[PATCHES][BUG 12757] Lookup of more than two SIDs in idmap_rfc2307 fails
Christof Schmitt
cs at samba.org
Wed Apr 26 21:07:33 UTC 2017
Going to push these patches if nobody objects.
Christof
-------------- next part --------------
From 5c995b2526e993f0507ffc2a62fac146b4684e08 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 31 Mar 2017 15:20:07 +0000
Subject: [PATCH 01/11] idmap_rfc2307: Don't stop after 30 entries
We start over again and again, so we need to search in the whole list.
This is a quick hack generating a bad O(n^2). The real fix is to
call idmap_rfc2307_find_map with "maps" starting at the right offset,
but that's an optimization for later when it's restructured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
---
source3/winbindd/idmap_rfc2307.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
index deb25cc..306bc8a 100644
--- a/source3/winbindd/idmap_rfc2307.c
+++ b/source3/winbindd/idmap_rfc2307.c
@@ -520,10 +520,7 @@ static struct id_map* idmap_rfc2307_find_map(struct idmap_rfc2307_map *maps,
DEBUG(10, ("Looking for name %s, type %d\n", name, type));
- for (i = 0; i < IDMAP_LDAP_MAX_IDS; i++) {
- if (maps[i].map == NULL) { /* end of the run */
- return NULL;
- }
+ for (i = 0; maps[i].map != NULL; i++) {
DEBUG(10, ("Entry %d: name %s, type %d\n",
i, maps[i].name, maps[i].type));
if (type == maps[i].type && strcmp(name, maps[i].name) == 0) {
--
1.8.3.1
From 0e65242959adaa0b4e9e2b29153f874688e8f1b7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 31 Mar 2017 15:23:39 +0000
Subject: [PATCH 02/11] idmap_rfc2307: "ldap_next_entry" needs the previous
entry, not the start
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
---
source3/winbindd/idmap_rfc2307.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
index 306bc8a..27ec86d 100644
--- a/source3/winbindd/idmap_rfc2307.c
+++ b/source3/winbindd/idmap_rfc2307.c
@@ -552,7 +552,7 @@ static void idmap_rfc2307_map_xid_results(struct idmap_rfc2307_context *ctx,
if (i == 0) {
entry = ldap_first_entry(ctx->ldap, result);
} else {
- entry = ldap_next_entry(ctx->ldap, result);
+ entry = ldap_next_entry(ctx->ldap, entry);
}
if (!entry) {
DEBUG(2, ("Unable to fetch entry.\n"));
--
1.8.3.1
From 8a83b23e80c5740ce0570973dfa7c2d238a0e3db Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 4 Apr 2017 14:15:26 +0200
Subject: [PATCH 03/11] test_idmap_rfc2307: Remove the correct file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
---
nsswitch/tests/test_idmap_rfc2307.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
index 90e32a7..a125f77 100755
--- a/nsswitch/tests/test_idmap_rfc2307.sh
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -102,7 +102,7 @@ EOF
testit "add second ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-rm -f $PREFIX/tmpldbmodify
+rm -f $PREFIX/tmpldb
testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN/$USERNAME" || failed=$(expr $failed + 1)
user_sid=$($wbinfo -n "$DOMAIN/$USERNAME" | cut -d " " -f1)
--
1.8.3.1
From bb243ea14cdaf94ef51c433d4b0009d994484627 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 4 Apr 2017 14:15:26 +0200
Subject: [PATCH 04/11] test_idmap_rfc2307: Avoid a tmpfile
We can << directly into ldbadd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
---
nsswitch/tests/test_idmap_rfc2307.sh | 27 ++++++++++-----------------
1 file changed, 10 insertions(+), 17 deletions(-)
diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
index a125f77..b5f8ce5 100755
--- a/nsswitch/tests/test_idmap_rfc2307.sh
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -45,14 +45,14 @@ $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDA
# Add id mapping information to LDAP
-cat > $PREFIX/tmpldb <<EOF
+testit "add ldap prefix" $VALGRIND $ldbadd -H ldap://$DC_SERVER \
+ -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
dn: $LDAPPREFIX
objectclass: organizationalUnit
EOF
-testit "add ldap prefix" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-cat > $PREFIX/tmpldb <<EOF
+testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER \
+ -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
dn: cn=$USERNAME,$LDAPPREFIX
objectClass: organizationalPerson
objectClass: posixAccount
@@ -64,9 +64,8 @@ gidNumber: 1
homeDirectory: /home/admin
EOF
-testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-cat > $PREFIX/tmpldb <<EOF
