[SCM] Samba Shared Repository - branch v4-0-stable updated
Karolin Seeger
kseeger at samba.org
Tue Nov 19 01:03:01 MST 2013
The branch, v4-0-stable has been updated
via 430c74f VERSION: Disable git snapshots for the 4.0.12 release.
via a60c24e WHATSNEW: Add release notes for Samba 4.0.12.
via c35f22e util: Remove 32bit macros breaking strict aliasing.
via ce12995 s3-winbindd: Fix #10264, cache_traverse_validate_fn failure for NDR cache entries.
via e76556d Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group.
via 2c2d292 Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group.
via c87f8ed xattr: fix listing EAs on *BSD for non-root users
via 0a52101 VERSION: Bump version number up to 4.0.12...
via 98712df Merge tag 'samba-4.0.11' into v4-0-test
via de4e721 s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled
via c07a730 libcli/smb: fix smb2cli_ioctl*() against Windows 2008.
via 8d4f270 nsswitch: Fix short writes in winbind_write_sock
via a918e7d dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors
via 6b8f362 s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'
via 4837dc1 dsdb/tests/ldap: fix test_ldapServiceName against w2k8r2
via a1d0339 s3-winbind: Send online/offline message of the domain to the parent.
via ddd3302 s3-winbind: Register handlers for domain online/offline messages.
via 16dcb6c s3-winbind: Add functions for domain online/offline handling.
via e052e65 idl: Add a new message for winbind domain states.
via 5a65f86 Fix bug #10187 - Missing talloc_free can leak stackframe in error path.
via c388828 s4:smb_server: call irpc_add_name() at startup (bug #9905)
via 2c6ef14 s4:rpc_server: call irpc_add_name() at startup (bug #9905)
via 95d66d0 s4:ldap_server: call irpc_add_name() at startup (bug #9905)
via acf4fe4 doc: Update documentation of pam_winbind krb5 support.
via 11a4a64 s3-winbind: Add support for the kernel krb5 keyring buffer.
via f91b6c9 s3-winbind: Don't set a default directory for DIR.
from a8e0112 VERSION: Disable git snapshots for the 4.0.11 release.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 85 +++++++++++++++-
dfs_server/dfs_server_ad.c | 10 +-
docs-xml/manpages/pam_winbind.conf.5.xml | 26 +++--
lib/replace/xattr.c | 4 +
lib/util/byteorder.h | 52 +---------
libcli/smb/smb2cli_ioctl.c | 33 ++++++-
nsswitch/wb_common.c | 4 +-
python/samba/join.py | 11 ++-
python/samba/tests/posixacl.py | 160 +++++++++++++++++++++--------
source3/librpc/idl/messaging.idl | 2 +
source3/smbd/posix_acls.c | 79 ++++++++-------
source3/winbindd/winbindd.c | 6 +
source3/winbindd/winbindd_cache.c | 3 +-
source3/winbindd/winbindd_cm.c | 62 ++++++++++++
source3/winbindd/winbindd_dual.c | 5 +
source3/winbindd/winbindd_msrpc.c | 5 +-
source3/winbindd/winbindd_pam.c | 4 +-
source3/winbindd/winbindd_proto.h | 10 ++
source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +-
source4/dsdb/tests/python/ldap.py | 12 ++-
source4/ldap_server/ldap_server.c | 3 +
source4/rpc_server/service_rpc.c | 1 +
source4/smb_server/service_smb.c | 1 +
24 files changed, 413 insertions(+), 169 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index e734fbd..c676911 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=0
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=12
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 20b6e7f..3ae3b2f 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,85 @@
==============================
+ Release Notes for Samba 4.0.12
+ November 19, 2013
+ ==============================
+
+
+This is is the latest stable release of Samba 4.0.
+
+Major enhancements in Samba 4.0.12 include:
+
+o RW Deny for a specific user is not overriding RW Allow for a group (bug
+ #10196)
+
+
+Changes since 4.0.11:
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 10187: Missing talloc_free can leak stackframe in error path.
+ * BUG 10196: RW Deny for a specific user is not overriding RW Allow for a
+ group.
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 10052: Use dsdb_search_one to catch 0 results as well as
+ NO_SUCH_OBJECT errors.
+
+
+o Samuel Cabrero <scabrero at zentyal.com>
+ * BUG 9091: s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 10264: s3-winbind: Fix cache_traverse_validate_fn failure for NDR
+ cache entries.
+
+
+o Björn Jacke <bj at sernet.de>
+ * BUG 10247: xattr: Fix listing EAs on *BSD for non-root users.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 10195: nsswitch: Fix short writes in winbind_write_sock.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 9905: ldap_server: Register name and pid at startup.
