[SCM] Samba Shared Repository - branch v4-1-stable updated
Karolin Seeger
kseeger at samba.org
Fri Nov 22 02:56:27 MST 2013
The branch, v4-1-stable has been updated
via e1e735a VERSION: Disable git snapshots for the 4.1.2 release.
via cbd6790 WHATSNEW: Add release notes for Samba 4.1.2.
via 7c06360 util: Remove 32bit macros breaking strict aliasing.
via 5df543b s3-winbindd: Fix #10264, cache_traverse_validate_fn failure for NDR cache entries.
via d815b15 Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group.
via 4c108d4 Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group.
via 2cfa1ef xattr: fix listing EAs on *BSD for non-root users
via a52afc3 VERSION: Bump version number up to 4.1.2...
via 5e64b07 Merge tag 'samba-4.1.1' into v4-1-test
via 6207530 s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled
via 5cc42ac vfs: Fix some build warnings in glusterfs.
via 289b7fa vfs: Fix building the glusterfs module.
via 8db5ecc libcli/smb: fix smb2cli_ioctl*() against Windows 2008.
via 67840df nsswitch: Fix short writes in winbind_write_sock
via 05c9553 vfs_glusterfs: Fix excessive debug output from vfs_gluster_open().
via 683ac33 vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs
via cfa1739 VFS plugin was sending the actual size of the volume instead of the total number of block units because of which windows was getting the wrong volume capacity.
via 0e8f8b7 dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors
via 0419b68 s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'
via 2a75290 dsdb/tests/ldap: fix test_ldapServiceName against w2k8r2
via 06c6866 s3-winbind: Send online/offline message of the domain to the parent.
via 944c3e5 s3-winbind: Register handlers for domain online/offline messages.
via 393f6a8 s3-winbind: Add functions for domain online/offline handling.
via 7ea11ba idl: Add a new message for winbind domain states.
via 45a1cbb ccan: Fix calling memset with zero length parameter
via d932142 Fix bug #10187 - Missing talloc_free can leak stackframe in error path.
from 32d78c8 VERSION: Disable git snapshots for the 4.1.1 release.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 96 ++++++++++++++++-
dfs_server/dfs_server_ad.c | 10 +-
lib/ccan/tally/tally.c | 2 +-
lib/replace/xattr.c | 4 +
lib/util/byteorder.h | 52 +---------
libcli/smb/smb2cli_ioctl.c | 33 +++++-
nsswitch/wb_common.c | 4 +-
python/samba/join.py | 11 ++-
python/samba/tests/posixacl.py | 160 ++++++++++++++++++++--------
source3/librpc/idl/messaging.idl | 2 +
source3/modules/vfs_glusterfs.c | 175 ++++++++++++++++++++----------
source3/smbd/posix_acls.c | 81 +++++++-------
source3/winbindd/winbindd.c | 6 +
source3/winbindd/winbindd_cache.c | 3 +-
source3/winbindd/winbindd_cm.c | 62 +++++++++++
source3/winbindd/winbindd_dual.c | 5 +
source3/winbindd/winbindd_msrpc.c | 5 +-
source3/winbindd/winbindd_proto.h | 10 ++
source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +-
source4/dsdb/tests/python/ldap.py | 12 ++-
21 files changed, 521 insertions(+), 216 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index d7f0a02..c10ccb2 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=1
-SAMBA_VERSION_RELEASE=1
+SAMBA_VERSION_RELEASE=2
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 4c96f34..5e5cfab 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,96 @@
=============================
+ Release Notes for Samba 4.1.2
+ November 22, 2013
+ =============================
+
+
+This is is the latest stable release of Samba 4.1.
+
+
+Changes since 4.1.1:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 10187: Missing talloc_free can leak stackframe in error path.
+ * BUG 10196: RW Deny for a specific user is not overriding RW Allow for a
+ group.
+
+
+o Anand Avati <avati at redhat.com>
+ * BUG 10224: vfs_glusterfs: Implement proper mashalling/unmarshalling of
+ ACLs.
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 10052: dfs_server: Use dsdb_search_one to catch 0 results as well as
+ NO_SUCH_OBJECT errors.
+
+
+o Samuel Cabrero <scabrero at zentyal.com>
+ * BUG 9091: s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 10264: s3-winbindd: Fix cache_traverse_validate_fn failure for
+ NDR cache entries.
