mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
Add testcase for idmap_rfc2307 module
Create a new test environment with 'idmap config DOMAIN : backend = rfc2307'. A new test script adds LDAP records and queries them again for the mapped uid and gid. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Mar 9 08:18:43 CET 2013 on sn-devel-104
This commit is contained in:
parent
8241dafdb8
commit
6ac0bdc451
94
nsswitch/tests/test_idmap_rfc2307.sh
Executable file
94
nsswitch/tests/test_idmap_rfc2307.sh
Executable file
@ -0,0 +1,94 @@
|
||||
#!/bin/sh
|
||||
# Test id mapping through idmap_rfc2307 module
|
||||
if [ $# -lt 9 ]; then
|
||||
echo Usage: $0 DOMAIN USERNAME UID GROUPNAME GID LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
|
||||
exit 1
|
||||
fi
|
||||
|
||||
DOMAIN="$1"
|
||||
USERNAME="$2"
|
||||
USERUID="$3"
|
||||
GROUPNAME="$4"
|
||||
GROUPGID="$5"
|
||||
LDAPPREFIX="$6"
|
||||
DC_SERVER="$7"
|
||||
DC_USERNAME="$8"
|
||||
DC_PASSWORD="$9"
|
||||
|
||||
echo called with: $1 $2 $3 $4 $5 $6 $7 $8 $9
|
||||
|
||||
wbinfo="$VALGRIND $BINDIR/wbinfo"
|
||||
ldbadd="$BINDIR/ldbadd"
|
||||
ldbdel="$BINDIR/ldbdel"
|
||||
failed=0
|
||||
|
||||
. `dirname $0`/../../testprogs/blackbox/subunit.sh
|
||||
|
||||
# Delete LDAP records
|
||||
$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
|
||||
$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
|
||||
$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
|
||||
|
||||
# Add id mapping information to LDAP
|
||||
|
||||
cat > $PREFIX/tmpldb <<EOF
|
||||
dn: $LDAPPREFIX
|
||||
objectclass: organizationalUnit
|
||||
EOF
|
||||
|
||||
testit "add ldap prefix" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
|
||||
|
||||
cat > $PREFIX/tmpldb <<EOF
|
||||
dn: cn=$USERNAME,$LDAPPREFIX
|
||||
objectClass: organizationalPerson
|
||||
objectClass: posixAccount
|
||||
ou: People
|
||||
cn: $USERNAME
|
||||
uid: $USERNAME
|
||||
uidNumber: $USERUID
|
||||
gidNumber: 1
|
||||
homeDirectory: /home/admin
|
||||
EOF
|
||||
|
||||
testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
|
||||
|
||||
cat > $PREFIX/tmpldb <<EOF
|
||||
dn: cn=$GROUPNAME,$LDAPPREFIX
|
||||
objectClass: posixGroup
|
||||
objectClass: groupOfNames
|
||||
cn: $GROUPNAME
|
||||
gidNumber: $GROUPGID
|
||||
member: cn=$USERNAME,$LDAPPREFIX
|
||||
EOF
|
||||
|
||||
testit "add ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
|
||||
|
||||
rm -f $PREFIX/tmpldbmodify
|
||||
|
||||
testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN\\$USERNAME" || failed=$(expr $failed + 1)
|
||||
user_sid=$($wbinfo -n "$DOMAIN\\$USERNAME" | cut -d " " -f1)
|
||||
echo "$DOMAIN\\$USERNAME resolved to $user_sid"
|
||||
|
||||
testit "wbinfo --sid-to-uid=$user_sid" $wbinfo --sid-to-uid=$user_sid || failed=$(expr $failed + 1)
|
||||
user_uid=$($wbinfo --sid-to-uid=$user_sid | cut -d " " -f1)
|
||||
echo "$DOMAIN\\$USERNAME resolved to $user_uid"
|
||||
|
||||
testit "test $user_uid -eq $USERUID" test $user_uid -eq $USERUID || failed=$(expr $failed + 1)
|
||||
|
||||
# Not sure how to get group names with spaces to resolve through testit
|
||||
#testit "wbinfo --name-to-sid" $wbinfo --name-to-sid="$DOMAIN\\$GROUPNAME" || failed=$(expr $failed + 1)
|
||||
group_sid=$($wbinfo --name-to-sid="$DOMAIN\\$GROUPNAME" | cut -d " " -f1)
|
||||
echo "$DOMAIN\\$GROUPNAME resolved to $group_sid"
|
||||
|
||||
testit "wbinfo --sid-to-gid=$group_sid" $wbinfo --sid-to-gid=$group_sid || failed=$(expr $failed + 1)
|
||||
group_gid=$($wbinfo --sid-to-gid=$group_sid | cut -d " " -f1)
|
||||
echo "$DOMAIN\\$GROUPNAME resolved to $group_gid"
|
||||
|
||||
testit "test $group_gid -eq $GROUPGID" test $group_gid -eq $GROUPGID || failed=$(expr $failed + 1)
|
||||
|
||||
# Delete LDAP records
|
||||
$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
|
||||
$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
|
||||
$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
|
||||
|
||||
exit $failed
|
@ -171,6 +171,7 @@ sub get_interface($)
|
||||
$interfaces{"localsubdc"} = 31;
|
||||
$interfaces{"chgdcpass"} = 32;
|
||||
$interfaces{"promotedvdc"} = 33;
|
||||
$interfaces{"rfc2307member"} = 34;
|
||||
|
||||
# update lib/socket_wrapper/socket_wrapper.c
|
||||
# #define MAX_WRAPPED_INTERFACES 32
|
||||
|
@ -331,6 +331,85 @@ sub setup_admember($$$$)
|
||||
return $ret;
|
||||
}
|
||||
|
||||
sub setup_admember_rfc2307($$$$)
|
||||
{
|
||||
my ($self, $prefix, $dcvars) = @_;
|
||||
|
||||
# If we didn't build with ADS, pretend this env was never available
|
||||
if (not $self->have_ads()) {