+testit "add second ldap user mapping record" $VALGRIND $ldbadd \
+ -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
dn: cn=$USERNAME2,$LDAPPREFIX
objectClass: organizationalPerson
objectClass: posixAccount
@@ -78,9 +77,8 @@ gidNumber: 2
homeDirectory: /home/admin
EOF
-testit "add second ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-cat > $PREFIX/tmpldb <<EOF
+testit "add ldap group mapping record" $VALGRIND $ldbadd \
+ -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
dn: cn=$GROUPNAME,$LDAPPREFIX
objectClass: posixGroup
objectClass: groupOfNames
@@ -89,9 +87,8 @@ gidNumber: $GROUPGID
member: cn=$USERNAME,$LDAPPREFIX
EOF
-testit "add ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-cat > $PREFIX/tmpldb <<EOF
+testit "add second ldap group mapping record" $VALGRIND $ldbadd \
+ -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
dn: cn=$GROUPNAME2,$LDAPPREFIX
objectClass: posixGroup
objectClass: groupOfNames
@@ -100,10 +97,6 @@ gidNumber: $GROUPGID2
member: cn=$USERNAME,$LDAPPREFIX
EOF
-testit "add second ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb
-
-rm -f $PREFIX/tmpldb
-
testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN/$USERNAME" || failed=$(expr $failed + 1)
user_sid=$($wbinfo -n "$DOMAIN/$USERNAME" | cut -d " " -f1)
echo "$DOMAIN/$USERNAME resolved to $user_sid"
--
1.8.3.1
From eb3af0940497368f8556328e874fa74ffd339693 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 4 Apr 2017 14:59:45 +0200
Subject: [PATCH 05/11] test_idmap_rfc2307: Correct usage
We already have 13 args at this point, and growing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
---
nsswitch/tests/test_idmap_rfc2307.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
index b5f8ce5..6e4e041 100755
--- a/nsswitch/tests/test_idmap_rfc2307.sh
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -1,6 +1,6 @@
#!/bin/sh
# Test id mapping through idmap_rfc2307 module
-if [ $# -lt 9 ]; then
+if [ $# -lt 13 ]; then
echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 GROUPNAME GID GROUPNAME2 GID2 LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
exit 1
fi
--
1.8.3.1
From 8de67cbf153bd369fad797e733579facb2d67082 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 4 Apr 2017 15:12:02 +0200
Subject: [PATCH 06/11] test_idmap_rfc2307: Do a recursive delete in ou=idmap
We'll create more posix objects soon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
---
nsswitch/tests/test_idmap_rfc2307.sh | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
index 6e4e041..e0f550d 100755
--- a/nsswitch/tests/test_idmap_rfc2307.sh
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -22,6 +22,11 @@ DC_PASSWORD="$4"
wbinfo="$VALGRIND $BINDIR/wbinfo"
+ldbsearch="ldbsearch"
+if [ -x "$BINDIR/ldbsearch" ]; then
+ ldbsearch="$BINDIR/ldbsearch"
+fi
+
ldbadd="ldbadd"
if [ -x "$BINDIR/ldbadd" ]; then
ldbadd="$BINDIR/ldbadd"
@@ -37,10 +42,11 @@ failed=0
. `dirname $0`/../../testprogs/blackbox/subunit.sh
# Delete LDAP records
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX"
+$VALGRIND $ldbsearch -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
+ -s one -b "$LDAPPREFIX" | grep '^dn:' | cut -d ' ' -f 2- |
+ xargs -d '\n' -n 1 -IDEL_DN \
+ $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
+ "DEL_DN"
$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
# Add id mapping information to LDAP
@@ -141,10 +147,11 @@ echo "SID $group_sid2 resolved to $group_name2"
testit "test $group_name2 = $DOMAIN/$GROUPNAME2" test "$(echo $group_name2 | tr A-Z a-z)" = "$(echo $DOMAIN/$GROUPNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1)
# Delete LDAP records
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX"
-$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX"
+$VALGRIND $ldbsearch -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
+ -s one -b "$LDAPPREFIX" | grep '^dn:' | cut -d ' ' -f 2- |
+ xargs -d '\n' -n 1 -IDEL_DN \
+ $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
+ "DEL_DN"
$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX"
exit $failed
--
1.8.3.1
From ac7ac280717ded45102f592cbb80d1d950b51b2e Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 4 Apr 2017 15:28:36 +0200
Subject: [PATCH 07/11] test_idmap_rfc2307: Test wbinfo -r for 35 supplementary
group memberships
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
---
