[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Feb 29 04:15:02 MST 2012
The branch, master has been updated
via 7cc19af selftest: add more tests for plugin_s4_dc
via 89fb6da selftest: change plugin_dc to test using s3fs
via 265a2bf selftest: skip the troublesome samba4.rpc.unixinfo test
via 692c42c s4:winbind: use ncalrpc for connections to ourself
via 8e8fde5 selftest: Do not run chgdcpass test on the main DC
via 7158728 s4-winbindd: Do not ask for a tree that we will not use
from cac9bfe testsuite: Replace deprecated bzero with memset
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7cc19afb1f739d68da852019ff709248b4dce97c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Feb 29 12:48:21 2012 +1100
selftest: add more tests for plugin_s4_dc
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Wed Feb 29 12:14:05 CET 2012 on sn-devel-104
commit 89fb6da8d074be1f02a9f41d125a407fb44689b0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Sep 9 09:03:23 2011 +1000
selftest: change plugin_dc to test using s3fs
commit 265a2bf04f7d9d5203606c47997f4c0c3a9ead5f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Feb 29 10:06:31 2012 +1100
selftest: skip the troublesome samba4.rpc.unixinfo test
The issue here is that while the single rpc_server process is stuck in
an nss_winbind getpwuid() call, winbindd cannot contact netlogon to
make the connection to the domain.
nss_winbind comes into play when (for s3fs) the
NSS_WRAPPER_WINBIND_SO_PATH environment variable is set. In the
medium term, the unixinfo pipe should either be rewritten fully async
or removed.
Andrew Bartlett
commit 692c42c42731b017310e07549489c3ab0bca7d12
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 24 15:58:40 2012 +0100
s4:winbind: use ncalrpc for connections to ourself
That avoids recursion if "smbd" is used as file server.
metze
commit 8e8fde51b4234b75a5b132e7ea7d9c813fe29ee0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Feb 29 12:48:21 2012 +1100
selftest: Do not run chgdcpass test on the main DC
If winbindd has it's password changed from under it, it becomes
grumpy.
Andrew Bartlett
commit 71587285ccf78547ee4830b03d8a1493412504a5
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Feb 29 10:37:40 2012 +1100
s4-winbindd: Do not ask for a tree that we will not use
-----------------------------------------------------------------------
Summary of changes:
selftest/skip | 2 +
selftest/target/Samba3.pm | 73 --------------------------------
selftest/target/Samba4.pm | 61 ++++++++++++++++++++++++---
source4/selftest/tests.py | 6 +-
source4/winbind/wb_cmd_list_trustdom.c | 4 --
source4/winbind/wb_dom_info.c | 20 +++++++++
source4/winbind/wb_init_domain.c | 25 ++++++++---
7 files changed, 98 insertions(+), 93 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/skip b/selftest/skip
index f9bb83a..0630512 100644
--- a/selftest/skip
+++ b/selftest/skip
@@ -100,3 +100,5 @@ bench # don't run benchmarks in our selftest
^samba4.drs.repl_schema.python # flakey test
^samba4.smb2.ioctl # snapshots not supported by default
^samba4.drs.delete_object.python # flakey test
+^samba4.rpc.unixinfo # This contains a server-side getpwuid call which hangs the server when nss_winbindd is in use
+^samba.tests.dcerpc.unix # This contains a server-side getpwuid call which hangs the server when nss_winbindd is in use
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 4b0b725..9d74e7d 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -295,79 +295,6 @@ sub setup_admember($$$$)
