From c9d2ca585e198b1006bbf7f1a3c988c1188b66cb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 28 Dec 2012 12:36:06 +1100 Subject: selftest: Add test for rfc2307 mapping handling Reviewed-by: Stefan Metzmacher --- nsswitch/tests/test_rfc2307_mapping.sh | 181 +++++++++++++++++++++++++++++++++ selftest/selftest.pl | 5 +- selftest/target/Samba4.pm | 8 +- source4/selftest/tests.py | 1 + 4 files changed, 193 insertions(+), 2 deletions(-) create mode 100755 nsswitch/tests/test_rfc2307_mapping.sh diff --git a/nsswitch/tests/test_rfc2307_mapping.sh b/nsswitch/tests/test_rfc2307_mapping.sh new file mode 100755 index 0000000000..f1e3ea9ce6 --- /dev/null +++ b/nsswitch/tests/test_rfc2307_mapping.sh @@ -0,0 +1,181 @@ +#!/bin/sh +# Blackbox test for wbinfo and rfc2307 mappings +if [ $# -lt 4 ]; then +cat < name) +echo "test: wbinfo -s check for sane mapping" +if test x$user_name != x$tested_name; then + echo "$user_name does not match $tested_name" + echo "failure: wbinfo -s check for sane mapping" + failed=`expr $failed + 1` +else + echo "success: wbinfo -s check for sane mapping" +fi + +testit "wbinfo -n on the returned name against $TARGET" $wbinfo -n $user_name || failed=`expr $failed + 1` +test_sid=`$wbinfo -n $tested_name | cut -d " " -f1` + +echo "test: wbinfo -n check for sane mapping" +if test x$user_sid != x$test_sid; then + echo "$user_sid does not match $test_sid" + echo "failure: wbinfo -n check for sane mapping" + failed=`expr $failed + 1` +else + echo "success: wbinfo -n check for sane mapping" +fi + +testit "wbinfo -n against $TARGET" $wbinfo -n "$DOMAIN/rfc2307_test_group" || failed=`expr $failed + 1` +group_sid=`$wbinfo -n "$DOMAIN/rfc2307_test_group" | cut -d " " -f1` +echo "$DOMAIN/rfc2307_test_group resolved to $group_sid" + +# Then add a uidNumber to the group record using ldbmodify +cat > $PREFIX/tmpldbmodify < +changetype: modify +add: uidNumber +uidNumber: $UID_RFC2307TEST +EOF + +testit "modify gidNumber on group" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -U$DOMAIN/$USERNAME%$PASSWORD $@ || failed=`expr $failed + 1` + +# Then add a gidNumber to the group record using ldbmodify +cat > $PREFIX/tmpldbmodify < +changetype: modify +add: gidNumber +gidNumber: $GID_RFC2307TEST +EOF + +testit "modify gidNumber on group" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -U$DOMAIN/$USERNAME%$PASSWORD $@ || failed=`expr $failed + 1` + +rm -f $PREFIX/tmpldbmodify + +# Now check we get a correct SID for the UID + +testit "wbinfo -U against $TARGET" $wbinfo -U $UID_RFC2307TEST || failed=`expr $failed + 1` + +echo "test: wbinfo -U check for sane mapping" +sid_for_user=`$wbinfo -U $UID_RFC2307TEST` +if test x"$sid_for_user" != x"$user_sid"; then + echo "uid $UID_RFC2307TEST mapped to $sid_for_user, not $user_sid" + echo "failure: wbinfo -U check for sane mapping" + failed=`expr $failed + 1` +else + echo "success: wbinfo -U check for sane mapping" +fi + +testit "wbinfo -G against $TARGET" $wbinfo -G $GID_RFC2307TEST || failed=`expr $failed + 1` + +echo "test: wbinfo -G check for sane mapping" +sid_for_group=`$wbinfo -G $GID_RFC2307TEST` +if test x$sid_for_group != "x$group_sid"; then + echo "gid $GID_RFC2307TEST mapped to $sid_for_group, not $group_sid" + echo "failure: wbinfo -G check for sane mapping" + failed=`expr $failed + 1` +else + echo "success: wbinfo -G check for sane mapping" +fi + +# Now check we get the right UID from the SID +testit "wbinfo -S against $TARGET" $wbinfo -S "$user_sid" || failed=`expr $failed + 1` + +echo "test: wbinfo -S check for