[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Oct 21 01:18:04 UTC 2020
The branch, master has been updated
via e246976b676 s3:tests: Add tests for 'valid users'.
from 5fa89897af2 Rename Samba's DCO to Samba Developer's Declaration
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e246976b676bff0e7672da80fbcebe3e900dd6b0
Author: Denis Karpelevich <dkarpele at redhat.com>
Date: Mon Oct 19 16:20:04 2020 +0300
s3:tests: Add tests for 'valid users'.
Extending testsuite for option 'valid/invalid users' from smb.conf.
Signed-off-by: Denis Karpelevich <dkarpele at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Oct 21 01:17:05 UTC 2020 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail.d/smb1-tests | 2 +
selftest/target/Samba3.pm | 40 +++++++++
source3/script/tests/test_smbclient_s3.sh | 138 +++++++++++++++++++++++++++++
source3/script/tests/test_substitutions.sh | 10 +++
4 files changed, 190 insertions(+)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail.d/smb1-tests b/selftest/knownfail.d/smb1-tests
index 7d349fdc261..28e78fa0427 100644
--- a/selftest/knownfail.d/smb1-tests
+++ b/selftest/knownfail.d/smb1-tests
@@ -30,6 +30,8 @@
^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.rename_dotdot\((ad_member|nt4_member)\)
^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.volume\((ad_member|nt4_member)\)
^samba3.blackbox.smbclient_s3.NT1.(plain|sign).member_creds.delete a non empty directory\((ad_member|nt4_member)\)
+^samba3.blackbox.smbclient_s3.*valid.users.nt4.*
+^samba3.blackbox.smbclient_s3.NT1.*valid.users.*
^samba3.unix.whoami machine account.whoami\(ad_member:local\)
^samba3.unix.whoami.whoami\(nt4_member\)
^samba3.unix.whoami anonymous connection.whoami\(nt4_member\)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 646ff9b4895..cfa2677a673 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -716,6 +716,46 @@ sub provision_ad_member
path = $share_dir
valid users = ADDOMAIN/%U
+[sub_valid_users_domain]
+ path = $share_dir
+ valid users = %D/%U
+
+[sub_valid_users_group]
+ path = $share_dir
+ valid users = \@$dcvars->{DOMAIN}/%G
+
+[valid_users]
+ path = $share_dir
+ valid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME}
+
+[valid_users_group]
+ path = $share_dir
+ valid users = \"\@$dcvars->{DOMAIN}/domain users\"
+
+[valid_users_unix_group]
+ path = $share_dir
+ valid users = \"+$dcvars->{DOMAIN}/domain users\"
+
+[valid_users_nis_group]
+ path = $share_dir
+ valid users = \"&$dcvars->{DOMAIN}/domain users\"
+
+[valid_users_unix_nis_group]
+ path = $share_dir
+ valid users = \"+&$dcvars->{DOMAIN}/domain users\"
+
+[valid_users_nis_unix_group]
+ path = $share_dir
+ valid users = \"&+$dcvars->{DOMAIN}/domain users\"
+
+[invalid_users]
+ path = $share_dir
+ invalid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME}
+
+[valid_and_invalid_users]
+ path = $share_dir
+ valid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME} $dcvars->{DOMAIN}/alice
+ invalid users = $dcvars->{DOMAIN}/$dcvars->{DC_USERNAME}
";
my $ret = $self->provision(
diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh
index 62662690415..7d31af9e1ab 100755
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -1796,6 +1796,140 @@ EOF
fi
}
+test_valid_users()
+{
+ tmpfile=$PREFIX/smbclient_interactive_prompt_commands
+ cat > $tmpfile <<EOF
+ls
+quit
+EOF
+ # User in "valid users" can login to service
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_users $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ ret=$?
+
+ if [ $ret -ne 0 ] ; then
+ echo "$out"
+ echo "test_valid_users:valid_users 'User in 'valid users' can login to service' failed - $ret"
+ return 1
+ fi
+
+ # User from ad group in "valid users" can login to service
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_users_group $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ ret=$?
+
+ if [ $ret -ne 0 ] ; then
+ echo "$out"
+ echo "test_valid_users:valid_users_group 'User from ad group in 'valid users' can login to service' failed - $ret"
+ return 1
+ fi
+
+ # User from UNIX group in "valid users" can login to service
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_users_unix_group $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ ret=$?
