[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Wed Feb 5 17:57:03 UTC 2020
The branch, master has been updated
via 4d0bda9467a winbindd: handling missing idmap in getgrgid()
via 590df382bea s3:auth_sam: map an empty domain or '.' to the local SAM name
via a9eeea6ef78 s3:selftest: test authentication with an empty userdomain and upn names
via a63e2a312c7 s3:auth_sam: introduce effective_domain helper variables
via 01b8374e794 s3:auth_sam: make sure we never handle empty usernames
via 72ef8d3a52c s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions
via 85b168c6dac s3:auth_sam: replace confusing FALL_THROUGH; with break;
via 446c9201736 bootstrap: Remove un-used dependency python3-crypto
from 6cbd7d1a32c s4:param: make sure secrets_db_connect() no longer creates on empty secrets.ldb
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4d0bda9467ac3f45f85f48a281cdb173ce1064eb
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jan 22 17:00:07 2020 +0000
winbindd: handling missing idmap in getgrgid()
A similar hunk was added via commit
89f753c1fc824fef29aebb7d783ab7e09cd1f04e ("winbind: Use xids2sids in getpwuid"),
but it was missing in commit
e2dda192e7f8b65a5f02120be56cf0f07d03679f ("winbind: Use xids2sids in getgrgid")
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14265
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Feb 5 17:56:58 UTC 2020 on sn-devel-184
commit 590df382bea44eec2dbfd2a28c659b0a29188bca
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 23 16:21:43 2020 +0100
s3:auth_sam: map an empty domain or '.' to the local SAM name
When a domain member gets an empty domain name or '.', it should
not forward the authentication to domain controllers of
the primary domain.
But we need to keep passing UPN account names with
an empty domain to the DCs as a domain member.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a9eeea6ef78cc44c8423c7125fa1376921060018
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 4 11:32:05 2020 +0100
s3:selftest: test authentication with an empty userdomain and upn names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a63e2a312c761093fedb09bd234b6736485a930a
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 23 16:21:43 2020 +0100
s3:auth_sam: introduce effective_domain helper variables
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 01b8374e7942141e7f6cbdec7623c981a008e4c1
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 23 16:17:30 2020 +0100
s3:auth_sam: make sure we never handle empty usernames
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 72ef8d3a52c1ab07c079a4c014ba8ac7bff528f7
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 23 16:13:59 2020 +0100
s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 85b168c6dac88f5065c0ec6e925937439f2c12ed
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 23 15:48:39 2020 +0100
s3:auth_sam: replace confusing FALL_THROUGH; with break;
There's no real logic change here, but is makes it easier to
understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 446c92017369007139af7532dae8503f9db40d48
