From: Noel Power <noel.power@suse.com>
Date: Thu, 29 Sep 2016 15:50:58 +0000 (+0100)
Subject: Add a blackbox tests for id & getent to test domain@realm type credentials
X-Git-Tag: samba-4.4.7~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0790769c09bcf5100770b7fadf076f74b9970323;p=thirdparty%2Fsamba.git

Add a blackbox tests for id & getent to test domain@realm type credentials

Using domain@realm credentials has been problematic when
global conf setting "winbind use default domain" is enabled, this patch
creates a new s4member_dflt_domain environment (where
"winbind use default domain" is enabled) and runs getent & id against the
normal s4member & and new s4member_dflt_domain environments

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ebfe3c85d0bbdf5d5f7459ddd61e3b44c3ec2bd3)
---

diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index 17a2bbe5f9b..64de27c1e88 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -296,6 +296,7 @@ sub get_interface($)
     $interfaces{"promotedvdc"} = 33;
     $interfaces{"rfc2307member"} = 34;
     $interfaces{"fileserver"} = 35;
+    $interfaces{"s4member_dflt"} = 36;
 
     # update lib/socket_wrapper/socket_wrapper.c
     #  #define MAX_WRAPPED_INTERFACES 40
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 836c15de419..028df3c7e0c 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -936,10 +936,10 @@ $extra_smbconf_shares
 	return $self->provision_raw_step2($ctx, $ret);
 }
 
-sub provision_s4member($$$)
+sub provision_s4member($$$$$)
 {
-	my ($self, $prefix, $dcvars) = @_;
-	print "PROVISIONING MEMBER...";
+	my ($self, $prefix, $dcvars, $hostname, $more_conf) = @_;
+	print "PROVISIONING MEMBER...\n";
 	my $extra_smb_conf = "
         passdb backend = samba_dsdb
 winbindd:use external pipes = true
@@ -954,9 +954,12 @@ rpc_server:spoolss = embedded
 rpc_daemon:spoolssd = embedded
 rpc_server:tcpip = no
 ";
+	if ($more_conf) {
+		$extra_smb_conf = $extra_smb_conf . $more_conf . "\n";
+	}
 	my $ret = $self->provision($prefix,
 				   "member server",
-				   "s4member",
+				   $hostname,
 				   "SAMBADOMAIN",
 				   "samba.example.com",
 				   "2008",
@@ -1893,6 +1896,11 @@ sub setup_env($$$)
 			$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
 		}
 		return $self->setup_subdom_dc("$path/subdom_dc", $self->{vars}->{ad_dc_ntvfs});
+	} elsif ($envname eq "s4member_dflt_domain") {
+		if (not defined($self->{vars}->{ad_dc_ntvfs})) {
+			$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
+		}
+		return $self->setup_s4member_dflt_domain("$path/s4member_dflt_domain", $self->{vars}->{ad_dc_ntvfs});
 	} elsif ($envname eq "s4member") {
 		if (not defined($self->{vars}->{ad_dc_ntvfs})) {
 			$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
@@ -1931,7 +1939,7 @@ sub setup_s4member($$$)
 {
 	my ($self, $path, $dc_vars) = @_;
 
-	my $env = $self->provision_s4member($path, $dc_vars);
+	my $env = $self->provision_s4member($path, $dc_vars, "s4member");
 
 	if (defined $env) {
 	        if (not defined($self->check_or_start($env, "single"))) {
@@ -1944,6 +1952,24 @@ sub setup_s4member($$$)
 	return $env;
 }
 
+sub setup_s4member_dflt_domain($$$)
+{
+	my ($self, $path, $dc_vars) = @_;
+
+	my $env = $self->provision_s4member($path, $dc_vars, "s4member_dflt",
+					    "winbind use default domain = yes");
+
+	if (defined $env) {
+	        if (not defined($self->check_or_start($env, "standard"))) {
+		        return undef;
+		}
+
+		$self->{vars}->{s4member_dflt_domain} = $env;
+	}
+
+	return $env;
+}
+
 sub setup_rpc_proxy($$$)
 {
 	my ($self, $path, $dc_vars) = @_;
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 66c85092aa6..7eb4e462b55 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -510,6 +510,13 @@ for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_dc_ntvfs", "ad_member", "s4memb
 
     plantestsuite("samba.ntlm_auth.(%s:local)" % env, "%s:local" % env, [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_s3.sh"), valgrindify(python), samba3srcdir, ntlm_auth3,  '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', configuration])
 
+for env in ["s4member_dflt_domain", "s4member"]:
+    for cmd in ["id", "getent"]:
+        users = ["$DC_USERNAME", "$DC_USERNAME@$REALM"]
+        if env == "s4member":
+            users = ["$DOMAIN/$DC_USERNAME", "$DC_USERNAME@$REALM"]
+        for usr in users:
+            plantestsuite("samba4.winbind.dom_name_parse.cmd", env, "%s/dom_parse.sh %s %s" % (bbdir,cmd,usr))
 
 nsstest4 = binpath("nsstest")
 for env in ["ad_dc:local", "ad_dc_ntvfs:local", "s4member:local", "nt4_dc:local", "ad_member:local", "nt4_member:local"]:
diff --git a/testprogs/blackbox/dom_parse.sh b/testprogs/blackbox/dom_parse.sh
new file mode 100755
index 00000000000..dd14f0d7ca9
--- /dev/null
+++ b/testprogs/blackbox/dom_parse.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+# Blackbox wrapper for nsstest
+# Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org>
+# Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org>
+
+if [ $# -lt 2 ]; then
+cat <<EOF
+Usage: dom_parse.sh [id|getent] $USER
+EOF
+exit 1;
+fi
+
+USER=$2
+CMD=$1
+EXTRA=""
+shift 2
+failed=0
+
+. `dirname $0`/subunit.sh
+
+if [ "$CMD" = "getent" ]; then
+    EXTRA="passwd"
+fi
+
+testit "samba4.winbind.dom_name_parse.cmd.$CMD" $CMD $EXTRA $USER || failed=`expr $failed + 1`
+
+exit $failed