2
# @(#) Test wbinfo client access to winbind daemon
5
load_lib "util-defs.exp"
6
load_lib "$srcdir/lib/nsswitch-config.exp"
7
load_lib "$srcdir/lib/default-nt-names.exp"
12
set SID_NAME_DOM_GRP 2
15
set SID_NAME_UNKNOWN 8
17
# Get list of users and groups
19
set user_list [util_start "bin/wbinfo" "-u"]
20
set group_list [util_start "bin/wbinfo" "-g"]
22
verbose "user list is:\n$user_list"
23
verbose "group list is:\n$group_list"
25
set user_list [split $user_list "\n"]
26
set group_list [split $group_list "\n"]
29
# @(#) Check list of users and groups contain default NT user and group
35
foreach { user } $domain_users {
36
set test_desc "user $user in wbinfo domain users"
37
if {![regexp $user $user_list]} {
46
foreach { group } $domain_groups {
47
set test_desc "group $group in wbinfo domain groups"
48
if {![regexp $group $group_list]} {
56
# @(#) Lookup sids for all user and group names returned by wbinfo
61
foreach { user } $user_list {
62
set test_desc "get sid for user $user"
63
set output [util_start "bin/wbinfo" "-n \"$user\""]
67
# Split output into name and name_type
69
set list [split $output " "]
70
set sid_type [lindex $list [expr [llength $list] - 1]]
71
set sid [join [lrange $list 0 [expr [llength $list] - 2]] " "]
73
if { ![regexp "S-" $sid] } {
79
set test_desc "sid type for user $user"
80
if { $sid_type != $SID_NAME_USER } {
86
lappend user_sid_list $sid
91
foreach { group } $group_list {
92
set test_desc "get sid for group $group"
93
set output [util_start "bin/wbinfo" "-n \"$group\""]
97
# Split output into sid and sid type
99
set list [split $output " "]
100
set sid_type [lindex $list [expr [llength $list] - 1]]
101
set sid [join [lrange $list 0 [expr [llength $list] - 2]] " "]
103
if { ![regexp "S-" $sid] } {
109
set test_desc "sid type for group group"
110
if { $sid_type != $SID_NAME_DOM_GRP } {
116
lappend group_sid_list $sid
120
# @(#) Check reverse lookup of sids to names
127
foreach { sid } $user_sid_list {
128
set test_desc "reverse user name lookup for sid $sid"
129
set output [util_start "bin/wbinfo" "-s $sid"]
133
# Split output into name and name_type
135
set list [split $output " "]
136
set name_type [lindex $list [expr [llength $list] - 1]]
137
set name [join [lrange $list 0 [expr [llength $list] - 2]] " "]
139
if { $name != [lindex $user_list $count] } {
145
set test_desc "reverse user name type lookup for sid $sid"
147
if { $name_type != 1 } {
160
foreach { sid } $group_sid_list {
161
set test_desc "reverse group name lookup for sid $sid"
162
set output [util_start "bin/wbinfo" "-s $sid"]
166
# Split output into name and name_type
168
set list [split $output " "]
169
set name_type [lindex $list [expr [llength $list] - 1]]
170
set name [join [lrange $list 0 [expr [llength $list] - 2]] " "]
172
if { $name != [lindex $group_list $count] } {
178
set test_desc "reverse group name type lookup for sid $sid"
180
if { $name_type != 2 } {
190
# @(#) Cross-check the output of wbinfo -n, getent passwd/group and
194
# Get mapped list of uids from winbindd
196
set output [util_start "getent" "passwd"]
197
set user_list [split $output "\n"]
199
foreach { user_entry } $user_list {
200
if { [regexp $domain $user_entry] } {
201
set field_list [split $user_entry ":"]
202
set name_output [util_start "bin/wbinfo" \
203
"-n \"[lindex $field_list 0]\""]
204
set list [split $name_output " "]
205
set name_type [lindex $list [expr [llength $list] - 1]]
206
set name [join [lrange $list 0 [expr [llength $list] - 2]] " "]
207
set username_uid_sid [lappend username_uid_sid [list \
208
[lindex $field_list 0] \
209
[lindex $field_list 2] \
214
# Get mapped list of gids from winbindd
216