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Dec 14 06:59:45 2019 +1300
bootstrap: Remove un-used dependency python3-crypto
This became unused in bbeef554f2c15e739f6095fcb57d9ef6646b411c
(except for repl_cleartext_pwd.py, a development script) and we now use
GnuTLS via a Samba wrapper.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14255
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci.yml | 2 +-
bootstrap/config.py | 1 -
bootstrap/generated-dists/centos6/bootstrap.sh | 1 -
bootstrap/generated-dists/centos6/packages.yml | 1 -
bootstrap/generated-dists/centos7/bootstrap.sh | 1 -
bootstrap/generated-dists/centos7/packages.yml | 1 -
bootstrap/generated-dists/debian10/bootstrap.sh | 1 -
bootstrap/generated-dists/debian10/packages.yml | 1 -
bootstrap/generated-dists/debian7/bootstrap.sh | 1 -
bootstrap/generated-dists/debian7/packages.yml | 1 -
bootstrap/generated-dists/debian8/bootstrap.sh | 1 -
bootstrap/generated-dists/debian8/packages.yml | 1 -
bootstrap/generated-dists/debian9/bootstrap.sh | 1 -
bootstrap/generated-dists/debian9/packages.yml | 1 -
bootstrap/generated-dists/fedora29/bootstrap.sh | 1 -
bootstrap/generated-dists/fedora29/packages.yml | 1 -
bootstrap/generated-dists/fedora30/bootstrap.sh | 1 -
bootstrap/generated-dists/fedora30/packages.yml | 1 -
bootstrap/generated-dists/fedora31/bootstrap.sh | 1 -
bootstrap/generated-dists/fedora31/packages.yml | 1 -
bootstrap/generated-dists/opensuse150/bootstrap.sh | 1 -
bootstrap/generated-dists/opensuse150/packages.yml | 1 -
bootstrap/generated-dists/opensuse151/bootstrap.sh | 1 -
bootstrap/generated-dists/opensuse151/packages.yml | 1 -
bootstrap/generated-dists/ubuntu1404/bootstrap.sh | 1 -
bootstrap/generated-dists/ubuntu1404/packages.yml | 1 -
bootstrap/generated-dists/ubuntu1604/bootstrap.sh | 1 -
bootstrap/generated-dists/ubuntu1604/packages.yml | 1 -
bootstrap/generated-dists/ubuntu1804/bootstrap.sh | 1 -
bootstrap/generated-dists/ubuntu1804/packages.yml | 1 -
bootstrap/sha1sum.txt | 2 +-
python/samba/tests/auth_log_winbind.py | 4 +-
selftest/knownfail.d/empty-domain-name | 7 ++
source3/auth/auth_sam.c | 83 +++++++++++++++++++---
source3/selftest/tests.py | 8 +++
source3/winbindd/winbindd_getgrgid.c | 4 ++
36 files changed, 97 insertions(+), 42 deletions(-)
create mode 100644 selftest/knownfail.d/empty-domain-name
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 78710f55796..df91d7dadb1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -22,7 +22,7 @@ variables:
# Set this to the contents of bootstrap/sha1sum.txt
# which is generated by bootstrap/template.py --render
#
- SAMBA_CI_CONTAINER_TAG: 36dd95324f5406f62312648e83fde78a8267b386
+ SAMBA_CI_CONTAINER_TAG: cffd3e4d9ad505cbf2b6732d2e3021d60e4159ad
#
# We use the ubuntu1804 image as default as
# it matches what we have on sn-devel-184.
diff --git a/bootstrap/config.py b/bootstrap/config.py
index b7ad2f68a53..ecead21da29 100644
--- a/bootstrap/config.py
+++ b/bootstrap/config.py
@@ -133,7 +133,6 @@ PKGS = [
('python3-dbg', ''),
('python3-iso8601', ''),
