[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Sat Mar 9 00:19:02 MST 2013
The branch, master has been updated
via 6ac0bdc Add testcase for idmap_rfc2307 module
via 8241daf packaging(RHEL-CTDB): Add idmap_rfc2307 module
via b755152 s3-net: Allow setting the ldap password for idmap_rfc2307
via 30b2f74 s3-docs: Add manpage for idmap_rfc2307 module
via 6aa739a s3-winbindd: Add new module idmap_rfc2307
via ad1fbe2 s3-winbindd: Move connection to AD server from idmap_ad
via baf9b78 s3-winbindd: Use common helper function for connecting to ADS
via 0c4e467 s3-winbindd: Move code for verifying ADS connection to common helper function
via c07c167 s3-winbindd: Move idmap_fetch_secret to idmap_utils.c for reuse
via 86d09ce s3-winbindd: Move common code for LDAP id mapping to idmap_utils
via 666a563 s4-dns: dlz_bind9: Check result to avoid segfault
via 83e4ff9 doc: add vfs_btrfs man page
via 15ce3a9 s3-vfs: add vfs_btrfs module
from 11d1286 Correct the name of the nss_winbind module for FreeBSD by creating a symlink from the FreeBSD required name to the built module.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6ac0bdc4513bb5a7bf9ecf0cd0986f6122f96dba
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Thu Feb 21 12:33:23 2013 -0700
Add testcase for idmap_rfc2307 module
Create a new test environment with 'idmap config DOMAIN : backend =
rfc2307'. A new test script adds LDAP records and queries them again for
the mapped uid and gid.
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Mar 9 08:18:43 CET 2013 on sn-devel-104
commit 8241dafdb832808f0b88a7d83095105e7d532fa4
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Thu Feb 21 12:33:19 2013 -0700
packaging(RHEL-CTDB): Add idmap_rfc2307 module
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b75515248a641c1b1e1e3dad40eb323280658129
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Thu Feb 21 12:33:13 2013 -0700
s3-net: Allow setting the ldap password for idmap_rfc2307
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 30b2f74ffc8f7c38e132eddede7884c5195b634a
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Thu Feb 21 12:32:54 2013 -0700
s3-docs: Add manpage for idmap_rfc2307 module
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6aa739a21903d9013d6fbb45b9581f84a192b4d5
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Thu Feb 21 12:32:37 2013 -0700
s3-winbindd: Add new module idmap_rfc2307
This module allows querying id mappings from LDAP servers as described
in RFC 2307. The LDAP records can be queried from an Active Directory
Server or from a stand-alone LDAP server.
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ad1fbe29fbeea48381c7bedd78f7a45d07ad14d5
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Thu Feb 21 12:31:41 2013 -0700
s3-winbindd: Move connection to AD server from idmap_ad
Having this in a common place allows reuse by other idmap modules.
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit baf9b78d47079b81cf33682ee481cf6e30ed89e9
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Thu Feb 21 12:31:37 2013 -0700
s3-winbindd: Use common helper function for connecting to ADS
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0c4e467c1cc661552bfd6745825e2106ec8279d7
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Thu Feb 21 12:31:28 2013 -0700
s3-winbindd: Move code for verifying ADS connection to common helper function
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c07c167edb71568ab18f016346e60803d1195d42
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Thu Feb 21 12:31:19 2013 -0700
s3-winbindd: Move idmap_fetch_secret to idmap_utils.c for reuse
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 86d09ce779fdc9d6ebbbe44b25656808ab37ee14
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Thu Feb 21 12:30:48 2013 -0700
s3-winbindd: Move common code for LDAP id mapping to idmap_utils
idmap_ad and idmap_ldap use the same helper functions and the same
maximum query size. Move the code to idmap_utils so that it can be
shared by every module issuing LDAP queries.
