From 87f2e306c7e5a4897de28a2a3647ca3749f6d797 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 15 Nov 2022 16:35:15 +0100 Subject: [PATCH 1/3] s3:tests: Add substitution test for include directive BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243 Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke (backported from commit ce3d27a9f5a98b4680af5fb5a595b0e7e94f8c30) --- selftest/target/Samba3.pm | 17 +++++++++++++++++ source3/script/tests/test_substitutions.sh | 10 ++++++++++ 2 files changed, 27 insertions(+) diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index d413f14bacd..64374ab9bcd 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -2674,6 +2674,8 @@ sub provision($$) my $errorinjectconf="$libdir/error_inject.conf"; my $delayinjectconf="$libdir/delay_inject.conf"; my $globalinjectconf="$libdir/global_inject.conf"; + my $aliceconfdir="$libdir"; + my $aliceconffile="$libdir/alice.conf"; my $nss_wrapper_pl = "$ENV{PERL} $self->{srcdir}/third_party/nss_wrapper/nss_wrapper.pl"; my $nss_wrapper_passwd = "$privatedir/passwd"; @@ -3443,6 +3445,8 @@ sub provision($$) [full_audit_fail_bad_name] copy = tmp full_audit:failure = badname + +include = $aliceconfdir/%U.conf "; close(CONF); @@ -3483,6 +3487,19 @@ sub provision($$) } close(DELAYCONF); + unless (open(ALICECONF, ">$aliceconffile")) { + warn("Unable to open $aliceconffile"); + return undef; + } + + print ALICECONF " +[alice_share] + path = $shrdir + comment = smb username is [%U] + "; + + close(ALICECONF); + ## ## create a test account ## diff --git a/source3/script/tests/test_substitutions.sh b/source3/script/tests/test_substitutions.sh index 157381e6cb2..0ccd45aa55e 100755 --- a/source3/script/tests/test_substitutions.sh +++ b/source3/script/tests/test_substitutions.sh @@ -49,4 +49,14 @@ SMB_UNC="//$SERVER/sub_valid_users_group" test_smbclient "Test login to share with substitution for valid user's UNIX group" \ "ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1) +test_smbclient \ + "Test for login to share with include substitution [${USERNAME}]" \ + "ls" "//${SERVER}/${USERNAME}_share" "-U$USERNAME%$PASSWORD" || + failed=$((failed + 1)) + +test_smbclient_expect_failure \ + "Netative test for login to share with include substitution [${DC_USERNAME}]" \ + "ls" "//${SERVER}/${USERNAME}_share" "-U$DC_USERNAME%$DC_PASSWORD" || + failed=$((failed + 1)) + exit $failed -- 2.38.1 From 8f1ba9193b0a11a320754cfbde2ab42b68d61ad4 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 16 Nov 2022 11:23:44 +0100 Subject: [PATCH 2/3] s3:tests: Add substitution test for listing shares BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243 Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke (cherry picked from commit c213ead8c4c1b5287294a67e65f271fbb0b922b2) --- selftest/knownfail.d/sustitutions | 1 + source3/script/tests/test_substitutions.sh | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 selftest/knownfail.d/sustitutions diff --git a/selftest/knownfail.d/sustitutions b/selftest/knownfail.d/sustitutions new file mode 100644 index 00000000000..800b8e03170 --- /dev/null +++ b/selftest/knownfail.d/sustitutions @@ -0,0 +1 @@ +samba3.substitutions.Test.for.share.enum.with.include.substitution diff --git a/source3/script/tests/test_substitutions.sh b/source3/script/tests/test_substitutions.sh index 0ccd45aa55e..aa0b38d1b64 100755 --- a/source3/script/tests/test_substitutions.sh +++ b/source3/script/tests/test_substitutions.sh @@ -20,6 +20,7 @@ failed=0 samba_bindir="$BINDIR" samba_srcdir="$SRCDIR" smbclient="$samba_bindir/smbclient" +rpcclient="$samba_bindir/rpcclient" . $samba_srcdir/testprogs/blackbox/subunit.sh . $samba_srcdir/testprogs/blackbox/common_test_fns.inc @@ -59,4 +60,20 @@ test_smbclient_expect_failure \ "ls" "//${SERVER}/${USERNAME}_share" "-U$DC_USERNAME%$DC_PASSWORD" || failed=$((failed + 1)) +testit_grep_count \ + "Test for share enum with include substitution" \ + "netname: ${USERNAME}_share" \ + 1 \ + ${rpcclient} "ncacn_np:${SERVER}" "-U$USERNAME%$PASSWORD" \ + -c netshareenum || + failed=$((failed + 1)) + +testit_grep_count \ + "Negative test for share enum with include substitution" \ + "netname: ${USERNAME}_share" \ + 0 \ + ${rpcclient} "ncacn_np:${SERVER}" "-U$DC_USERNAME%$DC_PASSWORD" \ + -c netshareenum || + failed=$((failed + 1)) + exit $failed -- 2.38.1 From 2b643c17d486ecbd0b46a9f31aeb3593ad19e464 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 16 Nov 2022 11:24:12 +0100 Subject: [PATCH 3/3] s3:rpc_server: Fix include directive substitution when enumerating shares BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243 Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke (cherry picked from commit f03665bb7e8ea97699062630f2aa1bac4c5dfc7f) --- selftest/knownfail.d/sustitutions | 1 - source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 8 ++++++++ 2 files changed, 8 insertions(+), 1 deletion(-) delete mode 100644 selftest/knownfail.d/sustitutions diff --git a/selftest/knownfail.d/sustitutions b/selftest/knownfail.d/sustitutions deleted file mode 100644 index 800b8e03170..00000000000 --- a/selftest/knownfail.d/sustitutions +++ /dev/null @@ -1 +0,0 @@ -samba3.substitutions.Test.for.share.enum.with.include.substitution diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c index 07bfb759147..233718ff310 100644 --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c @@ -645,6 +645,14 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p, added_home = register_homes_share(unix_name); } + /* + * We need to make sure to reload the services for the connecting user. + * It is possible that the we have includes with substitutions. + * + * include = /etc/samba/%U.conf + */ + reload_services(NULL, NULL, false); + num_services = lp_numservices(); allowed = talloc_zero_array(ctx, bool, num_services); -- 2.38.1