libads: Make ads_cldap_netlogon() static

[samba4-gss.git] / nsswitch / tests / test_idmap_rid.sh

#!/bin/sh
#
# Test id mapping with various SIDs and idmap_rid
#

if [ $# -lt 1 ]; then
        echo Usage: $0 DOMAIN RANGE_START
        exit 1
fi

DOMAIN="$1"
RANGE_START="$2"

wbinfo="$VALGRIND $BINDIR/wbinfo"
failed=0

. $(dirname $0)/../../testprogs/blackbox/subunit.sh

DOMAIN_SID=$($wbinfo -n "$DOMAIN/" | cut -f 1 -d " ")
if [ $? -ne 0 ]; then
        echo "Could not find domain SID" | subunit_fail_test "test_idmap_rid"
        exit 1
fi

# Find an unused uid and SID
RID=66666
MAX_RID=77777
while true; do
        id $RID
        if [ $? -ne 0 ]; then
                SID="$DOMAIN_SID-$RID"
                $wbinfo -s $SID
                if [ $? -ne 0 ]; then
                        break
                fi
        fi
        RID=$(expr $RID + 1)
        if [ $RID -eq $MAX_RID ]; then
                echo "Could not find free SID" | subunit_fail_test "test_idmap_rid"
                exit 1
        fi
done

#
# Test 1: Using non-existing SID to check backend returns a mapping
#

EXPECTED_ID=$(expr $RID + $RANGE_START)
out="$($wbinfo --sids-to-unix-ids=$SID)"
echo "wbinfo returned: \"$out\", expecting \"$SID -> uid/gid $EXPECTED_ID\""
test "$out" = "$SID -> uid/gid $EXPECTED_ID"
ret=$?
testit "Unknown RID from primary domain returns a mapping" test $ret -eq 0 || failed=$(expr $failed + 1)

#
# Test 2: Using bogus SID with bad domain part to check idmap backend does not generate a mapping
#

SID=S-1-5-21-1111-2222-3333-666
out="$($wbinfo --sids-to-unix-ids=$SID)"
echo "wbinfo returned: \"$out\", expecting \"$SID -> unmapped\""
test "$out" = "$SID -> unmapped"
ret=$?
testit "Bogus SID returns unmapped" test $ret -eq 0 || failed=$(expr $failed + 1)

#
# Test 3: ID_TYPE_BOTH mappings for group
#

GROUP="$DOMAIN/Domain Users"
GROUP_SID=$($wbinfo --name-to-sid="$GROUP" | sed -e 's/ .*//')

uid=$($wbinfo --sid-to-uid=$GROUP_SID)
ret=$?
testit "ID_TYPE_BOTH group map to uid succeeds" test $ret -eq 0 ||
        failed=$(expr $failed + 1)
testit "ID_TYPE_BOTH group map to uid has result" test -n $uid ||
        failed=$(expr $failed + 1)

gid=$($wbinfo --sid-to-gid=$GROUP_SID)
ret=$?
testit "ID_TYPE_BOTH group map to gid succeeds" test $ret -eq 0 ||
        failed=$(expr $failed + 1)
testit "ID_TYPE_BOTH group map to gid has result" test -n $gid ||
        failed=$(expr $failed + 1)

testit "ID_TYPE_BOTH group uid equals gid" test $uid -eq $gid ||
        failed=$(expr $failed + 1)

group_pw="$DOMAIN/domain users:*:$uid:$gid::/home/$DOMAIN/domain users:/bin/false"

out=$(getent passwd "$GROUP")
ret=$?
testit "getpwnam for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||
        failed=$(expr $failed + 1)

test "$out" = "$group_pw"
ret=$?
testit "getpwnam for ID_TYPE_BOTH group output" test $ret -eq 0 ||
        failed=$(expr $failed + 1)

out=$(getent passwd $uid)
ret=$?
testit "getpwuid for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||
        failed=$(expr $failed + 1)
test "$out" = "$group_pw"
ret=$?
testit "getpwuid for ID_TYPE_BOTH group output" test $ret -eq 0 ||
        failed=$(expr $failed + 1)

group_gr="$DOMAIN/domain users:x:$gid"

out=$(getent group "$GROUP")
ret=$?
testit "getgrnam for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||
        failed=$(expr $failed + 1)
# Compare only 'groupname:x:gid' part, drop the members
normalized_out=$(echo "$out" | cut -d: -f1-3)
test "$normalized_out" = "$group_gr"
ret=$?
testit "getgrnam for ID_TYPE_BOTH group output" test $ret -eq 0 ||
        failed=$(expr $failed + 1)

out=$(getent group "$gid")
ret=$?
testit "getgrgid for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||
        failed=$(expr $failed + 1)
# Compare only 'groupname:x:gid' part, drop the members
normalized_out=$(echo "$out" | cut -d: -f1-3)
test "$normalized_out" = "$group_gr"
ret=$?
testit "getgrgid for ID_TYPE_BOTH group output" test $ret -eq 0 ||
        failed=$(expr $failed + 1)

#
# Test 4: ID_TYPE_BOTH mappings for user
#

dom_users_gid=$gid

USER="$DOMAIN/Administrator"
USER_SID=$($wbinfo --name-to-sid="$USER" | sed -e 's/ .*//')

uid=$($wbinfo --sid-to-uid=$USER_SID)
ret=$?
testit "ID_TYPE_BOTH user map to uid succeeds" test $ret -eq 0 ||
        failed=$(expr $failed + 1)
testit "ID_TYPE_BOTH user map to uid has result" test -n $uid ||
        failed=$(expr $failed + 1)

gid=$($wbinfo --sid-to-gid=$USER_SID)
ret=$?
testit "ID_TYPE_BOTH user map to gid succeeds" test $ret -eq 0 ||
        failed=$(expr $failed + 1)
testit "ID_TYPE_BOTH user map to gid has result" test -n $gid ||
        failed=$(expr $failed + 1)

testit "ID_TYPE_BOTH user uid equals gid" test $uid -eq $gid ||
        failed=$(expr $failed + 1)

user_pw="$DOMAIN/administrator:*:$uid:$dom_users_gid::/home/$DOMAIN/administrator:/bin/false"

out=$(getent passwd "$USER")
ret=$?
testit "getpwnam for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||
        failed=$(expr $failed + 1)

test "$out" = "$user_pw"
ret=$?
testit "getpwnam for ID_TYPE_BOTH user output" test $ret -eq 0 ||
        failed=$(expr $failed + 1)

out=$(getent passwd $uid)
ret=$?
testit "getpwuid for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||
        failed=$(expr $failed + 1)
test "$out" = "$user_pw"
ret=$?
testit "getpwuid for ID_TYPE_BOTH user output" test $ret -eq 0 ||
        failed=$(expr $failed + 1)

user_gr="$DOMAIN/administrator:x:$gid:$DOMAIN/administrator"

out=$(getent group "$USER")
ret=$?
testit "getgrnam for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||
        failed=$(expr $failed + 1)
test "$out" = "$user_gr"
ret=$?
testit "getgrnam for ID_TYPE_BOTH user output" test $ret -eq 0 ||
        failed=$(expr $failed + 1)

out=$(getent group "$gid")
ret=$?
testit "getgrgid for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||
        failed=$(expr $failed + 1)
test "$out" = "$user_gr"
ret=$?
testit "getgrgid for ID_TYPE_BOTH user output" test $ret -eq 0 ||
        failed=$(expr $failed + 1)

exit $failed