return $ret;
}
-sub setup_plugin_s4_dc($$$$)
-{
- my ($self, $prefix, $dcvars, $iface) = @_;
-
- print "PROVISIONING S4 PLUGIN AD DC$iface...";
-
- my $plugin_s4_dc_options = "
- workgroup = $dcvars->{DOMAIN}
- realm = $dcvars->{REALM}
-
- security = ads
- domain logons = yes
- passdb backend = samba4
- auth methods = guest samba4
- server signing = on
-
- rpc_server:epmapper = disabled
- rpc_server:rpcecho = disabled
- rpc_server:dssetup = disabled
- rpc_server:svctl = disabled
- rpc_server:ntsvcs = disabled
- rpc_server:eventlog = disabled
- rpc_server:initshutdown = disabled
-
- rpc_server:winreg = embedded
- rpc_server:srvsvc = embedded
- rpc_server:netdfs = embedded
- rpc_server:wkssvc = embedded
- rpc_server:spoolss = embedded
-
- rpc_server:lsarpc = external
- rpc_server:netlogon = external
- rpc_server:samr = external
-
- rpc_daemon:epmd = disabled
- rpc_daemon:lsasd = disabled
- rpc_daemon:spoolssd = disabled
-
- rpc_server:tcpip = no
-
-[IPC\$]
- vfs objects = dfs_samba4
-";
-
- my $ret = $self->provision($prefix,
- "plugindc",
- $iface,
- "pluGin${iface}Pass",
- $plugin_s4_dc_options, 1);
-
- $ret or return undef;
-
- close(USERMAP);
- $ret->{DOMAIN} = $dcvars->{DOMAIN};
- $ret->{REALM} = $dcvars->{REALM};
- $ret->{KRB5_CONFIG} = $dcvars->{KRB5_CONFIG};
-
- # We need world access to this share, as otherwise the domain
- # administrator from the AD domain provided by Samba4 can't
- # access the share for tests.
- chmod 0777, "$prefix/share";
-
- $self->check_or_start($ret,
- "no", "no", "yes");
-
- $self->wait_for_start($ret);
-
- # Special case, this is called from Samba4.pm but needs to use the Samba3 check_env and get_log_env
- $ret->{target} = $self;
-
- return $ret;
-}
-
sub setup_secshare($$)
{
my ($self, $path) = @_;
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 73b73ca..38a434c 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -115,6 +115,7 @@ sub check_or_start($$$)
$ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD};
$ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP};
+ $ENV{NSS_WRAPPER_WINBIND_SO_PATH} = $env_vars->{NSS_WRAPPER_WINBIND_SO_PATH};
$ENV{UID_WRAPPER} = "1";
@@ -700,6 +701,7 @@ nogroup:x:65534:nobody
SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo",
SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log",
SAMBA_TEST_LOG_POS => 0,
+ NSS_WRAPPER_WINBIND_SO_PATH => Samba::bindir_path($self, "default/nsswitch/libnss-winbind.so")
};
return $ret;
@@ -760,6 +762,8 @@ sub provision($$$$$$$$$)
posix:sharedelay = 10000
posix:oplocktimeout = 3
posix:writetimeupdatedelay = 500000
+ create mask = 777
+ force create mode = 777
[test1]
path = $ctx->{tmpdir}/test1
@@ -1287,8 +1291,12 @@ sub provision_plugin_s4_dc($$)
my ($self, $prefix) = @_;
my $extra_smbconf_options = "
-server services = -smb
+server services = -smb +s3fs
dcerpc endpoint servers = -unixinfo -rpcecho -spoolss -winreg -wkssvc -srvsvc
+
+[IPC\$]
+ vfs objects = dfs_samba4
+
";
print "PROVISIONING PLUGIN S4 DC...";
@@ -1317,6 +1325,35 @@ dcerpc endpoint servers = -unixinfo -rpcecho -spoolss -winreg -wkssvc -srvsvc
return $ret;
}
+sub provision_chgdcpass($$)
+{
+ my ($self, $prefix) = @_;
+
+ print "PROVISIONING CHGDCPASS...";
+ my $ret = $self->provision($prefix,
+ "domain controller",
+ "chgdcpass",
+ "CHDCDOMAIN",
+ "chgdcpassword.samba.example.com",
+ "2008",
+ 31,
+ "chgDCpass1",
+ undef);
+
+ return undef unless(defined $ret);
+ unless($self->add_wins_config("$prefix/private")) {
