1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

selftest: Test auth_wbc, the auth4 winbind and winbind_wbclient modules using pdbtest

This ensures these authentication modules continue to operate correctly, and that the results are consistent.

Andrew Bartlett

Change-Id: I7f63cd93e55c6f73ceeafb14f1dc265291791803
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 16 12:50:44 CEST 2014 on sn-devel-104
This commit is contained in:
Andrew Bartlett 2014-05-16 14:30:43 +12:00
parent 6c37cd6544
commit c664859a12
4 changed files with 34 additions and 24 deletions

View File

@ -935,10 +935,10 @@ sub provision($$$$$$)
##
my ($max_uid, $max_gid);
my ($uid_nobody, $uid_root, $uid_pdbtest);
my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2);
my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins);
if ($unix_uid < 0xffff - 2) {
if ($unix_uid < 0xffff - 4) {
$max_uid = 0xffff;
} else {
$max_uid = $unix_uid;
@ -947,8 +947,9 @@ sub provision($$$$$$)
$uid_root = $max_uid - 1;
$uid_nobody = $max_uid - 2;
$uid_pdbtest = $max_uid - 3;
$uid_pdbtest2 = $max_uid - 4;
if ($unix_gids[0] < 0xffff - 3) {
if ($unix_gids[0] < 0xffff - 5) {
$max_gid = 0xffff;
} else {
$max_gid = $unix_gids[0];
@ -1180,6 +1181,7 @@ sub provision($$$$$$)
print PASSWD "nobody:x:$uid_nobody:$gid_nobody:nobody gecos:$prefix_abs:/bin/false
$unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false
pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
";
if ($unix_uid != 0) {
print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false

View File

@ -679,6 +679,9 @@ root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false
$ctx->{unix_name}:x:$ctx->{unix_uid}:100:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false
nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false
pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
pdbtest2:x:65532:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
pdbtest3:x:65531:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
pdbtest4:x:65530:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
";
close(PWD);
my $uid_rfc2307test = 65533;

View File

@ -167,7 +167,11 @@ for env in ["dc", "s3dc"]:
"-k no --option=usespnego=no"]:
name = "rpc.lsa.secrets on %s with with %s" % (transport, ntlmoptions)
plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.%s" % name)
plantestsuite("samba.blackbox.pdbtest", "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", smbclient4, '$SMB_CONF_PATH', configuration])
plantestsuite("samba.blackbox.pdbtest(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest", smbclient4, '$SMB_CONF_PATH', configuration])
plantestsuite("samba.blackbox.pdbtest.winbind(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest2", smbclient4, '$SMB_CONF_PATH', configuration + " --option='authmethods=wbc'"])
plantestsuite("samba.blackbox.pdbtest.s4winbind(dc)", "dc:local", [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest3", smbclient4, '$SMB_CONF_PATH', configuration + " --option='authmethods=samba4:winbind'"])
plantestsuite("samba.blackbox.pdbtest.s4winbind_wbclient(dc)", "dc:local", [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest4", smbclient4, '$SMB_CONF_PATH', configuration + " --option='authmethods=samba4:winbind_wbclient'"])
transports = ["ncacn_np", "ncacn_ip_tcp"]

