selftest: Test unix.whoami with kerberos on plugin_s4_dc

This also tests the comparison with LDAP on anonymous connections
and marks this as knownfail, while we investigate the correct
behaviour here.

Andrew Bartlett

diff --git a/selftest/knownfail b/selftest/knownfail
index 4206aa7acb199e785f0d07eb011f2cfad2c2a7a3..d7078d6e04445ace7107a27ec3a78c42b998bdfd 100644 (file)
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -39,6 +39,7 @@
 ^samba3.raw.samba3checkfsp.samba3checkfsp\(s3dc\) # This test fails against an smbd environment with NT ACLs enabled
 ^samba3.raw.samba3closeerr.samba3closeerr\(s3dc\) # This test fails against an smbd environment with NT ACLs enabled
 ^samba3.raw.acls.generic\(s3dc\) # This fails against smbd
+^samba3.unix.whoami anonymous connection.whoami\(plugin_s4_dc\) # We need to resolve if we should be including SID_NT_WORLD and SID_NT_NETWORK in this token
 # these show that we still have some differences between our system
 # with our internal iconv because it passes except when we bypass our
 # internal iconv modules

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 11056b9c8afcc2b67236f4f73ebd24f15825f6af..4aedbf852a510da671ad45fc4eaefc598a9bc072 100755 (executable)
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -303,8 +303,11 @@ for t in tests:
         plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=doscharset=ISO-8859-1')
         plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=doscharset=ISO-8859-1')
     elif t == "unix.whoami":
-        plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD')
-        plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:addc=true')
+        plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
+        plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U%', description='anonymous connection')
+        plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=torture:addc=true')
+        plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER/tmp -k yes -U$USERNAME%$PASSWORD --option=torture:addc=true', description='kerberos connection')
+        plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest -U% --option=torture:addc=true', description='anonymous connection')
     elif t == "raw.samba3posixtimedlock":
         plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/s3dc/share')
         plansmbtorturetestsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpguest -U$USERNAME%$PASSWORD --option=torture:localdir=$SELFTEST_PREFIX/plugin_s4_dc/share')

diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c
index 302282752a7f86091d42338e1fc5e55bff254a7c..8f608a8f6746116e4f66839d488899d605e5ee6a 100644 (file)
--- a/source4/torture/unix/whoami.c
+++ b/source4/torture/unix/whoami.c
@@ -297,7 +297,6 @@ static bool test_against_ldap(struct torture_context *torture, struct ldb_contex
 bool torture_unix_whoami(struct torture_context *torture)
 {
        struct smbcli_state *cli;
-       struct cli_credentials *anon_credentials;
        struct smb_whoami whoami;
        bool ret;
        struct ldb_context *ldb;
@@ -335,26 +334,15 @@ bool torture_unix_whoami(struct torture_context *torture)
 
        smbcli_tdis(cli);
 
-       torture_comment(torture, "calling SMB_QFS_POSIX_WHOAMI on an anonymous connection\n");
-       anon_credentials = cli_credentials_init_anon(torture);
-
-       cli = connect_to_server(torture, anon_credentials);
-       torture_assert(torture, cli, "calling SMB_QFS_POSIX_WHOAMI on an anonymous connection");
-
-       torture_assert_goto(torture, smb_raw_query_posix_whoami(torture, torture,
-                                                               cli, &whoami, 0xFFFF), ret, fail,
-                           "calling SMB_QFS_POSIX_WHOAMI on an anonymous connection");
-
-       smbcli_tdis(cli);
-
        /* Check that our anonymous login mapped us to guest on the server, but
         * only if the server supports this.
         */
        if (whoami.mapping_mask & SMB_WHOAMI_GUEST) {
+               bool guest = whoami.mapping_flags & SMB_WHOAMI_GUEST;
                printf("checking whether we were logged in as guest... %s\n",
-                       whoami.mapping_flags & SMB_WHOAMI_GUEST ? "YES" : "NO");
-               torture_assert(torture, whoami.mapping_flags & SMB_WHOAMI_GUEST,
-                               "anonymous login did not map to guest");
+                       guest ? "YES" : "NO");
+               torture_assert(torture, cli_credentials_is_anonymous(cmdline_credentials) == guest,
+                              "login did not credentials map to guest");
        } else {
                printf("server does not support SMB_WHOAMI_GUEST flag\n");
        }