The branch, master has been updated via 23848f3 s3-rpc_server: Use C99 types in rpc_pipes.h via a23c62a s4-messaging: Make header guard less generic via 5722831 winbind: Fix template homedir to match source3 via 67a9d21 make winbindd work in "samba4" member server modes via 191d754 s3-param: Add lp_dnsdomain() for use by winbindd via 5a71f46 winbindd: Use rpc_pipe_open_interface() so that winbindd uses the correct rpc servers via 902f14c s3-rpc_server: Give log messages on failure via e85ab68 winbindd: Remove pointless if statement via 04bc200 winbindd: explain that this check protects the AD DC machine account password (for now at least) via 822b492 dsdb: Do not give an error is metadata.tdb does not yet exist via d62e0f8 selftest: Add knownfail entries for wbinfo --user-info tests only on the failing environments via 5f29774 selftest: move all winbind test rules to one place via 67cdbde selftest: enable winbind enum users/groups in s4 environments via 6add082 selftest: Make test_wbinfo.sh work with s3-winbindd via 4688cf7 libwbclient-tests: No longer hardcoded password and test domain via a1c7aa0 selftest: Run samba4.blackbox.wbinfo against plugin_s4_dc via 2b558f2 selftest: Set winbind separator = / via b2c0a6a selftest: Ensure winbindd is fully operating before running tests via 34e8dec selftest: consitently use the name s4member from f9a9e18 docs: Remove out of date Kerberos and security chapter
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 23848f35474f96f101da20644205099c0b1d3c9e Author: Andrew Bartlett <abart...@samba.org> Date: Thu May 8 12:16:24 2014 +1200 s3-rpc_server: Use C99 types in rpc_pipes.h Change-Id: Ic282f02f421870ff8a8623005979f8a034902d88 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Wed Jun 4 05:48:29 CEST 2014 on sn-devel-104 commit a23c62add4e30407c257394d8aae383dca492df0 Author: Andrew Bartlett <abart...@samba.org> Date: Tue May 6 13:38:44 2014 +1200 s4-messaging: Make header guard less generic Change-Id: I659bbb317e69aee6632db8bce3c4bdb5f9ad3d8d Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 57228317fc2339b83cccf4b1f3515d8a3b435a3c Author: Andrew Bartlett <abart...@samba.org> Date: Fri Mar 28 16:32:06 2014 +1300 winbind: Fix template homedir to match source3 Fix provided by Andy Igoshin <a...@vsu.ru> BUG: https://bugzilla.samba.org/show_bug.cgi?id=10324 Andrew Bartlett Change-Id: Ie94d207fed91e9dfd85ee3c3339c376b25ac5fa4 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 67a9d2183ec0f9177a66100ed4fc251979e39bc9 Author: Andrew Bartlett <abart...@samba.org> Date: Wed Apr 9 15:54:07 2014 +1200 make winbindd work in "samba4" member server modes These modes are useful for testing aspects of the code like the rpc proxy. Andrew Bartlett Change-Id: I87b3ac0df299dd176599f824f8815880470c6401 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 191d754091a5a060cfd3d9a5f4e744a561b56abb Author: Andrew Bartlett <abart...@samba.org> Date: Fri May 16 20:04:21 2014 +1200 s3-param: Add lp_dnsdomain() for use by winbindd Change-Id: I987aa533ebe11c93b9e836fafc7b19c81bf600a5 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 5a71f46f46fc3d4cbc2fe6c06e0d1661ccead488 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Apr 28 21:07:59 2014 +1200 winbindd: Use rpc_pipe_open_interface() so that winbindd uses the correct rpc servers This means that in the AD DC, we use the AD DC servers, while in the classic DC or file server we continue to use the built-in SAMR and LSA servers. Andrew Bartlett Change-Id: I63b1443f5665016f7fcbed35907ec29d4424ab18 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 902f14c084a53e5e0b36ed9b214251c8b78b19f3 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Apr 29 09:08:25 2014 +1200 s3-rpc_server: Give log messages on failure Change-Id: I240d58fdf71bbab42d1ffb63bb52b9650fd4bd85 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit e85ab6851893c9d3cef2272268d69cad3ef30ee7 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Apr 28 21:03:40 2014 +1200 winbindd: Remove pointless if statement Change-Id: I7d2646078f6e7ba596b92da7d37c285d10ad38c0 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 04bc200e95c3473238a541460a714b13f67375b8 Author: Andrew Bartlett <abart...