The Samba-Bugzilla – Attachment 15500 Details for
Bug 14141
getpwnam and getpwuid need to return data for ID_TYPE_BOTH group
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for 4.10
patches-for-4.10 (text/plain), 8.23 KB, created by
Christof Schmitt
on 2019-09-27 22:07:34 UTC
(
hide
)
Description:
Patches for 4.10
Filename:
MIME Type:
Creator:
Christof Schmitt
Created:
2019-09-27 22:07:34 UTC
Size:
8.23 KB
patch
obsolete
>From 5964266fbde53fd2b1b0674085c97ffdfe49d4e4 Mon Sep 17 00:00:00 2001 >From: Christof Schmitt <cs@samba.org> >Date: Wed, 25 Sep 2019 17:19:27 -0700 >Subject: [PATCH 1/2] selftest: Test ID_TYPE_BOTH with idmap_rid module > >ID_TYPE_BOTH means that each user and group has two mappings, a uid and >gid. In addition the calls to getpwent, getpwuid, getgrent and getgrgid >always return some information, so that uid and gid can be mapped to a >name. Establish a test to verify that the expected information is >returned. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141 > >Signed-off-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 485874d6bb328c50c9a98785e85270f28ade7497) >--- > nsswitch/tests/test_idmap_rid.sh | 132 +++++++++++++++++++++++ > selftest/knownfail.d/passwd-id-type-both | 4 + > 2 files changed, 136 insertions(+) > create mode 100644 selftest/knownfail.d/passwd-id-type-both > >diff --git a/nsswitch/tests/test_idmap_rid.sh b/nsswitch/tests/test_idmap_rid.sh >index 8209a50a4fc..4e6477f666e 100755 >--- a/nsswitch/tests/test_idmap_rid.sh >+++ b/nsswitch/tests/test_idmap_rid.sh >@@ -63,4 +63,136 @@ test "$out" = "$SID -> unmapped" > ret=$? > testit "Bogus SID returns unmapped" test $ret -eq 0 || failed=$(expr $failed + 1) > >+# >+# Test 3: ID_TYPE_BOTH mappings for group >+# >+ >+GROUP="$DOMAIN/Domain Users" >+GROUP_SID=$($wbinfo --name-to-sid="$GROUP" | sed -e 's/ .*//') >+ >+uid=$($wbinfo --sid-to-uid=$GROUP_SID) >+ret=$? >+testit "ID_TYPE_BOTH group map to uid succeeds" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+testit "ID_TYPE_BOTH group map to uid has result" test -n $uid ||\ >+ failed=$(expr $failed + 1) >+ >+gid=$($wbinfo --sid-to-gid=$GROUP_SID) >+ret=$? >+testit "ID_TYPE_BOTH group map to gid succeeds" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+testit "ID_TYPE_BOTH group map to gid has result" test -n $gid ||\ >+ failed=$(expr $failed + 1) >+ >+testit "ID_TYPE_BOTH group uid equals gid" test $uid -eq $gid ||\ >+ failed=$(expr $failed + 1) >+ >+group_pw="$DOMAIN/domain users:*:$uid:$gid::/home/$DOMAIN/domain users:/bin/false" >+ >+out=$(getent passwd "$GROUP") >+ret=$? >+testit "getpwnam for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+ >+test "$out" = "$group_pw" >+ret=$? >+testit "getpwnam for ID_TYPE_BOTH group output" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+ >+out=$(getent passwd $uid) >+ret=$? >+testit "getpwuid for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+test "$out" = "$group_pw" >+ret=$? >+testit "getpwuid for ID_TYPE_BOTH group output" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+ >+group_gr="$DOMAIN/domain users:x:$gid:" >+ >+out=$(getent group "$GROUP") >+ret=$? >+testit "getgrnam for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+test "$out" = "$group_gr" >+ret=$? >+testit "getgrnam for ID_TYPE_BOTH group output" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+ >+out=$(getent group "$gid") >+ret=$? >+testit "getgrgid for ID_TYPE_BOTH group succeeds" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+test "$out" = "$group_gr" >+ret=$? >+testit "getgrgid for ID_TYPE_BOTH group output" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+ >+# >+# Test 4: ID_TYPE_BOTH mappings for user >+# >+ >+dom_users_gid=$gid >+ >+USER="$DOMAIN/Administrator" >+USER_SID=$($wbinfo --name-to-sid="$USER" | sed -e 's/ .*//') >+ >+uid=$($wbinfo --sid-to-uid=$USER_SID) >+ret=$? >+testit "ID_TYPE_BOTH user map to uid succeeds" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+testit "ID_TYPE_BOTH user map to uid has result" test -n $uid ||\ >+ failed=$(expr $failed + 1) >+ >+gid=$($wbinfo --sid-to-gid=$USER_SID) >+ret=$? >+testit "ID_TYPE_BOTH user map to gid succeeds" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+testit "ID_TYPE_BOTH user map to gid has result" test -n $gid ||\ >+ failed=$(expr $failed + 1) >+ >+testit "ID_TYPE_BOTH user uid equals gid" test $uid -eq $gid ||\ >+ failed=$(expr $failed + 1) >+ >+user_pw="$DOMAIN/administrator:*:$uid:$dom_users_gid::/home/$DOMAIN/administrator:/bin/false" >+ >+out=$(getent passwd "$USER") >+ret=$? >+testit "getpwnam for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+ >+test "$out" = "$user_pw" >+ret=$? >+testit "getpwnam for ID_TYPE_BOTH user output" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+ >+out=$(getent passwd $uid) >+ret=$? >+testit "getpwuid for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+test "$out" = "$user_pw" >+ret=$? >+testit "getpwuid for ID_TYPE_BOTH user output" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+ >+user_gr="$DOMAIN/administrator:x:$gid:$DOMAIN/administrator" >+ >+out=$(getent group "$USER") >+ret=$? >+testit "getgrnam for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+test "$out" = "$user_gr" >+ret=$? >+testit "getgrnam for ID_TYPE_BOTH user output" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+ >+out=$(getent group "$gid") >+ret=$? >+testit "getgrgid for ID_TYPE_BOTH user succeeds" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+test "$out" = "$user_gr" >+ret=$? >+testit "getgrgid for ID_TYPE_BOTH user output" test $ret -eq 0 ||\ >+ failed=$(expr $failed + 1) >+ > exit $failed >diff --git a/selftest/knownfail.d/passwd-id-type-both b/selftest/knownfail.d/passwd-id-type-both >new file mode 100644 >index 00000000000..e969ef8d165 >--- /dev/null >+++ b/selftest/knownfail.d/passwd-id-type-both >@@ -0,0 +1,4 @@ >+idmap\.rid.getpwnam for ID_TYPE_BOTH group succeeds\(ad_member_idmap_rid\) >+idmap\.rid.getpwnam for ID_TYPE_BOTH group output\(ad_member_idmap_rid\) >+idmap\.rid.getpwuid for ID_TYPE_BOTH group succeeds\(ad_member_idmap_rid\) >+idmap\.rid.getpwuid for ID_TYPE_BOTH group output\(ad_member_idmap_rid\) >-- >2.17.0 > > >From bd7248aa7bb0ca08c19396f5bc15c397de04347d Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Fri, 11 Jan 2019 10:44:30 +0100 >Subject: [PATCH 2/2] winbind: provide passwd struct for group sid with > ID_TYPE_BOTH mapping (again) > >https://git.samba.org/?p=samba.git;a=commitdiff;h=394622ef8c916cf361f8596dba4664dc8d6bfc9e >originally introduced the above feature. > >This functionality was undone as part of "winbind: Restructure get_pwsid" >https://git.samba.org/?p=samba.git;a=commitdiff;h=bce19a6efe11980933531f0349c8f5212419366a >I think that this semantic change was accidential. > >This patch undoes the semantic change and re-establishes the >functionality. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141 > >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Christof Schmitt <cs@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> > >Autobuild-User(master): Christof Schmitt <cs@samba.org> >Autobuild-Date(master): Fri Sep 27 17:25:29 UTC 2019 on sn-devel-184 > >(cherry picked from commit 63c9147f8631d73b52bdd36ff407e0361dcf5178) >--- > selftest/knownfail.d/passwd-id-type-both | 4 ---- > source3/winbindd/wb_queryuser.c | 18 ++++++++++++++++-- > 2 files changed, 16 insertions(+), 6 deletions(-) > delete mode 100644 selftest/knownfail.d/passwd-id-type-both > >diff --git a/selftest/knownfail.d/passwd-id-type-both b/selftest/knownfail.d/passwd-id-type-both >deleted file mode 100644 >index e969ef8d165..00000000000 >--- a/selftest/knownfail.d/passwd-id-type-both >+++ /dev/null >@@ -1,4 +0,0 @@ >-idmap\.rid.getpwnam for ID_TYPE_BOTH group succeeds\(ad_member_idmap_rid\) >-idmap\.rid.getpwnam for ID_TYPE_BOTH group output\(ad_member_idmap_rid\) >-idmap\.rid.getpwuid for ID_TYPE_BOTH group succeeds\(ad_member_idmap_rid\) >-idmap\.rid.getpwuid for ID_TYPE_BOTH group output\(ad_member_idmap_rid\) >diff --git a/source3/winbindd/wb_queryuser.c b/source3/winbindd/wb_queryuser.c >index 17170c3352a..2eb61406fc5 100644 >--- a/source3/winbindd/wb_queryuser.c >+++ b/source3/winbindd/wb_queryuser.c >@@ -166,8 +166,22 @@ static void wb_queryuser_got_domain(struct tevent_req *subreq) > return; > } > >- if (type != SID_NAME_USER) { >- /* allow SID_NAME_COMPUTER? */ >+ switch (type) { >+ case SID_NAME_USER: >+ case SID_NAME_COMPUTER: >+ /* >+ * user case: we only need the account name from lookup_sids >+ */ >+ break; >+ case SID_NAME_DOM_GRP: >+ case SID_NAME_ALIAS: >+ case SID_NAME_WKN_GRP: >+ /* >+ * also treat group-type SIDs (they might map to ID_TYPE_BOTH) >+ */ >+ sid_copy(&info->group_sid, &info->user_sid); >+ break; >+ default: > tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER); > return; > } >-- >2.17.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15500">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 14141
: 15500 |
15501