+ * BUG 10193: s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'.
+ * BUG 10232: libcli/smb: fix smb2cli_ioctl*() against Windows 2008.
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 10132: pam_winbindd: Add support for the KEYRING ccache type.
+ * BUG 10194: winbind: Offline logon cache not updating for cross child
+ domain group membership.
+ * BUG 10269: util: Remove 32bit macros breaking strict aliasing.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 4.0.11
November 11, 2013
==============================
@@ -68,8 +149,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 4.0.10
diff --git a/dfs_server/dfs_server_ad.c b/dfs_server/dfs_server_ad.c
index 8fa143d..4a1f812 100644
--- a/dfs_server/dfs_server_ad.c
+++ b/dfs_server/dfs_server_ad.c
@@ -206,14 +206,14 @@ static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
for (i = 0; i<r->count; i++) {
struct ldb_dn *dn;
- struct ldb_result *r2;
+ struct ldb_message *msg;
dn = ldb_msg_find_attr_as_dn(ldb, ctx, r->msgs[i], "serverReference");
if (!dn) {
return NT_STATUS_INTERNAL_ERROR;
}
- ret = ldb_search(ldb, r, &r2, dn, LDB_SCOPE_BASE, attrs2, "(objectClass=computer)");
+ ret = dsdb_search_one(ldb, r, &msg, dn, LDB_SCOPE_BASE, attrs2, 0, "(objectClass=computer)");
if (ret != LDB_SUCCESS) {
DEBUG(2,(__location__ ": Search for computer on %s failed - %s\n",
ldb_dn_get_linearized(dn), ldb_errstring(ldb)));
@@ -221,7 +221,7 @@ static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
}
if (dofqdn) {
- const char *dns = ldb_msg_find_attr_as_string(r2->msgs[0], "dNSHostName", NULL);
+ const char *dns = ldb_msg_find_attr_as_string(msg, "dNSHostName", NULL);
if (dns == NULL) {
DEBUG(2,(__location__ ": dNSHostName missing on %s\n",
ldb_dn_get_linearized(dn)));
@@ -233,7 +233,7 @@ static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(list->names[list->count], r);
} else {
char *tmp;
- const char *aname = ldb_msg_find_attr_as_string(r2->msgs[0], "sAMAccountName", NULL);
+ const char *aname = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL);
if (aname == NULL) {
DEBUG(2,(__location__ ": sAMAccountName missing on %s\n",
ldb_dn_get_linearized(dn)));
@@ -250,7 +250,7 @@ static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
list->names[list->count] = tmp;
}
list->count++;
- talloc_free(r2);
+ talloc_free(msg);
}
talloc_free(r);
diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml
index be7f684..725e809 100644
--- a/docs-xml/manpages/pam_winbind.conf.5.xml
+++ b/docs-xml/manpages/pam_winbind.conf.5.xml
@@ -106,16 +106,24 @@
<term>krb5_ccache_type = [type]</term>
<listitem><para>
- When pam_winbind is configured to try kerberos authentication by
- enabling the <parameter>krb5_auth</parameter> option, it can
- store the retrieved Ticket Granting Ticket (TGT) in a credential
- cache. The type of credential cache can be controlled with this
- option. The supported values are: <parameter>FILE</parameter>
- and <parameter>DIR</parameter> (when the DIR type is supported
- by the system's Kerberos library). In case of FILE a credential
+ When pam_winbind is configured to try kerberos authentication
+ by enabling the <parameter>krb5_auth</parameter> option, it can
+ store the retrieved Ticket Granting Ticket (TGT) in a
+ credential cache. The type of credential cache can be
+ controlled with this option. The supported values are:
+ <parameter>KEYRING</parameter> (when supported by the system's
+ Kerberos library and Kernel), <parameter>FILE</parameter> and
+ <parameter>DIR</parameter> (when the DIR type is supported by
+ the system's Kerberos library). In case of FILE a credential
cache in the form of /tmp/krb5cc_UID will be created - in case
- of DIR it will be located under the /run/user/UID/krb5cc
- directory. UID is replaced with the numeric user id.</para>
+ of DIR you NEED to specify a directory. UID is replaced with
+ the numeric user id.</para>
+
+ <para>When using the KEYRING type, the supported mechanism is
+ <quote>KEYRING:persistent:UID</quote>, which uses the Linux
+ kernel keyring to store credentials on a per-UID basis. This is
+ the recommended choice on latest Linux distributions, as it is
+ the most secure and predictable method.</para>
<para>It is also possible to define custom filepaths and use the "%u"
pattern in order to substitue the numeric user id.
