2013-02-21 12:33:23 -07:00
#!/bin/sh
# Test id mapping through idmap_rfc2307 module
2017-04-04 15:28:36 +02:00
if [ $# -lt 15 ] ; then
2022-02-21 11:20:53 +01:00
echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 \
GROUPNAME GID GROUPNAME2 GID2 GID_START NUMGROUPS \
LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
2013-02-21 12:33:23 -07:00
exit 1
fi
DOMAIN = " $1 "
USERNAME = " $2 "
USERUID = " $3 "
2015-06-04 10:39:14 -07:00
USERNAME2 = " $4 "
USERUID2 = " $5 "
GROUPNAME = " $6 "
GROUPGID = " $7 "
GROUPNAME2 = " $8 "
GROUPGID2 = " $9 "
shift 9
2017-04-04 15:28:36 +02:00
GID_START = " $1 "
NUMGROUPS = " $2 "
LDAPPREFIX = " $3 "
DC_SERVER = " $4 "
DC_USERNAME = " $5 "
DC_PASSWORD = " $6 "
2013-02-21 12:33:23 -07:00
wbinfo = " $VALGRIND $BINDIR /wbinfo "
2017-04-04 15:28:36 +02:00
net = " $VALGRIND $BINDIR /net "
2014-02-21 15:37:52 +01:00
2017-04-04 15:12:02 +02:00
ldbsearch = "ldbsearch"
if [ -x " $BINDIR /ldbsearch " ] ; then
ldbsearch = " $BINDIR /ldbsearch "
fi
2014-02-21 15:37:52 +01:00
ldbadd = "ldbadd"
if [ -x " $BINDIR /ldbadd " ] ; then
ldbadd = " $BINDIR /ldbadd "
fi
ldbdel = "ldbdel"
if [ -x " $BINDIR /ldbdel " ] ; then
ldbdel = " $BINDIR /ldbdel "
fi
2013-02-21 12:33:23 -07:00
failed = 0
2022-02-21 11:20:53 +01:00
. $( dirname $0 ) /../../testprogs/blackbox/subunit.sh
2013-02-21 12:33:23 -07:00
# Delete LDAP records
2017-07-01 21:34:44 +12:00
$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN /$DC_USERNAME %$DC_PASSWORD " $LDAPPREFIX " --controls= "tree_delete:1"
2013-02-21 12:33:23 -07:00
# Add id mapping information to LDAP
2017-04-04 14:15:26 +02:00
testit "add ldap prefix" $VALGRIND $ldbadd -H ldap://$DC_SERVER \
2022-02-21 11:20:53 +01:00
-U$DOMAIN /$DC_USERNAME %$DC_PASSWORD <<EOF
2013-02-21 12:33:23 -07:00
dn: $LDAPPREFIX
objectclass: organizationalUnit
EOF
2017-04-04 14:15:26 +02:00
testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER \
2022-02-21 11:20:53 +01:00
-U$DOMAIN /$DC_USERNAME %$DC_PASSWORD <<EOF
2013-02-21 12:33:23 -07:00
dn: cn = $USERNAME ,$LDAPPREFIX
objectClass: organizationalPerson
objectClass: posixAccount
ou: People
cn: $USERNAME
uid: $USERNAME
uidNumber: $USERUID
gidNumber: 1
homeDirectory: /home/admin
EOF
2017-04-04 14:15:26 +02:00
testit "add second ldap user mapping record" $VALGRIND $ldbadd \
2022-02-21 11:20:53 +01:00
-H ldap://$DC_SERVER -U$DOMAIN /$DC_USERNAME %$DC_PASSWORD <<EOF
2015-06-04 10:39:14 -07:00
dn: cn = $USERNAME2 ,$LDAPPREFIX
objectClass: organizationalPerson
objectClass: posixAccount
ou: People
cn: $USERNAME2
uid: $USERNAME2
uidNumber: $USERUID2
gidNumber: 2
homeDirectory: /home/admin
EOF
2017-04-04 14:15:26 +02:00
testit "add ldap group mapping record" $VALGRIND $ldbadd \
2022-02-21 11:20:53 +01:00
-H ldap://$DC_SERVER -U$DOMAIN /$DC_USERNAME %$DC_PASSWORD <<EOF
2013-02-21 12:33:23 -07:00
dn: cn = $GROUPNAME ,$LDAPPREFIX
objectClass: posixGroup
objectClass: groupOfNames
cn: $GROUPNAME
gidNumber: $GROUPGID
member: cn = $USERNAME ,$LDAPPREFIX
EOF
2017-04-04 14:15:26 +02:00
testit "add second ldap group mapping record" $VALGRIND $ldbadd \
