[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Thu Mar 12 10:13:03 MDT 2015
The branch, master has been updated
via 6e2f4c7 selftest: also test python.samba.tests.posixacl against plugin_s4_dc_no_nss
via a23fccf selftest: add a new environment plugin_s4_dc_no_nss
via 5ce6851 selftest: extend setup_plugin_s4_dc to allow for not using nss_winbindd
via 79b927a selftest: modify python.samba.test.posixacl to cope with nss_winbind active
from ddcf361 brlock: Use 0 instead of empty initializer list
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6e2f4c76fe4c60e91d18052e6c6e378b0833b83f
Author: Michael Adam <obnox at samba.org>
Date: Thu Mar 5 14:43:54 2015 +0100
selftest: also test python.samba.tests.posixacl against plugin_s4_dc_no_nss
Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Thu Mar 12 17:12:11 CET 2015 on sn-devel-104
commit a23fccf076aabe3f3bf564abc9af7a6cdd202fe9
Author: Michael Adam <obnox at samba.org>
Date: Thu Mar 5 13:22:35 2015 +0100
selftest: add a new environment plugin_s4_dc_no_nss
Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
commit 5ce68514258ca6dc843c313b3bd301c62df8e5c0
Author: Michael Adam <obnox at samba.org>
Date: Thu Mar 5 13:22:07 2015 +0100
selftest: extend setup_plugin_s4_dc to allow for not using nss_winbindd
Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
commit 79b927ac9e22a73729bed2397fbc679a6fafdfef
Author: Michael Adam <obnox at samba.org>
Date: Tue Feb 17 16:06:49 2015 +0100
selftest: modify python.samba.test.posixacl to cope with nss_winbind active
It was observed that adding libnss_winbind (via nss_wrapper) lets
the posix acl mapping come out slightly differently with respect
to the owner/domain admin who is not explicitly nailed down in
the original NT acl.
This patch extends the test to react to the presence of
nss_winbind in environment and adapts the expected results.
This in particular fixes the run of the test against the
(changed) plugin_s4_dc environment while keeping the possibility
to successfully run it against an env without nss_winbind.
Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/tests/posixacl.py | 32 ++++++++++++++++++++++++++++----
selftest/knownfail | 8 --------
selftest/target/Samba4.pm | 9 ++++++++-
source4/selftest/tests.py | 1 +
4 files changed, 37 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py
index a6b5118..d8c0fcd 100644
--- a/python/samba/tests/posixacl.py
+++ b/python/samba/tests/posixacl.py
@@ -316,6 +316,12 @@ class PosixAclMappingTests(TestCaseInTempDir):
self.assertEquals(facl.as_sddl(domsid),acl)
posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
+ nwrap_module_so_path = os.getenv('NSS_WRAPPER_MODULE_SO_PATH')
+ nwrap_module_fn_prefix = os.getenv('NSS_WRAPPER_MODULE_FN_PREFIX')
+
+ nwrap_winbind_active = (nwrap_module_so_path != "" and
+ nwrap_module_fn_prefix == "winbind")
+
LA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_ADMINISTRATOR))
BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
@@ -345,14 +351,20 @@ class PosixAclMappingTests(TestCaseInTempDir):
self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
- self.assertEquals(posix_acl.acl[1].a_perm, 6)
+ if nwrap_winbind_active:
+ self.assertEquals(posix_acl.acl[1].a_perm, 7)
+ else:
+ self.assertEquals(posix_acl.acl[1].a_perm, 6)
self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
self.assertEquals(posix_acl.acl[2].a_perm, 0)
self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
- self.assertEquals(posix_acl.acl[3].a_perm, 6)
+ if nwrap_winbind_active:
+ self.assertEquals(posix_acl.acl[3].a_perm, 7)
+ else:
+ self.assertEquals(posix_acl.acl[3].a_perm, 6)
self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_USER)
self.assertEquals(posix_acl.acl[4].a_perm, 7)
@@ -650,6 +662,12 @@ class PosixAclMappingTests(TestCaseInTempDir):
self.assertEquals(facl.as_sddl(domsid),acl)
posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
