1# 2# @(#) Test operation of WINBINDD_DOMAIN environment variable 3# 4 5load_lib "util-defs.exp" 6load_lib "$srcdir/lib/nsswitch-config.exp" 7 8# 9# @(#) Test that there is at least one domain user and domain group 10# @(#) in the output of getent passwd and getent group. 11# 12 13# Get list of users and groups 14 15set user_list [util_start "getent passwd"] 16set group_list [util_start "getent group"] 17 18verbose "user list is:\n$user_list" 19verbose "group list is:\n$group_list" 20 21# Check for domain users 22 23set no_dom 0 24 25if { ![regexp "$domain/" $user_list] } { 26 fail "no domain users in getent" 27 set no_dom 1 28} 29 30# Check for domain groups 31 32if { ![regexp "$domain/" $group_list] } { 33 fail "no domain groups in getent group" 34 set no_dom 1 35} 36 37if { $no_dom } { 38 return 39} 40 41# 42# @(#) Check for "leakage" between different domains using the 43# @(#) WINBINDD_DOMAIN environment variable. 44# 45 46verbose "Domain is $domain" 47 48set output [util_start "bin/wbinfo" "-m"] 49verbose "Trusted domains are $output" 50set trusted_domain_list [split $output "\n"] 51 52# Test simple inclusion by setting $WINBINDD_DOMAIN to each trusted domain 53# in turn and checking there are no users/groups from other domains in the 54# output of getent. 55 56set domain_list $trusted_domain_list 57lappend domain_list $domain 58 59foreach { the_domain } $domain_list { 60 61 set env(WINBINDD_DOMAIN) $the_domain 62 63 set user_out [util_start "getent passwd"] 64 set group_out [util_start "getent group"] 65 66 verbose "users in $the_domain:\n$user_out\n" 67 verbose "groups in $the_domain:\n$group_out\n" 68 69 # Users 70 71 set test_desc "users in WINBINDD_DOMAIN $the_domain" 72 set failed 0 73 74 foreach { user } [split $user_out "\n"] { 75 set user_name [lindex [split $user ":"] 0] 76 if { [regexp "/" $user_name] && ![regexp $the_domain $user_name]} { 77 set failed 1 78 } 79 } 80 81 if { $failed } { 82 fail $test_desc 83 } else { 84 pass $test_desc 85 } 86 87 # Groups 88 89 set test_desc "groups in WINBINDD_DOMAIN $the_domain" 90 set failed 0 91 92 foreach { group } [split $group_out "\n"] { 93 set group_name [lindex [split $group ":"] 0] 94 if { [regexp "/" $group_name] && ![regexp $the_domain $group_name]} { 95 set failed 1 96 } 97 } 98 99 if { $failed } { 100 fail $test_desc 101 } else { 102 pass $test_desc 103 } 104} 105 106# 107# @(#) Test inclusion of a dummy domain doesn't generate users/groups 108# @(#) from that domain. 109# 110 111set env(WINBINDD_DOMAIN) "asmithee" 112set user_out [util_start "getent passwd"] 113set group_out [util_start "getent group"] 114 115# Users 116 117set test_desc "users in different WINBINDD_DOMAIN" 118if { [regexp $domain $user_out] } { 119 fail $test_desc 120} else { 121 pass $test_desc 122} 123 124# Groups 125 126set test_desc "groups in different WINBINDD_DOMAIN" 127if { [regexp $domain $group_out] } { 128 fail $test_desc 129} else { 130 pass $test_desc 131} 132 133# 134# @(#) Test comma separated inclusion of dummy domain doesn't generate 135# @(#) users/groups in the dummy domain. 