+
+
+o Christopher R. Hertel <crh at redhat.com>
+ * BUG 10224: vfs_glusterfs: Fix excessive debug output from
+ vfs_gluster_open().
+
+
+o Björn Jacke <bj at sernet.de>
+ * BUG 10247: xattr: Fix listing EAs on *BSD for non-root users.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 10190: Fix memset used with constant zero length parameter.
+ * BUG 10195: nsswitch: Fix short writes in winbind_write_sock.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 10193: s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'.
+ * BUG 10232: libcli/smb: Fix smb2cli_ioctl*() against Windows 2008.
+
+
+o Susant Kumar Palai <spalai at redhat.com>
+ * BUG 10224: VFS plugin was sending the actual size of the volume instead of
+ the total number of block units because of which windows was getting the
+ wrong volume capacity.
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 10194: Make offline logon cache updating for cross child domain group
+ membership.
+ * BUG 10269: util: Remove 32bit macros breaking strict aliasing.
+ * BUG 10253: Fix the build of vfs_glusterfs.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 4.1.1
November 11, 2013
=============================
@@ -68,8 +160,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.1.0
diff --git a/dfs_server/dfs_server_ad.c b/dfs_server/dfs_server_ad.c
index 249a1d1..062eb49 100644
--- a/dfs_server/dfs_server_ad.c
+++ b/dfs_server/dfs_server_ad.c
@@ -206,14 +206,14 @@ static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
for (i = 0; i<r->count; i++) {
struct ldb_dn *dn;
- struct ldb_result *r2;
+ struct ldb_message *msg;
dn = ldb_msg_find_attr_as_dn(ldb, ctx, r->msgs[i], "serverReference");
if (!dn) {
return NT_STATUS_INTERNAL_ERROR;
}
- ret = ldb_search(ldb, r, &r2, dn, LDB_SCOPE_BASE, attrs2, "(objectClass=computer)");
+ ret = dsdb_search_one(ldb, r, &msg, dn, LDB_SCOPE_BASE, attrs2, 0, "(objectClass=computer)");
if (ret != LDB_SUCCESS) {
DEBUG(2,(__location__ ": Search for computer on %s failed - %s\n",
ldb_dn_get_linearized(dn), ldb_errstring(ldb)));
@@ -221,7 +221,7 @@ static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
}
if (dofqdn) {
- const char *dns = ldb_msg_find_attr_as_string(r2->msgs[0], "dNSHostName", NULL);
+ const char *dns = ldb_msg_find_attr_as_string(msg, "dNSHostName", NULL);
if (dns == NULL) {
DEBUG(2,(__location__ ": dNSHostName missing on %s\n",
ldb_dn_get_linearized(dn)));
@@ -233,7 +233,7 @@ static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(list->names[list->count], r);
} else {
char *tmp;
- const char *aname = ldb_msg_find_attr_as_string(r2->msgs[0], "sAMAccountName", NULL);
+ const char *aname = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL);
if (aname == NULL) {
DEBUG(2,(__location__ ": sAMAccountName missing on %s\n",
ldb_dn_get_linearized(dn)));
@@ -250,7 +250,7 @@ static NTSTATUS get_dcs_insite(TALLOC_CTX *ctx, struct ldb_context *ldb,
list->names[list->count] = tmp;
}
list->count++;
- talloc_free(r2);
+ talloc_free(msg);
}
talloc_free(r);
diff --git a/lib/ccan/tally/tally.c b/lib/ccan/tally/tally.c
index 774373c..29f0555 100644
--- a/lib/ccan/tally/tally.c
+++ b/lib/ccan/tally/tally.c
@@ -506,11 +506,11 @@ char *tally_histogram(const struct tally *tally,
if (count > covered) {
count -= covered;
+ memset(p, '*', count);
} else {
count = 0;
}
- memset(p, '*', count);
p += count;
*p = '\n';
p++;
diff --git a/lib/replace/xattr.c b/lib/replace/xattr.c
index a26ff67..459b7f3 100644
--- a/lib/replace/xattr.c
+++ b/lib/replace/xattr.c
@@ -194,6 +194,10 @@ static ssize_t bsd_attr_list (int type, extattr_arg arg, char *list, size_t size
char *buf;
/* Iterate through extattr(2) namespaces */
for(t = 0; t < ARRAY_SIZE(extattr); t++) {
+ if (t != EXTATTR_NAMESPACE_USER && geteuid() != 0) {
+ /* ignore all but user namespace when we are not root, see bug 10247 */
+ continue;
+ }
switch(type) {
#if defined(HAVE_EXTATTR_LIST_FILE)
case 0:
diff --git a/lib/util/byteorder.h b/lib/util/byteorder.h
index 6bcf71e..58cd68a 100644
--- a/lib/util/byteorder.h
+++ b/lib/util/byteorder.h
@@ -35,15 +35,6 @@ Here is a description of this file that I emailed to the samba list once:
sure.
