[PATCHES] re-add and re-enable nss testsuite

Michael Adam obnox at samba.org
Mon Feb 16 02:55:05 MST 2015


Hi,

attached find a patcheset that re-adds and re-enables
our original nss testsuite. This activates some
amount of integration testing with nss-winbindd again.

This uncovered one extreme strangeness with our testenv:

If run directly, all tests pass against the s3member:local
environment, but some tests fail if one runs the
unix.whoami test against the s3member and the member
environment. A single one of these does not suffice.

I.e. the command line to break the test is this:

make test TESTS="unix.whoami.s3member unix.whoami.member local.nss.s3member"

I have tried to narrow it down, but I am running out of time.
Since the addition is useful anyways, I'd like to add it
to master now and record the test strangeness...

Review/push appreciated.

Michael
-------------- next part --------------
From 1f6d41917f4b6f49a199de9f0ebe51a2bb11cec2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
Date: Mon, 2 Feb 2015 14:50:30 +0100
Subject: [PATCH 1/3] s4-torture: re-add nss-wrapper torture testsuite.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(The testsuite got removed with 5bb410f85312196bb24e62a6a0b8350576433dc6).

Although nss_wrapper now also has an upstream testsuite, it is still important
to run the older torture testsuite within Samba so we have some testing on
nss_winbind correctnes and consistency.

Guenther

Signed-off-by: G?nther Deschner <gd at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
 source4/torture/local/local.c       |   1 +
 source4/torture/local/nss_tests.c   | 954 ++++++++++++++++++++++++++++++++++++
 source4/torture/local/wscript_build |   3 +-
 3 files changed, 957 insertions(+), 1 deletion(-)
 create mode 100644 source4/torture/local/nss_tests.c

diff --git a/source4/torture/local/local.c b/source4/torture/local/local.c
index f69c95e..77ff908 100644
--- a/source4/torture/local/local.c
+++ b/source4/torture/local/local.c
@@ -69,6 +69,7 @@
 	torture_dsdb_syntax,
 	torture_registry,
 	torture_local_verif_trailer,
+	torture_local_nss_wrapper,
 	NULL
 };
 