@samba.org> Date: Mon May 19 11:08:00 2014 +1200 winbindd: explain that this check protects the AD DC machine account password (for now at least) Change-Id: I2e2eb2e7fc4a12f27025f42e4cc41560311ce6c8 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 822b4927288231b7a90579af9792608a0bdef706 Author: Andrew Bartlett <abart...@samba.org> Date: Fri May 23 16:41:33 2014 +1200 dsdb: Do not give an error is metadata.tdb does not yet exist Change-Id: I88ee188c776364fd66da388ce01fc9288aa2ded0 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit d62e0f8a2575f3d067c350f9873d0a308462bdcf Author: Andrew Bartlett <abart...@samba.org> Date: Tue May 20 09:23:33 2014 +1200 selftest: Add knownfail entries for wbinfo --user-info tests only on the failing environments This is better than skipping on every environment in the test Andrew Bartlett Change-Id: Ib4b114059d8f8bb05a9bdc2eca0f71310fc5a3bc Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 5f29774071a7698a4d4ab73c2059f8f16d507776 Author: Andrew Bartlett <abart...@samba.org> Date: Mon May 19 17:32:56 2014 +1200 selftest: move all winbind test rules to one place We now run wbinfo_simple additionally against plugin_s4_dc and dc This also extends many of the tests to run against more environments, hence the additional knownfail entries. For winbind.wbclient, the fl2003dc environment has been selected not to run with password history so as to allow the winindd.wbinfo test to complete (once switched to running winbindd). Andrew Bartlett Change-Id: I475fd9937e515796b5e47c042a8bfa85f76441ca Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 67cdbde5f2d96a9438326e7272c851fc510ac9a1 Author: Andrew Bartlett <abart...@samba.org> Date: Tue May 20 11:16:07 2014 +1200 selftest: enable winbind enum users/groups in s4 environments Change-Id: I5a9218294580670048636645315a9cf217618e58 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 6add082461358c01d255dbf87e4e48ba43f38218 Author: Andrew Bartlett <abart...@samba.org> Date: Mon May 12 17:10:14 2014 +1200 selftest: Make test_wbinfo.sh work with s3-winbindd Change-Id: I41ed850b6424eac3fb8b6603d5b87c66bb77dd51 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 4688cf77c425eb52f9765a94b0479a2327d2e354 Author: Andrew Bartlett <abart...@samba.org> Date: Mon May 12 14:29:27 2014 +1200 libwbclient-tests: No longer hardcoded password and test domain The password is made more complex, and the test domain is made to use the command line options. Andrew Bartlett Change-Id: Ia1ec24a9fc393e7f7b210f845bcf32dbc933d48f Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit a1c7aa0b348527be5e798030771690937fddf350 Author: Andrew Bartlett <abart...@samba.org> Date: Wed Apr 9 15:37:33 2014 +1200 selftest: Run samba4.blackbox.wbinfo against plugin_s4_dc Change-Id: I5580de814d5fe000d352f3c78743837d26f9422d Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 2b558f2096410b1afd2a6d5bde2862b4cc4fd587 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Mar 31 20:47:18 2014 +1300 selftest: Set winbind separator = / This avoids a pile of shell-script escape pain, and fixes some tests. Andrew Bartlett Change-Id: Ie1d0e32ab484a5b0ddbc4073831fe6de27e38e92 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit b2c0a6a8510a55899a20ff923ce865f1760e6984 Author: Andrew Bartlett <abart...