1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
#!/bin/sh
incdir=$(dirname $0)/../../../testprogs/blackbox
. $incdir/subunit.sh
. $incdir/common_test_fns.inc
failed=0
smbclient="$BINDIR/smbclient"
smbcontrol="$BINDIR/smbcontrol"
ldbmodify="$BINDIR/ldbmodify"
ldbsearch="$BINDIR/ldbsearch"
wbinfo="$BINDIR/wbinfo"
global_inject_conf=$(dirname $SMB_CONF_PATH)/global_inject.conf
SERVER_FQDN=$(echo "$SERVER.$REALM" | awk '{print tolower($0)}')
TRUST_BASE_DN=$($ldbsearch -H ldap://$TRUST_SERVER -b "" -s base defaultNamingContext | awk '/^defaultNamingContext/ {print $2}')
if [ $? -ne 0 ]; then
echo "Could not find trusted base DN" | subunit_fail_test "test_idmap_ad"
exit 1
fi
#
# Add POSIX ids to trusted domain
#
add_posix_ids()
{
cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
-U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
dn: CN=Administrator,CN=Users,$TRUST_BASE_DN
changetype: modify
add: uidNumber
uidNumber: 2500000
EOF
cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
-U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
dn: CN=Domain Users,CN=Users,$TRUST_BASE_DN
changetype: modify
add: gidNumber
gidNumber: 2500001
EOF
cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
-U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
dn: CN=Domain Admins,CN=Users,$TRUST_BASE_DN
changetype: modify
add: gidNumber
gidNumber: 2500002
EOF
}
#
# Remove POSIX ids from trusted domain
#
remove_posix_ids()
{
cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
-U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
dn: CN=Administrator,CN=Users,$TRUST_BASE_DN
changetype: modify
delete: uidNumber
uidNumber: 2500000
EOF
cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
-U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
dn: CN=Domain Users,CN=Users,$TRUST_BASE_DN
changetype: modify
delete: gidNumber
gidNumber: 2500001
EOF
cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
-U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
dn: CN=Domain Admins,CN=Users,$TRUST_BASE_DN
changetype: modify
delete: gidNumber
gidNumber: 2500002
EOF
}
add_posix_ids
echo "" >$global_inject_conf
$smbcontrol winbindd reload-config
$wbinfo -p
test_smbclient "test_winbind_ignore_domains_ok_ntlm_ip" "ls" "//$SERVER_IP/tmp" -U $TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD || failed=$(expr $failed + 1)
test_smbclient "test_winbind_ignore_domains_ok_ntlm_fqdn" "ls" "//$SERVER_FQDN/tmp" -U $TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD || failed=$(expr $failed + 1)
test_smbclient "test_winbind_ignore_domains_ok_krb5" "ls" "//$SERVER_FQDN/tmp" -U $TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD -k || failed=$(expr $failed + 1)
echo "winbind:ignore domains = $TRUST_DOMAIN" >$global_inject_conf
$smbcontrol winbindd reload-config
$wbinfo -p
test_smbclient_expect_failure "test_winbind_ignore_domains_fail_ntlm_ip" "ls" "//$SERVER_IP/tmp" -U $TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD || failed=$(expr $failed + 1)
test_smbclient_expect_failure "test_winbind_ignore_domains_fail_ntlm_fqdn" "ls" "//$SERVER_FQDN/tmp" -U $TRUST_DOMAIN/$TRUST_USERNAME%$TRUST_PASSWORD || failed=$(expr $failed + 1)
test_smbclient_expect_failure "test_winbind_ignore_domains_fail_krb5" "ls" "//$SERVER_FQDN/tmp" -U $TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD -k || failed=$(expr $failed + 1)
echo "" >$global_inject_conf
$smbcontrol winbindd reload-config
$wbinfo -p
remove_posix_ids
testok $0 $failed
|
