org' --notes='Notes' dsg
+testit "group add" $PYTHON $samba_tool group add $CONFIG --group-scope='Global' --group-type='Security' --description='GlobalSecurityGroup' --mail-address='gsg@samba.org' --notes='Notes' gsg
+testit "group add" $PYTHON $samba_tool group add $CONFIG --group-scope='Universal' --group-type='Security' --description='UniversalSecurityGroup' --mail-address='usg@samba.org' --notes='Notes' usg
+testit "group add" $PYTHON $samba_tool group add $CONFIG --group-scope='Domain' --group-type='Distribution' --description='DomainDistributionGroup' --mail-address='ddg@samba.org' --notes='Notes' ddg
+testit "group add" $PYTHON $samba_tool group add $CONFIG --group-scope='Global' --group-type='Distribution' --description='GlobalDistributionGroup' --mail-address='gdg@samba.org' --notes='Notes' gdg
+testit "group add" $PYTHON $samba_tool group add $CONFIG --group-scope='Universal' --group-type='Distribution' --description='UniversalDistributionGroup' --mail-address='udg@samba.org' --notes='Notes' udg
+
+#test adding test users to all groups by their username
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG dsg testuser,testuser1
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG gsg testuser,testuser1
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG usg testuser,testuser1
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG ddg testuser,testuser1
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG gdg testuser,testuser1
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG udg testuser,testuser1
+
+# test samba-tool user getgroups command
+user_getgroups()
+{
+ groups="dsg gsg usg ddg gdg udg"
+
+ res=$($PYTHON $samba_tool user getgroups $CONFIG testuser)
+ for g in $groups; do
+ echo "$res" | grep -q "^${g}$" || return 1
+ done
+
+ # the users primary group is expected in the first line
+ primary_group=$(echo "$res" | head -1)
+ echo $primary_group | grep -q "^Domain Users$" || return 1
+}
+testit "user getgroups" user_getgroups
+
+# test samba-tool user getgroups --full-dn command
+user_getgroups_full_dn()
+{
+ groups="dsg gsg usg ddg gdg udg"
+
+ res=$($PYTHON $samba_tool user getgroups --full-dn $CONFIG testuser)
+ for g in $groups; do
+ group_dn=$($PYTHON $samba_tool group show $CONFIG $g --attributes=dn)
+ echo "$res" | grep -q "^${group_dn}$" || return 1
+ done
+
+ # the users primary group is expected in the first line
+ primary_group=$(echo "$res" | head -1)
+ group_dn=$($PYTHON $samba_tool group show $CONFIG "Domain Users" --attributes=dn)
+ echo $primary_group | grep -q "^${group_dn}$" || return 1
+}
+testit "user getgroups full-dn" user_getgroups
+
+# test settings a users primary group
+user_getgroups_primary_first()
+{
+ expected_primary_group=$1
+ res=$($PYTHON $samba_tool user getgroups $CONFIG testuser)
+
+ # the users primary group is expected in the first line
+ primary_group=$(echo "$res" | head -1)
+ echo $primary_group | grep -q "^${expected_primary_group}$" || return 1
+}
+testit_expect_failure_grep "user setprimarygroup domain-local" "ERROR: Failed to set primary group 'dsg' for user 'testuser'.*may not set resource group as primary group!" $PYTHON $samba_tool user setprimarygroup $CONFIG testuser dsg
+testit "user setprimarygroup" $PYTHON $samba_tool user setprimarygroup $CONFIG testuser gsg
+testit "user getgroups primary first" user_getgroups_primary_first gsg
+
+# reset group (without testit, because I do not know how to quote the groupname)
+$PYTHON $samba_tool user setprimarygroup $CONFIG testuser 'Domain Users'
+
+#test removing test users from all groups by their username
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG dsg testuser,testuser1
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG gsg testuser,testuser1
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG usg testuser,testuser1
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG ddg testuser,testuser1
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG gdg testuser,testuser1
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG udg testuser,testuser1
+
+# creation of two test contacts
+testit "contact create" $PYTHON $samba_tool contact create $CONFIG --given-name="Con" --surname="Tester" --initial="CT" testcontact
+testit "contact create" $PYTHON $samba_tool contact create $CONFIG --given-name="Con1" --surname="Tester" --initial="CT" testcontact1
+
+# test adding test contacts to all groups by their cn
+testit "group addmembers contact" $PYTHON $samba_tool group addmembers $CONFIG dsg testcontact,testcontact1 --object-types=contact
+testit "group addmembers contact" $PYTHON $samba_tool group addmembers $CONFIG gsg testcontact,testcontact1 --object-types=contact
+testit "group addmembers contact" $PYTHON $samba_tool group addmembers $CONFIG usg testcontact,testcontact1 --object-types=contact
+testit "group addmembers contact" $PYTHON $samba_tool group addmembers $CONFIG ddg testcontact,testcontact1 --object-types=contact
+testit "group addmembers contact" $PYTHON $samba_tool group addmembers $CONFIG gdg testcontact,testcontact1 --object-types=contact
+testit "group addmembers contact" $PYTHON $samba_tool group addmembers $CONFIG udg testcontact,testcontact1 --object-types=contact
+
+# test removing test contacts from all groups by their cn
+testit "group removemembers contact" $PYTHON $samba_tool group removemembers $CONFIG dsg testcontact,testcontact1 --object-types=contact
+testit "group removemembers contact" $PYTHON $samba_tool group removemembers $CONFIG gsg testcontact,testcontact1 --object-types=contact
+testit "group removemembers contact" $PYTHON $samba_tool group removemembers $CONFIG usg testcontact,testcontact1 --object-types=contact
+testit "group removemembers contact" $PYTHON $samba_tool group removemembers $CONFIG ddg testcontact,testcontact1 --object-types=contact
+testit "group removemembers contact" $PYTHON $samba_tool group removemembers $CONFIG gdg testcontact,testcontact1 --object-types=contact
+testit "group removemembers contact" $PYTHON $samba_tool group removemembers $CONFIG udg testcontact,testcontact1 --object-types=contact
+
+# should not find test contact, because --object-types=user is specified
+testit_expect_failure "group addmembers contact failure" $PYTHON $samba_tool group addmembers $CONFIG dsg testcontact --object-types=user
+
+# test add contact with --object-types=all
+testit "group addmembers contact object-type all" $PYTHON $samba_tool group addmembers $CONFIG dsg testcontact --object-types=all
+
+# test listing contacts as group members
+testit_grep "group listmembers contact" "^testcontact" $PYTHON $samba_tool group listmembers $CONFIG dsg
+
+# test listing contacts as group members
+# Make sure that the test contact is listed, because it does not have the
+# accountExpires attribute and can not expire.