@samba.org> Date: Sat May 24 09:44:58 2014 +1200 selftest: Ensure winbindd is fully operating before running tests Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 34e8deccf989a43a811cb8e0a00fc82e67867b71 Author: Andrew Bartlett <abart...@samba.org> Date: Sat May 24 22:47:30 2014 +1200 selftest: consitently use the name s4member This avoids a conflict with the Samba3.pm defined member environment, and so spurious failures in make test for the member environment dependent on test ordering. Andrew Bartlett Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/param/loadparm.c | 2 +- nsswitch/libwbclient/tests/wbclient.c | 43 ++++---- nsswitch/tests/test_idmap_rfc2307.sh | 16 ++-- nsswitch/tests/test_wbinfo.sh | 11 +- selftest/knownfail | 117 ++++++++++++++++++--- selftest/selftest.pl | 1 + selftest/target/Samba3.pm | 3 +- selftest/target/Samba4.pm | 43 +++++++- source3/include/proto.h | 1 + source3/param/loadparm.c | 3 + source3/rpc_server/rpc_ncacn_np.c | 2 + source3/rpc_server/rpc_pipes.h | 8 +- source3/script/tests/test_wbinfo_sids2xids_int.py | 2 +- source3/selftest/tests.py | 50 +-------- source3/winbindd/winbindd_change_machine_acct.c | 4 + source3/winbindd/winbindd_samr.c | 67 +++++++----- source4/dsdb/samdb/ldb_modules/schema_load.c | 4 +- source4/lib/messaging/messaging.h | 4 +- source4/selftest/tests.py | 61 +++++++++-- source4/torture/winbind/struct_based.c | 2 +- source4/winbind/wb_cmd_getpwnam.c | 4 +- source4/winbind/wb_cmd_getpwuid.c | 4 +- 22 files changed, 300 insertions(+), 152 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index bf0cbc0..5a0ef88 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2294,7 +2294,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter_var(lp_ctx, "samba kcc command", "%s/samba_kcc", dyn_SCRIPTSBINDIR); lpcfg_do_global_parameter(lp_ctx, "template shell", "/bin/false"); - lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%WORKGROUP%/%ACCOUNTNAME%"); + lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%D/%U"); lpcfg_do_global_parameter(lp_ctx, "client signing", "default"); lpcfg_do_global_parameter(lp_ctx, "server signing", "default"); diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c index cd44d69..771b848 100644 --- a/nsswitch/libwbclient/tests/wbclient.c +++ b/nsswitch/libwbclient/tests/wbclient.c @@ -31,6 +31,8 @@ #include "lib/param/param.h" #include "lib/util/samba_util.h" #include "lib/crypto/arcfour.h" +#include "auth/credentials/credentials.h" +#include "lib/cmdline/popt_common.h" #define WBC_ERROR_EQUAL(x,y) (x == y) @@ -464,12 +466,13 @@ static bool test_wbc_authenticate_user_int(struct torture_context *tctx, struct wbcAuthErrorInfo *error = NULL; wbcErr ret; - ret = wbcAuthenticateUser(getenv("USERNAME"), correct_password); + ret = wbcAuthenticateUser(cli_credentials_get_username(cmdline_credentials), correct_password); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcAuthenticateUser of %s failed", getenv("USERNAME")); + "wbcAuthenticateUser of %s failed", + cli_credentials_get_username(cmdline_credentials)); ZERO_STRUCT(params); - params.account_name = getenv("USERNAME"); + params.account_name = cli_credentials_get_username(cmdline_credentials); params.level = WBC_AUTH_USER_LEVEL_PLAIN; params.password.plaintext = correct_password; @@ -498,14 +501,14 @@ static bool test_wbc_authenticate_user_int(struct torture_context *tctx, static bool test_wbc_authenticate_user(struct torture_context *tctx) { - return test_wbc_authenticate_user_int(tctx, getenv("PASSWORD")); + return