136# 137 138foreach { the_domain } $domain_list { 139 set env(WINBINDD_DOMAIN) "$the_domain,asmithee" 140 set user_out [util_start "getent passwd"] 141 set group_out [util_start "getent group"] 142 143 verbose "users in $the_domain:\n$user_out\n" 144 verbose "groups in $the_domain:\n$group_out\n" 145 146 # Users 147 148 set test_desc "users in comma separated WINBINDD_DOMAIN $the_domain" 149 set failed 0 150 151 foreach { user } [split $user_out "\n"] { 152 set user_name [lindex [split $user ":"] 0] 153 if { [regexp "/" $user_name] && ![regexp $the_domain $user_name]} { 154 set failed 1 155 } 156 } 157 158 if { $failed } { 159 fail $test_desc 160 } else { 161 pass $test_desc 162 } 163 164 # Groups 165 166 set test_desc "groups in comma separated WINBINDD_DOMAIN $the_domain" 167 set failed 0 168 169 foreach { group } [split $group_out "\n"] { 170 set group_name [lindex [split $group ":"] 0] 171 if { [regexp "/" $group_name] && ![regexp $the_domain $group_name]} { 172 set failed 1 173 } 174 } 175 176 if { $failed } { 177 fail $test_desc 178 } else { 179 pass $test_desc 180 } 181} 182 183# 184# @(#) Test two comma separated dummy domains do not generate any domain 185# @(#) users or groups. 186# 187 188foreach { the_domain } $domain_list { 189 190 set env(WINBINDD_DOMAIN) "moose,asmithee" 191 set user_out [util_start "getent passwd"] 192 set group_out [util_start "getent group"] 193 194 verbose "users in $the_domain:\n$user_out\n" 195 verbose "groups in $the_domain:\n$group_out\n" 196 197 # Users 198 199 set test_desc "users in comma separated invalid WINBINDD_DOMAIN" 200 if { [regexp $the_domain $user_out] } { 201 fail $test_desc 202 } else { 203 pass $test_desc 204 } 205 206 # Groups 207 208 set test_desc "groups in comma separated invalid WINBINDD_DOMAIN" 209 if { [regexp $the_domain $group_out] } { 210 fail $test_desc 211 } else { 212 pass $test_desc 213 } 214} 215 216set env(WINBINDD_DOMAIN) "" 217 218# 219# @(#) Test _NO_WINBINDD doesn't return any domain users or groups 220# 221 222set env(_NO_WINBINDD) "1" 223set user_out [util_start "getent passwd"] 224set group_out [util_start "getent group"] 225 226verbose "users with _NO_WINBINDD:\n$user_out\n" 227verbose "groups with _NO_WINBINDD:\n$group_out\n" 228 229foreach { the_domain } $domain_list { 230 231 # Users 232 233 set test_desc "users found with _NO_WINBINDD environment variable set" 234 if { [regexp $the_domain $user_out] } { 235 fail $test_desc 236 } else { 237 pass $test_desc 238 } 239 240 # Groups 241 242 set test_desc "groups found with _NO_WINBINDD environment variable set" 243 if { [regexp $the_domain $group_out] } { 244 fail $test_desc 245 } else { 246 pass $test_desc 247 } 248} 249 250# Unset _NO_WINBINDD and make sure everything still works 251 252unset env(_NO_WINBINDD) 253 254set user_out [util_start "getent passwd"] 255set group_out [util_start "getent group"] 256 257verbose "users with _NO_WINBINDD unset:\n$user_out\n" 258verbose "groups with _NO_WINBINDD unset:\n$group_out\n" 259 260# Users 261 262set test_desc "no users found with _NO_WINBINDD environment variable set" 263if { $user_out != $user_list } { 264 fail $test_desc 265} else { 266 pass $test_desc 267} 268 269# Groups 270 271set test_desc "no groups found with _NO_WINBINDD environment variable set" 272if { $group_out != $group_list } { 273 fail $test_desc 274} else { 275 pass $test_desc 276} 277 278# Make sure we unset the environment vars so we don't cause subsequent tests 279# any grief. 280 281catch { unset env(WINBINDD_DOMAIN) } tmp 282catch { unset env(_NO_WINBINDD) } tmp 283