From 2a322a7671c9ffd0dd600142dd76b5b51a67e185 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Sun, 12 Jun 2016 19:03:11 +0200 Subject: [PATCH] selftest: test idmap backend id allocation for unknown SIDS If an SID is is not found becaues the RID doesn't exist in a domain and the domain is configured to use a non-allocating idmap backend like idmap_ad or idmap_rfc2307, winbindd must not return a mapping for the SID. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher --- nsswitch/tests/test_idmap_nss.sh | 41 ++++++++++++++++++++++++++++++++++++++++ source3/selftest/tests.py | 4 +++- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100755 nsswitch/tests/test_idmap_nss.sh diff --git a/nsswitch/tests/test_idmap_nss.sh b/nsswitch/tests/test_idmap_nss.sh new file mode 100755 index 00000000000..999bccb68ef --- /dev/null +++ b/nsswitch/tests/test_idmap_nss.sh @@ -0,0 +1,41 @@ +#!/bin/sh +# Test id mapping with unknown SID and non-allocating idmap backend +if [ $# -lt 1 ]; then + echo Usage: $0 DOMAIN + exit 1 +fi + +DOMAIN="$1" + +wbinfo="$VALGRIND $BINDIR/wbinfo" + +failed=0 + +. `dirname $0`/../../testprogs/blackbox/subunit.sh + +testit "wbinfo returns domain SID" $wbinfo -n "@$DOMAIN" || exit 1 +DOMAIN_SID=$($wbinfo -n "@$DOMAIN" | cut -f 1 -d " ") +echo "Domain $DOMAIN has SID $DOMAIN_SID" + +# Find an unused uid and SID +RID=66666 +while true ; do + id $RID + if [ $? -ne 0 ] ; then + $wbinfo -s $DOMAIN_SID\\$RID + if [ $? -ne 0 ] ; then + break + fi + fi + RID=$(expr $RID + 1) +done + +echo "Using non-existing SID $DOMAIN_SID-$RID to check no id allocation is done by the backend" + +out="$($wbinfo --sids-to-unix-ids=$DOMAIN_SID-$RID)" +echo "wbinfo returned: $out" +test "$out" = "$DOMAIN_SID-$RID -> unmapped" +ret=$? +testit "wbinfo SID to xid returns unmapped for unknown SID" test $ret -eq 0 || failed=$(expr $failed + 1) + +exit $failed diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 2441b193898..e4b185bc124 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -306,7 +306,7 @@ rpc = ["rpc.authcontext", "rpc.samba3.bind", "rpc.samba3.srvsvc", "rpc.samba3.sh local = ["local.nss"] -idmap = [ "idmap.rfc2307" ] +idmap = ["idmap.rfc2307", "idmap.alloc"] rap = ["rap.basic", "rap.rpc", "rap.printing", "rap.sam"] @@ -371,6 +371,8 @@ for t in tests: plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD') elif t == "idmap.rfc2307": plantestsuite(t, "ad_member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', 'Guest', '2000001', '"Domain Users"', '2000002', 'DnsAdmins', '2000003', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD']) + elif t == "idmap.alloc": + plantestsuite(t, "ad_member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_nss.sh"), '$DOMAIN']) elif t == "raw.acls": plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/nfs4acl_simple -U$USERNAME%$PASSWORD', description='nfs4acl_xattr-simple') -- 2.11.4.GIT