diff --git a/source4/torture/local/nss_tests.c b/source4/torture/local/nss_tests.c
new file mode 100644
index 0000000..0cd3265
--- /dev/null
+++ b/source4/torture/local/nss_tests.c
@@ -0,0 +1,954 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   local testing of the nss wrapper
+
+   Copyright (C) Guenther Deschner 2009-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#include "torture/torture.h"
+#include "torture/local/proto.h"
+#include "lib/replace/system/passwd.h"
+
+static bool copy_passwd(struct torture_context *tctx,
+			const struct passwd *pwd,
+			struct passwd *p)
+{
+	p->pw_name	= talloc_strdup(tctx, pwd->pw_name);
+	p->pw_passwd	= talloc_strdup(tctx, pwd->pw_passwd);
+	p->pw_uid	= pwd->pw_uid;
+	p->pw_gid	= pwd->pw_gid;
+	p->pw_gecos	= talloc_strdup(tctx, pwd->pw_gecos);
+	p->pw_dir	= talloc_strdup(tctx, pwd->pw_dir);
+	p->pw_shell	= talloc_strdup(tctx, pwd->pw_shell);
+
+	return true;
+}
+
+static void print_passwd(struct passwd *pwd)
+{
+	printf("%s:%s:%lu:%lu:%s:%s:%s\n",
+	       pwd->pw_name,
+	       pwd->pw_passwd,
+	       (unsigned long)pwd->pw_uid,
+	       (unsigned long)pwd->pw_gid,
+	       pwd->pw_gecos,
+	       pwd->pw_dir,
+	       pwd->pw_shell);
+}
+
+
+static bool test_nwrap_getpwnam(struct torture_context *tctx,
+				const char *name,
+				struct passwd *pwd_p)
+{
+	struct passwd *pwd;
+
+	torture_comment(tctx, "Testing getpwnam: %s\n", name);
+
+	pwd = getpwnam(name);
+	if (pwd) {
+		print_passwd(pwd);
+	}
+
+	if (pwd_p) {
+		copy_passwd(tctx, pwd, pwd_p);
+	}
+
+	return pwd ? true : false;
+}
+
+static bool test_nwrap_getpwnam_r(struct torture_context *tctx,
+				  const char *name,
+				  struct passwd *pwd_p)
+{
+	struct passwd pwd, *pwdp;
+	char buffer[4096];
+	int ret;
+
+	torture_comment(tctx, "Testing getpwnam_r: %s\n", name);
+
+	ret = getpwnam_r(name, &pwd, buffer, sizeof(buffer), &pwdp);
+	if (ret != 0) {
+		if (ret != ENOENT) {
+			torture_comment(tctx, "got %d return code\n", ret);
+		}
+		return false;
+	}
+
+	print_passwd(&pwd);
+
+	if (pwd_p) {
+		copy_passwd(tctx, &pwd, pwd_p);
+	}
+
+	return true;
+}
+
+static bool test_nwrap_getpwuid(struct torture_context *tctx,
+				uid_t uid,
+				struct passwd *pwd_p)
+{
+	struct passwd *pwd;
+
+	torture_comment(tctx, "Testing getpwuid: %lu\n", (unsigned long)uid);
+
+	pwd = getpwuid(uid);
+	if (pwd) {
+		print_passwd(pwd);
+	}
+
+	if (pwd_p) {
+		copy_passwd(tctx, pwd, pwd_p);
+	}
+
+	return pwd ? true : false;
+}
+
+static bool test_nwrap_getpwuid_r(struct torture_context *tctx,
+				  uid_t uid,
+				  struct passwd *pwd_p)
+{
+	struct passwd pwd, *pwdp;
+	char buffer[4096];
+	int ret;
+
+	torture_comment(tctx, "Testing getpwuid_r: %lu\n", (unsigned long)uid);
+
+	ret = getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &pwdp);
+	if (ret != 0) {
+		if (ret != ENOENT) {
+			torture_comment(tctx, "got %d return code\n", ret);
+		}
+		return false;
+	}
+
+	print_passwd(&pwd);
+
+	if (pwd_p) {
+		copy_passwd(tctx, &pwd, pwd_p);
+	}
+
+	return true;
+}
+
+
+static bool copy_group(struct torture_context *tctx,
+		       const struct group *grp,
+		       struct group *g)
+{
+	int i;
+
+	g->gr_name	= talloc_strdup(tctx, grp->gr_name);
+	g->gr_passwd	= talloc_strdup(tctx, grp->gr_passwd);
+	g->gr_gid	= grp->gr_gid;
+	g->gr_mem	= NULL;
+
+	for (i=0; grp->gr_mem && grp->gr_mem[i]; i++) {
+		g->gr_mem = talloc_realloc(tctx, g->gr_mem, char *, i + 2);
+		g->gr_mem[i] = talloc_strdup(g->gr_mem, grp->gr_mem[i]);
+		g->gr_mem[i+1] = NULL;
+	}
+
+	return true;
+}
+
+static void print_group(struct group *grp)
+{
+	int i;
+	printf("%s:%s:%lu:",
+	       grp->gr_name,
+	       grp->gr_passwd,
+	       (unsigned long)grp->gr_gid);
+
+	if ((grp->gr_mem == NULL) || !grp->gr_mem[0]) {
+		printf("\n");
+		return;
+	}
+
+	for (i=0; grp->gr_mem[i+1]; i++) {
+		printf("%s,", grp->gr_mem[i]);
+	}
+	printf("%s\n", grp->gr_mem[i]);
+}
+
+static bool test_nwrap_getgrnam(struct torture_context *tctx,
+				const char *name,
+				struct group *grp_p)
+{
+	struct group *grp;
+
+	torture_comment(tctx, "Testing getgrnam: %s\n", name);
+
+	grp = getgrnam(name);
+	if (grp) {
+		print_group(grp);
+	}
+
+	if (grp_p) {
+		copy_group(tctx, grp, grp_p);
+	}
+
+	return grp ? true : false;
+}
+
+static bool test_nwrap_getgrnam_r(struct torture_context *tctx,
+				  const char *name,
+				  struct group *grp_p)
+{
+	struct group grp, *grpp;
+	char buffer[4096];
+	int ret;
+
+	torture_comment(tctx, "Testing getgrnam_r: %s\n", name);
+
+	ret = getgrnam_r(name, &grp, buffer, sizeof(buffer), &grpp);
+	if (ret != 0) {
+		if (ret != ENOENT) {
+			torture_comment(tctx, "got %d return code\n", ret);
+		}
+		return false;
+	}
+
+	print_group(&grp);
+
+	if (grp_p) {
+		copy_group(tctx, &grp, grp_p);
+	}
+
+	return true;
+}
+
+
+static bool test_nwrap_getgrgid(struct torture_context *tctx,
+				gid_t gid,
+				struct group *grp_p)
+{
+	struct group *grp;
+
+	torture_comment(tctx, "Testing getgrgid: %lu\n", (unsigned long)gid);
+
+	grp = getgrgid(gid);
+	if (grp) {
+		print_group(grp);
+	}
+
+	if (grp_p) {
+		copy_group(tctx, grp, grp_p);
+	}
+
+	return grp ? true : false;
+}
+
+static bool test_nwrap_getgrgid_r(struct torture_context *tctx,
+				  gid_t gid,
+				  struct group *grp_p)
+{
+	struct group grp, *grpp;
+	char buffer[4096];
+	int ret;
+
+	torture_comment(tctx, "Testing getgrgid_r: %lu\n", (unsigned long)gid);
+
+	ret = getgrgid_r(gid, &grp, buffer, sizeof(buffer), &grpp);
+	if (ret != 0) {
+		if (ret != ENOENT) {
+			torture_comment(tctx, "got %d return code\n", ret);
+		}
+		return false;
+	}
+
+	print_group(&grp);
+
+	if (grp_p) {
+		copy_group(tctx, &grp, grp_p);
+	}
+
+	return true;
+}
+
+static bool test_nwrap_enum_passwd(struct torture_context *tctx,
+				   struct passwd **pwd_array_p,
+				   size_t *num_pwd_p)
+{
+	struct passwd *pwd;
+	struct passwd *pwd_array = NULL;
+	size_t num_pwd = 0;
+
+	torture_comment(tctx, "Testing setpwent\n");
+	setpwent();
+
+	while ((pwd = getpwent()) != NULL) {
+		torture_comment(tctx, "Testing getpwent\n");
+
+		print_passwd(pwd);
+		if (pwd_array_p && num_pwd_p) {
+			pwd_array = talloc_realloc(tctx, pwd_array, struct passwd, num_pwd+1);
+			torture_assert(tctx, pwd_array, "out of memory");
+			copy_passwd(tctx, pwd, &pwd_array[num_pwd]);
+			num_pwd++;
+		}
+	}
+
+	torture_comment(tctx, "Testing endpwent\n");
+	endpwent();
+
+	if (pwd_array_p) {
+		*pwd_array_p = pwd_array;
+	}
+	if (num_pwd_p) {
+		*num_pwd_p = num_pwd;
+	}
+
+	return true;
+}
+
+static bool test_nwrap_enum_r_passwd(struct torture_context *tctx,
+				     struct passwd **pwd_array_p,
+				     size_t *num_pwd_p)
+{
+	struct passwd pwd, *pwdp;
+	struct passwd *pwd_array = NULL;
+	size_t num_pwd = 0;
+	char buffer[4096];
+	int ret;
+
+	torture_comment(tctx, "Testing setpwent\n");
+	setpwent();
+
+	while (1) {
+		torture_comment(tctx, "Testing getpwent_r\n");
+
+		ret = getpwent_r(&pwd, buffer, sizeof(buffer), &pwdp);
+		if (ret != 0) {
+			if (ret != ENOENT) {
+				torture_comment(tctx, "got %d return code\n", ret);
+			}
+			break;
+		}
+		print_passwd(&pwd);
+		if (pwd_array_p && num_pwd_p) {
+			pwd_array = talloc_realloc(tctx, pwd_array, struct passwd, num_pwd+1);
+			torture_assert(tctx, pwd_array, "out of memory");
+			copy_passwd(tctx, &pwd, &pwd_array[num_pwd]);
+			num_pwd++;
+		}
+	}
+
+	torture_comment(tctx, "Testing endpwent\n");
+	endpwent();
+
+	if (pwd_array_p) {
+		*pwd_array_p = pwd_array;
+	}
+	if (num_pwd_p) {
+		*num_pwd_p = num_pwd;
+	}
+
+	return true;
+}
+
+static bool torture_assert_passwd_equal(struct torture_context *tctx,
+					const struct passwd *p1,
+					const struct passwd *p2,
+					const char *comment)
+{
+	torture_assert_str_equal(tctx, p1->pw_name, p2->pw_name, comment);
+	torture_assert_str_equal(tctx, p1->pw_passwd, p2->pw_passwd, comment);
+	torture_assert_int_equal(tctx, p1->pw_uid, p2->pw_uid, comment);
+	torture_assert_int_equal(tctx, p1->pw_gid, p2->pw_gid, comment);
+	torture_assert_str_equal(tctx, p1->pw_gecos, p2->pw_gecos, comment);
+	torture_assert_str_equal(tctx, p1->pw_dir, p2->pw_dir, comment);
+	torture_assert_str_equal(tctx, p1->pw_shell, p2->pw_shell, comment);
+
+	return true;
+}
+
+static bool test_nwrap_passwd(struct torture_context *tctx)
+{
+	int i;
+	struct passwd *pwd, pwd1, pwd2;
+	size_t num_pwd;
+
+	torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
+						    "failed to enumerate passwd");
+
+	for (i=0; i < num_pwd; i++) {
+		torture_assert(tctx, test_nwrap_getpwnam(tctx, pwd[i].pw_name, &pwd1),
