From fc25fe80b4edbca8bc985b6d94fc4ae6563a0cff Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Thu, 14 Mar 2019 10:20:52 +0100
Subject: [PATCH] selftest: Woraround uid wrapper issues when using bash shell

UID_WRAPPER_ROOT=1 is not working properly when tests run in bash shell
instead of dash. After some debugging the reason may be dash spawns a
subshell to run commands, but bash calls execve instead. Traces attached
as reference:

/bin/sh -> dash:

[2(2)/2 at 17s, 1 errors] samba.blackbox.pdbtest(nt4_dc)(nt4_dc:local)
UWRAP_DEBUG(3145) - uwrap_init: Initialize uid_wrapper
UWRAP_DEBUG(3145) - uwrap_init_env: uwrap_init_env
UWRAP_DEBUG(3145) - uwrap_init: Enabled uid_wrapper as root (real uid=1000)
UWRAP_DEBUG(3145) - uwrap_init: Successfully initialized uid_wrapper
UWRAP_DEBUG(3144) - uwrap_init: Initialize uid_wrapper
UWRAP_DEBUG(3144) - uwrap_init_env: uwrap_init_env
UWRAP_DEBUG(3144) - uwrap_init: Enabled uid_wrapper as root (real uid=1000)
UWRAP_DEBUG(3144) - uwrap_init: Successfully initialized uid_wrapper

/bin/sh -> bash:

[2(2)/2 at 17s, 1 errors] samba.blackbox.pdbtest(nt4_dc)(nt4_dc:local)
UWRAP_DEBUG(3352) - uwrap_export_ids: uwrap_export_ids
UWRAP_DEBUG(3354) - uwrap_export_ids: uwrap_export_ids
UWRAP_DEBUG(3354) - uwrap_init: Initialize uid_wrapper
UWRAP_DEBUG(3354) - uwrap_init_env: uwrap_init_env
UWRAP_DEBUG(3354) - uwrap_init_env: Initialize ruid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize euid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize suid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initialize ruid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize egid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize sgid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize groups with 4,24,27,30,46,108,1000
UWRAP_DEBUG(3354) - uwrap_init: Enabled uid_wrapper as user (real uid=1000)
UWRAP_DEBUG(3354) - uwrap_init: Successfully initialized uid_wrapper
UWRAP_DEBUG(3353) - uwrap_export_ids: uwrap_export_ids
UWRAP_DEBUG(3353) - uwrap_init: Initialize uid_wrapper
UWRAP_DEBUG(3353) - uwrap_init_env: uwrap_init_env
UWRAP_DEBUG(3353) - uwrap_init_env: Initialize ruid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize euid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize suid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initialize ruid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize egid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize sgid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize groups with 4,24,27,30,46,108,1000
UWRAP_DEBUG(3353) - uwrap_init: Enabled uid_wrapper as user (real uid=1000)
UWRAP_DEBUG(3353) - uwrap_init: Successfully initialized uid_wrapper

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---
 source3/script/tests/test_net_rpc_oldjoin.sh | 23 +++++++++++-
 testprogs/blackbox/test_password_settings.sh | 35 +++++++++++++-----
 testprogs/blackbox/test_pdbtest.sh           | 37 +++++++++++++++-----
 3 files changed, 78 insertions(+), 17 deletions(-)

diff --git a/source3/script/tests/test_net_rpc_oldjoin.sh b/source3/script/tests/test_net_rpc_oldjoin.sh
index 070fcc1add7..97586874be9 100755
--- a/source3/script/tests/test_net_rpc_oldjoin.sh
+++ b/source3/script/tests/test_net_rpc_oldjoin.sh
@@ -22,8 +22,29 @@ export UID_WRAPPER_ROOT
 
 OPTIONS="--configfile $SMB_CONF_PATH --option=netbiosname=$maccount --option=security=domain --option=domainlogons=no --option=privatedir=$privatedir"
 
+test_smbpasswd()
+{
+	account=$1
+
+	echo "set password with smbpasswd"
+
+	cmd='UID_WRAPPER_INITIAL_RUID=0 UID_WRAPPER_INITIAL_EUID=0 $VALGRIND $BINDIR/smbpasswd -L -c $SMB_CONF_PATH -a -m "$account"'
+	eval echo "$cmd"
+	out=$(eval $cmd)
+	ret=$?
+	rm -f $tmpfile
+
+	if [ $ret -ne 0 ]; then
+		echo "Failed to change user password $user"
+		return 1
+	fi
+}
+
+
 testit "mkdir -p $privatedir" mkdir -p $privatedir || failed=`expr $failed + 1`
-testit "smbpasswd -a -m" $VALGRIND $BINDIR/smbpasswd -L -c $SMB_CONF_PATH -a -m "$maccount" || failed=`expr $failed + 1`
+testit "smbpasswd -a -m" \
+	test_smbpasswd $maccount \
+	|| failed=$(expr $failed + 1)
 testit "net_rpc_oldjoin" $VALGRIND $BINDIR/net rpc oldjoin -S $SERVER $OPTIONS || failed=`expr $failed + 1`
 testit "net_rpc_testjoin1" $VALGRIND $BINDIR/net rpc testjoin -S $SERVER $OPTIONS || failed=`expr $failed + 1`
 testit "net_rpc_changetrustpw" $VALGRIND $BINDIR/net rpc changetrustpw -S $SERVER $OPTIONS || failed=`expr $failed + 1`
diff --git a/testprogs/blackbox/test_password_settings.sh b/testprogs/blackbox/test_password_settings.sh
index 93e03770ed2..600bf0d0751 100755
--- a/testprogs/blackbox/test_password_settings.sh
+++ b/testprogs/blackbox/test_password_settings.sh
@@ -52,6 +52,31 @@ do_kinit() {
 	fi
 }
 