+ warn("Unable to add wins configuration");
+ return undef;
+ }
+ $ret->{DC_SERVER} = $ret->{SERVER};
+ $ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
+ $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
+ $ret->{DC_USERNAME} = $ret->{USERNAME};
+ $ret->{DC_PASSWORD} = $ret->{PASSWORD};
+
+ return $ret;
+}
+
sub teardown_env($$)
{
my ($self, $envvars) = @_;
@@ -1425,6 +1462,8 @@ sub setup_env($$$)
$self->setup_dc("$path/dc");
}
return $self->setup_rodc("$path/rodc", $self->{vars}->{dc});
+ } elsif ($envname eq "chgdcpass") {
+ return $self->setup_chgdcpass("$path/chgdcpass", $self->{vars}->{chgdcpass});
} elsif ($envname eq "s3member") {
if (not defined($self->{vars}->{dc})) {
$self->setup_dc("$path/dc");
@@ -1485,6 +1524,21 @@ sub setup_dc($$)
return $env;
}
+sub setup_chgdcpass($$)
+{
+ my ($self, $path) = @_;
+
+ my $env = $self->provision_chgdcpass($path);
+ if (defined $env) {
+ $self->check_or_start($env, "single");
+
+ $self->wait_for_start($env);
+
+ $self->{vars}->{chgdcpass} = $env;
+ }
+ return $env;
+}
+
sub setup_fl2000dc($$)
{
my ($self, $path) = @_;
@@ -1676,11 +1730,6 @@ sub setup_plugin_s4_dc($$)
$self->wait_for_start($env);
- my $s3_part_env = $self->{target3}->setup_plugin_s4_dc($path, $env, 30);
- unless ($s3_part_env) {
- return undef;
- }
-
$self->{vars}->{plugin_s4_dc} = $env;
return $env;
}
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index d00c6d2..5ad9861 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -315,7 +315,7 @@ plantestsuite("samba4.blackbox.masktest", "dc", [os.path.join(samba4srcdir, "tor
plantestsuite("samba4.blackbox.gentest(dc)", "dc", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"])
plantestsuite("samba4.blackbox.wbinfo(dc:local)", "dc:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "dc"])
plantestsuite("samba4.blackbox.wbinfo(s4member:local)", "s4member:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', "s4member"])
-plantestsuite("samba4.blackbox.chgdcpass(dc)", "dc", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "LOCALDC\$", '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/dc'])
+plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/chgdcpass'])
plantestsuite_loadlist("samba4.rpc.echo against NetBIOS alias", "dc", [valgrindify(smb4torture), "$LISTOPT", 'ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD', 'rpc.echo'])
# Tests using the "Simple" NTVFS backend
@@ -375,7 +375,7 @@ wb_opts = ["--option=\"torture:strict mode=no\"", "--option=\"torture:timelimit=
winbind_struct_tests = smb4torture_testsuites("winbind.struct")
winbind_ndr_tests = smb4torture_testsuites("winbind.ndr")
-for env in ["dc", "s4member"]:
+for env in ["plugin_s4_dc", "dc", "s4member"]:
for t in winbind_struct_tests:
plansmbtorturetestsuite(t, env, wb_opts + ['//_none_/_none_'])
@@ -383,7 +383,7 @@ for env in ["dc", "s4member"]:
plansmbtorturetestsuite(t, env, wb_opts + ['//_none_/_none_'])
nsstest4 = binpath("nsstest")
-for env in ["dc", "s4member", "s3dc", "s3member", "member"]:
+for env in ["plugin_s4_dc", "dc", "s4member", "s3dc", "s3member", "member"]:
if os.path.exists(nsstest4):
plantestsuite("samba4.nss.test using winbind(%s)" % env, env, [os.path.join(bbdir, "nsstest.sh"), nsstest4, os.path.join(samba4bindir, "default/nsswitch/libnss-winbind.so")])
else:
diff --git a/source4/winbind/wb_cmd_list_trustdom.c b/source4/winbind/wb_cmd_list_trustdom.c
index 5f132ef..899de61 100644
--- a/source4/winbind/wb_cmd_list_trustdom.c
+++ b/source4/winbind/wb_cmd_list_trustdom.c