test_wbc_authenticate_user_int(tctx, cli_credentials_get_password(cmdline_credentials)); } static bool test_wbc_change_password(struct torture_context *tctx) { wbcErr ret; - const char *oldpass = getenv("PASSWORD"); - const char *newpass = "Koo8irei"; + const char *oldpass = cli_credentials_get_password(cmdline_credentials); + const char *newpass = "Koo8irei%$"; struct samr_CryptPassword new_nt_password; struct samr_CryptPassword new_lm_password; @@ -569,23 +572,23 @@ static bool test_wbc_change_password(struct torture_context *tctx) params.new_password.response.nt_data = new_nt_password.data; params.level = WBC_CHANGE_PASSWORD_LEVEL_RESPONSE; - params.account_name = getenv("USERNAME"); - params.domain_name = "SAMBA-TEST"; + params.account_name = cli_credentials_get_username(cmdline_credentials); + params.domain_name = cli_credentials_get_domain(cmdline_credentials); ret = wbcChangeUserPasswordEx(¶ms, NULL, NULL, NULL); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, "wbcChangeUserPassword for %s failed", params.account_name); - if (!test_wbc_authenticate_user_int(tctx, "Koo8irei")) { + if (!test_wbc_authenticate_user_int(tctx, newpass)) { return false; } - ret = wbcChangeUserPassword(getenv("USERNAME"), "Koo8irei", - getenv("PASSWORD")); + ret = wbcChangeUserPassword(cli_credentials_get_username(cmdline_credentials), newpass, + cli_credentials_get_password(cmdline_credentials)); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, "wbcChangeUserPassword for %s failed", params.account_name); - return test_wbc_authenticate_user_int(tctx, getenv("PASSWORD")); + return test_wbc_authenticate_user_int(tctx, cli_credentials_get_password(cmdline_credentials)); } static bool test_wbc_logon_user(struct torture_context *tctx) @@ -607,8 +610,8 @@ static bool test_wbc_logon_user(struct torture_context *tctx) "%s", "wbcLogonUser succeeded for NULL where it should " "have failed"); - params.username = getenv("USERNAME"); - params.password = getenv("PASSWORD"); + params.username = cli_credentials_get_username(cmdline_credentials); + params.password = cli_credentials_get_password(cmdline_credentials); ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs, "foo", 0, discard_const_p(uint8_t, "bar"), 4); @@ -638,7 +641,7 @@ static bool test_wbc_logon_user(struct torture_context *tctx) strlen("S-1-2-3-4")+1); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, "%s", "wbcAddNamedBlob failed"); - params.password = getenv("PASSWORD"); + params.password = cli_credentials_get_password(cmdline_credentials); ret = wbcLogonUser(¶ms, &info, &error, &policy); torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR, "wbcLogonUser for %s should have failed with " @@ -653,11 +656,11 @@ static bool test_wbc_logon_user(struct torture_context *tctx) torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, "%s", "wbcInterfaceDetails failed"); - ret = wbcLookupName(iface->netbios_domain, getenv("USERNAME"), &sid, + ret = wbcLookupName(iface->netbios_domain, cli_credentials_get_username(cmdline_credentials), &sid, &sidtype); wbcFreeMemory(iface); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcLookupName for %s failed", getenv("USERNAME")); + "wbcLookupName for %s failed", cli_credentials_get_username(cmdline_credentials)); ret = wbcSidToString(&sid, &sidstr); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, @@ -669,7 +672,7 @@ static bool test_wbc_logon_user(struct torture_context *tctx) torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, "%s", "wbcAddNamedBlob failed"); wbcFreeMemory(sidstr); - params.password = getenv("PASSWORD"); + params.password = cli_credentials_get_password(cmdline_credentials); ret = wbcLogonUser(¶ms, &info, &error, &policy); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, "wbcLogonUser for %s failed", params.username); @@ -688,9 +691,9 @@ static bool test_wbc_getgroups(struct torture_context *tctx) uint32_t num_groups; gid_t *groups; - ret = wbcGetGroups(getenv("USERNAME"), &num_groups, &groups); + ret = wbcGetGroups(cli_credentials_get_username(cmdline_credentials), &num_groups, &groups); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, - "wbcGetGroups for %s failed", getenv("USERNAME")); + "wbcGetGroups for %s failed", cli_credentials_get_username(cmdline_credentials)); wbcFreeMemory(groups); return true; } diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh index d3087a1..cb60364 100755 --- a/nsswitch/tests/test_idmap_rfc2307.sh +++ b/nsswitch/tests/test_idmap_rfc2307.sh @@ -74,24 +74,24 @@ testit "add ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U rm -f $PREFIX/tmpldbmodify -testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN\\$USERNAME" || failed=$(expr $failed + 1) -user_sid=$($wbinfo -n "$DOMAIN\\$USERNAME" | cut -d " " -f1) -echo "$DOMAIN\\$USERNAME resolved to $user_sid" +testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN/$USERNAME" || failed=$(expr $failed + 1) +user_sid=$($wbinfo -n "$DOMAIN/$USERNAME" | cut -d " " -f1) +echo "$DOMAIN/$USERNAME resolved to $user_sid" testit "wbinfo --sid-to-uid=$user_sid" $wbinfo --sid-to-uid=$user_sid || failed=$(expr $failed + 1) user_uid=$($wbinfo --sid-to-uid=$user_sid | cut -d " " -f1) -echo "$DOMAIN\\$USERNAME resolved to $user_uid" +echo "$DOMAIN/$USERNAME resolved to $user_uid" testit "test $user_uid -eq $USERUID" test $user_uid -eq $USERUID || failed=$(expr $failed + 1) # Not sure how to get group names with spaces to resolve through testit -#testit "wbinfo --name-to-sid" $wbinfo --name-to-sid="$DOMAIN\\$GROUPNAME" || failed=$(expr $failed + 1) -group_sid=$($wbinfo --name-to-sid="$DOMAIN\\$GROUPNAME" | cut -d " " -f1) -echo "$DOMAIN\\$GROUPNAME resolved to $group_sid" +#testit "wbinfo --name-to-sid" $wbinfo --name-to-sid="$DOMAIN/$GROUPNAME" || failed=$(expr $failed + 1) +group_sid=$($wbinfo --name-to-sid="$DOMAIN/$GROUPNAME" | cut -d " " -f1) +echo "$DOMAIN/$GROUPNAME resolved to $group_sid" testit "wbinfo --sid-to-gid=$group_sid" $wbinfo --sid-to-gid=$group_sid || failed=$(expr $failed + 1) group_gid=$($wbinfo --sid-to-gid=$group_sid | cut -d " " -f1) -echo "$DOMAIN\\$GROUPNAME resolved to $group_gid" +echo "$DOMAIN/$GROUPNAME resolved to $group_gid" testit "test $group_gid -eq $GROUPGID" test $group_gid -eq $GROUPGID || failed=$(expr $failed + 1) diff --git a/nsswitch/tests/test_wbinfo.sh b/nsswitch/tests/test_wbinfo.sh index 461d780..c9758b8 100755 --- a/nsswitch/tests/test_wbinfo.sh +++ b/nsswitch/tests/test_wbinfo.sh @@ -57,10 +57,10 @@ testit "wbinfo -u against $TARGET" $wbinfo -u || failed=`expr $failed + 1` testit "wbinfo -g against $TARGET" $wbinfo -g || failed=`expr $failed + 1` # Convert netbios name to IP # Does not work yet -knownfail "wbinfo -N against $TARGET" $wbinfo -N $NETBIOSNAME || failed=`expr $failed + 1` +testit "wbinfo -N against $TARGET" $wbinfo -N $NETBIOSNAME || failed=`expr $failed + 1` # Convert IP to netbios name # Does not work yet -knownfail "wbinfo -I against $TARGET" $wbinfo -I $SERVER_IP || failed=`expr $failed + 1` +testit "wbinfo -I against $TARGET" $wbinfo -I $SERVER_IP || failed=`expr $failed + 1` # Convert name to SID testit "wbinfo -n against $TARGET" $wbinfo -n "$DOMAIN/$USERNAME" || failed=`expr $failed + 1` @@ -151,8 +151,8 @@ testfail "wbinfo -Y against $TARGET using invalid SID" $wbinfo -Y "S-1-22-1-3000 testit "wbinfo -t against $TARGET" $wbinfo -t || failed=`expr $failed + 1` #didn't really work anyway -knownfail "wbinfo --trusted-domains against $TARGET" $wbinfo --trusted-domains || failed=`expr $failed + 1` -knownfail "wbinfo --all-domains against $TARGET" $wbinfo --all-domains || failed=`expr $failed + 1` +testit "wbinfo --trusted-domains against $TARGET" $wbinfo --trusted-domains || failed=`expr $failed + 1` +testit "wbinfo --all-domains against $TARGET" $wbinfo --all-domains || failed=`expr $failed + 1` testit "wbinfo --own-domain against $TARGET" $wbinfo --own-domain || failed=`expr $failed + 1` @@ -177,7 +177,7 @@ testit "wbinfo -i against $TARGET" $wbinfo -i "$DOMAIN/$USERNAME" || failed=`exp testit "wbinfo --uid-info against $TARGET" $wbinfo --uid-info $admin_uid || failed=`expr $failed + 1` echo "test: wbinfo --group-info against $TARGET" -rawgid=`$wbinfo --group-info "Domain admins" | sed 's/.*:\([0-9][0-9]*\):/\1/'` +gid=`$wbinfo --group-info "$DOMAIN/Domain admins" | cut -d: -f3` if test x$? = x0; then echo "success: wbinfo --group-info against $TARGET" else @@ -187,7 +187,6 @@ fi testfail "wbinfo --group-info against $TARGET with $USERNAME" $wbinfo --group-info $USERNAME && failed=`expr $failed + 1` -gid=`echo $rawgid | sed 's/.*:\([0-9][0-9]*\):/\1/'` testit "wbinfo --gid-info against $TARGET" $wbinfo --gid-info $gid || failed=`expr $failed + 1` testit "wbinfo -r against $TARGET" $wbinfo -r "$DOMAIN/$USERNAME" || failed=`expr $failed + 1` diff --git a/selftest/knownfail b/selftest/knownfail index 35dba20..6d46f5a 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -115,7 +115,6 @@ ^samba4.smb2.oplock.doc ^samba4.smb2.compound.related3 ^samba4.smb2.compound.compound-break -^samba4.winbind.struct.*.show_sequence # Not yet working in winbind ^samba4.*base.delaywrite.*update of write time and SMBwrite truncate\(.*\)$ ^samba4.*base.delaywrite.*update of write time and SMBwrite truncate expand\(.*\)$ ^samba4.*base.delaywrite.*delayed update of write time 3a\(.*\)$ @@ -242,16 +241,106 @@ # # The Samba4 winbind does not cover the full winbind protocol, so these are expected # -^samba3.winbind.struct.info\(plugin_s4_dc\) -^samba3.winbind.struct.show_sequence\(plugin_s4_dc\) -^samba3.winbind.wbclient.wbcPingDc\(plugin_s4_dc\) -^samba3.winbind.wbclient.wbcPingDc2\(plugin_s4_dc\) -^samba3.winbind.wbclient.wbcListTrusts\(plugin_s4_dc\) -^samba3.winbind.wbclient.wbcLookupDomainController\(plugin_s4_dc\) -^samba3.winbind.wbclient.wbcLookupDomainControllerEx\(plugin_s4_dc\) -^samba3.winbind.wbclient.wbcResolveWinsByName\(plugin_s4_dc\) -^samba3.winbind.wbclient.wbcResolveWinsByIP\(plugin_s4_dc\) -^samba3.winbind.wbclient.wbcLookupRids\(plugin_s4_dc\) -^samba3.winbind.wbclient.wbcGetSidAliases\(plugin_s4_dc\) -^samba3.winbind.wbclient.wbcLogonUser\(plugin_s4_dc\) -^samba3.winbind.wbclient.wbcChangeUserPassword\(plugin_s4_dc\) +^samba4.winbind.struct.show_sequence\(plugin_s4_dc\) +^samba.blackbox.wbinfo\(dc:local\).wbinfo -N against dc +^samba.blackbox.wbinfo\(dc:local\).wbinfo -I against dc +^samba.blackbox.wbinfo\(dc:local\).wbinfo --trusted-domains against dc +^samba.blackbox.wbinfo\(dc:local\).wbinfo --all-domains against dc +^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo -N against plugin_s4_dc +^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo -I against plugin_s4_dc +^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --trusted-domains against plugin_s4_dc +^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --all-domains against plugin_s4_dc +^samba.blackbox.wbinfo\(s4member:local\).wbinfo -N against s4member +^samba.blackbox.wbinfo\(s4member:local\).wbinfo -I against s4member +^samba.blackbox.wbinfo\(s4member:local\).wbinfo --trusted-domains against s4member +^samba.blackbox.wbinfo\(s4member:local\).wbinfo --all-domains against s4member +^samba.blackbox.wbinfo\(rodc:local\).wbinfo -N against rodc +^samba.blackbox.wbinfo\(rodc:local\).wbinfo -I against rodc +^samba.blackbox.wbinfo\(rodc:local\).wbinfo --trusted-domains against rodc +^samba.blackbox.wbinfo\(rodc:local\).wbinfo --all-domains against rodc +^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -N against promoted_dc +^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -I against promoted_dc +^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --trusted-domains against promoted_dc +^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --all-domains against promoted_dc +# +# This makes less sense when not running against an AD DC +# +^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U against s3member +^samba.blackbox.wbinfo\(s3member:local\).wbinfo -G against s3member +^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U check for sane mapping +^samba.blackbox.wbinfo\(s3member:local\).wbinfo -G check for sane mapping +^samba4.winbind.struct.show_sequence\(dc\) +^samba.wbinfo_simple.\(dc:local\).--allocate-uid +^samba.wbinfo_simple.\(dc:local\).--allocate-gid +^samba.wbinfo_simple.\(s4member:local\).--allocate-uid +^samba.wbinfo_simple.\(s4member:local\).--allocate-gid +^samba.wbinfo_simple.\(plugin_s4_dc:local\).--allocate-uid +^samba.wbinfo_simple.\(plugin_s4_dc:local\).--allocate-gid +# +# These do not work against winbindd in member mode for unknown reasons +# +^samba.wbinfo_simple.\(member:local\).--user-info +^samba.wbinfo_simple.\(s3member:local\).--user-info +# +# These just happen to fail for some reason (probably because they run against the s4 winbind) +# +^samba4.winbind.pac.pac\(plugin_s4_dc:local\) +^samba4.winbind.pac.pac\(s4member:local\) +^samba4.winbind.struct.show_sequence\(s4member:local\) +^samba4.winbind.struct.show_sequence\(plugin_s4_dc:local\) +^samba4.winbind.struct.getdcname\(s3member:local\) +^samba4.winbind.struct.lookup_name_sid\(s3member:local\) +^samba4.winbind.wbclient.wbcPingDc\(fl2003dc:local\) +^samba4.winbind.wbclient.wbcPingDc2\(fl2003dc:local\) +^samba4.winbind.wbclient.wbcListTrusts\(fl2003dc:local\) +^samba4.winbind.wbclient.wbcLookupDomainController\(fl2003dc:local\) +^samba4.winbind.wbclient.wbcLookupDomainControllerEx\(fl2003dc:local\) +^samba4.winbind.wbclient.wbcResolveWinsByName\(fl2003dc:local\) +^samba4.winbind.wbclient.wbcResolveWinsByIP\(fl2003dc:local\) +^samba4.winbind.wbclient.wbcLookupRids\(fl2003dc:local\) +^samba4.winbind.wbclient.wbcGetSidAliases\(fl2003dc:local\) +^samba4.winbind.wbclient.wbcLogonUser\(fl2003dc:local\) +^samba4.winbind.wbclient.wbcChangeUserPassword\(fl2003dc:local\) +^samba.wbinfo_simple.\(plugin_s4_dc:local\).--all-domains.wbinfo\(plugin_s4_dc:local\) +^samba.wbinfo_simple.\(plugin_s4_dc:local\).--trusted-domains.wbinfo\(plugin_s4_dc:local\) +^samba.wbinfo_simple.\(plugin_s4_dc:local\).--online-status.wbinfo\(plugin_s4_dc:local\) +^samba.wbinfo_simple.\(plugin_s4_dc:local\).--online-status --domain=BUILTIN.wbinfo\(plugin_s4_dc:local\) +^samba.wbinfo_simple.\(plugin_s4_dc:local\).--online-status --domain=PLUGINDOMAIN.wbinfo\(plugin_s4_dc:local\) +^samba.wbinfo_simple.\(plugin_s4_dc:local\).--change-secret --domain=PLUGINDOMAIN.wbinfo\(plugin_s4_dc:local\) +^samba.wbinfo_simple.\(dc:local\).--all-domains.wbinfo\(dc:local\) +^samba.wbinfo_simple.\(dc:local\).--trusted-domains.wbinfo\(dc:local\) +^samba.wbinfo_simple.\(dc:local\).--online-status.wbinfo\(dc:local\) +^samba.wbinfo_simple.\(dc:local\).--online-status --domain=BUILTIN.wbinfo\(dc:local\) +^samba.wbinfo_simple.