-The distinction between 386 and other architectures is only there as
-an optimisation. You can take it out completely and it will make no
-difference. The routines (macros) in byteorder.h are totally byteorder
-independent. The 386 optimsation just takes advantage of the fact that
-the x86 processors don't care about alignment, so we don't have to
-align ints on int boundaries etc. If there are other processors out
-there that aren't alignment sensitive then you could also define
-CAREFUL_ALIGNMENT=0 on those processors as well.
-
Ok, now to the macros themselves. I'll take a simple example, say we
want to extract a 2 byte integer from a SMB packet and put it into a
type called uint16_t that is in the local machines byte order, and you
@@ -130,20 +121,6 @@ static __inline__ void st_le32(uint32_t *addr, const uint32_t val)
#define HAVE_ASM_BYTEORDER 0
#endif
-
-
-#undef CAREFUL_ALIGNMENT
-
-/* we know that the 386 can handle misalignment and has the "right"
- byteorder */
-#if defined(__i386__)
-#define CAREFUL_ALIGNMENT 0
-#endif
-
-#ifndef CAREFUL_ALIGNMENT
-#define CAREFUL_ALIGNMENT 1
-#endif
-
#define CVAL(buf,pos) ((unsigned int)(((const uint8_t *)(buf))[pos]))
#define CVAL_NC(buf,pos) (((uint8_t *)(buf))[pos]) /* Non-const version of CVAL */
#define PVAL(buf,pos) (CVAL(buf,pos))
@@ -161,7 +138,7 @@ static __inline__ void st_le32(uint32_t *addr, const uint32_t val)
#define SSVALS(buf,pos,val) SSVAL((buf),(pos),((int16_t)(val)))
#define SIVALS(buf,pos,val) SIVAL((buf),(pos),((int32_t)(val)))
-#elif CAREFUL_ALIGNMENT
+#else /* not HAVE_ASM_BYTEORDER */
#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8)
#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16)
@@ -174,32 +151,7 @@ static __inline__ void st_le32(uint32_t *addr, const uint32_t val)
#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16_t)(val)))
#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32_t)(val)))
-#else /* not CAREFUL_ALIGNMENT */
-
-/* this handles things for architectures like the 386 that can handle
- alignment errors */
-/*
- WARNING: This section is dependent on the length of int16_t and int32_t
- being correct
-*/
-
-/* get single value from an SMB buffer */
-#define SVAL(buf,pos) (*(const uint16_t *)((const char *)(buf) + (pos)))
-#define SVAL_NC(buf,pos) (*(uint16_t *)((void *)((char *)(buf) + (pos)))) /* Non const version of above. */
-#define IVAL(buf,pos) (*(const uint32_t *)((const char *)(buf) + (pos)))
-#define IVAL_NC(buf,pos) (*(uint32_t *)((void *)((char *)(buf) + (pos)))) /* Non const version of above. */
-#define SVALS(buf,pos) (*(const int16_t *)((const char *)(buf) + (pos)))
-#define SVALS_NC(buf,pos) (*(int16_t *)((void *)((char *)(buf) + (pos)))) /* Non const version of above. */
-#define IVALS(buf,pos) (*(const int32_t *)((const char *)(buf) + (pos)))
-#define IVALS_NC(buf,pos) (*(int32_t *)((void *)((char *)(buf) + (pos)))) /* Non const version of above. */
-
-/* store single value in an SMB buffer */
-#define SSVAL(buf,pos,val) SVAL_NC(buf,pos)=((uint16_t)(val))
-#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((uint32_t)(val))
-#define SSVALS(buf,pos,val) SVALS_NC(buf,pos)=((int16_t)(val))
-#define SIVALS(buf,pos,val) IVALS_NC(buf,pos)=((int32_t)(val))
-
-#endif /* not CAREFUL_ALIGNMENT */
+#endif /* not HAVE_ASM_BYTEORDER */
/* 64 bit macros */
#define BVAL(p, ofs) (IVAL(p,ofs) | (((uint64_t)IVAL(p,(ofs)+4)) << 32))
diff --git a/libcli/smb/smb2cli_ioctl.c b/libcli/smb/smb2cli_ioctl.c
index 8de7635..3090693 100644
--- a/libcli/smb/smb2cli_ioctl.c
+++ b/libcli/smb/smb2cli_ioctl.c
@@ -213,7 +213,21 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq)
return;
}
- if (input_buffer_length < dyn_len) {
+ ofs = input_buffer_length;
+ ofs = NDR_ROUND(ofs, 8);
+
+ if (state->max_input_length == 0) {
+ /*
+ * If max_input_length is 0 we ignore
+ * the input_buffer_length, because
+ * Windows 2008 echos the DCERPC request
+ * from the requested input_buffer
+ * to the response input_buffer.
