From: Nick Porter Date: Mon, 12 Feb 2024 11:44:58 +0000 (+0000) Subject: Add tests of rlm_winbind X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=14b8b42883d121097e5d212d4811666ef45121ef;p=thirdparty%2Ffreeradius-server.git Add tests of rlm_winbind --- diff --git a/.github/actions/ci-tests/action.yml b/.github/actions/ci-tests/action.yml index 59e2c12f83c..02d71d5447b 100644 --- a/.github/actions/ci-tests/action.yml +++ b/.github/actions/ci-tests/action.yml @@ -229,6 +229,7 @@ runs: RFC4533_TEST_SERVER: ldap://${{ inputs.ldap_test_server }}:${{ inputs.ldap_test_server_port }}/ PERSISTENT_SEARCH_TEST_SERVER: ldap://${{ inputs.ldap389_test_server }}:${{ inputs.ldap389_test_server_port }}/ ACTIVE_DIRECTORY_TEST_SERVER: ${{ inputs.active_directory_test_server }} + WINBIND_TEST_SERVER: ${{ inputs.active_directory_test_server }} REST_TEST_SERVER: ${{ inputs.rest_test_server }} REST_TEST_SERVER_PORT: ${{ inputs.rest_test_port }} REST_TEST_SERVER_SSL_PORT: ${{ inputs.rest_test_ssl_port }} diff --git a/scripts/ci/samba-setup.sh b/scripts/ci/samba-setup.sh index af5eb94920e..362ba98a61c 100755 --- a/scripts/ci/samba-setup.sh +++ b/scripts/ci/samba-setup.sh @@ -47,6 +47,9 @@ fi # Allow non TLS LDAP connections to Samba sudo sed -i 's/\[global\]/\[global\]\n\tldap server require strong auth = no/' /etc/samba/smb.conf +# Create user for testing winbind auth +sudo /usr/bin/samba-tool user create aduser secret_123 + # Start the domain controller if [ "$USE_DOCKER" != "true" ]; then sudo systemctl start samba-ad-dc diff --git a/src/tests/modules/unit_test_module.conf b/src/tests/modules/unit_test_module.conf index 6eba4ea57f9..01f4bc34f64 100644 --- a/src/tests/modules/unit_test_module.conf +++ b/src/tests/modules/unit_test_module.conf @@ -52,6 +52,8 @@ server default { authenticate pap { pap } + + $-INCLUDE $ENV{MODULE_TEST_DIR}/authenticate.conf } policy { diff --git a/src/tests/modules/winbind/all.mk b/src/tests/modules/winbind/all.mk new file mode 100644 index 00000000000..22c86d95bb5 --- /dev/null +++ b/src/tests/modules/winbind/all.mk @@ -0,0 +1,6 @@ +# +# Test the "winbind" module +# + +# Don't test winbind if WINBIND_TEST_SERVER ENV is not set +winbind_require_test_server := 1 diff --git a/src/tests/modules/winbind/auth.attrs b/src/tests/modules/winbind/auth.attrs new file mode 100644 index 00000000000..7ca74a8b130 --- /dev/null +++ b/src/tests/modules/winbind/auth.attrs @@ -0,0 +1,11 @@ +# +# Input packet +# +Packet-Type = Access-Request +User-Name = 'aduser' +User-Password = 'secret_123' + +# +# Expected answer +# +Packet-Type == Access-Accept diff --git a/src/tests/modules/winbind/auth.unlang b/src/tests/modules/winbind/auth.unlang new file mode 100644 index 00000000000..43f5905b6ae --- /dev/null +++ b/src/tests/modules/winbind/auth.unlang @@ -0,0 +1,10 @@ +# Test "authenticate" winbind call. +winbind + +if !(&control.Auth-Type == winbind) { + test_fail +} + +winbind.authenticate + +test_pass diff --git a/src/tests/modules/winbind/authenticate.conf b/src/tests/modules/winbind/authenticate.conf new file mode 100644 index 00000000000..90a6583ba4c --- /dev/null +++ b/src/tests/modules/winbind/authenticate.conf @@ -0,0 +1,3 @@ +authenticate winbind { + winbind +} diff --git a/src/tests/modules/winbind/group.attrs b/src/tests/modules/winbind/group.attrs new file mode 100644 index 00000000000..7ca74a8b130 --- /dev/null +++ b/src/tests/modules/winbind/group.attrs @@ -0,0 +1,11 @@ +# +# Input packet +# +Packet-Type = Access-Request +User-Name = 'aduser' +User-Password = 'secret_123' + +# +# Expected answer +# +Packet-Type == Access-Accept diff --git a/src/tests/modules/winbind/group.unlang b/src/tests/modules/winbind/group.unlang new file mode 100644 index 00000000000..6f892eab395 --- /dev/null +++ b/src/tests/modules/winbind/group.unlang @@ -0,0 +1,9 @@ +if !(%winbind.group('domain users')) { + test_fail +} + +if (%winbind.group('nongroup')) { + test_fail +} + +test_pass diff --git a/src/tests/modules/winbind/module.conf b/src/tests/modules/winbind/module.conf new file mode 100644 index 00000000000..94649993c1f --- /dev/null +++ b/src/tests/modules/winbind/module.conf @@ -0,0 +1,8 @@ +#winbind unit test config + +winbind { + username = "%{&Stripped-User-Name || &User-Name}" + group { + search_username = "%{&Stripped-User-Name || &User-Name}" + } +}