The branch, master has been updated via b985c67 s3:selftest run LOCAL-IDMAP-TDB-COMMON in make test via 55870b0 s3:torture: add idmap_tdb_common test code via 0e06d94 s3:winbindd/idmap_tdb: use idmap_tdb_common code via 15b12cb s3:winbindd/idmap_tdb2: fix logic error in set_mapping_action via 627f46c s3:winbindd/idmap_tdb2: use idmap_tdb_common code via e7576e8 s3:winbindd/autorid use idmap_tdb_common code in autorid via c673237 s3:winbindd add idmap_tdb_common file to store common code of TDB idmap backends via 7a07ce2 s3:util add sid_check_is_wellknown_builtin() from 9705a70 move VERSION to alpha21
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit b985c672bf7b6f2b9e2b8b4757dad0cf4b3cd45c Author: Christian Ambach <a...@samba.org> Date: Mon Apr 30 17:02:46 2012 +0200 s3:selftest run LOCAL-IDMAP-TDB-COMMON in make test Autobuild-User: Christian Ambach <a...@samba.org> Autobuild-Date: Tue May 1 11:07:08 CEST 2012 on sn-devel-104 commit 55870b0bf9496a56dcbd3b439959b7347e61a088 Author: Christian Ambach <a...@samba.org> Date: Wed Feb 22 15:44:27 2012 +0100 s3:torture: add idmap_tdb_common test code commit 0e06d944bc87c212713eee3c2d651321deb1c18c Author: Christian Ambach <a...@samba.org> Date: Mon Feb 20 12:13:56 2012 +0100 s3:winbindd/idmap_tdb: use idmap_tdb_common code commit 15b12cbc8ab31f4f8a547f27985f24d72c1f0055 Author: Christian Ambach <a...@samba.org> Date: Sun Feb 26 17:49:23 2012 +0100 s3:winbindd/idmap_tdb2: fix logic error in set_mapping_action fix an endless loop commit 627f46cf1f48d7f742f0cf3405dc7c4cab5349d6 Author: Christian Ambach <a...@samba.org> Date: Fri Feb 17 17:34:03 2012 +0100 s3:winbindd/idmap_tdb2: use idmap_tdb_common code commit e7576e85c9ecb79c40d927733253a844c219064d Author: Christian Ambach <a...@samba.org> Date: Wed Jan 25 19:06:16 2012 +0100 s3:winbindd/autorid use idmap_tdb_common code in autorid - use common logic for the allocation pool - add a idmap_tdb style 1on1 mapping for non-domain SIDs like Everyone (S-1-1-0) commit c673237785ad76c1638e8612218036f1080f4f3f Author: Christian Ambach <a...@samba.org> Date: Mon Jan 16 17:21:38 2012 +0100 s3:winbindd add idmap_tdb_common file to store common code of TDB idmap backends commit 7a07ce268038c51c0c8a219e21d657bae68d40cd Author: Christian Ambach <a...@samba.org> Date: Tue Jan 17 13:59:56 2012 +0100 s3:util add sid_check_is_wellknown_builtin() ----------------------------------------------------------------------- Summary of changes: source3/Makefile.in | 10 +- source3/include/proto.h | 1 + source3/lib/util_builtin.c | 27 + source3/selftest/tests.py | 1 + source3/torture/proto.h | 1 + source3/torture/test_idmap_tdb_common.c | 1028 +++++++++++++++++++++++++++++++ source3/torture/torture.c | 1 + source3/winbindd/idmap_autorid.c | 313 +++++++--- source3/winbindd/idmap_tdb.c | 576 +----------------- source3/winbindd/idmap_tdb2.c | 450 +++----------- source3/winbindd/idmap_tdb_common.c | 654 ++++++++++++++++++++ source3/winbindd/idmap_tdb_common.h | 137 ++++ source3/winbindd/wscript_build | 2 +- source3/wscript_build | 2 + 14 files changed, 2198 insertions(+), 1005 deletions(-) create mode 100644 source3/torture/test_idmap_tdb_common.c create mode 100644 source3/winbindd/idmap_tdb_common.c create