nsswitch: Extend idmap_rfc2307 testcase for reverse lookup

Also test the codepaths to map UID and GID back to SID and names. Use different user and group to avoid returning results cached from the previous lookups. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11313 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jun 5 01:24:32 CEST 2015 on sn-devel-104 (cherry picked from commit c1c07b462058f863e706127203e6f30dba89a2a9)
author: Christof Schmitt <cs@samba.org> 2015-06-05 08:26:43 -0700
committer: Karolin Seeger <kseeger@samba.org> 2015-06-09 23:11:15 +0200
commit: f8c27d1e4a53e8a8324a28187b33db56992dcfb7 (patch)
tree: f025c8cd822d6e3f9db265eb7c4b1843bea80d35
parent: 2070fa2ed2d010f4974ee053928d48f1c0ff0c74 (diff)
download: samba-f8c27d1e4a53e8a8324a28187b33db56992dcfb7.tar.gz
2 files changed, 64 insertions, 10 deletions
diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
index b9efd346c8a..fc4c383c424 100755
--- a/nsswitch/tests/test_idmap_rfc2307.sh
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -1,21 +1,24 @@
 #!/bin/sh
 # Test id mapping through idmap_rfc2307 module
 if [ $# -lt 9 ]; then
-	echo Usage: $0 DOMAIN USERNAME UID GROUPNAME GID LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
+	echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 GROUPNAME GID GROUPNAME2 GID2 LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
 	exit 1
 fi
 
 DOMAIN="$1"
 USERNAME="$2"
 USERUID="$3"
-GROUPNAME="$4"
-GROUPGID="$5"
-LDAPPREFIX="$6"
-DC_SERVER="$7"
-DC_USERNAME="$8"
-DC_PASSWORD="$9"
-
-echo called with: $1 $2 $3 $4 $5 $6 $7 $8 $9
+USERNAME2="$4"
+USERUID2="$5"
+GROUPNAME="$6"
+GROUPGID="$7"
+GROUPNAME2="$8"
+GROUPGID2="$9"
+shift 9
+LDAPPREFIX="$1"
+DC_SERVER="$2"
+DC_USERNAME="$3"
+DC_PASSWORD="$4"
 
 wbinfo="$VALGRIND $BINDIR/wbinfo"
 ldbadd="$BINDIR/ldbadd"
@@ -26,7 +29,9 @@ failed=0
 
 # Delete LDAP records
 $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX"
 $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX"
 $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
 
 # Add id mapping information to LDAP
@@ -53,6 +58,20 @@ EOF
 testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
 
 cat > $PREFIX/tmpldb <<EOF
+dn: cn=$USERNAME2,$LDAPPREFIX
+objectClass: organizationalPerson
+objectClass: posixAccount
+ou: People
+cn: $USERNAME2
+uid: $USERNAME2
+uidNumber: $USERUID2
+gidNumber: 2
+homeDirectory: /home/admin
+EOF
+
+testit "add second ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
+
+cat > $PREFIX/tmpldb <<EOF
 dn: cn=$GROUPNAME,$LDAPPREFIX
 objectClass: posixGroup
 objectClass: groupOfNames
@@ -63,6 +82,17 @@ EOF
 
 testit "add ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
 
+cat > $PREFIX/tmpldb <<EOF
+dn: cn=$GROUPNAME2,$LDAPPREFIX
+objectClass: posixGroup
+objectClass: groupOfNames
+cn: $GROUPNAME2
+gidNumber: $GROUPGID2
+member: cn=$USERNAME,$LDAPPREFIX
+EOF
+
+testit "add second ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
+
 rm -f $PREFIX/tmpldbmodify
 
 testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN\\$USERNAME" || failed=$(expr $failed + 1)
@@ -86,9 +116,33 @@ echo "$DOMAIN\\$GROUPNAME resolved to $group_gid"
 
 testit "test $group_gid -eq $GROUPGID" test $group_gid -eq $GROUPGID || failed=$(expr $failed + 1)
 
+# Use different user and group for reverse lookup to not read from cache
+
+testit "$wbinfo --uid-to-sid=$USERUID2" $wbinfo --uid-to-sid=$USERUID2 || failed=$(expr $failed + 1)
+user_sid2=$($wbinfo --uid-to-sid=$USERUID2 | cut -d " " -f1)
+echo "UID $USERUID2 resolved to SID $user_sid2"
+
+testit "$wbinfo --sid-to-name=$user_sid2" $wbinfo --sid-to-name=$user_sid2 || failed=$(expr $failed + 1)
+user_name2=$($wbinfo --sid-to-name=$user_sid2 | cut -d " " -f1)
+echo "SID $user_sid2 resolved to $user_name2"
+
+testit "test $user_name2 = $DOMAIN\\$USERNAME2" test "$(echo $user_name2 | tr A-Z a-z)" = "$(echo $DOMAIN\\$USERNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1)
+
+testit "$wbinfo --gid-to-sid=$GROUPGID2" $wbinfo --gid-to-sid=$GROUPGID2 || failed=$(expr $failed + 1)
+group_sid2=$($wbinfo --gid-to-sid=$GROUPGID2 | cut -d " " -f1)
+echo "GID $GROUPGID2 resolved to SID $group_sid2"
+
+testit "$wbinfo --sid-to-name=$group_sid2" $wbinfo --sid-to-name=$group_sid2 || failed=$(expr $failed + 1)
+group_name2=$($wbinfo --sid-to-name=$group_sid2 | cut -d " " -f1)
+echo "SID $group_sid2 resolved to $group_name2"
+
+testit "test $group_name2 = $DOMAIN\\$GROUPNAME2" test "$(echo $group_name2 | tr A-Z a-z)" = "$(echo $DOMAIN\\$GROUPNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1)
+
 # Delete LDAP records
 $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX"
 $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX"
 $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
 
 exit $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 27883d34f3e..786b52ab217 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -343,7 +343,7 @@ for t in tests:
         plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/write-list-tmp -U$USERNAME%$PASSWORD')
         plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
     elif t == "idmap.rfc2307":
-        plantestsuite(t, "s3member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', '"Domain Users"', '2000001', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD'])
+        plantestsuite(t, "s3member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', 'Guest', '2000001', '"Domain Users"', '2000002', 'DnsAdmins', '2000003', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD'])
     elif t == "raw.acls":
         plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
         plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/nfs4acl_simple -U$USERNAME%$PASSWORD', description='nfs4acl_xattr-simple')
author	Christof Schmitt <cs@samba.org>	2015-06-05 08:26:43 -0700
committer	Karolin Seeger <kseeger@samba.org>	2015-06-09 23:11:15 +0200
commit	f8c27d1e4a53e8a8324a28187b33db56992dcfb7 (patch)
tree	f025c8cd822d6e3f9db265eb7c4b1843bea80d35
parent	2070fa2ed2d010f4974ee053928d48f1c0ff0c74 (diff)
download	samba-f8c27d1e4a53e8a8324a28187b33db56992dcfb7.tar.gz