diff options
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/test36-schema-nsswitch/before.sh | 141 | ||||
-rw-r--r-- | tests/test36-schema-nsswitch/before.txt | 356 | ||||
-rw-r--r-- | tests/test36-schema-nsswitch/description.txt | 1 | ||||
-rw-r--r-- | tests/test36-schema-nsswitch/dse.ldif | 39 | ||||
-rw-r--r-- | tests/test36-schema-nsswitch/plugin-need-wrappers.txt | 3 | ||||
-rw-r--r-- | tests/test36-schema-nsswitch/userRoot.ldif | 37 |
6 files changed, 577 insertions, 0 deletions
diff --git a/tests/test36-schema-nsswitch/before.sh b/tests/test36-schema-nsswitch/before.sh new file mode 100755 index 0000000..3c8e7d6 --- /dev/null +++ b/tests/test36-schema-nsswitch/before.sh @@ -0,0 +1,141 @@ +#!/bin/sh +testuser1="testuser1:**:1234:2345:Test User 1:/home/testuser1:/bin/sh" +testuser2="testuser2:***:12345:23456:Test User 2:/home/testuser2:/bin/sh" +testuser3="testuser3, for real:***:123456:234567:Test User 3:/home/testuser2:/bin/sh" +testgroup1="testgroup1:****:3456:testuser1,testuser2" +testgroup2="testgroup2:*****:34567:testuser1,testuser2" +testgroup3="testgroup3, for real:*****:345678:testuser1,testuser2" + +searches() { + search -b cn=compat,cn=accounts,dc=example,dc=com \ + "(&(objectclass=posixaccount)(uid=testuser1))" \ + dn uid userpassword uidnumber gidnumber gecos loginshell homedirectory |\ + $LDIFSORT + search -b cn=compat,cn=accounts,dc=example,dc=com \ + "(&(objectclass=posixaccount)(uidnumber=1234))" \ + dn uid userpassword uidnumber gidnumber gecos loginshell homedirectory |\ + $LDIFSORT + search -b cn=compat,cn=accounts,dc=example,dc=com \ + "(&(objectclass=posixaccount)(uid=testuser2))" \ + dn uid userpassword uidnumber gidnumber gecos loginshell homedirectory |\ + $LDIFSORT + search -b cn=compat,cn=accounts,dc=example,dc=com \ + "(&(objectclass=posixaccount)(uidnumber=12345))" \ + dn uid userpassword uidnumber gidnumber gecos loginshell homedirectory |\ + $LDIFSORT + search -b cn=compat,cn=accounts,dc=example,dc=com \ + "(&(objectclass=posixaccount)(uid=testuser3, for real))" \ + dn uid userpassword uidnumber gidnumber gecos loginshell homedirectory |\ + $LDIFSORT + search -b cn=compat,cn=accounts,dc=example,dc=com \ + "(&(objectclass=posixaccount)(uidnumber=123456))" \ + dn uid userpassword uidnumber gidnumber gecos loginshell homedirectory |\ + $LDIFSORT + search -b cn=compat,cn=accounts,dc=example,dc=com \ + "(&(objectclass=posixgroup)(cn=testgroup1))" \ + dn cn userpassword gidnumber memberuid |\ + $LDIFSORT + search -b cn=compat,cn=accounts,dc=example,dc=com \ + "(&(objectclass=posixgroup)(gidnumber=3456))" \ + dn cn userpassword gidnumber memberuid |\ + $LDIFSORT + search -b cn=compat,cn=accounts,dc=example,dc=com \ + "(&(objectclass=posixgroup)(cn=testgroup2))" \ + dn cn userpassword gidnumber memberuid |\ + $LDIFSORT + search -b cn=compat,cn=accounts,dc=example,dc=com \ + "(&(objectclass=posixgroup)(gidnumber=34567))" \ + dn cn userpassword gidnumber memberuid |\ + $LDIFSORT + search -b cn=compat,cn=accounts,dc=example,dc=com \ + "(&(objectclass=posixgroup)(cn=testgroup3, for real))" \ + dn cn userpassword gidnumber memberuid |\ + $LDIFSORT + search -b cn=compat,cn=accounts,dc=example,dc=com \ + "(&(objectclass=posixgroup)(gidnumber=345678))" \ + dn cn userpassword gidnumber memberuid |\ + $LDIFSORT +} + +# Initialize the user database. +echo -n > "$WRAPPERS_PASSWD" +echo -n > "$WRAPPERS_GROUP" + +# Test that we can't see these users. +echo '[nothing]' +searches + +# Add the entries. +echo "$testuser1" >> "$WRAPPERS_PASSWD" +echo "$testuser2" >> "$WRAPPERS_PASSWD" +echo "$testuser3" >> "$WRAPPERS_PASSWD" +echo "$testgroup1" >> "$WRAPPERS_GROUP" +echo "$testgroup2" >> "$WRAPPERS_GROUP" +echo "$testgroup3" >> "$WRAPPERS_GROUP" + +# Test that we can see these users and groups now. +echo '[all entries]' +searches + +# Nuke the entries. +echo -n > "$WRAPPERS_PASSWD" +echo -n > "$WRAPPERS_GROUP" + +# Test that we can still see these users, since they're in the cache now. +echo '[all entries]' +searches + +# Try to bind to each of the group entries in turn, and test that we can no +# longer see the groups, since they should've been thrown out of the cache. +echo -n > wrap_pam +echo "[auth to testgroup1]" +simplebind -D 'cn=testgroup1,cn=groups,cn=compat,cn=accounts,dc=example,dc=com' \ + -w nope +echo "[auth to testgroup2]" +simplebind -D 'cn=testgroup2,cn=groups,cn=compat,cn=accounts,dc=example,dc=com' \ + -w nope +echo "[auth to testgroup3, for real]" +simplebind -D 'cn=testgroup3\2C for real,cn=groups,cn=compat,cn=accounts,dc=example,dc=com' \ + -w nope +echo '[just users]' +searches + +# Try to bind to each of the user entries in turn. +cat > wrap_pam << EOF +testuser1:authtok:0:0 +testuser2:authtok:0:0 +testuser3, for real:authtok:SUCCESS:NEW_AUTHTOK_REQD +EOF +echo "[auth:AUTH_ERR]" +simplebind -D 'uid=testuser1,cn=users,cn=compat,cn=accounts,dc=example,dc=com' \ + -w nope +echo "[auth:OK]" +simplebind -D 'uid=testuser2,cn=users,cn=compat,cn=accounts,dc=example,dc=com' \ + -w authtok +echo "[acct:NEW_AUTHTOK_REQD]" +simplebind -D 'uid=testuser3\2C for real,cn=users,cn=compat,cn=accounts,dc=example,dc=com' \ + -w authtok + +# Test that we can still see the users. +echo '[still just users]' +searches + +# Try to bind to each of the entries in turn. +cat > wrap_pam << EOF +testuser1:authtok:MAXTRIES +testuser2:authtok:PERM_DENIED +testuser3, for real:authtok:0:ACCT_EXPIRED +EOF +echo "[auth:MAXTRIES]" +simplebind -D 'uid=testuser1,cn=users,cn=compat,cn=accounts,dc=example,dc=com' \ + -w authtok +echo "[auth:PERM_DENIED]" +simplebind -D 'uid=testuser2,cn=users,cn=compat,cn=accounts,dc=example,dc=com' \ + -w authtok +echo "[acct:ACCT_EXPIRED]" +simplebind -D 'uid=testuser3\2C for real,cn=users,cn=compat,cn=accounts,dc=example,dc=com' \ + -w authtok + +# Test that we can still see just the users. +echo '[yup, still just users]' +searches diff --git a/tests/test36-schema-nsswitch/before.txt b/tests/test36-schema-nsswitch/before.txt new file mode 100644 index 0000000..3c5262e --- /dev/null +++ b/tests/test36-schema-nsswitch/before.txt @@ -0,0 +1,356 @@ +[nothing] +[all entries] +dn: uid=testuser1,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser1 +uidnumber: 1234 +gidnumber: 2345 +gecos: Test User 1 +loginshell: /bin/sh +homedirectory: /home/testuser1 + +dn: uid=testuser1,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser1 +uidnumber: 1234 +gidnumber: 2345 +gecos: Test User 1 +loginshell: /bin/sh +homedirectory: /home/testuser1 + +dn: uid=testuser2,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser2 +uidnumber: 12345 +gidnumber: 23456 +gecos: Test User 2 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser2,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser2 +uidnumber: 12345 +gidnumber: 23456 +gecos: Test User 2 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser3\2C for real,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser3, for real +uidnumber: 123456 +gidnumber: 234567 +gecos: Test User 3 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser3\2C for real,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser3, for real +uidnumber: 123456 +gidnumber: 234567 +gecos: Test User 3 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: cn=testgroup1,cn=groups,cn=compat,cn=accounts,dc=example,dc=com +cn: testgroup1 +gidnumber: 3456 +memberuid: testuser1 +memberuid: testuser2 + +dn: cn=testgroup1,cn=groups,cn=compat,cn=accounts,dc=example,dc=com +cn: testgroup1 +gidnumber: 3456 +memberuid: testuser1 +memberuid: testuser2 + +dn: cn=testgroup2,cn=groups,cn=compat,cn=accounts,dc=example,dc=com +cn: testgroup2 +gidnumber: 34567 +memberuid: testuser1 +memberuid: testuser2 + +dn: cn=testgroup2,cn=groups,cn=compat,cn=accounts,dc=example,dc=com +cn: testgroup2 +gidnumber: 34567 +memberuid: testuser1 +memberuid: testuser2 + +dn: cn=testgroup3\2C for real,cn=groups,cn=compat,cn=accounts,dc=example,dc=co + m +cn: testgroup3, for real +gidnumber: 345678 +memberuid: testuser1 +memberuid: testuser2 + +dn: cn=testgroup3\2C for real,cn=groups,cn=compat,cn=accounts,dc=example,dc=co + m +cn: testgroup3, for real +gidnumber: 345678 +memberuid: testuser1 +memberuid: testuser2 + +[all entries] +dn: uid=testuser1,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser1 +uidnumber: 1234 +gidnumber: 2345 +gecos: Test User 1 +loginshell: /bin/sh +homedirectory: /home/testuser1 + +dn: uid=testuser1,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser1 +uidnumber: 1234 +gidnumber: 2345 +gecos: Test User 1 +loginshell: /bin/sh +homedirectory: /home/testuser1 + +dn: uid=testuser2,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser2 +uidnumber: 12345 +gidnumber: 23456 +gecos: Test User 2 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser2,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser2 +uidnumber: 12345 +gidnumber: 23456 +gecos: Test User 2 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser3\2C for real,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser3, for real +uidnumber: 123456 +gidnumber: 234567 +gecos: Test User 3 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser3\2C for real,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser3, for real +uidnumber: 123456 +gidnumber: 234567 +gecos: Test User 3 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: cn=testgroup1,cn=groups,cn=compat,cn=accounts,dc=example,dc=com +cn: testgroup1 +gidnumber: 3456 +memberuid: testuser1 +memberuid: testuser2 + +dn: cn=testgroup1,cn=groups,cn=compat,cn=accounts,dc=example,dc=com +cn: testgroup1 +gidnumber: 3456 +memberuid: testuser1 +memberuid: testuser2 + +dn: cn=testgroup2,cn=groups,cn=compat,cn=accounts,dc=example,dc=com +cn: testgroup2 +gidnumber: 34567 +memberuid: testuser1 +memberuid: testuser2 + +dn: cn=testgroup2,cn=groups,cn=compat,cn=accounts,dc=example,dc=com +cn: testgroup2 +gidnumber: 34567 +memberuid: testuser1 +memberuid: testuser2 + +dn: cn=testgroup3\2C for real,cn=groups,cn=compat,cn=accounts,dc=example,dc=co + m +cn: testgroup3, for real +gidnumber: 345678 +memberuid: testuser1 +memberuid: testuser2 + +dn: cn=testgroup3\2C for real,cn=groups,cn=compat,cn=accounts,dc=example,dc=co + m +cn: testgroup3, for real +gidnumber: 345678 +memberuid: testuser1 +memberuid: testuser2 + +[auth to testgroup1] +ldap_bind: No such object (32) +[auth to testgroup2] +ldap_bind: No such object (32) +[auth to testgroup3, for real] +ldap_bind: No such object (32) +[just users] +dn: uid=testuser1,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser1 +uidnumber: 1234 +gidnumber: 2345 +gecos: Test User 1 +loginshell: /bin/sh +homedirectory: /home/testuser1 + +dn: uid=testuser1,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser1 +uidnumber: 1234 +gidnumber: 2345 +gecos: Test User 1 +loginshell: /bin/sh +homedirectory: /home/testuser1 + +dn: uid=testuser2,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser2 +uidnumber: 12345 +gidnumber: 23456 +gecos: Test User 2 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser2,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser2 +uidnumber: 12345 +gidnumber: 23456 +gecos: Test User 2 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser3\2C for real,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser3, for real +uidnumber: 123456 +gidnumber: 234567 +gecos: Test User 3 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser3\2C for real,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser3, for real +uidnumber: 123456 +gidnumber: 234567 +gecos: Test User 3 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +[auth:AUTH_ERR] +ldap_bind: Invalid credentials (49) +[auth:OK] +# extended LDIF +# +# LDAPv3 +# base <> with scope baseObject +# filter: (objectclass=*) +# requesting: dn: +# + +# +dn: + +# search result +search: 2 +result: 0 Success + +# numResponses: 2 +# numEntries: 1 +[acct:NEW_AUTHTOK_REQD] +ldap_bind: Invalid credentials (49) +[still just users] +dn: uid=testuser1,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser1 +uidnumber: 1234 +gidnumber: 2345 +gecos: Test User 1 +loginshell: /bin/sh +homedirectory: /home/testuser1 + +dn: uid=testuser1,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser1 +uidnumber: 1234 +gidnumber: 2345 +gecos: Test User 1 +loginshell: /bin/sh +homedirectory: /home/testuser1 + +dn: uid=testuser2,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser2 +uidnumber: 12345 +gidnumber: 23456 +gecos: Test User 2 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser2,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser2 +uidnumber: 12345 +gidnumber: 23456 +gecos: Test User 2 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser3\2C for real,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser3, for real +uidnumber: 123456 +gidnumber: 234567 +gecos: Test User 3 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser3\2C for real,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser3, for real +uidnumber: 123456 +gidnumber: 234567 +gecos: Test User 3 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +[auth:MAXTRIES] +ldap_bind: Constraint violation (19) +[auth:PERM_DENIED] +ldap_bind: Server is unwilling to perform (53) +[acct:ACCT_EXPIRED] +ldap_bind: Invalid credentials (49) +[yup, still just users] +dn: uid=testuser1,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser1 +uidnumber: 1234 +gidnumber: 2345 +gecos: Test User 1 +loginshell: /bin/sh +homedirectory: /home/testuser1 + +dn: uid=testuser1,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser1 +uidnumber: 1234 +gidnumber: 2345 +gecos: Test User 1 +loginshell: /bin/sh +homedirectory: /home/testuser1 + +dn: uid=testuser2,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser2 +uidnumber: 12345 +gidnumber: 23456 +gecos: Test User 2 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser2,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser2 +uidnumber: 12345 +gidnumber: 23456 +gecos: Test User 2 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser3\2C for real,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser3, for real +uidnumber: 123456 +gidnumber: 234567 +gecos: Test User 3 +loginshell: /bin/sh +homedirectory: /home/testuser2 + +dn: uid=testuser3\2C for real,cn=users,cn=compat,cn=accounts,dc=example,dc=com +uid: testuser3, for real +uidnumber: 123456 +gidnumber: 234567 +gecos: Test User 3 +loginshell: /bin/sh +homedirectory: /home/testuser2 + diff --git a/tests/test36-schema-nsswitch/description.txt