+			"failed to call getpwnam for enumerated user");
+		torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
+			"getpwent and getpwnam gave different results");
+		torture_assert(tctx, test_nwrap_getpwuid(tctx, pwd[i].pw_uid, &pwd2),
+			"failed to call getpwuid for enumerated user");
+		torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
+			"getpwent and getpwuid gave different results");
+		torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
+			"getpwnam and getpwuid gave different results");
+	}
+
+	return true;
+}
+
+static bool test_nwrap_passwd_r(struct torture_context *tctx)
+{
+	int i;
+	struct passwd *pwd, pwd1, pwd2;
+	size_t num_pwd;
+
+	torture_assert(tctx, test_nwrap_enum_r_passwd(tctx, &pwd, &num_pwd),
+						      "failed to enumerate passwd");
+
+	for (i=0; i < num_pwd; i++) {
+		torture_assert(tctx, test_nwrap_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
+			"failed to call getpwnam_r for enumerated user");
+		torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
+			"getpwent_r and getpwnam_r gave different results");
+		torture_assert(tctx, test_nwrap_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
+			"failed to call getpwuid_r for enumerated user");
+		torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
+			"getpwent_r and getpwuid_r gave different results");
+		torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
+			"getpwnam_r and getpwuid_r gave different results");
+	}
+
+	return true;
+}
+
+static bool test_nwrap_passwd_r_cross(struct torture_context *tctx)
+{
+	int i;
+	struct passwd *pwd, pwd1, pwd2, pwd3, pwd4;
+	size_t num_pwd;
+
+	torture_assert(tctx, test_nwrap_enum_r_passwd(tctx, &pwd, &num_pwd),
+						      "failed to enumerate passwd");
+
+	for (i=0; i < num_pwd; i++) {
+		torture_assert(tctx, test_nwrap_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
+			"failed to call getpwnam_r for enumerated user");
+		torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
+			"getpwent_r and getpwnam_r gave different results");
+		torture_assert(tctx, test_nwrap_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
+			"failed to call getpwuid_r for enumerated user");
+		torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
+			"getpwent_r and getpwuid_r gave different results");
+		torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
+			"getpwnam_r and getpwuid_r gave different results");
+		torture_assert(tctx, test_nwrap_getpwnam(tctx, pwd[i].pw_name, &pwd3),
+			"failed to call getpwnam for enumerated user");
+		torture_assert_passwd_equal(tctx, &pwd[i], &pwd3,
+			"getpwent_r and getpwnam gave different results");
+		torture_assert(tctx, test_nwrap_getpwuid(tctx, pwd[i].pw_uid, &pwd4),
+			"failed to call getpwuid for enumerated user");
+		torture_assert_passwd_equal(tctx, &pwd[i], &pwd4,
+			"getpwent_r and getpwuid gave different results");
+		torture_assert_passwd_equal(tctx, &pwd3, &pwd4,
+			"getpwnam and getpwuid gave different results");
+	}
+
+	return true;
+}
+
+static bool test_nwrap_enum_group(struct torture_context *tctx,
+				  struct group **grp_array_p,
+				  size_t *num_grp_p)
+{
+	struct group *grp;
+	struct group *grp_array = NULL;
+	size_t num_grp = 0;
+
+	torture_comment(tctx, "Testing setgrent\n");
+	setgrent();
+
+	while ((grp = getgrent()) != NULL) {
+		torture_comment(tctx, "Testing getgrent\n");
+
+		print_group(grp);
+		if (grp_array_p && num_grp_p) {
+			grp_array = talloc_realloc(tctx, grp_array, struct group, num_grp+1);
+			torture_assert(tctx, grp_array, "out of memory");
+			copy_group(tctx, grp, &grp_array[num_grp]);
+			num_grp++;
+		}
+	}
+
+	torture_comment(tctx, "Testing endgrent\n");
+	endgrent();
+
+	if (grp_array_p) {
+		*grp_array_p = grp_array;
+	}
+	if (num_grp_p) {
+		*num_grp_p = num_grp;
+	}
+
+	return true;
+}
+
+static bool test_nwrap_enum_r_group(struct torture_context *tctx,
+				    struct group **grp_array_p,
+				    size_t *num_grp_p)
+{
+	struct group grp, *grpp;
+	struct group *grp_array = NULL;
+	size_t num_grp = 0;
+	char buffer[4096];
+	int ret;
+
+	torture_comment(tctx, "Testing setgrent\n");
+	setgrent();
+
+	while (1) {
+		torture_comment(tctx, "Testing getgrent_r\n");
+
+		ret = getgrent_r(&grp, buffer, sizeof(buffer), &grpp);
+		if (ret != 0) {
+			if (ret != ENOENT) {
+				torture_comment(tctx, "got %d return code\n", ret);
+			}
+			break;
+		}
+		print_group(&grp);
+		if (grp_array_p && num_grp_p) {
+			grp_array = talloc_realloc(tctx, grp_array, struct group, num_grp+1);
+			torture_assert(tctx, grp_array, "out of memory");
+			copy_group(tctx, &grp, &grp_array[num_grp]);
+			num_grp++;
+		}
+	}
+
+	torture_comment(tctx, "Testing endgrent\n");
+	endgrent();
+
+	if (grp_array_p) {
+		*grp_array_p = grp_array;
+	}
+	if (num_grp_p) {
+		*num_grp_p = num_grp;
+	}
+
+	return true;
+}
+
+static bool torture_assert_group_equal(struct torture_context *tctx,
+				       const struct group *g1,
+				       const struct group *g2,
+				       const char *comment)
+{
+	int i;
+	torture_assert_str_equal(tctx, g1->gr_name, g2->gr_name, comment);
+	torture_assert_str_equal(tctx, g1->gr_passwd, g2->gr_passwd, comment);
+	torture_assert_int_equal(tctx, g1->gr_gid, g2->gr_gid, comment);
+	if (g1->gr_mem && !g2->gr_mem) {
+		return false;
+	}
+	if (!g1->gr_mem && g2->gr_mem) {
+		return false;
+	}
+	if (!g1->gr_mem && !g2->gr_mem) {
+		return true;
+	}
+	for (i=0; g1->gr_mem[i] && g2->gr_mem[i]; i++) {
+		torture_assert_str_equal(tctx, g1->gr_mem[i], g2->gr_mem[i], comment);
+	}
+
+	return true;
+}
+
+static bool test_nwrap_group(struct torture_context *tctx)
+{
+	int i;
+	struct group *grp, grp1, grp2;
+	size_t num_grp;
+
+	torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
+						   "failed to enumerate group");
+
+	for (i=0; i < num_grp; i++) {
+		torture_assert(tctx, test_nwrap_getgrnam(tctx, grp[i].gr_name, &grp1),
+			"failed to call getgrnam for enumerated user");
+		torture_assert_group_equal(tctx, &grp[i], &grp1,
+			"getgrent and getgrnam gave different results");
+		torture_assert(tctx, test_nwrap_getgrgid(tctx, grp[i].gr_gid, &grp2),
+			"failed to call getgrgid for enumerated user");
+		torture_assert_group_equal(tctx, &grp[i], &grp2,
+			"getgrent and getgrgid gave different results");
+		torture_assert_group_equal(tctx, &grp1, &grp2,
+			"getgrnam and getgrgid gave different results");
+	}
+
+	return true;
+}
+
+static bool test_nwrap_group_r(struct torture_context *tctx)
+{
+	int i;
+	struct group *grp, grp1, grp2;
+	size_t num_grp;
+
+	torture_assert(tctx, test_nwrap_enum_r_group(tctx, &grp, &num_grp),
+						     "failed to enumerate group");
+
+	for (i=0; i < num_grp; i++) {
+		torture_assert(tctx, test_nwrap_getgrnam_r(tctx, grp[i].gr_name, &grp1),
+			"failed to call getgrnam_r for enumerated user");
+		torture_assert_group_equal(tctx, &grp[i], &grp1,
+			"getgrent_r and getgrnam_r gave different results");
+		torture_assert(tctx, test_nwrap_getgrgid_r(tctx, grp[i].gr_gid, &grp2),
+			"failed to call getgrgid_r for enumerated user");
+		torture_assert_group_equal(tctx, &grp[i], &grp2,
+			"getgrent_r and getgrgid_r gave different results");
+		torture_assert_group_equal(tctx, &grp1, &grp2,
+			"getgrnam_r and getgrgid_r gave different results");
+	}
+
+	return true;
+}
+
+static bool test_nwrap_group_r_cross(struct torture_context *tctx)
+{
+	int i;
+	struct group *grp, grp1, grp2, grp3, grp4;
+	size_t num_grp;
+
+	torture_assert(tctx, test_nwrap_enum_r_group(tctx, &grp, &num_grp),
+						     "failed to enumerate group");
+
+	for (i=0; i < num_grp; i++) {
+		torture_assert(tctx, test_nwrap_getgrnam_r(tctx, grp[i].gr_name, &grp1),
+			"failed to call getgrnam_r for enumerated user");
+		torture_assert_group_equal(tctx, &grp[i], &grp1,
+			"getgrent_r and getgrnam_r gave different results");
+		torture_assert(tctx, test_nwrap_getgrgid_r(tctx, grp[i].gr_gid, &grp2),
+			"failed to call getgrgid_r for enumerated user");
+		torture_assert_group_equal(tctx, &grp[i], &grp2,
+			"getgrent_r and getgrgid_r gave different results");
+		torture_assert_group_equal(tctx, &grp1, &grp2,
+			"getgrnam_r and getgrgid_r gave different results");
+		torture_assert(tctx, test_nwrap_getgrnam(tctx, grp[i].gr_name, &grp3),
+			"failed to call getgrnam for enumerated user");
+		torture_assert_group_equal(tctx, &grp[i], &grp3,
+			"getgrent_r and getgrnam gave different results");
+		torture_assert(tctx, test_nwrap_getgrgid(tctx, grp[i].gr_gid, &grp4),
+			"failed to call getgrgid for enumerated user");
+		torture_assert_group_equal(tctx, &grp[i], &grp4,
