diff options
Diffstat (limited to 'nsswitch/tests/test_wbinfo.sh')
| -rwxr-xr-x | nsswitch/tests/test_wbinfo.sh | 322 |
1 files changed, 322 insertions, 0 deletions
diff --git a/nsswitch/tests/test_wbinfo.sh b/nsswitch/tests/test_wbinfo.sh new file mode 100755 index 0000000..b36e4c6 --- /dev/null +++ b/nsswitch/tests/test_wbinfo.sh @@ -0,0 +1,322 @@ +#!/bin/sh +# Blackbox test for wbinfo +if [ $# -lt 4 ]; then + cat <<EOF +Usage: test_wbinfo.sh DOMAIN USERNAME PASSWORD TARGET +EOF + exit 1 +fi + +DOMAIN=$1 +USERNAME=$2 +PASSWORD=$3 +TARGET=$4 +shift 4 + +failed=0 +samba4bindir="$BINDIR" +wbinfo="$VALGRIND $samba4bindir/wbinfo" + +. $(dirname $0)/../../testprogs/blackbox/subunit.sh + +testfail() +{ + name="$1" + shift + cmdline="$*" + echo "test: $name" + $cmdline + status=$? + if [ x$status = x0 ]; then + echo "failure: $name" + return 1 + else + echo "success: $name" + return 0 + fi +} + +knownfail() +{ + name="$1" + shift + cmdline="$*" + echo "test: $name" + $cmdline + status=$? + if [ x$status = x0 ]; then + echo "failure: $name [unexpected success]" + status=1 + else + echo "knownfail: $name" + status=0 + fi + return $status +} + +KRB5CCNAME_PATH="$PREFIX/test_wbinfo_krb5ccache" +rm -f $KRB5CCNAME_PATH + +KRB5CCNAME="FILE:$KRB5CCNAME_PATH" +export KRB5CCNAME + +# List users +testit "wbinfo -u against $TARGET" $wbinfo -u || failed=$(expr $failed + 1) +# List groups +testit "wbinfo -g against $TARGET" $wbinfo -g || failed=$(expr $failed + 1) +# Convert netbios name to IP +# Does not work yet +testit "wbinfo -N against $TARGET" $wbinfo -N $NETBIOSNAME || failed=$(expr $failed + 1) +# Convert IP to netbios name +# Does not work yet +testit "wbinfo -I against $TARGET" $wbinfo -I $SERVER_IP || failed=$(expr $failed + 1) + +# Convert name to SID +testit "wbinfo -n against $TARGET" $wbinfo -n "$DOMAIN/$USERNAME" || failed=$(expr $failed + 1) +admin_sid=$($wbinfo -n "$DOMAIN/$USERNAME" | cut -d " " -f1) +echo "$DOMAIN/$USERNAME resolved to $admin_sid" + +testit "wbinfo -s $admin_sid against $TARGET" $wbinfo -s $admin_sid || failed=$(expr $failed + 1) +admin_name=$($wbinfo -s $admin_sid | cut -d " " -f1 | tr a-z A-Z) +echo "$admin_sid resolved to $admin_name" + +tested_name=$(echo $DOMAIN/$USERNAME | tr a-z A-Z) + +echo "test: wbinfo -s check for sane mapping" +if test x$admin_name != x$tested_name; then + echo "$admin_name does not match $tested_name" + echo "failure: wbinfo -s check for sane mapping" + failed=$(expr $failed + 1) +else + echo "success: wbinfo -s check for sane mapping" +fi + +while read SID; do + read NAME + + testit "wbinfo -s $SID against $TARGET" $wbinfo -s $SID || failed=$(expr $failed + 1) + + RESOLVED_NAME=$($wbinfo -s $SID | tr a-z A-Z) + echo "$SID resolved to $RESOLVED_NAME" + + echo "test: wbinfo -s $SID against $TARGET" + if test x"$RESOLVED_NAME" != x"$NAME"; then + echo "$RESOLVED_NAME does not match $NAME" + echo "failure: wbinfo -s $SID against $TARGET" + failed=$(expr $failed + 1) + else + echo "success: wbinfo -s $SID against $TARGET" + fi +done <<EOF +S-1-1-0 +/EVERYONE 5 +S-1-3-1 +/CREATOR GROUP 5 +S-1-5-1 +NT AUTHORITY/DIALUP 5 +EOF + +testit "wbinfo -n on the returned name against $TARGET" $wbinfo -n $admin_name || failed=$(expr $failed + 1) +test_sid=$($wbinfo -n $tested_name | cut -d " " -f1) + +echo "test: wbinfo -n check for sane mapping" +if test x$admin_sid != x$test_sid; then + echo "$admin_sid does not match $test_sid" + echo "failure: wbinfo -n check for sane mapping" + failed=$(expr $failed + 1) +else + echo "success: wbinfo -n check for sane mapping" +fi + +echo "test: wbinfo -n NT Authority/Authenticated Users" +$wbinfo -n "NT Authority/Authenticated Users" +if [ $? -ne 0 ]; then + echo "failure: wbinfo -n NT Authority/Authenticated Users" + failed=$(expr $failed + 1) +else + echo "success: wbinfo -n NT Authority/Authenticated Users" +fi + +echo "test: wbinfo --group-info NT Authority/Authenticated Users" +$wbinfo --group-info "NT Authority/Authenticated Users" +if [ $? -ne 0 ]; then + echo "failure: wbinfo --group-info NT Authority/Authenticated Users" + failed=$(expr $failed + 1) +else + echo "success: wbinfo --group-info NT Authority/Authenticated Users" +fi + +testit "wbinfo -U against $TARGET" $wbinfo -U 30000 || failed=$(expr $failed + 1) + +echo "test: wbinfo -U check for sane mapping" +sid_for_30000=$($wbinfo -U 30000) +if test x$sid_for_30000 != "xS-1-22-1-30000"; then + echo "uid 30000 mapped to $sid_for_30000, not S-1-22-1-30000" + echo "failure: wbinfo -U check for sane mapping" + failed=$(expr $failed + 1) +else + echo "success: wbinfo -U check for sane mapping" +fi + +admin_uid=$($wbinfo -S $admin_sid) + +testit "wbinfo -G against $TARGET" $wbinfo -G 30000 || failed=$(expr $failed + 1) + +echo "test: wbinfo -G check for sane mapping" +sid_for_30000=$($wbinfo -G 30000) +if test x$sid_for_30000 != "xS-1-22-2-30000"; then + echo "gid 30000 mapped to $sid_for_30000, not S-1-22-2-30000" + echo "failure: wbinfo -G check for sane mapping" + failed=$(expr $failed + 1) +else + echo "success: wbinfo -G check for sane mapping" +fi + +testit "wbinfo -S against $TARGET" $wbinfo -S "S-1-22-1-30000" || failed=$(expr $failed + 1) + +echo "test: wbinfo -S check for sane mapping" +uid_for_sid=$($wbinfo -S S-1-22-1-30000) +if test 0$uid_for_sid -ne 30000; then + echo "S-1-22-1-30000 mapped to $uid_for_sid, not 30000" + echo "failure: wbinfo -S check for sane mapping" + failed=$(expr $failed + 1) +else + echo "success: wbinfo -S check for sane mapping" +fi + +testfail "wbinfo -S against $TARGET using invalid SID" $wbinfo -S "S-1-22-2-30000" || failed=$(expr $failed + 1) + +testit "wbinfo -Y against $TARGET" $wbinfo -Y "S-1-22-2-30000" || failed=$(expr $failed + 1) + +echo "test: wbinfo -Y check for sane mapping" +gid_for_sid=$($wbinfo -Y S-1-22-2-30000) +if test 0$gid_for_sid -ne 30000; then + echo "S-1-22-2-30000 mapped to $gid_for_sid, not 30000" + echo "failure: wbinfo -Y check for sane mapping" + failed=$(expr $failed + 1) +else + echo "success: wbinfo -Y check for sane mapping" +fi + +testfail "wbinfo -Y against $TARGET using invalid SID" $wbinfo -Y "S-1-22-1-30000" || failed=$(expr $failed + 1) + +testit "wbinfo -t against $TARGET" $wbinfo -t || failed=$(expr $failed + 1) + +#didn't really work anyway +testit "wbinfo --trusted-domains against $TARGET" $wbinfo --trusted-domains || failed=$(expr $failed + 1) +testit "wbinfo --all-domains against $TARGET" $wbinfo --all-domains || failed=$(expr $failed + 1) + +testit "wbinfo --own-domain against $TARGET" $wbinfo --own-domain || failed=$(expr $failed + 1) + +echo "test: wbinfo --own-domain against $TARGET check output" +own_domain=$($wbinfo --own-domain) +if test x$own_domain = x$DOMAIN; then + echo "success: wbinfo --own-domain against $TARGET check output" +else + echo "Own domain reported as $own_domain instead of $DOMAIN" + echo "failure: wbinfo --own-domain against $TARGET check output" + failed=$(expr $failed + 1) +fi + +# this does not work +knownfail "wbinfo --sequence against $TARGET" $wbinfo --sequence + +# this is stubbed out now +testit "wbinfo -D against $TARGET" $wbinfo -D $DOMAIN || failed=$(expr $failed + 1) + +testit "wbinfo -i against $TARGET" $wbinfo -i "$DOMAIN/$USERNAME" || failed=$(expr $failed + 1) + +echo "test: wbinfo --group-info against $TARGET" +gid=$($wbinfo --group-info "$DOMAIN/Domain users" | cut -d: -f3) +if test x$? = x0; then + echo "success: wbinfo --group-info against $TARGET" +else + echo "failure: wbinfo --group-info against $TARGET" + failed=$(expr $failed + 1) +fi + +test_name="wbinfo -i against $TARGET" +subunit_start_test "$test_name" +passwd_line=$($wbinfo -i "$DOMAIN/$USERNAME") +if test x$? = x0; then + subunit_pass_test "$test_name" +else + subunit_fail_test "$test_name" + failed=$(expr $failed + 1) +fi + +test_name="confirm output of wbinfo -i against $TARGET" +subunit_start_test "$test_name" + +# The full name (GECOS) is based on name (the RDN, in this case CN) +# and displayName in winbindd_ads, and is based only on displayName in +# winbindd_msrpc and winbindd_rpc. Allow both versions. +if test "$TARGET" = "ad_member"; then + expected1_line="$DOMAIN/administrator:*:$admin_uid:$gid:Administrator:/home/$DOMAIN/Domain Users/administrator:/bin/false" + expected2_line="$DOMAIN/administrator:*:$admin_uid:$gid::/home/$DOMAIN/Domain Users/administrator:/bin/false" +else + expected1_line="$DOMAIN/administrator:*:$admin_uid:$gid:Administrator:/home/$DOMAIN/administrator:/bin/false" + expected2_line="$DOMAIN/administrator:*:$admin_uid:$gid::/home/$DOMAIN/administrator:/bin/false" +fi + +if test "x$passwd_line" = "x$expected1_line" -o "x$passwd_line" = "x$expected2_line"; then + subunit_pass_test "$test_name" +else + echo "expected '$expected1_line' or '$expected2_line' got '$passwd_line'" | subunit_fail_test "$test_name" + failed=$(expr $failed + 1) +fi + +test_name="wbinfo --uid-info against $TARGET" +subunit_start_test "$test_name" +passwd_line=$($wbinfo --uid-info=$admin_uid) +if test x$? = x0; then + subunit_pass_test "$test_name" +else + subunit_fail_test "$test_name" + failed=$(expr $failed + 1) +fi + +test_name="confirm output of wbinfo --uid-info against $TARGET" +subunit_start_test "$test_name" +if test "x$passwd_line" = "x$expected1_line" -o "x$passwd_line" = "x$expected2_line"; then + subunit_pass_test "$test_name" +else + echo "expected '$expected1_line' or '$expected2_line' got '$passwd_line'" | subunit_fail_test "$test_name" + failed=$(expr $failed + 1) +fi + +testfail "wbinfo --group-info against $TARGET with $USERNAME" $wbinfo --group-info $USERNAME || failed=$(expr $failed + 1) + +testit "wbinfo --gid-info against $TARGET" $wbinfo --gid-info $gid || failed=$(expr $failed + 1) + +testit "wbinfo -r against $TARGET" $wbinfo -r "$DOMAIN/$USERNAME" || failed=$(expr $failed + 1) + +testit "wbinfo --user-domgroups against $TARGET" $wbinfo --user-domgroups $admin_sid || failed=$(expr $failed + 1) + +testit "wbinfo --user-sids against $TARGET" $wbinfo --user-sids $admin_sid || failed=$(expr $failed + 1) + +testit "wbinfo -a against $TARGET with domain creds" $wbinfo -a "$DOMAIN/$USERNAME"%"$PASSWORD" || failed=$(expr $failed + 1) + +testit "wbinfo -a against $TARGET with domain upn creds" $wbinfo -a "$USERNAME@$DOMAIN"%"$PASSWORD" || failed=$(expr $failed + 1) + +testit "wbinfo --getdcname against $TARGET" $wbinfo --getdcname=$DOMAIN + +testit "wbinfo -p against $TARGET" $wbinfo -p || failed=$(expr $failed + 1) + +testit "wbinfo -K against $TARGET with domain creds" $wbinfo --krb5ccname=$KRB5CCNAME --krb5auth="$DOMAIN/$USERNAME"%"$PASSWORD" || failed=$(expr $failed + 1) + +testit "wbinfo --separator against $TARGET" $wbinfo --separator || failed=$(expr $failed + 1) + +if test "$TARGET" = "ad_member"; then + testit "wbinfo --domain-info=$DOMAIN" $wbinfo --domain-info=$DOMAIN || failed=$(expr $failed + 1) + + testit "wbinfo --dc-info=$DOMAIN" $wbinfo --dc-info=$DOMAIN || failed=$(expr $failed + 1) +fi + +testit_expect_failure "wbinfo -a against $TARGET with invalid password" $wbinfo -a "$DOMAIN/$USERNAME%InvalidPassword" || failed=$(expr $failed + 1) + +testit_expect_failure "wbinfo -K against $TARGET with invalid password" $wbinfo -K "$DOMAIN/$USERNAME%InvalidPassword" || failed=$(expr $failed + 1) + +rm -f $KRB5CCNAME_PATH + +exit $failed |