+ */
+ input_buffer_length = 0;
+ }
+
+ if (input_buffer_length > dyn_len) {
tevent_req_nterror(
req, NT_STATUS_INVALID_NETWORK_RESPONSE);
return;
@@ -228,8 +242,11 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq)
state->out_input_buffer.data = dyn;
state->out_input_buffer.length = input_buffer_length;
- ofs = input_buffer_length;
- ofs = NDR_ROUND(ofs, 8);
+ if (ofs > dyn_len) {
+ tevent_req_nterror(
+ req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
dyn_ofs += ofs;
dyn += ofs;
@@ -243,7 +260,15 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq)
return;
}
- if (output_buffer_length < dyn_len) {
+ if (state->max_output_length == 0) {
+ /*
+ * We do the same logic as for
+ * max_input_length.
+ */
+ output_buffer_length = 0;
+ }
+
+ if (output_buffer_length > dyn_len) {
tevent_req_nterror(
req, NT_STATUS_INVALID_NETWORK_RESPONSE);
return;
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
index c56a76f..5fde8d0 100644
--- a/nsswitch/wb_common.c
+++ b/nsswitch/wb_common.c
@@ -395,9 +395,9 @@ static int winbind_write_sock(void *buffer, int count, int recursing,
call would not block by calling poll(). */
pfd.fd = fd;
- pfd.events = POLLIN|POLLHUP;
+ pfd.events = POLLIN|POLLOUT|POLLHUP;
- ret = poll(&pfd, 1, 0);
+ ret = poll(&pfd, 1, -1);
if (ret == -1) {
winbind_close_sock();
return -1; /* poll error */
diff --git a/python/samba/join.py b/python/samba/join.py
index fcdd4ec..7d2f913 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -606,15 +606,18 @@ class dc_join(object):
"DNSNAME" : ctx.dnshostname}))
for changetype, msg in recs:
assert changetype == ldb.CHANGETYPE_NONE
+ dns_acct_dn = msg["dn"]
print "Adding DNS account %s with dns/ SPN" % msg["dn"]
# Remove dns password (we will set it as a modify, as we can't do clearTextPassword over LDAP)
del msg["clearTextPassword"]
# Remove isCriticalSystemObject for similar reasons, it cannot be set over LDAP
del msg["isCriticalSystemObject"]
+ # Disable account until password is set
+ msg["userAccountControl"] = str(samba.dsdb.UF_NORMAL_ACCOUNT |
+ samba.dsdb.UF_ACCOUNTDISABLE)
try:
ctx.samdb.add(msg)
- dns_acct_dn = msg["dn"]
except ldb.LdbError, (num, _):
if num != ldb.ERR_ENTRY_ALREADY_EXISTS:
raise
@@ -624,7 +627,7 @@ class dc_join(object):
