blob: f2fed5533dac445385b0485c28e7c088ba6368d9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
#!/bin/sh
# Test winbind ad backend behaviour when the kerberos ticket expires
if [ $# -ne 1 ]; then
echo Usage: $0 DOMAIN
exit 1
fi
DOMAIN="$1"
wbinfo="$VALGRIND $BINDIR/wbinfo"
net="$VALGRIND $BINDIR/net"
failed=0
. $(dirname $0)/../../testprogs/blackbox/subunit.sh
DOMAIN_SID=$($wbinfo -n "$DOMAIN/" | cut -f 1 -d " ")
if [ $? -ne 0 ]; then
echo "Could not find domain SID" | subunit_fail_test "test_idmap_ad"
exit 1
fi
ADMINS_SID="$DOMAIN_SID-512"
# Previous tests might have put in a mapping
$net cache del IDMAP/SID2XID/"$ADMINS_SID"
# Trigger a winbind ad connection with a 5-second ticket lifetime,
# see the smb.conf for the ad_member_idmap_ad environment we're in
#
# We expect failure here because there are no mappings in AD. In this
# test we are only interested in the winbind LDAP connection as such,
# we don't really care whether idmap_ad works fine. This is done in
# different tests. And a negative lookup also triggers the LDAP
# connection.
testit_expect_failure "Deleting0 IDMAP/SID2XID/$ADMINS_SID" $net cache del IDMAP/SID2XID/"$ADMINS_SID" ||
failed=$(expr $failed + 1)
testit_expect_failure "Expecting failure1, no mapping in AD" $wbinfo --sid-to-gid "$ADMINS_SID" ||
failed=$(expr $failed + 1)
testit "Deleting1 IDMAP/SID2XID/$ADMINS_SID" $net cache del IDMAP/SID2XID/"$ADMINS_SID" ||
failed=$(expr $failed + 1)
# allow our kerberos ticket to expire
testit "Sleeping for 6 seconds" sleep 6 || failed=$(expr $failed + 1)
# Try again, check how long it took to recover from ticket expiry
#
# On the LDAP connection two things happen: First we get an
# unsolicited exop response telling us the network session was
# abandoned, and secondly the LDAP server will kill the TCP
# connection. Our ldap server is configured to defer the TCP
# disconnect by 10 seconds. We need to make sure that winbind already
# reacts to the unsolicited exop reply, discarding the connection. The
# only way is to make sure the following wbinfo does not take too
# long.
# We need to do the test command in this funny way as on gitlab we're
# using the bash builtin
START=$(date +%s)
testit_expect_failure "Expecting failure2, no mapping in AD" $wbinfo --sid-to-gid "$ADMINS_SID" ||
failed=$(expr $failed + 1)
END=$(date +%s)
DURATION=$(expr $END - $START)
testit "timeout DURATION[$DURATION] < 8" test "$DURATION" -le 8 ||
failed=$(expr $failed + 1)
testit "Deleting2 IDMAP/SID2XID/$ADMINS_SID" $net cache del IDMAP/SID2XID/"$ADMINS_SID" ||
failed=$(expr $failed + 1)
exit $failed
|
