[SCM] Samba Shared Repository - branch v4-10-test updated
Stefan Metzmacher
metze at samba.org
Tue Oct 15 13:29:02 UTC 2019
The branch, v4-10-test has been updated
via 1ad8c6f4b08 winbind: provide passwd struct for group sid with ID_TYPE_BOTH mapping (again)
via 8a2ca386dfb selftest: Test ID_TYPE_BOTH with idmap_rid module
via d689042dffe s3-winbindd: fix forest trusts with additional trust attributes.
from f19881f6198 fault.c: improve fault_report message text pointing to our wiki
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test
- Log -----------------------------------------------------------------
commit 1ad8c6f4b087af2ef2c6a2dcecd444d4aca62418
Author: Michael Adam <obnox at samba.org>
Date: Fri Jan 11 10:44:30 2019 +0100
winbind: provide passwd struct for group sid with ID_TYPE_BOTH mapping (again)
https://git.samba.org/?p=samba.git;a=commitdiff;h=394622ef8c916cf361f8596dba4664dc8d6bfc9e
originally introduced the above feature.
This functionality was undone as part of "winbind: Restructure get_pwsid"
https://git.samba.org/?p=samba.git;a=commitdiff;h=bce19a6efe11980933531f0349c8f5212419366a
I think that this semantic change was accidential.
This patch undoes the semantic change and re-establishes the
functionality.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Fri Sep 27 17:25:29 UTC 2019 on sn-devel-184
(cherry picked from commit 63c9147f8631d73b52bdd36ff407e0361dcf5178)
Autobuild-User(v4-10-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-10-test): Tue Oct 15 13:28:49 UTC 2019 on sn-devel-144
commit 8a2ca386dfbf0bd26520d110ddbaff1c33fdf659
Author: Christof Schmitt <cs at samba.org>
Date: Wed Sep 25 17:19:27 2019 -0700
selftest: Test ID_TYPE_BOTH with idmap_rid module
ID_TYPE_BOTH means that each user and group has two mappings, a uid and
gid. In addition the calls to getpwent, getpwuid, getgrent and getgrgid
always return some information, so that uid and gid can be mapped to a
name. Establish a test to verify that the expected information is
returned.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 485874d6bb328c50c9a98785e85270f28ade7497)
commit d689042dffeb39d3200e90441b3f18023cab4369
Author: Günther Deschner <gd at samba.org>
Date: Thu Sep 12 16:39:10 2019 +0200
s3-winbindd: fix forest trusts with additional trust attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14130
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit d78c87e665e23e6470a19a69383ede7137172c26)
-----------------------------------------------------------------------
Summary of changes:
nsswitch/tests/test_idmap_rid.sh | 132 +++++++++++++++++++++++++++++++++++++++
source3/winbindd/wb_queryuser.c | 18 +++++-
source3/winbindd/winbindd_ads.c | 2 +-
source3/winbindd/winbindd_util.c | 2 +-
4 files changed, 150 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/tests/test_idmap_rid.sh b/nsswitch/tests/test_idmap_rid.sh
index 8209a50a4fc..4e6477f666e 100755
--- a/nsswitch/tests/test_idmap_rid.sh
+++ b/nsswitch/tests/test_idmap_rid.sh
@@ -63,4 +63,136 @@ test "$out" = "$SID -> unmapped"
ret=$?
testit "Bogus SID returns unmapped" test $ret -eq 0 || failed=$(expr $failed + 1)
+#
+# Test 3: ID_TYPE_BOTH mappings for group
+#
+
+GROUP="$DOMAIN/Domain Users"
+GROUP_SID=$($wbinfo --name-to-sid="$GROUP" | sed -e 's/ .*//')
+
+uid=$($wbinfo --sid-to-uid=$GROUP_SID)
+ret=$?
+testit "ID_TYPE_BOTH group map to uid succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+testit "ID_TYPE_BOTH group map to uid has result" test -n $uid ||\
+ failed=$(expr $failed + 1)
+
+gid=$($wbinfo --sid-to-gid=$GROUP_SID)
+ret=$?
+testit "ID_TYPE_BOTH group map to gid succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+testit "ID_TYPE_BOTH group map to gid has result" test -n $gid ||\
+ failed=$(expr $failed + 1)
+
+testit "ID_TYPE_BOTH group uid equals gid" test $uid -eq $gid ||\
+ failed=$(expr $failed + 1)
+
+group_pw="$DOMAIN/domain users:*:$uid:$gid::/home/$DOMAIN/domain users:/bin/false"
+
+out=$(getent passwd "$GROUP")
+ret=$?