+testit_grep "group listmembers contact hide-expired" "^testcontact" $PYTHON $samba_tool group listmembers $CONFIG dsg --hide-expired
+testit_grep "group listmembers contact hide-disabled" "^testcontact" $PYTHON $samba_tool group listmembers $CONFIG dsg --hide-disabled
+
+# test remove contact with --object-types=all
+testit "group removemembers contact object-type all" $PYTHON $samba_tool group removemembers $CONFIG dsg testcontact --object-types=all
+
+# add test contact by DN
+testit "group addmembers contact dn" $PYTHON $samba_tool group addmembers $CONFIG dsg --member-dn=CN=testcontact,DC=foo,DC=example,DC=com
+
+# remove test contact by DN
+testit "group removemembers contact dn" $PYTHON $samba_tool group removemembers $CONFIG dsg --member-dn=CN=testcontact,DC=foo,DC=example,DC=com
+
+# delete test contacts
+testit "contact delete" $PYTHON $samba_tool contact delete $CONFIG testcontact
+testit "contact delete" $PYTHON $samba_tool contact delete $CONFIG testcontact1
+
+# creation of two test contacts with the same name in different OUs
+testit "ou create" $PYTHON $samba_tool ou create $CONFIG OU=tconou1
+testit "ou create" $PYTHON $samba_tool ou create $CONFIG OU=tconou2
+testit "contact create ou" $PYTHON $samba_tool contact create $CONFIG testcontact --ou=OU=tconou1
+testit "contact create ou" $PYTHON $samba_tool contact create $CONFIG testcontact --ou=OU=tconou2
+
+# expect failure here, since there are multiple results for testcontact
+testit_expect_failure "group addmembers contact same name failure" $PYTHON $samba_tool group addmembers $CONFIG dsg testcontact
+
+# add both contacts by DN
+testit "group addmembers contact dn" $PYTHON $samba_tool group addmembers $CONFIG dsg --member-dn=CN=testcontact,OU=tconou1,DC=foo,DC=example,DC=com --member-dn=CN=testcontact,OU=tconou2,DC=foo,DC=example,DC=com
+
+# remove both contacts by DN
+testit "group removemembers contact dn" $PYTHON $samba_tool group removemembers $CONFIG dsg --member-dn=CN=testcontact,OU=tconou1,DC=foo,DC=example,DC=com --member-dn=CN=testcontact,OU=tconou2,DC=foo,DC=example,DC=com
+
+# delete both contacts by DN
+testit "contact delete" $PYTHON $samba_tool contact delete $CONFIG CN=testcontact,OU=tconou1
+testit "contact delete" $PYTHON $samba_tool contact delete $CONFIG CN=testcontact,OU=tconou2
+
+#test adding test users to all groups by their cn
+#testit "group addmembers" $samba_tool group addmembers $CONFIG dsg "User UT. Tester,User1 UT. Tester"
+#testit "group addmembers" $samba_tool group addmembers $CONFIG gsg "User UT. Tester,User1 UT. Tester"
+#testit "group addmembers" $samba_tool group addmembers $CONFIG usg "User UT. Tester,User1 UT. Tester"
+#testit "group addmembers" $samba_tool group addmembers $CONFIG ddg "User UT. Tester,User1 UT. Tester"
+#testit "group addmembers" $samba_tool group addmembers $CONFIG gdg "User UT. Tester,User1 UT. Tester"
+#testit "group addmembers" $samba_tool group addmembers $CONFIG udg "User UT. Tester,User1 UT. Tester"
+
+#test removing test users from all groups by their cn
+#testit "group removemembers" $samba_tool group removemembers $CONFIG dsg "User UT. Tester,User1 UT. Tester"
+#testit "group removemembers" $samba_tool group removemembers $CONFIG gsg "User UT. Tester,User1 UT. Tester"
+#testit "group removemembers" $samba_tool group removemembers $CONFIG usg "User UT. Tester,User1 UT. Tester"
+#testit "group removemembers" $samba_tool group removemembers $CONFIG ddg "User UT. Tester,User1 UT. Tester"
+#testit "group removemembers" $samba_tool group removemembers $CONFIG gdg "User UT. Tester,User1 UT. Tester"
+#testit "group removemembers" $samba_tool group removemembers $CONFIG ugg "User UT. Tester,User1 UT. Tester"
+
+# delete test users
+testit "user delete" $PYTHON $samba_tool user delete $CONFIG testuser
+testit "user delete" $PYTHON $samba_tool user delete $CONFIG testuser1
+
+# creation of two new test users without spaces in cn
+# testit fails when spaces are used in arguments
+testit "user add" $PYTHON $samba_tool user create $CONFIG --given-name="User" --surname="Tester" --initial="UT" --use-username-as-cn testuser testp@ssw0Rd
+testit "user add" $PYTHON $samba_tool user create $CONFIG --given-name="User1" --surname="Tester" --initial="UT" --use-username-as-cn testuser1 testp@ssw0Rd
+
+# test adding test users to all groups by their DN