+test_smbpasswd()
+{
+	user=$1
+	newpass=$2
+
+	tmpfile=$PREFIX/smbpasswd_change_password_script
+	cat > $tmpfile <<EOF
+expect New SMB password:
+send ${newpass}\n
+expect Retype new SMB password:
+send ${newpass}\n
+EOF
+
+	cmd='UID_WRAPPER_INITIAL_RUID=0 UID_WRAPPER_INITIAL_EUID=0 $texpect $tmpfile $smbpasswd -L -c $PREFIX/etc/smb.conf $user'
+	eval echo "$cmd"
+	out=$(eval $cmd)
+	ret=$?
+	rm -f $tmpfile
+
+	if [ $ret -ne 0 ]; then
+		echo "Failed to change user password $user"
+		return 1
+	fi
+}
+
 UID_WRAPPER_ROOT=1
 export UID_WRAPPER_ROOT
 
@@ -139,15 +164,9 @@ rm -f $KRB5CCNAME_PATH
 ### Set the password with smbpasswd
 ###########################################################
 
-cat > $PREFIX/tmpsmbpasswdscript <<EOF
-expect New SMB password:
-send ${TEST_PASSWORD_NEW}\n
-expect Retype new SMB password:
-send ${TEST_PASSWORD_NEW}\n
-EOF
-
 testit "set user password with smbpasswd" \
-	$texpect $PREFIX/tmpsmbpasswdscript $smbpasswd -L -c $PREFIX/etc/smb.conf $TEST_USERNAME || failed=`expr $failed + 1`
+	test_smbpasswd $TEST_USERNAME $TEST_PASSWORD_NEW \
+	|| failed=$(expr $failed + 1)
 
 TEST_PASSWORD=$TEST_PASSWORD_NEW
 TEST_PASSWORD_NEW="testPaSS@03%"
diff --git a/testprogs/blackbox/test_pdbtest.sh b/testprogs/blackbox/test_pdbtest.sh
index 02615094451..d5c37f0acc9 100755
--- a/testprogs/blackbox/test_pdbtest.sh
+++ b/testprogs/blackbox/test_pdbtest.sh
@@ -32,6 +32,32 @@ unc="//$SERVER/tmp"
 UID_WRAPPER_ROOT=1
 export UID_WRAPPER_ROOT
 
+test_smbpasswd()
+{
+	user=$1
+	newpass=$2
+
+	echo "set password with smbpasswd"
+	tmpfile=$PREFIX/smbpasswd_change_password_script
+	cat > $tmpfile <<EOF
+expect New SMB password:
+send ${newpass}\n
+expect Retype new SMB password:
+send ${newpass}\n
+EOF
+
+	cmd='UID_WRAPPER_INITIAL_RUID=0 UID_WRAPPER_INITIAL_EUID=0 $texpect $tmpfile $smbpasswd -L $user -c $SMB_CONF'
+	eval echo "$cmd"
+	out=$(eval $cmd)
+	ret=$?
+	rm -f $tmpfile
+
+	if [ $ret -ne 0 ]; then
+		echo "Failed to change user password $user"
+		return 1
+	fi
+}
+
 testit "pdbtest" $VALGRIND $BINDIR/pdbtest -u $USER $@ || failed=`expr $failed + 1`
 
 NEWUSERPASS=testPaSS@01%
@@ -55,15 +81,10 @@ test_smbclient "Test login with user (ntlm)" 'ls' "$unc" -k no -U$USER%$NEWUSERP
 
 NEWUSERPASS=testPaSS@02%
 
-echo "set password with smbpasswd"
-cat > ./tmpsmbpasswdscript <<EOF
-expect New SMB password:
-send ${NEWUSERPASS}\n
-expect Retype new SMB password:
-send ${NEWUSERPASS}\n
-EOF
+testit "set user password with smbpasswd" \
+	test_smbpasswd $USER $NEWUSERPASS \
+	|| failed=$(expr $failed + 1)
 
-testit "set user password with smbpasswd" $texpect ./tmpsmbpasswdscript $smbpasswd -L $USER -c $SMB_CONF || failed=`expr $failed + 1`
 USERPASS=$NEWUSERPASS
 
 test_smbclient "Test login with user (ntlm)" 'ls' "$unc" -k no -U$USER%$NEWUSERPASS $@|| failed=`expr $failed + 1`
-- 
2.34.1