[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Fri Apr 6 19:04:02 UTC 2018
The branch, master has been updated
via 1775ac8 winbindd: Do not ignore domain in the LOOKUPNAME request
via 552a00e Add test for wbinfo name lookup
via f4db4e8 nsswitch: Fix wbcListGroups test
via 3c146be nsswitch: Fix wbcListUsers test
via 6f07afa test_smbclient_s3.sh: Use correct separator in "list with backup privilege" test
from 4c8faa7 ldb: Fix trailing whitespace
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1775ac8aa4dc00b9a0845ade238254ebb8b32429
Author: Christof Schmitt <cs at samba.org>
Date: Wed Feb 28 12:05:34 2018 -0700
winbindd: Do not ignore domain in the LOOKUPNAME request
A LOOKUPNAME request with a domain and a name containing a winbind
separator character would return the result for the joined domain,
instead of the specified domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Apr 6 21:03:31 CEST 2018 on sn-devel-144
commit 552a00ec1f6795b9025298931a6cc50ebe552052
Author: Christof Schmitt <cs at samba.org>
Date: Wed Feb 28 13:10:43 2018 -0700
Add test for wbinfo name lookup
This demonstrates that wbinfo -n / --name-to-sid returns information
instead of failing the request. More specifically the query for
INVALIDDOMAIN//user returns the user SID for the joined domain, instead
of failing the request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f4db4e86c341a89357082e81e30c302440647530
Author: Christof Schmitt <cs at samba.org>
Date: Fri Mar 30 14:35:03 2018 -0700
nsswitch: Fix wbcListGroups test
With an AD DC, wbcListGroups returns the users in the DOMAIN SEPARATOR
GROUPNAME format. The test then calls wbcLookupName with the domain
name and the previous string (including domain and separator) as
username. Fix this by passing the correct username and adding some
additional checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3c146be404affc894c0c702bbfbfcc4fb9ed902b
Author: Christof Schmitt <cs at samba.org>
Date: Fri Mar 30 14:28:46 2018 -0700
nsswitch: Fix wbcListUsers test
With an AD DC, wbcListUsers returns the users in the DOMAIN SEPARATOR
USERNAME format. The test then calls wbcLookupName with the domain name
and the previous string (including domain and separator) as username.
Fix this by passing the correct username and adding some additional
checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6f07afad07d9c670a00d9d314a8134efdda5e424
Author: Christof Schmitt <cs at samba.org>
Date: Fri Mar 16 13:52:14 2018 -0700
test_smbclient_s3.sh: Use correct separator in "list with backup privilege" test
Samba selftest uses the forward slash as winbind separator and in the
USERNAME passed to the test. "net sam rights" expect the backslash. Map
the separator used in selftest to a backslash to avoid creating an
incorrect username DOMAIN\DOMAIN/USERNAME.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
nsswitch/libwbclient/tests/wbclient.c | 66 ++++++++++++++++++++++++++++++-
nsswitch/tests/test_wbinfo_name_lookup.sh | 40 +++++++++++++++++++
source3/script/tests/test_smbclient_s3.sh | 10 +++--
source3/selftest/tests.py | 4 ++
source3/winbindd/winbindd_lookupname.c | 33 ++++++++++------
5 files changed, 136 insertions(+), 17 deletions(-)
create mode 100755 nsswitch/tests/test_wbinfo_name_lookup.sh
Changeset truncated at 500 lines:
diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c
index e80afc4..d107942 100644
--- a/nsswitch/libwbclient/tests/wbclient.c
+++ b/nsswitch/libwbclient/tests/wbclient.c
@@ -296,6 +296,7 @@ static bool test_wbc_users(struct torture_context *tctx)
char *name = NULL;
char *sid_string = NULL;
wbcErr ret = false;
+ char separator;
torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
"%s", "wbcInterfaceDetails failed");
@@ -306,6 +307,7 @@ static bool test_wbc_users(struct torture_context *tctx)
ret,
fail,
"Failed to allocate domain_name");
+ separator = details->winbind_separator;
wbcFreeMemory(details);
details = NULL;
@@ -323,9 +325,38 @@ static bool test_wbc_users(struct torture_context *tctx)
struct wbcDomainSid sid;
enum wbcSidType name_type;
uint32_t num_sids;
+ const char *user;
+ char *c;
+
+ c = strchr(users[i], separator);
+
+ if (c == NULL) {
+ /*
+ * NT4 DC
+ * user name does not contain DOMAIN SEPARATOR prefix.
