samba-tool/backup: set the right permissions on our root dir
[samba4-gss.git] / nsswitch / tests / test_idmap_rfc2307.sh
blobb24cf4554b74c3406e7948fdf93fa1d5e97a3372
1 #!/bin/sh
2 # Test id mapping through idmap_rfc2307 module
3 if [ $# -lt 15 ]; then
4 echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 \
5 GROUPNAME GID GROUPNAME2 GID2 GID_START NUMGROUPS \
6 LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
7 exit 1
8 fi
10 DOMAIN="$1"
11 USERNAME="$2"
12 USERUID="$3"
13 USERNAME2="$4"
14 USERUID2="$5"
15 GROUPNAME="$6"
16 GROUPGID="$7"
17 GROUPNAME2="$8"
18 GROUPGID2="$9"
19 shift 9
20 GID_START="$1"
21 NUMGROUPS="$2"
22 LDAPPREFIX="$3"
23 DC_SERVER="$4"
24 DC_USERNAME="$5"
25 DC_PASSWORD="$6"
27 wbinfo="$VALGRIND $BINDIR/wbinfo"
28 net="$VALGRIND $BINDIR/net"
30 ldbsearch="ldbsearch"
31 if [ -x "$BINDIR/ldbsearch" ]; then
32 ldbsearch="$BINDIR/ldbsearch"
35 ldbadd="ldbadd"
36 if [ -x "$BINDIR/ldbadd" ]; then
37 ldbadd="$BINDIR/ldbadd"
40 ldbdel="ldbdel"
41 if [ -x "$BINDIR/ldbdel" ]; then
42 ldbdel="$BINDIR/ldbdel"
45 failed=0
47 . $(dirname $0)/../../testprogs/blackbox/subunit.sh
49 # Delete LDAP records
50 $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX" --controls="tree_delete:1"
52 # Add id mapping information to LDAP
54 testit "add ldap prefix" $VALGRIND $ldbadd -H ldap://$DC_SERVER \
55 -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
56 dn: $LDAPPREFIX
57 objectclass: organizationalUnit
58 EOF
60 testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER \
61 -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
62 dn: cn=$USERNAME,$LDAPPREFIX
63 objectClass: organizationalPerson
64 objectClass: posixAccount
65 ou: People
66 cn: $USERNAME
67 uid: $USERNAME
68 uidNumber: $USERUID
69 gidNumber: 1
70 homeDirectory: /home/admin
71 EOF
73 testit "add second ldap user mapping record" $VALGRIND $ldbadd \
74 -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
75 dn: cn=$USERNAME2,$LDAPPREFIX
76 objectClass: organizationalPerson
77 objectClass: posixAccount
78 ou: People
79 cn: $USERNAME2
80 uid: $USERNAME2
81 uidNumber: $USERUID2
82 gidNumber: 2
83 homeDirectory: /home/admin
84 EOF
86 testit "add ldap group mapping record" $VALGRIND $ldbadd \
87 -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
88 dn: cn=$GROUPNAME,$LDAPPREFIX
89 objectClass: posixGroup
90 objectClass: groupOfNames
91 cn: $GROUPNAME
92 gidNumber: $GROUPGID
93 member: cn=$USERNAME,$LDAPPREFIX
94 EOF
96 testit "add second ldap group mapping record" $VALGRIND $ldbadd \
97 -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
98 dn: cn=$GROUPNAME2,$LDAPPREFIX
99 objectClass: posixGroup
100 objectClass: groupOfNames
101 cn: $GROUPNAME2
102 gidNumber: $GROUPGID2
103 member: cn=$USERNAME,$LDAPPREFIX
106 testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN/$USERNAME" || failed=$(expr $failed + 1)
107 user_sid=$($wbinfo -n "$DOMAIN/$USERNAME" | cut -d " " -f1)
108 echo "$DOMAIN/$USERNAME resolved to $user_sid"
110 testit "wbinfo --sid-to-uid=$user_sid" $wbinfo --sid-to-uid=$user_sid || failed=$(expr $failed + 1)
111 user_uid=$($wbinfo --sid-to-uid=$user_sid | cut -d " " -f1)
112 echo "$DOMAIN/$USERNAME resolved to $user_uid"
114 testit "test $user_uid -eq $USERUID" test $user_uid -eq $USERUID || failed=$(expr $failed + 1)
116 # Not sure how to get group names with spaces to resolve through testit
117 #testit "wbinfo --name-to-sid" $wbinfo --name-to-sid="$DOMAIN/$GROUPNAME" || failed=$(expr $failed + 1)
118 group_sid=$($wbinfo --name-to-sid="$DOMAIN/$GROUPNAME" | cut -d " " -f1)
119 echo "$DOMAIN/$GROUPNAME resolved to $group_sid"
121 testit "wbinfo --sid-to-gid=$group_sid" $wbinfo --sid-to-gid=$group_sid || failed=$(expr $failed + 1)
122 group_gid=$($wbinfo --sid-to-gid=$group_sid | cut -d " " -f1)
123 echo "$DOMAIN/$GROUPNAME resolved to $group_gid"
