[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Apr 24 02:26:03 UTC 2019
The branch, master has been updated
via 3020050bdf9 winbind: Fix overlapping id ranges
via 2577f43a133 selftest: Add trusted domain tests for idmap_ad
via ac0f8656eed selftest: Pass trusted domain information to idmap_ad test
via 65e1d783cb1 selftest: Add idmap configuration for trusted domain for idmap_ad
via 281fb81ab1c selftest: Make trusted domain information available for idmap_ad environment
via 8266bd1f45d selftest: Use fl2008r2dc for ad_member_idmap_ad
via d7b5ad5e615 selftest: Add gid-to-sid lookup to idmap_ad test
from 1646baa3478 .gitlab-ci.yml: use the ubuntu1804 image as default
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3020050bdf9df077ec9a0e962a689557187174ac
Author: Volker Lendecke <vl at samba.org>
Date: Fri Apr 12 16:56:45 2019 +0200
winbind: Fix overlapping id ranges
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr 24 02:25:56 UTC 2019 on sn-devel-184
commit 2577f43a133f8b8eb997b9529a38e21c77b5da22
Author: Christof Schmitt <cs at samba.org>
Date: Mon Apr 22 16:41:42 2019 -0700
selftest: Add trusted domain tests for idmap_ad
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ac0f8656eed39a4527a5336cf93aa1508666f79b
Author: Christof Schmitt <cs at samba.org>
Date: Mon Apr 22 16:38:11 2019 -0700
selftest: Pass trusted domain information to idmap_ad test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 65e1d783cb17904cd117d896569e7cbe79a3131b
Author: Christof Schmitt <cs at samba.org>
Date: Mon Apr 22 16:07:02 2019 -0700
selftest: Add idmap configuration for trusted domain for idmap_ad
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 281fb81ab1c72831c752be44fd1bfdcfd10bd798
Author: Christof Schmitt <cs at samba.org>
Date: Thu Apr 18 13:04:09 2019 -0700
selftest: Make trusted domain information available for idmap_ad environment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8266bd1f45d1b5b2a61d84006ab8e8e1ed0e52a9
Author: Christof Schmitt <cs at samba.org>
Date: Wed Apr 17 16:12:27 2019 -0700
selftest: Use fl2008r2dc for ad_member_idmap_ad
fl2008r2dc already has a trusted domain. That will be used to use
idmap_ad for querying idmap attributes from the trusted domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d7b5ad5e6159c224f70bea782bbdc46059e67978
Author: Christof Schmitt <cs at samba.org>
Date: Mon Apr 22 16:15:20 2019 -0700
selftest: Add gid-to-sid lookup to idmap_ad test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
nsswitch/tests/test_idmap_ad.sh | 137 +++++++++++++++++++++++++++++++++++++++-
selftest/target/Samba3.pm | 11 +++-
source3/selftest/tests.py | 2 +-
source3/winbindd/wb_xids2sids.c | 12 +++-
4 files changed, 156 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh
index 7450ae06059..d919dcd09e2 100755
--- a/nsswitch/tests/test_idmap_ad.sh
+++ b/nsswitch/tests/test_idmap_ad.sh
@@ -3,14 +3,17 @@
# Basic testing of id mapping with idmap_ad
#
-if [ $# -ne 3 ]; then
- echo Usage: $0 DOMAIN DC_SERVER DC_PASSWORD
+if [ $# -ne 6 ]; then
+ echo Usage: $0 DOMAIN DC_SERVER DC_PASSWORD TRUST_DOMAIN TRUST_SERVER TRUST_PASSWORD
exit 1
fi
DOMAIN="$1"
DC_SERVER="$2"
DC_PASSWORD="$3"
+TRUST_DOMAIN="$4"
+TRUST_SERVER="$5"
+TRUST_PASSWORD="$6"
wbinfo="$VALGRIND $BINDIR/wbinfo"
ldbmodify="$VALGRIND $BINDIR/ldbmodify"
@@ -26,12 +29,24 @@ if [ $? -ne 0 ] ; then
exit 1
fi
+TRUST_DOMAIN_SID=$($wbinfo -n "$TRUST_DOMAIN/" | cut -f 1 -d " ")
