Attachment 15090 Details for Bug 13903 – patches for 4.10

[patch] patches for 4.10

patches-4.10 (text/plain), 14.76 KB, created by Christof Schmitt on 2019-04-24 16:44:11 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Christof Schmitt

Created: 2019-04-24 16:44:11 UTC

Size: 14.76 KB

patch

obsolete

>From 34d7bfe8dc6f61b767b311f6c9d6728fcc76503b Mon Sep 17 00:00:00 2001
>From: Christof Schmitt <cs@samba.org>
>Date: Mon, 22 Apr 2019 16:15:20 -0700
>Subject: [PATCH 1/7] selftest: Add gid-to-sid lookup to idmap_ad test
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
>
>Signed-off-by: Christof Schmitt <cs@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit d7b5ad5e6159c224f70bea782bbdc46059e67978)
>---
> nsswitch/tests/test_idmap_ad.sh | 24 ++++++++++++++++++++++++
> 1 file changed, 24 insertions(+)
>
>diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh
>index 7450ae06059..3e36498efcb 100755
>--- a/nsswitch/tests/test_idmap_ad.sh
>+++ b/nsswitch/tests/test_idmap_ad.sh
>@@ -49,6 +49,13 @@ add: gidNumber
> gidNumber: 2000001
> EOF
> 
>+cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD"
>+dn: CN=Domain Admins,CN=Users,$BASE_DN
>+changetype: modify
>+add: gidNumber
>+gidNumber: 2000002
>+EOF
>+
> #
> # Test 1: Test uid of Administrator, should be 2000000
> #
>@@ -79,6 +86,16 @@ test "$out" = "$DOMAIN/administrator:*:2000000:2000001::/home/$DOMAIN/administra
> ret=$?
> testit "Test get userinfo for Administrator works" test $ret -eq 0 || failed=$(expr $failed + 1)
> 
>+#
>+# Test 4: Test lookup from gid to sid
>+#
>+
>+out="$($wbinfo -G 2000002)"
>+echo "wbinfo returned: \"$out\", expecting \"$DOMAIN_SID-512\""
>+test "$out" = "$DOMAIN_SID-512"
>+ret=$?
>+testit "Test gid lookup of Domain Admins" test $ret -eq 0 || failed=$(expr $failed + 1)
>+
> #
> # Remove POSIX ids from AD
> #
>@@ -96,4 +113,11 @@ delete: gidNumber
> gidNumber: 2000001
> EOF
> 
>+cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD"
>+dn: CN=Domain Admins,CN=Users,$BASE_DN
>+changetype: modify
>+delete: gidNumber
>+gidNumber: 2000002
>+EOF
>+
> exit $failed
>-- 
>2.17.0
>
>
>From d7881063f197206d27ebfe1ff93979c7629e377e Mon Sep 17 00:00:00 2001
>From: Christof Schmitt <cs@samba.org>
>Date: Wed, 17 Apr 2019 16:12:27 -0700
>Subject: [PATCH 2/7] selftest: Use fl2008r2dc for ad_member_idmap_ad
>
>fl2008r2dc already has a trusted domain. That will be used to use
>idmap_ad for querying idmap attributes from the trusted domain.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
>
>Signed-off-by: Christof Schmitt <cs@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 8266bd1f45d1b5b2a61d84006ab8e8e1ed0e52a9)
>---
> selftest/target/Samba3.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
>index f11bb9312df..aef179e17ed 100755
>--- a/selftest/target/Samba3.pm
>+++ b/selftest/target/Samba3.pm
>@@ -184,7 +184,7 @@ sub check_env($$)
> 	ad_member           => ["ad_dc"],
> 	ad_member_rfc2307   => ["ad_dc_ntvfs"],
> 	ad_member_idmap_rid => ["ad_dc"],
>-	ad_member_idmap_ad  => ["ad_dc"],
>+	ad_member_idmap_ad  => ["fl2008r2dc"],
> );
> 
> sub setup_nt4_dc
>-- 
>2.17.0
>
>
>From 419bdbc034e2bdedf2219be731098e691dff225a Mon Sep 17 00:00:00 2001
>From: Christof Schmitt <cs@samba.org>
>Date: Thu, 18 Apr 2019 13:04:09 -0700
>Subject: [PATCH 3/7] selftest: Make trusted domain information available for
> idmap_ad environment
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
>
>Signed-off-by: Christof Schmitt <cs@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 281fb81ab1c72831c752be44fd1bfdcfd10bd798)
>---
> selftest/target/Samba3.pm | 7 +++++++
> 1 file changed, 7 insertions(+)
>
>diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
>index aef179e17ed..cdaf9e5080b 100755
>--- a/selftest/target/Samba3.pm
>+++ b/selftest/target/Samba3.pm
>@@ -764,6 +764,13 @@ sub setup_ad_member_idmap_ad
> 	$ret->{DC_USERNAME} = $dcvars->{USERNAME};