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG dsg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG dsg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG gsg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG gsg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG usg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG usg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG ddg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG ddg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+
+# add two members by DN and listofmembers in one call
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG gdg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com testuser1
+
+# add two members by DN with one call
+testit "group addmembers" $PYTHON $samba_tool group addmembers $CONFIG udg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+
+# test removing test users from all groups by their DN
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG dsg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG dsg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG gsg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG gsg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG usg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG usg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG ddg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG ddg --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+
+# remove two members by DN and listofmembers in one call
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG gdg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com testuser1
+
+# remove two members by DN with one call
+testit "group removemembers" $PYTHON $samba_tool group removemembers $CONFIG udg --member-dn=CN=testuser,CN=Users,DC=foo,DC=example,DC=com --member-dn=CN=testuser1,CN=Users,DC=foo,DC=example,DC=com
+
+# test --member-base-dn option - expect failure here, due to invalid base
+testit_expect_failure "group addmembers with invalid search member base" $PYTHON $samba_tool group addmembers $CONFIG dsg testcontact --member-base-dn=OU=doesnotexist,DC=foo,DC=example,DC=com
+
+# test --member-base-dn option
+testit "group addmembers with member search base" $PYTHON $samba_tool group addmembers $CONFIG dsg testuser --member-base-dn=CN=Users,DC=foo,DC=example,DC=com
+testit "group removemembers with member search base" $PYTHON $samba_tool group removemembers $CONFIG dsg testuser --member-base-dn=CN=Users,DC=foo,DC=example,DC=com
+
+#test deletion of the groups
+testit "group delete" $PYTHON $samba_tool group delete $CONFIG dsg
+testit "group delete" $PYTHON $samba_tool group delete $CONFIG gsg
+testit "group delete" $PYTHON $samba_tool group delete $CONFIG usg
+testit "group delete" $PYTHON $samba_tool group delete $CONFIG ddg
+testit "group delete" $PYTHON $samba_tool group delete $CONFIG gdg
+testit "group delete" $PYTHON $samba_tool group delete $CONFIG udg
+
+# delete test users
+testit "user delete" $PYTHON $samba_tool user delete $CONFIG testuser
+testit "user delete" $PYTHON $samba_tool user delete $CONFIG testuser1
+
+#test listing of all groups
+testit "group list" $PYTHON $samba_tool group list $CONFIG
+
+#test listing of members of a particular group
+testit "group listmembers" $PYTHON $samba_tool group listmembers $CONFIG Users
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_newuser.sh b/source4/setup/tests/blackbox_newuser.sh
new file mode 100755
index 0000000..84fa603
--- /dev/null
+++ b/source4/setup/tests/blackbox_newuser.sh
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+ cat <<EOF
+Usage: blackbox_newuser.sh PREFIX
+EOF
+ exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+rm -rf $PREFIX/simple-dc
+testit "simple-dc" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --use-ntvfs
+samba_tool="./bin/samba-tool"
+
+CONFIG="--configfile=$PREFIX/simple-dc/etc/smb.conf"
+
+#two test for creating new user
+#newuser account is created with cn=Given Name Initials. Surname
+#newuser1 account is created using cn=username
+testit "user add" $PYTHON $samba_tool user create $CONFIG --given-name="User" --surname="Tester" --initials="T" --profile-path="\\\\myserver\\my\\profile" --script-path="\\\\myserver\\my\\script" --home-directory="\\\\myserver\\my\\homedir" --job-title="Tester" --department="Testing" --company="Samba.org" --description="Description" --mail-address="tester@samba.org" --internet-address="https://www.samba.org" --telephone-number="001122334455" --physical-delivery-office="101" --home-drive="H:" NewUser testp@ssw0Rd
