testsuite/nsswitch/wbinfo.exp

   1 #
   2 # @(#) Test wbinfo client access to winbind daemon
   3 #
   4
   5 load_lib "util-defs.exp"
   6 load_lib "$srcdir/lib/nsswitch-config.exp"
   7 load_lib "$srcdir/lib/default-nt-names.exp"
   8
   9 # Name types
  10
  11 set SID_NAME_USER    1
  12 set SID_NAME_DOM_GRP 2
  13 set SID_NAME_DOMAIN  3
  14 set SID_NAME_ALIAS   4
  15 set SID_NAME_UNKNOWN 8
  16
  17 # Get list of users and groups
  18
  19 set user_list [util_start "bin/wbinfo" "-u"]
  20 set group_list [util_start "bin/wbinfo" "-g"]
  21
  22 verbose "user list is:\n$user_list"
  23 verbose "group list is:\n$group_list"
  24
  25 set user_list [split $user_list "\n"]
  26 set group_list [split $group_list "\n"]
  27
  28 #
  29 #   @(#) Check list of users and groups contain default NT user and group
  30 #   @(#) names
  31 #
  32
  33 # Users
  34
  35 foreach { user } $domain_users {
  36     set test_desc "user $user in wbinfo domain users"
  37     if {![regexp $user $user_list]} {
  38         fail $test_desc
  39     } else {
  40         pass $test_desc
  41     }
  42 }
  43
  44 # Groups
  45
  46 foreach { group } $domain_groups {
  47     set test_desc "group $group in wbinfo domain groups"
  48     if {![regexp $group $group_list]} {
  49         fail $test_desc
  50     } else {
  51         pass $test_desc
  52     }
  53 }
  54
  55 #
  56 #   @(#) Lookup sids for all user and group names returned by wbinfo
  57 #
  58
  59 # Users
  60
  61 foreach { user } $user_list {
  62     set test_desc "get sid for user $user"
  63     set output [util_start "bin/wbinfo" "-n \"$user\""]
  64
  65     verbose $output
  66
  67     # Split output into name and name_type
  68
  69     set list [split $output " "]
  70     set sid_type [lindex $list [expr [llength $list] - 1]]
  71     set sid [join [lrange $list 0 [expr [llength $list] - 2]] " "]
  72
  73     if { ![regexp "S-" $sid] } {
  74         fail $test_desc
  75     } else {
  76         pass $test_desc
  77     }
  78
  79     set test_desc "sid type for user $user"
  80     if { $sid_type != $SID_NAME_USER } {
  81         fail $test_desc
  82     } else {
  83         pass $test_desc
  84     }
  85
  86     lappend user_sid_list $sid
  87 }
  88
  89 # Groups
  90
  91 foreach { group } $group_list {
  92     set test_desc "get sid for group $group"
  93     set output [util_start "bin/wbinfo" "-n \"$group\""]
  94
  95     verbose $output
  96
  97     # Split output into sid and sid type
  98
  99     set list [split $output " "]
 100     set sid_type [lindex $list [expr [llength $list] - 1]]
 101     set sid [join [lrange $list 0 [expr [llength $list] - 2]] " "]
 102
 103     if { ![regexp "S-" $sid] } {
 104         fail $test_desc
 105     } else {
 106         pass $test_desc
 107     }
 108
 109     set test_desc "sid type for group group"
 110     if { $sid_type != $SID_NAME_DOM_GRP } {
 111         fail $test_desc
 112     } else {
 113         pass $test_desc
 114     }
 115
 116     lappend group_sid_list $sid
 117 }
 118
 119 #
 120 #   @(#) Check reverse lookup of sids to names
 121 #
 122
 123 # Users
 124
 125 set count 0
 126
 127 foreach { sid } $user_sid_list {
 128     set test_desc "reverse user name lookup for sid $sid"
 129     set output [util_start "bin/wbinfo" "-s $sid"]
 130
 131     verbose $output
 132
 133     # Split output into name and name_type
 134
 135     set list [split $output " "]
 136     set name_type [lindex $list [expr [llength $list] - 1]]
 137     set name [join [lrange $list 0 [expr [llength $list] - 2]] " "]
