summaryrefslogtreecommitdiffstats
path: root/nsswitch/tests/test_rfc2307_mapping.sh
blob: 8cd2e5dc57e53e958ce8d09593ba6b9d4928a272 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
#!/bin/sh
# Blackbox test for wbinfo and rfc2307 mappings
if [ $# -lt 4 ]; then
	cat <<EOF
Usage: test_rfc2307_mapping.sh DOMAIN USERNAME PASSWORD SERVER UID_RFC2307TEST GID_RFC2307TEST
EOF
	exit 1
fi

DOMAIN=$1
USERNAME=$2
PASSWORD=$3
SERVER=$4
UID_RFC2307TEST=$5
GID_RFC2307TEST=$6
shift 6

failed=0
samba4bindir="$BINDIR"
wbinfo="$VALGRIND $samba4bindir/wbinfo"
samba_tool="$VALGRIND $samba4bindir/samba-tool"
if [ -f "$samba4bindir/ldbmodify" ]; then
	ldbmodify="$samba4bindir/ldbmodify"
else
	# Using system ldbmodify
	ldbmodify="ldbmodify"
fi

. $(dirname $0)/../../testprogs/blackbox/subunit.sh

testfail()
{
	name="$1"
	shift
	cmdline="$*"
	echo "test: $name"
	$cmdline
	status=$?
	if [ x$status = x0 ]; then
		echo "failure: $name"
	else
		echo "success: $name"
	fi
	return $status
}

knownfail()
{
	name="$1"
	shift
	cmdline="$*"
	echo "test: $name"
	$cmdline
	status=$?
	if [ x$status = x0 ]; then
		echo "failure: $name [unexpected success]"
		status=1
	else
		echo "knownfail: $name"
		status=0
	fi
	return $status
}

# Create new testing account
testit "user add" $PYTHON $samba_tool user create --given-name="rfc2307" --surname="Tester" --initial="UT" rfc2307_test_user testp@ssw0Rd $@

#test creation of six different groups
testit "group add" $PYTHON $samba_tool group add $CONFIG --group-scope='Domain' --group-type='Security' rfc2307_test_group $@

# Create new testing group

# Convert name to SID
testit "wbinfo -n against $TARGET" $wbinfo -n "$DOMAIN/rfc2307_test_user" || failed=$(expr $failed + 1)
user_sid=$($wbinfo -n "$DOMAIN/rfc2307_test_user" | cut -d " " -f1)
echo "$DOMAIN/rfc2307_test_user resolved to $user_sid"

testit "wbinfo -s $user_sid against $TARGET" $wbinfo -s $user_sid || failed=$(expr $failed + 1)
user_name=$($wbinfo -s $user_sid | cut -d " " -f1 | tr a-z A-Z)
echo "$user_sid resolved to $user_name"

tested_name=$(echo $DOMAIN/rfc2307_test_user | tr a-z A-Z)

# Now check that wbinfo works correctly (sid <=> name)
echo "test: wbinfo -s check for sane mapping"
if test x$user_name != x$tested_name; then
	echo "$user_name does not match $tested_name"
	echo "failure: wbinfo -s check for sane mapping"
	failed=$(expr $failed + 1)
else
	echo "success: wbinfo -s check for sane mapping"
fi

testit "wbinfo -n on the returned name against $TARGET" $wbinfo -n $user_name || failed=$(expr $failed + 1)
test_sid=$($wbinfo -n $tested_name | cut -d " " -f1)

echo "test: wbinfo -n check for sane mapping"
if test x$user_sid != x$test_sid; then
	echo "$user_sid does not match $test_sid"
	echo "failure: wbinfo -n check for sane mapping"
	failed=$(expr $failed + 1)
else
	echo "success: wbinfo -n check for sane mapping"
fi

testit "wbinfo -n against $TARGET" $wbinfo -n "$DOMAIN/rfc2307_test_group" || failed=$(expr $failed + 1)
group_sid=$($wbinfo -n "$DOMAIN/rfc2307_test_group" | cut -d " " -f1)
echo "$DOMAIN/rfc2307_test_group resolved to $group_sid"

# Then add a uidNumber to the group record using ldbmodify
cat >$PREFIX/tmpldbmodify <<EOF
dn: <SID=$user_sid>
changetype: modify
add: uidNumber
uidNumber: $UID_RFC2307TEST
EOF

testit "modify gidNumber on group" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -U$DOMAIN/$USERNAME%$PASSWORD $@ || failed=$(expr $failed + 1)

# Then add a gidNumber to the group record using ldbmodify
cat >$PREFIX/tmpldbmodify <<EOF
dn: <SID=$group_sid>
changetype: modify
add: gidNumber
gidNumber: $GID_RFC2307TEST
EOF

testit "modify gidNumber on group" $VALGRIND $ldbmodify -H ldap://$SERVER $PREFIX/tmpldbmodify -U$DOMAIN/$USERNAME%$PASSWORD $@ || failed=$(expr $failed + 1)

rm -f $PREFIX/tmpldbmodify

# Now check we get a correct SID for the UID

testit "wbinfo -U against $TARGET" $wbinfo -U $UID_RFC2307TEST || failed=$(expr $failed + 1)

echo "test: wbinfo -U check for sane mapping"
sid_for_user=$($wbinfo -U $UID_RFC2307TEST)
if test x"$sid_for_user" != x"$user_sid"; then
	echo "uid $UID_RFC2307TEST mapped to $sid_for_user, not $user_sid"
	echo "failure: wbinfo -U check for sane mapping"
	failed=$(expr $failed + 1)
else
	echo "success: wbinfo -U check for sane mapping"
fi

testit "wbinfo -G against $TARGET" $wbinfo -G $GID_RFC2307TEST || failed=$(expr $failed + 1)

echo "test: wbinfo -G check for sane mapping"
sid_for_group=$($wbinfo -G $GID_RFC2307TEST)
if test x$sid_for_group != "x$group_sid"; then
	echo "gid $GID_RFC2307TEST mapped to $sid_for_group, not $group_sid"
	echo "failure: wbinfo -G check for sane mapping"
	failed=$(expr $failed + 1)
else
	echo "success: wbinfo -G check for sane mapping"
fi

# Now check we get the right UID from the SID
testit "wbinfo -S against $TARGET" $wbinfo -S "$user_sid" || failed=$(expr $failed + 1)

echo "test: wbinfo -S check for sane mapping"
uid_for_user_sid=$($wbinfo -S $user_sid)
if test 0$uid_for_user_sid -ne $UID_RFC2307TEST; then
	echo "$user_sid mapped to $uid_for_sid, not $UID_RFC2307TEST"
	echo "failure: wbinfo -S check for sane mapping"
	failed=$(expr $failed + 1)
else
	echo "success: wbinfo -S check for sane mapping"
fi

# Now check we get the right GID from the SID
testit "wbinfo -Y" $wbinfo -Y "$group_sid" || failed=$(expr $failed + 1)

echo "test: wbinfo -Y check for sane mapping"
gid_for_user_sid=$($wbinfo -Y $group_sid)
if test 0$gid_for_user_sid -ne $GID_RFC2307TEST; then
	echo "$group_sid mapped to $gid_for_sid, not $GID_RFC2307TEST"
	echo "failure: wbinfo -Y check for sane mapping"
	failed=$(expr $failed + 1)
else
	echo "success: wbinfo -Y check for sane mapping"
fi

testit "group delete" $PYTHON $samba_tool group delete rfc2307_test_group $@
testit "user delete" $PYTHON $samba_tool user delete rfc2307_test_user $@

exit $failed