The Samba-Bugzilla – Attachment 17000 Details for
Bug 14908
net ads status -P broken in a clustered environment
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Patch
bug-14908.txt (text/plain), 8.34 KB, created by
Volker Lendecke
on 2021-11-17 15:42:56 UTC
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Volker Lendecke
Created:
2021-11-17 15:42:56 UTC
Size:
8.34 KB
patch
obsolete
>From f5f632bcae881477fc102e5d6a5dd93ad308869d Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 17 Nov 2021 16:34:07 +0100 >Subject: [PATCH 1/4] selftest: Add reproducer for bug 14908 > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 >Signed-off-by: Volker Lendecke <vl@samba.org> >--- > .../knownfail.d/clustered_machine_account | 1 + > .../script/tests/test_net_machine_account.sh | 23 +++++++++++++++++++ > source3/selftest/tests.py | 9 ++++++++ > 3 files changed, 33 insertions(+) > create mode 100644 selftest/knownfail.d/clustered_machine_account > create mode 100755 source3/script/tests/test_net_machine_account.sh > >diff --git a/selftest/knownfail.d/clustered_machine_account b/selftest/knownfail.d/clustered_machine_account >new file mode 100644 >index 00000000000..16abc62a51c >--- /dev/null >+++ b/selftest/knownfail.d/clustered_machine_account >@@ -0,0 +1 @@ >+^samba3.net_machine_account.net_ads_user\(clusteredmember\) >\ No newline at end of file >diff --git a/source3/script/tests/test_net_machine_account.sh b/source3/script/tests/test_net_machine_account.sh >new file mode 100755 >index 00000000000..f3d145a4784 >--- /dev/null >+++ b/source3/script/tests/test_net_machine_account.sh >@@ -0,0 +1,23 @@ >+#!/bin/sh >+# Reproducer for https://bugzilla.samba.org/show_bug.cgi?id=14908 >+ >+if [ $# -lt 2 ]; then >+ echo "Usage: $0 NET CONFFILE SERVER_IP" >+ exit 1 >+fi >+ >+NET="$1"; shift >+CONFFILE="$1"; shift >+SERVER_IP="$1"; shift >+ >+export UID_WRAPPER_ROOT=1 >+ >+incdir=`dirname $0`/../../../testprogs/blackbox >+. $incdir/subunit.sh >+ >+failed=0 >+ >+testit "net_ads_user" $VALGRIND $NET rpc user --configfile="$CONFFILE" -S "$SERVER_IP" -P || failed=`expr $failed + 1` >+ >+testok $0 $failed >+ >diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py >index c24558d8a8a..64697e487dd 100755 >--- a/source3/selftest/tests.py >+++ b/source3/selftest/tests.py >@@ -1274,6 +1274,15 @@ plantestsuite( > "", > "-b $PREFIX/clusteredmember/unclists/tmp.txt -N 5 -o 10"]) > >+plantestsuite( >+ "samba3.net_machine_account", >+ "clusteredmember", >+ [os.path.join(samba3srcdir, >+ "script/tests/test_net_machine_account.sh"), >+ "bin/net", >+ "$SERVERCONFFILE", >+ "$SERVER_IP"]) >+ > plantestsuite( > "samba3.net_lookup_ldap", > "ad_dc:local", >-- >2.30.2 > > >From 38c8a9ad9e1377ffa649f59cc6d8720365d5cf75 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 17 Nov 2021 12:25:05 +0100 >Subject: [PATCH 2/4] lib: Add required includes to source3/include/secrets.h > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 >Signed-off-by: Volker Lendecke <vl@samba.org> >--- > source3/include/secrets.h | 3 +++ > 1 file changed, 3 insertions(+) > >diff --git a/source3/include/secrets.h b/source3/include/secrets.h >index 2478561cee7..1abfbb07e89 100644 >--- a/source3/include/secrets.h >+++ b/source3/include/secrets.h >@@ -20,6 +20,9 @@ > #ifndef _SECRETS_H > #define _SECRETS_H > >+#include "replace.h" >+#include "librpc/gen_ndr/security.h" >+ > /* the first one is for the hashed password (NT4 style) the latter > for plaintext (ADS) > */ >-- >2.30.2 > > >From 81c90e2e9f44e3f38e5a14dc0d90b29b0cc1e518 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 17 Nov 2021 12:25:58 +0100 >Subject: [PATCH 3/4] cmdline: Add a callback to set the machine account > details > >source3 clients need to work in clustered mode, the default >cli_credentials_set_machine_account() only looks at the local >secrets.tdb file > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 >Signed-off-by: Volker Lendecke <vl@samba.org> >--- > lib/cmdline/cmdline.c | 16 ++++++++++++++-- > lib/cmdline/cmdline.h | 4 ++++ > 2 files changed, 18 insertions(+), 2 deletions(-) > >diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c >index 63e81bc0a7f..0c0b3ead7da 100644 >--- a/lib/cmdline/cmdline.c >+++ b/lib/cmdline/cmdline.c >@@ -30,6 +30,11 @@ static struct cli_credentials *cmdline_creds; > static samba_cmdline_load_config cmdline_load_config_fn; > static struct samba_cmdline_daemon_cfg cmdline_daemon_cfg; > >+static