diff --git a/lib/replace/xattr.c b/lib/replace/xattr.c
index a26ff67..459b7f3 100644
--- a/lib/replace/xattr.c
+++ b/lib/replace/xattr.c
@@ -194,6 +194,10 @@ static ssize_t bsd_attr_list (int type, extattr_arg arg, char *list, size_t size
char *buf;
/* Iterate through extattr(2) namespaces */
for(t = 0; t < ARRAY_SIZE(extattr); t++) {
+ if (t != EXTATTR_NAMESPACE_USER && geteuid() != 0) {
+ /* ignore all but user namespace when we are not root, see bug 10247 */
+ continue;
+ }
switch(type) {
#if defined(HAVE_EXTATTR_LIST_FILE)
case 0:
diff --git a/lib/util/byteorder.h b/lib/util/byteorder.h
index 6bcf71e..58cd68a 100644
--- a/lib/util/byteorder.h
+++ b/lib/util/byteorder.h
@@ -35,15 +35,6 @@ Here is a description of this file that I emailed to the samba list once:
sure.
-The distinction between 386 and other architectures is only there as
-an optimisation. You can take it out completely and it will make no
-difference. The routines (macros) in byteorder.h are totally byteorder
-independent. The 386 optimsation just takes advantage of the fact that
-the x86 processors don't care about alignment, so we don't have to
-align ints on int boundaries etc. If there are other processors out
-there that aren't alignment sensitive then you could also define
-CAREFUL_ALIGNMENT=0 on those processors as well.
-
Ok, now to the macros themselves. I'll take a simple example, say we
want to extract a 2 byte integer from a SMB packet and put it into a
type called uint16_t that is in the local machines byte order, and you
@@ -130,20 +121,6 @@ static __inline__ void st_le32(uint32_t *addr, const uint32_t val)
#define HAVE_ASM_BYTEORDER 0
#endif
-
-
-#undef CAREFUL_ALIGNMENT
-
-/* we know that the 386 can handle misalignment and has the "right"
- byteorder */
-#if defined(__i386__)
-#define CAREFUL_ALIGNMENT 0
-#endif
-
-#ifndef CAREFUL_ALIGNMENT
-#define CAREFUL_ALIGNMENT 1
-#endif
-
#define CVAL(buf,pos) ((unsigned int)(((const uint8_t *)(buf))[pos]))
#define CVAL_NC(buf,pos) (((uint8_t *)(buf))[pos]) /* Non-const version of CVAL */
#define PVAL(buf,pos) (CVAL(buf,pos))
@@ -161,7 +138,7 @@ static __inline__ void st_le32(uint32_t *addr, const uint32_t val)
#define SSVALS(buf,pos,val) SSVAL((buf),(pos),((int16_t)(val)))
#define SIVALS(buf,pos,val) SIVAL((buf),(pos),((int32_t)(val)))
-#elif CAREFUL_ALIGNMENT
+#else /* not HAVE_ASM_BYTEORDER */
#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8)
#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16)
@@ -174,32 +151,7 @@ static __inline__ void st_le32(uint32_t *addr, const uint32_t val)
#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16_t)(val)))
#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32_t)(val)))
-#else /* not CAREFUL_ALIGNMENT */
-
-/* this handles things for architectures like the 386 that can handle
- alignment errors */
-/*
- WARNING: This section is dependent on the length of int16_t and int32_t
- being correct
-*/
-
-/* get single value from an SMB buffer */
-#define SVAL(buf,pos) (*(const uint16_t *)((const char *)(buf) + (pos)))
-#define SVAL_NC(buf,pos) (*(uint16_t *)((void *)((char *)(buf) + (pos)))) /* Non const version of above. */
-#define IVAL(buf,pos) (*(const uint32_t *)((const char *)(buf) + (pos)))
-#define IVAL_NC(buf,pos) (*(uint32_t *)((void *)((char *)(buf) + (pos)))) /* Non const version of above. */
-#define SVALS(buf,pos) (*(const int16_t *)((const char *)(buf) + (pos)))
-#define SVALS_NC(buf,pos) (*(int16_t *)((void *)((char *)(buf) + (pos)))) /* Non const version of above. */