b/tests/test36-schema-nsswitch/description.txt new file mode 100644 index 0000000..34b4f4b --- /dev/null +++ b/tests/test36-schema-nsswitch/description.txt @@ -0,0 +1 @@ +nsswitch and PAM tests diff --git a/tests/test36-schema-nsswitch/dse.ldif b/tests/test36-schema-nsswitch/dse.ldif new file mode 100644 index 0000000..e9c14f9 --- /dev/null +++ b/tests/test36-schema-nsswitch/dse.ldif @@ -0,0 +1,39 @@ +dn: cn=compat-passwd,cn=Schema Compatibility,cn=plugins,cn=config +objectClass: top +objectClass: extensibleObject +cn: compat-passwd +schema-compat-container-group: cn=compat,cn=Accounts,dc=example,dc=com +schema-compat-container-rdn: cn=Users +schema-compat-lookup-nsswitch: user +schema-compat-nsswitch-min-id: 0 +schema-compat-check-access: yes +schema-compat-search-base: cn=Users,cn=Accounts,dc=example,dc=com +schema-compat-search-filter: (|(objectClass=extensibleObject)(objectClass=posixAccount)) +schema-compat-entry-rdn: uid=%{uid} +schema-compat-entry-attribute: objectclass=posixAccount +schema-compat-entry-attribute: uidNumber=%{uidNumber} +schema-compat-entry-attribute: gidNumber=%{gidNumber} +schema-compat-entry-attribute: homeDirectory=%{homeDirectory} +schema-compat-entry-attribute: loginShell=%{loginShell} +schema-compat-entry-attribute: cn=%{cn} +schema-compat-entry-attribute: gecos=%{gecos:-%{cn}} +schema-compat-entry-attribute: userPassword=%{userPassword} + +dn: cn=compat-group,cn=Schema Compatibility,cn=plugins,cn=config +objectClass: top +objectClass: extensibleObject +cn: compat-group +schema-compat-container-group: cn=compat,cn=Accounts,dc=example,dc=com +schema-compat-container-rdn: cn=Groups +schema-compat-lookup-nsswitch: group +schema-compat-nsswitch-min-id: 0 +schema-compat-check-access: yes +schema-compat-search-base: cn=Groups,cn=Accounts,dc=example,dc=com +schema-compat-search-filter: (|(objectClass=extensibleObject)(objectClass=posixAccount)) +schema-compat-entry-rdn: cn=%{cn} +schema-compat-entry-attribute: objectclass=posixGroup +schema-compat-entry-attribute: userPassword=%{userPassword} +schema-compat-entry-attribute: gidNumber=%{gidNumber} +schema-compat-entry-attribute: memberUid=%deref_r("member","uid") +schema-compat-entry-attribute: memberUid=%{memberUid} + diff --git a/tests/test36-schema-nsswitch/plugin-need-wrappers.txt b/tests/test36-schema-nsswitch/plugin-need-wrappers.txt new file mode 100644 index 0000000..4143046 --- /dev/null +++ b/tests/test36-schema-nsswitch/plugin-need-wrappers.txt @@ -0,0 +1,3 @@ +WRAPPERS_PASSWD=$BTESTDIR/$TEST/wrap_passwd +WRAPPERS_GROUP=$BTESTDIR/$TEST/wrap_group +WRAPPERS_PAM_CREDS=$BTESTDIR/$TEST/wrap_pam diff --git a/tests/test36-schema-nsswitch/userRoot.ldif b/tests/test36-schema-nsswitch/userRoot.ldif new file mode 100644 index 0000000..a98f6b6 --- /dev/null +++ b/tests/test36-schema-nsswitch/userRoot.ldif @@ -0,0 +1,37 @@ +# users, accounts, example.com +dn: cn=users,cn=accounts,dc=example,dc=com +objectClass: top +objectClass: nsContainer +cn: users + +# tuser1, users, accounts, example.com +dn: uid=tuser1,cn=users,cn=accounts,dc=example,dc=com +uid: tuser1 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1003 +gecos: Tim User +sn: User +homeDirectory: /home/tuser1 +cn: Tim User +uidNumber: 1101 +description: __no_upg__ + +# tuser2, users, accounts, example.com +dn: uid=tuser2,cn=users,cn=accounts,dc=example,dc=com +uid: tuser2 +objectClass: top +objectClass: person +objectClass: posixAccount +objectClass: inetUser +loginShell: /bin/sh +gidNumber: 1004 +sn: User +homeDirectory: /home/tuser2 +cn: Timmy User +uidNumber: 1102 +description: __no_upg__ + |