 138
 139     if { $name != [lindex $user_list $count] } {
 140         fail $test_desc
 141     } else {
 142         pass $test_desc
 143     }
 144
 145     set test_desc "reverse user name type lookup for sid $sid"
 146
 147     if { $name_type != 1 } {
 148         fail $test_desc
 149     } else {
 150         pass $test_desc
 151     }
 152
 153     incr count
 154 }
 155
 156 # Groups
 157
 158 set count 0
 159
 160 foreach { sid } $group_sid_list {
 161     set test_desc "reverse group name lookup for sid $sid"
 162     set output [util_start "bin/wbinfo" "-s $sid"]
 163
 164     verbose $output
 165
 166     # Split output into name and name_type
 167
 168     set list [split $output " "]
 169     set name_type [lindex $list [expr [llength $list] - 1]]
 170     set name [join [lrange $list 0 [expr [llength $list] - 2]] " "]
 171
 172     if { $name != [lindex $group_list $count] } {
 173         fail $test_desc
 174     } else {
 175         pass $test_desc
 176     }
 177
 178     set test_desc "reverse group name type lookup for sid $sid"
 179
 180     if { $name_type != 2 } {
 181         fail $test_desc
 182     } else {
 183         pass $test_desc
 184     }
 185
 186     incr count
 187 }
 188
 189 #
 190 #   @(#) Cross-check the output of wbinfo -n, getent passwd/group and
 191 #   @(#) wbinfo -S
 192 #
 193
 194 # Get mapped list of uids from winbindd
 195
 196 set output [util_start "getent" "passwd"]
 197 set user_list [split $output "\n"]
 198
 199 foreach { user_entry } $user_list {
 200     if { [regexp $domain $user_entry] } {
 201         set field_list [split $user_entry ":"]
 202         set name_output [util_start "bin/wbinfo" \
 203                 "-n \"[lindex $field_list 0]\""]
 204         set list [split $name_output " "]
 205         set name_type [lindex $list [expr [llength $list] - 1]]
 206         set name [join [lrange $list 0 [expr [llength $list] - 2]] " "]
 207         set username_uid_sid [lappend username_uid_sid [list \
 208                 [lindex $field_list 0] \
 209                 [lindex $field_list 2] \
 210                 $name]]
 211     }
 212 }
 213
 214 # Get mapped list of gids from winbindd
 215
 216 set output [util_start "getent" "group"]
 217 set group_list [split $output "\n"]
 218
 219 foreach { group_entry } $group_list {
 220     if { [regexp $domain $group_entry] } {
 221         set field_list [split $group_entry ":"]
 222         set groupname_gid_sid [lappend groupname_gid_sid [list \
 223                 [lindex $field_list 0] \
 224                 [lindex $field_list 2] \
 225                 [util_start "bin/wbinfo" "-n \"[lindex $field_list 0]\""]]]
 226     }
 227 }
 228
 229 # OK, now we have enough info to cross-check the uid/gid -> sid and
 230 # sid -> uid/gid functions
 231
 232 foreach { user } $username_uid_sid {
 233     set sid [util_start "bin/wbinfo" "-U [lindex $user 1]"]
 234     set uid [util_start "bin/wbinfo" "-S [lindex $user 2]"]
 235
 236     set test_desc "lookup sid by uid [lindex $user 1]"
 237
 238     if { $sid != [lindex $user 2] } {
 239         fail $test_desc
 240     } else {
 241         pass $test_desc
 242     }
 243
 244     set test_desc "lookup uid by sid [lindex $user 2]"
 245
 246     if { $uid != [lindex $user 1] } {
 247         fail $test_desc
 248     } else {
 249         pass $test_desc
 250     }
 251 }
 252
 253 foreach { group } $groupname_gid_sid {
 254     set sid [util_start "bin/wbinfo" "-G [lindex $group 1]"]
 255     set gid [util_start "bin/wbinfo" "-Y [lindex $group 2]"]
