[SCM] Samba Shared Repository - branch master updated
Christof Schmitt
cs at samba.org
Fri Sep 27 17:26:02 UTC 2019
The branch, master has been updated
via 63c9147f863 winbind: provide passwd struct for group sid with ID_TYPE_BOTH mapping (again)
via 485874d6bb3 selftest: Test ID_TYPE_BOTH with idmap_rid module
from 18e2d6b0098 s3/libsmb: clang: Fix 'warning: Value stored to 'p' is never read'
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 63c9147f8631d73b52bdd36ff407e0361dcf5178
Author: Michael Adam <obnox at samba.org>
Date: Fri Jan 11 10:44:30 2019 +0100
winbind: provide passwd struct for group sid with ID_TYPE_BOTH mapping (again)
https://git.samba.org/?p=samba.git;a=commitdiff;h=394622ef8c916cf361f8596dba4664dc8d6bfc9e
originally introduced the above feature.
This functionality was undone as part of "winbind: Restructure get_pwsid"
https://git.samba.org/?p=samba.git;a=commitdiff;h=bce19a6efe11980933531f0349c8f5212419366a
I think that this semantic change was accidential.
This patch undoes the semantic change and re-establishes the
functionality.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Fri Sep 27 17:25:29 UTC 2019 on sn-devel-184
commit 485874d6bb328c50c9a98785e85270f28ade7497
Author: Christof Schmitt <cs at samba.org>
Date: Wed Sep 25 17:19:27 2019 -0700
selftest: Test ID_TYPE_BOTH with idmap_rid module
ID_TYPE_BOTH means that each user and group has two mappings, a uid and
gid. In addition the calls to getpwent, getpwuid, getgrent and getgrgid
always return some information, so that uid and gid can be mapped to a
name. Establish a test to verify that the expected information is
returned.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
nsswitch/tests/test_idmap_rid.sh | 132 +++++++++++++++++++++++++++++++++++++++
source3/winbindd/wb_queryuser.c | 18 +++++-
2 files changed, 148 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/tests/test_idmap_rid.sh b/nsswitch/tests/test_idmap_rid.sh
index 8209a50a4fc..4e6477f666e 100755
--- a/nsswitch/tests/test_idmap_rid.sh
+++ b/nsswitch/tests/test_idmap_rid.sh
@@ -63,4 +63,136 @@ test "$out" = "$SID -> unmapped"
ret=$?
testit "Bogus SID returns unmapped" test $ret -eq 0 || failed=$(expr $failed + 1)
+#
+# Test 3: ID_TYPE_BOTH mappings for group
+#
+
+GROUP="$DOMAIN/Domain Users"
+GROUP_SID=$($wbinfo --name-to-sid="$GROUP" | sed -e 's/ .*//')
+
+uid=$($wbinfo --sid-to-uid=$GROUP_SID)
+ret=$?
+testit "ID_TYPE_BOTH group map to uid succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+testit "ID_TYPE_BOTH group map to uid has result" test -n $uid ||\
+ failed=$(expr $failed + 1)
+
+gid=$($wbinfo --sid-to-gid=$GROUP_SID)
+ret=$?
+testit "ID_TYPE_BOTH group map to gid succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+testit "ID_TYPE_BOTH group map to gid has result" test -n $gid ||\
+ failed=$(expr $failed + 1)
+
+testit "ID_TYPE_BOTH group uid equals gid" test $uid -eq $gid ||\
+ failed=$(expr $failed + 1)
+
+group_pw="$DOMAIN/domain users:*:$uid:$gid::/home/$DOMAIN/domain users:/bin/false"
+
+out=$(getent passwd "$GROUP")
+ret=$?
+testit "getpwnam for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+test "$out" = "$group_pw"
+ret=$?
+testit "getpwnam for ID_TYPE_BOTH group output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+out=$(getent passwd $uid)
+ret=$?
+testit "getpwuid for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+test "$out" = "$group_pw"
+ret=$?
+testit "getpwuid for ID_TYPE_BOTH group output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+group_gr="$DOMAIN/domain users:x:$gid:"
+
+out=$(getent group "$GROUP")
+ret=$?
+testit "getgrnam for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+test "$out" = "$group_gr"
+ret=$?
+testit "getgrnam for ID_TYPE_BOTH group output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+out=$(getent group "$gid")
+ret=$?
+testit "getgrgid for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+test "$out" = "$group_gr"
+ret=$?
+testit "getgrgid for ID_TYPE_BOTH group output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+#
+# Test 4: ID_TYPE_BOTH mappings for user
+#
+
+dom_users_gid=$gid
+
+USER="$DOMAIN/Administrator"
+USER_SID=$($wbinfo --name-to-sid="$USER" | sed -e 's/ .*//')
+
+uid=$($wbinfo --sid-to-uid=$USER_SID)
+ret=$?
+testit "ID_TYPE_BOTH user map to uid succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+testit "ID_TYPE_BOTH user map to uid has result" test -n $uid ||\
+ failed=$(expr $failed + 1)
+
+gid=$($wbinfo --sid-to-gid=$USER_SID)
+ret=$?
+testit "ID_TYPE_BOTH user map to gid succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+testit "ID_TYPE_BOTH user map to gid has result" test -n $gid ||\
+ failed=$(expr $failed + 1)
+
+testit "ID_TYPE_BOTH user uid equals gid" test $uid -eq $gid ||\
+ failed=$(expr $failed + 1)
+
+user_pw="$DOMAIN/administrator:*:$uid:$dom_users_gid::/home/$DOMAIN/administrator:/bin/false"
+
+out=$(getent passwd "$USER")
+ret=$?
+testit "getpwnam for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+test "$out" = "$user_pw"
+ret=$?
+testit "getpwnam for ID_TYPE_BOTH user output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+out=$(getent passwd $uid)
+ret=$?
+testit "getpwuid for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+test "$out" = "$user_pw"
+ret=$?
+testit "getpwuid for ID_TYPE_BOTH user output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+user_gr="$DOMAIN/administrator:x:$gid:$DOMAIN/administrator"
+
+out=$(getent group "$USER")
+ret=$?
+testit "getgrnam for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+test "$out" = "$user_gr"
+ret=$?
+testit "getgrnam for ID_TYPE_BOTH user output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
+out=$(getent group "$gid")
+ret=$?
+testit "getgrgid for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+test "$out" = "$user_gr"
+ret=$?
+testit "getgrgid for ID_TYPE_BOTH user output" test $ret -eq 0 ||\
+ failed=$(expr $failed + 1)
+
exit $failed
diff --git a/source3/winbindd/wb_queryuser.c b/source3/winbindd/wb_queryuser.c
index 17170c3352a..2eb61406fc5 100644
--- a/source3/winbindd/wb_queryuser.c
+++ b/source3/winbindd/wb_queryuser.c
@@ -166,8 +166,22 @@ static void wb_queryuser_got_domain(struct tevent_req *subreq)
return;
}
- if (type != SID_NAME_USER) {
- /* allow SID_NAME_COMPUTER? */
+ switch (type) {
+ case SID_NAME_USER:
+ case SID_NAME_COMPUTER:
+ /*
+ * user case: we only need the account name from lookup_sids
+ */
+ break;
+ case SID_NAME_DOM_GRP:
+ case SID_NAME_ALIAS:
+ case SID_NAME_WKN_GRP:
+ /*
+ * also treat group-type SIDs (they might map to ID_TYPE_BOTH)
+ */
+ sid_copy(&info->group_sid, &info->user_sid);
+ break;
+ default:
tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
return;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list