NTSTATUS (*cli_credentials_set_machine_account_fn)( >+ struct cli_credentials *cred, >+ struct loadparm_context *lp_ctx) = >+ cli_credentials_set_machine_account; >+ > /* PRIVATE */ > bool samba_cmdline_set_talloc_ctx(TALLOC_CTX *mem_ctx) > { >@@ -122,6 +127,13 @@ struct samba_cmdline_daemon_cfg *samba_cmdline_get_daemon_cfg(void) > return &cmdline_daemon_cfg; > } > >+void samba_cmdline_set_machine_account_fn( >+ NTSTATUS (*fn) (struct cli_credentials *cred, >+ struct loadparm_context *lp_ctx)) >+{ >+ cli_credentials_set_machine_account_fn = fn; >+} >+ > void samba_cmdline_burn(int argc, char *argv[]) > { > bool found = false; >@@ -792,8 +804,8 @@ static void popt_common_credentials_callback(poptContext popt_ctx, > if (machine_account_pending) { > NTSTATUS status; > >- status = cli_credentials_set_machine_account(creds, >- lp_ctx); >+ status = cli_credentials_set_machine_account_fn( >+ creds, lp_ctx); > if (!NT_STATUS_IS_OK(status)) { > fprintf(stderr, > "Failed to set machine account: %s\n", >diff --git a/lib/cmdline/cmdline.h b/lib/cmdline/cmdline.h >index 1f85da0099e..5cd58c3ddbb 100644 >--- a/lib/cmdline/cmdline.h >+++ b/lib/cmdline/cmdline.h >@@ -131,6 +131,10 @@ struct poptOption *samba_cmdline_get_popt(enum smb_cmdline_popt_options opt); > */ > struct samba_cmdline_daemon_cfg *samba_cmdline_get_daemon_cfg(void); > >+void samba_cmdline_set_machine_account_fn( >+ NTSTATUS (*fn) (struct cli_credentials *cred, >+ struct loadparm_context *lp_ctx)); >+ > /** > * @brief Burn secrets on the command line. > * >-- >2.30.2 > > >From bc35aa8f447bd334a3a48afc18adad7b18e5d356 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 17 Nov 2021 12:27:27 +0100 >Subject: [PATCH 4/4] cmdline: Make -P work in clustered mode > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 >Signed-off-by: Volker Lendecke <vl@samba.org> >--- > lib/cmdline/cmdline_s3.c | 28 +++++++++++++++++++ > lib/cmdline/wscript | 2 +- > .../knownfail.d/clustered_machine_account | 1 - > 3 files changed, 29 insertions(+), 2 deletions(-) > delete mode 100644 selftest/knownfail.d/clustered_machine_account > >diff --git a/lib/cmdline/cmdline_s3.c b/lib/cmdline/cmdline_s3.c >index 639d403aed3..6e2c154c756 100644 >--- a/lib/cmdline/cmdline_s3.c >+++ b/lib/cmdline/cmdline_s3.c >@@ -26,6 +26,7 @@ > #include "auth/credentials/credentials.h" > #include "dynconfig/dynconfig.h" > #include "cmdline_private.h" >+#include "source3/include/secrets.h" > > static bool _require_smbconf; > static enum samba_cmdline_config_type _config_type; >@@ -84,6 +85,31 @@ static bool _samba_cmdline_load_config_s3(void) > return true; > } > >+static NTSTATUS _samba_cmd_set_machine_account_s3( >+ struct cli_credentials *cred, >+ struct loadparm_context *lp_ctx) >+{ >+ struct db_context *db_ctx = secrets_db_ctx(); >+ NTSTATUS status; >+ >+ if (db_ctx == NULL) { >+ DBG_WARNING("failed to open secrets.tdb to obtain our " >+ "trust credentials for %s\n", >+ lpcfg_workgroup(lp_ctx));; >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ >+ status = cli_credentials_set_machine_account_db_ctx( >+ cred, lp_ctx, db_ctx); >+ if (!NT_STATUS_IS_OK(status)) { >+ DBG_WARNING("cli_credentials_set_machine_account_db_ctx " >+ "failed: %s\n", >+ nt_errstr(status)); >+ } >+ >+ return status; >+} >+ > bool samba_cmdline_init(TALLOC_CTX *mem_ctx, > enum samba_cmdline_config_type config_type, > bool require_smbconf) >@@ -119,6 +145,8 @@ bool samba_cmdline_init(TALLOC_CTX *mem_ctx, > } > > samba_cmdline_set_load_config_fn(_samba_cmdline_load_config_s3); >+ samba_cmdline_set_machine_account_fn( >+ _samba_cmd_set_machine_account_s3); > > return true; > } >diff --git a/lib/cmdline/wscript b/lib/cmdline/wscript >index 9c50b47a41c..6b816c859c1 100644 >--- a/lib/cmdline/wscript >+++ b/lib/cmdline/wscript >@@ -19,7 +19,7 @@ def build(bld): > > bld.SAMBA_SUBSYSTEM('CMDLINE_S3', > source='cmdline_s3.c', >- deps='cmdline') >+ deps='cmdline secrets3') > > bld.SAMBA_SUBSYSTEM('CMDLINE_S4', > source='cmdline_s4.c', >diff --git a/selftest/knownfail.d/clustered_machine_account b/selftest/knownfail.d/clustered_machine_account >deleted file mode 100644 >index 16abc62a51c..00000000000 >--- a/selftest/knownfail.d/clustered_machine_account >+++ /dev/null >@@ -1 +0,0 @@ >-^samba3.net_machine_account.net_ads_user\(clusteredmember\) >\ No newline at end of file >-- >2.30.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14908
:
17000
|
17001