+ */
+
+ user = users[i];
+ } else {
+ /*
+ * AD DC
+ * user name starts with DOMAIN SEPARATOR prefix.
+ */
+ const char *dom;
+
+ *c = '\0';
+ dom = users[i];
+ user = c + 1;
+
+ torture_assert_str_equal_goto(tctx, dom, domain_name,
+ ret, fail, "Domain part "
+ "of user name does not "
+ "match domain name.\n");
+ }
torture_assert_wbc_ok_goto_fail(tctx,
- wbcLookupName(domain_name, users[i], &sid, &name_type),
+ wbcLookupName(domain_name, user,
+ &sid, &name_type),
"wbcLookupName of %s failed",
users[i]);
torture_assert_int_equal_goto(tctx,
@@ -399,6 +430,7 @@ static bool test_wbc_groups(struct torture_context *tctx)
char *domain = NULL;
char *name = NULL;
char *sid_string = NULL;
+ char separator;
torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
"%s", "wbcInterfaceDetails failed");
@@ -409,6 +441,7 @@ static bool test_wbc_groups(struct torture_context *tctx)
ret,
fail,
"Failed to allocate domain_name");
+ separator = details->winbind_separator;
wbcFreeMemory(details);
details = NULL;
@@ -425,10 +458,39 @@ static bool test_wbc_groups(struct torture_context *tctx)
for (i=0; i < MIN(num_groups,100); i++) {
struct wbcDomainSid sid;
enum wbcSidType name_type;
+ const char *group;
+ char *c;
+
+ c = strchr(groups[i], separator);
+
+ if (c == NULL) {
+ /*
+ * NT4 DC
+ * group name does not contain DOMAIN SEPARATOR prefix.
+ */
+
+ group = groups[i];
+ } else {
+ /*
+ * AD DC
+ * group name starts with DOMAIN SEPARATOR prefix.
+ */
+ const char *dom;
+
+
+ *c = '\0';
+ dom = groups[i];
+ group = c + 1;
+
+ torture_assert_str_equal_goto(tctx, dom, domain_name,
+ ret, fail, "Domain part "
+ "of group name does not "
+ "match domain name.\n");
+ }
torture_assert_wbc_ok_goto_fail(tctx,
wbcLookupName(domain_name,
- groups[i],
+ group,
&sid,
&name_type),
"wbcLookupName for %s failed",
diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh
new file mode 100755
index 0000000..696e25b
--- /dev/null
+++ b/nsswitch/tests/test_wbinfo_name_lookup.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+# Blackbox test for wbinfo name lookup
+if [ $# -lt 2 ]; then
+cat <<EOF
+Usage: test_wbinfo.sh DOMAIN DC_USERNAME
+EOF
+exit 1;
+fi
+
+DOMAIN=$1
+DC_USERNAME=$2
+shift 2
+
+failed=0
+sambabindir="$BINDIR"
+wbinfo="$VALGRIND $sambabindir/wbinfo"
+
+. `dirname $0`/../../testprogs/blackbox/subunit.sh
+
+# Correct query is expected to work
+testit "name-to-sid.single-separator" \
+ $wbinfo -n $DOMAIN/$DC_USERNAME || \
+ failed=$(expr $failed + 1)
+
+# Two separator characters should fail
+testit_expect_failure "name-to-sid.double-separator" \
+ $wbinfo -n $DOMAIN//$DC_USERNAME || \
+ failed=$(expr $failed + 1)
+
+# Invalid domain is expected to fail
+testit_expect_failure "name-to-sid.invalid-domain" \
+ $wbinfo -n INVALID/$DC_USERNAME || \
+ failed=$(expr $failed + 1)
+
+# Invalid domain with two separator characters is expected to fail
+testit_expect_failure "name-to-sid.double-separator-invalid-domain" \
+ $wbinfo -n INVALID//$DC_USERNAME || \
+ failed=$(expr $failed + 1)
+
+exit $failed
diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh
index 03f7b27..cc0d69d 100755
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -643,13 +643,17 @@ test_backup_privilege_list()
{
tmpfile=$PREFIX/smbclient_backup_privilege_list
+ # selftest uses the forward slash as a separator, but "net sam rights
+ # grant" requires the backslash separator
+ USER_TMP=$(printf '%s' "$USERNAME" | tr '/' '\\')