mode 100644 source3/winbindd/idmap_tdb_common.h Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index 37419de..8b02d64 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1281,6 +1281,7 @@ SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/uta torture/test_msg.o \ torture/test_notify.o \ torture/test_dbwrap_watch.o \ + torture/test_idmap_tdb_common.o \ torture/t_strappend.o SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) $(TLDAP_OBJ) \ @@ -1374,7 +1375,12 @@ PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(PASSDB_ IDMAP_RW_OBJ = winbindd/idmap_rw.o -IDMAP_OBJ = winbindd/idmap.o winbindd/idmap_util.o $(IDMAP_RW_OBJ) @IDMAP_STATIC@ +IDMAP_TDB_COMMON_OBJ = winbindd/idmap_tdb_common.o + +IDMAP_UTIL_OBJ = winbindd/idmap_util.o $(IDMAP_RW_OBJ) \ + $(IDMAP_TDB_COMMON_OBJ) + +IDMAP_OBJ = winbindd/idmap.o $(IDMAP_UTIL_OBJ) @IDMAP_STATIC@ NSS_INFO_OBJ = winbindd/nss_info.o @NSS_INFO_STATIC@ @@ -1965,7 +1971,7 @@ bin/nmblookup: $(BINARY_PREREQS) $(NMBLOOKUP_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LI bin/smbtorture: $(BINARY_PREREQS) $(SMBTORTURE_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @echo Linking $@ - @$(CC) -o $@ $(SMBTORTURE_OBJ) $(LDFLAGS) $(DYNEXP) \ + @$(CC) -o $@ $(SMBTORTURE_OBJ) $(IDMAP_UTIL_OBJ) $(LDFLAGS) $(DYNEXP) \ $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) \ $(LIBTDB_LIBS) $(ZLIB_LIBS) $(LIBWBCLIENT_LIBS) diff --git a/source3/include/proto.h b/source3/include/proto.h index c2c74fa..686b230 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -559,6 +559,7 @@ bool lookup_builtin_name(const char *name, uint32 *rid); const char *builtin_domain_name(void); bool sid_check_is_builtin(const struct dom_sid *sid); bool sid_check_is_in_builtin(const struct dom_sid *sid); +bool sid_check_is_wellknown_builtin(const struct dom_sid *sid); /* The following definitions come from lib/util_file.c */ diff --git a/source3/lib/util_builtin.c b/source3/lib/util_builtin.c index 3aae509..c87c849 100644 --- a/source3/lib/util_builtin.c +++ b/source3/lib/util_builtin.c @@ -129,3 +129,30 @@ bool sid_check_is_in_builtin(const struct dom_sid *sid) return sid_check_is_builtin(&dom_sid); } + +/******************************************************************** + Check if the SID is one of the well-known builtin SIDs (S-1-5-32-x) +*********************************************************************/ + +bool sid_check_is_wellknown_builtin(const struct dom_sid *sid) +{ + struct dom_sid dom_sid; + const struct rid_name_map *aliases = builtin_aliases; + uint32_t rid; + + sid_copy(&dom_sid, sid); + sid_split_rid(&dom_sid, &rid); + + if (!sid_check_is_builtin(&dom_sid)) { + return false; + } + + while (aliases->name != NULL) { + if (aliases->rid == rid) { + return True; + } + aliases++; + } + + return False; +} diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index c40f878..8073e99 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -105,6 +105,7 @@ local_tests=[ "LOCAL-TEVENT-SELECT", "LOCAL-CONVERT-STRING", "LOCAL-CONV-AUTH-INFO", + "LOCAL-IDMAP-TDB-COMMON", "LOCAL-hex_encode_buf", "LOCAL-sprintf_append"] diff --git a/source3/torture/proto.h b/source3/torture/proto.h index 4fde448..80618ce 100644 --- a/source3/torture/proto.h +++ b/source3/torture/proto.h @@ -109,5 +109,6 @@ bool run_msg_test(int dummy); bool run_notify_bench2(int dummy); bool run_notify_bench3(int dummy); bool run_dbwrap_watch1(int dummy); +bool run_idmap_tdb_common_test(int dummy); #endif /* __TORTURE_H__ */ diff --git a/source3/torture/test_idmap_tdb_common.c b/source3/torture/test_idmap_tdb_common.c new file mode 100644 index 0000000..e24fc21 --- /dev/null +++ b/source3/torture/test_idmap_tdb_common.c @@ -0,0 +1,1028 @@ +/* + Unix SMB/CIFS implementation. + IDMAP TDB common code tester + + Copyright (C) Christian Ambach 2012 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "system/filesys.h" +#include "torture/proto.h" +#include "idmap.h" +#include "winbindd/idmap_rw.h" +#include "winbindd/idmap_tdb_common.h" +#include "winbindd/winbindd.h" +#include "winbindd/winbindd_proto.h" +#include "dbwrap/dbwrap.h" +#include "dbwrap/dbwrap_open.h" +#include "../libcli/security/dom_sid.h" + +#define HWM_GROUP "GROUP HWM" +#define HWM_USER "USER HWM" + +#define LOW_ID 100 +#define HIGH_ID 199 + +#define TESTDB "/tmp/idmap_test.tdb" + +#define DOM_SID1 "S-1-5-21-1234-5678-9012" +#define DOM_SID2 "S-1-5-21-0123-5678-9012" +#define DOM_SID3 "S-1-5-21-0012-5678-9012" +#define DOM_SID4 "S-1-5-21-0001-5678-9012" +#define DOM_SID5 "S-1-5-21-2345-5678-9012" +#define DOM_SID6 "S-1-5-21-3456-5678-9012" + +/* overwrite some winbind internal functions */ +struct winbindd_domain *find_domain_from_name(const char *domain_name) +{ + return NULL; +} + +bool get_global_winbindd_state_offline(void) { + return false; +} + +bool winbindd_use_idmap_cache(void) { + return false; +} + +bool idmap_is_online(void) +{ + return true; +} + +NTSTATUS idmap_backends_sid_to_unixid(const char *domain, struct id_map *id) +{ + return NT_STATUS_OK; +} + +NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) +{ + return NT_STATUS_OK; +} + +static bool open_db(struct idmap_tdb_common_context *ctx) +{ + NTSTATUS status; + + if(ctx->db) { + /* already open */ + return true; + } + + unlink(TESTDB); + + ctx->db = db_open(ctx, TESTDB, 0, TDB_DEFAULT, + O_RDWR | O_CREAT | O_EXCL, 0600, + DBWRAP_LOCK_ORDER_1); + + if(dbwrap_transaction_start(ctx->db) != 0) { + DEBUG(0, ("Failed to start transaction!\n")); + return false; + } + + status = dbwrap_store_uint32(ctx->db, ctx->hwmkey_uid, LOW_ID); + if(!NT_STATUS_IS_OK(status)) { + dbwrap_transaction_cancel(ctx->db); + return false; + } + + status = dbwrap_store_uint32(ctx->db, ctx->hwmkey_gid, LOW_ID); + if(!NT_STATUS_IS_OK(status)) { + dbwrap_transaction_cancel(ctx->db); + return false; + } + + if(dbwrap_transaction_commit(ctx->db) != 0) { + DEBUG(0, ("Failed to commit transaction!\n")); + return false; + } + + return true; +} + +static struct idmap_tdb_common_context *createcontext(TALLOC_CTX *memctx) +{ + struct idmap_tdb_common_context *ret; + + ret = talloc_zero(memctx, struct idmap_tdb_common_context); + ret->rw_ops = talloc_zero(ret, struct idmap_rw_ops); + + ret->max_id = HIGH_ID; + ret->hwmkey_uid = HWM_USER; + ret->hwmkey_gid = HWM_GROUP; + + ret->rw_ops->get_new_id = idmap_tdb_common_get_new_id; + ret->rw_ops->set_mapping = idmap_tdb_common_set_mapping; + + open_db(ret); + + return ret; +} + +static struct idmap_domain *createdomain(TALLOC_CTX *memctx) +{ + struct idmap_domain *dom; + + dom = talloc_zero(memctx, struct idmap_domain); + dom->name = "*"; + dom->low_id = LOW_ID; + dom->high_id = HIGH_ID; + dom->read_only = false; + dom->methods = talloc_zero(dom, struct idmap_methods); + dom->methods->sids_to_unixids = idmap_tdb_common_sids_to_unixids; + dom->methods->unixids_to_sids = idmap_tdb_common_unixids_to_sids; + dom->methods->allocate_id = idmap_tdb_common_get_new_id; + + return dom; +} + +static bool test_getnewid1(TALLOC_CTX *memctx, struct idmap_domain *dom) +{ + NTSTATUS status; + struct unixid id; + + id.type = ID_TYPE_UID; + + status = idmap_tdb_common_get_new_id(dom, &id); + + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("test_getnewid1: Could not allocate id!\n")); + return false; + } + + if(id.id == 0) { + DEBUG(0, ("test_getnewid1: Allocate returned " + "empty id!\n")); + return false; + } + + if(id.id > HIGH_ID || id.id < LOW_ID) { + DEBUG(0, ("test_getnewid1: Allocate returned " + "out of range id!\n")); + return false; + } + + DEBUG(0, ("test_getnewid1: PASSED!\n")); + + return true; +} + +static bool test_getnewid2(TALLOC_CTX *memctx, struct idmap_domain *dom) +{ + NTSTATUS status; + struct unixid id; + int i, left; + + id.type = ID_TYPE_UID; + + status = idmap_tdb_common_get_new_id(dom, &id); + + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("test_getnewid2: Could not allocate id!\n")); + return false; + } + + if(id.id == 0) { + DEBUG(0, ("test_getnewid2: Allocate returned " + "empty id!\n")); + return false; + } + + if(id.id > HIGH_ID || id.id < LOW_ID) { + DEBUG(0, ("test_getnewid2: Allocate returned " + "out of range id!\n")); + return false; + } + + /* how many ids are left? */ + + left = HIGH_ID - id.id; + + /* consume them all */ + for(i = 0; i<left; i++) { + + status = idmap_tdb_common_get_new_id(dom, &id); + + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("test_getnewid2: Allocate returned " + "error %s\n", nt_errstr(status))); + return false; + } + + if(id.id > HIGH_ID) { + DEBUG(0, ("test_getnewid2: Allocate returned " + "out of range id (%d)!\n", id.id)); + return false; + } + } + + /* one more must fail */ + status = idmap_tdb_common_get_new_id(dom, &id); + + if(NT_STATUS_IS_OK(status)) { + DEBUG(0, ("test_getnewid2: Could allocate id (%d) from " + "depleted pool!\n", id.id)); + return false; + } + + DEBUG(0, ("test_getnewid2: PASSED!\n")); + + return true; +} + +static bool test_setmap1(TALLOC_CTX *memctx, struct idmap_domain *dom) +{ + NTSTATUS status; + struct id_map map; + + ZERO_STRUCT(map); + + /* test for correct return code with invalid data */ + + status = idmap_tdb_common_set_mapping(dom, NULL); + if(!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { + DEBUG(0, ("test_setmap1: bad parameter handling!\n")); + return false; + } + + status = idmap_tdb_common_set_mapping(dom, &map); + if(!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { + DEBUG(0, ("test_setmap1: bad parameter handling!\n")); + return false; + } + + map.sid = dom_sid_parse_talloc(memctx, DOM_SID1 "-100"); + + map.xid.type = ID_TYPE_NOT_SPECIFIED; + map.xid.id = 4711; + + status = idmap_tdb_common_set_mapping(dom, &map); + if(!