+testit "user add" $PYTHON $samba_tool user create $CONFIG --use-username-as-cn --given-name="User1" --surname="Tester1" --initials="UT1" --profile-path="\\\\myserver\\my\\profile" --script-path="\\\\myserver\\my\\script" --home-directory="\\\\myserver\\my\\homedir" --job-title="Tester" --department="Testing" --company="Samba.org" --description="Description" --mail-address="tester@samba.org" --internet-address="https://www.samba.org" --telephone-number="001122334455" --physical-delivery-office="101" --home-drive="H:" NewUser1 testp@ssw0Rd
+
+# check the enable account script
+testit "enableaccount" $PYTHON $samba_tool user enable $CONFIG NewUser
+testit "enableaccount" $PYTHON $samba_tool user enable $CONFIG NewUser1
+
+# check the enable account script
+testit "setpassword" $PYTHON $samba_tool user setpassword $CONFIG NewUser --newpassword=testp@ssw0Rd2
+testit "setpassword" $PYTHON $samba_tool user setpassword $CONFIG NewUser1 --newpassword=testp@ssw0Rd2
+
+# check the setexpiry script
+testit "noexpiry" $PYTHON $samba_tool user setexpiry $CONFIG NewUser --noexpiry
+testit "noexpiry" $PYTHON $samba_tool user setexpiry $CONFIG NewUser1 --noexpiry
+testit "expiry" $PYTHON $samba_tool user setexpiry $CONFIG NewUser --days=7
+testit "expiry" $PYTHON $samba_tool user setexpiry $CONFIG NewUser1 --days=7
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_provision.sh b/source4/setup/tests/blackbox_provision.sh
new file mode 100755
index 0000000..4e55656
--- /dev/null
+++ b/source4/setup/tests/blackbox_provision.sh
@@ -0,0 +1,108 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+ cat <<EOF
+Usage: blackbox_provision.sh PREFIX
+EOF
+ exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+#Prepare an empty smb.conf to ensure it is overwritten
+rm -rf $PREFIX/simple-default
+mkdir -p $PREFIX/simple-default/etc
+touch $PREFIX/simple-default/etc/smb.conf
+testit "simple-default" $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-default --use-ntvfs
+#And try with just whitespace
+rm -rf $PREFIX/simple-dc
+mkdir -p $PREFIX/simple-dc/etc
+echo " " >$PREFIX/simple-dc/etc/smb.conf
+testit "simple-dc" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --use-ntvfs
+#The rest of these tests are with no smb.conf file present
+
+rm -rf $PREFIX/simple-dc
+testit "simple-dc-guids" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --domain-guid=6054d36d-2bfd-44f1-a9cd-32cfbb06480b --ntds-guid=b838f255-c8aa-4fe8-9402-b7d61ca3bd1b --invocationid=6d4cff9a-2bbf-4b4c-98a2-36242ddb0bd6 --targetdir=$PREFIX/simple-dc --use-ntvfs
+rm -rf $PREFIX/simple-dc-2008r2-schema
+testit "simple-dc-2008r2-schema" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-dc-2008r2-schema --use-ntvfs --base-schema=2008_R2
+rm -rf $PREFIX/simple-dc-2012-schema
+testit "simple-dc-2012-schema" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-dc-2012-schema --use-ntvfs --base-schema=2012
+rm -rf $PREFIX/simple-dc-2012r2-schema
+testit "simple-dc-2012r2-schema" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-dc-2012r2-schema --use-ntvfs --base-schema=2012_R2
+rm -rf $PREFIX/simple-dc-2016-schema
+testit "simple-dc-2016-schema" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-dc-2016-schema --use-ntvfs --base-schema=2016
+rm -rf $PREFIX/simple-dc-2019-schema
+testit "simple-dc-2019-schema" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-dc-2019-schema --use-ntvfs --base-schema=2019
+rm -rf $PREFIX/simple-member
+testit "simple-member" $PYTHON $BINDIR/samba-tool domain provision --server-role="member" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-member --use-ntvfs
+rm -rf $PREFIX/simple-standalone
+testit "simple-standalone" $PYTHON $BINDIR/samba-tool domain provision --server-role="standalone" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-standalone --use-ntvfs
+rm -rf $PREFIX/blank-dc
+testit "blank-dc" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/blank-dc --blank --use-ntvfs
+
+reprovision()
+{
+ $PYTHON $BINDIR/samba-tool domain provision --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/simple-default" --use-ntvfs
+}
+
+testit "reprovision" reprovision
+
+V_2008_R2=47
+V_2012=56
+V_2012_R2=69
+V_2016=87
+V_2019=88
+
+check_baseschema()
+{