+ nwrap_module_so_path = os.getenv('NSS_WRAPPER_MODULE_SO_PATH')
+ nwrap_module_fn_prefix = os.getenv('NSS_WRAPPER_MODULE_FN_PREFIX')
+
+ nwrap_winbind_active = (nwrap_module_so_path != "" and
+ nwrap_module_fn_prefix == "winbind")
+
LA_sid = security.dom_sid(str(domsid)+"-"+str(security.DOMAIN_RID_ADMINISTRATOR))
BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS)
SO_sid = security.dom_sid(security.SID_BUILTIN_SERVER_OPERATORS)
@@ -682,14 +700,20 @@ class PosixAclMappingTests(TestCaseInTempDir):
self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
- self.assertEquals(posix_acl.acl[1].a_perm, 6)
+ if nwrap_winbind_active:
+ self.assertEquals(posix_acl.acl[1].a_perm, 7)
+ else:
+ self.assertEquals(posix_acl.acl[1].a_perm, 6)
self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
self.assertEquals(posix_acl.acl[2].a_perm, 0)
self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
- self.assertEquals(posix_acl.acl[3].a_perm, 6)
+ if nwrap_winbind_active:
+ self.assertEquals(posix_acl.acl[3].a_perm, 7)
+ else:
+ self.assertEquals(posix_acl.acl[3].a_perm, 6)
self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_USER)
self.assertEquals(posix_acl.acl[4].a_perm, 7)
diff --git a/selftest/knownfail b/selftest/knownfail
index b3cc2d6..64fc2cd 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -314,11 +314,3 @@
# Differences in our KDC compared to windows
#
^samba4.krb5.kdc .*.as-req-pac-request # We should reply to a request for a PAC over UDP with KRB5KRB_ERR_RESPONSE_TOO_BIG unconditionally
-#
-# Test does not work, apparently because the calling user and
-# the domain admin use the same uid. This was uncovered by
-# enabling libnss_winbindd in the nsswrapper environment.
-# TODO: fix the test.
-#
-^samba.tests.posixacl.samba.tests.posixacl.PosixAclMappingTests.test_setntacl_sysvol_check_getposixacl\(plugin_s4_dc:local\)$
-^samba.tests.posixacl.samba.tests.posixacl.PosixAclMappingTests.test_setntacl_policies_check_getposixacl\(plugin_s4_dc:local\)$
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index da2009d..b2417b8 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1962,6 +1962,8 @@ sub setup_env($$$)
return $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29);
} elsif ($envname eq "plugin_s4_dc") {
return $self->setup_plugin_s4_dc("$path/plugin_s4_dc");
+ } elsif ($envname eq "plugin_s4_dc_no_nss") {
+ return $self->setup_plugin_s4_dc("$path/plugin_s4_dc_no_nss", "no_nss");
} elsif ($envname eq "s3member_rfc2307") {
if (not defined($self->{vars}->{dc})) {
$self->setup_dc("$path/dc");
@@ -2274,7 +2276,7 @@ sub setup_rodc($$$)
sub setup_plugin_s4_dc($$)
{
- my ($self, $path) = @_;
+ my ($self, $path, $no_nss) = @_;
# If we didn't build with ADS, pretend this env was never available
if (not $self->{target3}->have_ads()) {
@@ -2286,6 +2288,11 @@ sub setup_plugin_s4_dc($$)
return undef;
}
+ if (defined($no_nss) and $no_nss) {
+ $env->{NSS_WRAPPER_MODULE_SO_PATH} = undef;
+ $env->{NSS_WRAPPER_MODULE_FN_PREFIX} = undef;
+ }
+
$self->check_or_start($env, "single");
$self->wait_for_start($env);
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index a104e43..925ad73 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -493,6 +493,7 @@ for env in ["dc", "fl2000dc", "fl2003dc", "fl2008r2dc"]:
planpythontestsuite("dc:local", "samba.tests.upgradeprovisionneeddc")
planpythontestsuite("plugin_s4_dc:local", "samba.tests.posixacl")
+planpythontestsuite("plugin_s4_dc_no_nss:local", "samba.tests.posixacl")
plantestsuite_loadlist("samba4.deletetest.python(dc)", "dc", [python, os.path.join(samba4srcdir, "dsdb/tests/python/deletetest.py"),
'$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT'])
plantestsuite("samba4.blackbox.samba3dump", "none", [os.path.join(samba4srcdir, "selftest/test_samba3dump.sh")])
--
Samba Shared Repository
More information about the samba-cvs
mailing list