#!/usr/share/ucs-test/runner bash ## desc: "Make concurrent changes in AD" ## exposure: dangerous ## packages: ## - univention-s4-connector ## bugs: ## - 35336 . "$TESTLIBPATH/base.sh" || exit 137 . "$TESTLIBPATH/udm.sh" || exit 137 . "$TESTLIBPATH/random.sh" || exit 137 . /usr/share/univention-lib/ldap.sh . "s4connector.sh" || exit 137 test -n "$connector_s4_ldap_host" || exit 137 connector_running_on_this_host || exit 137 eval "$(ucr shell)" create_gpo () { local name="$1" local admin_user=$(ucs_convertDN2UID "$tests_domainadmin_account") samba-tool gpo create "$name" -H /var/lib/samba/private/sam.ldb -U "$admin_user%$tests_domainadmin_pwd" } username_base="$(random_chars)" for((i=0;i<5;i++)); do udm-test users/user create --position "cn=users,$ldap_base" --set password=univention --set lastname="${username_base}$i" --set username="${username_base}$i" done ad_wait_for_synchronization; fail_bool 0 110 for((i=0;i<10;i++)); do echo "********************************************" echo "* Round $((i+1)) of 10" echo "********************************************" gponame="$(random_chars)" create_gpo "$gponame" || fail_test 110 # give Samba 4 a few seconds sleep 5 AD_DN=$(univention-s4search displayName="$gponame" dn | sed -ne 's|^dn: ||p') echo "AD_DN=$AD_DN" ad_wait_for_synchronization; fail_bool 0 110 for((j=0;j<5;j++)); do samba-tool dsacl set --action=allow --objectdn="$AD_DN" --trusteedn="cn=${username_base}$j,cn=users,$samba4_ldap_base" --car=get-changes ; fail_bool 0 110 sleep $i done ad_wait_for_synchronization; fail_bool 0 110 for((j=0;j<5;j++)); do sid=$(univention-s4search cn="${username_base}$j" objectSid | sed -ne 's|objectSid: ||p') univention-s4search -b "$AD_DN" -s base nTSecurityDescriptor --show-binary 2>&1 | grep "$sid" univention-s4search -b "$AD_DN" -s base nTSecurityDescriptor --show-binary 2>&1 | grep -q "$sid" || fail_bool 0 110 done ad_delete "$AD_DN" || fail_test 110 if [ "$RETVAL" != 100 ]; then break fi done for((i=0;i<5;i++)); do udm-test users/user remove --dn "uid=${username_base}$i,cn=users,$ldap_base" done ad_wait_for_synchronization; fail_bool 0 110 exit $RETVAL