2022-02-21 11:20:53 +01:00
-H ldap://$DC_SERVER -U$DOMAIN /$DC_USERNAME %$DC_PASSWORD <<EOF
2015-06-04 10:39:14 -07:00
dn: cn = $GROUPNAME2 ,$LDAPPREFIX
objectClass: posixGroup
objectClass: groupOfNames
cn: $GROUPNAME2
gidNumber: $GROUPGID2
member: cn = $USERNAME ,$LDAPPREFIX
EOF
2014-03-31 20:47:18 +13:00
testit "wbinfo --name-to-sid" $wbinfo --name-to-sid " $DOMAIN / $USERNAME " || failed = $( expr $failed + 1)
user_sid = $( $wbinfo -n " $DOMAIN / $USERNAME " | cut -d " " -f1)
echo " $DOMAIN / $USERNAME resolved to $user_sid "
2013-02-21 12:33:23 -07:00
testit " wbinfo --sid-to-uid= $user_sid " $wbinfo --sid-to-uid= $user_sid || failed = $( expr $failed + 1)
user_uid = $( $wbinfo --sid-to-uid= $user_sid | cut -d " " -f1)
2014-03-31 20:47:18 +13:00
echo " $DOMAIN / $USERNAME resolved to $user_uid "
2013-02-21 12:33:23 -07:00
testit " test $user_uid -eq $USERUID " test $user_uid -eq $USERUID || failed = $( expr $failed + 1)
# Not sure how to get group names with spaces to resolve through testit
2014-03-31 20:47:18 +13:00
#testit "wbinfo --name-to-sid" $wbinfo --name-to-sid="$DOMAIN/$GROUPNAME" || failed=$(expr $failed + 1)
group_sid = $( $wbinfo --name-to-sid= " $DOMAIN / $GROUPNAME " | cut -d " " -f1)
echo " $DOMAIN / $GROUPNAME resolved to $group_sid "
2013-02-21 12:33:23 -07:00
testit " wbinfo --sid-to-gid= $group_sid " $wbinfo --sid-to-gid= $group_sid || failed = $( expr $failed + 1)
group_gid = $( $wbinfo --sid-to-gid= $group_sid | cut -d " " -f1)
2014-03-31 20:47:18 +13:00
echo " $DOMAIN / $GROUPNAME resolved to $group_gid "
2013-02-21 12:33:23 -07:00
testit " test $group_gid -eq $GROUPGID " test $group_gid -eq $GROUPGID || failed = $( expr $failed + 1)
2015-06-04 10:39:14 -07:00
# Use different user and group for reverse lookup to not read from cache
testit " $wbinfo --uid-to-sid= $USERUID2 " $wbinfo --uid-to-sid= $USERUID2 || failed = $( expr $failed + 1)
user_sid2 = $( $wbinfo --uid-to-sid= $USERUID2 | cut -d " " -f1)
echo " UID $USERUID2 resolved to SID $user_sid2 "
testit " $wbinfo --sid-to-name= $user_sid2 " $wbinfo --sid-to-name= $user_sid2 || failed = $( expr $failed + 1)
user_name2 = $( $wbinfo --sid-to-name= $user_sid2 | cut -d " " -f1)
echo " SID $user_sid2 resolved to $user_name2 "
testit " test $user_name2 = $DOMAIN / $USERNAME2 " test " $( echo $user_name2 | tr A-Z a-z) " = " $( echo $DOMAIN /$USERNAME2 | tr A-Z a-z) " || failed = $( expr $failed + 1)
testit " $wbinfo --gid-to-sid= $GROUPGID2 " $wbinfo --gid-to-sid= $GROUPGID2 || failed = $( expr $failed + 1)
group_sid2 = $( $wbinfo --gid-to-sid= $GROUPGID2 | cut -d " " -f1)
echo " GID $GROUPGID2 resolved to SID $group_sid2 "
testit " $wbinfo --sid-to-name= $group_sid2 " $wbinfo --sid-to-name= $group_sid2 || failed = $( expr $failed + 1)
group_name2 = $( $wbinfo --sid-to-name= $group_sid2 | cut -d " " -f1)
echo " SID $group_sid2 resolved to $group_name2 "
testit " test $group_name2 = $DOMAIN / $GROUPNAME2 " test " $( echo $group_name2 | tr A-Z a-z) " = " $( echo $DOMAIN /$GROUPNAME2 | tr A-Z a-z) " || failed = $( expr $failed + 1)
