1#
2# @(#) Test operation of WINBINDD_DOMAIN environment variable
3#
4
5load_lib "util-defs.exp"
6load_lib "$srcdir/lib/nsswitch-config.exp"
7
8#
9#   @(#) Test that there is at least one domain user and domain group
10#   @(#) in the output of getent passwd and getent group.
11#
12
13# Get list of users and groups
14
15set user_list [util_start "getent passwd"]
16set group_list [util_start "getent group"]
17
18verbose "user list is:\n$user_list"
19verbose "group list is:\n$group_list"
20
21# Check for domain users
22
23set no_dom 0
24
25if { ![regexp "$domain/" $user_list] } {
26    fail "no domain users in getent"
27    set no_dom 1
28}
29
30# Check for domain groups
31
32if { ![regexp "$domain/" $group_list] } {
33    fail "no domain groups in getent group"
34    set no_dom 1
35}
36
37if { $no_dom } {
38    return
39}
40
41#
42#   @(#) Check for "leakage" between different domains using the
43#   @(#) WINBINDD_DOMAIN environment variable.
44#
45
46verbose "Domain is $domain"
47
48set output [util_start "bin/wbinfo" "-m"]
49verbose "Trusted domains are $output"
50set trusted_domain_list [split $output "\n"]
51
52# Test simple inclusion by setting $WINBINDD_DOMAIN to each trusted domain
53# in turn and checking there are no users/groups from other domains in the
54# output of getent.
55
56set domain_list $trusted_domain_list
57lappend domain_list $domain
58
59foreach { the_domain } $domain_list {
60
61    set env(WINBINDD_DOMAIN) $the_domain
62
63    set user_out [util_start "getent passwd"]
64    set group_out [util_start "getent group"]
65
66    verbose "users in $the_domain:\n$user_out\n"
67    verbose "groups in $the_domain:\n$group_out\n"
68
69    # Users
70
71    set test_desc "users in WINBINDD_DOMAIN $the_domain"
72    set failed 0
73
74    foreach { user } [split $user_out "\n"] {
75	set user_name [lindex [split $user ":"] 0]
76	if { [regexp "/" $user_name] && ![regexp $the_domain $user_name]} {
77	    set failed 1
78	}
79    }
80
81    if { $failed } {
82	fail $test_desc
83    } else {
84	pass $test_desc
85    }
86
87    # Groups
88
89    set test_desc "groups in WINBINDD_DOMAIN $the_domain"
90    set failed 0
91
92    foreach { group } [split $group_out "\n"] {
93	set group_name [lindex [split $group ":"] 0]
94	if { [regexp "/" $group_name] && ![regexp $the_domain $group_name]} {
95	    set failed 1
96	}
97    }
98
99    if { $failed } {
100	fail $test_desc
101    } else {
102	pass $test_desc
103    }
104}
105
106#
107#   @(#) Test inclusion of a dummy domain doesn't generate users/groups
108#   @(#) from that domain.
109#
110
111set env(WINBINDD_DOMAIN) "asmithee"
112set user_out [util_start "getent passwd"]
113set group_out [util_start "getent group"]
114
115# Users
116
117set test_desc "users in different WINBINDD_DOMAIN"
118if { [regexp $domain $user_out] } {
119    fail $test_desc
120} else {
121    pass $test_desc
122}
123
124# Groups
125
126set test_desc "groups in different WINBINDD_DOMAIN"
127if { [regexp $domain $group_out] } {
128    fail $test_desc
129} else {
130    pass $test_desc
131}
132
133#
134#   @(#) Test comma separated inclusion of dummy domain doesn't generate
135#   @(#) users/groups in the dummy domain.