+
+ if [ $ret -ne 0 ] ; then
+ echo "$out"
+ echo "test_valid_users:valid_users_unix_group 'User from UNIX group in 'valid users' can login to service' failed - $ret"
+ return 1
+ fi
+
+ # User not in NIS group in "valid users" can't login to service
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_users_nis_group $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ echo "$out" | grep 'NT_STATUS_ACCESS_DENIED'
+ ret=$?
+
+ if [ $ret -ne 0 ] ; then
+ echo "$out"
+ echo "test_valid_users:valid_users_nis_group 'User not in NIS group in 'valid users' can't login to service' failed - $ret"
+ return 1
+ fi
+
+ # Check user in UNIX, then in NIS group in "valid users" can login to service
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_users_unix_nis_group $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ ret=$?
+
+ if [ $ret -ne 0 ] ; then
+ echo "$out"
+ echo "test_valid_users:valid_users_unix_nis_group 'Check user in UNIX, then in NIS group in 'valid users' can login to service' failed - $ret"
+ return 1
+ fi
+
+ # Check user in NIS, then in UNIX group in "valid users" can login to service
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_users_nis_unix_group $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ ret=$?
+
+ if [ $ret -ne 0 ] ; then
+ echo "$out"
+ echo "test_valid_users:valid_users_nis_unix_group 'Check user in NIS, then in UNIX group in 'valid users' can login to service' failed - $ret"
+ return 1
+ fi
+
+ # User not in "invalid users" can login to service
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -Ualice%Secret007 //$SERVER/invalid_users $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ ret=$?
+
+ if [ $ret -ne 0 ] ; then
+ echo "$out"
+ echo "test_valid_users:invalid_users 'User not in 'invalid users' can login to service' failed - $ret"
+ return 1
+ fi
+
+ # User in "invalid users" can't login to service
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/invalid_users $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ echo "$out" | grep 'NT_STATUS_ACCESS_DENIED'
+ ret=$?
+
+ if [ $ret -ne 0 ] ; then
+ echo "$out"
+ echo "test_valid_users:invalid_users 'User in 'invalid users' can't login to service' failed - $ret"
+ return 1
+ fi
+
+ # User is in "valid and invalid users" can't login to service
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$DC_USERNAME%$DC_PASSWORD //$SERVER/valid_and_invalid_users $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ echo "$out" | grep 'NT_STATUS_ACCESS_DENIED'
+ ret=$?
+
+ if [ $ret -ne 0 ] ; then
+ echo "$out"
+ echo "test_valid_users:valid_and_invalid_users 'User is in 'valid and invalid users' can't login to service' failed - $ret"
+ return 1
+ fi
+
+ # 2 Users are in "valid users"
+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -Ualice%Secret007 //$SERVER/valid_and_invalid_users $ADDARGS < $tmpfile 2>&1'
+ eval echo "$cmd"
+ out=`eval $cmd`
+ ret=$?
+ rm -f $tmpfile
+
+ if [ $ret -ne 0 ] ; then
+ echo "$out"
+ echo "test_valid_users:valid_and_invalid_users '2 Users are in 'valid users'' failed - $ret"
+ return 1
+ fi
+
+ return 0
+}
+
#
#
LOGDIR_PREFIX=test_smbclient_s3
@@ -1949,4 +2083,8 @@ testit "delete a non empty directory" \
test_del_nedir || \
failed=`expr $failed + 1`
+testit "valid users" \
+ test_valid_users || \
+ failed=`expr $failed + 1`
+
testok $0 $failed
diff --git a/source3/script/tests/test_substitutions.sh b/source3/script/tests/test_substitutions.sh
index c813a8f9def..d1525fddc4e 100755
--- a/source3/script/tests/test_substitutions.sh
+++ b/source3/script/tests/test_substitutions.sh
@@ -39,4 +39,14 @@ SMB_UNC="//$SERVER/sub_valid_users"
test_smbclient "Test login to share with substitution for valid users" \
"ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1)
+SMB_UNC="//$SERVER/sub_valid_users_domain"
+
+test_smbclient "Test login to share with substitution for valid user's domain" \
+ "ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1)
+
+SMB_UNC="//$SERVER/sub_valid_users_group"
+
+test_smbclient "Test login to share with substitution for valid user's UNIX group" \
+ "ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1)
+
exit $failed
--
Samba Shared Repository
More information about the samba-cvs
mailing list