('python3-gpg', 'python3-gpg'), # defaults to ubuntu/fedora latest
- ('python3-crypto', 'python3-crypto'),
('python3-markdown', 'python3-markdown'),
('python3-matplotlib', ''),
('python3-dnspython', 'python3-dns'),
diff --git a/bootstrap/generated-dists/centos6/bootstrap.sh b/bootstrap/generated-dists/centos6/bootstrap.sh
index 551d9e773a3..b1fb2536fa9 100755
--- a/bootstrap/generated-dists/centos6/bootstrap.sh
+++ b/bootstrap/generated-dists/centos6/bootstrap.sh
@@ -83,7 +83,6 @@ yum install -y \
popt-devel \
procps \
psmisc \
- python3-crypto \
python3-dns \
python3-markdown \
python36 \
diff --git a/bootstrap/generated-dists/centos6/packages.yml b/bootstrap/generated-dists/centos6/packages.yml
index 86eb719d641..cba40f3b93d 100644
--- a/bootstrap/generated-dists/centos6/packages.yml
+++ b/bootstrap/generated-dists/centos6/packages.yml
@@ -69,7 +69,6 @@ packages:
- popt-devel
- procps
- psmisc
- - python3-crypto
- python3-dns
- python3-markdown
- python36
diff --git a/bootstrap/generated-dists/centos7/bootstrap.sh b/bootstrap/generated-dists/centos7/bootstrap.sh
index 08debda480b..f97c77d2a6b 100755
--- a/bootstrap/generated-dists/centos7/bootstrap.sh
+++ b/bootstrap/generated-dists/centos7/bootstrap.sh
@@ -84,7 +84,6 @@ yum install -y \
procps-ng \
psmisc \
python36 \
- python36-crypto \
python36-devel \
python36-dns \
python36-markdown \
diff --git a/bootstrap/generated-dists/centos7/packages.yml b/bootstrap/generated-dists/centos7/packages.yml
index 9b93461ff2c..87efa4330d1 100644
--- a/bootstrap/generated-dists/centos7/packages.yml
+++ b/bootstrap/generated-dists/centos7/packages.yml
@@ -70,7 +70,6 @@ packages:
- procps-ng
- psmisc
- python36
- - python36-crypto
- python36-devel
- python36-dns
- python36-markdown
diff --git a/bootstrap/generated-dists/debian10/bootstrap.sh b/bootstrap/generated-dists/debian10/bootstrap.sh
index 758c86f22af..eb610c5ee79 100755
--- a/bootstrap/generated-dists/debian10/bootstrap.sh
+++ b/bootstrap/generated-dists/debian10/bootstrap.sh
@@ -82,7 +82,6 @@ apt-get -y install \
procps \
psmisc \
python3 \
- python3-crypto \
python3-dbg \
python3-dev \
python3-dnspython \
diff --git a/bootstrap/generated-dists/debian10/packages.yml b/bootstrap/generated-dists/debian10/packages.yml
index f5115e99025..8440e143f62 100644
--- a/bootstrap/generated-dists/debian10/packages.yml
+++ b/bootstrap/generated-dists/debian10/packages.yml
@@ -71,7 +71,6 @@ packages:
- procps
- psmisc
- python3
- - python3-crypto
- python3-dbg
- python3-dev
- python3-dnspython
diff --git a/bootstrap/generated-dists/debian7/bootstrap.sh b/bootstrap/generated-dists/debian7/bootstrap.sh
index d201695fc03..ea8a9ad8afc 100755
--- a/bootstrap/generated-dists/debian7/bootstrap.sh
+++ b/bootstrap/generated-dists/debian7/bootstrap.sh
@@ -79,7 +79,6 @@ apt-get -y install \
procps \
psmisc \
python3 \
- python3-crypto \
python3-dbg \
python3-dev \
python3-dnspython \
diff --git a/bootstrap/generated-dists/debian7/packages.yml b/bootstrap/generated-dists/debian7/packages.yml
index 541704e8b21..e531b5822ed 100644
--- a/bootstrap/generated-dists/debian7/packages.yml