125 testit "test $group_gid -eq $GROUPGID" test $group_gid -eq $GROUPGID || failed=$(expr $failed + 1)
127 # Use different user and group for reverse lookup to not read from cache
129 testit "$wbinfo --uid-to-sid=$USERUID2" $wbinfo --uid-to-sid=$USERUID2 || failed=$(expr $failed + 1)
130 user_sid2=$($wbinfo --uid-to-sid=$USERUID2 | cut -d " " -f1)
131 echo "UID $USERUID2 resolved to SID $user_sid2"
133 testit "$wbinfo --sid-to-name=$user_sid2" $wbinfo --sid-to-name=$user_sid2 || failed=$(expr $failed + 1)
134 user_name2=$($wbinfo --sid-to-name=$user_sid2 | cut -d " " -f1)
135 echo "SID $user_sid2 resolved to $user_name2"
137 testit "test $user_name2 = $DOMAIN/$USERNAME2" test "$(echo $user_name2 | tr A-Z a-z)" = "$(echo $DOMAIN/$USERNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1)
139 testit "$wbinfo --gid-to-sid=$GROUPGID2" $wbinfo --gid-to-sid=$GROUPGID2 || failed=$(expr $failed + 1)
140 group_sid2=$($wbinfo --gid-to-sid=$GROUPGID2 | cut -d " " -f1)
141 echo "GID $GROUPGID2 resolved to SID $group_sid2"
143 testit "$wbinfo --sid-to-name=$group_sid2" $wbinfo --sid-to-name=$group_sid2 || failed=$(expr $failed + 1)
144 group_name2=$($wbinfo --sid-to-name=$group_sid2 | cut -d " " -f1)
145 echo "SID $group_sid2 resolved to $group_name2"
147 testit "test $group_name2 = $DOMAIN/$GROUPNAME2" test "$(echo $group_name2 | tr A-Z a-z)" = "$(echo $DOMAIN/$GROUPNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1)
150 while [ ${i} -lt ${NUMGROUPS} ]; do
151 GRP=$(printf "test_rfc2307_group_%3.3d" "$i")
152 GRP_GID=$(expr "$GID_START" + "$i")
153 testit "Add group $GRP" $net rpc group add "$GRP" -S "$DC_SERVER" \
154 -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
155 failed=$(expr $failed + 1)
156 testit "Add groupmem $GRP $USERNAME" \
157 $net rpc group addmem "$GRP" "$USERNAME" \
158 -S "$DC_SERVER" \
159 -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
160 failed=$(expr $failed + 1)
161 testit "Add group object for $GRP $GRP_GID" \
162 $VALGRIND $ldbadd \
163 -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
164 dn: cn=$GRP,$LDAPPREFIX
165 objectClass: posixGroup
166 objectClass: groupOfNames
167 cn: $GRP
168 gidNumber: $GRP_GID
169 member: cn=$USERNAME,$LDAPPREFIX
171 i=$(expr "$i" + 1)
172 done
174 # Test whether wbinfo --xids-to-sids finds everything
176 GIDS=""
178 while [ ${i} -lt ${NUMGROUPS} ]; do
179 GIDS="$GIDS g$(expr ${i} + ${GID_START})"
180 i=$(expr "$i" + 1)
181 done
182 NUM_VALID_SIDS=$($wbinfo --unix-ids-to-sids="$GIDS" | grep -v ^"NOT MAPPED" | wc -l)
184 testit "Count number of valid sids found" \
185 test ${NUM_VALID_SIDS} = ${NUMGROUPS} ||
186 failed=$(expr $failed + 1)
188 # Prime the cache so we test idmap, not the harder problem of
189 # consistent group memberships for users without a login.
191 testit "Authenticate the user to prime the netlogon cache" \
192 $wbinfo -a $DOMAIN/$DC_USERNAME%$DC_PASSWORD || failed=$(expr $failed + 1)
194 # Test whether wbinfo -r shows all groups
196 EXPECTED_USERGROUPS="1000000/1000001/2000002/"
198 while [ ${i} -lt ${NUMGROUPS} ]; do
199 EXPECTED_USERGROUPS="$EXPECTED_USERGROUPS$(expr ${i} + ${GID_START})/"
200 i=$(expr "$i" + 1)
201 done
203 USERGROUPS=$($wbinfo -r $DOMAIN/$USERNAME | sort -n | tr '\n' '/')
205 testit "Testing for expected group memberships" \
206 test "$USERGROUPS" = "$EXPECTED_USERGROUPS" ||
207 failed=$(expr $failed + 1)
210 while [ ${i} -lt ${NUMGROUPS} ]; do
211 GRP=$(printf "test_rfc2307_group_%3.3d" ${i})
212 testit "Del group $GRP" $net rpc group delete "$GRP" -S "$DC_SERVER" \
213 -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
214 failed=$(expr $failed + 1)
215 i=$(expr "$i" + 1)
216 done
218 # Delete LDAP records
219 $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX" --controls="tree_delete:1"
221 exit $failed