+ ldbsearch="ldbsearch"
+ if [ -x "$BINDIR/ldbsearch" ]; then
+ ldbsearch="$BINDIR/ldbsearch"
+ fi
+
+ base=$($ldbsearch -H $PREFIX/$1/private/sam.ldb --scope=base dn)
+ dom=$(echo "$base" | grep "dn: " | cut -d " " -f 2)
+
+ if [ -z "$dom" ]; then
+ echo "Unexpected ldbsearch output: $base"
+ fi
+
+ version=$($ldbsearch -H $PREFIX/$1/private/sam.ldb --scope=base \
+ "objectVersion" -b "CN=SCHEMA,CN=CONFIGURATION,$dom")
+ version_num=$(echo "$version" | grep "objectVersion: " | cut -d " " -f 2)
+
+ if [ "$version_num" -eq "$2" ]; then
+ return 0
+ fi
+
+ echo "Fail: schema version $version_num != $2"
+ return 1
+}
+
+tname="schema version"
+testit "$tname simple-default" check_baseschema simple-default $V_2019
+testit "$tname simple-dc" check_baseschema simple-dc $V_2019
+testit "$tname simple-member" check_baseschema simple-member $V_2019
+testit "$tname simple-standalone" check_baseschema simple-standalone $V_2019
+testit "$tname simple-dc-2008r2-schema" check_baseschema simple-dc-2008r2-schema $V_2008_R2
+testit "$tname simple-dc-2012-schema" check_baseschema simple-dc-2012-schema $V_2012
+testit "$tname simple-dc-2012r2-schema" check_baseschema simple-dc-2012r2-schema $V_2012_R2
+testit "$tname simple-dc-2016-schema" check_baseschema simple-dc-2016-schema $V_2016
+testit "$tname simple-dc-2019-schema" check_baseschema simple-dc-2019-schema $V_2019
+
+rm -rf $PREFIX/simple-default
+rm -rf $PREFIX/simple-dc
+rm -rf $PREFIX/blank-dc
+rm -rf $PREFIX/simple-member
+rm -rf $PREFIX/simple-standalone
+rm -rf $PREFIX/partitions-only-dc
+rm -rf $PREFIX/simple-dc-2008r2-schema
+rm -rf $PREFIX/simple-dc-2012-schema
+rm -rf $PREFIX/simple-dc-2012r2-schema
+rm -rf $PREFIX/simple-dc-2016-schema
+rm -rf $PREFIX/simple-dc-2019-schema
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_s3upgrade.sh b/source4/setup/tests/blackbox_s3upgrade.sh
new file mode 100755
index 0000000..908cb69
--- /dev/null
+++ b/source4/setup/tests/blackbox_s3upgrade.sh
@@ -0,0 +1,99 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+ cat <<EOF
+Usage: blackbox_s3upgrade.sh PREFIX
+EOF
+ exit 1
+fi
+
+PREFIX=$(pwd)"/$1"
+shift 1
+
+samba4bindir="$BINDIR"
+samba_tool="$samba4bindir/samba-tool"
+samba_net="$samba4bindir/net"
+testparm="$samba4bindir/testparm"
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+rm -rf $PREFIX/samba3-upgrade
+mkdir -p $PREFIX/samba3-upgrade
+cp -a $SRCDIR/testdata/samba3 $PREFIX/samba3-upgrade
+
+# Test 1 (s3 member)
+cat - >$PREFIX/samba3-upgrade/samba3/smb1.conf <<EOF
+[global]
+ workgroup = SAMBA
+ security = user
+ netbiosname = S3UPGRADE
+ passdb backend = tdbsam:$PREFIX/samba3-upgrade/samba3/passdb.tdb
+ private dir = $PREFIX/samba3-upgrade/samba3
+ lock directory = $PREFIX/samba3-upgrade/samba3
+ state directory = $PREFIX/samba3-upgrade/samba3
+ cache directory = $PREFIX/samba3-upgrade/samba3
+ pid directory = $PREFIX/samba3-upgrade/samba3
+ usershare path = $PREFIX/samba3-upgrade/samba3
+ ncalrpc dir = $PREFIX/samba3-upgrade/samba3
+
+ debug level = 0
+EOF
+
+testit "samba3-upgrade-member" $PYTHON $samba_tool domain classicupgrade $PREFIX/samba3-upgrade/samba3/smb1.conf --targetdir=$PREFIX/samba3-upgrade/s4_1 --dbdir=$PREFIX/samba3-upgrade/samba3 --use-ntvfs
+testit "samba3-upgrade-member-getlocalsid" $samba_net getlocalsid s3upgrade --configfile=$PREFIX/samba3-upgrade/s4_1/etc/smb.conf
+
+# Test 2 (s3 dc)
+cat - >$PREFIX/samba3-upgrade/samba3/smb2.conf <<EOF
+[global]
+ workgroup = SAMBA
+ netbiosname = S3UPGRADE
+ security = user
+ realm = s3.samba.example.com
+ passdb backend = tdbsam:$PREFIX/samba3-upgrade/samba3/passdb.tdb
+ private dir = $PREFIX/samba3-upgrade/samba3
+ lock directory = $PREFIX/samba3-upgrade/samba3
+ state directory = $PREFIX/samba3-upgrade/samba3
+ cache directory = $PREFIX/samba3-upgrade/samba3
+ pid directory = $PREFIX/samba3-upgrade/samba3
+ usershare path = $PREFIX/samba3-upgrade/samba3
+ ncalrpc dir = $PREFIX/samba3-upgrade/samba3
+ debug level = 0
+ domain logons = yes
+EOF
+
+mv $PREFIX/samba3-upgrade/samba3/wins.dat2 $PREFIX/samba3-upgrade/samba3/wins.dat
+
+# Upgrade NT4-like domains in samba3upgrade
+testit "samba3-upgrade-dc" $PYTHON $samba_tool domain classicupgrade $PREFIX/samba3-upgrade/samba3/smb2.conf --targetdir=$PREFIX/samba3-upgrade/s4_2 --dbdir=$PREFIX/samba3-upgrade/samba3 --use-ntvfs
+testit "samba3-upgrade-dc-getlocalsid" $samba_net getlocalsid samba --configfile=$PREFIX/samba3-upgrade/s4_2/etc/smb.conf