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 666a5630ef3b03640089a0b6e81bf578b91b88ab
Author: Stefan Gohmann <gohmann at univention.de>
Date: Fri Mar 8 20:57:31 2013 +0100
s4-dns: dlz_bind9: Check result to avoid segfault
We saw this issue in a customer environment with many CNF objects. I
wasn't able to reproduce it, but I got the following core dump:
(gdb) directory samba4-4.0.0~rc6/source4/dns_server/
Source directories searched: /root/samba4-4.0.0~rc6/source4/dns_server:$cdir:$cwd
(gdb) bt
#0 0xb4b0bc13 in dlz_lookup_types (state=0x9648e48, zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", lookup=0xb6db7588, types=0x0) at ../source4/dns_server/dlz_bind9.c:830
#1 0xb4b0bdb8 in dlz_lookup (zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", dbdata=0x9648e48, lookup=0xb6db7588) at ../source4/dns_server/dlz_bind9.c:875
#2 0x080b43d8 in dlopen_dlz_lookup ()
#3 0xb7701755 in findnode () from /usr/lib/libdns.so.81
#4 0xb7701d22 in find () from /usr/lib/libdns.so.81
#5 0xb7639e5f in dns_db_find () from /usr/lib/libdns.so.81
#6 0x08075476 in query_find ()
#7 0x0807acb9 in ns_query_start ()
#8 0x08060712 in client_request ()
#9 0xb743022b in run () from /usr/lib/libisc.so.81
#10 0xb7216955 in start_thread () from /lib/i686/cmov/libpthread.so.0
#11 0xb706c1de in clone () from /lib/i686/cmov/libc.so.6
(gdb) f 0
#0 0xb4b0bc13 in dlz_lookup_types (state=0x9648e48, zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", lookup=0xb6db7588, types=0x0) at ../source4/dns_server/dlz_bind9.c:830
830 el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
(gdb) p res->msgs
$1 = (struct ldb_message **) 0x0
(gdb) p res->count
$2 = 0
(gdb)
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 83e4ff9a4ed06bd60a902a3b2f385ab69356b35b
Author: David Disseldorp <ddiss at samba.org>
Date: Fri Mar 8 11:47:56 2013 +0100
doc: add vfs_btrfs man page
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 15ce3a9c2f2aedcd4896235238a4ffdf23aa9178
Author: David Disseldorp <ddiss at samba.org>
Date: Fri Mar 8 11:47:55 2013 +0100
s3-vfs: add vfs_btrfs module
Currently it only plumbs itself into the copy_chunk call path,
translating such requests into BTRFS_IOC_CLONE_RANGE calls.
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/idmap_rfc2307.8.xml | 165 +++++++
docs-xml/manpages/vfs_btrfs.8.xml | 85 ++++
docs-xml/wscript_build | 2 +
nsswitch/tests/test_idmap_rfc2307.sh | 94 ++++
packaging/RHEL-CTDB/configure.rpm | 2 +-
selftest/target/Samba.pm | 1 +
selftest/target/Samba3.pm | 79 +++
selftest/target/Samba4.pm | 6 +
source3/Makefile.in | 9 +
source3/configure.in | 9 +
source3/modules/vfs_btrfs.c | 196 ++++++++
source3/modules/wscript_build | 9 +
source3/selftest/tests.py | 6 +-
source3/utils/net_idmap.c | 6 +-
source3/winbindd/idmap_ad.c | 143 +-----
source3/winbindd/idmap_ldap.c | 70 +---
source3/winbindd/idmap_proto.h | 8 +
source3/winbindd/idmap_rfc2307.c | 870 +++++++++++++++++++++++++++++++++
source3/winbindd/idmap_util.c | 66 +++
source3/winbindd/winbindd_ads.c | 202 ++++++---
source3/winbindd/winbindd_proto.h | 5 +
source3/winbindd/wscript_build | 10 +
source3/wscript | 8 +-
source4/dns_server/dlz_bind9.c | 2 +-
24 files changed, 1780 insertions(+), 273 deletions(-)
create mode 100644 docs-xml/manpages/idmap_rfc2307.8.xml
create mode 100644 docs-xml/manpages/vfs_btrfs.8.xml
create mode 100755 nsswitch/tests/test_idmap_rfc2307.sh
create mode 100644 source3/modules/vfs_btrfs.c
create mode 100644 source3/winbindd/idmap_rfc2307.c
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/idmap_rfc2307.8.xml b/docs-xml/manpages/idmap_rfc2307.8.xml
new file mode 100644
index 0000000..f680945
--- /dev/null
+++ b/docs-xml/manpages/idmap_rfc2307.8.xml
@@ -0,0 +1,165 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="idmap_rfc2307.8">
+
+<refmeta>
+ <refentrytitle>idmap_rfc2307</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">4.0</refmiscinfo>
+</refmeta>
+
+<refnamediv>
+ <refname>idmap_rfc2307</refname>
+ <refpurpose>Samba's idmap_rfc2307 Backend for Winbind</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <title>DESCRIPTION</title>
+
+ <para>The idmap_rfc2307 plugin provides a way for winbind to
+ read id mappings from records in an LDAP server as defined in
+ RFC 2307. The LDAP server can be stand-alone or the LDAP
+ server provided by the AD server. An AD server is always
+ required to provide the mapping between name and SID, and the
+ LDAP server is queried for the mapping between name and
+ uid/gid. This module implements only the "idmap"
+ API, and is READONLY.</para>
+
+ <para>Mappings must be provided in advance by the
+ administrator by creating the user accounts in the Active
+ Directory server and the posixAccount and posixGroup objects
+ in the LDAP server. The names in the Active Directory server
+ and in the LDAP server have to be the same.</para>
+
+ <para>This id mapping approach allows the reuse of existing
+ LDAP authentication servers that store records in the RFC 2307