+++ b/bootstrap/generated-dists/debian7/packages.yml
@@ -68,7 +68,6 @@ packages:
- procps
- psmisc
- python3
- - python3-crypto
- python3-dbg
- python3-dev
- python3-dnspython
diff --git a/bootstrap/generated-dists/debian8/bootstrap.sh b/bootstrap/generated-dists/debian8/bootstrap.sh
index c810ad89009..6c720adcd1a 100755
--- a/bootstrap/generated-dists/debian8/bootstrap.sh
+++ b/bootstrap/generated-dists/debian8/bootstrap.sh
@@ -82,7 +82,6 @@ apt-get -y install \
procps \
psmisc \
python3 \
- python3-crypto \
python3-dbg \
python3-dev \
python3-dnspython \
diff --git a/bootstrap/generated-dists/debian8/packages.yml b/bootstrap/generated-dists/debian8/packages.yml
index 170733a19f6..53052141cf5 100644
--- a/bootstrap/generated-dists/debian8/packages.yml
+++ b/bootstrap/generated-dists/debian8/packages.yml
@@ -71,7 +71,6 @@ packages:
- procps
- psmisc
- python3
- - python3-crypto
- python3-dbg
- python3-dev
- python3-dnspython
diff --git a/bootstrap/generated-dists/debian9/bootstrap.sh b/bootstrap/generated-dists/debian9/bootstrap.sh
index 758c86f22af..eb610c5ee79 100755
--- a/bootstrap/generated-dists/debian9/bootstrap.sh
+++ b/bootstrap/generated-dists/debian9/bootstrap.sh
@@ -82,7 +82,6 @@ apt-get -y install \
procps \
psmisc \
python3 \
- python3-crypto \
python3-dbg \
python3-dev \
python3-dnspython \
diff --git a/bootstrap/generated-dists/debian9/packages.yml b/bootstrap/generated-dists/debian9/packages.yml
index f5115e99025..8440e143f62 100644
--- a/bootstrap/generated-dists/debian9/packages.yml
+++ b/bootstrap/generated-dists/debian9/packages.yml
@@ -71,7 +71,6 @@ packages:
- procps
- psmisc
- python3
- - python3-crypto
- python3-dbg
- python3-dev
- python3-dnspython
diff --git a/bootstrap/generated-dists/fedora29/bootstrap.sh b/bootstrap/generated-dists/fedora29/bootstrap.sh
index 9c094aae396..c82c86166e5 100755
--- a/bootstrap/generated-dists/fedora29/bootstrap.sh
+++ b/bootstrap/generated-dists/fedora29/bootstrap.sh
@@ -85,7 +85,6 @@ dnf install -y \
procps-ng \
psmisc \
python3 \
- python3-crypto \
python3-devel \
python3-dns \
python3-gpg \
diff --git a/bootstrap/generated-dists/fedora29/packages.yml b/bootstrap/generated-dists/fedora29/packages.yml
index be10535bfa1..35aaa53c117 100644
--- a/bootstrap/generated-dists/fedora29/packages.yml
+++ b/bootstrap/generated-dists/fedora29/packages.yml
@@ -74,7 +74,6 @@ packages:
- procps-ng
- psmisc
- python3
- - python3-crypto
- python3-devel
- python3-dns
- python3-gpg
diff --git a/bootstrap/generated-dists/fedora30/bootstrap.sh b/bootstrap/generated-dists/fedora30/bootstrap.sh
index 9c094aae396..c82c86166e5 100755
--- a/bootstrap/generated-dists/fedora30/bootstrap.sh
+++ b/bootstrap/generated-dists/fedora30/bootstrap.sh
@@ -85,7 +85,6 @@ dnf install -y \
procps-ng \
psmisc \
python3 \
- python3-crypto \
python3-devel \
python3-dns \
python3-gpg \
diff --git a/bootstrap/generated-dists/fedora30/packages.yml b/bootstrap/generated-dists/fedora30/packages.yml
index be10535bfa1..35aaa53c117 100644
--- a/bootstrap/generated-dists/fedora30/packages.yml
