[SCM] Samba Shared Repository - branch master updated

Michael Adam obnox at samba.org
Thu Mar 12 10:13:03 MDT 2015 

The branch, master has been updated
       via  6e2f4c7 selftest: also test python.samba.tests.posixacl against plugin_s4_dc_no_nss
       via  a23fccf selftest: add a new environment plugin_s4_dc_no_nss
       via  5ce6851 selftest: extend setup_plugin_s4_dc to allow for not using nss_winbindd
       via  79b927a selftest: modify python.samba.test.posixacl to cope with nss_winbind active
      from  ddcf361 brlock: Use 0 instead of empty initializer list

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6e2f4c76fe4c60e91d18052e6c6e378b0833b83f
Author: Michael Adam <obnox at samba.org>
Date:   Thu Mar 5 14:43:54 2015 +0100

    selftest: also test python.samba.tests.posixacl against plugin_s4_dc_no_nss
    
    Pair-Programmed-With: Guenther Deschner <gd at samba.org>
    
    Signed-off-by: Michael Adam <obnox at samba.org>
    Signed-off-by: Guenther Deschner <gd at samba.org>
    
    Autobuild-User(master): Michael Adam <obnox at samba.org>
    Autobuild-Date(master): Thu Mar 12 17:12:11 CET 2015 on sn-devel-104

commit a23fccf076aabe3f3bf564abc9af7a6cdd202fe9
Author: Michael Adam <obnox at samba.org>
Date:   Thu Mar 5 13:22:35 2015 +0100

    selftest: add a new environment plugin_s4_dc_no_nss
    
    Pair-Programmed-With: Guenther Deschner <gd at samba.org>
    
    Signed-off-by: Michael Adam <obnox at samba.org>
    Signed-off-by: Guenther Deschner <gd at samba.org>

commit 5ce68514258ca6dc843c313b3bd301c62df8e5c0
Author: Michael Adam <obnox at samba.org>
Date:   Thu Mar 5 13:22:07 2015 +0100

    selftest: extend setup_plugin_s4_dc to allow for not using nss_winbindd
    
    Pair-Programmed-With: Guenther Deschner <gd at samba.org>
    
    Signed-off-by: Michael Adam <obnox at samba.org>
    Signed-off-by: Guenther Deschner <gd at samba.org>

commit 79b927ac9e22a73729bed2397fbc679a6fafdfef
Author: Michael Adam <obnox at samba.org>
Date:   Tue Feb 17 16:06:49 2015 +0100

    selftest: modify python.samba.test.posixacl to cope with nss_winbind active
    
    It was observed that adding libnss_winbind (via nss_wrapper) lets
    the posix acl mapping come out slightly differently with respect
    to the owner/domain admin who is not explicitly nailed down in
    the original NT acl.
    
    This patch extends the test to react to the presence of
    nss_winbind in environment and adapts the expected results.
    This in particular fixes the run of the test against the
    (changed) plugin_s4_dc environment while keeping the possibility
    to successfully run it against an env without nss_winbind.
    
    Pair-Programmed-With: Guenther Deschner <gd at samba.org>
    
    Signed-off-by: Michael Adam <obnox at samba.org>
    Signed-off-by: Guenther Deschner <gd at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 python/samba/tests/posixacl.py | 32 ++++++++++++++++++++++++++++----
 selftest/knownfail             |  8 --------
 selftest/target/Samba4.pm      |  9 ++++++++-
 source4/selftest/tests.py      |  1 +
 4 files changed, 37 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py
index a6b5118..d8c0fcd 100644
--- a/python/samba/tests/posixacl.py
+++ b/python/samba/tests/posixacl.py
@@ -316,6 +316,12 @@ class PosixAclMappingTests(TestCaseInTempDir):
         self.assertEquals(facl.as_sddl(domsid),acl)
         posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
 
+        nwrap_module_so_path = os.getenv('NSS_WRAPPER_MODULE_SO_PATH')
+        nwrap_module_fn_prefix = os.getenv('NSS_WRAPPER_MODULE_FN_PREFIX')
+
+        nwrap_winbind_active = (nwrap_module_so_path != "" and
+                nwrap_module_fn_prefix == "winbind")
+
         LA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_ADMINISTRATOR))
         BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
         SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
@@ -345,14 +351,20 @@ class PosixAclMappingTests(TestCaseInTempDir):
         self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
 
         self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
-        self.assertEquals(posix_acl.acl[1].a_perm, 6)
+        if nwrap_winbind_active:
+            self.assertEquals(posix_acl.acl[1].a_perm, 7)
+        else:
+            self.assertEquals(posix_acl.acl[1].a_perm, 6)
         self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
 
         self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
         self.assertEquals(posix_acl.acl[2].a_perm, 0)
 
         self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
-        self.assertEquals(posix_acl.acl[3].a_perm, 6)
+        if nwrap_winbind_active:
+            self.assertEquals(posix_acl.acl[3].a_perm, 7)
+        else:
+            self.assertEquals(posix_acl.acl[3].a_perm, 6)
 
         self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_USER)
         self.assertEquals(posix_acl.acl[4].a_perm, 7)
@@ -650,6 +662,12 @@ class PosixAclMappingTests(TestCaseInTempDir):
         self.assertEquals(facl.as_sddl(domsid),acl)
         posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
 
