[PATCH] DRAFT: Add new test which covers force user bug
Uri Simchoni
uri at samba.org
Tue Feb 2 19:15:53 UTC 2016
Robin,
Here's a slightly modified patch with rebase and my notes applied, let
me know if that suits you.
Hopefully we'll get all "force user" tests together into a new test
suite as Andreas suggested.
What I meant by "has to run on all envs" was that the new setup for
force-user-valid-users testing is only in the fileserver env (as many
other setups), and samba3.blackbox.smbclient_auth.plain test suite runs
on all envs. Therefore if we "just" add a line that tries to connect to
the new share, it would work on fileserver env but fail on other envs.
Thanks,
Uri.
On 02/02/2016 04:37 PM, Robin Hack wrote:
> Hi Uri and Andreas.
>
> Thank you for your feedback. I must admit that I didn't explore samba
> testsuite fully.
>
> I agree that source3/script/tests/test_smbclient_auth.sh is much
> better place to live :).
>
> However.
>
> I don't think that add one line to
> samba3.blackbox.smbclient_auth.plain would work. I really need to use
> group with exactly same name as user have. I created one user and
> group named: force_user.
> Should I hardcode user name and group name to test-shell script?
> Or extend parameters of script?
>
> Uri, what do you mean by: "it has to run on all envs."?
>
> Patch need rebase because new tests were added :).
>
> Thank you and have nice day
> Robin Hack
>
> On Mon, Feb 1, 2016 at 7:17 PM, Uri Simchoni <uri at samba.org> wrote:
>> Yeah, OK.
>> samba3.blackbox.smbclient_auth.plain seemed like a place where adding the
>> test would be just adding a line, but it won't work - it has to run on all
>> envs. samba3.blackbox.valid_users is not where we want it - it should be
>> with other "force user" tests eventually.
>>
>> The patch does need the other fixes I pointed out, and re-basing (I tried
>> doing the fixes myself but due to the rebase need, I cannot apply it with
>> git am and applying with "patch" would lose all the gitness of the patch :))
>>
>> Thanks,
>> Uri.
>>
>>
>> On 02/01/2016 12:18 PM, Andreas Schneider wrote:
>>> On Wednesday 27 January 2016 13:17:04 Uri Simchoni wrote:
>>>> It appears to me that the essence of this new test suite is to perform a
>>>> successful tree-connect to the force_user_valid_users share, using
>>>> $USERNAME/$PASSWORD credentials. Can't it be just added as another test
>>>> to an existing test suite that tests similar things using similar
>>>> techniques? Good candidates are:
>>>> - samba3.blackbox.valid_users
>>>> - samba3.blackbox.smbclient_auth.plain
>>>>
>>>> (actually I think the two test suites should be merged, or that all
>>>> "force user" test should be combined in a separate test suite, where it
>>>> can be verified not only that the tree-connect succeeds, but also that
>>>> the force-user works, e.g. by creating a file and doing smbcacls on it -
>>>> but that can be done later. In the meantime I don't see a reason for
>>>> adding another test suite)
>>> I think we should move all 'force user' test to a new test. Could we push
>>> the
>>> patch upstream and then work on merging them?
>>>
>>>
>>> -- andreas
>>>
-------------- next part --------------
From d3fe5b7200a36f52604733c2f963689f1fe27738 Mon Sep 17 00:00:00 2001
From: Robin Hack <rhack at redhat.com>
Date: Fri, 4 Dec 2015 14:50:56 +0100
Subject: [PATCH] samba3.blackbox.smbclient.forceuser_validusers: Add new test
for force user option.
Test covers commit
cf0934caf282f4ade8c8a701b0e40b68a2f17ace
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9878
RH BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1077651
How to test:
$ make -j test TESTS="samba3.blackbox.smbclient.forceuser_validusers"
RESULD: Should PASS
$ git revert cf0934caf282f4ade8c8a701b0e40b68a2f17ace
$ make -j test TESTS="samba3.blackbox.smbclient.forceuser_validusers"
RESULT: Should FAIL
Signed-off-by: Robin Hack <rhack at redhat.com>
Reviewed-by: Uri Simchoni <uri at samba.org>
---
selftest/target/Samba3.pm | 35 +++++++++++++-
source3/script/tests/test_forceuser_validusers.sh | 59 +++++++++++++++++++++++
source3/selftest/tests.py | 1 +
3 files changed, 93 insertions(+), 2 deletions(-)
create mode 100755 source3/script/tests/test_forceuser_validusers.sh
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 5002a81..076bcb1 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -599,6 +599,9 @@ sub setup_fileserver($$)
my $offline_sharedir="$share_dir/offline";
push(@dirs,$offline_sharedir);
+ my $force_user_valid_users_dir = "$share_dir/force_user_valid_users";
+ push(@dirs, $force_user_valid_users_dir);
+
my $fileserver_options = "
[lowercase]
path = $lower_case_share_dir
@@ -624,6 +627,16 @@ sub setup_fileserver($$)
[offline]
path = $offline_sharedir
vfs objects = offline
+
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=9878
+# RH BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1077651
