The Samba-Bugzilla – Attachment 11122 Details for
Bug 11313
wbinfo --gid-to-sid lookup fails with idmap_rfc2307 backend
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Backported patches for 4.1
patches-4.1 (text/plain), 7.84 KB, created by
Christof Schmitt
on 2015-06-05 16:19:01 UTC
(
hide
)
Description:
Backported patches for 4.1
Filename:
MIME Type:
Creator:
Christof Schmitt
Created:
2015-06-05 16:19:01 UTC
Size:
7.84 KB
patch
obsolete
>From ec5b18f9a30cae9b2fa9050361221fd0479591eb Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Thu, 4 Jun 2015 12:11:27 -0700 >Subject: [PATCH 1/2] idmap_rfc2307: Fix wbinfo --gid-to-sid query > >Fix syntax error in LDAP query for gidNumber. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11313 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 835c278e43b9dec98834de0fb12445720e9df2e5) >--- > source3/winbindd/idmap_rfc2307.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c >index db8bab6..f2fcd98 100644 >--- a/source3/winbindd/idmap_rfc2307.c >+++ b/source3/winbindd/idmap_rfc2307.c >@@ -374,7 +374,7 @@ again: > break; > case ID_TYPE_GID: > fltr_grp = talloc_asprintf_append_buffer(fltr_grp, >- "(gidNumber=%d))", ids[idx]->xid.id); >+ "(gidNumber=%d)", ids[idx]->xid.id); > cnt_grp++; > break; > default: >-- >1.7.1 > > >From a6de25dd46c0e59796c596c673db324bea592579 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Fri, 5 Jun 2015 08:26:43 -0700 >Subject: [PATCH 2/2] nsswitch: Extend idmap_rfc2307 testcase for reverse lookup > >Also test the codepaths to map UID and GID back to SID and names. Use >different user and group to avoid returning results cached from the >previous lookups. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11313 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Fri Jun 5 01:24:32 CEST 2015 on sn-devel-104 >(cherry picked from commit c1c07b462058f863e706127203e6f30dba89a2a9) >--- > nsswitch/tests/test_idmap_rfc2307.sh | 72 +++++++++++++++++++++++++++++---- > source3/selftest/tests.py | 2 +- > 2 files changed, 64 insertions(+), 10 deletions(-) > >diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh >index b9efd34..fc4c383 100755 >--- a/nsswitch/tests/test_idmap_rfc2307.sh >+++ b/nsswitch/tests/test_idmap_rfc2307.sh >@@ -1,21 +1,24 @@ > #!/bin/sh > # Test id mapping through idmap_rfc2307 module > if [ $# -lt 9 ]; then >- echo Usage: $0 DOMAIN USERNAME UID GROUPNAME GID LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD >+ echo Usage: $0 DOMAIN USERNAME UID USERNAME2 UID2 GROUPNAME GID GROUPNAME2 GID2 LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD > exit 1 > fi > > DOMAIN="$1" > USERNAME="$2" > USERUID="$3" >-GROUPNAME="$4" >-GROUPGID="$5" >-LDAPPREFIX="$6" >-DC_SERVER="$7" >-DC_USERNAME="$8" >-DC_PASSWORD="$9" >- >-echo called with: $1 $2 $3 $4 $5 $6 $7 $8 $9 >+USERNAME2="$4" >+USERUID2="$5" >+GROUPNAME="$6" >+GROUPGID="$7" >+GROUPNAME2="$8" >+GROUPGID2="$9" >+shift 9 >+LDAPPREFIX="$1" >+DC_SERVER="$2" >+DC_USERNAME="$3" >+DC_PASSWORD="$4" > > wbinfo="$VALGRIND $BINDIR/wbinfo" > ldbadd="$BINDIR/ldbadd" >@@ -26,7 +29,9 @@ failed=0 > > # Delete LDAP records > $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX" >+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX" > $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX" >+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX" > $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX" > > # Add id mapping information to LDAP >@@ -53,6 +58,20 @@ EOF > testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb > > cat > $PREFIX/tmpldb <<EOF >+dn: cn=$USERNAME2,$LDAPPREFIX >+objectClass: organizationalPerson >+objectClass: posixAccount >+ou: People >+cn: $USERNAME2 >+uid: $USERNAME2 >+uidNumber: $USERUID2 >+gidNumber: 