The branch, master has been updated
via bc9e121 s4-torture: Expand whoami test to confirm the user token.
via 0624351 s4-torture: Change the unix.whoami test to use
torture_assert()
from 5ec4305 ntdb: fix occasional abort in testing.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit bc9e12183f98225d165541448391d896faf4ab7b
Author: Andrew Bartlett <[email protected]>
Date: Wed Jun 20 18:23:18 2012 +1000
s4-torture: Expand whoami test to confirm the user token.
This uses the tokenGroups attribute on LDAP and the posix whoami call
to confirm that user token matches between LDAP and CIFS.
I have a seperate patch for the anonymous case, because this isn't
consistent at this stage, and we need to study and fix that.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <[email protected]>
Autobuild-Date(master): Wed Jun 20 18:43:43 CEST 2012 on sn-devel-104
commit 06243510dc9e7c29b6a92c2dfe782763e348cebd
Author: Andrew Bartlett <[email protected]>
Date: Wed Jun 20 17:26:48 2012 +1000
s4-torture: Change the unix.whoami test to use torture_assert()
-----------------------------------------------------------------------
Summary of changes:
source3/selftest/tests.py | 2 +-
source4/torture/unix/whoami.c | 87 +++++++++++++++++++++++++++++------------
2 files changed, 63 insertions(+), 26 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 0d3bf04..11056b9 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -304,7 +304,7 @@ for t in tests:
plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmp
-U$USERNAME%$PASSWORD --option=doscharset=ISO-8859-1')
elif t == "unix.whoami":
plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest
-U$USERNAME%$PASSWORD')
- plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest
-U$USERNAME%$PASSWORD')
+ plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest
-U$USERNAME%$PASSWORD --option=torture:addc=true')
elif t == "raw.samba3posixtimedlock":
plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest
-U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/s3dc/share')
plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest
-U$USERNAME%$PASSWORD
--option=torture:localdir=$SELFTEST_PREFIX/plugin_s4_dc/share')
diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c
index 1e79d7e..3022827 100644
--- a/source4/torture/unix/whoami.c
+++ b/source4/torture/unix/whoami.c
@@ -25,6 +25,12 @@
#include "auth/credentials/credentials.h"
#include "param/param.h"
#include "libcli/resolve/resolve.h"
+#include <ldb.h>
+#include "lib/util/util_ldb.h"
+#include "ldb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+#include "../libcli/security/security.h"
+
/* Size (in bytes) of the required fields in the SMBwhoami response. */
#define WHOAMI_REQUIRED_SIZE 40
@@ -92,7 +98,7 @@ static struct smbcli_state *connect_to_server(struct
torture_context *tctx,
return cli;
}
-static bool sid_parse(void *mem_ctx,
+static bool whoami_sid_parse(void *mem_ctx,
struct torture_context *torture,
DATA_BLOB *data, size_t *offset,
struct dom_sid **psid)
@@ -248,7 +254,7 @@ static bool smb_raw_query_posix_whoami(void *mem_ctx,
"out of memory");
for (i = 0; i < whoami->num_sids; ++i) {
- if (!sid_parse(mem_ctx, torture,
+ if (!whoami_sid_parse(mem_ctx, torture,
&tp.out.data, &offset,
&whoami->sid_list[i])) {
return false;
@@ -264,31 +270,61 @@ static bool smb_raw_query_posix_whoami(void *mem_ctx,
return true;
}
+static bool test_against_ldap(struct torture_context *torture, struct
ldb_context *ldb, struct smb_whoami *whoami)
+{
+ struct ldb_message *msg;
+ struct ldb_message_element *el;
+
+ const char *attrs[] = { "tokenGroups", NULL };
+ int i;
+