+testit "getpwnam for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+test "$out" = "$group_pw"
+ret=$?
+testit "getpwnam for ID_TYPE_BOTH group output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+out=$(getent passwd $uid)
+ret=$?
+testit "getpwuid for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+test "$out" = "$group_pw"
+ret=$?
+testit "getpwuid for ID_TYPE_BOTH group output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+group_gr="$DOMAIN/domain users:x:$gid:"
+
+out=$(getent group "$GROUP")
+ret=$?
+testit "getgrnam for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+test "$out" = "$group_gr"
+ret=$?
+testit "getgrnam for ID_TYPE_BOTH group output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+out=$(getent group "$gid")
+ret=$?
+testit "getgrgid for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+test "$out" = "$group_gr"
+ret=$?
+testit "getgrgid for ID_TYPE_BOTH group output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+#
+# Test 4: ID_TYPE_BOTH mappings for user
+#
+
+dom_users_gid=$gid
+
+USER="$DOMAIN/Administrator"
+USER_SID=$($wbinfo --name-to-sid="$USER" | sed -e 's/ .*//')
+
+uid=$($wbinfo --sid-to-uid=$USER_SID)
+ret=$?
+testit "ID_TYPE_BOTH user map to uid succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+testit "ID_TYPE_BOTH user map to uid has result" test -n $uid ||\
+ failed=$(expr $failed + 1)
+
+gid=$($wbinfo --sid-to-gid=$USER_SID)
+ret=$?
+testit "ID_TYPE_BOTH user map to gid succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+testit "ID_TYPE_BOTH user map to gid has result" test -n $gid ||\
+ failed=$(expr $failed + 1)
+
+testit "ID_TYPE_BOTH user uid equals gid" test $uid -eq $gid ||\
+ failed=$(expr $failed + 1)
+
+user_pw="$DOMAIN/administrator:*:$uid:$dom_users_gid::/home/$DOMAIN/administrator:/bin/false"
+
+out=$(getent passwd "$USER")
+ret=$?
+testit "getpwnam for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+test "$out" = "$user_pw"
+ret=$?
+testit "getpwnam for ID_TYPE_BOTH user output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+out=$(getent passwd $uid)
+ret=$?
+testit "getpwuid for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+test "$out" = "$user_pw"
+ret=$?
+testit "getpwuid for ID_TYPE_BOTH user output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+user_gr="$DOMAIN/administrator:x:$gid:$DOMAIN/administrator"
+
+out=$(getent group "$USER")
+ret=$?
+testit "getgrnam for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+test "$out" = "$user_gr"
+ret=$?
+testit "getgrnam for ID_TYPE_BOTH user output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+out=$(getent group "$gid")
+ret=$?
+testit "getgrgid for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+test "$out" = "$user_gr"
+ret=$?
+testit "getgrgid for ID_TYPE_BOTH user output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
exit $failed
diff --git a/source3/winbindd/wb_queryuser.c b/source3/winbindd/wb_queryuser.c
index 17170c3352a..2eb61406fc5 100644
--- a/source3/winbindd/wb_queryuser.c
+++ b/source3/winbindd/wb_queryuser.c
@@ -166,8 +166,22 @@ static void wb_queryuser_got_domain(struct tevent_req *subreq)
return;
}
- if (type != SID_NAME_USER) {
- /* allow SID_NAME_COMPUTER? */
+ switch (type) {
+ case SID_NAME_USER:
+ case SID_NAME_COMPUTER:
+ /*
+ * user case: we only need the account name from lookup_sids
+ */
+ break;
+ case SID_NAME_DOM_GRP:
+ case SID_NAME_ALIAS:
+ case SID_NAME_WKN_GRP:
+ /*
+ * also treat group-type SIDs (they might map to ID_TYPE_BOTH)
+ */
+ sid_copy(&info->group_sid, &info->user_sid);
+ break;
+ default:
tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
return;
}
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 204afdffb1f..922ca43764b 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1457,7 +1457,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
*/
if ((trust->trust_attributes
- == LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) &&
+ & LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) &&
!domain->primary )
{
DEBUG(10,("trusted_domains: Skipping external trusted "
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index d266eb3048e..3245c70bb8e 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -698,7 +698,7 @@ static void rescan_forest_trusts( void )
if ( (flags & NETR_TRUST_FLAG_INBOUND) &&
(type == LSA_TRUST_TYPE_UPLEVEL) &&
- (attribs == LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) )
+ (attribs & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) )
{
/* add the trusted domain if we don't know
about it */
--
Samba Shared Repository
More information about the samba-cvs
mailing list