+			"getgrent_r and getgrgid gave different results");
+		torture_assert_group_equal(tctx, &grp3, &grp4,
+			"getgrnam and getgrgid gave different results");
+	}
+
+	return true;
+}
+
+static bool test_nwrap_getgrouplist(struct torture_context *tctx,
+				    const char *user,
+				    gid_t gid,
+				    gid_t **gids_p,
+				    int *num_gids_p)
+{
+	int ret;
+	int num_groups = 0;
+	gid_t *groups = NULL;
+
+	torture_comment(tctx, "Testing getgrouplist: %s\n", user);
+
+	ret = getgrouplist(user, gid, NULL, &num_groups);
+	if (ret == -1 || num_groups != 0) {
+
+		groups = talloc_array(tctx, gid_t, num_groups);
+		torture_assert(tctx, groups, "out of memory\n");
+
+		ret = getgrouplist(user, gid, groups, &num_groups);
+	}
+
+	torture_assert(tctx, (ret != -1), "failed to call getgrouplist");
+
+	torture_comment(tctx, "%s is member in %d groups\n", user, num_groups);
+
+	if (gids_p) {
+		*gids_p = groups;
+	}
+	if (num_gids_p) {
+		*num_gids_p = num_groups;
+	}
+
+	return true;
+}
+
+static bool test_nwrap_user_in_group(struct torture_context *tctx,
+				     const struct passwd *pwd,
+				     const struct group *grp)
+{
+	int i;
+
+	for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
+		if (strequal(grp->gr_mem[i], pwd->pw_name)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+static bool test_nwrap_membership_user(struct torture_context *tctx,
+				       const struct passwd *pwd,
+				       struct group *grp_array,
+				       size_t num_grp)
+{
+	int num_user_groups = 0;
+	int num_user_groups_from_enum = 0;
+	gid_t *user_groups = NULL;
+	int g, i;
+	bool primary_group_had_user_member = false;
+
+	torture_assert(tctx, test_nwrap_getgrouplist(tctx,
+						     pwd->pw_name,
+						     pwd->pw_gid,
+						     &user_groups,
+						     &num_user_groups),
+						     "failed to test getgrouplist");
+
+	for (g=0; g < num_user_groups; g++) {
+		torture_assert(tctx, test_nwrap_getgrgid(tctx, user_groups[g], NULL),
+			"failed to find the group the user is a member of");
+	}
+
+
+	for (i=0; i < num_grp; i++) {
+
+		struct group grp = grp_array[i];
+
+		if (test_nwrap_user_in_group(tctx, pwd, &grp)) {
+
+			struct group current_grp;
+			num_user_groups_from_enum++;
+
+			torture_assert(tctx, test_nwrap_getgrnam(tctx, grp.gr_name, &current_grp),
+					"failed to find the group the user is a member of");
+
+			if (current_grp.gr_gid == pwd->pw_gid) {
+				torture_comment(tctx, "primary group %s of user %s lists user as member\n",
+						current_grp.gr_name,
+						pwd->pw_name);
+				primary_group_had_user_member = true;
+			}
+
+			continue;
+		}
+	}
+
+	if (!primary_group_had_user_member) {
+		num_user_groups_from_enum++;
+	}
+
+	torture_assert_int_equal(tctx, num_user_groups, num_user_groups_from_enum,
+		"getgrouplist and real inspection of grouplist gave different results\n");
+
+	return true;
+}
+
+static bool test_nwrap_membership(struct torture_context *tctx)
+{
+	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
+	const char *old_group = getenv("NSS_WRAPPER_GROUP");
+	struct passwd *pwd;
+	size_t num_pwd;
+	struct group *grp;
+	size_t num_grp;
+	int i;
+
+	if (!old_pwd || !old_group) {
+		torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
+		torture_skip(tctx, "nothing to test\n");
+	}
+
+	torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
+						    "failed to enumerate passwd");
+	torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
+						    "failed to enumerate group");
+
+	for (i=0; i < num_pwd; i++) {
+
+		torture_assert(tctx, test_nwrap_membership_user(tctx, &pwd[i], grp, num_grp),
+			"failed to test membership for user");
+
+	}
+
+	return true;
+}
+
+static bool test_nwrap_enumeration(struct torture_context *tctx)
+{
+	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
+	const char *old_group = getenv("NSS_WRAPPER_GROUP");
+
+	if (!old_pwd || !old_group) {
+		torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
+		torture_skip(tctx, "nothing to test\n");
+	}
+
+	torture_assert(tctx, test_nwrap_passwd(tctx),
+			"failed to test users");
+	torture_assert(tctx, test_nwrap_group(tctx),
+			"failed to test groups");
+
+	return true;
+}
+
+static bool test_nwrap_reentrant_enumeration(struct torture_context *tctx)
+{
+	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
+	const char *old_group = getenv("NSS_WRAPPER_GROUP");
+
+	if (!old_pwd || !old_group) {
+		torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
+		torture_skip(tctx, "nothing to test\n");
+	}
+
+	torture_comment(tctx, "Testing re-entrant calls\n");
+
+	torture_assert(tctx, test_nwrap_passwd_r(tctx),
+			"failed to test users");
+	torture_assert(tctx, test_nwrap_group_r(tctx),
+			"failed to test groups");
+
+	return true;
+}
+
+static bool test_nwrap_reentrant_enumeration_crosschecks(struct torture_context *tctx)
+{
+	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
+	const char *old_group = getenv("NSS_WRAPPER_GROUP");
+
+	if (!old_pwd || !old_group) {
+		torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
+		torture_skip(tctx, "nothing to test\n");
+	}
+
+	torture_comment(tctx, "Testing re-entrant calls with cross checks\n");
+
+	torture_assert(tctx, test_nwrap_passwd_r_cross(tctx),
+			"failed to test users");
+	torture_assert(tctx, test_nwrap_group_r_cross(tctx),
+			"failed to test groups");
+
+	return true;
+}
+
+static bool test_nwrap_passwd_duplicates(struct torture_context *tctx)
+{
+	int i, d;
+	struct passwd *pwd;
+	size_t num_pwd;
+	int duplicates = 0;
+
+	torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
+	    "failed to enumerate passwd");
+
+	for (i=0; i < num_pwd; i++) {
+		const char *current_name = pwd[i].pw_name;
+		for (d=0; d < num_pwd; d++) {
+			const char *dup_name = pwd[d].pw_name;
+			if (d == i) {
+				continue;
+			}
+			if (!strequal(current_name, dup_name)) {
+				continue;
+			}
+
+			torture_warning(tctx, "found duplicate names:");
+			print_passwd(&pwd[d]);
+			print_passwd(&pwd[i]);
+			duplicates++;
+		}
+	}
+
+	if (duplicates) {
+		torture_fail(tctx, talloc_asprintf(tctx, "found %d duplicate names", duplicates));
+	}
+
+	return true;
+}
+
+static bool test_nwrap_group_duplicates(struct torture_context *tctx)
+{
+	int i, d;
+	struct group *grp;
+	size_t num_grp;
+	int duplicates = 0;
+
+	torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
+		"failed to enumerate group");
+
+	for (i=0; i < num_grp; i++) {
+		const char *current_name = grp[i].gr_name;
+		for (d=0; d < num_grp; d++) {
+			const char *dup_name = grp[d].gr_name;
+			if (d == i) {
+				continue;
+			}
+			if (!strequal(current_name, dup_name)) {
+				continue;
+			}
+
+			torture_warning(tctx, "found duplicate names:");
+			print_group(&grp[d]);
+			print_group(&grp[i]);
+			duplicates++;
+		}
+	}
+
+	if (duplicates) {
+		torture_fail(tctx, talloc_asprintf(tctx, "found %d duplicate names", duplicates));
+	}
+
+	return true;
+}
+
+
+static bool test_nwrap_duplicates(struct torture_context *tctx)
+{
+	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
+	const char *old_group = getenv("NSS_WRAPPER_GROUP");
+
+	if (!old_pwd || !old_group) {
+		torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
+		torture_skip(tctx, "nothing to test\n");
+	}
+
+	torture_assert(tctx, test_nwrap_passwd_duplicates(tctx),
+			"failed to test users");
+	torture_assert(tctx, test_nwrap_group_duplicates(tctx),
+			"failed to test groups");
+
+	return true;
+}
+
+
+struct torture_suite *torture_local_nss_wrapper(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "nss-wrapper");
+
+	torture_suite_add_simple_test(suite, "enumeration", test_nwrap_enumeration);
+	torture_suite_add_simple_test(suite, "reentrant enumeration", test_nwrap_reentrant_enumeration);
+	torture_suite_add_simple_test(suite, "reentrant enumeration crosschecks", test_nwrap_reentrant_enumeration_crosschecks);
+	torture_suite_add_simple_test(suite, "membership", test_nwrap_membership);
+	torture_suite_add_simple_test(suite, "duplicates", test_nwrap_duplicates);
+
+	return suite;
+}
diff --git a/source4/torture/local/wscript_build b/source4/torture/local/wscript_build
index eb0b99b..41775fe 100644
--- a/source4/torture/local/wscript_build
+++ b/source4/torture/local/wscript_build
@@ -17,7 +17,8 @@ TORTURE_LOCAL_SOURCE = '''../../../lib/util/charset/tests/iconv.c
 	dbspeed.c torture.c ../ldb/ldb.c ../../dsdb/common/tests/dsdb_dn.c
 	../../dsdb/schema/tests/schema_syntax.c
 	../../../lib/util/tests/anonymous_shared.c
-	verif_trailer.c'''
+	verif_trailer.c
+	nss_tests.c'''
 
