[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Wed Jun 20 10:44:02 MDT 2012 

The branch, master has been updated
       via  bc9e121 s4-torture: Expand whoami test to confirm the user token.
       via  0624351 s4-torture: Change the unix.whoami test to use torture_assert()
      from  5ec4305 ntdb: fix occasional abort in testing.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit bc9e12183f98225d165541448391d896faf4ab7b
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed Jun 20 18:23:18 2012 +1000

    s4-torture: Expand whoami test to confirm the user token.
    
    This uses the tokenGroups attribute on LDAP and the posix whoami call
    to confirm that user token matches between LDAP and CIFS.
    
    I have a seperate patch for the anonymous case, because this isn't
    consistent at this stage, and we need to study and fix that.
    
    Andrew Bartlett
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Wed Jun 20 18:43:43 CEST 2012 on sn-devel-104

commit 06243510dc9e7c29b6a92c2dfe782763e348cebd
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed Jun 20 17:26:48 2012 +1000

    s4-torture: Change the unix.whoami test to use torture_assert()

-----------------------------------------------------------------------

Summary of changes:
 source3/selftest/tests.py     |    2 +-
 source4/torture/unix/whoami.c |   87 +++++++++++++++++++++++++++++------------
 2 files changed, 63 insertions(+), 26 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 0d3bf04..11056b9 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -304,7 +304,7 @@ for t in tests:
         plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=doscharset=ISO-8859-1')
     elif t == "unix.whoami":
         plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD')
-        plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD')
+        plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:addc=true')
     elif t == "raw.samba3posixtimedlock":
         plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/s3dc/share')
         plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/plugin_s4_dc/share')
diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c
index 1e79d7e..3022827 100644
--- a/source4/torture/unix/whoami.c
+++ b/source4/torture/unix/whoami.c
@@ -25,6 +25,12 @@
 #include "auth/credentials/credentials.h"
 #include "param/param.h"
 #include "libcli/resolve/resolve.h"
+#include <ldb.h>
+#include "lib/util/util_ldb.h"
+#include "ldb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+#include "../libcli/security/security.h"
+
 
 /* Size (in bytes) of the required fields in the SMBwhoami response. */
 #define WHOAMI_REQUIRED_SIZE	40
@@ -92,7 +98,7 @@ static struct smbcli_state *connect_to_server(struct torture_context *tctx,
 	return cli;
 }
 
-static bool sid_parse(void *mem_ctx,
+static bool whoami_sid_parse(void *mem_ctx,
 		struct torture_context *torture,
 		DATA_BLOB *data, size_t *offset,
 		struct dom_sid **psid)
@@ -248,7 +254,7 @@ static bool smb_raw_query_posix_whoami(void *mem_ctx,
 				"out of memory");
 
 		for (i = 0; i < whoami->num_sids; ++i) {
-			if (!sid_parse(mem_ctx, torture,
+			if (!whoami_sid_parse(mem_ctx, torture,
 					&tp.out.data, &offset,
 					&whoami->sid_list[i])) {
 				return false;
@@ -264,31 +270,61 @@ static bool smb_raw_query_posix_whoami(void *mem_ctx,
 	return true;
 }
 
+static bool test_against_ldap(struct torture_context *torture, struct ldb_context *ldb, struct smb_whoami *whoami)
+{
+	struct ldb_message *msg;
+	struct ldb_message_element *el;
+
+	const char *attrs[] = { "tokenGroups", NULL };
+	int i;
+
+	torture_assert_int_equal(torture, dsdb_search_one(ldb, torture, &msg, NULL, LDB_SCOPE_BASE, attrs, 0, NULL), LDB_SUCCESS, "searching for tokenGroups");
+	el = ldb_msg_find_element(msg, "tokenGroups");
+	torture_assert(torture, el, "obtaining tokenGroups");
+	torture_assert_int_equal(torture, el->num_values, whoami->num_sids, "Number of SIDs from LDAP and number of SIDs from CIFS does not match!");
+
+	for (i = 0; i < el->num_values; i++) {
+		struct dom_sid *sid = talloc(torture, struct dom_sid);
+		torture_assert(torture, sid != NULL, "talloc failed");
+
+		torture_assert(torture, sid_blob_parse(el->values[i], sid), "sid parse failed");
+		torture_assert_str_equal(torture, dom_sid_string(sid, sid), dom_sid_string(sid, whoami->sid_list[i]), "SID from LDAP and SID from CIFS does not match!");
+		talloc_free(sid);
+	}
+	return true;
+}
+
 bool torture_unix_whoami(struct torture_context *torture)
 {
 	struct smbcli_state *cli;
 	struct cli_credentials *anon_credentials;
 	struct smb_whoami whoami;
+	bool ret;
+	struct ldb_context *ldb;
 
