selftest: Add test for rfc2307 mapping handling

Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/nsswitch/tests/test_rfc2307_mapping.sh b/nsswitch/tests/test_rfc2307_mapping.sh
new file mode 100755 (executable)
index 0000000..f1e3ea9
--- /dev/null
+++ b/nsswitch/tests/test_rfc2307_mapping.sh
@@ -0,0 +1,181 @@
+#!/bin/sh
+# Blackbox test for wbinfo and rfc2307 mappings
+if [ $# -lt 4 ]; then
+cat <<EOF
+Usage: test_rfc2307_mapping.sh DOMAIN USERNAME PASSWORD SERVER UID_RFC2307TEST GID_RFC2307TEST
+EOF
+exit 1;
+fi
+
+DOMAIN=$1
+USERNAME=$2
+PASSWORD=$3
+SERVER=$4
+UID_RFC2307TEST=$5
+GID_RFC2307TEST=$6
+shift 6
+
+failed=0
+samba4bindir="$BINDIR"
+wbinfo="$VALGRIND $samba4bindir/wbinfo"
+samba_tool="$VALGRIND $samba4bindir/samba-tool"
+ldbmodify="$samba4bindir/ldbmodify"
+
+. `dirname $0`/../../testprogs/blackbox/subunit.sh
+
+testfail() {
+       name="$1"
+       shift
+       cmdline="$*"
+       echo "test: $name"
+       $cmdline
+       status=$?
+        if [ x$status = x0 ]; then
+                echo "failure: $name"
+        else
+                echo "success: $name"
+        fi
+        return $status
+}
+
+knownfail() {
+        name="$1"
+        shift
+        cmdline="$*"
+        echo "test: $name"
+        $cmdline
+        status=$?
+        if [ x$status = x0 ]; then
+                echo "failure: $name [unexpected success]"
+                               status=1
+        else
+                echo "knownfail: $name"
+                               status=0
+        fi
+        return $status
+}
+
+
+# Create new testing account
+testit "user add" $samba_tool user create --given-name="rfc2307" --surname="Tester" --initial="UT" rfc2307_test_user testp@ssw0Rd $@
+
+#test creation of six different groups
+testit "group add" $samba_tool group add $CONFIG --group-scope='Domain' --group-type='Security' rfc2307_test_group $@
+
+# Create new testing group
+
+# Convert name to SID
+testit "wbinfo -n against $TARGET" $wbinfo -n "$DOMAIN/rfc2307_test_user" || failed=`expr $failed + 1`
+user_sid=`$wbinfo -n "$DOMAIN/rfc2307_test_user" | cut -d " " -f1`
+echo "$DOMAIN/rfc2307_test_user resolved to $user_sid"
+
+testit "wbinfo -s $user_sid against $TARGET" $wbinfo -s $user_sid || failed=`expr $failed + 1`
+user_name=`$wbinfo -s $user_sid | cut -d " " -f1| tr a-z A-Z`
+echo "$user_sid resolved to $user_name"
+
+tested_name=`echo $DOMAIN/rfc2307_test_user | tr a-z A-Z`
+
+# Now check that wbinfo works correctly (sid <=> name)
+echo "test: wbinfo -s check for sane mapping"
+if test x$user_name != x$tested_name; then
+       echo "$user_name does not match $tested_name"
+       echo "failure: wbinfo -s check for sane mapping"
+       failed=`expr $failed + 1`
+else
+       echo "success: wbinfo -s check for sane mapping"
+fi
+
+testit "wbinfo -n on the returned name against $TARGET" $wbinfo -n $user_name || failed=`expr $failed + 1`
+test_sid=`$wbinfo -n $tested_name | cut -d " " -f1`
+
+echo "test: wbinfo -n check for sane mapping"
+if test x$user_sid != x$test_sid; then
+       echo "$user_sid does not match $test_sid"
+       echo "failure: wbinfo -n check for sane mapping"
+       failed=`expr $failed + 1`
+else
+       echo "success: wbinfo -n check for sane mapping"
+fi
+
+testit "wbinfo -n against $TARGET" $wbinfo -n "$DOMAIN/rfc2307_test_group" || failed=`expr $failed + 1`
+group_sid=`$wbinfo -n "$DOMAIN/rfc2307_test_group" | cut -d " " -f1`
+echo "$DOMAIN/rfc2307_test_group resolved to $group_sid"
+
+# Then add a uidNumber to the group record using ldbmodify
+cat > $PREFIX/tmpldbmodify <<EOF
+dn: <SID=$user_sid>
+changetype: modify
+add: uidNumber
+uidNumber: $UID_RFC2307TEST
+EOF
+
+testit "modify gidNumber on group" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -U$DOMAIN/$USERNAME%$PASSWORD $@ || failed=`expr $failed + 1`
+
+# Then add a gidNumber to the group record using ldbmodify
+cat > $PREFIX/tmpldbmodify <<EOF
+dn: <SID=$group_sid>
+changetype: modify
+add: gidNumber
+gidNumber: $GID_RFC2307TEST
+EOF
+
+testit "modify gidNumber on group" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -U$DOMAIN/$USERNAME%$PASSWORD $@ || failed=`expr $failed + 1`
+
+rm -f $PREFIX/tmpldbmodify
+
+# Now check we get a correct SID for the UID
+
+testit "wbinfo -U against $TARGET" $wbinfo -U $UID_RFC2307TEST || failed=`expr $failed + 1`
+
+echo "test: wbinfo -U check for sane mapping"
+sid_for_user=`$wbinfo -U $UID_RFC2307TEST`
+if test x"$sid_for_user" != x"$user_sid"; then
+       echo "uid $UID_RFC2307TEST mapped to $sid_for_user, not $user_sid"
+       echo "failure: wbinfo -U check for sane mapping"
+       failed=`expr $failed + 1`
+else
+       echo "success: wbinfo -U check for sane mapping"
+fi
+
+testit "wbinfo -G against $TARGET" $wbinfo -G $GID_RFC2307TEST || failed=`expr $failed + 1`
+
+echo "test: wbinfo -G check for sane mapping"
+sid_for_group=`$wbinfo -G $GID_RFC2307TEST`
+if test x$sid_for_group != "x$group_sid"; then
+        echo "gid $GID_RFC2307TEST mapped to $sid_for_group, not $group_sid"
+       echo "failure: wbinfo -G check for sane mapping"
+       failed=`expr $failed + 1`
+else
+       echo "success: wbinfo -G check for sane mapping"
+fi
+
+# Now check we get the right UID from the SID
+testit "wbinfo -S against $TARGET" $wbinfo -S "$user_sid" || failed=`expr $failed + 1`
+
+echo "test: wbinfo -S check for sane mapping"
+uid_for_user_sid=`$wbinfo -S $user_sid`
+if test 0$uid_for_user_sid -ne $UID_RFC2307TEST; then
+       echo "$user_sid mapped to $uid_for_sid, not $UID_RFC2307TEST"
+       echo "failure: wbinfo -S check for sane mapping"
+       failed=`expr $failed + 1`
+else
+       echo "success: wbinfo -S check for sane mapping"
+fi
+
+# Now check we get the right GID from the SID
+testit "wbinfo -Y" $wbinfo -Y "$group_sid" || failed=`expr $failed + 1`
+
+echo "test: wbinfo -Y check for sane mapping"
+gid_for_user_sid=`$wbinfo -Y $group_sid`
+if test 0$gid_for_user_sid -ne $GID_RFC2307TEST; then
+       echo "$group_sid mapped to $gid_for_sid, not $GID_RFC2307TEST"
+       echo "failure: wbinfo -Y check for sane mapping"
+       failed=`expr $failed + 1`
+else
+       echo "success: wbinfo -Y check for sane mapping"
+fi
+
+testit "group delete" $samba_tool group delete rfc2307_test_group $@
+testit "user delete" $samba_tool user delete rfc2307_test_user $@
+
+exit $failed

diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index c6eadd74dd992e884401a936d4559e885cb46de0..4ac5aeb2a4ef38ac7547b227942062a71a3ade5a 100755 (executable)
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -714,8 +714,11 @@ my @exported_envvars = (
 
         # nss_wrapper
         "NSS_WRAPPER_PASSWD",
-        "NSS_WRAPPER_GROUP"
+        "NSS_WRAPPER_GROUP",
 
+        # UID/GID for rfc2307 mapping tests
+        "UID_RFC2307TEST",
+        "GID_RFC2307TEST"
 );
 
 $SIG{INT} = $SIG{QUIT} = $SIG{TERM} = sub { 

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index ba37504651521ac5d141fd88862338764ab2f703..a08e550700357a0004a487ebdfa8814023309c96 100644 (file)
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -608,6 +608,8 @@ sub provision_raw_step1($$)
        # remove this again, when our smb2 client library
        # supports signin on compound related requests
        server signing = on
+
+        idmap_ldb:use rfc2307=yes
 ";
 
        print CONFFILE "
@@ -634,6 +636,7 @@ nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false
 pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
 ";
        close(PWD);
+        my $uid_rfc2307test = 65533;
 
        open(GRP, ">$ctx->{nsswrap_group}");
        print GRP "
@@ -644,6 +647,7 @@ nobody:x:65533:
 nogroup:x:65534:nobody
 ";
        close(GRP);
+        my $gid_rfc2307test = 65532;
 
        my $configuration = "--configfile=$ctx->{smb_conf}";
 
@@ -686,7 +690,9 @@ nogroup:x:65534:nobody
                SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log",
                SAMBA_TEST_LOG_POS => 0,
                NSS_WRAPPER_WINBIND_SO_PATH => Samba::nss_wrapper_winbind_so_path($self),
-                LOCAL_PATH => $ctx->{share}
+                LOCAL_PATH => $ctx->{share},
+                UID_RFC2307TEST => $uid_rfc2307test,
+                GID_RFC2307TEST => $gid_rfc2307test
        };
 
        return $ret;

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index f43741cbbdeedab439b334778a356a681c364c37..568d12236197470e3814c13d20bf2aca957b101d 100755 (executable)
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -308,6 +308,7 @@ plantestsuite("samba4.blackbox.nmblookup(dc)", "dc", [os.path.join(samba4srcdir,
 plantestsuite("samba4.blackbox.locktest(dc)", "dc", [os.path.join(samba4srcdir, "torture/tests/test_locktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
 plantestsuite("samba4.blackbox.masktest", "dc", [os.path.join(samba4srcdir, "torture/tests/test_masktest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX'])
 plantestsuite("samba4.blackbox.gentest(dc)", "dc", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"])
+plantestsuite("samba4.blackbox.rfc2307_mapping(dc:local)", "dc:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_rfc2307_mapping.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "$SERVER", "$UID_RFC2307TEST", "$GID_RFC2307TEST", configuration])
 plantestsuite("samba4.blackbox.wbinfo(dc:local)", "dc:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "dc"])
 plantestsuite("samba4.blackbox.wbinfo(s4member:local)", "s4member:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', "s4member"])
 plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/chgdcpass', smbclient4])