-#define IVALS(buf,pos) (*(const int32_t *)((const char *)(buf) + (pos)))
-#define IVALS_NC(buf,pos) (*(int32_t *)((void *)((char *)(buf) + (pos)))) /* Non const version of above. */
-
-/* store single value in an SMB buffer */
-#define SSVAL(buf,pos,val) SVAL_NC(buf,pos)=((uint16_t)(val))
-#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((uint32_t)(val))
-#define SSVALS(buf,pos,val) SVALS_NC(buf,pos)=((int16_t)(val))
-#define SIVALS(buf,pos,val) IVALS_NC(buf,pos)=((int32_t)(val))
-
-#endif /* not CAREFUL_ALIGNMENT */
+#endif /* not HAVE_ASM_BYTEORDER */
/* 64 bit macros */
#define BVAL(p, ofs) (IVAL(p,ofs) | (((uint64_t)IVAL(p,(ofs)+4)) << 32))
diff --git a/libcli/smb/smb2cli_ioctl.c b/libcli/smb/smb2cli_ioctl.c
index 687c9d5..90c3a2c 100644
--- a/libcli/smb/smb2cli_ioctl.c
+++ b/libcli/smb/smb2cli_ioctl.c
@@ -201,7 +201,21 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq)
return;
}
- if (input_buffer_length < dyn_len) {
+ ofs = input_buffer_length;
+ ofs = NDR_ROUND(ofs, 8);
+
+ if (state->max_input_length == 0) {
+ /*
+ * If max_input_length is 0 we ignore
+ * the input_buffer_length, because
+ * Windows 2008 echos the DCERPC request
+ * from the requested input_buffer
+ * to the response input_buffer.
+ */
+ input_buffer_length = 0;
+ }
+
+ if (input_buffer_length > dyn_len) {
tevent_req_nterror(
req, NT_STATUS_INVALID_NETWORK_RESPONSE);
return;
@@ -216,8 +230,11 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq)
state->out_input_buffer.data = dyn;
state->out_input_buffer.length = input_buffer_length;
- ofs = input_buffer_length;
- ofs = NDR_ROUND(ofs, 8);
+ if (ofs > dyn_len) {
+ tevent_req_nterror(
+ req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
dyn_ofs += ofs;
dyn += ofs;
@@ -231,7 +248,15 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq)
return;
}
- if (output_buffer_length < dyn_len) {
+ if (state->max_output_length == 0) {
+ /*
+ * We do the same logic as for
+ * max_input_length.
+ */
+ output_buffer_length = 0;
+ }
+
+ if (output_buffer_length > dyn_len) {
tevent_req_nterror(
req, NT_STATUS_INVALID_NETWORK_RESPONSE);
return;
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
index c56a76f..5fde8d0 100644
--- a/nsswitch/wb_common.c
+++ b/nsswitch/wb_common.c
@@ -395,9 +395,9 @@ static int winbind_write_sock(void *buffer, int count, int recursing,
call would not block by calling poll(). */
pfd.fd = fd;
- pfd.events = POLLIN|POLLHUP;
+ pfd.events = POLLIN|POLLOUT|POLLHUP;
- ret = poll(&pfd, 1, 0);
+ ret = poll(&pfd, 1, -1);
if (ret == -1) {
winbind_close_sock();
return -1; /* poll error */
diff --git a/python/samba/join.py b/python/samba/join.py
index b2f4da4..bdd3629 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -606,15 +606,18 @@ class dc_join(object):
"DNSNAME" : ctx.dnshostname}))
for changetype, msg in recs:
assert changetype == ldb.CHANGETYPE_NONE
+ dns_acct_dn = msg["dn"]
print "Adding DNS account %s with dns/ SPN" % msg["dn"]
# Remove dns password (we will set it as a modify, as we can't do clearTextPassword over LDAP)
del msg["clearTextPassword"]
# Remove isCriticalSystemObject for similar reasons, it cannot be set over LDAP
del msg["isCriticalSystemObject"]
+ # Disable account until password is set
+ msg["userAccountControl"] = str(samba.dsdb.UF_NORMAL_ACCOUNT |
+ samba.dsdb.UF_ACCOUNTDISABLE)
try:
ctx.samdb.add(msg)
- dns_acct_dn = msg["dn"]
except ldb.LdbError, (num, _):
if num != ldb.ERR_ENTRY_ALREADY_EXISTS:
raise
@@ -624,7 +627,7 @@ class dc_join(object):
