[SCM] Samba Shared Repository - branch v4-8-test updated
Karolin Seeger
kseeger at samba.org
Wed Apr 11 15:12:02 UTC 2018
The branch, v4-8-test has been updated
via bb5526d winbindd: Do not ignore domain in the LOOKUPNAME request
via 40ee786 Add test for wbinfo name lookup
via 8056016 nsswitch: Fix wbcListGroups test
via f901e8c nsswitch: Fix wbcListUsers test
via d2799ab test_smbclient_s3.sh: Use correct separator in "list with backup privilege" test
via 7abe54b s3: smbd: Unix extensions attempts to change wrong field in fchown call.
from bc11f28 s3: smbd: Fix memory leak in vfswrap_getwd()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test
- Log -----------------------------------------------------------------
commit bb5526d01fabd308d848a0b72332a2361438fcf5
Author: Christof Schmitt <cs at samba.org>
Date: Wed Feb 28 12:05:34 2018 -0700
winbindd: Do not ignore domain in the LOOKUPNAME request
A LOOKUPNAME request with a domain and a name containing a winbind
separator character would return the result for the joined domain,
instead of the specified domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Apr 6 21:03:31 CEST 2018 on sn-devel-144
(cherry picked from commit 1775ac8aa4dc00b9a0845ade238254ebb8b32429)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-8-test): Wed Apr 11 17:11:21 CEST 2018 on sn-devel-144
commit 40ee7863a558568c69ee990fb8405ab51febae34
Author: Christof Schmitt <cs at samba.org>
Date: Wed Feb 28 13:10:43 2018 -0700
Add test for wbinfo name lookup
This demonstrates that wbinfo -n / --name-to-sid returns information
instead of failing the request. More specifically the query for
INVALIDDOMAIN//user returns the user SID for the joined domain, instead
of failing the request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 552a00ec1f6795b9025298931a6cc50ebe552052)
commit 80560167956cde78652d804cdf26385f759ba39b
Author: Christof Schmitt <cs at samba.org>
Date: Fri Mar 30 14:35:03 2018 -0700
nsswitch: Fix wbcListGroups test
With an AD DC, wbcListGroups returns the users in the DOMAIN SEPARATOR
GROUPNAME format. The test then calls wbcLookupName with the domain
name and the previous string (including domain and separator) as
username. Fix this by passing the correct username and adding some
additional checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit f4db4e86c341a89357082e81e30c302440647530)
commit f901e8cc594526e50a18cf58edef48ca5b74bb29
Author: Christof Schmitt <cs at samba.org>
Date: Fri Mar 30 14:28:46 2018 -0700
nsswitch: Fix wbcListUsers test
With an AD DC, wbcListUsers returns the users in the DOMAIN SEPARATOR
USERNAME format. The test then calls wbcLookupName with the domain name
and the previous string (including domain and separator) as username.
Fix this by passing the correct username and adding some additional
checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 3c146be404affc894c0c702bbfbfcc4fb9ed902b)
commit d2799ab5e45ad184bcb26fa8d0770711fe1907e8
Author: Christof Schmitt <cs at samba.org>
Date: Fri Mar 16 13:52:14 2018 -0700
test_smbclient_s3.sh: Use correct separator in "list with backup privilege" test
Samba selftest uses the forward slash as winbind separator and in the
USERNAME passed to the test. "net sam rights" expect the backslash. Map
the separator used in selftest to a backslash to avoid creating an
incorrect username DOMAIN\DOMAIN/USERNAME.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 6f07afad07d9c670a00d9d314a8134efdda5e424)
commit 7abe54b57f65c4e89ca34178690c3b19c1e4626f
Author: Jeremy Allison <jra at samba.org>
Date: Mon Apr 9 09:32:23 2018 -0700
s3: smbd: Unix extensions attempts to change wrong field in fchown call.