|
||||
return "UNKNOWN";
|
||||
}
|
||||
|
||||
print "PROVISIONING S3 AD MEMBER WITH idmap_rfc2307 config...";
|
||||
|
||||
my $member_options = "
|
||||
security = ads
|
||||
server signing = on
|
||||
workgroup = $dcvars->{DOMAIN}
|
||||
realm = $dcvars->{REALM}
|
||||
idmap config $dcvars->{DOMAIN} : backend = rfc2307
|
||||
idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
|
||||
idmap config $dcvars->{DOMAIN} : ldap_server = ad
|
||||
idmap config $dcvars->{DOMAIN} : bind_path_user = ou=idmap,dc=samba,dc=example,dc=com
|
||||
idmap config $dcvars->{DOMAIN} : bind_path_group = ou=idmap,dc=samba,dc=example,dc=com
|
||||
";
|
||||
|
||||
my $ret = $self->provision($prefix,
|
||||
"RFC2307MEMBER",
|
||||
"loCalMemberPass",
|
||||
$member_options);
|
||||
|
||||
$ret or return undef;
|
||||
|
||||
close(USERMAP);
|
||||
$ret->{DOMAIN} = $dcvars->{DOMAIN};
|
||||
$ret->{REALM} = $dcvars->{REALM};
|
||||
|
||||
my $ctx;
|
||||
my $prefix_abs = abs_path($prefix);
|
||||
$ctx = {};
|
||||
$ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
|
||||
$ctx->{domain} = $dcvars->{DOMAIN};
|
||||
$ctx->{realm} = $dcvars->{REALM};
|
||||
$ctx->{dnsname} = lc($dcvars->{REALM});
|
||||
$ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
|
||||
Samba::mk_krb5_conf($ctx, "");
|
||||
|
||||
$ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
|
||||
|
||||
my $net = Samba::bindir_path($self, "net");
|
||||
my $cmd = "";
|
||||
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
|
||||
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
|
||||
$cmd .= "$net join $ret->{CONFIGURATION}";
|
||||
$cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
|
||||
|
||||
if (system($cmd) != 0) {
|
||||
warn("Join failed\n$cmd");
|
||||
return undef;
|
||||
}
|
||||
|
||||
# We need world access to this share, as otherwise the domain
|
||||
# administrator from the AD domain provided by Samba4 can't
|
||||
# access the share for tests.
|
||||
chmod 0777, "$prefix/share";
|
||||
|
||||
if (not $self->check_or_start($ret, "yes", "yes", "yes")) {
|
||||
return undef;
|
||||
}
|
||||
|
||||
$ret->{DC_SERVER} = $dcvars->{SERVER};
|
||||
$ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
|
||||
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
|
||||
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
|
||||
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
|
||||
|
||||
# Special case, this is called from Samba4.pm but needs to use the Samba3 check_env and get_log_env
|
||||
$ret->{target} = $self;
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
sub setup_simpleserver($$)
|
||||
{
|
||||
my ($self, $path) = @_;
|
||||
|
@ -1661,6 +1661,12 @@ sub setup_env($$$)
|
||||
return $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29);
|
||||
} elsif ($envname eq "plugin_s4_dc") {
|
||||
return $self->setup_plugin_s4_dc("$path/plugin_s4_dc");
|
||||
} elsif ($envname eq "s3member_rfc2307") {
|
||||
if (not defined($self->{vars}->{dc})) {
|
||||
$self->setup_dc("$path/dc");
|
||||
}
|
||||
return $target3->setup_admember_rfc2307("$path/s3member_rfc2307",
|
||||
$self->{vars}->{dc}, 34);
|
||||
} else {
|
||||
return "UNKNOWN";
|
||||
}
|
||||
|
@ -278,6 +278,8 @@ local = ["local.nss-wrapper", "local.ndr"]
|
||||
|
||||
winbind = ["winbind.struct", "winbind.wbclient", "winbind.pac"]
|
||||
|
||||
idmap = [ "idmap.rfc2307" ]
|
||||
|
||||
rap = ["rap.basic", "rap.rpc", "rap.printing", "rap.sam"]
|
||||
|
||||
unix = ["unix.info2", "unix.whoami"]
|
||||
@ -286,7 +288,7 @@ nbt = ["nbt.dgram" ]
|
||||
|
||||
libsmbclient = ["libsmbclient"]
|
||||
|
||||
tests= base + raw + smb2 + rpc + unix + local + winbind + rap + nbt + libsmbclient
|
||||
tests= base + raw + smb2 + rpc + unix + local + winbind + rap + nbt + libsmbclient + idmap
|
||||
|
||||
for t in tests:
|
||||
if t == "base.delaywrite":
|
||||
@ -338,6 +340,8 @@ for t in tests:
|
||||
plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/valid-users-tmp -U$USERNAME%$PASSWORD')
|
||||
plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/write-list-tmp -U$USERNAME%$PASSWORD')
|
||||
plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
|
||||
elif t == "idmap.rfc2307":
|
||||
plantestsuite(t, "s3member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', '"Domain Users"', '2000001', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD'])
|
||||
else:
|
||||
plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
|
||||
plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
|
||||
|
Loading…
Reference in New Issue
Block a user