+
# If we don't have a DOMAIN component to the username, add it.
- echo "$USERNAME" | grep '\\' 2>&1
+ printf '%s' "$USER_TMP" | grep '\\' 2>&1
ret=$?
if [ $ret != 0 ] ; then
- priv_username="$DOMAIN\\$USERNAME"
+ priv_username="$DOMAIN\\$USER_TMP"
else
- priv_username=$USERNAME
+ priv_username="$USER_TMP"
fi
$NET sam rights grant $priv_username SeBackupPrivilege 2>&1
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index a9b7c20..a22d5e6 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -210,6 +210,10 @@ for env in ["nt4_member", "ad_member"]:
env = "ad_member"
t = "--krb5auth=$DOMAIN/$DC_USERNAME%$DC_PASSWORD"
plantestsuite("samba3.wbinfo_simple.(%s:local).%s" % (env, t), "%s:local" % env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t])
+plantestsuite("samba3.wbinfo_name_lookup", env,
+ [ os.path.join(srcdir(),
+ "nsswitch/tests/test_wbinfo_name_lookup.sh"),
+ '$DOMAIN', '$DC_USERNAME' ])
t = "WBCLIENT-MULTI-PING"
plantestsuite("samba3.smbtorture_s3.%s" % t, env, [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//foo/bar', '""', '""', smbtorture3, ""])
plantestsuite("samba3.substitutions", env, [os.path.join(samba3srcdir, "script/tests/test_substitutions.sh"), "$SERVER", "alice", "Secret007", "$PREFIX"])
diff --git a/source3/winbindd/winbindd_lookupname.c b/source3/winbindd/winbindd_lookupname.c
index 1be29fd..b022691 100644
--- a/source3/winbindd/winbindd_lookupname.c
+++ b/source3/winbindd/winbindd_lookupname.c
@@ -35,7 +35,8 @@ struct tevent_req *winbindd_lookupname_send(TALLOC_CTX *mem_ctx,
{
struct tevent_req *req, *subreq;
struct winbindd_lookupname_state *state;
- char *domname, *name, *p;
+ const char *domname = NULL, *name = NULL;
+ char *p = NULL;
req = tevent_req_create(mem_ctx, &state,
struct winbindd_lookupname_state);
@@ -49,17 +50,25 @@ struct tevent_req *winbindd_lookupname_send(TALLOC_CTX *mem_ctx,
sizeof(request->data.name.dom_name)-1]='\0';
request->data.name.name[sizeof(request->data.name.name)-1]='\0';
- /* cope with the name being a fully qualified name */
- p = strstr(request->data.name.name, lp_winbind_separator());
- if (p) {
- *p = 0;
- domname = request->data.name.name;
- name = p+1;
- } else if ((p = strchr(request->data.name.name, '@')) != NULL) {
- /* upn */
- domname = p + 1;
- *p = 0;
- name = request->data.name.name;
+ if (strlen(request->data.name.dom_name) == 0) {
+ /* cope with the name being a fully qualified name */
+ p = strstr(request->data.name.name, lp_winbind_separator());
+ if (p != NULL) {
+ *p = '\0';
+ domname = request->data.name.name;
+ name = p + 1;
+ } else {
+ p = strchr(request->data.name.name, '@');
+ if (p != NULL) {
+ /* upn */
+ domname = p + 1;
+ *p = '\0';
+ name = request->data.name.name;
+ } else {
+ domname = "";
+ name = request->data.name.name;
+ }
+ }
} else {
domname = request->data.name.dom_name;
name = request->data.name.name;
--
Samba Shared Repository
More information about the samba-cvs
mailing list