diff options
| author | Ralph Boehme <slow@samba.org> | 2019-05-16 12:47:34 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2019-06-21 07:56:17 +0000 |
| commit | 15fa6919b8a52942d3f71620657aefe33cebc216 (patch) | |
| tree | c7e72a2ca5af274eb7b8b28f5fa50c1e764824d8 | |
| parent | 36641f70d05b4b05495053941e8fcd5c9a470954 (diff) | |
| download | samba-15fa6919b8a52942d3f71620657aefe33cebc216.tar.gz | |
tests: add a test for guest authentication
This verifies that smbd always adds BUILTIN\Guests to the guest token which is
required for guest authentication.
Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 0e88f98855e24cfddb55bef65c5910b8e662c630)
| -rw-r--r-- | selftest/knownfail.d/samba3.blackbox.guest | 1 | ||||
| -rwxr-xr-x | source3/script/tests/test_guest_auth.sh | 103 | ||||
| -rwxr-xr-x | source3/selftest/tests.py | 5 |
3 files changed, 109 insertions, 0 deletions
diff --git a/selftest/knownfail.d/samba3.blackbox.guest b/selftest/knownfail.d/samba3.blackbox.guest new file mode 100644 index 00000000000..cbb62d71c87 --- /dev/null +++ b/selftest/knownfail.d/samba3.blackbox.guest @@ -0,0 +1 @@ +^samba3.blackbox.guest.*smbclient_guest_auth_without_members diff --git a/source3/script/tests/test_guest_auth.sh b/source3/script/tests/test_guest_auth.sh new file mode 100755 index 00000000000..4ad4a5cbd63 --- /dev/null +++ b/source3/script/tests/test_guest_auth.sh @@ -0,0 +1,103 @@ +#!/bin/sh +# +# Test guest authentication +# +# Copyright (C) 2019 Ralph Boehme +# + +if [ $# -lt 5 ]; then +cat <<EOF +Usage: $0 SERVER SMBCLIENT SMBCONTROL NET CONFIGURATION +EOF +exit 1; +fi + +SERVER=$1 +SMBCLIENT=$2 +SMBCONTROL=$3 +NET=$4 +CONFIGURATION=$5 + +incdir=`dirname $0`/../../../testprogs/blackbox +. $incdir/subunit.sh + +failed=0 +SIDS="" + +prepare_empty_builtin_guests() { + TMP=$($NET $CONFIGURATION groupmap listmem S-1-5-32-546 2>&1) + bg_exists=$? + if [ $bg_exists != 0 ] ; then + printf "Group map for BUILTIN\\Guests must exist for test\n" + return 1 + fi + + SIDS=$($NET $CONFIGURATION groupmap listmem S-1-5-32-546) + if [ $? != 0 ] ; then + printf "$NET $CONFIGURATION groupmap listmem S-1-5-32-546 failed. Returned:\n" + printf "$SIDS\n" + return 1 + fi + printf "Got S-1-5-32-546 members:\n$SIDS\n" + + if [ "$SIDS" != "" ] ; then + for SID in $SIDS ; do + printf "Deleting member $SID from S-1-5-32-546\n" + $NET $CONFIGURATION groupmap delmem S-1-5-32-546 $SID || return 1 + done + fi + + return 0 +} + +add_local_guest_to_builtin_guests() { + if [ "$SIDS" != "" ] ; then + for SID in $SIDS ; do + printf "Adding $SID as member to S-1-5-32-546\n" + $NET $CONFIGURATION groupmap addmem S-1-5-32-546 $SID || return 1 + done + fi +} + +test_smbclient() { + $SMBCLIENT -U foo%bar //$SERVER/tmpguest -c exit + if [ $? != 0 ] ; then + printf "smbclient failed\n" + return 1 + fi + return 0 +} + +testit "smbclient_guest_at_startup" \ + test_smbclient || + failed=$(expr $failed + 1) + +printf "Prepare BUILTIN\\Guests group mapping without members\n" + +prepare_empty_builtin_guests || { + printf "Setting up BUILTIN\\Guests without members failed\n" + exit 1 +} + +$SMBCONTROL $CONFIGURATION smbd reload-config || { + printf "Reloading parent smbd guest info failed\n" + exit 1 +} + +testit "smbclient_guest_auth_without_members" \ + test_smbclient && + failed=$(expr $failed + 1) + +# restore config +add_local_guest_to_builtin_guests + +$SMBCONTROL $CONFIGURATION smbd reload-config || { + printf "Reloading parent smbd guest info failed\n" + exit 1 +} + +testit "smbclient_works_after_restored_setup" \ + test_smbclient || + failed=$(expr $failed + 1) + +testok $0 $failed diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index e390ca390a8..64546900d83 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -737,3 +737,8 @@ for e in endianness_options: plansmbtorture4testsuite('rpc.epmapper', 'nt4_dc:local', 'ncalrpc: -U$USERNAME%$PASSWORD', 'over ncalrpc') plansmbtorture4testsuite('rpc.fsrvp', 'nt4_dc:local', 'ncacn_np:$SERVER_IP[/pipe/FssagentRpc] -U$USERNAME%$PASSWORD', 'over ncacn_np') + +for env in ["ad_member_idmap_rid:local", "maptoguest:local"]: + plantestsuite("samba3.blackbox.guest (%s)" % env , env, + [os.path.join(samba3srcdir, "script/tests/test_guest_auth.sh"), + '$SERVER', smbclient3, smbcontrol, net, configuration]) |