The Samba-Bugzilla – Attachment 12520 Details for
Bug 12298
id/getent/ssh don't handle credentials of the form user@realm when global config "winbind use default domain = yes"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch backported to 4.4
dom-patch-4.4.patch (text/plain), 6.71 KB, created by
Noel Power
on 2016-09-30 11:01:54 UTC
(
hide
)
Description:
patch backported to 4.4
Filename:
MIME Type:
Creator:
Noel Power
Created:
2016-09-30 11:01:54 UTC
Size:
6.71 KB
patch
obsolete
>From d9d30a2439db0caf55a0c37f482c357299df4dd4 Mon Sep 17 00:00:00 2001 >From: Noel Power <noel.power@suse.com> >Date: Thu, 29 Sep 2016 16:50:58 +0100 >Subject: [PATCH 1/2] Add a blackbox tests for id & getent to test domain@realm > type credentials > >Using domain@realm credentials has been problematic when >global conf setting "winbind use default domain" is enabled, this patch >creates a new s4member_dflt_domain environment (where >"winbind use default domain" is enabled) and runs getent & id against the >normal s4member & and new s4member_dflt_domain environments > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298 > >Signed-off-by: Noel Power <noel.power@suse.com> >--- > selftest/target/Samba.pm | 1 + > selftest/target/Samba4.pm | 34 ++++++++++++++++++++++++++++++---- > source4/selftest/tests.py | 7 +++++++ > testprogs/blackbox/dom_parse.sh | 27 +++++++++++++++++++++++++++ > 4 files changed, 65 insertions(+), 4 deletions(-) > create mode 100755 testprogs/blackbox/dom_parse.sh > >diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm >index 17a2bbe..64de27c 100644 >--- a/selftest/target/Samba.pm >+++ b/selftest/target/Samba.pm >@@ -296,6 +296,7 @@ sub get_interface($) > $interfaces{"promotedvdc"} = 33; > $interfaces{"rfc2307member"} = 34; > $interfaces{"fileserver"} = 35; >+ $interfaces{"s4member_dflt"} = 36; > > # update lib/socket_wrapper/socket_wrapper.c > # #define MAX_WRAPPED_INTERFACES 40 >diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >index 836c15d..c031b08 100755 >--- a/selftest/target/Samba4.pm >+++ b/selftest/target/Samba4.pm >@@ -936,9 +936,9 @@ $extra_smbconf_shares > return $self->provision_raw_step2($ctx, $ret); > } > >-sub provision_s4member($$$) >+sub provision_s4member($$$$$) > { >- my ($self, $prefix, $dcvars) = @_; >+ my ($self, $prefix, $dcvars, $hostname, $more_conf) = @_; > print "PROVISIONING MEMBER..."; > my $extra_smb_conf = " > passdb backend = samba_dsdb >@@ -954,9 +954,12 @@ rpc_server:spoolss = embedded > rpc_daemon:spoolssd = embedded > rpc_server:tcpip = no > "; >+ if ($more_conf) { >+ $extra_smb_conf = $extra_smb_conf . $more_conf . "\n"; >+ } > my $ret = $self->provision($prefix, > "member server", >- "s4member", >+ $hostname, > "SAMBADOMAIN", > "samba.example.com", > "2008", >@@ -1893,6 +1896,11 @@ sub setup_env($$$) > $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); > } > return $self->setup_subdom_dc("$path/subdom_dc", $self->{vars}->{ad_dc_ntvfs}); >+ } elsif ($envname eq "s4member_dflt_domain") { >+ if (not defined($self->{vars}->{ad_dc_ntvfs})) { >+ $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); >+ } >+ return $self->setup_s4member_dflt_domain("$path/s4member_dflt_domain", $self->{vars}->{ad_dc_ntvfs}); > } elsif ($envname eq "s4member") { > if (not defined($self->{vars}->{ad_dc_ntvfs})) { > $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs"); >@@ -1931,7 +1939,7 @@ sub setup_s4member($$$) > { > my ($self, $path, $dc_vars) = @_; > >- my $env = $self->provision_s4member($path, $dc_vars); >+ my $env = $self->provision_s4member($path, $dc_vars, "s4member"); > > if (defined $env) { > if (not defined($self->check_or_start($env, "single"))) { >@@ -1944,6 +1952,24 @@ sub setup_s4member($$$) > return $env; > } > >+sub