diff options
author | Christof Schmitt <cs@samba.org> | 2015-06-05 08:26:43 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2015-06-09 23:11:15 +0200 |
commit | f8c27d1e4a53e8a8324a28187b33db56992dcfb7 (patch) | |
tree | f025c8cd822d6e3f9db265eb7c4b1843bea80d35 | |
parent | 2070fa2ed2d010f4974ee053928d48f1c0ff0c74 (diff) | |
download | samba-f8c27d1e4a53e8a8324a28187b33db56992dcfb7.tar.gz |
nsswitch: Extend idmap_rfc2307 testcase for reverse lookup
Also test the codepaths to map UID and GID back to SID and names. Use
different user and group to avoid returning results cached from the
previous lookups.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11313
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 5 01:24:32 CEST 2015 on sn-devel-104
(cherry picked from commit c1c07b462058f863e706127203e6f30dba89a2a9)
-rwxr-xr-x | nsswitch/tests/test_idmap_rfc2307.sh | 72 | ||||
-rwxr-xr-x | source3/selftest/tests.py | 2 |
2 files changed, 64 insertions, 10 deletions
diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh index b9efd346c8a..fc4c383c424 100755 --- a/nsswitch/tests/test_idmap_rfc2307.sh +++ b/nsswitch/tests/test_idmap_rfc2307.sh @@ -1,21 +1,24 @@ #!/bin/sh # Test id mapping through idmap_rfc2307 module if [ $# -lt 9 ]; then - echo Usage: $0 DOMAIN USERNAME UID GROUPNAME GID LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD + echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 GROUPNAME GID GROUPNAME2 GID2 LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD exit 1 fi DOMAIN="$1" USERNAME="$2" USERUID="$3" -GROUPNAME="$4" -GROUPGID="$5" -LDAPPREFIX="$6" -DC_SERVER="$7" -DC_USERNAME="$8" -DC_PASSWORD="$9" - -echo called with: $1 $2 $3 $4 $5 $6 $7 $8 $9 +USERNAME2="$4" +USERUID2="$5" +GROUPNAME="$6" +GROUPGID="$7" +GROUPNAME2="$8" +GROUPGID2="$9" +shift 9 +LDAPPREFIX="$1" +DC_SERVER="$2" +DC_USERNAME="$3" +DC_PASSWORD="$4" wbinfo="$VALGRIND $BINDIR/wbinfo" ldbadd="$BINDIR/ldbadd" @@ -26,7 +29,9 @@ failed=0 # Delete LDAP records $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX" +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX" $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX" +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX" $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX" # Add id mapping information to LDAP @@ -53,6 +58,20 @@ EOF testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb cat > $PREFIX/tmpldb <<EOF +dn: cn=$USERNAME2,$LDAPPREFIX +objectClass: organizationalPerson +objectClass: posixAccount +ou: People +cn: $USERNAME2 +uid: $USERNAME2 +uidNumber: $USERUID2 +gidNumber: 2 +homeDirectory: /home/admin +EOF + +testit "add second ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb + +cat > $PREFIX/tmpldb <<EOF dn: cn=$GROUPNAME,$LDAPPREFIX objectClass: posixGroup objectClass: groupOfNames @@ -63,6 +82,17 @@ EOF testit "add ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb +cat > $PREFIX/tmpldb <<EOF +dn: cn=$GROUPNAME2,$LDAPPREFIX +objectClass: posixGroup +objectClass: groupOfNames +cn: $GROUPNAME2 +gidNumber: $GROUPGID2 +member: cn=$USERNAME,$LDAPPREFIX +EOF + +testit "add second ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb + rm -f $PREFIX/tmpldbmodify testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN\\$USERNAME" || failed=$(expr $failed + 1) @@ -86,9 +116,33 @@ echo "$DOMAIN\\$GROUPNAME resolved to $group_gid" testit "test $group_gid -eq $GROUPGID" test $group_gid -eq $GROUPGID || failed=$(expr $failed + 1) +# Use different user and group for reverse lookup to not read from cache + +testit "$wbinfo --uid-to-sid=$USERUID2" $wbinfo --uid-to-sid=$USERUID2 || failed=$(expr $failed + 1) +user_sid2=$($wbinfo --uid-to-sid=$USERUID2 | cut -d " " -f1) +echo "UID $USERUID2 resolved to SID $user_sid2" + +testit "$wbinfo --sid-to-name=$user_sid2" $wbinfo --sid-to-name=$user_sid2 || failed=$(expr $failed + 1) +user_name2=$($wbinfo --sid-to-name=$user_sid2 | cut -d " " -f1) +echo "SID $user_sid2 resolved to $user_name2" + +testit "test $user_name2 = $DOMAIN\\$USERNAME2" test "$(echo $user_name2 | tr A-Z a-z)" = "$(echo $DOMAIN\\$USERNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1) + +testit "$wbinfo --gid-to-sid=$GROUPGID2" $wbinfo --gid-to-sid=$GROUPGID2 || failed=$(expr $failed + 1) +group_sid2=$($wbinfo --gid-to-sid=$GROUPGID2 | cut -d " " -f1) +echo "GID $GROUPGID2 resolved to SID $group_sid2" + +testit "$wbinfo --sid-to-name=$group_sid2" $wbinfo --sid-to-name=$group_sid2 || failed=$(expr $failed + 1) +group_name2=$($wbinfo --sid-to-name=$group_sid2 | cut -d " " -f1) +echo "SID $group_sid2 resolved to $group_name2" + +testit "test $group_name2 = $DOMAIN\\$GROUPNAME2" test "$(echo $group_name2 | tr A-Z a-z)" = "$(echo $DOMAIN\\$GROUPNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1) + # Delete LDAP records $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX" +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX" $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX" +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX" $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX" exit $failed diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 27883d34f3e..786b52ab217 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -343,7 +343,7 @@ for t in tests: plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/write-list-tmp -U$USERNAME%$PASSWORD') plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD') elif t == "idmap.rfc2307": - plantestsuite(t, "s3member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', '"Domain Users"', '2000001', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD']) + plantestsuite(t, "s3member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', 'Guest', '2000001', '"Domain Users"', '2000002', 'DnsAdmins', '2000003', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD']) elif t == "raw.acls": plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/nfs4acl_simple -U$USERNAME%$PASSWORD', description='nfs4acl_xattr-simple') |