+++ b/bootstrap/generated-dists/fedora30/packages.yml
@@ -74,7 +74,6 @@ packages:
- procps-ng
- psmisc
- python3
- - python3-crypto
- python3-devel
- python3-dns
- python3-gpg
diff --git a/bootstrap/generated-dists/fedora31/bootstrap.sh b/bootstrap/generated-dists/fedora31/bootstrap.sh
index b882489baa2..fd6eecd1ab7 100755
--- a/bootstrap/generated-dists/fedora31/bootstrap.sh
+++ b/bootstrap/generated-dists/fedora31/bootstrap.sh
@@ -83,7 +83,6 @@ dnf install -y \
procps-ng \
psmisc \
python3 \
- python3-crypto \
python3-devel \
python3-dns \
python3-gpg \
diff --git a/bootstrap/generated-dists/fedora31/packages.yml b/bootstrap/generated-dists/fedora31/packages.yml
index d407300b3ef..8a2e2c785ad 100644
--- a/bootstrap/generated-dists/fedora31/packages.yml
+++ b/bootstrap/generated-dists/fedora31/packages.yml
@@ -72,7 +72,6 @@ packages:
- procps-ng
- psmisc
- python3
- - python3-crypto
- python3-devel
- python3-dns
- python3-gpg
diff --git a/bootstrap/generated-dists/opensuse150/bootstrap.sh b/bootstrap/generated-dists/opensuse150/bootstrap.sh
index 591da07b1d8..0e229caacb5 100755
--- a/bootstrap/generated-dists/opensuse150/bootstrap.sh
+++ b/bootstrap/generated-dists/opensuse150/bootstrap.sh
@@ -84,7 +84,6 @@ zypper --non-interactive install \
python3-devel \
python3-dnspython \
python3-gpg \
- python3-pycrypto \
readline-devel \
rng-tools \
rpcgen \
diff --git a/bootstrap/generated-dists/opensuse150/packages.yml b/bootstrap/generated-dists/opensuse150/packages.yml
index ba60caba868..910f95cf55f 100644
--- a/bootstrap/generated-dists/opensuse150/packages.yml
+++ b/bootstrap/generated-dists/opensuse150/packages.yml
@@ -72,7 +72,6 @@ packages:
- python3-devel
- python3-dnspython
- python3-gpg
- - python3-pycrypto
- readline-devel
- rng-tools
- rpcgen
diff --git a/bootstrap/generated-dists/opensuse151/bootstrap.sh b/bootstrap/generated-dists/opensuse151/bootstrap.sh
index 591da07b1d8..0e229caacb5 100755
--- a/bootstrap/generated-dists/opensuse151/bootstrap.sh
+++ b/bootstrap/generated-dists/opensuse151/bootstrap.sh
@@ -84,7 +84,6 @@ zypper --non-interactive install \
python3-devel \
python3-dnspython \
python3-gpg \
- python3-pycrypto \
readline-devel \
rng-tools \
rpcgen \
diff --git a/bootstrap/generated-dists/opensuse151/packages.yml b/bootstrap/generated-dists/opensuse151/packages.yml
index ba60caba868..910f95cf55f 100644
--- a/bootstrap/generated-dists/opensuse151/packages.yml
+++ b/bootstrap/generated-dists/opensuse151/packages.yml
@@ -72,7 +72,6 @@ packages:
- python3-devel
- python3-dnspython
- python3-gpg
- - python3-pycrypto
- readline-devel
- rng-tools
- rpcgen
diff --git a/bootstrap/generated-dists/ubuntu1404/bootstrap.sh b/bootstrap/generated-dists/ubuntu1404/bootstrap.sh
index 01dddb85286..9c707de566d 100755
--- a/bootstrap/generated-dists/ubuntu1404/bootstrap.sh
+++ b/bootstrap/generated-dists/ubuntu1404/bootstrap.sh
@@ -80,7 +80,6 @@ apt-get -y install \
procps \
psmisc \
python3 \
- python3-crypto \
python3-dbg \
python3-dev \
python3-dnspython \
