From d9d30a2439db0caf55a0c37f482c357299df4dd4 Mon Sep 17 00:00:00 2001 From: Noel Power Date: Thu, 29 Sep 2016 16:50:58 +0100 Subject: [PATCH 1/2] Add a blackbox tests for id & getent to test domain@realm type credentials Using domain@realm credentials has been problematic when global conf setting "winbind use default domain" is enabled, this patch creates a new s4member_dflt_domain environment (where "winbind use default domain" is enabled) and runs getent & id against the normal s4member & and new s4member_dflt_domain environments BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298 Signed-off-by: Noel Power --- selftest/target/Samba.pm | 1 + selftest/target/Samba4.pm | 34 ++++++++++++++++++++++++++++++---- source4/selftest/tests.py | 7 +++++++ testprogs/blackbox/dom_parse.sh | 27 +++++++++++++++++++++++++++ 4 files changed, 65 insertions(+), 4 deletions(-) create mode 100755 testprogs/blackbox/dom_parse.sh diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index 17a2bbe..64de27c 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -296,6 +296,7 @@ sub get_interface($) $interfaces{"promotedvdc"} = 33; $interfaces{"rfc2307member"} = 34; $interfaces{"fileserver"} = 35; + $interfaces{"s4member_dflt"} = 36; # update lib/socket_wrapper/socket_wrapper.c # #define MAX_WRAPPED_INTERFACES 40 diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 836c15d..c031b08 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -936,9 +936,9 @@ $extra_smbconf_shares return $self->provision_raw_step2($ctx, $ret); } -sub provision_s4member($$$) +sub provision_s4member($$$$$) { - my ($self, $prefix, $dcvars) = @_; + my ($self, $prefix, $dcvars, $hostname, $more_conf) = @_; print "PROVISIONING MEMBER..."; my $extra_smb_conf = " passdb backend = samba_dsdb @@ -954,9 +954,12 @@ rpc_server:spoolss = embedded rpc_daemon:spoolssd = embedded rpc_server:tcpip = no "; + if ($more_conf) { + $extra_smb_conf = $extra_smb_conf . $more_conf . "\n"; + } my $ret = $self->provision($prefix, "member server", - "s4member", + $hostname, "SAMBADOMAIN", "samba.example.com", "2008", @@ -1893,6 +1896,11 @@ sub setup_env($$$) $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); } return $self->setup_subdom_dc("$path/subdom_dc", $self->{vars}->{ad_dc_ntvfs}); + } elsif ($envname eq "s4member_dflt_domain") { + if (not defined($self->{vars}->{ad_dc_ntvfs})) { + $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); + } + return $self->setup_s4member_dflt_domain("$path/s4member_dflt_domain", $self->{vars}->{ad_dc_ntvfs}); } elsif ($envname eq "s4member") { if (not defined($self->{vars}->{ad_dc_ntvfs})) { $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); @@ -1931,7 +1939,7 @@ sub setup_s4member($$$) { my ($self, $path, $dc_vars) = @_; - my $env = $self->provision_s4member($path, $dc_vars); + my $env = $self->provision_s4member($path, $dc_vars, "s4member"); if (defined $env) { if (not defined($self->check_or_start($env, "single"))) { @@ -1944,6 +1952,24 @@ sub setup_s4member($$$) return $env; } +sub setup_s4member_dflt_domain($$$) +{ + my ($self, $path, $dc_vars) = @_; + + my $env = $self->provision_s4member($path, $dc_vars, "s4member_dflt", + "winbind use default domain = yes"); + + if (defined $env) { + if (not defined($self->check_or_start($env, "standard"))) { + return undef; + } + + $self->{vars}->{s4member_dflt_domain} = $env; + } + + return $env; +} + sub setup_rpc_proxy($$$) { my ($self, $path, $dc_vars) = @_; diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 66c8509..7eb4e46 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -510,6 +510,13 @@ for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_dc_ntvfs", "ad_member", "s4memb plantestsuite("samba.ntlm_auth.(%s:local)" % env, "%s:local" % env, [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_s3.sh"), valgrindify(python), samba3srcdir, ntlm_auth3, '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', configuration]) +for env in ["s4member_dflt_domain", "s4member"]: + for cmd in ["id", "getent"]: + users = ["$DC_USERNAME", "$DC_USERNAME@$REALM"] + if env == "s4member": + users = ["$DOMAIN/$DC_USERNAME", "$DC_USERNAME@$REALM"] + for usr in users: + plantestsuite("samba4.winbind.dom_name_parse.cmd", env, "%s/dom_parse.sh %s %s" % (bbdir,cmd,usr)) nsstest4 = binpath("nsstest") for env in ["ad_dc:local", "ad_dc_ntvfs:local", "s4member:local", "nt4_dc:local", "ad_member:local", "nt4_member:local"]: diff --git a/testprogs/blackbox/dom_parse.sh b/testprogs/blackbox/dom_parse.sh new file mode 100755 index 0000000..dd14f0d --- /dev/null +++ b/testprogs/blackbox/dom_parse.sh @@ -0,0 +1,27 @@ +#!/bin/sh +# Blackbox wrapper for nsstest +# Copyright (C) 2006-2007 Jelmer Vernooij +# Copyright (C) 2006-2008 Andrew Bartlett + +if [ $# -lt 2 ]; then +cat < Date: Tue, 20 Sep 2016 11:49:49 +0100 Subject: [PATCH 2/2] s3/winbindd: using default domain with user@domain.com format fails For example for samba client joined to a windows AD DC the following commands fail if 'winbind use default domain = yes' getent passwd user@domain.com ssh -o user=user@domain.com localhost The same commands succeed if the setting above has the default 'no' value BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298 Signed-off-by: Noel Power --- source3/winbindd/winbindd_util.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index dfc5ea3..bb8bce4 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -1102,10 +1102,11 @@ bool parse_domain_user(const char *domuser, fstring domain, fstring user) if ( !p ) { fstrcpy(user, domuser); + p = strchr(domuser, '@'); - if ( assume_domain(lp_workgroup())) { + if ( assume_domain(lp_workgroup()) && p == NULL) { fstrcpy(domain, lp_workgroup()); - } else if ((p = strchr(domuser, '@')) != NULL) { + } else if (p != NULL) { fstrcpy(domain, p + 1); user[PTR_DIFF(p, domuser)] = 0; } else { -- 2.1.4