+testit "samba3-upgrade-dc-getdomainsid" $samba_net getdomainsid --configfile=$PREFIX/samba3-upgrade/s4_2/etc/smb.conf
+
+#Run final test without a wins.dat
+rm -f $PREFIX/samba3-upgrade/samba3/wins.dat
+
+# Test 3 (s3 dc using testparm hook)
+cat - >$PREFIX/samba3-upgrade/samba3/smb3.conf <<EOF
+[global]
+ workgroup = SAMBA
+ netbiosname = S3UPGRADE
+ security = user
+ realm = s3.samba.example.com
+ passdb backend = tdbsam:$PREFIX/samba3-upgrade/samba3/passdb.tdb
+ private dir = $PREFIX/samba3-upgrade/samba3
+ lock directory = $PREFIX/samba3-upgrade/samba3
+ state directory = $PREFIX/samba3-upgrade/samba3
+ cache directory = $PREFIX/samba3-upgrade/samba3
+ pid directory = $PREFIX/samba3-upgrade/samba3
+ usershare path = $PREFIX/samba3-upgrade/samba3
+ ncalrpc dir = $PREFIX/samba3-upgrade/samba3
+ debug level = 0
+ domain logons = yes
+EOF
+
+testit "samba3-upgrade-testparm" $PYTHON $samba_tool domain classicupgrade $PREFIX/samba3-upgrade/samba3/smb2.conf --targetdir=$PREFIX/samba3-upgrade/s4_3 --testparm=$testparm --use-ntvfs
+testit "samba3-upgrade-testparm-getlocalsid" $samba_net getlocalsid samba --configfile=$PREFIX/samba3-upgrade/s4_3/etc/smb.conf
+testit "samba3-upgrade-testparm-getdomainsid" $samba_net getdomainsid --configfile=$PREFIX/samba3-upgrade/s4_3/etc/smb.conf
+
+rm -rf $PREFIX/samba3-upgrade
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_setpassword.sh b/source4/setup/tests/blackbox_setpassword.sh
new file mode 100755
index 0000000..4f6fd1e
--- /dev/null
+++ b/source4/setup/tests/blackbox_setpassword.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+ cat <<EOF
+Usage: blackbox_setpassword.sh PREFIX
+EOF
+ exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+samba_tool="./bin/samba-tool"
+
+rm -rf $PREFIX/simple-dc
+mkdir -p $PREFIX/simple-dc
+
+testit "simple-dc" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --use-ntvfs
+
+testit "user add" $PYTHON $samba_tool user create --configfile=$PREFIX/simple-dc/etc/smb.conf testuser testp@ssw0Rd
+
+testit "setpassword" $PYTHON $samba_tool user setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testp@ssw0Rd
+
+testit "setpassword" $PYTHON $samba_tool user setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testp@ssw0Rd --must-change-at-next-login
+
+testit "setpassword" $PYTHON $samba_tool user setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=Täst123 --must-change-at-next-login
+
+testit "passwordsettings" $PYTHON $samba_tool domain passwordsettings set --quiet --configfile=$PREFIX/simple-dc/etc/smb.conf --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default --store-plaintext=on
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_spn.sh b/source4/setup/tests/blackbox_spn.sh
new file mode 100755
index 0000000..b6cfe94
--- /dev/null
+++ b/source4/setup/tests/blackbox_spn.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+ cat <<EOF
+Usage: blackbox_spn.sh PREFIX
+EOF
+ exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+samba_tool="./bin/samba-tool"
+
+CONFIG="--configfile=$PREFIX/etc/smb.conf"
+
+#creation of two test subjects
+testit "addspn" $PYTHON $samba_tool spn add FOO/bar Administrator $CONFIG
+testit "delspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
+testit "readdspn" $PYTHON $samba_tool spn add FOO/bar Administrator $CONFIG
+testit_expect_failure "failexistingspn" $PYTHON $samba_tool spn add FOO/bar Guest $CONFIG
+testit_expect_failure "faildelspnnotgooduser" $PYTHON $samba_tool spn delete FOO/bar krbtgt $CONFIG
+testit "deluserspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
+testit "readd_spn_guest" $PYTHON $samba_tool spn add FOO/bar Guest $CONFIG
+testit "deluserspn_guest" $PYTHON $samba_tool spn delete FOO/bar Guest $CONFIG
+testit_expect_failure "faildelspn" $PYTHON $samba_tool spn delete FOO/bar $CONFIG
+testit_expect_failure "failaddspn" $PYTHON $samba_tool spn add FOO/bar nonexistinguser $CONFIG
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_start_backup.sh b/source4/setup/tests/blackbox_start_backup.sh
new file mode 100755
index 0000000..b380c38
--- /dev/null
+++ b/source4/setup/tests/blackbox_start_backup.sh
@@ -0,0 +1,82 @@
+#!/bin/sh
+
+# Simple test that a DB from a backup file cannot be untarred and started
+# manually (you have to run the samba-tool 'backup restore' command instead).
