diff options
| author | Christof Schmitt <cs@samba.org> | 2019-04-22 16:41:42 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2019-04-24 01:02:17 +0000 |
| commit | 2577f43a133f8b8eb997b9529a38e21c77b5da22 (patch) | |
| tree | b596c85c35a8274f752a546cd42e3c273ee93adc /nsswitch/tests | |
| parent | ac0f8656eed39a4527a5336cf93aa1508666f79b (diff) | |
| download | samba-2577f43a133f8b8eb997b9529a38e21c77b5da22.tar.gz | |
selftest: Add trusted domain tests for idmap_ad
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'nsswitch/tests')
| -rwxr-xr-x | nsswitch/tests/test_idmap_ad.sh | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh index d89ed20a799..d919dcd09e2 100755 --- a/nsswitch/tests/test_idmap_ad.sh +++ b/nsswitch/tests/test_idmap_ad.sh @@ -29,12 +29,24 @@ if [ $? -ne 0 ] ; then exit 1 fi +TRUST_DOMAIN_SID=$($wbinfo -n "$TRUST_DOMAIN/" | cut -f 1 -d " ") +if [ $? -ne 0 ] ; then + echo "Could not find trusted domain SID" | subunit_fail_test "test_idmap_ad" + exit 1 +fi + BASE_DN=$($ldbsearch -H ldap://$DC_SERVER -b "" -s base defaultNamingContext | awk '/^defaultNamingContext/ {print $2}') if [ $? -ne 0 ] ; then echo "Could not find base DB" | subunit_fail_test "test_idmap_ad" exit 1 fi +TRUST_BASE_DN=$($ldbsearch -H ldap://$TRUST_SERVER -b "" -s base defaultNamingContext | awk '/^defaultNamingContext/ {print $2}') +if [ $? -ne 0 ] ; then + echo "Could not find trusted base DB" | subunit_fail_test "test_idmap_ad" + exit 1 +fi + # # Add POSIX ids to AD # @@ -60,6 +72,33 @@ gidNumber: 2000002 EOF # +# Add POSIX ids to trusted domain +# +cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \ + -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD" +dn: CN=Administrator,CN=Users,$TRUST_BASE_DN +changetype: modify +add: uidNumber +uidNumber: 2500000 +EOF + +cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \ + -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD" +dn: CN=Domain Users,CN=Users,$TRUST_BASE_DN +changetype: modify +add: gidNumber +gidNumber: 2500001 +EOF + +cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \ + -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD" +dn: CN=Domain Admins,CN=Users,$TRUST_BASE_DN +changetype: modify +add: gidNumber +gidNumber: 2500002 +EOF + +# # Test 1: Test uid of Administrator, should be 2000000 # @@ -100,6 +139,46 @@ ret=$? testit "Test gid lookup of Domain Admins" test $ret -eq 0 || failed=$(expr $failed + 1) # +# Trusted domain test 1: Test uid of Administrator, should be 2500000 +# + +out="$($wbinfo -S $TRUST_DOMAIN_SID-500)" +echo "wbinfo returned: \"$out\", expecting \"2500000\"" +test "$out" = "2500000" +ret=$? +testit "Test uid of Administrator in trusted domain is 2500000" test $ret -eq 0 || failed=$(expr $failed + 1) + +# +# Trusted domain test 2: Test gid of Domain Users, should be 2500001 +# + +out="$($wbinfo -Y $TRUST_DOMAIN_SID-513)" +echo "wbinfo returned: \"$out\", expecting \"2500001\"" +test "$out" = "2500001" +ret=$? +testit "Test uid of Domain Users in trusted domain is 2500001" test $ret -eq 0 || failed=$(expr $failed + 1) + +# +# Trusted domain test 3: Test get userinfo for Administrator works +# + +out="$($wbinfo -i $TRUST_DOMAIN/Administrator)" +echo "wbinfo returned: \"$out\", expecting \"$TRUST_DOMAIN/administrator:*:2500000:2500001::/home/$TRUST_DOMAIN/administrator:/bin/false\"" +test "$out" = "$TRUST_DOMAIN/administrator:*:2500000:2500001::/home/$TRUST_DOMAIN/administrator:/bin/false" +ret=$? +testit "Test get userinfo for Administrator works" test $ret -eq 0 || failed=$(expr $failed + 1) + +# +# Trusted domain test 4: Test lookup from gid to sid +# + +out="$($wbinfo -G 2500002)" +echo "wbinfo returned: \"$out\", expecting \"$TRUST_DOMAIN_SID-512\"" +test "$out" = "$TRUST_DOMAIN_SID-512" +ret=$? +testit "Test gid lookup of Domain Admins in trusted domain." test $ret -eq 0 || failed=$(expr $failed + 1) + +# # Remove POSIX ids from AD # cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD" @@ -123,4 +202,31 @@ delete: gidNumber gidNumber: 2000002 EOF +# +# Remove POSIX ids from trusted domain +# +cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \ + -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD" +dn: CN=Administrator,CN=Users,$TRUST_BASE_DN +changetype: modify +delete: uidNumber +uidNumber: 2500000 +EOF + +cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \ + -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD" +dn: CN=Domain Users,CN=Users,$TRUST_BASE_DN +changetype: modify +delete: gidNumber +gidNumber: 2500001 +EOF + +cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \ + -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD" +dn: CN=Domain Admins,CN=Users,$TRUST_BASE_DN +changetype: modify +delete: gidNumber +gidNumber: 2500002 +EOF + exit $failed |