 TORTURE_LOCAL_DEPS = 'RPC_NDR_ECHO TDR LIBCLI_SMB MESSAGING iconv POPT_CREDENTIALS TORTURE_AUTH TORTURE_UTIL TORTURE_NDR TORTURE_LIBCRYPTO share torture_registry PROVISION ldb samdb replace-test'
 
-- 
2.1.0


From 68066eaec58b3e9f8cee374e8ef8d8dfa2a418d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
Date: Sat, 7 Feb 2015 14:10:01 +0100
Subject: [PATCH 2/3] s4-torture: cleanup nsswrapper test a little by removing
 nwrap references.

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
---
 source4/torture/local/local.c     |   2 +-
 source4/torture/local/nss_tests.c | 240 +++++++++++++++++++-------------------
 2 files changed, 121 insertions(+), 121 deletions(-)

diff --git a/source4/torture/local/local.c b/source4/torture/local/local.c
index 77ff908..45cc712 100644
--- a/source4/torture/local/local.c
+++ b/source4/torture/local/local.c
@@ -69,7 +69,7 @@
 	torture_dsdb_syntax,
 	torture_registry,
 	torture_local_verif_trailer,
-	torture_local_nss_wrapper,
+	torture_local_nss,
 	NULL
 };
 
diff --git a/source4/torture/local/nss_tests.c b/source4/torture/local/nss_tests.c
index 0cd3265..a6baf21 100644
--- a/source4/torture/local/nss_tests.c
+++ b/source4/torture/local/nss_tests.c
@@ -53,9 +53,9 @@ static void print_passwd(struct passwd *pwd)
 }
 
 
-static bool test_nwrap_getpwnam(struct torture_context *tctx,
-				const char *name,
-				struct passwd *pwd_p)
+static bool test_getpwnam(struct torture_context *tctx,
+			  const char *name,
+			  struct passwd *pwd_p)
 {
 	struct passwd *pwd;
 
@@ -73,9 +73,9 @@ static bool test_nwrap_getpwnam(struct torture_context *tctx,
 	return pwd ? true : false;
 }
 
-static bool test_nwrap_getpwnam_r(struct torture_context *tctx,
-				  const char *name,
-				  struct passwd *pwd_p)
+static bool test_getpwnam_r(struct torture_context *tctx,
+			    const char *name,
+			    struct passwd *pwd_p)
 {
 	struct passwd pwd, *pwdp;
 	char buffer[4096];
@@ -100,9 +100,9 @@ static bool test_nwrap_getpwnam_r(struct torture_context *tctx,
 	return true;
 }
 
-static bool test_nwrap_getpwuid(struct torture_context *tctx,
-				uid_t uid,
-				struct passwd *pwd_p)
+static bool test_getpwuid(struct torture_context *tctx,
+			  uid_t uid,
+			  struct passwd *pwd_p)
 {
 	struct passwd *pwd;
 
@@ -120,9 +120,9 @@ static bool test_nwrap_getpwuid(struct torture_context *tctx,
 	return pwd ? true : false;
 }
 
-static bool test_nwrap_getpwuid_r(struct torture_context *tctx,
-				  uid_t uid,
-				  struct passwd *pwd_p)
+static bool test_getpwuid_r(struct torture_context *tctx,
+			    uid_t uid,
+			    struct passwd *pwd_p)
 {
 	struct passwd pwd, *pwdp;
 	char buffer[4096];
@@ -187,9 +187,9 @@ static void print_group(struct group *grp)
 	printf("%s\n", grp->gr_mem[i]);
 }
 
-static bool test_nwrap_getgrnam(struct torture_context *tctx,
-				const char *name,
-				struct group *grp_p)
+static bool test_getgrnam(struct torture_context *tctx,
+			  const char *name,
+			  struct group *grp_p)
 {
 	struct group *grp;
 
@@ -207,9 +207,9 @@ static bool test_nwrap_getgrnam(struct torture_context *tctx,
 	return grp ? true : false;
 }
 
-static bool test_nwrap_getgrnam_r(struct torture_context *tctx,
-				  const char *name,
-				  struct group *grp_p)
+static bool test_getgrnam_r(struct torture_context *tctx,
+			    const char *name,
+			    struct group *grp_p)
 {
 	struct group grp, *grpp;
 	char buffer[4096];
@@ -235,9 +235,9 @@ static bool test_nwrap_getgrnam_r(struct torture_context *tctx,
 }
 
 
-static bool test_nwrap_getgrgid(struct torture_context *tctx,
-				gid_t gid,
-				struct group *grp_p)
+static bool test_getgrgid(struct torture_context *tctx,
+			  gid_t gid,
+			  struct group *grp_p)
 {
 	struct group *grp;
 
@@ -255,9 +255,9 @@ static bool test_nwrap_getgrgid(struct torture_context *tctx,
 	return grp ? true : false;
 }
 
-static bool test_nwrap_getgrgid_r(struct torture_context *tctx,
-				  gid_t gid,
-				  struct group *grp_p)
+static bool test_getgrgid_r(struct torture_context *tctx,
+			    gid_t gid,
+			    struct group *grp_p)
 {
 	struct group grp, *grpp;
 	char buffer[4096];
@@ -282,9 +282,9 @@ static bool test_nwrap_getgrgid_r(struct torture_context *tctx,
 	return true;
 }
 
-static bool test_nwrap_enum_passwd(struct torture_context *tctx,
-				   struct passwd **pwd_array_p,
-				   size_t *num_pwd_p)
+static bool test_enum_passwd(struct torture_context *tctx,
+			     struct passwd **pwd_array_p,
+			     size_t *num_pwd_p)
 {
 	struct passwd *pwd;
 	struct passwd *pwd_array = NULL;
@@ -318,9 +318,9 @@ static bool test_nwrap_enum_passwd(struct torture_context *tctx,
 	return true;
 }
 
-static bool test_nwrap_enum_r_passwd(struct torture_context *tctx,
-				     struct passwd **pwd_array_p,
-				     size_t *num_pwd_p)
+static bool test_enum_r_passwd(struct torture_context *tctx,
+			       struct passwd **pwd_array_p,
+			       size_t *num_pwd_p)
 {
 	struct passwd pwd, *pwdp;
 	struct passwd *pwd_array = NULL;
@@ -379,21 +379,21 @@ static bool torture_assert_passwd_equal(struct torture_context *tctx,
 	return true;
 }
 
-static bool test_nwrap_passwd(struct torture_context *tctx)
+static bool test_passwd(struct torture_context *tctx)
 {
 	int i;
 	struct passwd *pwd, pwd1, pwd2;
 	size_t num_pwd;
 
