diff options
-rw-r--r-- | selftest/knownfail.d/smb1-tests | 2 | ||||
-rwxr-xr-x | selftest/target/Samba3.pm | 40 | ||||
-rwxr-xr-x | source3/script/tests/test_smbclient_s3.sh | 138 | ||||
-rwxr-xr-x | source3/script/tests/test_substitutions.sh | 10 |
4 files changed, 190 insertions, 0 deletions
diff --git a/selftest/knownfail.d/smb1-tests b/selftest/knownfail.d/smb1-tests index 7d349fdc261..28e78fa0427 100644 --- a/selftest/knownfail.d/smb1-tests +++ b/selftest/knownfail.d/smb1-tests @@ -30,6 +30,8 @@ ^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.rename_dotdot\((ad_member|nt4_member)\) ^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.volume\((ad_member|nt4_member)\) ^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.delete a non empty directory\((ad_member|nt4_member)\) +^samba3.blackbox.smbclient_s3.*valid.users.nt4.* +^samba3.blackbox.smbclient_s3.NT1.*valid.users.* ^samba3.unix.whoami machine account.whoami\(ad_member:local\) ^samba3.unix.whoami.whoami\(nt4_member\) ^samba3.unix.whoami anonymous connection.whoami\(nt4_member\) diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 646ff9b4895..cfa2677a673 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -716,6 +716,46 @@ sub provision_ad_member path = $share_dir valid users = ADDOMAIN/%U +[sub_valid_users_domain] + path = $share_dir + valid users = %D/%U + +[sub_valid_users_group] + path = $share_dir + valid users = \@$dcvars->{DOMAIN}/%G + +[valid_users] + path = $share_dir + valid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} + +[valid_users_group] + path = $share_dir + valid users = \"\@$dcvars->{DOMAIN}/domain users\" + +[valid_users_unix_group] + path = $share_dir + valid users = \"+$dcvars->{DOMAIN}/domain users\" + +[valid_users_nis_group] + path = $share_dir + valid users = \"&$dcvars->{DOMAIN}/domain users\" + +[valid_users_unix_nis_group] + path = $share_dir + valid users = \"+&$dcvars->{DOMAIN}/domain users\" + +[valid_users_nis_unix_group] + path = $share_dir + valid users = \"&+$dcvars->{DOMAIN}/domain users\" + +[invalid_users] + path = $share_dir + invalid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} + +[valid_and_invalid_users] + path = $share_dir + valid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} $dcvars->{DOMAIN}/alice + invalid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} "; my $ret = $self->provision( diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh index 62662690415..7d31af9e1ab 100755 --- a/source3/script/tests/test_smbclient_s3.sh +++ b/source3/script/tests/test_smbclient_s3.sh @@ -1796,6 +1796,140 @@ EOF fi } +test_valid_users() +{ + tmpfile=$PREFIX/smbclient_interactive_prompt_commands + cat > $tmpfile <<EOF +ls +quit +EOF + # User in "valid users" can login to service + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_users $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + ret=$? + + if [ $ret -ne 0 ] ; then + echo "$out" + echo "test_valid_users:valid_users 'User in 'valid users' can login to service' failed - $ret" + return 1 + fi + + # User from ad group in "valid users" can login to service + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_users_group $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + ret=$? + + if [ $ret -ne 0 ] ; then + echo "$out" + echo "test_valid_users:valid_users_group 'User from ad group in 'valid users' can login to service' failed - $ret" + return 1 + fi + + # User from UNIX group in "valid users" can login to service + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_users_unix_group $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + ret=$? + + if [ $ret -ne 0 ] ; then + echo "$out" + echo "test_valid_users:valid_users_unix_group 'User from UNIX group in 'valid users' can login to service' failed - $ret" + return 1 + fi + + # User not in NIS group in "valid users" can't login to service + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_users_nis_group $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + echo "$out" | grep 'NT_STATUS_ACCESS_DENIED' + ret=$? + + if [ $ret -ne 0 ] ; then + echo "$out" + echo "test_valid_users:valid_users_nis_group 'User not in NIS group in 'valid users' can't login to service' failed - $ret" + return 1 + fi + + # Check user in UNIX, then in NIS group in "valid users" can login to service + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_users_unix_nis_group $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + ret=$? + + if [ $ret -ne 0 ] ; then + echo "$out" + echo "test_valid_users:valid_users_unix_nis_group 'Check user in UNIX, then in NIS group in 'valid users' can login to service' failed - $ret" + return 1 + fi + + # Check user in NIS, then in UNIX group in "valid users" can login to service + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_users_nis_unix_group $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + ret=$? + + if [ $ret -ne 0 ] ; then + echo "$out" + echo "test_valid_users:valid_users_nis_unix_group 'Check user in NIS, then in UNIX group in 'valid users' can login to service' failed - $ret" + return 1 + fi + + # User not in "invalid users" can login to service + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -Ualice%Secret007 //$SERVER/invalid_users $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + ret=$? + + if [ $ret -ne 0 ] ; then + echo "$out" + echo "test_valid_users:invalid_users 'User not in 'invalid users' can login to service' failed - $ret" + return 1 + fi + + # User in "invalid users" can't login to service + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/invalid_users $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + echo "$out" | grep 'NT_STATUS_ACCESS_DENIED' + ret=$? + + if [ $ret -ne 0 ] ; then + echo "$out" + echo "test_valid_users:invalid_users 'User in 'invalid users' can't login to service' failed - $ret" + return 1 + fi + + # User is in "valid and invalid users" can't login to service + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_and_invalid_users $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + echo "$out" | grep 'NT_STATUS_ACCESS_DENIED' + ret=$? + + if [ $ret -ne 0 ] ; then + echo "$out" + echo "test_valid_users:valid_and_invalid_users 'User is in 'valid and invalid users' can't login to service' failed - $ret" + return 1 + fi + + # 2 Users are in "valid users" + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -Ualice%Secret007 //$SERVER/valid_and_invalid_users $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + ret=$? + rm -f $tmpfile + + if [ $ret -ne 0 ] ; then + echo "$out" + echo "test_valid_users:valid_and_invalid_users '2 Users are in 'valid users'' failed - $ret" + return 1 + fi + + return 0 +} + # # LOGDIR_PREFIX=test_smbclient_s3 @@ -1949,4 +2083,8 @@ testit "delete a non empty directory" \ test_del_nedir || \ failed=`expr $failed + 1` +testit "valid users" \ + test_valid_users || \ + failed=`expr $failed + 1` + testok $0 $failed diff --git a/source3/script/tests/test_substitutions.sh b/source3/script/tests/test_substitutions.sh index c813a8f9def..d1525fddc4e 100755 --- a/source3/script/tests/test_substitutions.sh +++ b/source3/script/tests/test_substitutions.sh @@ -39,4 +39,14 @@ SMB_UNC="//$SERVER/sub_valid_users" test_smbclient "Test login to share with substitution for valid users" \ "ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1) +SMB_UNC="//$SERVER/sub_valid_users_domain" + +test_smbclient "Test login to share with substitution for valid user's domain" \ + "ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1) + +SMB_UNC="//$SERVER/sub_valid_users_group" + +test_smbclient "Test login to share with substitution for valid user's UNIX group" \ + "ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1) + exit $failed |