diff options
author | Volker Lendecke <vl@samba.org> | 2023-03-07 17:21:56 +0100 |
---|---|---|
committer | Ralph Boehme <slow@samba.org> | 2023-03-29 17:55:51 +0000 |
commit | b755b81d66a2b63e2e0a1fe9406d8f24b91d983e (patch) | |
tree | 8e0adcd71fa15989204562ef9bd2f3df2a570b7a /nsswitch | |
parent | f9849dbf4ff87e848eb323ca6ca0f612c80c3f95 (diff) | |
download | samba-b755b81d66a2b63e2e0a1fe9406d8f24b91d983e.tar.gz |
test: Add a test for "deny ous"
Not a comprehensive test for all possible combinations, but it shows
the basic functionality, and it found a bug in the initial
implementation :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Diffstat (limited to 'nsswitch')
-rwxr-xr-x | nsswitch/tests/test_idmap_ad.sh | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh index 9becbb63d32..7ae112ada71 100755 --- a/nsswitch/tests/test_idmap_ad.sh +++ b/nsswitch/tests/test_idmap_ad.sh @@ -80,6 +80,20 @@ dn: CN=Domain Admins,CN=Users,$BASE_DN changetype: modify add: gidNumber gidNumber: 2000002 + +dn: ou=sub,$BASE_DN +changetype: add +objectClass: organizationalUnit + +dn: cn=forbidden,ou=sub,$BASE_DN +changetype: add +objectClass: user +samaccountName: forbidden +uidNumber: 2000003 +gidNumber: 2000001 +unixHomeDirectory: /home/forbidden +loginShell: /bin/tcsh +gecos: User in forbidden OU EOF # @@ -144,6 +158,20 @@ ret=$? testit "Test gid lookup of Domain Admins" test $ret -eq 0 || failed=$(expr $failed + 1) # +# Test 5: Make sure deny_ou is really denied +# This depends on the "deny ous" setting in Samba3.pm +# + +sid="$($wbinfo -n $DOMAIN/forbidden | awk '{print $1}')" +testit "Could create forbidden" test -n "$sid" || failed=$(expr $failed + 1) +if [ -n "$sid" ] +then + uid="$($wbinfo --sid-to-uid $sid)" + testit "Can not resolve forbidden user" test -z "$uid" || + failed=$(($failed + 1)) +fi + +# # Trusted domain test 1: Test uid of Administrator, should be 2500000 # @@ -209,6 +237,12 @@ dn: CN=Domain Admins,CN=Users,$BASE_DN changetype: modify delete: gidNumber gidNumber: 2000002 + +dn: cn=forbidden,ou=sub,$BASE_DN +changetype: delete + +dn: ou=sub,$BASE_DN +changetype: delete EOF # |