> 	$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
> 
>+	$ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER};
>+	$ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME};
>+	$ret->{TRUST_PASSWORD} = $dcvars->{TRUST_PASSWORD};
>+	$ret->{TRUST_DOMAIN} = $dcvars->{TRUST_DOMAIN};
>+	$ret->{TRUST_REALM} = $dcvars->{TRUST_REALM};
>+	$ret->{TRUST_DOMSID} = $dcvars->{TRUST_DOMSID};
>+
> 	return $ret;
> }
> 
>-- 
>2.17.0
>
>
>From bca71b12b8aa9707775cd39a9089bfdb12e49b49 Mon Sep 17 00:00:00 2001
>From: Christof Schmitt <cs@samba.org>
>Date: Mon, 22 Apr 2019 16:07:02 -0700
>Subject: [PATCH 4/7] selftest: Add idmap configuration for trusted domain for
> idmap_ad
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
>
>Signed-off-by: Christof Schmitt <cs@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 65e1d783cb17904cd117d896569e7cbe79a3131b)
>---
> selftest/target/Samba3.pm | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
>index cdaf9e5080b..892a6a15e2d 100755
>--- a/selftest/target/Samba3.pm
>+++ b/selftest/target/Samba3.pm
>@@ -698,6 +698,8 @@ sub setup_ad_member_idmap_ad
> 	idmap config * : range = 1000000-1999999
> 	idmap config $dcvars->{DOMAIN} : backend = ad
> 	idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
>+	idmap config $dcvars->{TRUST_DOMAIN} : backend = ad
>+	idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999
> ";
> 
> 	my $ret = $self->provision($prefix, $dcvars->{DOMAIN},
>-- 
>2.17.0
>
>
>From 62afe2a252a99f72abb491e31446819d32abfe95 Mon Sep 17 00:00:00 2001
>From: Christof Schmitt <cs@samba.org>
>Date: Mon, 22 Apr 2019 16:38:11 -0700
>Subject: [PATCH 5/7] selftest: Pass trusted domain information to idmap_ad
> test
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
>
>Signed-off-by: Christof Schmitt <cs@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit ac0f8656eed39a4527a5336cf93aa1508666f79b)
>---
> nsswitch/tests/test_idmap_ad.sh | 7 +++++--
> source3/selftest/tests.py       | 2 +-
> 2 files changed, 6 insertions(+), 3 deletions(-)
>
>diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh
>index 3e36498efcb..d89ed20a799 100755
>--- a/nsswitch/tests/test_idmap_ad.sh
>+++ b/nsswitch/tests/test_idmap_ad.sh
>@@ -3,14 +3,17 @@
> # Basic testing of id mapping with idmap_ad
> #
> 
>-if [ $# -ne 3 ]; then
>-	echo Usage: $0 DOMAIN DC_SERVER DC_PASSWORD
>+if [ $# -ne 6 ]; then
>+	echo Usage: $0 DOMAIN DC_SERVER DC_PASSWORD TRUST_DOMAIN TRUST_SERVER TRUST_PASSWORD
> 	exit 1
> fi
> 
> DOMAIN="$1"
> DC_SERVER="$2"
> DC_PASSWORD="$3"
>+TRUST_DOMAIN="$4"
>+TRUST_SERVER="$5"
>+TRUST_PASSWORD="$6"
> 
> wbinfo="$VALGRIND $BINDIR/wbinfo"
> ldbmodify="$VALGRIND $BINDIR/ldbmodify"
>diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
>index 1eb220ddcce..7067abc5fb4 100755
>--- a/source3/selftest/tests.py
>+++ b/source3/selftest/tests.py
>@@ -564,7 +564,7 @@ for t in tests:
>     elif t == "idmap.rid":
>         plantestsuite(t, "ad_member_idmap_rid", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rid.sh"), '$DOMAIN', '2000000'])
>     elif t == "idmap.ad":
>-        plantestsuite(t, "ad_member_idmap_ad", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_ad.sh"), '$DOMAIN', '$DC_SERVER', '$DC_PASSWORD'])
>+        plantestsuite(t, "ad_member_idmap_ad", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_ad.sh"), '$DOMAIN', '$DC_SERVER', '$DC_PASSWORD', '$TRUST_DOMAIN', '$TRUST_SERVER', '$TRUST_PASSWORD'])
>     elif t == "raw.acls":
>         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
>         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/nfs4acl_simple_40 -U$USERNAME%$PASSWORD', description='nfs4acl_xattr-simple-40')
>-- 
>2.17.0
>
>
>From bdbd39b6ab7f84b98527c7e3f599a8de1f563b01 Mon Sep 17 00:00:00 2001
>From: Christof Schmitt <cs@samba.org>
>Date: Mon, 22 Apr 2019 16:41:42 -0700
>Subject: [PATCH 6/7] selftest: Add trusted domain tests for idmap_ad
