1#
2# @(#) Test wbinfo client access to winbind daemon
3#
4
5load_lib "util-defs.exp"
6load_lib "$srcdir/lib/nsswitch-config.exp"
7load_lib "$srcdir/lib/default-nt-names.exp"
8
9# Name types
10
11set SID_NAME_USER    1
12set SID_NAME_DOM_GRP 2
13set SID_NAME_DOMAIN  3
14set SID_NAME_ALIAS   4
15set SID_NAME_UNKNOWN 8
16
17# Get list of users and groups
18
19set user_list [util_start "bin/wbinfo" "-u"]
20set group_list [util_start "bin/wbinfo" "-g"]
21
22verbose "user list is:\n$user_list"
23verbose "group list is:\n$group_list"
24
25set user_list [split $user_list "\n"]
26set group_list [split $group_list "\n"]
27
28#
29#   @(#) Check list of users and groups contain default NT user and group
30#   @(#) names
31#
32
33# Users
34
35foreach { user } $domain_users {
36    set test_desc "user $user in wbinfo domain users"
37    if {![regexp $user $user_list]} {
38	fail $test_desc
39    } else {
40	pass $test_desc
41    }
42}
43
44# Groups
45
46foreach { group } $domain_groups {
47    set test_desc "group $group in wbinfo domain groups"
48    if {![regexp $group $group_list]} {
49	fail $test_desc
50    } else {
51	pass $test_desc
52    }
53}
54
55#
56#   @(#) Lookup sids for all user and group names returned by wbinfo
57#
58
59# Users
60
61foreach { user } $user_list {
62    set test_desc "get sid for user $user"
63    set output [util_start "bin/wbinfo" "-n \"$user\""]
64
65    verbose $output
66
67    # Split output into name and name_type
68
69    set list [split $output " "]
70    set sid_type [lindex $list [expr [llength $list] - 1]]
71    set sid [join [lrange $list 0 [expr [llength $list] - 2]] " "]
72
73    if { ![regexp "S-" $sid] } {
74	fail $test_desc
75    } else {
76	pass $test_desc
77    }
78
79    set test_desc "sid type for user $user"
80    if { $sid_type != $SID_NAME_USER } {
81	fail $test_desc
82    } else {
83	pass $test_desc
84    }
85
86    lappend user_sid_list $sid
87}
88
89# Groups
90
91foreach { group } $group_list {
92    set test_desc "get sid for group $group"
93    set output [util_start "bin/wbinfo" "-n \"$group\""]
94
95    verbose $output
96
97    # Split output into sid and sid type
98
99    set list [split $output " "]
100    set sid_type [lindex $list [expr [llength $list] - 1]]
101    set sid [join [lrange $list 0 [expr [llength $list] - 2]] " "]
102
103    if { ![regexp "S-" $sid] } {
104	fail $test_desc
105    } else {
106	pass $test_desc
107    }
108
109    set test_desc "sid type for group group"
110    if { $sid_type != $SID_NAME_DOM_GRP } {
111	fail $test_desc
112    } else {
113	pass $test_desc
114    }
115
116    lappend group_sid_list $sid
117}
118
119#
120#   @(#) Check reverse lookup of sids to names
121#
122
123# Users
124
125set count 0
126
127foreach { sid } $user_sid_list {
128    set test_desc "reverse user name lookup for sid $sid"
129    set output [util_start "bin/wbinfo" "-s $sid"]
130
131    verbose $output
132
133    # Split output into name and name_type
134
135    set list [split $output " "]
136    set name_type [lindex $list [expr [llength $list] - 1]]
137    set name [join [lrange $list 0 [expr [llength $list] - 2]] " "]
138
139    if { $name != [lindex $user_list $count] } {
140	fail $test_desc
141    } else {
142	pass $test_desc
143    }
144
145    set test_desc "reverse user name type lookup for sid $sid"
146
147    if { $name_type != 1 } {
148	fail $test_desc
149    } else {
150	pass $test_desc
151    }
152
153    incr count
154}
155
156# Groups
157
158set count 0
159
160foreach { sid } $group_sid_list {
161    set test_desc "reverse group name lookup for sid $sid"
162    set output [util_start "bin/wbinfo" "-s $sid"]
163
164    verbose $output
165
166    # Split output into name and name_type
167
168    set list [split $output " "]
169    set name_type [lindex $list [expr [llength $list] - 1]]
170    set name [join [lrange $list 0 [expr [llength $list] - 2]] " "]
171
172    if { $name != [lindex $group_list $count] } {
173	fail $test_desc
174    } else {
175	pass $test_desc
176    }
177
178    set test_desc "reverse group name type lookup for sid $sid"
179
180    if { $name_type != 2 } {
181	fail $test_desc
182    } else {
183	pass $test_desc
184    }
185
186    incr count
187}
188
189#
190#   @(#) Cross-check the output of wbinfo -n, getent passwd/group and
191#   @(#) wbinfo -S
192#
193
194# Get mapped list of uids from winbindd
195
196set output [util_start "getent" "passwd"]
197set user_list [split $output "\n"]
198
199foreach { user_entry } $user_list {
200    if { [regexp $domain $user_entry] } {
201	set field_list [split $user_entry ":"]
202	set name_output [util_start "bin/wbinfo" \
203		"-n \"[lindex $field_list 0]\""]
204	set list [split $name_output " "]