# connections which are hard to set up and otherwise refuse with
# ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet
# over SAMR.
- print "Setting account password for %s" % ctx.samname
+ print "Setting account password for dns-%s" % ctx.myname
try:
ctx.samdb.setpassword("(&(objectClass=user)(samAccountName=dns-%s))"
% ldb.binary_encode(ctx.myname),
@@ -633,8 +636,8 @@ class dc_join(object):
username=ctx.samname)
except ldb.LdbError, (num, _):
if num != ldb.ERR_UNWILLING_TO_PERFORM:
- pass
- ctx.net.set_password(account_name="dns-" % ctx.myname,
+ raise
+ ctx.net.set_password(account_name="dns-%s" % ctx.myname,
domain_name=ctx.domain_name,
newpassword=ctx.dnspass)
diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py
index f3a4772..bb104f7 100644
--- a/python/samba/tests/posixacl.py
+++ b/python/samba/tests/posixacl.py
@@ -336,7 +336,7 @@ class PosixAclMappingTests(TestCaseInTempDir):
(AU_gid,AU_type) = s4_passdb.sid_to_id(AU_sid)
self.assertEquals(AU_type, idmap.ID_TYPE_BOTH)
- self.assertEquals(posix_acl.count, 9)
+ self.assertEquals(posix_acl.count, 13)
self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
self.assertEquals(posix_acl.acl[0].a_perm, 7)
@@ -352,23 +352,39 @@ class PosixAclMappingTests(TestCaseInTempDir):
self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
self.assertEquals(posix_acl.acl[3].a_perm, 6)
- self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
+ self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_USER)
self.assertEquals(posix_acl.acl[4].a_perm, 7)
+ self.assertEquals(posix_acl.acl[4].info.uid, BA_gid)
- self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP)
- self.assertEquals(posix_acl.acl[5].a_perm, 5)
- self.assertEquals(posix_acl.acl[5].info.gid, SO_gid)
+ self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
+ self.assertEquals(posix_acl.acl[5].a_perm, 7)
- self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP)
- self.assertEquals(posix_acl.acl[6].a_perm, 7)
- self.assertEquals(posix_acl.acl[6].info.gid, SY_gid)
+ self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_USER)
+ self.assertEquals(posix_acl.acl[6].a_perm, 5)
+ self.assertEquals(posix_acl.acl[6].info.uid, SO_gid)
self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP)
self.assertEquals(posix_acl.acl[7].a_perm, 5)
- self.assertEquals(posix_acl.acl[7].info.gid, AU_gid)
+ self.assertEquals(posix_acl.acl[7].info.gid, SO_gid)
- self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_MASK)
+ self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_USER)
self.assertEquals(posix_acl.acl[8].a_perm, 7)
+ self.assertEquals(posix_acl.acl[8].info.uid, SY_gid)
+
+ self.assertEquals(posix_acl.acl[9].a_type, smb_acl.SMB_ACL_GROUP)
+ self.assertEquals(posix_acl.acl[9].a_perm, 7)
+ self.assertEquals(posix_acl.acl[9].info.gid, SY_gid)
+
+ self.assertEquals(posix_acl.acl[10].a_type, smb_acl.SMB_ACL_USER)
+ self.assertEquals(posix_acl.acl[10].a_perm, 5)
+ self.assertEquals(posix_acl.acl[10].info.uid, AU_gid)
+
+ self.assertEquals(posix_acl.acl[11].a_type, smb_acl.SMB_ACL_GROUP)
+ self.assertEquals(posix_acl.acl[11].a_perm, 5)
+ self.assertEquals(posix_acl.acl[11].info.gid, AU_gid)
+
+ self.assertEquals(posix_acl.acl[12].a_type, smb_acl.SMB_ACL_MASK)
+ self.assertEquals(posix_acl.acl[12].a_perm, 7)
# check that it matches:
@@ -454,7 +470,7 @@ class PosixAclMappingTests(TestCaseInTempDir):
(AU_gid,AU_type) = s4_passdb.sid_to_id(AU_sid)
self.assertEquals(AU_type, idmap.ID_TYPE_BOTH)
- self.assertEquals(posix_acl.count, 9)
+ self.assertEquals(posix_acl.count, 13)
self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
self.assertEquals(posix_acl.acl[0].a_perm, 7)
@@ -470,23 +486,39 @@ class PosixAclMappingTests(TestCaseInTempDir):
self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
self.assertEquals(posix_acl.acl[3].a_perm, 7)
- self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
+ self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_USER)
self.assertEquals(posix_acl.acl[4].a_perm, 7)
+ self.assertEquals(posix_acl.acl[4].info.uid, BA_gid)
- self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP)
- self.assertEquals(posix_acl.acl[5].a_perm, 5)
- self.assertEquals(posix_acl.acl[5].info.gid, SO_gid)
+ self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
+ self.assertEquals(posix_acl.acl[5].a_perm, 7)
- self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP)
- self.assertEquals(posix_acl.acl[6].a_perm, 7)
- self.assertEquals(posix_acl.acl[6].info.gid, SY_gid)
+ self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_USER)
+ self.assertEquals(posix_acl.acl[6].a_perm, 5)
+ self.assertEquals(posix_acl.acl[6].info.uid, SO_gid)
--
Samba Shared Repository
More information about the samba-cvs
mailing list