sane mapping" +uid_for_user_sid=`$wbinfo -S $user_sid` +if test 0$uid_for_user_sid -ne $UID_RFC2307TEST; then + echo "$user_sid mapped to $uid_for_sid, not $UID_RFC2307TEST" + echo "failure: wbinfo -S check for sane mapping" + failed=`expr $failed + 1` +else + echo "success: wbinfo -S check for sane mapping" +fi + +# Now check we get the right GID from the SID +testit "wbinfo -Y" $wbinfo -Y "$group_sid" || failed=`expr $failed + 1` + +echo "test: wbinfo -Y check for sane mapping" +gid_for_user_sid=`$wbinfo -Y $group_sid` +if test 0$gid_for_user_sid -ne $GID_RFC2307TEST; then + echo "$group_sid mapped to $gid_for_sid, not $GID_RFC2307TEST" + echo "failure: wbinfo -Y check for sane mapping" + failed=`expr $failed + 1` +else + echo "success: wbinfo -Y check for sane mapping" +fi + +testit "group delete" $samba_tool group delete rfc2307_test_group $@ +testit "user delete" $samba_tool user delete rfc2307_test_user $@ + +exit $failed diff --git a/selftest/selftest.pl b/selftest/selftest.pl index c6eadd74dd..4ac5aeb2a4 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -714,8 +714,11 @@ my @exported_envvars = ( # nss_wrapper "NSS_WRAPPER_PASSWD", - "NSS_WRAPPER_GROUP" + "NSS_WRAPPER_GROUP", + # UID/GID for rfc2307 mapping tests + "UID_RFC2307TEST", + "GID_RFC2307TEST" ); $SIG{INT} = $SIG{QUIT} = $SIG{TERM} = sub { diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index ba37504651..a08e550700 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -608,6 +608,8 @@ sub provision_raw_step1($$) # remove this again, when our smb2 client library # supports signin on compound related requests server signing = on + + idmap_ldb:use rfc2307=yes "; print CONFFILE " @@ -634,6 +636,7 @@ nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false "; close(PWD); + my $uid_rfc2307test = 65533; open(GRP, ">$ctx->{nsswrap_group}"); print GRP " @@ -644,6 +647,7 @@ nobody:x:65533: nogroup:x:65534:nobody "; close(GRP); + my $gid_rfc2307test = 65532; my $configuration = "--configfile=$ctx->{smb_conf}"; @@ -686,7 +690,9 @@ nogroup:x:65534:nobody SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log", SAMBA_TEST_LOG_POS => 0, NSS_WRAPPER_WINBIND_SO_PATH => Samba::nss_wrapper_winbind_so_path($self), - LOCAL_PATH => $ctx->{share} + LOCAL_PATH => $ctx->{share}, + UID_RFC2307TEST => $uid_rfc2307test, + GID_RFC2307TEST => $gid_rfc2307test }; return $ret; diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index f43741cbbd..568d122361 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -308,6 +308,7 @@ plantestsuite("samba4.blackbox.nmblookup(dc)", "dc", [os.path.join(samba4srcdir, plantestsuite("samba4.blackbox.locktest(dc)", "dc", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX']) plantestsuite("samba4.blackbox.masktest", "dc", [os.path.join(samba4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX']) plantestsuite("samba4.blackbox.gentest(dc)", "dc", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"]) +plantestsuite("samba4.blackbox.rfc2307_mapping(dc:local)", "dc:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_rfc2307_mapping.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "$SERVER", "$UID_RFC2307TEST", "$GID_RFC2307TEST", configuration]) plantestsuite("samba4.blackbox.wbinfo(dc:local)", "dc:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "dc"]) plantestsuite("samba4.blackbox.wbinfo(s4member:local)", "s4member:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', "s4member"]) plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/chgdcpass', smbclient4]) -- cgit