# connections which are hard to set up and otherwise refuse with
# ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet
# over SAMR.
- print "Setting account password for %s" % ctx.samname
+ print "Setting account password for dns-%s" % ctx.myname
try:
ctx.samdb.setpassword("(&(objectClass=user)(samAccountName=dns-%s))"
% ldb.binary_encode(ctx.myname),
@@ -633,8 +636,8 @@ class dc_join(object):
username=ctx.samname)
except ldb.LdbError, (num, _):
if num != ldb.ERR_UNWILLING_TO_PERFORM:
- pass
- ctx.net.set_password(account_name="dns-" % ctx.myname,
+ raise
+ ctx.net.set_password(account_name="dns-%s" % ctx.myname,
domain_name=ctx.domain_name,
newpassword=ctx.dnspass)
diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py
index 6a234e4..1948e8b 100644
--- a/python/samba/tests/posixacl.py
+++ b/python/samba/tests/posixacl.py
@@ -319,7 +319,7 @@ class PosixAclMappingTests(TestCaseInTempDir):
(AU_gid,AU_type) = s4_passdb.sid_to_id(AU_sid)
self.assertEquals(AU_type, idmap.ID_TYPE_BOTH)
- self.assertEquals(posix_acl.count, 9)
+ self.assertEquals(posix_acl.count, 13)
self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
self.assertEquals(posix_acl.acl[0].a_perm, 7)
@@ -335,23 +335,39 @@ class PosixAclMappingTests(TestCaseInTempDir):
self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
self.assertEquals(posix_acl.acl[3].a_perm, 6)
- self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
+ self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_USER)
self.assertEquals(posix_acl.acl[4].a_perm, 7)
+ self.assertEquals(posix_acl.acl[4].info.uid, BA_gid)
- self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP)
- self.assertEquals(posix_acl.acl[5].a_perm, 5)
- self.assertEquals(posix_acl.acl[5].info.gid, SO_gid)
+ self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
+ self.assertEquals(posix_acl.acl[5].a_perm, 7)
- self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP)
- self.assertEquals(posix_acl.acl[6].a_perm, 7)
- self.assertEquals(posix_acl.acl[6].info.gid, SY_gid)
+ self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_USER)
+ self.assertEquals(posix_acl.acl[6].a_perm, 5)
+ self.assertEquals(posix_acl.acl[6].info.uid, SO_gid)
self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP)
self.assertEquals(posix_acl.acl[7].a_perm, 5)
- self.assertEquals(posix_acl.acl[7].info.gid, AU_gid)
+ self.assertEquals(posix_acl.acl[7].info.gid, SO_gid)
- self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_MASK)
+ self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_USER)
self.assertEquals(posix_acl.acl[8].a_perm, 7)
+ self.assertEquals(posix_acl.acl[8].info.uid, SY_gid)
+
+ self.assertEquals(posix_acl.acl[9].a_type, smb_acl.SMB_ACL_GROUP)
+ self.assertEquals(posix_acl.acl[9].a_perm, 7)
+ self.assertEquals(posix_acl.acl[9].info.gid, SY_gid)
+
+ self.assertEquals(posix_acl.acl[10].a_type, smb_acl.SMB_ACL_USER)
+ self.assertEquals(posix_acl.acl[10].a_perm, 5)
+ self.assertEquals(posix_acl.acl[10].info.uid, AU_gid)
+
+ self.assertEquals(posix_acl.acl[11].a_type, smb_acl.SMB_ACL_GROUP)
+ self.assertEquals(posix_acl.acl[11].a_perm, 5)
+ self.assertEquals(posix_acl.acl[11].info.gid, AU_gid)
+
+ self.assertEquals(posix_acl.acl[12].a_type, smb_acl.SMB_ACL_MASK)
+ self.assertEquals(posix_acl.acl[12].a_perm, 7)
# check that it matches:
@@ -437,7 +453,7 @@ class PosixAclMappingTests(TestCaseInTempDir):
(AU_gid,AU_type) = s4_passdb.sid_to_id(AU_sid)
self.assertEquals(AU_type, idmap.ID_TYPE_BOTH)
- self.assertEquals(posix_acl.count, 9)
+ self.assertEquals(posix_acl.count, 13)
self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
self.assertEquals(posix_acl.acl[0].a_perm, 7)
@@ -453,23 +469,39 @@ class PosixAclMappingTests(TestCaseInTempDir):
self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
self.assertEquals(posix_acl.acl[3].a_perm, 7)
- self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
+ self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_USER)
self.assertEquals(posix_acl.acl[4].a_perm, 7)
+ self.assertEquals(posix_acl.acl[4].info.uid, BA_gid)
- self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP)
- self.assertEquals(posix_acl.acl[5].a_perm, 5)
- self.assertEquals(posix_acl.acl[5].info.gid, SO_gid)
--
Samba Shared Repository
More information about the samba-cvs
mailing list