mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
selftest: Test auth_wbc, the auth4 winbind and winbind_wbclient modules using pdbtest
This ensures these authentication modules continue to operate correctly, and that the results are consistent. Andrew Bartlett Change-Id: I7f63cd93e55c6f73ceeafb14f1dc265291791803 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri May 16 12:50:44 CEST 2014 on sn-devel-104
This commit is contained in:
parent
6c37cd6544
commit
c664859a12
@ -935,10 +935,10 @@ sub provision($$$$$$)
|
||||
##
|
||||
|
||||
my ($max_uid, $max_gid);
|
||||
my ($uid_nobody, $uid_root, $uid_pdbtest);
|
||||
my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2);
|
||||
my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins);
|
||||
|
||||
if ($unix_uid < 0xffff - 2) {
|
||||
if ($unix_uid < 0xffff - 4) {
|
||||
$max_uid = 0xffff;
|
||||
} else {
|
||||
$max_uid = $unix_uid;
|
||||
@ -947,8 +947,9 @@ sub provision($$$$$$)
|
||||
$uid_root = $max_uid - 1;
|
||||
$uid_nobody = $max_uid - 2;
|
||||
$uid_pdbtest = $max_uid - 3;
|
||||
$uid_pdbtest2 = $max_uid - 4;
|
||||
|
||||
if ($unix_gids[0] < 0xffff - 3) {
|
||||
if ($unix_gids[0] < 0xffff - 5) {
|
||||
$max_gid = 0xffff;
|
||||
} else {
|
||||
$max_gid = $unix_gids[0];
|
||||
@ -1180,6 +1181,7 @@ sub provision($$$$$$)
|
||||
print PASSWD "nobody:x:$uid_nobody:$gid_nobody:nobody gecos:$prefix_abs:/bin/false
|
||||
$unix_name:x:$unix_uid:$unix_gids[0]:$unix_name gecos:$prefix_abs:/bin/false
|
||||
pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
|
||||
pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
|
||||
";
|
||||
if ($unix_uid != 0) {
|
||||
print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false
|
||||
|
@ -679,6 +679,9 @@ root:x:0:0:root gecos:$ctx->{prefix_abs}:/bin/false
|
||||
$ctx->{unix_name}:x:$ctx->{unix_uid}:100:$ctx->{unix_name} gecos:$ctx->{prefix_abs}:/bin/false
|
||||
nobody:x:65534:65533:nobody gecos:$ctx->{prefix_abs}:/bin/false
|
||||
pdbtest:x:65533:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
|
||||
pdbtest2:x:65532:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
|
||||
pdbtest3:x:65531:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
|
||||
pdbtest4:x:65530:65533:pdbtest gecos:$ctx->{prefix_abs}:/bin/false
|
||||
";
|
||||
close(PWD);
|
||||
my $uid_rfc2307test = 65533;
|
||||
|
@ -167,7 +167,11 @@ for env in ["dc", "s3dc"]:
|
||||
"-k no --option=usespnego=no"]:
|
||||
name = "rpc.lsa.secrets on %s with with %s" % (transport, ntlmoptions)
|
||||
plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport), ntlmoptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.%s" % name)
|
||||
plantestsuite("samba.blackbox.pdbtest", "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", smbclient4, '$SMB_CONF_PATH', configuration])
|
||||
plantestsuite("samba.blackbox.pdbtest(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest", smbclient4, '$SMB_CONF_PATH', configuration])
|
||||
plantestsuite("samba.blackbox.pdbtest.winbind(%s)" % env, "%s:local" % env, [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest2", smbclient4, '$SMB_CONF_PATH', configuration + " --option='authmethods=wbc'"])
|
||||
|
||||
plantestsuite("samba.blackbox.pdbtest.s4winbind(dc)", "dc:local", [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest3", smbclient4, '$SMB_CONF_PATH', configuration + " --option='authmethods=samba4:winbind'"])
|
||||
plantestsuite("samba.blackbox.pdbtest.s4winbind_wbclient(dc)", "dc:local", [os.path.join(bbdir, "test_pdbtest.sh"), '$SERVER', "$PREFIX", "pdbtest4", smbclient4, '$SMB_CONF_PATH', configuration + " --option='authmethods=samba4:winbind_wbclient'"])
|
||||
|
||||
transports = ["ncacn_np", "ncacn_ip_tcp"]
|
||||
|
||||
|
@ -5,16 +5,17 @@
|
||||
|
||||
if [ $# -lt 2 ]; then
|
||||
cat <<EOF
|
||||
Usage: test_pdbtest.sh SERVER PREFIX SMBCLIENT SMB_CONF
|
||||
Usage: test_pdbtest.sh SERVER PREFIX USER SMBCLIENT SMB_CONF
|
||||
EOF
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
SERVER=$1
|
||||
PREFIX=$2
|
||||
smbclient=$3
|
||||
SMB_CONF=$4
|
||||
shift 4
|
||||
USER=$3
|
||||
smbclient=$4
|
||||
SMB_CONF=$5
|
||||
shift 5
|
||||
failed=0
|
||||
|
||||
samba4bindir="$BINDIR"
|
||||
@ -45,7 +46,7 @@ test_smbclient() {
|
||||
UID_WRAPPER_ROOT=1
|
||||
export UID_WRAPPER_ROOT
|
||||
|
||||
testit "pdbtest" $VALGRIND $BINDIR/pdbtest -u pdbtest || failed=`expr $failed + 1`
