testprogs/blackbox: add samba4.blackbox.test_primary_group test
authorStefan Metzmacher <metze@samba.org>
Tue, 16 Oct 2018 13:16:18 +0000 (15:16 +0200)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 30 Oct 2018 06:30:20 +0000 (07:30 +0100)
This demonstrates the bug, that happens when the primaryGroupID
of a user is changed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
selftest/knownfail.d/samba4.blackbox.test_primary_group [new file with mode: 0644]
source4/selftest/tests.py
testprogs/blackbox/test_primary_group.sh [new file with mode: 0755]

diff --git a/selftest/knownfail.d/samba4.blackbox.test_primary_group b/selftest/knownfail.d/samba4.blackbox.test_primary_group
new file mode 100644 (file)
index 0000000..779f680
--- /dev/null
@@ -0,0 +1,2 @@
+^samba4.blackbox.test_primary_group.dbcheck.*run1
+^samba4.blackbox.test_primary_group.dbcheck.*run2
index 6b5ceb5..24817e4 100755 (executable)
@@ -430,6 +430,8 @@ for env in ["ad_member", "s4member", "ad_dc_ntvfs", "chgdcpass"]:
 plantestsuite("samba4.blackbox.samba_tool(ad_dc_ntvfs:local)", "ad_dc_ntvfs:local", [os.path.join(samba4srcdir, "utils/tests/test_samba_tool.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient4])
 plantestsuite("samba4.blackbox.net_rpc_user(ad_dc)", "ad_dc", [os.path.join(bbdir, "test_net_rpc_user.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN'])
 
+plantestsuite("samba4.blackbox.test_primary_group", "ad_dc:local", [os.path.join(bbdir, "test_primary_group.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX_ABS'])
+
 if have_heimdal_support:
     for env in ["ad_dc_ntvfs", "ad_dc"]:
         plantestsuite("samba4.blackbox.pkinit(%s:local)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pkinit_heimdal.sh"), '$SERVER', 'pkinit', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX/%s' % env, "aes256-cts-hmac-sha1-96", smbclient4, configuration])
diff --git a/testprogs/blackbox/test_primary_group.sh b/testprogs/blackbox/test_primary_group.sh
new file mode 100755 (executable)
index 0000000..c2d803e
--- /dev/null
@@ -0,0 +1,86 @@
+#!/bin/bash
+
+if [ $# -lt 5 ]; then
+cat <<EOF
+Usage: test_primary_group.sh SERVER USERNAME PASSWORD DOMAIN PREFIX_ABS
+EOF
+exit 1;
+fi
+
+TMPDIR="$PREFIX_ABS/$(basename $0)"
+export TMPDIR
+
+SERVER=$1
+USERNAME=$2
+PASSWORD=$3
+DOMAIN=$4
+PREFIX_ABS=$5
+shift 5
+failed=0
+
+. `dirname $0`/subunit.sh
+. `dirname $0`/common_test_fns.inc
+
+TZ=UTC
+export TZ
+
+N=$(date +%H%M%S)
+
+testuser="testuser$N"
+testgroup="testgroup$N"
+
+echo "testuser: $testuser"
+echo "testgroup: $testgroup"
+
+testit "mkdir -p '${TMPDIR}'" mkdir -p ${TMPDIR} || failed=`expr $failed + 1`
+
+testit "create '$testuser'" $VALGRIND $PYTHON $BINDIR/samba-tool user create "$testuser" Password.1 || failed=`expr $failed + 1`
+testit "add '$testgroup'" $VALGRIND $PYTHON $BINDIR/samba-tool group add "$testgroup" || failed=`expr $failed + 1`
+testit "addmembers '$testgroup' '$testuser'" $VALGRIND $PYTHON $BINDIR/samba-tool group addmembers "$testgroup" "$testuser" || failed=`expr $failed + 1`
+
+testit "search1" $VALGRIND $BINDIR/ldbsearch -H ldap://$SERVER_IP -U$USERNAME%$PASSWORD -d0 sAMAccountName="$testgroup" objectSid || failed=`expr $failed + 1`
+ldif="${TMPDIR}/search1.ldif"
+$VALGRIND $BINDIR/ldbsearch -H ldap://$SERVER_IP -U$USERNAME%$PASSWORD -d0 sAMAccountName=$testgroup objectSid > $ldif
+rid=$(cat $ldif | sed -n 's/^objectSid: S-1-5-21-.*-.*-.*-//p')
+
+testit "search2" $VALGRIND $BINDIR/ldbsearch -H ldap://$SERVER_IP -U$USERNAME%$PASSWORD -d0 sAMAccountName="$testuser" dn || failed=`expr $failed + 1`
+ldif="${TMPDIR}/search2.ldif"
+$VALGRIND $BINDIR/ldbsearch -H ldap://$SERVER_IP -U$USERNAME%$PASSWORD -d0 sAMAccountName=$testuser dn > $ldif
+user_dn=$(cat $ldif | sed -n 's/^dn: //p')
+
+ldif="${TMPDIR}/modify1.ldif"
+cat > $ldif <<EOF
+dn: $user_dn
+changetype: modify
+replace: primaryGroupID
+primaryGroupID: $rid
+EOF
+testit "Change primaryGroupID to $rid" $VALGRIND $BINDIR/ldbmodify -H ldap://$SERVER_IP -U$USERNAME%$PASSWORD -d0 --verbose < $ldif || failed=`expr $failed + 1`
+
+testit "dbcheck run1" $VALGRIND $PYTHON $BINDIR/samba-tool dbcheck --attrs=member || failed=`expr $failed + 1`
+
+ldif="${TMPDIR}/modify2.ldif"
+cat > $ldif <<EOF
+dn: $user_dn
+changetype: modify
+replace: primaryGroupID
+primaryGroupID: 513
+EOF
+testit "Change primaryGroupID to 513" $VALGRIND $BINDIR/ldbmodify  -H ldap://$SERVER_IP -U$USERNAME%$PASSWORD -d0 < $ldif || failed=`expr $failed + 1`
+
+testit "dbcheck run2" $VALGRIND $PYTHON $BINDIR/samba-tool dbcheck --attrs=member || failed=`expr $failed + 1`
+
+testit "delete '$testuser'" $VALGRIND $PYTHON $BINDIR/samba-tool user delete "$testuser" || failed=`expr $failed + 1`
+testit "delete '$testgroup'" $VALGRIND $PYTHON $BINDIR/samba-tool group delete "$testgroup" || failed=`expr $failed + 1`
+
+#
+# As we don't support phantom objects and virtual backlinks
+# the deletion of the user and group cause dangling links,
+# which are detected like this:
+#
+# WARNING: target DN is deleted for member in object
+#
+testit_expect_failure "dbcheck run3" $VALGRIND $PYTHON $BINDIR/samba-tool dbcheck --attrs=member --fix --yes || failed=`expr $failed + 1`
+testit "dbcheck run4" $VALGRIND $PYTHON $BINDIR/samba-tool dbcheck --attrs=member || failed=`expr $failed + 1`
+
+exit $failed