diff --git a/bootstrap/generated-dists/ubuntu1404/packages.yml b/bootstrap/generated-dists/ubuntu1404/packages.yml
index 52e2b0c783f..f8d2ab8fc4c 100644
--- a/bootstrap/generated-dists/ubuntu1404/packages.yml
+++ b/bootstrap/generated-dists/ubuntu1404/packages.yml
@@ -69,7 +69,6 @@ packages:
- procps
- psmisc
- python3
- - python3-crypto
- python3-dbg
- python3-dev
- python3-dnspython
diff --git a/bootstrap/generated-dists/ubuntu1604/bootstrap.sh b/bootstrap/generated-dists/ubuntu1604/bootstrap.sh
index 04ceb1822c4..d7540d31a38 100755
--- a/bootstrap/generated-dists/ubuntu1604/bootstrap.sh
+++ b/bootstrap/generated-dists/ubuntu1604/bootstrap.sh
@@ -81,7 +81,6 @@ apt-get -y install \
procps \
psmisc \
python3 \
- python3-crypto \
python3-dbg \
python3-dev \
python3-dnspython \
diff --git a/bootstrap/generated-dists/ubuntu1604/packages.yml b/bootstrap/generated-dists/ubuntu1604/packages.yml
index c6cb5e460ae..da1c540bf3f 100644
--- a/bootstrap/generated-dists/ubuntu1604/packages.yml
+++ b/bootstrap/generated-dists/ubuntu1604/packages.yml
@@ -70,7 +70,6 @@ packages:
- procps
- psmisc
- python3
- - python3-crypto
- python3-dbg
- python3-dev
- python3-dnspython
diff --git a/bootstrap/generated-dists/ubuntu1804/bootstrap.sh b/bootstrap/generated-dists/ubuntu1804/bootstrap.sh
index e07f1863c31..f0b3e3120d0 100755
--- a/bootstrap/generated-dists/ubuntu1804/bootstrap.sh
+++ b/bootstrap/generated-dists/ubuntu1804/bootstrap.sh
@@ -83,7 +83,6 @@ apt-get -y install \
procps \
psmisc \
python3 \
- python3-crypto \
python3-dbg \
python3-dev \
python3-dnspython \
diff --git a/bootstrap/generated-dists/ubuntu1804/packages.yml b/bootstrap/generated-dists/ubuntu1804/packages.yml
index d70426ca5f2..eda09ec5c7c 100644
--- a/bootstrap/generated-dists/ubuntu1804/packages.yml
+++ b/bootstrap/generated-dists/ubuntu1804/packages.yml
@@ -72,7 +72,6 @@ packages:
- procps
- psmisc
- python3
- - python3-crypto
- python3-dbg
- python3-dev
- python3-dnspython
diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt
index c9bf561e666..5f1e8108f71 100644
--- a/bootstrap/sha1sum.txt
+++ b/bootstrap/sha1sum.txt
@@ -1 +1 @@
-36dd95324f5406f62312648e83fde78a8267b386
+cffd3e4d9ad505cbf2b6732d2e3021d60e4159ad
diff --git a/python/samba/tests/auth_log_winbind.py b/python/samba/tests/auth_log_winbind.py
index 4f4beff1e32..4c68187aef8 100644
--- a/python/samba/tests/auth_log_winbind.py
+++ b/python/samba/tests/auth_log_winbind.py
@@ -321,7 +321,7 @@ class AuthLogTestsWinbind(AuthLogTestBase, BlackboxTestCase):
self.assertEquals("unix:", msg["Authentication"]["localAddress"])
self.assertEquals('', msg["Authentication"]["clientDomain"])
# This is what the existing winbind implementation returns.
- self.assertEquals("NT_STATUS_INVALID_HANDLE",
+ self.assertEquals("NT_STATUS_NO_SUCH_USER",
msg["Authentication"]["status"])
self.assertEquals(self.credentials.get_username(),
msg["Authentication"]["clientAccount"])
@@ -424,7 +424,7 @@ class AuthLogTestsWinbind(AuthLogTestBase, BlackboxTestCase):
self.assertEquals("unix:", msg["Authentication"]["localAddress"])
self.assertEquals('', msg["Authentication"]["clientDomain"])