+        nwrap_module_so_path = os.getenv('NSS_WRAPPER_MODULE_SO_PATH')
+        nwrap_module_fn_prefix = os.getenv('NSS_WRAPPER_MODULE_FN_PREFIX')
+
+        nwrap_winbind_active = (nwrap_module_so_path != "" and
+                nwrap_module_fn_prefix == "winbind")
+
         LA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_ADMINISTRATOR))
         BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
         SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
@@ -682,14 +700,20 @@ class PosixAclMappingTests(TestCaseInTempDir):
         self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
 
         self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
-        self.assertEquals(posix_acl.acl[1].a_perm, 6)
+        if nwrap_winbind_active:
+            self.assertEquals(posix_acl.acl[1].a_perm, 7)
+        else:
+            self.assertEquals(posix_acl.acl[1].a_perm, 6)
         self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
 
         self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
         self.assertEquals(posix_acl.acl[2].a_perm, 0)
 
         self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
-        self.assertEquals(posix_acl.acl[3].a_perm, 6)
+        if nwrap_winbind_active:
+            self.assertEquals(posix_acl.acl[3].a_perm, 7)
+        else:
+            self.assertEquals(posix_acl.acl[3].a_perm, 6)
 
         self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_USER)
         self.assertEquals(posix_acl.acl[4].a_perm, 7)
diff --git a/selftest/knownfail b/selftest/knownfail
index b3cc2d6..64fc2cd 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -314,11 +314,3 @@
 # Differences in our KDC compared to windows
 #
 ^samba4.krb5.kdc .*.as-req-pac-request # We should reply to a request for a PAC over UDP with KRB5KRB_ERR_RESPONSE_TOO_BIG unconditionally
-#
-# Test does not work, apparently because the calling user and
-# the domain admin use the same uid. This was uncovered by
-# enabling libnss_winbindd in the nsswrapper environment.
-# TODO: fix the test.
-#
-^samba.tests.posixacl.samba.tests.posixacl.PosixAclMappingTests.test_setntacl_sysvol_check_getposixacl\(plugin_s4_dc:local\)$
-^samba.tests.posixacl.samba.tests.posixacl.PosixAclMappingTests.test_setntacl_policies_check_getposixacl\(plugin_s4_dc:local\)$
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index da2009d..b2417b8 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1962,6 +1962,8 @@ sub setup_env($$$)
 		return $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29);
 	} elsif ($envname eq "plugin_s4_dc") {
 		return $self->setup_plugin_s4_dc("$path/plugin_s4_dc");
+	} elsif ($envname eq "plugin_s4_dc_no_nss") {
+		return $self->setup_plugin_s4_dc("$path/plugin_s4_dc_no_nss", "no_nss");
 	} elsif ($envname eq "s3member_rfc2307") {
 		if (not defined($self->{vars}->{dc})) {
 			$self->setup_dc("$path/dc");
@@ -2274,7 +2276,7 @@ sub setup_rodc($$$)
 
 sub setup_plugin_s4_dc($$)
 {
-	my ($self, $path) = @_;
+	my ($self, $path, $no_nss) = @_;
 
 	# If we didn't build with ADS, pretend this env was never available
 	if (not $self->{target3}->have_ads()) {
@@ -2286,6 +2288,11 @@ sub setup_plugin_s4_dc($$)
 		return undef;
 	}
 
+	if (defined($no_nss) and $no_nss) {
+		$env->{NSS_WRAPPER_MODULE_SO_PATH} = undef;
+		$env->{NSS_WRAPPER_MODULE_FN_PREFIX} = undef;
+	}
+
 	$self->check_or_start($env, "single");
 	
 	$self->wait_for_start($env);
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index a104e43..925ad73 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -493,6 +493,7 @@ for env in ["dc", "fl2000dc", "fl2003dc", "fl2008r2dc"]:
 
 planpythontestsuite("dc:local", "samba.tests.upgradeprovisionneeddc")
 planpythontestsuite("plugin_s4_dc:local", "samba.tests.posixacl")
+planpythontestsuite("plugin_s4_dc_no_nss:local", "samba.tests.posixacl")
 plantestsuite_loadlist("samba4.deletetest.python(dc)", "dc", [python, os.path.join(samba4srcdir, "dsdb/tests/python/deletetest.py"),
                                                      '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
 plantestsuite("samba4.blackbox.samba3dump", "none", [os.path.join(samba4srcdir, "selftest/test_samba3dump.sh")])


-- 
Samba Shared Repository

More information about the samba-cvs mailing list