+ torture_assert_int_equal(torture, dsdb_search_one(ldb, torture, &msg,
NULL, LDB_SCOPE_BASE, attrs, 0, NULL), LDB_SUCCESS, "searching for
tokenGroups");
+ el = ldb_msg_find_element(msg, "tokenGroups");
+ torture_assert(torture, el, "obtaining tokenGroups");
+ torture_assert_int_equal(torture, el->num_values, whoami->num_sids,
"Number of SIDs from LDAP and number of SIDs from CIFS does not match!");
+
+ for (i = 0; i < el->num_values; i++) {
+ struct dom_sid *sid = talloc(torture, struct dom_sid);
+ torture_assert(torture, sid != NULL, "talloc failed");
+
+ torture_assert(torture, sid_blob_parse(el->values[i], sid),
"sid parse failed");
+ torture_assert_str_equal(torture, dom_sid_string(sid, sid),
dom_sid_string(sid, whoami->sid_list[i]), "SID from LDAP and SID from CIFS does
not match!");
+ talloc_free(sid);
+ }
+ return true;
+}
+
bool torture_unix_whoami(struct torture_context *torture)
{
struct smbcli_state *cli;
struct cli_credentials *anon_credentials;
struct smb_whoami whoami;
+ bool ret;
+ struct ldb_context *ldb;
- if (!(cli = connect_to_server(torture, cmdline_credentials))) {
- return false;
- }
+ cli = connect_to_server(torture, cmdline_credentials);
+ torture_assert(torture, cli, "connecting to server with authenticated
credentials");
/* Test basic authenticated mapping. */
- printf("calling SMB_QFS_POSIX_WHOAMI on an authenticated connection\n");
- if (!smb_raw_query_posix_whoami(torture, torture,
- cli, &whoami, 0xFFFF)) {
- smbcli_tdis(cli);
- return false;
+ torture_assert_goto(torture, smb_raw_query_posix_whoami(torture,
torture,
+ cli, &whoami, 0xFFFF),
ret, fail,
+ "calling SMB_QFS_POSIX_WHOAMI on an authenticated
connection");
+
+ if (torture_setting_bool(torture, "addc", false)) {
+ ldb = ldb_wrap_connect(torture, torture->ev, torture->lp_ctx,
talloc_asprintf(torture, "ldap://%s";, torture_setting_string(torture, "host",
NULL)),
+ NULL, cmdline_credentials, 0);
+ torture_assert(torture, ldb, "ldb connect failed");
+
+ /* We skip this testing if we could not contact the LDAP server
*/
+ if (!test_against_ldap(torture, ldb, &whoami)) {
+ goto fail;
+ }
}
/* Test that the server drops the UID and GID list. */
- printf("calling SMB_QFS_POSIX_WHOAMI with a small buffer\n");
- if (!smb_raw_query_posix_whoami(torture, torture,
- cli, &whoami, 0x40)) {
- smbcli_tdis(cli);
- return false;
- }
+ torture_assert_goto(torture, smb_raw_query_posix_whoami(torture,
torture,
+ cli, &whoami, 0x40), ret,
fail,
+ "calling SMB_QFS_POSIX_WHOAMI with a small buffer\n");
torture_assert_int_equal(torture, whoami.num_gids, 0,
"invalid GID count");
@@ -299,18 +335,15 @@ bool torture_unix_whoami(struct torture_context *torture)
smbcli_tdis(cli);
- printf("calling SMB_QFS_POSIX_WHOAMI on an anonymous connection\n");
+ torture_comment(torture, "calling SMB_QFS_POSIX_WHOAMI on an anonymous
connection\n");
anon_credentials = cli_credentials_init_anon(torture);
- if (!(cli = connect_to_server(torture, anon_credentials))) {
- return false;
- }
+ cli = connect_to_server(torture, anon_credentials);
+ torture_assert(torture, cli, "calling SMB_QFS_POSIX_WHOAMI on an
anonymous connection");
- if (!smb_raw_query_posix_whoami(torture, torture,
- cli, &whoami, 0xFFFF)) {
- smbcli_tdis(cli);
- return false;
- }
+ torture_assert_goto(torture, smb_raw_query_posix_whoami(torture,
torture,
+ cli, &whoami,
0xFFFF), ret, fail,
+ "calling SMB_QFS_POSIX_WHOAMI on an anonymous
connection");
smbcli_tdis(cli);
@@ -327,6 +360,10 @@ bool torture_unix_whoami(struct torture_context *torture)
}
return true;
+fail:
+
+ smbcli_tdis(cli);
+ return ret;
}
/* vim: set sts=8 sw=8 : */
--
Samba Shared Repository
