diff options
| author | Volker Lendecke <vl@samba.org> | 2023-03-07 17:21:56 +0100 |
|---|---|---|
| committer | Ralph Boehme <slow@samba.org> | 2023-03-29 17:55:51 +0000 |
| commit | b755b81d66a2b63e2e0a1fe9406d8f24b91d983e (patch) | |
| tree | 8e0adcd71fa15989204562ef9bd2f3df2a570b7a | |
| parent | f9849dbf4ff87e848eb323ca6ca0f612c80c3f95 (diff) | |
| download | samba-b755b81d66a2b63e2e0a1fe9406d8f24b91d983e.tar.gz | |
test: Add a test for "deny ous"
Not a comprehensive test for all possible combinations, but it shows
the basic functionality, and it found a bug in the initial
implementation :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
| -rwxr-xr-x | nsswitch/tests/test_idmap_ad.sh | 34 | ||||
| -rwxr-xr-x | selftest/target/Samba3.pm | 1 |
2 files changed, 35 insertions, 0 deletions
diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh index 9becbb63d32..7ae112ada71 100755 --- a/nsswitch/tests/test_idmap_ad.sh +++ b/nsswitch/tests/test_idmap_ad.sh @@ -80,6 +80,20 @@ dn: CN=Domain Admins,CN=Users,$BASE_DN changetype: modify add: gidNumber gidNumber: 2000002 + +dn: ou=sub,$BASE_DN +changetype: add +objectClass: organizationalUnit + +dn: cn=forbidden,ou=sub,$BASE_DN +changetype: add +objectClass: user +samaccountName: forbidden +uidNumber: 2000003 +gidNumber: 2000001 +unixHomeDirectory: /home/forbidden +loginShell: /bin/tcsh +gecos: User in forbidden OU EOF # @@ -144,6 +158,20 @@ ret=$? testit "Test gid lookup of Domain Admins" test $ret -eq 0 || failed=$(expr $failed + 1) # +# Test 5: Make sure deny_ou is really denied +# This depends on the "deny ous" setting in Samba3.pm +# + +sid="$($wbinfo -n $DOMAIN/forbidden | awk '{print $1}')" +testit "Could create forbidden" test -n "$sid" || failed=$(expr $failed + 1) +if [ -n "$sid" ] +then + uid="$($wbinfo --sid-to-uid $sid)" + testit "Can not resolve forbidden user" test -z "$uid" || + failed=$(($failed + 1)) +fi + +# # Trusted domain test 1: Test uid of Administrator, should be 2500000 # @@ -209,6 +237,12 @@ dn: CN=Domain Admins,CN=Users,$BASE_DN changetype: modify delete: gidNumber gidNumber: 2000002 + +dn: cn=forbidden,ou=sub,$BASE_DN +changetype: delete + +dn: ou=sub,$BASE_DN +changetype: delete EOF # diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 15b13f2920f..b4fa99c7388 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1390,6 +1390,7 @@ sub setup_ad_member_idmap_ad idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 idmap config $dcvars->{DOMAIN} : unix_primary_group = yes idmap config $dcvars->{DOMAIN} : unix_nss_info = yes + idmap config $dcvars->{DOMAIN} : deny ous = \"ou=sub,DC=samba2008r2,DC=example,DC=com\" idmap config $dcvars->{TRUST_DOMAIN} : backend = ad idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999 gensec_gssapi:requested_life_time = 5 |