@@ -76,14 +76,10 @@ static void cmd_list_trustdoms_recv_domain(struct composite_context *ctx)
talloc_get_type(ctx->async.private_data,
struct cmd_list_trustdom_state);
struct wbsrv_domain *domain;
- struct smbcli_tree *tree;
state->ctx->status = wb_sid2domain_recv(ctx, &domain);
if (!composite_is_ok(state->ctx)) return;
- tree = dcerpc_smb_tree(domain->libnet_ctx->lsa.pipe->conn);
- if (composite_nomem(tree, state->ctx)) return;
-
ctx = wb_init_lsa_send(state, domain);
composite_continue(state->ctx, ctx, cmd_list_trustdoms_recv_lsa,
state);
diff --git a/source4/winbind/wb_dom_info.c b/source4/winbind/wb_dom_info.c
index 5402c1c..e2b5def 100644
--- a/source4/winbind/wb_dom_info.c
+++ b/source4/winbind/wb_dom_info.c
@@ -27,6 +27,8 @@
#include "winbind/wb_server.h"
#include "smbd/service_task.h"
#include "libcli/finddc.h"
+#include "lib/socket/netif.h"
+#include "param/param.h"
struct get_dom_info_state {
struct composite_context *ctx;
@@ -65,6 +67,24 @@ struct composite_context *wb_get_dom_info_send(TALLOC_CTX *mem_ctx,
state->info->sid = dom_sid_dup(state->info, sid);
if (state->info->sid == NULL) goto failed;
+ if ((lpcfg_server_role(service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) &&
+ dom_sid_equal(sid, service->primary_sid) &&
+ service->sec_channel_type != SEC_CHAN_RODC) {
+ struct interface *ifaces = NULL;
+
+ load_interface_list(state, service->task->lp_ctx, &ifaces);
+
+ state->info->dc = talloc(state->info, struct nbt_dc_name);
+
+ state->info->dc->address = talloc_strdup(state->info->dc,
+ iface_list_n_ip(ifaces, 0));
+ state->info->dc->name = talloc_strdup(state->info->dc,
+ lpcfg_netbios_name(service->task->lp_ctx));
+
+ composite_done(state->ctx);
+ return result;
+ }
+
dom_sid = dom_sid_dup(mem_ctx, sid);
if (dom_sid == NULL) goto failed;
diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c
index 9d807d8..4d6177b 100644
--- a/source4/winbind/wb_init_domain.c
+++ b/source4/winbind/wb_init_domain.c
@@ -78,23 +78,34 @@ static struct dcerpc_binding *init_domain_binding(struct init_domain_state *stat
const struct ndr_interface_table *table)
{
struct dcerpc_binding *binding;
+ char *s;
NTSTATUS status;
/* Make a binding string */
- {
- char *s = talloc_asprintf(state, "ncacn_np:%s", state->domain->dc_name);
+ if ((lpcfg_server_role(state->service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) &&
+ dom_sid_equal(state->domain->info->sid, state->service->primary_sid) &&
+ state->service->sec_channel_type != SEC_CHAN_RODC) {
+ s = talloc_asprintf(state, "ncalrpc:%s", state->domain->dc_name);
if (s == NULL) return NULL;
- status = dcerpc_parse_binding(state, s, &binding);
- talloc_free(s);
- if (!NT_STATUS_IS_OK(status)) {
- return NULL;
- }
+ } else {
+ s = talloc_asprintf(state, "ncacn_np:%s", state->domain->dc_name);
+ if (s == NULL) return NULL;
+
+ }
+ status = dcerpc_parse_binding(state, s, &binding);
+ talloc_free(s);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NULL;
}
/* Alter binding to contain hostname, but also address (so we don't look it up twice) */
binding->target_hostname = state->domain->dc_name;
binding->host = state->domain->dc_address;
+ if (binding->transport == NCALRPC) {
+ return binding;
+ }
+
/* This shouldn't make a network call, as the mappings for named pipes are well known */
status = dcerpc_epm_map_binding(binding, binding, table, state->service->task->event_ctx,
state->service->task->lp_ctx);
--
Samba Shared Repository
More information about the samba-cvs
mailing list