-	torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
-						    "failed to enumerate passwd");
+	torture_assert(tctx, test_enum_passwd(tctx, &pwd, &num_pwd),
+					      "failed to enumerate passwd");
 
 	for (i=0; i < num_pwd; i++) {
-		torture_assert(tctx, test_nwrap_getpwnam(tctx, pwd[i].pw_name, &pwd1),
+		torture_assert(tctx, test_getpwnam(tctx, pwd[i].pw_name, &pwd1),
 			"failed to call getpwnam for enumerated user");
 		torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
 			"getpwent and getpwnam gave different results");
-		torture_assert(tctx, test_nwrap_getpwuid(tctx, pwd[i].pw_uid, &pwd2),
+		torture_assert(tctx, test_getpwuid(tctx, pwd[i].pw_uid, &pwd2),
 			"failed to call getpwuid for enumerated user");
 		torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
 			"getpwent and getpwuid gave different results");
@@ -404,21 +404,21 @@ static bool test_nwrap_passwd(struct torture_context *tctx)
 	return true;
 }
 
-static bool test_nwrap_passwd_r(struct torture_context *tctx)
+static bool test_passwd_r(struct torture_context *tctx)
 {
 	int i;
 	struct passwd *pwd, pwd1, pwd2;
 	size_t num_pwd;
 
-	torture_assert(tctx, test_nwrap_enum_r_passwd(tctx, &pwd, &num_pwd),
-						      "failed to enumerate passwd");
+	torture_assert(tctx, test_enum_r_passwd(tctx, &pwd, &num_pwd),
+						"failed to enumerate passwd");
 
 	for (i=0; i < num_pwd; i++) {
-		torture_assert(tctx, test_nwrap_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
+		torture_assert(tctx, test_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
 			"failed to call getpwnam_r for enumerated user");
 		torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
 			"getpwent_r and getpwnam_r gave different results");
-		torture_assert(tctx, test_nwrap_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
+		torture_assert(tctx, test_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
 			"failed to call getpwuid_r for enumerated user");
 		torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
 			"getpwent_r and getpwuid_r gave different results");
@@ -429,31 +429,31 @@ static bool test_nwrap_passwd_r(struct torture_context *tctx)
 	return true;
 }
 
-static bool test_nwrap_passwd_r_cross(struct torture_context *tctx)
+static bool test_passwd_r_cross(struct torture_context *tctx)
 {
 	int i;
 	struct passwd *pwd, pwd1, pwd2, pwd3, pwd4;
 	size_t num_pwd;
 
-	torture_assert(tctx, test_nwrap_enum_r_passwd(tctx, &pwd, &num_pwd),
-						      "failed to enumerate passwd");
+	torture_assert(tctx, test_enum_r_passwd(tctx, &pwd, &num_pwd),
+						"failed to enumerate passwd");
 
 	for (i=0; i < num_pwd; i++) {
-		torture_assert(tctx, test_nwrap_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
+		torture_assert(tctx, test_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
 			"failed to call getpwnam_r for enumerated user");
 		torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
 			"getpwent_r and getpwnam_r gave different results");
-		torture_assert(tctx, test_nwrap_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
+		torture_assert(tctx, test_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
 			"failed to call getpwuid_r for enumerated user");
 		torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
 			"getpwent_r and getpwuid_r gave different results");
 		torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
 			"getpwnam_r and getpwuid_r gave different results");
-		torture_assert(tctx, test_nwrap_getpwnam(tctx, pwd[i].pw_name, &pwd3),
+		torture_assert(tctx, test_getpwnam(tctx, pwd[i].pw_name, &pwd3),
 			"failed to call getpwnam for enumerated user");
 		torture_assert_passwd_equal(tctx, &pwd[i], &pwd3,
 			"getpwent_r and getpwnam gave different results");
-		torture_assert(tctx, test_nwrap_getpwuid(tctx, pwd[i].pw_uid, &pwd4),
+		torture_assert(tctx, test_getpwuid(tctx, pwd[i].pw_uid, &pwd4),
 			"failed to call getpwuid for enumerated user");
 		torture_assert_passwd_equal(tctx, &pwd[i], &pwd4,
 			"getpwent_r and getpwuid gave different results");
@@ -464,9 +464,9 @@ static bool test_nwrap_passwd_r_cross(struct torture_context *tctx)
 	return true;
 }
 
-static bool test_nwrap_enum_group(struct torture_context *tctx,
-				  struct group **grp_array_p,
-				  size_t *num_grp_p)
+static bool test_enum_group(struct torture_context *tctx,
+			    struct group **grp_array_p,
+			    size_t *num_grp_p)
 {
 	struct group *grp;
 	struct group *grp_array = NULL;
@@ -500,9 +500,9 @@ static bool test_nwrap_enum_group(struct torture_context *tctx,
 	return true;
 }
 
-static bool test_nwrap_enum_r_group(struct torture_context *tctx,
-				    struct group **grp_array_p,
-				    size_t *num_grp_p)
+static bool test_enum_r_group(struct torture_context *tctx,
+			      struct group **grp_array_p,
+			      size_t *num_grp_p)
 {
 	struct group grp, *grpp;
 	struct group *grp_array = NULL;
@@ -570,21 +570,21 @@ static bool torture_assert_group_equal(struct torture_context *tctx,
 	return true;
 }
 
-static bool test_nwrap_group(struct torture_context *tctx)
+static bool test_group(struct torture_context *tctx)
 {
 	int i;
 	struct group *grp, grp1, grp2;
 	size_t num_grp;
 
-	torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
-						   "failed to enumerate group");
+	torture_assert(tctx, test_enum_group(tctx, &grp, &num_grp),
+					     "failed to enumerate group");
 
 	for (i=0; i < num_grp; i++) {
-		torture_assert(tctx, test_nwrap_getgrnam(tctx, grp[i].gr_name, &grp1),
+		torture_assert(tctx, test_getgrnam(tctx, grp[i].gr_name, &grp1),
 			"failed to call getgrnam for enumerated user");
 		torture_assert_group_equal(tctx, &grp[i], &grp1,
 			"getgrent and getgrnam gave different results");
-		torture_assert(tctx, test_nwrap_getgrgid(tctx, grp[i].gr_gid, &grp2),
+		torture_assert(tctx, test_getgrgid(tctx, grp[i].gr_gid, &grp2),
 			"failed to call getgrgid for enumerated user");
 		torture_assert_group_equal(tctx, &grp[i], &grp2,
 			"getgrent and getgrgid gave different results");
@@ -595,21 +595,21 @@ static bool test_nwrap_group(struct torture_context *tctx)
 	return true;
 }
 
-static bool test_nwrap_group_r(struct torture_context *tctx)
+static bool test_group_r(struct torture_context *tctx)
 {
 	int i;
 	struct group *grp, grp1, grp2;
 	size_t num_grp;
 
-	torture_assert(tctx, test_nwrap_enum_r_group(tctx, &grp, &num_grp),
-						     "failed to enumerate group");
+	torture_assert(tctx, test_enum_r_group(tctx, &grp, &num_grp),
+					       "failed to enumerate group");
 
 	for (i=0; i < num_grp; i++) {
-		torture_assert(tctx, test_nwrap_getgrnam_r(tctx, grp[i].gr_name, &grp1),
+		torture_assert(tctx, test_getgrnam_r(tctx, grp[i].gr_name, &grp1),
 			"failed to call getgrnam_r for enumerated user");
 		torture_assert_group_equal(tctx, &grp[i], &grp1,
 			"getgrent_r and getgrnam_r gave different results");
-		torture_assert(tctx, test_nwrap_getgrgid_r(tctx, grp[i].gr_gid, &grp2),
+		torture_assert(tctx, test_getgrgid_r(tctx, grp[i].gr_gid, &grp2),
 			"failed to call getgrgid_r for enumerated user");
 		torture_assert_group_equal(tctx, &grp[i], &grp2,
 			"getgrent_r and getgrgid_r gave different results");
@@ -620,31 +620,31 @@ static bool test_nwrap_group_r(struct torture_context *tctx)
 	return true;
 }
 