Cut and paste error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13375
Reported-by: Rungta, Vandana <vrungta at amazon.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Tue Apr 10 00:45:56 CEST 2018 on sn-devel-144
(cherry picked from commit 3227b110d065500ed84fc70063da70ab35823a2e)
-----------------------------------------------------------------------
Summary of changes:
nsswitch/libwbclient/tests/wbclient.c | 66 ++++++++++++++++++++++++++++++-
nsswitch/tests/test_wbinfo_name_lookup.sh | 40 +++++++++++++++++++
source3/script/tests/test_smbclient_s3.sh | 10 +++--
source3/selftest/tests.py | 4 ++
source3/smbd/trans2.c | 4 +-
source3/winbindd/winbindd_lookupname.c | 33 ++++++++++------
6 files changed, 138 insertions(+), 19 deletions(-)
create mode 100755 nsswitch/tests/test_wbinfo_name_lookup.sh
Changeset truncated at 500 lines:
diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c
index e80afc4..d107942 100644
--- a/nsswitch/libwbclient/tests/wbclient.c
+++ b/nsswitch/libwbclient/tests/wbclient.c
@@ -296,6 +296,7 @@ static bool test_wbc_users(struct torture_context *tctx)
char *name = NULL;
char *sid_string = NULL;
wbcErr ret = false;
+ char separator;
torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
"%s", "wbcInterfaceDetails failed");
@@ -306,6 +307,7 @@ static bool test_wbc_users(struct torture_context *tctx)
ret,
fail,
"Failed to allocate domain_name");
+ separator = details->winbind_separator;
wbcFreeMemory(details);
details = NULL;
@@ -323,9 +325,38 @@ static bool test_wbc_users(struct torture_context *tctx)
struct wbcDomainSid sid;
enum wbcSidType name_type;
uint32_t num_sids;
+ const char *user;
+ char *c;
+
+ c = strchr(users[i], separator);
+
+ if (c == NULL) {
+ /*
+ * NT4 DC
+ * user name does not contain DOMAIN SEPARATOR prefix.
+ */
+
+ user = users[i];
+ } else {
+ /*
+ * AD DC
+ * user name starts with DOMAIN SEPARATOR prefix.
+ */
+ const char *dom;
+
+ *c = '\0';
+ dom = users[i];
+ user = c + 1;
+
+ torture_assert_str_equal_goto(tctx, dom, domain_name,
+ ret, fail, "Domain part "
+ "of user name does not "
+ "match domain name.\n");
+ }
torture_assert_wbc_ok_goto_fail(tctx,
- wbcLookupName(domain_name, users[i], &sid, &name_type),
+ wbcLookupName(domain_name, user,
+ &sid, &name_type),
"wbcLookupName of %s failed",
users[i]);
torture_assert_int_equal_goto(tctx,
@@ -399,6 +430,7 @@ static bool test_wbc_groups(struct torture_context *tctx)
char *domain = NULL;
char *name = NULL;
char *sid_string = NULL;
+ char separator;
torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
"%s", "wbcInterfaceDetails failed");
@@ -409,6 +441,7 @@ static bool test_wbc_groups(struct torture_context *tctx)
ret,
fail,
"Failed to allocate domain_name");
+ separator = details->winbind_separator;
wbcFreeMemory(details);
details = NULL;
@@ -425,10 +458,39 @@ static bool test_wbc_groups(struct torture_context *tctx)
for (i=0; i < MIN(num_groups,100); i++) {
struct wbcDomainSid sid;
enum wbcSidType name_type;
+ const char *group;
+ char *c;
+
+ c = strchr(groups[i], separator);
+
+ if (c == NULL) {
+ /*
+ * NT4 DC
+ * group name does not contain DOMAIN SEPARATOR prefix.
+ */
+
+ group = groups[i];
+ } else {
+ /*
+ * AD DC
+ * group name starts with DOMAIN SEPARATOR prefix.
+ */
+ const char *dom;
+
+
+ *c = '\0';
+ dom = groups[i];
+ group = c + 1;
+
+ torture_assert_str_equal_goto(tctx, dom, domain_name,
+ ret, fail, "Domain part "
+ "of group name does not "
+ "match domain name.\n");
+ }
torture_assert_wbc_ok_goto_fail(tctx,
wbcLookupName(domain_name,
- groups[i],
+ group,
&sid,
&name_type),
"wbcLookupName for %s failed",
diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh
new file mode 100755
index 0000000..696e25b
--- /dev/null
+++ b/nsswitch/tests/test_wbinfo_name_lookup.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+# Blackbox test for wbinfo name lookup
+if [ $# -lt 2 ]; then
+cat <<EOF
+Usage: test_wbinfo.sh DOMAIN DC_USERNAME
+EOF
+exit 1;
+fi
+
+DOMAIN=$1
+DC_USERNAME=$2
+shift 2
+
+failed=0
+sambabindir="$BINDIR"
+wbinfo="$VALGRIND $sambabindir/wbinfo"
+
+. `dirname $0`/../../testprogs/blackbox/subunit.sh
+
+# Correct query is expected to work
+testit "name-to-sid.single-separator" \
+ $wbinfo -n $DOMAIN/$DC_USERNAME || \
+ failed=$(expr $failed + 1)
+
+# Two separator characters should fail
+testit_expect_failure "name-to-sid.double-separator" \
+ $wbinfo -n $DOMAIN//$DC_USERNAME || \
+ failed=$(expr $failed + 1)
+
+# Invalid domain is expected to fail
+testit_expect_failure "name-to-sid.invalid-domain" \
+ $wbinfo -n INVALID/$DC_USERNAME || \
+ failed=$(expr $failed + 1)
+
+# Invalid domain with two separator characters is expected to fail
+testit_expect_failure "name-to-sid.double-separator-invalid-domain" \
+ $wbinfo -n INVALID//$DC_USERNAME || \
+ failed=$(expr $failed + 1)
+
+exit $failed
diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh
index 8017d19..e48ad30 100755
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -643,13 +643,17 @@ test_backup_privilege_list()
{
tmpfile=$PREFIX/smbclient_backup_privilege_list
+ # selftest uses the forward slash as a separator, but "net sam rights
+ # grant" requires the backslash separator
+ USER_TMP=$(printf '%s' "$USERNAME" | tr '/' '\\')