|
||||
testit "pdbtest" $VALGRIND $BINDIR/pdbtest -u $USER $@ || failed=`expr $failed + 1`
|
||||
|
||||
NEWUSERPASS=testPaSS@01%
|
||||
|
||||
@ -57,14 +58,14 @@ expect retype new password:
|
||||
send ${NEWUSERPASS}\n
|
||||
EOF
|
||||
|
||||
testit "create user with pdbedit" $rkpty ./tmpsmbpasswdscript $VALGRIND $pdbedit -a pdbtest --account-desc="pdbedit-test-user" $@ || failed=`expr $failed + 1`
|
||||
testit "create user with pdbedit" $rkpty ./tmpsmbpasswdscript $VALGRIND $pdbedit -a $USER --account-desc="pdbedit-test-user" $@ || failed=`expr $failed + 1`
|
||||
USERPASS=$NEWUSERPASS
|
||||
|
||||
test_smbclient "Test login with user (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS $@ || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user (ntlm)" 'ls' -k no -U$USER%$NEWUSERPASS $@ || failed=`expr $failed + 1`
|
||||
|
||||
testit "modify user" $VALGRIND $pdbedit --modify pdbtest --drive="D:" $@ || failed=`expr $failed + 1`
|
||||
testit "modify user" $VALGRIND $pdbedit --modify $USER --drive="D:" $@ || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS $@|| failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user (ntlm)" 'ls' -k no -U$USER%$NEWUSERPASS $@|| failed=`expr $failed + 1`
|
||||
|
||||
NEWUSERPASS=testPaSS@02%
|
||||
|
||||
@ -76,28 +77,28 @@ expect Retype new SMB password:
|
||||
send ${NEWUSERPASS}\n
|
||||
EOF
|
||||
|
||||
testit "set user password with smbpasswd" $rkpty ./tmpsmbpasswdscript $smbpasswd -L pdbtest -c $SMB_CONF || failed=`expr $failed + 1`
|
||||
testit "set user password with smbpasswd" $rkpty ./tmpsmbpasswdscript $smbpasswd -L $USER -c $SMB_CONF || failed=`expr $failed + 1`
|
||||
USERPASS=$NEWUSERPASS
|
||||
|
||||
test_smbclient "Test login with user (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS $@|| failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with user (ntlm)" 'ls' -k no -U$USER%$NEWUSERPASS $@|| failed=`expr $failed + 1`
|
||||
|
||||
testit "modify user - disabled" $VALGRIND $net sam set disabled pdbtest yes $@ || failed=`expr $failed + 1`
|
||||
testit "modify user - disabled" $VALGRIND $net sam set disabled $USER yes $@ || failed=`expr $failed + 1`
|
||||
|
||||
testit_expect_failure "Test login with disabled suer" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k no -Updbtest@%$USERPASS && failed=`expr $failed + 1`
|
||||
testit_expect_failure "Test login with disabled suer" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k no -U$USER@%$USERPASS && failed=`expr $failed + 1`
|
||||
|
||||
testit "modify user - enabled" $VALGRIND $net sam set disabled pdbtest no $@ || failed=`expr $failed + 1`
|
||||
testit "modify user - enabled" $VALGRIND $net sam set disabled $USER no $@ || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with re-enabled user (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with re-enabled user (ntlm)" 'ls' -k no -U$USER%$NEWUSERPASS || failed=`expr $failed + 1`
|
||||
|
||||
testit "modify user - must change password now" $VALGRIND $net sam set pwdmustchangenow pdbtest yes $@ || failed=`expr $failed + 1`
|
||||
testit "modify user - must change password now" $VALGRIND $net sam set pwdmustchangenow $USER yes $@ || failed=`expr $failed + 1`
|
||||
|
||||
testit_expect_failure "Test login with expired password" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k no -Updbtest@%$USERPASS && failed=`expr $failed + 1`
|
||||
testit_expect_failure "Test login with expired password" $VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k no -U$USER@%$USERPASS && failed=`expr $failed + 1`
|
||||
|
||||
testit "modify user - disable password expiry" $VALGRIND $net sam set pwnoexp pdbtest yes $@ || failed=`expr $failed + 1`
|
||||
testit "modify user - disable password expiry" $VALGRIND $net sam set pwnoexp $USER yes $@ || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with no expiry (ntlm)" 'ls' -k no -Updbtest%$NEWUSERPASS || failed=`expr $failed + 1`
|
||||
test_smbclient "Test login with no expiry (ntlm)" 'ls' -k no -U$USER%$NEWUSERPASS || failed=`expr $failed + 1`
|
||||
|
||||
testit "del user" $VALGRIND $pdbedit -x pdbtest $@ || failed=`expr $failed + 1`
|
||||
testit "del user" $VALGRIND $pdbedit -x $USER $@ || failed=`expr $failed + 1`
|
||||
|
||||
rm ./tmpsmbpasswdscript
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user