+ format.</para>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>IDMAP OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>range = low - high</term>
+ <listitem><para> Defines the available
+ matching UID and GID range for which the
+ backend is authoritative. Note that the range
+ acts as a filter. If specified any UID or GID
+ stored in AD that fall outside the range is
+ ignored and the corresponding map is
+ discarded. It is intended as a way to avoid
+ accidental UID/GID overlaps between local and
+ remotely defined IDs.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ldap_server = <ad | stand-alone ></term>
+ <listitem><para>Defines the type of LDAP
+ server to use. This can either be the LDAP
+ server provided by the Active Directory server
+ (ad) or a stand-alone LDAP
+ server.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>bind_path_user</term>
+ <listitem><para>Specifies the bind path where
+ user objects can be found in the LDAP
+ server.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>bind_path_group</term>
+ <listitem><para>Specifies the bind path where
+ group objects can be found in the LDAP
+ server.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>user_cn = <yes | no></term>
+ <listitem><para>Query cn attribute instead of
+ uid attribute for the user name in LDAP. This
+ option is not required, the default is
+ no.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>cn_realm = <yes | no></term>
+ <listitem><para>Append @realm to cn for groups
+ (and users if user_cn is set) in
+ LDAP. This option is not required, the default
+ is no.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ldap_domain</term>
+ <listitem><para>When using the LDAP server in
+ the Active Directory server, this allows to
+ specify the domain where to access the Active
+ Directory server. This allows using trust
+ relationships while keeping all RFC 2307
+ records in one place. This parameter is
+ optional, the default is to access the AD
+ server in the current domain to query LDAP
+ records.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ldap_url</term>
+ <listitem><para>When using a stand-alone LDAP
+ server, this parameter specifies the ldap URL
+ for accessing the LDAP
+ server.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ldap_user_dn</term>
+ <listitem><para>Defines the user DN to be used
+ for authentication. The secret for
+ authenticating this user should be stored with
+ net idmap secret (see
+ <citerefentry><refentrytitle>net</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>). If
+ absent, an anonymous bind will be
+ performed.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ldap_realm</term>
+ <listitem><para>Defines the realm to use in
+ the user and group names. This is only
+ required when using cn_realm together with a
+ stand-alone ldap server.</para></listitem>
+ </varlistentry>
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>The following example shows how to retrieve id mappings
+ from a stand-alone LDAP server. This example also shows how
+ to leave a small non conflicting range for local id allocation
+ that may be used in internal backends like BUILTIN.</para>
+
+ <programlisting>
+ [global]
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
+
+ idmap config DOMAIN : backend = rfc2307
+ idmap config DOMAIN : range = 2000000-2999999
+ idmap config DOMAIN : ldap_server = stand-alone
+ idmap config DOMAIN : ldap_url = ldap://ldap1.example.com
+ idmap config DOMAIN : ldap_user_dn = cn=ldapmanager,dc=example,dc=com
+ idmap config DOMAIN : bind_path_user = ou=People,dc=example,dc=com
+ idmap config DOMAIN : bind_path_group = ou=Group,dc=example,dc=com
+ </programlisting>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>
+ The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.
+ </para>
+</refsect1>
+
+</refentry>
diff --git a/docs-xml/manpages/vfs_btrfs.8.xml b/docs-xml/manpages/vfs_btrfs.8.xml
new file mode 100644
index 0000000..3cd55d3
--- /dev/null
+++ b/docs-xml/manpages/vfs_btrfs.8.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_btrfs.8">
+
+<refmeta>
+ <refentrytitle>vfs_btrfs</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">4.0</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>vfs_btrfs</refname>
+ <refpurpose>
+ Utilize features provided by the Btrfs filesystem
+ </refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>vfs objects = btrfs</command>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This VFS module is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> suite.</para>
+
+ <para>
+ The <command>vfs_btrfs</command> VFS module exposes Btrfs
+ specific features for use by Samba.
+ </para>
+
+ <para>
+ Btrfs allows for multiple files to share the same on-disk data
+ through the use cloned ranges. When an SMB client issues a
+ request to copy duplicate data (via FSCTL_SRV_COPYCHUNK), this
+ module maps the request to a Btrfs clone range IOCTL, instead
+ of performing reads and writes required by a traditional copy.