-static bool test_nwrap_group_r_cross(struct torture_context *tctx)
+static bool test_group_r_cross(struct torture_context *tctx)
 {
 	int i;
 	struct group *grp, grp1, grp2, grp3, grp4;
 	size_t num_grp;
 
-	torture_assert(tctx, test_nwrap_enum_r_group(tctx, &grp, &num_grp),
-						     "failed to enumerate group");
+	torture_assert(tctx, test_enum_r_group(tctx, &grp, &num_grp),
+					       "failed to enumerate group");
 
 	for (i=0; i < num_grp; i++) {
-		torture_assert(tctx, test_nwrap_getgrnam_r(tctx, grp[i].gr_name, &grp1),
+		torture_assert(tctx, test_getgrnam_r(tctx, grp[i].gr_name, &grp1),
 			"failed to call getgrnam_r for enumerated user");
 		torture_assert_group_equal(tctx, &grp[i], &grp1,
 			"getgrent_r and getgrnam_r gave different results");
-		torture_assert(tctx, test_nwrap_getgrgid_r(tctx, grp[i].gr_gid, &grp2),
+		torture_assert(tctx, test_getgrgid_r(tctx, grp[i].gr_gid, &grp2),
 			"failed to call getgrgid_r for enumerated user");
 		torture_assert_group_equal(tctx, &grp[i], &grp2,
 			"getgrent_r and getgrgid_r gave different results");
 		torture_assert_group_equal(tctx, &grp1, &grp2,
 			"getgrnam_r and getgrgid_r gave different results");
-		torture_assert(tctx, test_nwrap_getgrnam(tctx, grp[i].gr_name, &grp3),
+		torture_assert(tctx, test_getgrnam(tctx, grp[i].gr_name, &grp3),
 			"failed to call getgrnam for enumerated user");
 		torture_assert_group_equal(tctx, &grp[i], &grp3,
 			"getgrent_r and getgrnam gave different results");
-		torture_assert(tctx, test_nwrap_getgrgid(tctx, grp[i].gr_gid, &grp4),
+		torture_assert(tctx, test_getgrgid(tctx, grp[i].gr_gid, &grp4),
 			"failed to call getgrgid for enumerated user");
 		torture_assert_group_equal(tctx, &grp[i], &grp4,
 			"getgrent_r and getgrgid gave different results");
@@ -655,11 +655,11 @@ static bool test_nwrap_group_r_cross(struct torture_context *tctx)
 	return true;
 }
 
-static bool test_nwrap_getgrouplist(struct torture_context *tctx,
-				    const char *user,
-				    gid_t gid,
-				    gid_t **gids_p,
-				    int *num_gids_p)
+static bool test_getgrouplist(struct torture_context *tctx,
+			      const char *user,
+			      gid_t gid,
+			      gid_t **gids_p,
+			      int *num_gids_p)
 {
 	int ret;
 	int num_groups = 0;
@@ -690,9 +690,9 @@ static bool test_nwrap_getgrouplist(struct torture_context *tctx,
 	return true;
 }
 
-static bool test_nwrap_user_in_group(struct torture_context *tctx,
-				     const struct passwd *pwd,
-				     const struct group *grp)
+static bool test_user_in_group(struct torture_context *tctx,
+			       const struct passwd *pwd,
+			       const struct group *grp)
 {
 	int i;
 
@@ -705,10 +705,10 @@ static bool test_nwrap_user_in_group(struct torture_context *tctx,
 	return false;
 }
 
-static bool test_nwrap_membership_user(struct torture_context *tctx,
-				       const struct passwd *pwd,
-				       struct group *grp_array,
-				       size_t num_grp)
+static bool test_membership_user(struct torture_context *tctx,
+				 const struct passwd *pwd,
+				 struct group *grp_array,
+				 size_t num_grp)
 {
 	int num_user_groups = 0;
 	int num_user_groups_from_enum = 0;
@@ -716,15 +716,15 @@ static bool test_nwrap_membership_user(struct torture_context *tctx,
 	int g, i;
 	bool primary_group_had_user_member = false;
 
-	torture_assert(tctx, test_nwrap_getgrouplist(tctx,
-						     pwd->pw_name,
-						     pwd->pw_gid,
-						     &user_groups,
-						     &num_user_groups),
-						     "failed to test getgrouplist");
+	torture_assert(tctx, test_getgrouplist(tctx,
+					       pwd->pw_name,
+					       pwd->pw_gid,
+					       &user_groups,
+					       &num_user_groups),
+					       "failed to test getgrouplist");
 
 	for (g=0; g < num_user_groups; g++) {
-		torture_assert(tctx, test_nwrap_getgrgid(tctx, user_groups[g], NULL),
+		torture_assert(tctx, test_getgrgid(tctx, user_groups[g], NULL),
 			"failed to find the group the user is a member of");
 	}
 
@@ -733,12 +733,12 @@ static bool test_nwrap_membership_user(struct torture_context *tctx,
 
 		struct group grp = grp_array[i];
 
-		if (test_nwrap_user_in_group(tctx, pwd, &grp)) {
+		if (test_user_in_group(tctx, pwd, &grp)) {
 
 			struct group current_grp;
 			num_user_groups_from_enum++;
 
-			torture_assert(tctx, test_nwrap_getgrnam(tctx, grp.gr_name, &current_grp),
+			torture_assert(tctx, test_getgrnam(tctx, grp.gr_name, &current_grp),
 					"failed to find the group the user is a member of");
 
 			if (current_grp.gr_gid == pwd->pw_gid) {
@@ -762,7 +762,7 @@ static bool test_nwrap_membership_user(struct torture_context *tctx,
 	return true;
 }
 
-static bool test_nwrap_membership(struct torture_context *tctx)
+static bool test_membership(struct torture_context *tctx)
 {
 	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
 	const char *old_group = getenv("NSS_WRAPPER_GROUP");
@@ -777,14 +777,14 @@ static bool test_nwrap_membership(struct torture_context *tctx)
 		torture_skip(tctx, "nothing to test\n");
 	}
 
-	torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
-						    "failed to enumerate passwd");
-	torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
-						    "failed to enumerate group");
+	torture_assert(tctx, test_enum_passwd(tctx, &pwd, &num_pwd),
+					      "failed to enumerate passwd");
+	torture_assert(tctx, test_enum_group(tctx, &grp, &num_grp),
+					     "failed to enumerate group");
 
 	for (i=0; i < num_pwd; i++) {
 
-		torture_assert(tctx, test_nwrap_membership_user(tctx, &pwd[i], grp, num_grp),
+		torture_assert(tctx, test_membership_user(tctx, &pwd[i], grp, num_grp),
 			"failed to test membership for user");
 
 	}
@@ -792,7 +792,7 @@ static bool test_nwrap_membership(struct torture_context *tctx)
 	return true;
 }
 
-static bool test_nwrap_enumeration(struct torture_context *tctx)
+static bool test_enumeration(struct torture_context *tctx)
 {
 	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
 	const char *old_group = getenv("NSS_WRAPPER_GROUP");
@@ -802,15 +802,15 @@ static bool test_nwrap_enumeration(struct torture_context *tctx)
 		torture_skip(tctx, "nothing to test\n");
 	}
 
-	torture_assert(tctx, test_nwrap_passwd(tctx),
+	torture_assert(tctx, test_passwd(tctx),
 			"failed to test users");
-	torture_assert(tctx, test_nwrap_group(tctx),
+	torture_assert(tctx, test_group(tctx),
 			"failed to test groups");
 
 	return true;
 }
 
-static bool test_nwrap_reentrant_enumeration(struct torture_context *tctx)
+static bool test_reentrant_enumeration(struct torture_context *tctx)
 {
 	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
 	const char *old_group = getenv("NSS_WRAPPER_GROUP");
@@ -822,15 +822,15 @@ static bool test_nwrap_reentrant_enumeration(struct torture_context *tctx)
 
 	torture_comment(tctx, "Testing re-entrant calls\n");
 