+if [ $? -ne 0 ] ; then
+ echo "Could not find trusted domain SID" | subunit_fail_test "test_idmap_ad"
+ exit 1
+fi
+
BASE_DN=$($ldbsearch -H ldap://$DC_SERVER -b "" -s base defaultNamingContext | awk '/^defaultNamingContext/ {print $2}')
if [ $? -ne 0 ] ; then
echo "Could not find base DB" | subunit_fail_test "test_idmap_ad"
exit 1
fi
+TRUST_BASE_DN=$($ldbsearch -H ldap://$TRUST_SERVER -b "" -s base defaultNamingContext | awk '/^defaultNamingContext/ {print $2}')
+if [ $? -ne 0 ] ; then
+ echo "Could not find trusted base DB" | subunit_fail_test "test_idmap_ad"
+ exit 1
+fi
+
#
# Add POSIX ids to AD
#
@@ -49,6 +64,40 @@ add: gidNumber
gidNumber: 2000001
EOF
+cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD"
+dn: CN=Domain Admins,CN=Users,$BASE_DN
+changetype: modify
+add: gidNumber
+gidNumber: 2000002
+EOF
+
+#
+# Add POSIX ids to trusted domain
+#
+cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
+ -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
+dn: CN=Administrator,CN=Users,$TRUST_BASE_DN
+changetype: modify
+add: uidNumber
+uidNumber: 2500000
+EOF
+
+cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
+ -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
+dn: CN=Domain Users,CN=Users,$TRUST_BASE_DN
+changetype: modify
+add: gidNumber
+gidNumber: 2500001
+EOF
+
+cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
+ -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
+dn: CN=Domain Admins,CN=Users,$TRUST_BASE_DN
+changetype: modify
+add: gidNumber
+gidNumber: 2500002
+EOF
+
#
# Test 1: Test uid of Administrator, should be 2000000
#
@@ -79,6 +128,56 @@ test "$out" = "$DOMAIN/administrator:*:2000000:2000001::/home/$DOMAIN/administra
ret=$?
testit "Test get userinfo for Administrator works" test $ret -eq 0 || failed=$(expr $failed + 1)
+#
+# Test 4: Test lookup from gid to sid
+#
+
+out="$($wbinfo -G 2000002)"
+echo "wbinfo returned: \"$out\", expecting \"$DOMAIN_SID-512\""
+test "$out" = "$DOMAIN_SID-512"
+ret=$?
+testit "Test gid lookup of Domain Admins" test $ret -eq 0 || failed=$(expr $failed + 1)
+
+#
+# Trusted domain test 1: Test uid of Administrator, should be 2500000
+#
+
+out="$($wbinfo -S $TRUST_DOMAIN_SID-500)"
+echo "wbinfo returned: \"$out\", expecting \"2500000\""
+test "$out" = "2500000"
+ret=$?
+testit "Test uid of Administrator in trusted domain is 2500000" test $ret -eq 0 || failed=$(expr $failed + 1)
+
+#
+# Trusted domain test 2: Test gid of Domain Users, should be 2500001
+#
+
+out="$($wbinfo -Y $TRUST_DOMAIN_SID-513)"
+echo "wbinfo returned: \"$out\", expecting \"2500001\""
+test "$out" = "2500001"
+ret=$?
+testit "Test uid of Domain Users in trusted domain is 2500001" test $ret -eq 0 || failed=$(expr $failed + 1)
+
+#
+# Trusted domain test 3: Test get userinfo for Administrator works
+#
+
+out="$($wbinfo -i $TRUST_DOMAIN/Administrator)"
+echo "wbinfo returned: \"$out\", expecting \"$TRUST_DOMAIN/administrator:*:2500000:2500001::/home/$TRUST_DOMAIN/administrator:/bin/false\""
+test "$out" = "$TRUST_DOMAIN/administrator:*:2500000:2500001::/home/$TRUST_DOMAIN/administrator:/bin/false"
+ret=$?
+testit "Test get userinfo for Administrator works" test $ret -eq 0 || failed=$(expr $failed + 1)
+
+#
+# Trusted domain test 4: Test lookup from gid to sid
+#
+
+out="$($wbinfo -G 2500002)"
+echo "wbinfo returned: \"$out\", expecting \"$TRUST_DOMAIN_SID-512\""
+test "$out" = "$TRUST_DOMAIN_SID-512"
+ret=$?