+ Doing so saves storage capacity and greatly reduces disk IO.
+ </para>
+
+ <para>
+ This module is stackable.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>CONFIGURATION</title>
+
+ <para>
+ <command>vfs_btrfs</command> requires that the underlying share
+ path is a Btrfs filesystem.
+ </para>
+
+ <programlisting>
+ <smbconfsection name="[share]"/>
+ <smbconfoption name="vfs objects">btrfs</smbconfoption>
+ </programlisting>
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>
+ This man page is correct for version 4.1.0 of the Samba suite.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+
+</refsect1>
+
+</refentry>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 25e381e..a75ae05 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -12,6 +12,7 @@ manpages='''
manpages/idmap_hash.8
manpages/idmap_ldap.8
manpages/idmap_nss.8
+ manpages/idmap_rfc2307.8
manpages/idmap_rid.8
manpages/idmap_tdb.8
manpages/idmap_tdb2.8
@@ -48,6 +49,7 @@ manpages='''
manpages/vfs_aio_linux.8
manpages/vfs_aio_pthread.8
manpages/vfs_audit.8
+ manpages/vfs_btrfs.8
manpages/vfs_cacheprime.8
manpages/vfs_cap.8
manpages/vfs_catia.8
diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
new file mode 100755
index 0000000..b9efd34
--- /dev/null
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -0,0 +1,94 @@
+#!/bin/sh
+# Test id mapping through idmap_rfc2307 module
+if [ $# -lt 9 ]; then
+ echo Usage: $0 DOMAIN USERNAME UID GROUPNAME GID LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
+ exit 1
+fi
+
+DOMAIN="$1"
+USERNAME="$2"
+USERUID="$3"
+GROUPNAME="$4"
+GROUPGID="$5"
+LDAPPREFIX="$6"
+DC_SERVER="$7"
+DC_USERNAME="$8"
+DC_PASSWORD="$9"
+
+echo called with: $1 $2 $3 $4 $5 $6 $7 $8 $9
+
+wbinfo="$VALGRIND $BINDIR/wbinfo"
+ldbadd="$BINDIR/ldbadd"
+ldbdel="$BINDIR/ldbdel"
+failed=0
+
+. `dirname $0`/../../testprogs/blackbox/subunit.sh
+
+# Delete LDAP records
+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
+
+# Add id mapping information to LDAP
+
+cat > $PREFIX/tmpldb <<EOF
+dn: $LDAPPREFIX
+objectclass: organizationalUnit
+EOF
+
+testit "add ldap prefix" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
+
+cat > $PREFIX/tmpldb <<EOF
+dn: cn=$USERNAME,$LDAPPREFIX
+objectClass: organizationalPerson
+objectClass: posixAccount
+ou: People
+cn: $USERNAME
+uid: $USERNAME
+uidNumber: $USERUID
+gidNumber: 1
+homeDirectory: /home/admin
+EOF
+
+testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
+
+cat > $PREFIX/tmpldb <<EOF
+dn: cn=$GROUPNAME,$LDAPPREFIX
+objectClass: posixGroup
+objectClass: groupOfNames
+cn: $GROUPNAME
+gidNumber: $GROUPGID
+member: cn=$USERNAME,$LDAPPREFIX
+EOF
+
+testit "add ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
+
+rm -f $PREFIX/tmpldbmodify
+
+testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN\\$USERNAME" || failed=$(expr $failed + 1)
+user_sid=$($wbinfo -n "$DOMAIN\\$USERNAME" | cut -d " " -f1)
+echo "$DOMAIN\\$USERNAME resolved to $user_sid"
+
+testit "wbinfo --sid-to-uid=$user_sid" $wbinfo --sid-to-uid=$user_sid || failed=$(expr $failed + 1)
+user_uid=$($wbinfo --sid-to-uid=$user_sid | cut -d " " -f1)
+echo "$DOMAIN\\$USERNAME resolved to $user_uid"
+
+testit "test $user_uid -eq $USERUID" test $user_uid -eq $USERUID || failed=$(expr $failed + 1)
+
+# Not sure how to get group names with spaces to resolve through testit
+#testit "wbinfo --name-to-sid" $wbinfo --name-to-sid="$DOMAIN\\$GROUPNAME" || failed=$(expr $failed + 1)
+group_sid=$($wbinfo --name-to-sid="$DOMAIN\\$GROUPNAME" | cut -d " " -f1)
+echo "$DOMAIN\\$GROUPNAME resolved to $group_sid"
+
+testit "wbinfo --sid-to-gid=$group_sid" $wbinfo --sid-to-gid=$group_sid || failed=$(expr $failed + 1)
+group_gid=$($wbinfo --sid-to-gid=$group_sid | cut -d " " -f1)
+echo "$DOMAIN\\$GROUPNAME resolved to $group_gid"
+