setup_s4member_dflt_domain($$$) >+{ >+ my ($self, $path, $dc_vars) = @_; >+ >+ my $env = $self->provision_s4member($path, $dc_vars, "s4member_dflt", >+ "winbind use default domain = yes"); >+ >+ if (defined $env) { >+ if (not defined($self->check_or_start($env, "standard"))) { >+ return undef; >+ } >+ >+ $self->{vars}->{s4member_dflt_domain} = $env; >+ } >+ >+ return $env; >+} >+ > sub setup_rpc_proxy($$$) > { > my ($self, $path, $dc_vars) = @_; >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 66c8509..7eb4e46 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -510,6 +510,13 @@ for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_dc_ntvfs", "ad_member", "s4memb > > plantestsuite("samba.ntlm_auth.(%s:local)" % env, "%s:local" % env, [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_s3.sh"), valgrindify(python), samba3srcdir, ntlm_auth3, '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', configuration]) > >+for env in ["s4member_dflt_domain", "s4member"]: >+ for cmd in ["id", "getent"]: >+ users = ["$DC_USERNAME", "$DC_USERNAME@$REALM"] >+ if env == "s4member": >+ users = ["$DOMAIN/$DC_USERNAME", "$DC_USERNAME@$REALM"] >+ for usr in users: >+ plantestsuite("samba4.winbind.dom_name_parse.cmd", env, "%s/dom_parse.sh %s %s" % (bbdir,cmd,usr)) > > nsstest4 = binpath("nsstest") > for env in ["ad_dc:local", "ad_dc_ntvfs:local", "s4member:local", "nt4_dc:local", "ad_member:local", "nt4_member:local"]: >diff --git a/testprogs/blackbox/dom_parse.sh b/testprogs/blackbox/dom_parse.sh >new file mode 100755 >index 0000000..dd14f0d >--- /dev/null >+++ b/testprogs/blackbox/dom_parse.sh >@@ -0,0 +1,27 @@ >+#!/bin/sh >+# Blackbox wrapper for nsstest >+# Copyright (C) 2006-2007 Jelmer Vernooij <jelmer@samba.org> >+# Copyright (C) 2006-2008 Andrew Bartlett <abartlet@samba.org> >+ >+if [ $# -lt 2 ]; then >+cat <<EOF >+Usage: dom_parse.sh [id|getent] $USER >+EOF >+exit 1; >+fi >+ >+USER=$2 >+CMD=$1 >+EXTRA="" >+shift 2 >+failed=0 >+ >+. `dirname $0`/subunit.sh >+ >+if [ "$CMD" = "getent" ]; then >+ EXTRA="passwd" >+fi >+ >+testit "samba4.winbind.dom_name_parse.cmd.$CMD" $CMD $EXTRA $USER || failed=`expr $failed + 1` >+ >+exit $failed >-- >2.1.4 > > >From f2afe809625693b8cbc811fdc6799aa750285c4d Mon Sep 17 00:00:00 2001 >From: Noel Power <noel.power@suse.com> >Date: Tue, 20 Sep 2016 11:49:49 +0100 >Subject: [PATCH 2/2] s3/winbindd: using default domain with user@domain.com > format fails > >For example for samba client joined to a windows AD DC the following >commands fail if 'winbind use default domain = yes' > getent passwd user@domain.com > ssh -o user=user@domain.com localhost > >The same commands succeed if the setting above has the default 'no' value > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298 >Signed-off-by: Noel Power <noel.power@suse.com> >--- > source3/winbindd/winbindd_util.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > >diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c >index dfc5ea3..bb8bce4 100644 >--- a/source3/winbindd/winbindd_util.c >+++ b/source3/winbindd/winbindd_util.c >@@ -1102,10 +1102,11 @@ bool parse_domain_user(const char *domuser, fstring domain, fstring user) > > if ( !p ) { > fstrcpy(user, domuser); >+ p = strchr(domuser, '@'); > >- if ( assume_domain(lp_workgroup())) { >+ if ( assume_domain(lp_workgroup()) && p == NULL) { > fstrcpy(domain, lp_workgroup()); >- } else if ((p = strchr(domuser, '@')) != NULL) { >+ } else if (p != NULL) { > fstrcpy(domain, p + 1); > user[PTR_DIFF(p, domuser)] = 0; > } else { >-- >2.1.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12520">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
asn
:
review-
Actions:
View
Attachments on
bug 12298
:
12519
|
12520
|
12521
|
12546
|
12547