+testit "Test gid lookup of Domain Admins in trusted domain." test $ret -eq 0 || failed=$(expr $failed + 1)
+
#
# Remove POSIX ids from AD
#
@@ -96,4 +195,38 @@ delete: gidNumber
gidNumber: 2000001
EOF
+cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD"
+dn: CN=Domain Admins,CN=Users,$BASE_DN
+changetype: modify
+delete: gidNumber
+gidNumber: 2000002
+EOF
+
+#
+# Remove POSIX ids from trusted domain
+#
+cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
+ -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
+dn: CN=Administrator,CN=Users,$TRUST_BASE_DN
+changetype: modify
+delete: uidNumber
+uidNumber: 2500000
+EOF
+
+cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
+ -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
+dn: CN=Domain Users,CN=Users,$TRUST_BASE_DN
+changetype: modify
+delete: gidNumber
+gidNumber: 2500001
+EOF
+
+cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
+ -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
+dn: CN=Domain Admins,CN=Users,$TRUST_BASE_DN
+changetype: modify
+delete: gidNumber
+gidNumber: 2500002
+EOF
+
exit $failed
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index b8a734adbe8..a9c554fc50e 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -184,7 +184,7 @@ sub check_env($$)
ad_member => ["ad_dc"],
ad_member_rfc2307 => ["ad_dc_ntvfs"],
ad_member_idmap_rid => ["ad_dc"],
- ad_member_idmap_ad => ["ad_dc"],
+ ad_member_idmap_ad => ["fl2008r2dc"],
);
%Samba3::ENV_DEPS_POST = ();
@@ -703,6 +703,8 @@ sub setup_ad_member_idmap_ad
idmap config * : range = 1000000-1999999
idmap config $dcvars->{DOMAIN} : backend = ad
idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
+ idmap config $dcvars->{TRUST_DOMAIN} : backend = ad
+ idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999
";
my $ret = $self->provision($prefix, $dcvars->{DOMAIN},
@@ -769,6 +771,13 @@ sub setup_ad_member_idmap_ad
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
+ $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER};
+ $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME};
+ $ret->{TRUST_PASSWORD} = $dcvars->{TRUST_PASSWORD};
+ $ret->{TRUST_DOMAIN} = $dcvars->{TRUST_DOMAIN};
+ $ret->{TRUST_REALM} = $dcvars->{TRUST_REALM};
+ $ret->{TRUST_DOMSID} = $dcvars->{TRUST_DOMSID};
+
return $ret;
}
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 147e53da558..c856f28ddb1 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -564,7 +564,7 @@ for t in tests:
elif t == "idmap.rid":
plantestsuite(t, "ad_member_idmap_rid", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rid.sh"), '$DOMAIN', '2000000'])
elif t == "idmap.ad":
- plantestsuite(t, "ad_member_idmap_ad", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_ad.sh"), '$DOMAIN', '$DC_SERVER', '$DC_PASSWORD'])
+ plantestsuite(t, "ad_member_idmap_ad", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_ad.sh"), '$DOMAIN', '$DC_SERVER', '$DC_PASSWORD', '$TRUST_DOMAIN', '$TRUST_SERVER', '$TRUST_PASSWORD'])
elif t == "raw.acls":
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/nfs4acl_simple_40 -U$USERNAME%$PASSWORD', description='nfs4acl_xattr-simple-40')
diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
index 383fc67bc8d..929a3b8e425 100644
--- a/source3/winbindd/wb_xids2sids.c
+++ b/source3/winbindd/wb_xids2sids.c
@@ -302,7 +302,11 @@ static struct tevent_req *wb_xids2sids_dom_send(
continue;
}
if (state->cached[i]) {
- /* already mapped */
+ /* already found in cache */
+ continue;
+ }
+ if (!is_null_sid(&state->all_sids[i])) {
+ /* already mapped in a previously asked domain */
continue;
}
state->dom_xids[state->num_dom_xids++] = id;
@@ -369,7 +373,11 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq)
continue;
}
if (state->cached[i]) {
- /* already mapped */
+ /* already found in cache */
+ continue;
+ }
+ if (!is_null_sid(&state->all_sids[i])) {
+ /* already mapped in a previously asked domain */
continue;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list