nsswitch/tests/test_idmap_rfc2307.sh | 66 ++++++++++++++++++++++++++++++++----
source3/selftest/tests.py | 12 ++++++-
2 files changed, 71 insertions(+), 7 deletions(-)
diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
index e0f550d..5fabdc6 100755
--- a/nsswitch/tests/test_idmap_rfc2307.sh
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -1,7 +1,9 @@
#!/bin/sh
# Test id mapping through idmap_rfc2307 module
-if [ $# -lt 13 ]; then
- echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 GROUPNAME GID GROUPNAME2 GID2 LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
+if [ $# -lt 15 ]; then
+ echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 \
+ GROUPNAME GID GROUPNAME2 GID2 GID_START NUMGROUPS \
+ LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD
exit 1
fi
@@ -15,12 +17,15 @@ GROUPGID="$7"
GROUPNAME2="$8"
GROUPGID2="$9"
shift 9
-LDAPPREFIX="$1"
-DC_SERVER="$2"
-DC_USERNAME="$3"
-DC_PASSWORD="$4"
+GID_START="$1"
+NUMGROUPS="$2"
+LDAPPREFIX="$3"
+DC_SERVER="$4"
+DC_USERNAME="$5"
+DC_PASSWORD="$6"
wbinfo="$VALGRIND $BINDIR/wbinfo"
+net="$VALGRIND $BINDIR/net"
ldbsearch="ldbsearch"
if [ -x "$BINDIR/ldbsearch" ]; then
@@ -146,6 +151,55 @@ echo "SID $group_sid2 resolved to $group_name2"
testit "test $group_name2 = $DOMAIN/$GROUPNAME2" test "$(echo $group_name2 | tr A-Z a-z)" = "$(echo $DOMAIN/$GROUPNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1)
+i=0
+while [ ${i} -lt ${NUMGROUPS} ] ; do
+ GRP=$(printf "test_rfc2307_group_%3.3d" "$i")
+ GRP_GID=$(expr "$GID_START" + "$i")
+ testit "Add group $GRP" $net rpc group add "$GRP" -S "$DC_SERVER" \
+ -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
+ failed=$(expr $failed + 1)
+ testit "Add groupmem $GRP $USERNAME" \
+ $net rpc group addmem "$GRP" "$USERNAME" \
+ -S "$DC_SERVER" \
+ -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
+ failed=$(expr $failed + 1)
+ testit "Add group object for $GRP $GRP_GID" \
+ $VALGRIND $ldbadd \
+ -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD <<EOF
+dn: cn=$GRP,$LDAPPREFIX
+objectClass: posixGroup
+objectClass: groupOfNames
+cn: $GRP
+gidNumber: $GRP_GID
+member: cn=$USERNAME,$LDAPPREFIX
+EOF
+ i=$(expr "$i" + 1)
+done
+
+# Test whether wbinfo -r shows all groups
+
+EXPECTED_USERGROUPS="1000000/1000001/2000002/"
+i=0
+while [ ${i} -lt ${NUMGROUPS} ] ; do
+ EXPECTED_USERGROUPS="$EXPECTED_USERGROUPS$(expr ${i} + ${GID_START})/"
+ i=$(expr "$i" + 1)
+done
+
+USERGROUPS=$($wbinfo -r $DOMAIN/$USERNAME | sort -n | tr '\n' '/')
+
+testit "Testing for expected group memberships" \
+ test "$USERGROUPS" = "$EXPECTED_USERGROUPS" ||
+ failed=$(expr $failed + 1)
+
+i=0
+while [ ${i} -lt ${NUMGROUPS} ] ; do
+ GRP=$(printf "test_rfc2307_group_%3.3d" ${i})
+ testit "Del group $GRP" $net rpc group delete "$GRP" -S "$DC_SERVER" \
+ -U"${DOMAIN}\\${DC_USERNAME}"%"${DC_PASSWORD}" ||
+ failed=$(expr $failed + 1)
+ i=$(expr "$i" + 1)
+done
+
# Delete LDAP records
$VALGRIND $ldbsearch -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD \
-s one -b "$LDAPPREFIX" | grep '^dn:' | cut -d ' ' -f 2- |
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 9bb7903..223ce86b 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -398,7 +398,17 @@ for t in tests:
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/write-list-tmp -U$USERNAME%$PASSWORD')
plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
elif t == "idmap.rfc2307":
- plantestsuite(t, "ad_member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', 'Guest', '2000001', '"Domain Users"', '2000002', 'DnsAdmins', '2000003', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD'])
+ plantestsuite(t, "ad_member_rfc2307",
+ [os.path.join(samba3srcdir,
+ "../nsswitch/tests/test_idmap_rfc2307.sh"),
+ '$DOMAIN',
+ 'Administrator', '2000000',
+ 'Guest', '2000001',
+ '"Domain Users"', '2000002',
+ 'DnsAdmins', '2000003',
+ '2000005', '35',
+ 'ou=idmap,dc=samba,dc=example,dc=com',
+ '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD'])
elif t == "idmap.alloc":
plantestsuite(t, "ad_member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_nss.sh"), '$DOMAIN'])
elif t == "idmap.rid":
--
1.8.3.1
From 64a7c89eb7dbd03beb895ae23bd0991a510d2fd2 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 31 Mar 2017 15:20:07 +0000
Subject: [PATCH 08/11] idmap_rfc2307: Don't stop after 30 entries
We start over again and again, so we need to search in the whole list.
