diff options
| -rwxr-xr-x | nsswitch/tests/test_rfc2307_mapping.sh | 181 | ||||
| -rwxr-xr-x | selftest/selftest.pl | 5 | ||||
| -rw-r--r-- | selftest/target/Samba4.pm | 8 | ||||
| -rwxr-xr-x | source4/selftest/tests.py | 1 |
4 files changed, 193 insertions, 2 deletions
diff --git a/nsswitch/tests/test_rfc2307_mapping.sh b/nsswitch/tests/test_rfc2307_mapping.sh new file mode 100755 index 0000000000..f1e3ea9ce6 --- /dev/null +++ b/nsswitch/tests/test_rfc2307_mapping.sh @@ -0,0 +1,181 @@ +#!/bin/sh +# Blackbox test for wbinfo and rfc2307 mappings +if [ $# -lt 4 ]; then +cat <<EOF +Usage: test_rfc2307_mapping.sh DOMAIN USERNAME PASSWORD SERVER UID_RFC2307TEST GID_RFC2307TEST +EOF +exit 1; +fi + +DOMAIN=$1 +USERNAME=$2 +PASSWORD=$3 +SERVER=$4 +UID_RFC2307TEST=$5 +GID_RFC2307TEST=$6 +shift 6 + +failed=0 +samba4bindir="$BINDIR" +wbinfo="$VALGRIND $samba4bindir/wbinfo" +samba_tool="$VALGRIND $samba4bindir/samba-tool" +ldbmodify="$samba4bindir/ldbmodify" + +. `dirname $0`/../../testprogs/blackbox/subunit.sh + +testfail() { + name="$1" + shift + cmdline="$*" + echo "test: $name" + $cmdline + status=$? + if [ x$status = x0 ]; then + echo "failure: $name" + else + echo "success: $name" + fi + return $status +} + +knownfail() { + name="$1" + shift + cmdline="$*" + echo "test: $name" + $cmdline + status=$? + if [ x$status = x0 ]; then + echo "failure: $name [unexpected success]" + status=1 + else + echo "knownfail: $name" + status=0 + fi + return $status +} + + +# Create new testing account +testit "user add" $samba_tool user create --given-name="rfc2307" --surname="Tester" --initial="UT" rfc2307_test_user testp@ssw0Rd $@ + +#test creation of six different groups +testit "group add" $samba_tool group add $CONFIG --group-scope='Domain' --group-type='Security' rfc2307_test_group $@ + +# Create new testing group + +# Convert name to SID +testit "wbinfo -n against $TARGET" $wbinfo -n "$DOMAIN/rfc2307_test_user" || failed=`expr $failed + 1` +user_sid=`$wbinfo -n "$DOMAIN/rfc2307_test_user" | cut -d " " -f1` +echo "$DOMAIN/rfc2307_test_user resolved to $user_sid" + +testit "wbinfo -s $user_sid against $TARGET" $wbinfo -s $user_sid || failed=`expr $failed + 1` +user_name=`$wbinfo -s $user_sid | cut -d " " -f1| tr a-z A-Z` +echo "$user_sid resolved to $user_name" + +tested_name=`echo $DOMAIN/rfc2307_test_user | tr a-z A-Z` + +# Now check that wbinfo works correctly (sid <=> name) +echo "test: wbinfo -s check for sane mapping" +if test x$user_name != x$tested_name; then + echo "$user_name does not match $tested_name" + echo "failure: wbinfo -s check for sane mapping" + failed=`expr $failed + 1` +else + echo "success: wbinfo -s check for sane mapping" +fi + +testit "wbinfo -n on the returned name against $TARGET" $wbinfo -n $user_name || failed=`expr $failed + 1` +test_sid=`$wbinfo -n $tested_name | cut -d " " -f1` + +echo "test: wbinfo -n check for sane mapping" +if test x$user_sid != x$test_sid; then + echo "$user_sid does not match $test_sid" + echo "failure: wbinfo -n check for sane mapping" + failed=`expr $failed + 1` +else + echo "success: wbinfo -n check for sane mapping" +fi + +testit "wbinfo -n against $TARGET" $wbinfo -n "$DOMAIN/rfc2307_test_group" || failed=`expr $failed + 1` +group_sid=`$wbinfo -n "$DOMAIN/rfc2307_test_group" | cut -d " " -f1` +echo "$DOMAIN/rfc2307_test_group resolved to $group_sid" + +# Then add a uidNumber to the group record using ldbmodify +cat > $PREFIX/tmpldbmodify <<EOF +dn: <SID=$user_sid> +changetype: modify +add: uidNumber +uidNumber: $UID_RFC2307TEST +EOF + +testit "modify gidNumber on group" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -U$DOMAIN/$USERNAME%$PASSWORD $@ || failed=`expr $failed + 1` + +# Then add a gidNumber to the group record using ldbmodify +cat > $PREFIX/tmpldbmodify <<EOF +dn: <SID=$group_sid> +changetype: modify +add: gidNumber +gidNumber: $GID_RFC2307TEST +EOF + +testit "modify gidNumber on group" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -U$DOMAIN/$USERNAME%$PASSWORD $@ || failed=`expr $failed + 1` + +rm -f $PREFIX/tmpldbmodify + +# Now check we get a correct SID for the UID + +testit "wbinfo -U against $TARGET" $wbinfo -U $UID_RFC2307TEST || failed=`expr $failed + 1` + +echo "test: wbinfo -U check for sane mapping" +sid_for_user=`$wbinfo -U $UID_RFC2307TEST` +if test x"$sid_for_user" != x"$user_sid"; then + echo "uid $UID_RFC2307TEST mapped to $sid_for_user, not $user_sid" + echo "failure: wbinfo -U check for sane mapping" + failed=`expr $failed + 1` +else + echo "success: wbinfo -U check for sane mapping" +fi + +testit "wbinfo -G against $TARGET" $wbinfo -G $GID_RFC2307TEST || failed=`expr $failed + 1` + +echo "test: wbinfo -G check for sane mapping" +sid_for_group=`$wbinfo -G $GID_RFC2307TEST` +if test x$sid_for_group != "x$group_sid"; then + echo "gid $GID_RFC2307TEST mapped to $sid_for_group, not $group_sid" + echo "failure: wbinfo -G check for sane mapping" + failed=`expr $failed + 1` +else + echo "success: wbinfo -G check for sane mapping" +fi + +# Now check we get the right UID from the SID +testit "wbinfo -S against $TARGET" $wbinfo -S "$user_sid" || failed=`expr $failed + 1` + +echo "test: wbinfo -S check for sane mapping" +uid_for_user_sid=`$wbinfo -S $user_sid` +if test 0$uid_for_user_sid -ne $UID_RFC2307TEST; then + echo "$user_sid mapped to $uid_for_sid, not $UID_RFC2307TEST" + echo "failure: wbinfo -S check for sane mapping" + failed=`expr $failed + 1` +else + echo "success: wbinfo -S check for sane mapping" +fi + +# Now check we get the right GID from the SID +testit "wbinfo -Y" $wbinfo -Y "$group_sid" || failed=`expr $failed + 1` + +echo "test: wbinfo -Y check for sane mapping" +gid_for_user_sid=`$wbinfo -Y $group_sid` +if test 0$gid_for_user_sid -ne $GID_RFC2307TEST; then + echo "$group_sid mapped to $gid_for_sid, not $GID_RFC2307TEST" + echo "failure: wbinfo -Y check for sane mapping" + failed=`expr $failed + 1` +else + echo "success: wbinfo -Y check for sane mapping" +fi + +testit "group delete" $samba_tool group delete rfc2307_test_group $@ +testit "user delete" $samba_tool user delete rfc2307_test_user $@ + +exit $failed diff --git a/selftest/selftest.pl b/selftest/selftest.pl index c6eadd74dd..4ac5aeb2a4 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -714,8 +714,11 @@ my @exported_envvars = ( # nss_wrapper "NSS_WRAPPER_PASSWD", - "NSS_WRAPPER_GROUP" + "NSS_WRAPPER_GROUP", + # UID/GID for rfc2307 mapping tests + "UID_RFC2307TEST", + "GID_RFC2307TEST" ); $SIG{INT} = $SIG{QUIT} = $SIG{TERM} = sub { diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index ba37504651..a08e550700 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -608,6 +608,8 @@ sub provision_raw_step1($$) # remove this again, when our smb2 client library # supports signin on compound related requests server signing = on + + idmap_ldb:use rfc2307=yes "; print CONFFILE " @@ -634,6 +636,7 @@ nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false "; close(PWD); + my $uid_rfc2307test = 65533; open(GRP, ">$ctx->{nsswrap_group}"); print GRP " @@ -644,6 +647,7 @@ nobody:x:65533: nogroup:x:65534:nobody "; close(GRP); + my $gid_rfc2307test = 65532; my $configuration = "--configfile=$ctx->{smb_conf}"; @@ -686,7 +690,9 @@ nogroup:x:65534:nobody SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log", SAMBA_TEST_LOG_POS => 0, NSS_WRAPPER_WINBIND_SO_PATH => Samba::nss_wrapper_winbind_so_path($self), - LOCAL_PATH => $ctx->{share} + LOCAL_PATH => $ctx->{share}, + UID_RFC2307TEST => $uid_rfc2307test, + GID_RFC2307TEST => $gid_rfc2307test }; return $ret; diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index f43741cbbd..568d122361 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -308,6 +308,7 @@ plantestsuite("samba4.blackbox.nmblookup(dc)", "dc", [os.path.join(samba4srcdir, plantestsuite("samba4.blackbox.locktest(dc)", "dc", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX']) plantestsuite("samba4.blackbox.masktest", "dc", [os.path.join(samba4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX']) plantestsuite("samba4.blackbox.gentest(dc)", "dc", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"]) +plantestsuite("samba4.blackbox.rfc2307_mapping(dc:local)", "dc:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_rfc2307_mapping.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "$SERVER", "$UID_RFC2307TEST", "$GID_RFC2307TEST", configuration]) plantestsuite("samba4.blackbox.wbinfo(dc:local)", "dc:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "dc"]) plantestsuite("samba4.blackbox.wbinfo(s4member:local)", "s4member:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', "s4member"]) plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/chgdcpass', smbclient4]) |