1# 2# @(#) Test wbinfo client access to winbind daemon 3# 4 5load_lib "util-defs.exp" 6load_lib "$srcdir/lib/nsswitch-config.exp" 7load_lib "$srcdir/lib/default-nt-names.exp" 8 9# Name types 10 11set SID_NAME_USER 1 12set SID_NAME_DOM_GRP 2 13set SID_NAME_DOMAIN 3 14set SID_NAME_ALIAS 4 15set SID_NAME_UNKNOWN 8 16 17# Get list of users and groups 18 19set user_list [util_start "bin/wbinfo" "-u"] 20set group_list [util_start "bin/wbinfo" "-g"] 21 22verbose "user list is:\n$user_list" 23verbose "group list is:\n$group_list" 24 25set user_list [split $user_list "\n"] 26set group_list [split $group_list "\n"] 27 28# 29# @(#) Check list of users and groups contain default NT user and group 30# @(#) names 31# 32 33# Users 34 35foreach { user } $domain_users { 36 set test_desc "user $user in wbinfo domain users" 37 if {![regexp $user $user_list]} { 38 fail $test_desc 39 } else { 40 pass $test_desc 41 } 42} 43 44# Groups 45 46foreach { group } $domain_groups { 47 set test_desc "group $group in wbinfo domain groups" 48 if {![regexp $group $group_list]} { 49 fail $test_desc 50 } else { 51 pass $test_desc 52 } 53} 54 55# 56# @(#) Lookup sids for all user and group names returned by wbinfo 57# 58 59# Users 60 61foreach { user } $user_list { 62 set test_desc "get sid for user $user" 63 set output [util_start "bin/wbinfo" "-n \"$user\""] 64 65 verbose $output 66 67 # Split output into name and name_type 68 69 set list [split $output " "] 70 set sid_type [lindex $list [expr [llength $list] - 1]] 71 set sid [join [lrange $list 0 [expr [llength $list] - 2]] " "] 72 73 if { ![regexp "S-" $sid] } { 74 fail $test_desc 75 } else { 76 pass $test_desc 77 } 78 79 set test_desc "sid type for user $user" 80 if { $sid_type != $SID_NAME_USER } { 81 fail $test_desc 82 } else { 83 pass $test_desc 84 } 85 86 lappend user_sid_list $sid 87} 88 89# Groups 90 91foreach { group } $group_list { 92 set test_desc "get sid for group $group" 93 set output [util_start "bin/wbinfo" "-n \"$group\""] 94 95 verbose $output 96 97 # Split output into sid and sid type 98 99 set list [split $output " "] 100 set sid_type [lindex $list [expr [llength $list] - 1]] 101 set sid [join [lrange $list 0 [expr [llength $list] - 2]] " "] 102 103 if { ![regexp "S-" $sid] } { 104 fail $test_desc 105 } else { 106 pass $test_desc 107 } 108 109 set test_desc "sid type for group group" 110 if { $sid_type != $SID_NAME_DOM_GRP } { 111 fail $test_desc 112 } else { 113 pass $test_desc 114 } 115 116 lappend group_sid_list $sid 117} 118 119# 120# @(#) Check reverse lookup of sids to names 121# 122 123# Users 124 125set count 0 126 127foreach { sid } $user_sid_list { 128 set test_desc "reverse user name lookup for sid $sid" 129 set output [util_start "bin/wbinfo" "-s $sid"] 130 131 verbose $output 132 133 # Split output into name and name_type 134 135 set list [split $output " "] 136 set name_type [lindex $list [expr [llength $list] - 1]] 137 set name [join [lrange $list 0 [expr [llength $list] - 2]] " "] 138 139 if { $name != [lindex $user_list $count] } { 140 fail $test_desc 141 } else { 142 pass $test_desc 143 } 144 145 set test_desc "reverse user name type lookup for sid $sid" 146 147 if { $name_type != 1 } { 148 fail $test_desc 149 } else { 150 pass $test_desc 151 } 152 153 incr count 154} 155 156# Groups 157 158set count 0 159 160foreach { sid } $group_sid_list { 161 set test_desc "reverse group name lookup for sid $sid" 162 set output [util_start "bin/wbinfo" "-s $sid"] 163 164 verbose $output 165 166 # Split output into name and name_type 167 168 set list [split $output " "] 169 set name_type [lindex $list [expr [llength $list] - 1]] 170 set name [join [lrange $list 0 [expr [llength $list] - 2]] " "] 171 172 if { $name != [lindex $group_list $count] } { 173 fail $test_desc 174 } else { 175 pass $test_desc 176 } 177 178 set test_desc "reverse group name type lookup for sid $sid" 179 180 if { $name_type != 2 } { 181 fail $test_desc 182 } else { 183 pass $test_desc 184 } 185 186 incr count 187} 188 189# 190# @(#) Cross-check the output of wbinfo -n, getent passwd/group and 191# @(#) wbinfo -S 192# 193 194# Get mapped list of uids from winbindd 195 196set output [util_start "getent" "passwd"] 197set user_list [split $output "\n"] 198 199foreach { user_entry } $user_list { 200 if { [regexp $domain $user_entry] } { 201 set field_list [split $user_entry ":"] 202 set name_output [util_start "bin/wbinfo" \ 203 "-n \"[lindex $field_list 0]\""] 204 set list [split $name_output " "] 205 set name_type [lindex $list [expr [llength $list] - 