[PATCHES] idmap_rfc2307: Fix wbinfo --gid-to-sid query

Jeremy Allison jra at samba.org
Thu Jun 4 14:34:24 MDT 2015


On Thu, Jun 04, 2015 at 01:14:44PM -0700, Christof Schmitt wrote:


Ohh - obvious goodness and thanks for the tests !

Pushed.

Jeremy.

> From 3ed3650ceaf3d95168e0ccaa772e9ac98bc18694 Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Thu, 4 Jun 2015 12:11:27 -0700
> Subject: [PATCH 1/2] idmap_rfc2307: Fix wbinfo --gid-to-sid query
> 
> Fix syntax error in LDAP query for gidNumber.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11313
> 
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
>  source3/winbindd/idmap_rfc2307.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
> index e45920a..e9d04c3 100644
> --- a/source3/winbindd/idmap_rfc2307.c
> +++ b/source3/winbindd/idmap_rfc2307.c
> @@ -374,7 +374,7 @@ again:
>  			break;
>  		case ID_TYPE_GID:
>  			fltr_grp = talloc_asprintf_append_buffer(fltr_grp,
> -					"(gidNumber=%d))", ids[idx]->xid.id);
> +					"(gidNumber=%d)", ids[idx]->xid.id);
>  			cnt_grp++;
>  			break;
>  		default:
> -- 
> 1.7.1
> 
> 
> From db705076adb2cd1bd7cde04f273a474e8818c231 Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Thu, 4 Jun 2015 10:39:14 -0700
> Subject: [PATCH 2/2] nsswitch: Extend idmap_rfc2307 testcase for reverse lookup
> 
> Also test the codepaths to map UID and GID back to SID and names. Use
> different user and group to avoid returning results cached from the
> previous lookups.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11313
> 
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
>  nsswitch/tests/test_idmap_rfc2307.sh |   72 +++++++++++++++++++++++++++++----
>  source3/selftest/tests.py            |    2 +-
>  2 files changed, 64 insertions(+), 10 deletions(-)
> 
> diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
> index cb60364..90e32a7 100755
> --- a/nsswitch/tests/test_idmap_rfc2307.sh
> +++ b/nsswitch/tests/test_idmap_rfc2307.sh
> @@ -1,21 +1,24 @@
>  #!/bin/sh
>  # Test id mapping through idmap_rfc2307 module
>  if [ $# -lt 9 ]; then
> -	echo Usage: $0 DOMAIN USERNAME UID GROUPNAME GID LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
> +	echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 GROUPNAME GID GROUPNAME2 GID2 LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
>  	exit 1
>  fi
>  
>  DOMAIN="$1"
>  USERNAME="$2"
>  USERUID="$3"
> -GROUPNAME="$4"
> -GROUPGID="$5"
> -LDAPPREFIX="$6"
> -DC_SERVER="$7"
> -DC_USERNAME="$8"
> -DC_PASSWORD="$9"
> -
> -echo called with: $1 $2 $3 $4 $5 $6 $7 $8 $9
> +USERNAME2="$4"
> +USERUID2="$5"
> +GROUPNAME="$6"
> +GROUPGID="$7"
> +GROUPNAME2="$8"
> +GROUPGID2="$9"
> +shift 9
> +LDAPPREFIX="$1"
> +DC_SERVER="$2"
> +DC_USERNAME="$3"
> +DC_PASSWORD="$4"
>  
>  wbinfo="$VALGRIND $BINDIR/wbinfo"
>  
> @@ -35,7 +38,9 @@ failed=0
>  
>  # Delete LDAP records
>  $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
> +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX"
>  $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
> +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX"
>  $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
>  
>  # Add id mapping information to LDAP
> @@ -62,6 +67,20 @@ EOF
>  testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
>  
>  cat > $PREFIX/tmpldb <<EOF
> +dn: cn=$USERNAME2,$LDAPPREFIX
> +objectClass: organizationalPerson
> +objectClass: posixAccount
> +ou: People
> +cn: $USERNAME2
> +uid: $USERNAME2
> +uidNumber: $USERUID2
> +gidNumber: 2
> +homeDirectory: /home/admin
> +EOF
> +
> +testit "add second ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
> +