2017-04-04 15:28:36 +02:00
i = 0
2022-02-21 11:20:53 +01:00
while [ ${ i } -lt ${ NUMGROUPS } ] ; do
GRP = $( printf "test_rfc2307_group_%3.3d" " $i " )
GRP_GID = $( expr " $GID_START " + " $i " )
testit " Add group $GRP " $net rpc group add " $GRP " -S " $DC_SERVER " \
-U" ${ DOMAIN } \\ ${ DC_USERNAME } " %" ${ DC_PASSWORD } " ||
failed = $( expr $failed + 1)
testit " Add groupmem $GRP $USERNAME " \
$net rpc group addmem " $GRP " " $USERNAME " \
-S " $DC_SERVER " \
-U" ${ DOMAIN } \\ ${ DC_USERNAME } " %" ${ DC_PASSWORD } " ||
failed = $( expr $failed + 1)
testit " Add group object for $GRP $GRP_GID " \
$VALGRIND $ldbadd \
-H ldap://$DC_SERVER -U$DOMAIN /$DC_USERNAME %$DC_PASSWORD <<EOF
2017-04-04 15:28:36 +02:00
dn: cn = $GRP ,$LDAPPREFIX
objectClass: posixGroup
objectClass: groupOfNames
cn: $GRP
gidNumber: $GRP_GID
member: cn = $USERNAME ,$LDAPPREFIX
EOF
2022-02-21 11:20:53 +01:00
i = $( expr " $i " + 1)
2017-04-04 15:28:36 +02:00
done
2017-04-06 12:50:08 +02:00
# Test whether wbinfo --xids-to-sids finds everything
GIDS = ""
i = 0
2022-02-21 11:20:53 +01:00
while [ ${ i } -lt ${ NUMGROUPS } ] ; do
GIDS = " $GIDS g $( expr ${ i } + ${ GID_START } ) "
i = $( expr " $i " + 1)
2017-04-06 12:50:08 +02:00
done
2017-10-09 13:25:21 +02:00
NUM_VALID_SIDS = $( $wbinfo --unix-ids-to-sids= " $GIDS " | grep -v ^"NOT MAPPED" | wc -l)
2017-04-06 12:50:08 +02:00
testit "Count number of valid sids found" \
2022-02-21 11:20:53 +01:00
test ${ NUM_VALID_SIDS } = ${ NUMGROUPS } ||
failed = $( expr $failed + 1)
2017-04-06 12:50:08 +02:00
2017-07-01 22:20:17 +12:00
# Prime the cache so we test idmap, not the harder problem of
# consistent group memberships for users without a login.
testit "Authenticate the user to prime the netlogon cache" \
2022-02-21 11:20:53 +01:00
$wbinfo -a $DOMAIN /$DC_USERNAME %$DC_PASSWORD || failed = $( expr $failed + 1)
2017-07-01 22:20:17 +12:00
2017-04-04 15:28:36 +02:00
# Test whether wbinfo -r shows all groups
EXPECTED_USERGROUPS = "1000000/1000001/2000002/"
i = 0
2022-02-21 11:20:53 +01:00
while [ ${ i } -lt ${ NUMGROUPS } ] ; do
EXPECTED_USERGROUPS = " $EXPECTED_USERGROUPS $( expr ${ i } + ${ GID_START } ) / "
i = $( expr " $i " + 1)
2017-04-04 15:28:36 +02:00
done
USERGROUPS = $( $wbinfo -r $DOMAIN /$USERNAME | sort -n | tr '\n' '/' )
testit "Testing for expected group memberships" \
2022-02-21 11:20:53 +01:00
test " $USERGROUPS " = " $EXPECTED_USERGROUPS " ||
failed = $( expr $failed + 1)
2017-04-04 15:28:36 +02:00
i = 0
2022-02-21 11:20:53 +01:00
while [ ${ i } -lt ${ NUMGROUPS } ] ; do
GRP = $( printf "test_rfc2307_group_%3.3d" ${ i } )
testit " Del group $GRP " $net rpc group delete " $GRP " -S " $DC_SERVER " \
-U" ${ DOMAIN } \\ ${ DC_USERNAME } " %" ${ DC_PASSWORD } " ||
failed = $( expr $failed + 1)
i = $( expr " $i " + 1)
2017-04-04 15:28:36 +02:00
done
2013-02-21 12:33:23 -07:00
# Delete LDAP records
2017-07-01 21:34:44 +12:00
$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN /$DC_USERNAME %$DC_PASSWORD " $LDAPPREFIX " --controls= "tree_delete:1"
2013-02-21 12:33:23 -07:00
exit $failed