This is a quick hack generating a bad O(n^2). The real fix is to
call idmap_rfc2307_find_map with "maps" starting at the right offset,
but that's an optimization for later when it's restructured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
---
source3/winbindd/idmap_util.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c
index 196b4ad..fd2ae4a 100644
--- a/source3/winbindd/idmap_util.c
+++ b/source3/winbindd/idmap_util.c
@@ -52,10 +52,7 @@ struct id_map *idmap_find_map_by_id(struct id_map **maps, enum id_type type,
{
int i;
- for (i = 0; i < IDMAP_LDAP_MAX_IDS; i++) {
- if (maps[i] == NULL) { /* end of the run */
- return NULL;
- }
+ for (i = 0; maps[i] != NULL; i++) {
if ((maps[i]->xid.type == type) && (maps[i]->xid.id == id)) {
return maps[i];
}
--
1.8.3.1
From 2f875220daa126abb5ea0f8c5ea50a3d97594b04 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 31 Mar 2017 15:23:39 +0000
Subject: [PATCH 09/11] idmap_rfc2307: "ldap_next_entry" needs the previous
entry, not the start
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
---
source3/winbindd/idmap_rfc2307.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
index 27ec86d..8ffa55b 100644
--- a/source3/winbindd/idmap_rfc2307.c
+++ b/source3/winbindd/idmap_rfc2307.c
@@ -235,7 +235,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx,
if (i == 0) {
entry = ldap_first_entry(ctx->ldap, result);
} else {
- entry = ldap_next_entry(ctx->ldap, result);
+ entry = ldap_next_entry(ctx->ldap, entry);
}
if (!entry) {
DEBUG(2, ("Unable to fetch entry.\n"));
--
1.8.3.1
From d8c00f5fcf05161ef968a2f7ec8fc3c41f28c688 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 4 Apr 2017 17:15:10 +0200
Subject: [PATCH 10/11] selftest: Avoid idmap caching when testing
idmap_rfc2307
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
---
selftest/target/Samba3.pm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index c241bd1..decfa0e 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -507,6 +507,8 @@ sub setup_admember_rfc2307($$$$)
security = ads
workgroup = $dcvars->{DOMAIN}
realm = $dcvars->{REALM}
+ idmap cache time = 0
+ idmap negative cache time = 0
idmap config * : backend = autorid
idmap config * : range = 1000000-1999999
idmap config * : rangesize = 100000
--
1.8.3.1
From 210f4d0fdcb48fa01446b87be1a608e1f3b7b192 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 6 Apr 2017 12:50:08 +0200
Subject: [PATCH 11/11] idmap_rfc2307: Test unix-ids-to-sids with 35 groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
---
nsswitch/tests/test_idmap_rfc2307.sh | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh
index 5fabdc6..c62da5d 100755
--- a/nsswitch/tests/test_idmap_rfc2307.sh
+++ b/nsswitch/tests/test_idmap_rfc2307.sh
@@ -176,6 +176,20 @@ EOF
i=$(expr "$i" + 1)
done
+# Test whether wbinfo --xids-to-sids finds everything
+
+GIDS=""
+i=0
+while [ ${i} -lt ${NUMGROUPS} ] ; do
+ GIDS="$GIDS g$(expr ${i} + ${GID_START})"
+ i=$(expr "$i" + 1)
+done
+NUM_VALID_SIDS=$($wbinfo --unix-ids-to-sids="$GIDS" | grep -v ^S-0-0 | wc -l)
+
+testit "Count number of valid sids found" \
+ test ${NUM_VALID_SIDS} = ${NUMGROUPS} ||
+ failed=$(expr $failed + 1)
+
# Test whether wbinfo -r shows all groups
EXPECTED_USERGROUPS="1000000/1000001/2000002/"
--
1.8.3.1
More information about the samba-technical
mailing list