+
+if [ $# -lt 1 ]; then
+ cat <<EOF
+Usage: $0 PREFIX
+EOF
+ exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+DBPATH=$PREFIX/start-backup
+mkdir -p $DBPATH
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+. "$(dirname ${0})/../../../testprogs/blackbox/common_test_fns.inc"
+
+ldbmodify=$(system_or_builddir_binary ldbmodify "${BINDIR}")
+
+do_provision()
+{
+ $PYTHON $BINDIR/samba-tool domain provision \
+ --domain=FOO --realm=foo.example.com --use-ntvfs \
+ --targetdir=$DBPATH --option="pid directory = $DBPATH"
+}
+
+add_backup_marker()
+{
+ # manually add the backup marker that the backup cmd usually adds
+ ${ldbmodify} \
+ -H tdb://$DBPATH/private/sam.ldb <<EOF
+dn: @SAMBA_DSDB
+changetype: modify
+add: backupDate
+backupDate: who-knows-when
+-
+
+EOF
+}
+
+start_backup()
+{
+ # start samba in interactive mode (if we don't, samba daemonizes and so the
+ # command's exit status is always zero (success), regardless of whether
+ # samba actually starts up or not). However, this means if this assertion
+ # were ever to fail (i.e. samba DOES startup from a backup file), then the
+ # test case would just hang. So we use a max-run-time of 5 secs so that
+ # samba will self-destruct in the bad case (max_runtime_handler() returns
+ # zero/success in this case, which allows us to tell the good case from the
+ # bad case).
+ OPTS="--maximum-runtime=5 -i"
+
+ # redirect logs to stderr (which we'll then redirect to stdout so we can
+ # capture it in a bash variable)
+ OPTS="$OPTS --debug-stdout"
+
+ # start samba and capture the debug output
+ OUTPUT=$($BINDIR/samba --configfile=$DBPATH/etc/smb.conf $OPTS 2>&1)
+ if [ $? -eq 0 ]; then
+ echo "ERROR: Samba should not have started successfully"
+ return 1
+ fi
+
+ # check the reason we're failing is because prime_ldb_databases() is
+ # detecting that this is a backup DB (and not some other reason)
+ echo "$OUTPUT" | grep "failed to start: Database is a backup"
+}
+
+# setup a DB and manually mark it as being a "backup"
+testit "provision" do_provision
+testit "add-backup-marker" add_backup_marker
+
+# check that Samba won't start using this DB (because it's a backup)
+testit "start-samba-backup" start_backup
+
+rm -rf $DBPATH
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_supported_features.sh b/source4/setup/tests/blackbox_supported_features.sh
new file mode 100755
index 0000000..9861fbc
--- /dev/null
+++ b/source4/setup/tests/blackbox_supported_features.sh
@@ -0,0 +1,86 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+ cat <<EOF
+Usage: blackbox_supported_features.sh PREFIX
+EOF
+ exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+DBPATH=$PREFIX/supported-features
+
+mkdir -p $DBPATH
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+ldbmodify="ldbmodify"
+if [ -x "$BINDIR/ldbmodify" ]; then
+ ldbmodify="$BINDIR/ldbmodify"
+fi
+
+ldbdel="ldbdel"
+if [ -x "$BINDIR/ldbdel" ]; then
+ ldbdel="$BINDIR/ldbdel"
+fi
+
+ldbsearch="ldbsearch"
+if [ -x "$BINDIR/ldbsearch" ]; then
+ ldbsearch="$BINDIR/ldbsearch"
+fi
+
+testit "provision" $PYTHON $BINDIR/samba-tool domain provision \
+ --domain=FOO --realm=foo.example.com \
+ --targetdir=$DBPATH --use-ntvfs
+
+testit "add-compatible-feature" $ldbmodify \
+ -H tdb://$DBPATH/private/sam.ldb <<EOF
+dn: @SAMBA_DSDB
+changetype: modify
+add: compatibleFeatures
+compatibleFeatures: non-existent-feature
+-
+
+EOF
+
+# The non-existent feature is not compatible with this version, so it
+# should not be listed in compatibleFeatures even though we tried to
+# put it there.
+
+ldb_search_fail()
+{
+ $ldbsearch -H tdb://$DBPATH/private/sam.ldb \
+ -s base -b "$1" "$2" |
+ grep -q "$3"
+}
+
+testit_expect_failure "find-compatible-feature" \
+ ldb_search_fail '@SAMBA_DSDB' 'compatibleFeatures' non-existent-feature
+
+# just make sure the thing we're using is normally findable
+testit "find-test-feature" \
+ $ldbsearch -H tdb://$DBPATH/private/sam.ldb \
+ -b 'CN=LostAndFound,DC=foo,DC=example,DC=com'
+
+testit "add-required-feature" $ldbmodify \
+ -H tdb://$DBPATH/private/sam.ldb <<EOF
+dn: @SAMBA_DSDB
+changetype: modify
+add: requiredFeatures
+requiredFeatures: futuristic-feature
+-
+
+EOF
+
+# The futuristic-feature is not implemented in this version, but it is
+# required by this database. A search for anything should fail.
