diff options
-rwxr-xr-x | nsswitch/tests/test_idmap_rfc2307.sh | 94 | ||||
-rw-r--r-- | selftest/target/Samba.pm | 1 | ||||
-rwxr-xr-x | selftest/target/Samba3.pm | 79 | ||||
-rw-r--r-- | selftest/target/Samba4.pm | 6 | ||||
-rwxr-xr-x | source3/selftest/tests.py | 6 |
5 files changed, 185 insertions, 1 deletions
diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh new file mode 100755 index 0000000000..b9efd346c8 --- /dev/null +++ b/nsswitch/tests/test_idmap_rfc2307.sh @@ -0,0 +1,94 @@ +#!/bin/sh +# Test id mapping through idmap_rfc2307 module +if [ $# -lt 9 ]; then + echo Usage: $0 DOMAIN USERNAME UID GROUPNAME GID LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD + exit 1 +fi + +DOMAIN="$1" +USERNAME="$2" +USERUID="$3" +GROUPNAME="$4" +GROUPGID="$5" +LDAPPREFIX="$6" +DC_SERVER="$7" +DC_USERNAME="$8" +DC_PASSWORD="$9" + +echo called with: $1 $2 $3 $4 $5 $6 $7 $8 $9 + +wbinfo="$VALGRIND $BINDIR/wbinfo" +ldbadd="$BINDIR/ldbadd" +ldbdel="$BINDIR/ldbdel" +failed=0 + +. `dirname $0`/../../testprogs/blackbox/subunit.sh + +# Delete LDAP records +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX" +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX" +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX" + +# Add id mapping information to LDAP + +cat > $PREFIX/tmpldb <<EOF +dn: $LDAPPREFIX +objectclass: organizationalUnit +EOF + +testit "add ldap prefix" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb + +cat > $PREFIX/tmpldb <<EOF +dn: cn=$USERNAME,$LDAPPREFIX +objectClass: organizationalPerson +objectClass: posixAccount +ou: People +cn: $USERNAME +uid: $USERNAME +uidNumber: $USERUID +gidNumber: 1 +homeDirectory: /home/admin +EOF + +testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb + +cat > $PREFIX/tmpldb <<EOF +dn: cn=$GROUPNAME,$LDAPPREFIX +objectClass: posixGroup +objectClass: groupOfNames +cn: $GROUPNAME +gidNumber: $GROUPGID +member: cn=$USERNAME,$LDAPPREFIX +EOF + +testit "add ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb + +rm -f $PREFIX/tmpldbmodify + +testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN\\$USERNAME" || failed=$(expr $failed + 1) +user_sid=$($wbinfo -n "$DOMAIN\\$USERNAME" | cut -d " " -f1) +echo "$DOMAIN\\$USERNAME resolved to $user_sid" + +testit "wbinfo --sid-to-uid=$user_sid" $wbinfo --sid-to-uid=$user_sid || failed=$(expr $failed + 1) +user_uid=$($wbinfo --sid-to-uid=$user_sid | cut -d " " -f1) +echo "$DOMAIN\\$USERNAME resolved to $user_uid" + +testit "test $user_uid -eq $USERUID" test $user_uid -eq $USERUID || failed=$(expr $failed + 1) + +# Not sure how to get group names with spaces to resolve through testit +#testit "wbinfo --name-to-sid" $wbinfo --name-to-sid="$DOMAIN\\$GROUPNAME" || failed=$(expr $failed + 1) +group_sid=$($wbinfo --name-to-sid="$DOMAIN\\$GROUPNAME" | cut -d " " -f1) +echo "$DOMAIN\\$GROUPNAME resolved to $group_sid" + +testit "wbinfo --sid-to-gid=$group_sid" $wbinfo --sid-to-gid=$group_sid || failed=$(expr $failed + 1) +group_gid=$($wbinfo --sid-to-gid=$group_sid | cut -d " " -f1) +echo "$DOMAIN\\$GROUPNAME resolved to $group_gid" + +testit "test $group_gid -eq $GROUPGID" test $group_gid -eq $GROUPGID || failed=$(expr $failed + 1) + +# Delete LDAP records +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX" +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX" +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX" + +exit $failed diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index d8110536b2..fa18985433 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -171,6 +171,7 @@ sub get_interface($) $interfaces{"localsubdc"} = 31; $interfaces{"chgdcpass"} = 32; $interfaces{"promotedvdc"} = 33; + $interfaces{"rfc2307member"} = 34; # update lib/socket_wrapper/socket_wrapper.c # #define MAX_WRAPPED_INTERFACES 32 diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index c71419d4ba..8d9c4b9310 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -331,6 +331,85 @@ sub setup_admember($$$$) return $ret; } +sub setup_admember_rfc2307($$$$) +{ + my ($self, $prefix, $dcvars) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING S3 AD MEMBER WITH idmap_rfc2307 config..."; + + my $member_options = " + security = ads + server signing = on + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + idmap config $dcvars->{DOMAIN} : backend = rfc2307 + idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 + idmap config $dcvars->{DOMAIN} : ldap_server = ad + idmap config $dcvars->{DOMAIN} : bind_path_user = ou=idmap,dc=samba,dc=example,dc=com + idmap config $dcvars->{DOMAIN} : bind_path_group = ou=idmap,dc=samba,dc=example,dc=com +"; + + my $ret = $self->provision($prefix, + "RFC2307MEMBER", + "loCalMemberPass", + $member_options); + + $ret or return undef; + + close(USERMAP); + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + my $net = Samba::bindir_path($self, "net"); + my $cmd = ""; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (not $self->check_or_start($ret, "yes", "yes", "yes")) { + return undef; + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + + # Special case, this is called from Samba4.pm but needs to use the Samba3 check_env and get_log_env + $ret->{target} = $self; + + return $ret; +} + sub setup_simpleserver($$) { my ($self, $path) = @_; diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 05541d944f..6f694143dd 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -1661,6 +1661,12 @@ sub setup_env($$$) return $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29); } elsif ($envname eq "plugin_s4_dc") { return $self->setup_plugin_s4_dc("$path/plugin_s4_dc"); + } elsif ($envname eq "s3member_rfc2307") { + if (not defined($self->{vars}->{dc})) { + $self->setup_dc("$path/dc"); + } + return $target3->setup_admember_rfc2307("$path/s3member_rfc2307", + $self->{vars}->{dc}, 34); } else { return "UNKNOWN"; } diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 44efe1836f..740bd4a2ae 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -278,6 +278,8 @@ local = ["local.nss-wrapper", "local.ndr"] winbind = ["winbind.struct", "winbind.wbclient", "winbind.pac"] +idmap = [ "idmap.rfc2307" ] + rap = ["rap.basic", "rap.rpc", "rap.printing", "rap.sam"] unix = ["unix.info2", "unix.whoami"] @@ -286,7 +288,7 @@ nbt = ["nbt.dgram" ] libsmbclient = ["libsmbclient"] -tests= base + raw + smb2 + rpc + unix + local + winbind + rap + nbt + libsmbclient +tests= base + raw + smb2 + rpc + unix + local + winbind + rap + nbt + libsmbclient + idmap for t in tests: if t == "base.delaywrite": @@ -338,6 +340,8 @@ for t in tests: plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/valid-users-tmp -U$USERNAME%$PASSWORD') plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/write-list-tmp -U$USERNAME%$PASSWORD') plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD') + elif t == "idmap.rfc2307": + plantestsuite(t, "s3member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', '"Domain Users"', '2000001', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD']) else: plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD') |