-	if (!(cli = connect_to_server(torture, cmdline_credentials))) {
-		return false;
-	}
+	cli = connect_to_server(torture, cmdline_credentials);
+	torture_assert(torture, cli, "connecting to server with authenticated credentials");
 
 	/* Test basic authenticated mapping. */
-	printf("calling SMB_QFS_POSIX_WHOAMI on an authenticated connection\n");
-	if (!smb_raw_query_posix_whoami(torture, torture,
-				cli, &whoami, 0xFFFF)) {
-		smbcli_tdis(cli);
-		return false;
+	torture_assert_goto(torture, smb_raw_query_posix_whoami(torture, torture,
+						       cli, &whoami, 0xFFFF), ret, fail,
+			    "calling SMB_QFS_POSIX_WHOAMI on an authenticated connection");
+
+	if (torture_setting_bool(torture, "addc", false)) {
+		ldb = ldb_wrap_connect(torture, torture->ev, torture->lp_ctx, talloc_asprintf(torture, "ldap://%s", torture_setting_string(torture, "host", NULL)),
+				       NULL, cmdline_credentials, 0);
+		torture_assert(torture, ldb, "ldb connect failed");
+
+		/* We skip this testing if we could not contact the LDAP server */
+		if (!test_against_ldap(torture, ldb, &whoami)) {
+			goto fail;
+		}
 	}
 
 	/* Test that the server drops the UID and GID list. */
-	printf("calling SMB_QFS_POSIX_WHOAMI with a small buffer\n");
-	if (!smb_raw_query_posix_whoami(torture, torture,
-				cli, &whoami, 0x40)) {
-		smbcli_tdis(cli);
-		return false;
-	}
+	torture_assert_goto(torture, smb_raw_query_posix_whoami(torture, torture,
+						  cli, &whoami, 0x40), ret, fail,
+		       "calling SMB_QFS_POSIX_WHOAMI with a small buffer\n");
 
 	torture_assert_int_equal(torture, whoami.num_gids, 0,
 			"invalid GID count");
@@ -299,18 +335,15 @@ bool torture_unix_whoami(struct torture_context *torture)
 
 	smbcli_tdis(cli);
 
-	printf("calling SMB_QFS_POSIX_WHOAMI on an anonymous connection\n");
+	torture_comment(torture, "calling SMB_QFS_POSIX_WHOAMI on an anonymous connection\n");
 	anon_credentials = cli_credentials_init_anon(torture);
 
-	if (!(cli = connect_to_server(torture, anon_credentials))) {
-		return false;
-	}
+	cli = connect_to_server(torture, anon_credentials);
+	torture_assert(torture, cli, "calling SMB_QFS_POSIX_WHOAMI on an anonymous connection");
 
-	if (!smb_raw_query_posix_whoami(torture, torture,
-				cli, &whoami, 0xFFFF)) {
-		smbcli_tdis(cli);
-		return false;
-	}
+	torture_assert_goto(torture, smb_raw_query_posix_whoami(torture, torture,
+								cli, &whoami, 0xFFFF), ret, fail,
+			    "calling SMB_QFS_POSIX_WHOAMI on an anonymous connection");
 
 	smbcli_tdis(cli);
 
@@ -327,6 +360,10 @@ bool torture_unix_whoami(struct torture_context *torture)
 	}
 
 	return true;
+fail:
+
+	smbcli_tdis(cli);
+	return ret;
 }
 
 /* vim: set sts=8 sw=8 : */


-- 
Samba Shared Repository

More information about the samba-cvs mailing list