+
+testit_expect_failure "find-required-feature" \
+ $ldbsearch -H tdb://$DBPATH/private/sam.ldb \
+ -b 'CN=LostAndFound,DC=foo,DC=example,DC=com'
+
+rm -rf $DBPATH
+
+exit $failed
diff --git a/source4/setup/tests/blackbox_upgradeprovision.sh b/source4/setup/tests/blackbox_upgradeprovision.sh
new file mode 100755
index 0000000..7dded87
--- /dev/null
+++ b/source4/setup/tests/blackbox_upgradeprovision.sh
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+ cat <<EOF
+Usage: blackbox_upgradeprovision.sh PREFIX
+EOF
+ exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+[ ! -d $PREFIX ] && mkdir $PREFIX
+
+upgradeprovision_reference()
+{
+ if [ -d $PREFIX/upgradeprovision_reference ]; then
+ rm -fr $PREFIX/upgradeprovision_reference
+ fi
+ $PYTHON $BINDIR/samba-tool domain provision --host-name=bar --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/upgradeprovision_reference" --server-role="dc" --use-ntvfs --base-schema=2008_R2
+}
+
+upgradeprovision()
+{
+ if [ -d $PREFIX/upgradeprovision ]; then
+ rm -fr $PREFIX/upgradeprovision
+ fi
+ $PYTHON $BINDIR/samba-tool domain provision --host-name=bar --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/upgradeprovision" --server-role="dc" --use-ntvfs --base-schema=2008_R2
+ $PYTHON $BINDIR/samba_upgradeprovision --configfile="$PREFIX/upgradeprovision/etc/smb.conf" --debugchange
+}
+
+upgradeprovision_full()
+{
+ if [ -d $PREFIX/upgradeprovision_full ]; then
+ rm -fr $PREFIX/upgradeprovision_full
+ fi
+ $PYTHON $BINDIR/samba-tool domain provision --host-name=bar --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/upgradeprovision_full" --server-role="dc" --use-ntvfs --base-schema=2008_R2
+ $PYTHON $BINDIR/samba_upgradeprovision --configfile="$PREFIX/upgradeprovision_full/etc/smb.conf" --full --debugchange
+}
+
+# The ldapcmp runs here are to ensure that a 'null' run of
+# upgradeprovision (because we did a provision with the same template)
+# really doesn't change anything.
+
+ldapcmp()
+{
+ $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn --filter=servicePrincipalName
+}
+
+ldapcmp_full()
+{
+ $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --skip-missing-dn --filter=servicePrincipalName
+}
+
+ldapcmp_sd()
+{
+ $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn --filter=servicePrincipalName
+}
+
+ldapcmp_full_sd()
+{
+ $PYTHON $BINDIR/samba-tool ldapcmp tdb://$PREFIX/upgradeprovision_full/private/sam.ldb tdb://$PREFIX/upgradeprovision_reference/private/sam.ldb --two --sd --skip-missing-dn --filter=servicePrincipalName
+}
+
+testit "upgradeprovision" upgradeprovision
+testit "upgradeprovision_full" upgradeprovision_full
+testit "upgradeprovision_reference" upgradeprovision_reference
+testit "ldapcmp" ldapcmp
+testit "ldapcmp_full" ldapcmp_full
+testit "ldapcmp_sd" ldapcmp_sd
+testit "ldapcmp_full_sd" ldapcmp_full_sd
+
+if [ -d $PREFIX/upgradeprovision ]; then
+ rm -fr $PREFIX/upgradeprovision
+fi
+
+if [ -d $PREFIX/upgradeprovision_full ]; then
+ rm -fr $PREFIX/upgradeprovision_full
+fi
+
+if [ -d $PREFIX/upgradeprovision_reference ]; then
+ rm -fr $PREFIX/upgradeprovision_reference
+fi
+
+exit $failed
diff --git a/source4/setup/tests/provision_fileperms.sh b/source4/setup/tests/provision_fileperms.sh
new file mode 100755
index 0000000..7e917ad
--- /dev/null
+++ b/source4/setup/tests/provision_fileperms.sh
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+ cat <<EOF
+Usage: $0 PREFIX
+EOF
+ exit 1
+fi
+
+PREFIX="$1"
+shift 1
+
+. $(dirname $0)/../../../testprogs/blackbox/subunit.sh
+
+# selftest sets the umask to zero. Explicitly set it to 022 here,
+# which should mean files should never be writable for anyone else
+ORIG_UMASK=$(umask)
+umask 0022
+
+# checks that the files in the 'private' directory created are not
+# world-writable
+check_private_file_perms()
+{
+ target_dir="$1/private"
+ result=0
+
+ for file in "${target_dir}"/*; do
+ # skip directories/sockets for now
+ if [ ! -f $file ]; then
+ continue
+ fi
+
+ # use stat to get the file permissions, i.e. -rw-------
+ file_perm=$(stat -c "%A" $file)
+
+ # then use cut to drop the first 4 chars containing the file type
+ # and owner permissions. What's left is the group and other users
+ global_perm=$(echo $file_perm | cut -c4-)
+
+ # check the remainder doesn't have write permissions set
+ if [ -z "${global_perm##*w*}" ]; then
+ echo "Error: $file has $file_perm permissions"
+ result=1
+ fi
+ done
+ return $result
+}
+
+TARGET_DIR=$PREFIX/basic-dc
+rm -rf $TARGET_DIR
+
+# create a dummy smb.conf - we need to use fake ACLs for the file system here
+# (but passing --option args with spaces in it proved too difficult in bash)
+SMB_CONF=$TARGET_DIR/tmp/smb.conf
+mkdir -p $(dirname $SMB_CONF)
+echo "vfs objects = fake_acls xattr_tdb" >$SMB_CONF
+
+# provision a basic DC
+testit "basic-provision" $PYTHON $BINDIR/samba-tool domain provision --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$TARGET_DIR --configfile=$SMB_CONF
+
+# check the file permissions in the 'private' directory really are private
+testit "provision-fileperms" check_private_file_perms $TARGET_DIR
+
+rm -rf $TARGET_DIR
+
+umask $ORIG_UMASK
+
+exit $failed
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-04 15:01:01 +0000