> +cat > $PREFIX/tmpldb <<EOF
>  dn: cn=$GROUPNAME,$LDAPPREFIX
>  objectClass: posixGroup
>  objectClass: groupOfNames
> @@ -72,6 +91,17 @@ EOF
>  
>  testit "add ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
>  
> +cat > $PREFIX/tmpldb <<EOF
> +dn: cn=$GROUPNAME2,$LDAPPREFIX
> +objectClass: posixGroup
> +objectClass: groupOfNames
> +cn: $GROUPNAME2
> +gidNumber: $GROUPGID2
> +member: cn=$USERNAME,$LDAPPREFIX
> +EOF
> +
> +testit "add second ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
> +
>  rm -f $PREFIX/tmpldbmodify
>  
>  testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN/$USERNAME" || failed=$(expr $failed + 1)
> @@ -95,9 +125,33 @@ echo "$DOMAIN/$GROUPNAME resolved to $group_gid"
>  
>  testit "test $group_gid -eq $GROUPGID" test $group_gid -eq $GROUPGID || failed=$(expr $failed + 1)
>  
> +# Use different user and group for reverse lookup to not read from cache
> +
> +testit "$wbinfo --uid-to-sid=$USERUID2" $wbinfo --uid-to-sid=$USERUID2 || failed=$(expr $failed + 1)
> +user_sid2=$($wbinfo --uid-to-sid=$USERUID2 | cut -d " " -f1)
> +echo "UID $USERUID2 resolved to SID $user_sid2"
> +
> +testit "$wbinfo --sid-to-name=$user_sid2" $wbinfo --sid-to-name=$user_sid2 || failed=$(expr $failed + 1)
> +user_name2=$($wbinfo --sid-to-name=$user_sid2 | cut -d " " -f1)
> +echo "SID $user_sid2 resolved to $user_name2"
> +
> +testit "test $user_name2 = $DOMAIN/$USERNAME2" test "$(echo $user_name2 | tr A-Z a-z)" = "$(echo $DOMAIN/$USERNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1)
> +
> +testit "$wbinfo --gid-to-sid=$GROUPGID2" $wbinfo --gid-to-sid=$GROUPGID2 || failed=$(expr $failed + 1)
> +group_sid2=$($wbinfo --gid-to-sid=$GROUPGID2 | cut -d " " -f1)
> +echo "GID $GROUPGID2 resolved to SID $group_sid2"
> +
> +testit "$wbinfo --sid-to-name=$group_sid2" $wbinfo --sid-to-name=$group_sid2 || failed=$(expr $failed + 1)
> +group_name2=$($wbinfo --sid-to-name=$group_sid2 | cut -d " " -f1)
> +echo "SID $group_sid2 resolved to $group_name2"
> +
> +testit "test $group_name2 = $DOMAIN/$GROUPNAME2" test "$(echo $group_name2 | tr A-Z a-z)" = "$(echo $DOMAIN/$GROUPNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1)
> +
>  # Delete LDAP records
>  $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
> +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX"
>  $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
> +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX"
>  $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
>  
>  exit $failed
> diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
> index dd06e07..d6e6869 100755
> --- a/source3/selftest/tests.py
> +++ b/source3/selftest/tests.py
> @@ -350,7 +350,7 @@ for t in tests:
>          plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/write-list-tmp -U$USERNAME%$PASSWORD')
>          plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
>      elif t == "idmap.rfc2307":
> -        plantestsuite(t, "ad_member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', '"Domain Users"', '2000001', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD'])
> +        plantestsuite(t, "ad_member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', 'Guest', '2000001', '"Domain Users"', '2000002', 'DnsAdmins', '2000003', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD'])
>      elif t == "raw.acls":
>          plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
>          plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/nfs4acl_simple -U$USERNAME%$PASSWORD', description='nfs4acl_xattr-simple')
> -- 
> 1.7.1


More information about the samba-technical mailing list