+testit "test $group_gid -eq $GROUPGID" test $group_gid -eq $GROUPGID || failed=$(expr $failed + 1)
+
+# Delete LDAP records
+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
+
+exit $failed
diff --git a/packaging/RHEL-CTDB/configure.rpm b/packaging/RHEL-CTDB/configure.rpm
index f16b352..398a3f9 100755
--- a/packaging/RHEL-CTDB/configure.rpm
+++ b/packaging/RHEL-CTDB/configure.rpm
@@ -24,7 +24,7 @@ else
CC="gcc"
fi
-shared_modules="idmap_rid,idmap_ad,idmap_tdb2"
+shared_modules="idmap_rid,idmap_ad,idmap_tdb2,idmap_rfc2307"
if test "x$BUILD_GPFS" != "xno"; then
shared_modules="${shared_modules},vfs_gpfs,vfs_tsmsm"
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index d811053..fa18985 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -171,6 +171,7 @@ sub get_interface($)
$interfaces{"localsubdc"} = 31;
$interfaces{"chgdcpass"} = 32;
$interfaces{"promotedvdc"} = 33;
+ $interfaces{"rfc2307member"} = 34;
# update lib/socket_wrapper/socket_wrapper.c
# #define MAX_WRAPPED_INTERFACES 32
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index c71419d..8d9c4b9 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -331,6 +331,85 @@ sub setup_admember($$$$)
return $ret;
}
+sub setup_admember_rfc2307($$$$)
+{
+ my ($self, $prefix, $dcvars) = @_;
+
+ # If we didn't build with ADS, pretend this env was never available
+ if (not $self->have_ads()) {
+ return "UNKNOWN";
+ }
+
+ print "PROVISIONING S3 AD MEMBER WITH idmap_rfc2307 config...";
+
+ my $member_options = "
+ security = ads
+ server signing = on
+ workgroup = $dcvars->{DOMAIN}
+ realm = $dcvars->{REALM}
+ idmap config $dcvars->{DOMAIN} : backend = rfc2307
+ idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
+ idmap config $dcvars->{DOMAIN} : ldap_server = ad
+ idmap config $dcvars->{DOMAIN} : bind_path_user = ou=idmap,dc=samba,dc=example,dc=com
+ idmap config $dcvars->{DOMAIN} : bind_path_group = ou=idmap,dc=samba,dc=example,dc=com
+";
+
+ my $ret = $self->provision($prefix,
+ "RFC2307MEMBER",
+ "loCalMemberPass",
+ $member_options);
+
+ $ret or return undef;
+
+ close(USERMAP);
+ $ret->{DOMAIN} = $dcvars->{DOMAIN};
+ $ret->{REALM} = $dcvars->{REALM};
+
+ my $ctx;
+ my $prefix_abs = abs_path($prefix);
+ $ctx = {};
+ $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf";
+ $ctx->{domain} = $dcvars->{DOMAIN};
+ $ctx->{realm} = $dcvars->{REALM};
+ $ctx->{dnsname} = lc($dcvars->{REALM});
+ $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
+ Samba::mk_krb5_conf($ctx, "");
+
+ $ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
+
+ my $net = Samba::bindir_path($self, "net");
+ my $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+ $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "$net join $ret->{CONFIGURATION}";
+ $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}";
+
+ if (system($cmd) != 0) {
+ warn("Join failed\n$cmd");
+ return undef;
+ }
+
+ # We need world access to this share, as otherwise the domain
+ # administrator from the AD domain provided by Samba4 can't
+ # access the share for tests.
+ chmod 0777, "$prefix/share";
+
+ if (not $self->check_or_start($ret, "yes", "yes", "yes")) {
+ return undef;
+ }
+
+ $ret->{DC_SERVER} = $dcvars->{SERVER};
+ $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
+ $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
+ $ret->{DC_USERNAME} = $dcvars->{USERNAME};
+ $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
+
+ # Special case, this is called from Samba4.pm but needs to use the Samba3 check_env and get_log_env
+ $ret->{target} = $self;
+
+ return $ret;
+}
+
sub setup_simpleserver($$)
{
my ($self, $path) = @_;
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 05541d9..6f69414 100644
--- a/selftest/target/Samba4.pm
--
Samba Shared Repository
More information about the samba-cvs
mailing list