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
>
>Signed-off-by: Christof Schmitt <cs@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 2577f43a133f8b8eb997b9529a38e21c77b5da22)
>---
> nsswitch/tests/test_idmap_ad.sh | 106 ++++++++++++++++++++++++++++++++
> selftest/knownfail              |   1 +
> 2 files changed, 107 insertions(+)
>
>diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh
>index d89ed20a799..d919dcd09e2 100755
>--- a/nsswitch/tests/test_idmap_ad.sh
>+++ b/nsswitch/tests/test_idmap_ad.sh
>@@ -29,12 +29,24 @@ if [ $? -ne 0 ] ; then
>     exit 1
> fi
> 
>+TRUST_DOMAIN_SID=$($wbinfo -n "$TRUST_DOMAIN/" | cut -f 1 -d " ")
>+if [ $? -ne 0 ] ; then
>+    echo "Could not find trusted domain SID" | subunit_fail_test "test_idmap_ad"
>+    exit 1
>+fi
>+
> BASE_DN=$($ldbsearch -H ldap://$DC_SERVER -b "" -s base defaultNamingContext | awk '/^defaultNamingContext/ {print $2}')
> if [ $? -ne 0 ] ; then
>     echo "Could not find base DB" | subunit_fail_test "test_idmap_ad"
>     exit 1
> fi
> 
>+TRUST_BASE_DN=$($ldbsearch -H ldap://$TRUST_SERVER -b "" -s base defaultNamingContext | awk '/^defaultNamingContext/ {print $2}')
>+if [ $? -ne 0 ] ; then
>+    echo "Could not find trusted base DB" | subunit_fail_test "test_idmap_ad"
>+    exit 1
>+fi
>+
> #
> # Add POSIX ids to AD
> #
>@@ -59,6 +71,33 @@ add: gidNumber
> gidNumber: 2000002
> EOF
> 
>+#
>+# Add POSIX ids to trusted domain
>+#
>+cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
>+		       -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
>+dn: CN=Administrator,CN=Users,$TRUST_BASE_DN
>+changetype: modify
>+add: uidNumber
>+uidNumber: 2500000
>+EOF
>+
>+cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
>+		       -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
>+dn: CN=Domain Users,CN=Users,$TRUST_BASE_DN
>+changetype: modify
>+add: gidNumber
>+gidNumber: 2500001
>+EOF
>+
>+cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
>+		       -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
>+dn: CN=Domain Admins,CN=Users,$TRUST_BASE_DN
>+changetype: modify
>+add: gidNumber
>+gidNumber: 2500002
>+EOF
>+
> #
> # Test 1: Test uid of Administrator, should be 2000000
> #
>@@ -99,6 +138,46 @@ test "$out" = "$DOMAIN_SID-512"
> ret=$?
> testit "Test gid lookup of Domain Admins" test $ret -eq 0 || failed=$(expr $failed + 1)
> 
>+#
>+# Trusted domain test 1: Test uid of Administrator, should be 2500000
>+#
>+
>+out="$($wbinfo -S $TRUST_DOMAIN_SID-500)"
>+echo "wbinfo returned: \"$out\", expecting \"2500000\""
>+test "$out" = "2500000"
>+ret=$?
>+testit "Test uid of Administrator in trusted domain is 2500000" test $ret -eq 0 || failed=$(expr $failed + 1)
>+
>+#
>+# Trusted domain test 2: Test gid of Domain Users, should be 2500001
>+#
>+
>+out="$($wbinfo -Y $TRUST_DOMAIN_SID-513)"
>+echo "wbinfo returned: \"$out\", expecting \"2500001\""
>+test "$out" = "2500001"
>+ret=$?
>+testit "Test uid of Domain Users in trusted domain is 2500001" test $ret -eq 0 || failed=$(expr $failed + 1)
>+
>+#
>+# Trusted domain test 3: Test get userinfo for Administrator works
>+#
>+
>+out="$($wbinfo -i $TRUST_DOMAIN/Administrator)"
>+echo "wbinfo returned: \"$out\", expecting \"$TRUST_DOMAIN/administrator:*:2500000:2500001::/home/$TRUST_DOMAIN/administrator:/bin/false\""
>+test "$out" = "$TRUST_DOMAIN/administrator:*:2500000:2500001::/home/$TRUST_DOMAIN/administrator:/bin/false"
>+ret=$?
>+testit "Test get userinfo for Administrator works" test $ret -eq 0 || failed=$(expr $failed + 1)
>+
>+#
>+# Trusted domain test 4: Test lookup from gid to sid
>+#
>+
>+out="$($wbinfo -G 2500002)"
>+echo "wbinfo returned: \"$out\", expecting \"$TRUST_DOMAIN_SID-512\""
>+test "$out" = "$TRUST_DOMAIN_SID-512"
>+ret=$?
>+testit "Test gid lookup of Domain Admins in trusted domain." test $ret -eq 0 || failed=$(expr $failed + 1)