136#
137
138foreach { the_domain } $domain_list {
139    set env(WINBINDD_DOMAIN) "$the_domain,asmithee"
140    set user_out [util_start "getent passwd"]
141    set group_out [util_start "getent group"]
142
143    verbose "users in $the_domain:\n$user_out\n"
144    verbose "groups in $the_domain:\n$group_out\n"
145
146    # Users
147
148    set test_desc "users in comma separated WINBINDD_DOMAIN $the_domain"
149    set failed 0
150
151    foreach { user } [split $user_out "\n"] {
152	set user_name [lindex [split $user ":"] 0]
153	if { [regexp "/" $user_name] && ![regexp $the_domain $user_name]} {
154	    set failed 1
155	}
156    }
157
158    if { $failed } {
159	fail $test_desc
160    } else {
161	pass $test_desc
162    }
163
164    # Groups
165
166    set test_desc "groups in comma separated WINBINDD_DOMAIN $the_domain"
167    set failed 0
168
169    foreach { group } [split $group_out "\n"] {
170	set group_name [lindex [split $group ":"] 0]
171	if { [regexp "/" $group_name] && ![regexp $the_domain $group_name]} {
172	    set failed 1
173	}
174    }
175
176    if { $failed } {
177	fail $test_desc
178    } else {
179	pass $test_desc
180    }
181}
182
183#
184#   @(#) Test two comma separated dummy domains do not generate any domain
185#   @(#) users or groups.
186#
187
188foreach { the_domain } $domain_list {
189
190    set env(WINBINDD_DOMAIN) "moose,asmithee"
191    set user_out [util_start "getent passwd"]
192    set group_out [util_start "getent group"]
193
194    verbose "users in $the_domain:\n$user_out\n"
195    verbose "groups in $the_domain:\n$group_out\n"
196
197    # Users
198
199    set test_desc "users in comma separated invalid WINBINDD_DOMAIN"
200    if { [regexp $the_domain $user_out] } {
201	fail $test_desc
202    } else {
203	pass $test_desc
204    }
205
206    # Groups
207
208    set test_desc "groups in comma separated invalid WINBINDD_DOMAIN"
209    if { [regexp $the_domain $group_out] } {
210	fail $test_desc
211    } else {
212	pass $test_desc
213    }
214}
215
216set env(WINBINDD_DOMAIN) ""
217
218#
219#   @(#) Test _NO_WINBINDD doesn't return any domain users or groups
220#
221
222set env(_NO_WINBINDD) "1"
223set user_out [util_start "getent passwd"]
224set group_out [util_start "getent group"]
225
226verbose "users with _NO_WINBINDD:\n$user_out\n"
227verbose "groups with _NO_WINBINDD:\n$group_out\n"
228
229foreach { the_domain } $domain_list {
230
231    # Users
232
233    set test_desc "users found with _NO_WINBINDD environment variable set"
234    if { [regexp $the_domain $user_out] } {
235	fail $test_desc
236    } else {
237	pass $test_desc
238    }
239
240    # Groups
241
242    set test_desc "groups found with _NO_WINBINDD environment variable set"
243    if { [regexp $the_domain $group_out] } {
244	fail $test_desc
245    } else {
246	pass $test_desc
247    }
248}
249
250# Unset _NO_WINBINDD and make sure everything still works
251
252unset env(_NO_WINBINDD)
253
254set user_out [util_start "getent passwd"]
255set group_out [util_start "getent group"]
256
257verbose "users with _NO_WINBINDD unset:\n$user_out\n"
258verbose "groups with _NO_WINBINDD unset:\n$group_out\n"
259
260# Users
261
262set test_desc "no users found with _NO_WINBINDD environment variable set"
263if { $user_out != $user_list } {
264    fail $test_desc
265} else {
266    pass $test_desc
267}
268
269# Groups
270
271set test_desc "no groups found with _NO_WINBINDD environment variable set"
272if { $group_out != $group_list } {
273    fail $test_desc
274} else {
275    pass $test_desc
276}
277
278# Make sure we unset the environment vars so we don't cause subsequent tests
279# any grief.
280
281catch { unset env(WINBINDD_DOMAIN) } tmp
282catch { unset env(_NO_WINBINDD) } tmp
283