selftest: add test for force user and well-known primary group

Add a test for connecting to a share with a "force user" whos
primary unix gid maps to a well-known alias.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11608

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 19 23:20:36 CET 2015 on sn-devel-104
(cherry picked from commit d451bbaee2e025d4135f686c0f220d6337dbf38e)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Mon Nov 23 15:46:03 CET 2015 on sn-devel-104

selftest/target/Samba3.pm

@@ -1202,7 +1202,9 @@ sub provision($$$$$$$$)
 
 	my ($max_uid, $max_gid);
 	my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2);
+	my ($uid_pdbtest_wkn);
 	my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins);
+	my ($gid_everyone);
 
 	if ($unix_uid < 0xffff - 4) {
 		$max_uid = 0xffff;
@@ -1214,8 +1216,9 @@ sub provision($$$$$$$$)
 	$uid_nobody = $max_uid - 2;
 	$uid_pdbtest = $max_uid - 3;
 	$uid_pdbtest2 = $max_uid - 4;
+	$uid_pdbtest_wkn = $max_uid - 6;
 
-	if ($unix_gids[0] < 0xffff - 5) {
+	if ($unix_gids[0] < 0xffff - 7) {
 		$max_gid = 0xffff;
 	} else {
 		$max_gid = $unix_gids[0];
@@ -1226,6 +1229,7 @@ sub provision($$$$$$$$)
 	$gid_root = $max_gid - 3;
 	$gid_domusers = $max_gid - 4;
 	$gid_domadmins = $max_gid - 5;
+	$gid_everyone = $max_gid - 7;
 
 	##
 	## create conffile
@@ -1368,9 +1372,15 @@ sub provision($$$$$$$$)
         force user = $unix_name
         guest ok = yes
 [forceuser_unixonly]
+	comment = force a user with unix user SID and group SID
 	path = $shrdir
 	force user = pdbtest
 	guest ok = yes
+[forceuser_wkngroup]
+	comment = force a user with well-known group SID
+	path = $shrdir
+	force user = pdbtest_wkn
+	guest ok = yes
 [forcegroup]
 	path = $shrdir
         force group = nogroup
@@ -1497,6 +1507,7 @@ sub provision($$$$$$$$)
 $unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false
 pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
 pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
+pdbtest_wkn:x:$uid_pdbtest_wkn:$gid_everyone:pdbtest_wkn gecos:$prefix_abs:/bin/false
 ";
 	if ($unix_uid != 0) {
 		print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false
@@ -1513,6 +1524,7 @@ nogroup:x:$gid_nogroup:nobody
 $unix_name-group:x:$unix_gids[0]:
 domusers:X:$gid_domusers:
 domadmins:X:$gid_domadmins:
+everyone:x:$gid_everyone:
 ";
 	if ($unix_gids[0] != 0) {
 		print GROUP "root:x:$gid_root:
@@ -1705,6 +1717,10 @@ sub wait_for_start($$$$$)
 	if ($ret != 0) {
 	    return 1;
 	}
+	$ret = system(Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin");
+	if ($ret != 0) {
+	    return 1;
+	}
 
 	if ($winbindd eq "yes") {
 	    # note: creating builtin groups requires winbindd for the

source3/script/tests/test_smbclient_auth.sh

@@ -28,5 +28,6 @@ testit "smbclient //$SERVER/tmpguest as anon" $SMBCLIENT //$SERVER/tmpguest $CON
 testit "smbclient //$SERVER/forceuser" $SMBCLIENT //$SERVER/forceuser $CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -p 139 -c quit $ADDARGS
 testit "smbclient //$SERVER/forceuser as anon" $SMBCLIENT //$SERVER/forceuser $CONFIGURATION -U% -I $SERVER_IP -p 139 -c quit $ADDARGS
 testit "smbclient //$SERVER/forceuser_unixonly" $SMBCLIENT //$SERVER/forceuser_unixonly $CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -p 139 -c quit $ADDARGS
+testit "smbclient //$SERVER/forceuser_wkngroup" $SMBCLIENT //$SERVER/forceuser_wkngroup $CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -p 139 -c quit $ADDARGS
 testit "smbclient //$SERVER/forcegroup" $SMBCLIENT //$SERVER/forcegroup $CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -p 139 -c quit $ADDARGS
 testit "smbclient //$SERVER/forcegroup as anon" $SMBCLIENT //$SERVER/forcegroup $CONFIGURATION -U% -I $SERVER_IP -p 139 -c quit $ADDARGS