205	set name_type [lindex $list [expr [llength $list] - 1]]
206	set name [join [lrange $list 0 [expr [llength $list] - 2]] " "]
207	set username_uid_sid [lappend username_uid_sid [list \
208		[lindex $field_list 0] \
209		[lindex $field_list 2] \
210		$name]]
211    }
212}
213
214# Get mapped list of gids from winbindd
215
216set output [util_start "getent" "group"]
217set group_list [split $output "\n"]
218
219foreach { group_entry } $group_list {
220    if { [regexp $domain $group_entry] } {
221	set field_list [split $group_entry ":"]
222	set groupname_gid_sid [lappend groupname_gid_sid [list \
223		[lindex $field_list 0] \
224		[lindex $field_list 2] \
225		[util_start "bin/wbinfo" "-n \"[lindex $field_list 0]\""]]]
226    }
227}
228
229# OK, now we have enough info to cross-check the uid/gid -> sid and
230# sid -> uid/gid functions
231
232foreach { user } $username_uid_sid {
233    set sid [util_start "bin/wbinfo" "-U [lindex $user 1]"]
234    set uid [util_start "bin/wbinfo" "-S [lindex $user 2]"]
235
236    set test_desc "lookup sid by uid [lindex $user 1]"
237
238    if { $sid != [lindex $user 2] } {
239	fail $test_desc
240    } else {
241	pass $test_desc
242    }
243
244    set test_desc "lookup uid by sid [lindex $user 2]"
245
246    if { $uid != [lindex $user 1] } {
247	fail $test_desc
248    } else {
249	pass $test_desc
250    }
251}
252
253foreach { group } $groupname_gid_sid {
254    set sid [util_start "bin/wbinfo" "-G [lindex $group 1]"]
255    set gid [util_start "bin/wbinfo" "-Y [lindex $group 2]"]
256
257    set test_desc "lookup sid by gid [lindex $group 1]"
258
259    if { $sid != [lindex [split [lindex $group 2] " "] 0] ||
260         [lindex [split [lindex $group 2] " " ] 1] != 2 } {
261	fail $test_desc
262    } else {
263	pass $test_desc
264    }
265
266    set test_desc "lookup gid by sid [lindex $group 2]"
267
268    if { $gid != [lindex $group 1] } {
269	fail $test_desc
270    } else {
271	pass $test_desc
272    }
273}
274
275# Check exit codes
276
277proc check_errcode { args } {
278    global errorCode
279    set test_desc [lindex $args 0]
280    set cmd [lindex $args 1]
281    set result [lindex $args 2]
282
283    set errorCode ""
284    verbose "Spawning $cmd"
285    catch "exec $cmd" output
286    set exit_code [lindex $errorCode 2]
287    if { $exit_code == "" } { set exit_code 0 }
288
289    if { $exit_code == $result } {
290	verbose "process returned correct exit code $exit_code"
291	pass $test_desc
292    } else {
293	verbose "process returned bad exit code $exit_code instead of $result"
294	fail $test_desc
295    }
296}
297
298set gooduser_name [lindex [split [lindex $user_list 0] ":"] 0]
299set gooduser_sid [util_start "bin/wbinfo" "-n $gooduser_name"]
300
301set goodgroup_name [lindex [split [lindex $group_list 0] ":"] 0]
302set goodgroup_sid [util_start "bin/wbinfo" "-n $goodgroup_name"]
303
304# Some conditions not tested:
305#   - bad list users/groups
306#   - good uid/gid to sid
307
308set errcode_tests [list \
309	{ "exit code, no arg" "bin/wbinfo" 1 } \
310	{ "exit code, invalid arg" "bin/wbinfo -@" 1 } \
311	{ "exit code, list users" "bin/wbinfo -u" 0 } \
312	{ "exit code, list groups" "bin/wbinfo -g" 0 } \
313	{ "exit code, good name to sid" "bin/wbinfo -n $gooduser_name" 0 } \
314	{ "exit code, bad name to sid" "bin/wbinfo -n asmithee" 1 } \
315	{ "exit code, good sid to name" "bin/wbinfo -s $gooduser_sid" 0 } \
316	{ "exit code, bad sid to name" "bin/wbinfo -s S-1234" 1 } \
317	{ "exit code, bad uid to sid" "bin/wbinfo -U 0" 1 } \
318	{ "exit code, bad gid to sid" "bin/wbinfo -G 0" 1} \
319	{ "exit code, good sid to uid" "bin/wbinfo -S $gooduser_sid" 0 } \
320	{ "exit code, bad sid to uid" "bin/wbinfo -S S-1234" 1 } \
321	{ "exit code, good sid to gid" "bin/wbinfo -Y $goodgroup_sid" 0 } \
322	{ "exit code, bad sid to gid" "bin/wbinfo -Y S-1234" 1 } \
323	]
324
325foreach { test } $errcode_tests {
326    check_errcode [lindex $test 0] [lindex $test 1] [lindex $test 2]
327}
328
329# Test enumerate trusted domains
330
331set test_desc "enumerate trusted domains"
332set output [util_start "bin/wbinfo" "-m"]
333
334verbose $output
335
336foreach { the_domain } $output {
337    if { $the_domain == $domain} {
338	fail "own domain appears in trusted list"
339    }
340}
341
342if {[regexp "Usage" $output] || [regexp "Could not" $output]} {
343    fail $test_desc
344} else {
345    pass $test_desc
346}
347
348# Test check machine account
349
350set test_desc "check machine account"
351set output [util_start "bin/wbinfo" "-t"]
352
353verbose $output
354
355if {[regexp "Usage" $output] || [regexp "Could not" $output] || \
356	![regexp "(good|bad)" $output]} {
357    fail $test_desc
358} else {
359    pass $test_desc
360}
361