2 >+homeDirectory: /home/admin >+EOF >+ >+testit "add second ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb >+ >+cat > $PREFIX/tmpldb <<EOF > dn: cn=$GROUPNAME,$LDAPPREFIX > objectClass: posixGroup > objectClass: groupOfNames >@@ -63,6 +82,17 @@ EOF > > testit "add ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb > >+cat > $PREFIX/tmpldb <<EOF >+dn: cn=$GROUPNAME2,$LDAPPREFIX >+objectClass: posixGroup >+objectClass: groupOfNames >+cn: $GROUPNAME2 >+gidNumber: $GROUPGID2 >+member: cn=$USERNAME,$LDAPPREFIX >+EOF >+ >+testit "add second ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb >+ > rm -f $PREFIX/tmpldbmodify > > testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN\\$USERNAME" || failed=$(expr $failed + 1) >@@ -86,9 +116,33 @@ echo "$DOMAIN\\$GROUPNAME resolved to $group_gid" > > testit "test $group_gid -eq $GROUPGID" test $group_gid -eq $GROUPGID || failed=$(expr $failed + 1) > >+# Use different user and group for reverse lookup to not read from cache >+ >+testit "$wbinfo --uid-to-sid=$USERUID2" $wbinfo --uid-to-sid=$USERUID2 || failed=$(expr $failed + 1) >+user_sid2=$($wbinfo --uid-to-sid=$USERUID2 | cut -d " " -f1) >+echo "UID $USERUID2 resolved to SID $user_sid2" >+ >+testit "$wbinfo --sid-to-name=$user_sid2" $wbinfo --sid-to-name=$user_sid2 || failed=$(expr $failed + 1) >+user_name2=$($wbinfo --sid-to-name=$user_sid2 | cut -d " " -f1) >+echo "SID $user_sid2 resolved to $user_name2" >+ >+testit "test $user_name2 = $DOMAIN\\$USERNAME2" test "$(echo $user_name2 | tr A-Z a-z)" = "$(echo $DOMAIN\\$USERNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1) >+ >+testit "$wbinfo --gid-to-sid=$GROUPGID2" $wbinfo --gid-to-sid=$GROUPGID2 || failed=$(expr $failed + 1) >+group_sid2=$($wbinfo --gid-to-sid=$GROUPGID2 | cut -d " " -f1) >+echo "GID $GROUPGID2 resolved to SID $group_sid2" >+ >+testit "$wbinfo --sid-to-name=$group_sid2" $wbinfo --sid-to-name=$group_sid2 || failed=$(expr $failed + 1) >+group_name2=$($wbinfo --sid-to-name=$group_sid2 | cut -d " " -f1) >+echo "SID $group_sid2 resolved to $group_name2" >+ >+testit "test $group_name2 = $DOMAIN\\$GROUPNAME2" test "$(echo $group_name2 | tr A-Z a-z)" = "$(echo $DOMAIN\\$GROUPNAME2 | tr A-Z a-z)" || failed=$(expr $failed + 1) >+ > # Delete LDAP records > $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX" >+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME2,$LDAPPREFIX" > $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX" >+$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME2,$LDAPPREFIX" > $VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX" > > exit $failed >diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py >index 85d67d6..a926e1e 100755 >--- a/source3/selftest/tests.py >+++ b/source3/selftest/tests.py >@@ -343,7 +343,7 @@ for t in tests: > plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/write-list-tmp -U$USERNAME%$PASSWORD') > plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD') > elif t == "idmap.rfc2307": >- plantestsuite(t, "s3member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', '"Domain Users"', '2000001', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD']) >+ plantestsuite(t, "s3member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', 'Guest', '2000001', '"Domain Users"', '2000002', 'DnsAdmins', '2000003', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD']) > elif t == "raw.acls": > plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') > plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/nfs4acl_simple -U$USERNAME%$PASSWORD', description='nfs4acl_xattr-simple') >-- >1.7.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
cs
:
review+
jra
:
review+
Actions:
View
Attachments on
bug 11313
: 11122 |
11123