# This is what the existing winbind implementation returns.
- self.assertEquals("NT_STATUS_INVALID_HANDLE",
+ self.assertEquals("NT_STATUS_NO_SUCH_USER",
msg["Authentication"]["status"])
self.assertEquals(self.credentials.get_username(),
msg["Authentication"]["clientAccount"])
diff --git a/selftest/knownfail.d/empty-domain-name b/selftest/knownfail.d/empty-domain-name
new file mode 100644
index 00000000000..a1ffcaf7e3c
--- /dev/null
+++ b/selftest/knownfail.d/empty-domain-name
@@ -0,0 +1,7 @@
+^samba3.blackbox.smbclient_auth.empty_domain.domain_creds.smbclient.*as.user.*nt4_member
+^samba3.blackbox.smbclient_auth.empty_domain.domain_creds.smbclient.*as.user.*ad_member
+^samba3.blackbox.smbclient_auth.dot_domain.domain_creds.smbclient.*as.user.*nt4_member
+^samba3.blackbox.smbclient_auth.dot_domain.domain_creds.smbclient.*as.user.*ad_member
+^samba3.blackbox.smbclient_auth.upn.domain_creds.smbclient.*as.*user.*nt4_member
+^samba3.blackbox.smbclient_auth.upn.member_creds.smbclient.*as.*user.*nt4_member
+^samba3.blackbox.smbclient_auth.upn.member_creds.smbclient.*as.*user.*ad_member
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 9310ef0e1f0..c6357c696ea 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -35,6 +35,17 @@ static NTSTATUS auth_sam_ignoredomain_auth(const struct auth_context *auth_conte
if (!user_info || !auth_context) {
return NT_STATUS_UNSUCCESSFUL;
}
+
+ if (user_info->mapped.account_name == NULL ||
+ user_info->mapped.account_name[0] == '\0')
+ {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ DBG_DEBUG("Check auth for: [%s]\\[%s]\n",
+ user_info->mapped.domain_name,
+ user_info->mapped.account_name);
+
return check_sam_security(&auth_context->challenge, mem_ctx,
user_info, server_info);
}
@@ -69,16 +80,51 @@ static NTSTATUS auth_samstrict_auth(const struct auth_context *auth_context,
const struct auth_usersupplied_info *user_info,
struct auth_serversupplied_info **server_info)
{
+ const char *effective_domain = user_info->mapped.domain_name;
bool is_local_name, is_my_domain;
if (!user_info || !auth_context) {
return NT_STATUS_LOGON_FAILURE;
}
- DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
+ if (user_info->mapped.account_name == NULL ||
+ user_info->mapped.account_name[0] == '\0')
+ {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ if (lp_server_role() == ROLE_DOMAIN_MEMBER) {
+ const char *p = NULL;
+
+ p = strchr_m(user_info->mapped.account_name, '@');
+ if (p != NULL) {
+ /*
+ * This needs to go to the DC,
+ * even if @ is the last character
+ */
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+ }
+
+ if (effective_domain == NULL) {
+ effective_domain = "";
+ }
+
+ DBG_DEBUG("Check auth for: [%s]\\[%s]\n",
+ effective_domain,
+ user_info->mapped.account_name);
+
+
+ if (strequal(effective_domain, "") || strequal(effective_domain, ".")) {
+ /*
+ * An empty domain name or '.' should be handled
+ * as the local SAM name.
+ */
+ effective_domain = lp_netbios_name();
+ }
- is_local_name = is_myname(user_info->mapped.domain_name);
- is_my_domain = strequal(user_info->mapped.domain_name, lp_workgroup());
+ is_local_name = is_myname(effective_domain);
+ is_my_domain = strequal(effective_domain, lp_workgroup());
/* check whether or not we service this domain/workgroup name */
@@ -87,21 +133,21 @@ static NTSTATUS auth_samstrict_auth(const struct auth_context *auth_context,
case ROLE_DOMAIN_MEMBER:
if ( !is_local_name ) {
DEBUG(6,("check_samstrict_security: %s is not one of my local names (%s)\n",
- user_info->mapped.domain_name, (lp_server_role() == ROLE_DOMAIN_MEMBER
+ effective_domain, (lp_server_role() == ROLE_DOMAIN_MEMBER
? "ROLE_DOMAIN_MEMBER" : "ROLE_STANDALONE") ));
return NT_STATUS_NOT_IMPLEMENTED;
}
- FALL_THROUGH;
+ break;
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
if ( !is_local_name && !is_my_domain ) {
DEBUG(6,("check_samstrict_security: %s is not one of my local names or domain name (DC)\n",
- user_info->mapped.domain_name));
+ effective_domain));
return NT_STATUS_NOT_IMPLEMENTED;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list