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { + DEBUG(0, ("test_setmap1: bad parameter handling!\n")); + return false; + } + + /* now the good ones */ + map.xid.type = ID_TYPE_UID; + map.xid.id = 0; + + status = idmap_tdb_common_get_new_id(dom, &(map.xid)); + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("test_setmap1: get_new_uid failed!\n")); + return false; + } + + status = idmap_tdb_common_set_mapping(dom, &map); + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("test_setmap1: setting UID mapping failed!\n")); + return false; + } + + /* try to set the same mapping again as group (must fail) */ + + map.xid.type = ID_TYPE_GID; + status = idmap_tdb_common_set_mapping(dom, &map); + if(NT_STATUS_IS_OK(status)) { + DEBUG(0, ("test_setmap1: could create map for " + "group and user!\n")); + return false; + } + + /* now a group with a different SID*/ + map.xid.id = 0; + + map.sid = dom_sid_parse_talloc(memctx, DOM_SID1 "-101"); + + status = idmap_tdb_common_get_new_id(dom, &(map.xid)); + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("test_setmap1: get_new_gid failed!\n")); + return false; + } + + status = idmap_tdb_common_set_mapping(dom, &map); + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("test_setmap1: setting GID mapping failed!\n")); + return false; + } + DEBUG(0, ("test_setmap1: PASSED!\n")); + + return true; +} + +static bool test_sid2unixid1(TALLOC_CTX *memctx, struct idmap_domain *dom) +{ + NTSTATUS status1, status2, status3; + struct id_map map; + + /* check for correct dealing with bad parameters */ + status1 = idmap_tdb_common_sid_to_unixid(NULL, &map); + status2 = idmap_tdb_common_sid_to_unixid(dom, NULL); + status3 = idmap_tdb_common_sid_to_unixid(NULL, NULL); + + if(!NT_STATUS_EQUAL(NT_STATUS_INVALID_PARAMETER, status1) || + !NT_STATUS_EQUAL(NT_STATUS_INVALID_PARAMETER, status2) || + !NT_STATUS_EQUAL(NT_STATUS_INVALID_PARAMETER, status3)) { + DEBUG(0, ("test_setmap1: bad parameter handling!\n")); + return false; + } + + DEBUG(0, ("test_unixid2sid1: PASSED!\n")); + + return true; +} + +static bool test_sid2unixid2(TALLOC_CTX *memctx, struct idmap_domain *dom) +{ + NTSTATUS status; + struct id_map uid_map, gid_map, test_map; + bool doagain = true; + + ZERO_STRUCT(uid_map); + ZERO_STRUCT(gid_map); + + /* create two mappings for a UID and GID */ + +again: + + uid_map.sid = dom_sid_parse_talloc(memctx, DOM_SID2 "-1000"); + uid_map.xid.type = ID_TYPE_UID; + + gid_map.sid = dom_sid_parse_talloc(memctx, DOM_SID2 "-1001"); + gid_map.xid.type = ID_TYPE_GID; + + status = idmap_tdb_common_new_mapping(dom, &uid_map); + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("test_sid2unixid1: could not create uid map!\n")); + return false; + } + + status = idmap_tdb_common_new_mapping(dom, &gid_map); + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("test_sid2unixid1: could not create gid map!\n")); + return false; + } + + /* now read them back */ + ZERO_STRUCT(test_map); + test_map.sid = uid_map.sid; + + status = idmap_tdb_common_sid_to_unixid(dom, &test_map); + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("test_sid2unixid1: sid2unixid failed for uid!\n")); + return false; + } + + if(test_map.xid.id!=uid_map.xid.id) { -- Samba Shared Repository