set output [util_start "getent" "group"]
217
set group_list [split $output "\n"]
219
foreach { group_entry } $group_list {
220
if { [regexp $domain $group_entry] } {
221
set field_list [split $group_entry ":"]
222
set groupname_gid_sid [lappend groupname_gid_sid [list \
223
[lindex $field_list 0] \
224
[lindex $field_list 2] \
225
[util_start "bin/wbinfo" "-n \"[lindex $field_list 0]\""]]]
229
# OK, now we have enough info to cross-check the uid/gid -> sid and
230
# sid -> uid/gid functions
232
foreach { user } $username_uid_sid {
233
set sid [util_start "bin/wbinfo" "-U [lindex $user 1]"]
234
set uid [util_start "bin/wbinfo" "-S [lindex $user 2]"]
236
set test_desc "lookup sid by uid [lindex $user 1]"
238
if { $sid != [lindex $user 2] } {
244
set test_desc "lookup uid by sid [lindex $user 2]"
246
if { $uid != [lindex $user 1] } {
253
foreach { group } $groupname_gid_sid {
254
set sid [util_start "bin/wbinfo" "-G [lindex $group 1]"]
255
set gid [util_start "bin/wbinfo" "-Y [lindex $group 2]"]
257
set test_desc "lookup sid by gid [lindex $group 1]"
259
if { $sid != [lindex [split [lindex $group 2] " "] 0] ||
260
[lindex [split [lindex $group 2] " " ] 1] != 2 } {
266
set test_desc "lookup gid by sid [lindex $group 2]"
268
if { $gid != [lindex $group 1] } {
277
proc check_errcode { args } {
279
set test_desc [lindex $args 0]
280
set cmd [lindex $args 1]
281
set result [lindex $args 2]
284
verbose "Spawning $cmd"
285
catch "exec $cmd" output
286
set exit_code [lindex $errorCode 2]
287
if { $exit_code == "" } { set exit_code 0 }
289
if { $exit_code == $result } {
290
verbose "process returned correct exit code $exit_code"
293
verbose "process returned bad exit code $exit_code instead of $result"
298
set gooduser_name [lindex [split [lindex $user_list 0] ":"] 0]
299
set gooduser_sid [util_start "bin/wbinfo" "-n $gooduser_name"]
301
set goodgroup_name [lindex [split [lindex $group_list 0] ":"] 0]
302
set goodgroup_sid [util_start "bin/wbinfo" "-n $goodgroup_name"]
304
# Some conditions not tested:
305
# - bad list users/groups
306
# - good uid/gid to sid
308
set errcode_tests [list \
309
{ "exit code, no arg" "bin/wbinfo" 1 } \
310
{ "exit code, invalid arg" "bin/wbinfo -@" 1 } \
311
{ "exit code, list users" "bin/wbinfo -u" 0 } \
312
{ "exit code, list groups" "bin/wbinfo -g" 0 } \
313
{ "exit code, good name to sid" "bin/wbinfo -n $gooduser_name" 0 } \
314
{ "exit code, bad name to sid" "bin/wbinfo -n asmithee" 1 } \
315
{ "exit code, good sid to name" "bin/wbinfo -s $gooduser_sid" 0 } \
316
{ "exit code, bad sid to name" "bin/wbinfo -s S-1234" 1 } \
317
{ "exit code, bad uid to sid" "bin/wbinfo -U 0" 1 } \
318
{ "exit code, bad gid to sid" "bin/wbinfo -G 0" 1} \
319
{ "exit code, good sid to uid" "bin/wbinfo -S $gooduser_sid" 0 } \
320
{ "exit code, bad sid to uid" "bin/wbinfo -S S-1234" 1 } \
321
{ "exit code, good sid to gid" "bin/wbinfo -Y $goodgroup_sid" 0 } \
322
{ "exit code, bad sid to gid" "bin/wbinfo -Y S-1234" 1 } \
325
foreach { test } $errcode_tests {
326
check_errcode [lindex $test 0] [lindex $test 1] [lindex $test 2]
329
# Test enumerate trusted domains
331
set test_desc "enumerate trusted domains"
332
set output [util_start "bin/wbinfo" "-m"]
336
foreach { the_domain } $output {
337
if { $the_domain == $domain} {
338
fail "own domain appears in trusted list"
342
if {[regexp "Usage" $output] || [regexp "Could not" $output]} {
348
# Test check machine account
350
set test_desc "check machine account"
351
set output [util_start "bin/wbinfo" "-t"]
355
if {[regexp "Usage" $output] || [regexp "Could not" $output] || \
356
![regexp "(good|bad)" $output]} {