 256
 257     set test_desc "lookup sid by gid [lindex $group 1]"
 258
 259     if { $sid != [lindex [split [lindex $group 2] " "] 0] ||
 260          [lindex [split [lindex $group 2] " " ] 1] != 2 } {
 261         fail $test_desc
 262     } else {
 263         pass $test_desc
 264     }
 265
 266     set test_desc "lookup gid by sid [lindex $group 2]"
 267
 268     if { $gid != [lindex $group 1] } {
 269         fail $test_desc
 270     } else {
 271         pass $test_desc
 272     }
 273 }
 274
 275 # Check exit codes
 276
 277 proc check_errcode { args } {
 278     global errorCode
 279     set test_desc [lindex $args 0]
 280     set cmd [lindex $args 1]
 281     set result [lindex $args 2]
 282
 283     set errorCode ""
 284     verbose "Spawning $cmd"
 285     catch "exec $cmd" output
 286     set exit_code [lindex $errorCode 2]
 287     if { $exit_code == "" } { set exit_code 0 }
 288
 289     if { $exit_code == $result } {
 290         verbose "process returned correct exit code $exit_code"
 291         pass $test_desc
 292     } else {
 293         verbose "process returned bad exit code $exit_code instead of $result"
 294         fail $test_desc
 295     }
 296 }
 297
 298 set gooduser_name [lindex [split [lindex $user_list 0] ":"] 0]
 299 set gooduser_sid [util_start "bin/wbinfo" "-n $gooduser_name"]
 300
 301 set goodgroup_name [lindex [split [lindex $group_list 0] ":"] 0]
 302 set goodgroup_sid [util_start "bin/wbinfo" "-n $goodgroup_name"]
 303
 304 # Some conditions not tested:
 305 #   - bad list users/groups
 306 #   - good uid/gid to sid
 307
 308 set errcode_tests [list \
 309         { "exit code, no arg" "bin/wbinfo" 1 } \
 310         { "exit code, invalid arg" "bin/wbinfo -@" 1 } \
 311         { "exit code, list users" "bin/wbinfo -u" 0 } \
 312         { "exit code, list groups" "bin/wbinfo -g" 0 } \
 313         { "exit code, good name to sid" "bin/wbinfo -n $gooduser_name" 0 } \
 314         { "exit code, bad name to sid" "bin/wbinfo -n asmithee" 1 } \
 315         { "exit code, good sid to name" "bin/wbinfo -s $gooduser_sid" 0 } \
 316         { "exit code, bad sid to name" "bin/wbinfo -s S-1234" 1 } \
 317         { "exit code, bad uid to sid" "bin/wbinfo -U 0" 1 } \
 318         { "exit code, bad gid to sid" "bin/wbinfo -G 0" 1} \
 319         { "exit code, good sid to uid" "bin/wbinfo -S $gooduser_sid" 0 } \
 320         { "exit code, bad sid to uid" "bin/wbinfo -S S-1234" 1 } \
 321         { "exit code, good sid to gid" "bin/wbinfo -Y $goodgroup_sid" 0 } \
 322         { "exit code, bad sid to gid" "bin/wbinfo -Y S-1234" 1 } \
 323         ]
 324
 325 foreach { test } $errcode_tests {
 326     check_errcode [lindex $test 0] [lindex $test 1] [lindex $test 2]
 327 }
 328
 329 # Test enumerate trusted domains
 330
 331 set test_desc "enumerate trusted domains"
 332 set output [util_start "bin/wbinfo" "-m"]
 333
 334 verbose $output
 335
 336 foreach { the_domain } $output {
 337     if { $the_domain == $domain} {
 338         fail "own domain appears in trusted list"
 339     }
 340 }
 341
 342 if {[regexp "Usage" $output] || [regexp "Could not" $output]} {
 343     fail $test_desc
 344 } else {
 345     pass $test_desc
 346 }
 347
 348 # Test check machine account
 349
 350 set test_desc "check machine account"
 351 set output [util_start "bin/wbinfo" "-t"]
 352
 353 verbose $output
 354
 355 if {[regexp "Usage" $output] || [regexp "Could not" $output] || \
 356         ![regexp "(good|bad)" $output]} {
 357     fail $test_desc
 358 } else {
 359     pass $test_desc
 360 }