-	torture_assert(tctx, test_nwrap_passwd_r(tctx),
+	torture_assert(tctx, test_passwd_r(tctx),
 			"failed to test users");
-	torture_assert(tctx, test_nwrap_group_r(tctx),
+	torture_assert(tctx, test_group_r(tctx),
 			"failed to test groups");
 
 	return true;
 }
 
-static bool test_nwrap_reentrant_enumeration_crosschecks(struct torture_context *tctx)
+static bool test_reentrant_enumeration_crosschecks(struct torture_context *tctx)
 {
 	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
 	const char *old_group = getenv("NSS_WRAPPER_GROUP");
@@ -842,22 +842,22 @@ static bool test_nwrap_reentrant_enumeration_crosschecks(struct torture_context
 
 	torture_comment(tctx, "Testing re-entrant calls with cross checks\n");
 
-	torture_assert(tctx, test_nwrap_passwd_r_cross(tctx),
+	torture_assert(tctx, test_passwd_r_cross(tctx),
 			"failed to test users");
-	torture_assert(tctx, test_nwrap_group_r_cross(tctx),
+	torture_assert(tctx, test_group_r_cross(tctx),
 			"failed to test groups");
 
 	return true;
 }
 
-static bool test_nwrap_passwd_duplicates(struct torture_context *tctx)
+static bool test_passwd_duplicates(struct torture_context *tctx)
 {
 	int i, d;
 	struct passwd *pwd;
 	size_t num_pwd;
 	int duplicates = 0;
 
-	torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
+	torture_assert(tctx, test_enum_passwd(tctx, &pwd, &num_pwd),
 	    "failed to enumerate passwd");
 
 	for (i=0; i < num_pwd; i++) {
@@ -885,14 +885,14 @@ static bool test_nwrap_passwd_duplicates(struct torture_context *tctx)
 	return true;
 }
 
-static bool test_nwrap_group_duplicates(struct torture_context *tctx)
+static bool test_group_duplicates(struct torture_context *tctx)
 {
 	int i, d;
 	struct group *grp;
 	size_t num_grp;
 	int duplicates = 0;
 
-	torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
+	torture_assert(tctx, test_enum_group(tctx, &grp, &num_grp),
 		"failed to enumerate group");
 
 	for (i=0; i < num_grp; i++) {
@@ -921,7 +921,7 @@ static bool test_nwrap_group_duplicates(struct torture_context *tctx)
 }
 
 
-static bool test_nwrap_duplicates(struct torture_context *tctx)
+static bool test_duplicates(struct torture_context *tctx)
 {
 	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
 	const char *old_group = getenv("NSS_WRAPPER_GROUP");
@@ -931,24 +931,24 @@ static bool test_nwrap_duplicates(struct torture_context *tctx)
 		torture_skip(tctx, "nothing to test\n");
 	}
 
-	torture_assert(tctx, test_nwrap_passwd_duplicates(tctx),
+	torture_assert(tctx, test_passwd_duplicates(tctx),
 			"failed to test users");
-	torture_assert(tctx, test_nwrap_group_duplicates(tctx),
+	torture_assert(tctx, test_group_duplicates(tctx),
 			"failed to test groups");
 
 	return true;
 }
 
 
-struct torture_suite *torture_local_nss_wrapper(TALLOC_CTX *mem_ctx)
+struct torture_suite *torture_local_nss(TALLOC_CTX *mem_ctx)
 {
-	struct torture_suite *suite = torture_suite_create(mem_ctx, "nss-wrapper");
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "nss");
 
-	torture_suite_add_simple_test(suite, "enumeration", test_nwrap_enumeration);
-	torture_suite_add_simple_test(suite, "reentrant enumeration", test_nwrap_reentrant_enumeration);
-	torture_suite_add_simple_test(suite, "reentrant enumeration crosschecks", test_nwrap_reentrant_enumeration_crosschecks);
-	torture_suite_add_simple_test(suite, "membership", test_nwrap_membership);
-	torture_suite_add_simple_test(suite, "duplicates", test_nwrap_duplicates);
+	torture_suite_add_simple_test(suite, "enumeration", test_enumeration);
+	torture_suite_add_simple_test(suite, "reentrant enumeration", test_reentrant_enumeration);
+	torture_suite_add_simple_test(suite, "reentrant enumeration crosschecks", test_reentrant_enumeration_crosschecks);
+	torture_suite_add_simple_test(suite, "membership", test_membership);
+	torture_suite_add_simple_test(suite, "duplicates", test_duplicates);
 
 	return suite;
 }
-- 
2.1.0


From ed0186e620d3f5bd98e97e2de664388be1a1c854 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Mon, 2 Feb 2015 16:16:45 +0100
Subject: [PATCH 3/3] selftest: re-enable nsswrapper integration testing for dc
 and member environments.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There are some failures:

- The dc environment fails consistently due to duplicate uid,
  (for the calling user and the domain administrator).
  ==> Marked as knownfail.

- The s3member environment only fails under very strange
  circumstances:
  - one needs to run the unix.whoami test in the
    member and s3member environment for the local.nss
    test to fail in the s3member:local env. The failure
    is then related to builtin administrators sharing
    a gid with a different group.
    --> This is really really strange!!!
    ==> Marked as knownfail.

Pair-Programmed-With: Guenther Deschner <gd at samba.org>

Signed-off-by: Michael Adam <obnox at samba.org>
Signed-off-by: G?nther Deschner <gd at samba.org>
---
 selftest/knownfail        | 14 ++++++++++++++
 source3/selftest/tests.py |  5 ++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/selftest/knownfail b/selftest/knownfail
index fef56a1..b3cc2d6 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -273,6 +273,20 @@
 ^samba.wbinfo_simple.\(s4member:local\).--user-groups
 ^samba.nss.test using winbind\(s4member:local\)
 #
+# These fail since dc assigns the local user's uid to SAMBADOMAIN/Administrator
+# hence we have a duplicate UID in nsswitch.
+#
+^samba3.local.nss.reentrant enumeration crosschecks\(dc:local\)
+^samba3.local.nss.reentrant enumeration\(dc:local\)
+^samba3.local.nss.enumeration\(dc:local\)
+#
+# These fail only if we run the unix.whoami test before them
+# in the member and s3member environments. ==> Strange!!!
+#
+^samba3.local.nss.reentrant enumeration crosschecks\(s3member:local\)
+^samba3.local.nss.reentrant enumeration\(s3member:local\)
+^samba3.local.nss.enumeration\(s3member:local\)
+#
 # These just happen to fail for some reason (probably because they run against the s4 winbind)
 #
 ^samba4.winbind.struct.getdcname\(s3member:local\)
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index c60f531..1a881a8 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -280,7 +280,7 @@ rpc = ["rpc.authcontext", "rpc.samba3.bind", "rpc.samba3.srvsvc", "rpc.samba3.sh
        "rpc.netlogon.admin",
        "rpc.schannel", "rpc.schannel2", "rpc.bench-schannel1", "rpc.join", "rpc.bind"]
 
-local = ["local.ndr"]
+local = ["local.nss", "local.ndr"]
 
 idmap = [ "idmap.rfc2307" ]
 
@@ -372,6 +372,9 @@ for t in tests:
     elif t == "vfs.fruit":
         plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=torture:share1=vfs_fruit --option=torture:share2=tmp --option=torture:localdir=$SELFTEST_PREFIX/s3dc/share')
         plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=torture:share1=vfs_fruit --option=torture:share2=tmp --option=torture:localdir=$SELFTEST_PREFIX/plugin_s4_dc/share')
+    elif t == "local.nss":
+        for env in ["s3dc:local", "s3member:local", "member:local", "plugin_s4_dc:local", "dc:local"]:
+            plansmbtorture4testsuite(t, env, '//$SERVER/tmp -U$USERNAME%$PASSWORD')
     else:
         plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
         plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
-- 
2.1.0

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150216/89eb90e8/attachment.pgp>


More information about the samba-technical mailing list