>+
> #
> # Remove POSIX ids from AD
> #
>@@ -123,4 +202,31 @@ delete: gidNumber
> gidNumber: 2000002
> EOF
> 
>+#
>+# Remove POSIX ids from trusted domain
>+#
>+cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
>+		       -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
>+dn: CN=Administrator,CN=Users,$TRUST_BASE_DN
>+changetype: modify
>+delete: uidNumber
>+uidNumber: 2500000
>+EOF
>+
>+cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
>+		       -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
>+dn: CN=Domain Users,CN=Users,$TRUST_BASE_DN
>+changetype: modify
>+delete: gidNumber
>+gidNumber: 2500001
>+EOF
>+
>+cat <<EOF | $ldbmodify -H ldap://$TRUST_SERVER \
>+		       -U "$TRUST_DOMAIN\Administrator%$TRUST_PASSWORD"
>+dn: CN=Domain Admins,CN=Users,$TRUST_BASE_DN
>+changetype: modify
>+delete: gidNumber
>+gidNumber: 2500002
>+EOF
>+
> exit $failed
>diff --git a/selftest/knownfail b/selftest/knownfail
>index 7176e097eb2..80f99540755 100644
>--- a/selftest/knownfail
>+++ b/selftest/knownfail
>@@ -360,3 +360,4 @@
> ^samba.tests.ntlmdisabled.python$ktest$.python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password$ktest$
> ^samba.tests.ntlmdisabled.python$ad_dc_no_ntlm$.python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection$ad_dc_no_ntlm$
> ^samba.tests.ntlmdisabled.python$ad_dc_no_ntlm$.python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection$ad_dc_no_ntlm$
>+^idmap.ad.Test gid lookup of Domain Admins in trusted domain.$ad_member_idmap_ad$
>-- 
>2.17.0
>
>
>From 3193f6c163f09ed43d5c21bb914ba46b4d8889c1 Mon Sep 17 00:00:00 2001
>From: Volker Lendecke <vl@samba.org>
>Date: Fri, 12 Apr 2019 16:56:45 +0200
>Subject: [PATCH 7/7] winbind: Fix overlapping id ranges
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
>
>Signed-off-by: Volker Lendecke <vl@samba.org>
>Reviewed-by: Christof Schmitt <cs@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>
>Autobuild-User(master): Jeremy Allison <jra@samba.org>
>Autobuild-Date(master): Wed Apr 24 02:25:56 UTC 2019 on sn-devel-184
>
>(cherry picked from commit 3020050bdf9df077ec9a0e962a689557187174ac)
>---
> selftest/knownfail              |  1 -
> source3/winbindd/wb_xids2sids.c | 12 ++++++++++--
> 2 files changed, 10 insertions(+), 3 deletions(-)
>
>diff --git a/selftest/knownfail b/selftest/knownfail
>index 80f99540755..7176e097eb2 100644
>--- a/selftest/knownfail
>+++ b/selftest/knownfail
>@@ -360,4 +360,3 @@
> ^samba.tests.ntlmdisabled.python$ktest$.python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password$ktest$
> ^samba.tests.ntlmdisabled.python$ad_dc_no_ntlm$.python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection$ad_dc_no_ntlm$
> ^samba.tests.ntlmdisabled.python$ad_dc_no_ntlm$.python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection$ad_dc_no_ntlm$
>-^idmap.ad.Test gid lookup of Domain Admins in trusted domain.$ad_member_idmap_ad$
>diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
>index c5a35275d53..9ddc71f3796 100644
>--- a/source3/winbindd/wb_xids2sids.c
>+++ b/source3/winbindd/wb_xids2sids.c
>@@ -302,7 +302,11 @@ static struct tevent_req *wb_xids2sids_dom_send(
> 			continue;
> 		}
> 		if (state->cached[i]) {
>-			/* already mapped */
>+			/* already found in cache */
>+			continue;
>+		}
>+		if (!is_null_sid(&state->all_sids[i])) {
>+			/* already mapped in a previously asked domain */
> 			continue;
> 		}
> 		state->dom_xids[state->num_dom_xids++] = id;
>@@ -369,7 +373,11 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq)
> 			continue;
> 		}
> 		if (state->cached[i]) {
>-			/* already mapped */
>+			/* already found in cache */
>+			continue;
>+		}
>+		if (!is_null_sid(&state->all_sids[i])) {
>+			/* already mapped in a previously asked domain */
> 			continue;
> 		}
> 
>-- 
>2.17.0
>

Flags:

jra: review+

Actions: View

Attachments on bug 13903: 15090 | 15091