mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
selftest: Add trusted domain tests for idmap_ad
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
parent
ac0f8656ee
commit
2577f43a13
@ -29,12 +29,24 @@ if [ $? -ne 0 ] ; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
TRUST_DOMAIN_SID=$($wbinfo -n "$TRUST_DOMAIN/" | cut -f 1 -d " ")
|
||||||
|
if [ $? -ne 0 ] ; then
|
||||||
|
echo "Could not find trusted domain SID" | subunit_fail_test "test_idmap_ad"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
BASE_DN=$($ldbsearch -H ldap://$DC_SERVER -b "" -s base defaultNamingContext | awk '/^defaultNamingContext/ {print $2}')
|
BASE_DN=$($ldbsearch -H ldap://$DC_SERVER -b "" -s base defaultNamingContext | awk '/^defaultNamingContext/ {print $2}')
|
||||||
if [ $? -ne 0 ] ; then
|
if [ $? -ne 0 ] ; then
|
||||||
echo "Could not find base DB" | subunit_fail_test "test_idmap_ad"
|
echo "Could not find base DB" | subunit_fail_test "test_idmap_ad"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
TRUST_BASE_DN=$($ldbsearch -H ldap://$TRUST_SERVER -b "" -s base defaultNamingContext | awk '/^defaultNamingContext/ {print $2}')
|
||||||
|
if [ $? -ne 0 ] ; then
|
||||||
|
echo "Could not find trusted base DB" | subunit_fail_test "test_idmap_ad"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
#
|
#
|
||||||
# Add POSIX ids to AD
|
# Add POSIX ids to AD
|
||||||
#
|
#
|
||||||
@ -59,6 +71,33 @@ add: gidNumber
|
|||||||
gidNumber: 2000002
|
gidNumber: 2000002
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
#
|
||||||
|
# Add POSIX ids to trusted domain
|
||||||
|
#
|
||||||
|
cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
|
||||||
|
-U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
|
||||||
|
dn: CN=Administrator,CN=Users,$TRUST_BASE_DN
|
||||||
|
changetype: modify
|
||||||
|
add: uidNumber
|
||||||
|
uidNumber: 2500000
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
|
||||||
|
-U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
|
||||||
|
dn: CN=Domain Users,CN=Users,$TRUST_BASE_DN
|
||||||
|
changetype: modify
|
||||||
|
add: gidNumber
|
||||||
|
gidNumber: 2500001
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
|
||||||
|
-U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
|
||||||
|
dn: CN=Domain Admins,CN=Users,$TRUST_BASE_DN
|
||||||
|
changetype: modify
|
||||||
|
add: gidNumber
|
||||||
|
gidNumber: 2500002
|
||||||
|
EOF
|
||||||
|
|
||||||
#
|
#
|
||||||
# Test 1: Test uid of Administrator, should be 2000000
|
# Test 1: Test uid of Administrator, should be 2000000
|
||||||
#
|
#
|
||||||
@ -99,6 +138,46 @@ test "$out" = "$DOMAIN_SID-512"
|
|||||||
ret=$?
|
ret=$?
|
||||||
testit "Test gid lookup of Domain Admins" test $ret -eq 0 || failed=$(expr $failed + 1)
|
testit "Test gid lookup of Domain Admins" test $ret -eq 0 || failed=$(expr $failed + 1)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Trusted domain test 1: Test uid of Administrator, should be 2500000
|
||||||
|
#
|
||||||
|
|
||||||
|
out="$($wbinfo -S $TRUST_DOMAIN_SID-500)"
|
||||||
|
echo "wbinfo returned: \"$out\", expecting \"2500000\""
|
||||||
|
test "$out" = "2500000"
|
||||||
|
ret=$?
|
||||||
|
testit "Test uid of Administrator in trusted domain is 2500000" test $ret -eq 0 || failed=$(expr $failed + 1)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Trusted domain test 2: Test gid of Domain Users, should be 2500001
|
||||||
|
#
|
||||||
|
|
||||||
|
out="$($wbinfo -Y $TRUST_DOMAIN_SID-513)"
|
||||||
|
echo "wbinfo returned: \"$out\", expecting \"2500001\""
|
||||||
|
test "$out" = "2500001"
|
||||||
|
ret=$?
|
||||||
|
testit "Test uid of Domain Users in trusted domain is 2500001" test $ret -eq 0 || failed=$(expr $failed + 1)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Trusted domain test 3: Test get userinfo for Administrator works
|
||||||
|
#
|
||||||
|
|
||||||
|
out="$($wbinfo -i $TRUST_DOMAIN/Administrator)"
|
||||||
|
echo "wbinfo returned: \"$out\", expecting \"$TRUST_DOMAIN/administrator:*:2500000:2500001::/home/$TRUST_DOMAIN/administrator:/bin/false\""
|
||||||
|
test "$out" = "$TRUST_DOMAIN/administrator:*:2500000:2500001::/home/$TRUST_DOMAIN/administrator:/bin/false"
|
||||||
|
ret=$?
|
||||||
|
testit "Test get userinfo for Administrator works" test $ret -eq 0 || failed=$(expr $failed + 1)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Trusted domain test 4: Test lookup from gid to sid
|
||||||
|
#
|
||||||
|
|
||||||
|
out="$($wbinfo -G 2500002)"
|
||||||
|
echo "wbinfo returned: \"$out\", expecting \"$TRUST_DOMAIN_SID-512\""
|
||||||
|
test "$out" = "$TRUST_DOMAIN_SID-512"
|
||||||
|
ret=$?
|
||||||
|
testit "Test gid lookup of Domain Admins in trusted domain." test $ret -eq 0 || failed=$(expr $failed + 1)
|
||||||
|
|
||||||
#
|
#
|
||||||
# Remove POSIX ids from AD
|
# Remove POSIX ids from AD
|
||||||
#
|
#
|
||||||
@ -123,4 +202,31 @@ delete: gidNumber
|
|||||||
gidNumber: 2000002
|
gidNumber: 2000002
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
#
|
||||||
|
# Remove POSIX ids from trusted domain
|
||||||
|
#
|
||||||
|
cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
|
||||||
|
-U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
|
||||||
|
dn: CN=Administrator,CN=Users,$TRUST_BASE_DN
|
||||||
|
changetype: modify
|
||||||
|
delete: uidNumber
|
||||||
|
uidNumber: 2500000
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
|
||||||
|
-U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
|
||||||
|
dn: CN=Domain Users,CN=Users,$TRUST_BASE_DN
|
||||||
|
changetype: modify
|
||||||
|
delete: gidNumber
|
||||||
|
gidNumber: 2500001
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
|
||||||
|
-U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
|
||||||
|
dn: CN=Domain Admins,CN=Users,$TRUST_BASE_DN
|
||||||
|
changetype: modify
|
||||||
|
delete: gidNumber
|
||||||
|
gidNumber: 2500002
|
||||||
|
EOF
|
||||||
|
|
||||||
exit $failed
|
exit $failed
|
||||||
|
@ -369,3 +369,4 @@
|
|||||||
^samba.tests.ntlmdisabled.python\(ktest\).python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
|
^samba.tests.ntlmdisabled.python\(ktest\).python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\)
|
||||||
^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
|
^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
|
||||||
^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
|
^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\)
|
||||||
|
^idmap.ad.Test gid lookup of Domain Admins in trusted domain.\(ad_member_idmap_ad\)
|
||||||
|
Loading…
Reference in New Issue
Block a user