s3: check that a user in a bogus domain name is mapped to the localnetbios name of a domain member

This means that if we authentify for BOGUS\administrator in AD domain
FOREST with samba being domain member with the netbiosname MEMBER then
BOGUS\administrator will be mapped to MEMBER\administrator if the
password match.

2 files changed, 21 insertions, 0 deletions

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 82f0ae9872..ccc899bd1e 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -367,6 +367,7 @@ for mech in [
         plansmbtorturetestsuite('base.xcopy', "plugin_s4_dc",
                                ['//$NETBIOSNAME/xcopy_share', signoptions, '-U$DC_USERNAME%$DC_PASSWORD'], "samba4.%s administrator" % name)
 
+plantestsuite("samba4.blackbox.bogusdomain", "s3member", ["testprogs/blackbox/bogus.sh", "$NETBIOSNAME", "xcopy_share", '$DC_USERNAME', '$DC_PASSWORD'], allow_empty_output=True)
 for mech in [
     "-k no",
     "-k no --option=usespnego=no",
diff --git a/testprogs/blackbox/bogus.sh b/testprogs/blackbox/bogus.sh
new file mode 100755
index 0000000000..019957bf70
--- /dev/null
+++ b/testprogs/blackbox/bogus.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+cat <<EOF
+Usage: blackbox_newuser.sh PREFIX
+EOF
+exit 1;
+fi
+
+. `dirname $0`/subunit.sh
+
+SERVER=$1
+SHARE=$2
+USER=$3
+PWD=$4
+smbclient="$BINDIR/smbclient"
+testit_expect_failure "smbclient" $smbclient "//$SERVER/$SHARE" -W POUET -U$USER%$PWD -c "dir"&& failed=`expr $failed + 1`
+./bin/net rpc user add $USER $PWD -W $SERVER -U$USER%$PWD -S $SERVER
+testit "smbclient" $smbclient "//$SERVER/$SHARE" -W POUET -U$USER%$PWD -c "dir"|| failed=`expr $failed + 1`
+exit $failed