+[force_user_valid_users]
+ path = $force_user_valid_users_dir
+ comment = force user with valid users combination test share
+ valid users = +force_user
+ force user = force_user
+ force group = everyone
+ write list = force_user
";
my $vars = $self->provision($path,
@@ -1266,10 +1279,12 @@ sub provision($$$$$$$$)
my ($max_uid, $max_gid);
my ($uid_nobody, $uid_root, $uid_pdbtest, $uid_pdbtest2, $uid_userdup);
my ($uid_pdbtest_wkn);
+ my ($uid_force_user);
my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins);
my ($gid_userdup, $gid_everyone);
+ my ($gid_force_user);
- if ($unix_uid < 0xffff - 5) {
+ if ($unix_uid < 0xffff - 7) {
$max_uid = 0xffff;
} else {
$max_uid = $unix_uid;
@@ -1281,8 +1296,9 @@ sub provision($$$$$$$$)
$uid_pdbtest2 = $max_uid - 4;
$uid_userdup = $max_uid - 5;
$uid_pdbtest_wkn = $max_uid - 6;
+ $uid_force_user = $max_uid - 7;
- if ($unix_gids[0] < 0xffff - 7) {
+ if ($unix_gids[0] < 0xffff - 8) {
$max_gid = 0xffff;
} else {
$max_gid = $unix_gids[0];
@@ -1295,6 +1311,7 @@ sub provision($$$$$$$$)
$gid_domadmins = $max_gid - 5;
$gid_userdup = $max_gid - 6;
$gid_everyone = $max_gid - 7;
+ $gid_force_user = $max_gid - 8;
##
## create conffile
@@ -1659,6 +1676,7 @@ pdbtest:x:$uid_pdbtest:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
pdbtest2:x:$uid_pdbtest2:$gid_nogroup:pdbtest gecos:$prefix_abs:/bin/false
userdup:x:$uid_userdup:$gid_userdup:userdup gecos:$prefix_abs:/bin/false
pdbtest_wkn:x:$uid_pdbtest_wkn:$gid_everyone:pdbtest_wkn gecos:$prefix_abs:/bin/false
+force_user:x:$uid_force_user:$gid_force_user:force user gecos:$prefix_abs:/bin/false
";
if ($unix_uid != 0) {
print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false
@@ -1677,6 +1695,7 @@ domusers:X:$gid_domusers:
domadmins:X:$gid_domadmins:
userdup:x:$gid_userdup:$unix_name
everyone:x:$gid_everyone:
+force_user:x:$gid_force_user:
";
if ($unix_gids[0] != 0) {
print GROUP "root:x:$gid_root:
@@ -1739,6 +1758,18 @@ everyone:x:$gid_everyone:
warn("Unable to set password for test account\n$cmd");
return undef;
}
+
+ # Add another user named: force_user
+ my $cmd = "UID_WRAPPER_ROOT=1 " . Samba::bindir_path($self, "smbpasswd")." -c $conffile -L -s -a force_user > /dev/null";
+ unless (open(PWD, "|$cmd")) {
+ warn("Unable to set password for test account force_user\n$cmd");
+ return undef;
+ }
+ print PWD "$password\n$password\n";
+ unless (close(PWD)) {
+ warn("Unable to set password for test account force_user\n$cmd");
+ return undef;
+ }
print "DONE\n";
open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list");
diff --git a/source3/script/tests/test_forceuser_validusers.sh b/source3/script/tests/test_forceuser_validusers.sh
new file mode 100755
index 0000000..07aa1a5
--- /dev/null
+++ b/source3/script/tests/test_forceuser_validusers.sh
@@ -0,0 +1,59 @@
+#!/bin/sh
+#
+# Blackbox test for share with force user settings
+#
+
+if [ $# -lt 6 ]; then
+cat <<EOF
+Usage: test_forceuser.sh SERVER DOMAIN USERNAME PASSWORD LOCAL_PATH SMBCLIENT <smbclient arguments>
+EOF
+exit 1;
+fi
+
+SERVER="$1"
+DOMAIN="$2"
+USERNAME="force_user"
+PASSWORD="$4"
+LOCAL_PATH="$5"
+SMBCLIENT="$6"
+SMBCLIENT="$VALGRIND ${SMBCLIENT}"
+shift 6
+ADDARGS="$*"
+failed=0
+
+
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+
+run_cmd_nooutput() {
+ CMD="$1"
+
+ out=`eval ${CMD} &> TESTOUT`
+ if [ $? != 0 ] ; then
+ cat TESTOUT
+ rm -f TESTOUT
+ echo "command failed"
+ false
+ return
+ fi
+
+ rm -f TESTOUT
+ true
+ return
+}
+
+test_force_user_valid_users()
+{
+ SMB_SHARE="force_user_valid_users"
+ run_cmd_nooutput "${SMBCLIENT} //${SERVER}/${SMB_SHARE} -U$USERNAME%$PASSWORD -c 'ls'"
+}
+
+# Test
+testit "force user not works when combined with valid users" \
+ test_force_user_valid_users || failed=`expr $failed + 1`
+
+# Cleanup
+
+# Results
+testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 42119cc..b2bae75 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -181,6 +181,7 @@ for env in ["fileserver"]:
plantestsuite("samba3.blackbox.valid_users (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_valid_users.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$PREFIX', smbclient3])
plantestsuite("samba3.blackbox.offline (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_offline.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/offline', smbclient3])
plantestsuite("samba3.blackbox.shadow_copy2 (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_shadow_copy.sh"), '$SERVER', '$SERVER_IP', '$DOMAIN', '$USERNAME', '$PASSWORD', '$LOCAL_PATH/shadow', smbclient3])
+ plantestsuite("samba3.blackbox.smbclient.forceuser_validusers (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_forceuser_validusers.sh"), '$SERVER', '$DOMAIN', '$USERNAME', '$PASSWORD', '$LOCAL_PATH', smbclient3])
#
# tar command tests
--
2.5.0
More information about the samba-technical
mailing list