+
# If we don't have a DOMAIN component to the username, add it.
- echo "$USERNAME" | grep '\\' 2>&1
+ printf '%s' "$USER_TMP" | grep '\\' 2>&1
ret=$?
if [ $ret != 0 ] ; then
- priv_username="$DOMAIN\\$USERNAME"
+ priv_username="$DOMAIN\\$USER_TMP"
else
- priv_username=$USERNAME
+ priv_username="$USER_TMP"
fi
$NET sam rights grant $priv_username SeBackupPrivilege 2>&1
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index e1b0e35..092605d 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -207,6 +207,10 @@ for env in ["nt4_member", "ad_member"]:
env = "ad_member"
t = "--krb5auth=$DOMAIN/$DC_USERNAME%$DC_PASSWORD"
plantestsuite("samba3.wbinfo_simple.(%s:local).%s" % (env, t), "%s:local" % env, [os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_simple.sh"), t])
+plantestsuite("samba3.wbinfo_name_lookup", env,
+ [ os.path.join(srcdir(),
+ "nsswitch/tests/test_wbinfo_name_lookup.sh"),
+ '$DOMAIN', '$DC_USERNAME' ])
t = "WBCLIENT-MULTI-PING"
plantestsuite("samba3.smbtorture_s3.%s" % t, env, [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//foo/bar', '""', '""', smbtorture3, ""])
plantestsuite("samba3.substitutions", env, [os.path.join(samba3srcdir, "script/tests/test_substitutions.sh"), "$SERVER", "alice", "Secret007", "$PREFIX"])
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 512918e..0b62fd4 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -7777,10 +7777,10 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct *conn,
DEBUG(10,("smb_set_file_unix_basic: SMB_SET_FILE_UNIX_BASIC "
"changing group %u for file %s\n",
- (unsigned int)set_owner,
+ (unsigned int)set_grp,
smb_fname_str_dbg(smb_fname)));
if (fsp && fsp->fh->fd != -1) {
- ret = SMB_VFS_FCHOWN(fsp, set_owner, (gid_t)-1);
+ ret = SMB_VFS_FCHOWN(fsp, (uid_t)-1, set_grp);
} else {
/*
* UNIX extensions calls must always operate
diff --git a/source3/winbindd/winbindd_lookupname.c b/source3/winbindd/winbindd_lookupname.c
index 1be29fd..b022691 100644
--- a/source3/winbindd/winbindd_lookupname.c
+++ b/source3/winbindd/winbindd_lookupname.c
@@ -35,7 +35,8 @@ struct tevent_req *winbindd_lookupname_send(TALLOC_CTX *mem_ctx,
{
struct tevent_req *req, *subreq;
struct winbindd_lookupname_state *state;
- char *domname, *name, *p;
+ const char *domname = NULL, *name = NULL;
+ char *p = NULL;
req = tevent_req_create(mem_ctx, &state,
struct winbindd_lookupname_state);
@@ -49,17 +50,25 @@ struct tevent_req *winbindd_lookupname_send(TALLOC_CTX *mem_ctx,
sizeof(request->data.name.dom_name)-1]='\0';
request->data.name.name[sizeof(request->data.name.name)-1]='\0';
- /* cope with the name being a fully qualified name */
- p = strstr(request->data.name.name, lp_winbind_separator());
- if (p) {
- *p = 0;
- domname = request->data.name.name;
- name = p+1;
- } else if ((p = strchr(request->data.name.name, '@')) != NULL) {
- /* upn */
- domname = p + 1;
- *p = 0;
- name = request->data.name.name;
+ if (strlen(request->data.name.dom_name) == 0) {
+ /* cope with the name being a fully qualified name */
+ p = strstr(request->data.name.name, lp_winbind_separator());
+ if (p != NULL) {
+ *p = '\0';
+ domname = request->data.name.name;
+ name = p + 1;
+ } else {
+ p = strchr(request->data.name.name, '@');
+ if (p != NULL) {
+ /* upn */
+ domname = p + 1;
+ *p = '\0';
+ name = request->data.name.name;
+ } else {
+ domname = "";
+ name = request->data.name.name;
+ }
+ }
} else {
domname = request->data.name.dom_name;
name = request->data.name.name;
--
Samba Shared Repository
More information about the samba-cvs
mailing list