View File

@ -5,16 +5,17 @@
if [ $# -lt 2 ]; then
cat <<EOF
Usage: test_pdbtest.sh SERVER PREFIX SMBCLIENT SMB_CONF
Usage: test_pdbtest.sh SERVER PREFIX USER SMBCLIENT SMB_CONF
EOF
exit 1;
fi
SERVER=$1
PREFIX=$2
smbclient=$3
SMB_CONF=$4
shift 4
USER=$3
smbclient=$4
SMB_CONF=$5
shift 5
failed=0
samba4bindir="$BINDIR"
@ -45,7 +46,7 @@ test_smbclient() {
UID_WRAPPER_ROOT=1
export UID_WRAPPER_ROOT
testit "pdbtest" $VALGRIND $BINDIR/pdbtest -u pdbtest || failed=`expr $failed + 1`
testit "pdbtest" $VALGRIND $BINDIR/pdbtest -u $USER $@ || failed=`expr $failed + 1`
NEWUSERPASS=testPaSS@01%
@ -57,14 +58,14 @@ expect retype new password:
send ${NEWUSERPASS}\n
EOF
testit "create user with pdbedit" $rkpty ./tmpsmbpasswdscript $VALGRIND $pdbedit -a pdbtest --account-desc="pdbedit-test-user" $@ || failed=`expr $failed + 1`
testit "create user with pdbedit" $rkpty ./tmpsmbpasswdscript $VALGRIND $pdbedit -a $USER --account-desc="pdbedit-test-user" $@ || failed=`expr $failed + 1`
USERPASS=$NEWUSERPASS
test_smbclient "Test login with user (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS $@ || failed=`expr $failed + 1`
test_smbclient "Test login with user (ntlm)" 'ls' -k no -U$USER%$NEWUSERPASS $@ || failed=`expr $failed + 1`
testit "modify user" $VALGRIND $pdbedit --modify pdbtest --drive="D:" $@ || failed=`expr $failed + 1`
testit "modify user" $VALGRIND $pdbedit --modify $USER --drive="D:" $@ || failed=`expr $failed + 1`
test_smbclient "Test login with user (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS $@|| failed=`expr $failed + 1`
test_smbclient "Test login with user (ntlm)" 'ls' -k no -U$USER%$NEWUSERPASS $@|| failed=`expr $failed + 1`
NEWUSERPASS=testPaSS@02%
@ -76,28 +77,28 @@ expect Retype new SMB password:
send ${NEWUSERPASS}\n
EOF
testit "set user password with smbpasswd" $rkpty ./tmpsmbpasswdscript $smbpasswd -L pdbtest -c $SMB_CONF || failed=`expr $failed + 1`
testit "set user password with smbpasswd" $rkpty ./tmpsmbpasswdscript $smbpasswd -L $USER -c $SMB_CONF || failed=`expr $failed + 1`
USERPASS=$NEWUSERPASS
test_smbclient "Test login with user (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS $@|| failed=`expr $failed + 1`
test_smbclient "Test login with user (ntlm)" 'ls' -k no -U$USER%$NEWUSERPASS $@|| failed=`expr $failed + 1`
testit "modify user - disabled" $VALGRIND $net sam set disabled pdbtest yes $@ || failed=`expr $failed + 1`
testit "modify user - disabled" $VALGRIND $net sam set disabled $USER yes $@ || failed=`expr $failed + 1`
testit_expect_failure "Test login with disabled suer" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k no -Updbtest@%$USERPASS && failed=`expr $failed + 1`
testit_expect_failure "Test login with disabled suer" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k no -U$USER@%$USERPASS && failed=`expr $failed + 1`
testit "modify user - enabled" $VALGRIND $net sam set disabled pdbtest no $@ || failed=`expr $failed + 1`
testit "modify user - enabled" $VALGRIND $net sam set disabled $USER no $@ || failed=`expr $failed + 1`
test_smbclient "Test login with re-enabled user (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS || failed=`expr $failed + 1`
test_smbclient "Test login with re-enabled user (ntlm)" 'ls' -k no -U$USER%$NEWUSERPASS || failed=`expr $failed + 1`
testit "modify user - must change password now" $VALGRIND $net sam set pwdmustchangenow pdbtest yes $@ || failed=`expr $failed + 1`
testit "modify user - must change password now" $VALGRIND $net sam set pwdmustchangenow $USER yes $@ || failed=`expr $failed + 1`
testit_expect_failure "Test login with expired password" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k no -Updbtest@%$USERPASS && failed=`expr $failed + 1`
testit_expect_failure "Test login with expired password" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k no -U$USER@%$USERPASS && failed=`expr $failed + 1`
testit "modify user - disable password expiry" $VALGRIND $net sam set pwnoexp pdbtest yes $@ || failed=`expr $failed + 1`
testit "modify user - disable password expiry" $VALGRIND $net sam set pwnoexp $USER yes $@ || failed=`expr $failed + 1`
test_smbclient "Test login with no expiry (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS || failed=`expr $failed + 1`
test_smbclient "Test login with no expiry (ntlm)" 'ls' -k no -U$USER%$NEWUSERPASS || failed=`expr $failed + 1`
testit "del user" $VALGRIND $pdbedit -x pdbtest $@ || failed=`expr $failed + 1`
testit "del user" $VALGRIND $pdbedit -x $USER $@ || failed=`expr $failed + 1`
rm ./tmpsmbpasswdscript