1]] 206 set name [join [lrange $list 0 [expr [llength $list] - 2]] " "] 207 set username_uid_sid [lappend username_uid_sid [list \ 208 [lindex $field_list 0] \ 209 [lindex $field_list 2] \ 210 $name]] 211 } 212} 213 214# Get mapped list of gids from winbindd 215 216set output [util_start "getent" "group"] 217set group_list [split $output "\n"] 218 219foreach { group_entry } $group_list { 220 if { [regexp $domain $group_entry] } { 221 set field_list [split $group_entry ":"] 222 set groupname_gid_sid [lappend groupname_gid_sid [list \ 223 [lindex $field_list 0] \ 224 [lindex $field_list 2] \ 225 [util_start "bin/wbinfo" "-n \"[lindex $field_list 0]\""]]] 226 } 227} 228 229# OK, now we have enough info to cross-check the uid/gid -> sid and 230# sid -> uid/gid functions 231 232foreach { user } $username_uid_sid { 233 set sid [util_start "bin/wbinfo" "-U [lindex $user 1]"] 234 set uid [util_start "bin/wbinfo" "-S [lindex $user 2]"] 235 236 set test_desc "lookup sid by uid [lindex $user 1]" 237 238 if { $sid != [lindex $user 2] } { 239 fail $test_desc 240 } else { 241 pass $test_desc 242 } 243 244 set test_desc "lookup uid by sid [lindex $user 2]" 245 246 if { $uid != [lindex $user 1] } { 247 fail $test_desc 248 } else { 249 pass $test_desc 250 } 251} 252 253foreach { group } $groupname_gid_sid { 254 set sid [util_start "bin/wbinfo" "-G [lindex $group 1]"] 255 set gid [util_start "bin/wbinfo" "-Y [lindex $group 2]"] 256 257 set test_desc "lookup sid by gid [lindex $group 1]" 258 259 if { $sid != [lindex [split [lindex $group 2] " "] 0] || 260 [lindex [split [lindex $group 2] " " ] 1] != 2 } { 261 fail $test_desc 262 } else { 263 pass $test_desc 264 } 265 266 set test_desc "lookup gid by sid [lindex $group 2]" 267 268 if { $gid != [lindex $group 1] } { 269 fail $test_desc 270 } else { 271 pass $test_desc 272 } 273} 274 275# Check exit codes 276 277proc check_errcode { args } { 278 global errorCode 279 set test_desc [lindex $args 0] 280 set cmd [lindex $args 1] 281 set result [lindex $args 2] 282 283 set errorCode "" 284 verbose "Spawning $cmd" 285 catch "exec $cmd" output 286 set exit_code [lindex $errorCode 2] 287 if { $exit_code == "" } { set exit_code 0 } 288 289 if { $exit_code == $result } { 290 verbose "process returned correct exit code $exit_code" 291 pass $test_desc 292 } else { 293 verbose "process returned bad exit code $exit_code instead of $result" 294 fail $test_desc 295 } 296} 297 298set gooduser_name [lindex [split [lindex $user_list 0] ":"] 0] 299set gooduser_sid [util_start "bin/wbinfo" "-n $gooduser_name"] 300 301set goodgroup_name [lindex [split [lindex $group_list 0] ":"] 0] 302set goodgroup_sid [util_start "bin/wbinfo" "-n $goodgroup_name"] 303 304# Some conditions not tested: 305# - bad list users/groups 306# - good uid/gid to sid 307 308set errcode_tests [list \ 309 { "exit code, no arg" "bin/wbinfo" 1 } \ 310 { "exit code, invalid arg" "bin/wbinfo -@" 1 } \ 311 { "exit code, list users" "bin/wbinfo -u" 0 } \ 312 { "exit code, list groups" "bin/wbinfo -g" 0 } \ 313 { "exit code, good name to sid" "bin/wbinfo -n $gooduser_name" 0 } \ 314 { "exit code, bad name to sid" "bin/wbinfo -n asmithee" 1 } \ 315 { "exit code, good sid to name" "bin/wbinfo -s $gooduser_sid" 0 } \ 316 { "exit code, bad sid to name" "bin/wbinfo -s S-1234" 1 } \ 317 { "exit code, bad uid to sid" "bin/wbinfo -U 0" 1 } \ 318 { "exit code, bad gid to sid" "bin/wbinfo -G 0" 1} \ 319 { "exit code, good sid to uid" "bin/wbinfo -S $gooduser_sid" 0 } \ 320 { "exit code, bad sid to uid" "bin/wbinfo -S S-1234" 1 } \ 321 { "exit code, good sid to gid" "bin/wbinfo -Y $goodgroup_sid" 0 } \ 322 { "exit code, bad sid to gid" "bin/wbinfo -Y S-1234" 1 } \ 323 ] 324 325foreach { test } $errcode_tests { 326 check_errcode [lindex $test 0] [lindex $test 1] [lindex $test 2] 327} 328 329# Test enumerate trusted domains 330 331set test_desc "enumerate trusted domains" 332set output [util_start "bin/wbinfo" "-m"] 333 334verbose $output 335 336foreach { the_domain } $output { 337 if { $the_domain == $domain} { 338 fail "own domain appears in trusted list" 339 } 340} 341 342if {[regexp "Usage" $output] || [regexp "Could not" $output]} { 343 fail $test_desc 344} else { 345 pass $test_desc 346} 347 348# Test check machine account 349 350set test_desc "check machine account" 351set output [util_start "bin/wbinfo" "-t"] 352 353verbose $output 354 355if {[regexp "Usage" $output] || [regexp "Could not" $output] || \ 356 ![regexp "(good|bad)" $output]} { 357 fail $test_desc 358} else { 359 pass $test_desc 360} 361