\(dc:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(dc:local\) +^samba.wbinfo_simple.\(dc:local\).--change-secret --domain=SAMBADOMAIN.wbinfo\(dc:local\) +^samba.wbinfo_simple.\(dc:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(dc:local\) +^samba.wbinfo_simple.\(s4member:local\).--all-domains.wbinfo\(s4member:local\) +^samba.wbinfo_simple.\(s4member:local\).--trusted-domains.wbinfo\(s4member:local\) +^samba.wbinfo_simple.\(s4member:local\).--online-status.wbinfo\(s4member:local\) +^samba.wbinfo_simple.\(s4member:local\).--online-status --domain=BUILTIN.wbinfo\(s4member:local\) +^samba.wbinfo_simple.\(s4member:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(s4member:local\) +^samba.wbinfo_simple.\(s4member:local\).--change-secret --domain=SAMBADOMAIN.wbinfo\(s4member:local\) +^samba.blackbox.wbinfo\(dc:local\).wbinfo -N against dc\(dc:local\) +^samba.blackbox.wbinfo\(dc:local\).wbinfo -I against dc\(dc:local\) +^samba.blackbox.wbinfo\(dc:local\).wbinfo --trusted-domains against dc\(dc:local\) +^samba.blackbox.wbinfo\(dc:local\).wbinfo --all-domains against dc\(dc:local\) +^samba.blackbox.wbinfo\(s4member:local\).wbinfo -N against s4member\(s4member:local\) +^samba.blackbox.wbinfo\(s4member:local\).wbinfo -I against s4member\(s4member:local\) +^samba.blackbox.wbinfo\(s4member:local\).wbinfo --trusted-domains against s4member\(s4member:local\) +^samba.blackbox.wbinfo\(s4member:local\).wbinfo --all-domains against s4member\(s4member:local\) +^samba.blackbox.wbinfo\(rodc:local\).wbinfo -N against rodc\(rodc:local\) +^samba.blackbox.wbinfo\(rodc:local\).wbinfo -I against rodc\(rodc:local\) +^samba.blackbox.wbinfo\(rodc:local\).wbinfo --trusted-domains against rodc\(rodc:local\) +^samba.blackbox.wbinfo\(rodc:local\).wbinfo --all-domains against rodc\(rodc:local\) +^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -N against promoted_dc\(promoted_dc:local\) +^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -I against promoted_dc\(promoted_dc:local\) +^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --trusted-domains against promoted_dc\(promoted_dc:local\) +^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --all-domains against promoted_dc\(promoted_dc:local\) +^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo -N against plugin_s4_dc\(plugin_s4_dc:local\) +^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo -I against plugin_s4_dc\(plugin_s4_dc:local\) +^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --trusted-domains against plugin_s4_dc\(plugin_s4_dc:local\) +^samba.blackbox.wbinfo\(plugin_s4_dc:local\).wbinfo --all-domains against plugin_s4_dc\(plugin_s4_dc:local\) +^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U against s3member\(s3member:local\) +^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U check for sane mapping\(s3member:local\) +^samba.blackbox.wbinfo\(s3member:local\).wbinfo -G against s3member\(s3member:local\) +^samba.blackbox.wbinfo\(s3member:local\).wbinfo -G check for sane mapping\(s3member:local\) diff --git a/selftest/selftest.pl b/selftest/selftest.pl index 97b24ed..831ebd9 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -545,6 +545,7 @@ sub write_clientconf($$$) resolv:host file = $prefix_abs/dns_host_file #We don't want to run 'speed' tests for very long torture:timelimit = 1 + winbind separator = / "; close(CF); } diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index f502783..a6d85cc 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1020,6 +1020,7 @@ sub provision($$$$$$) idmap config * : range = 100000-200000 winbind enum users = yes winbind enum groups = yes + winbind separator = / # min receivefile size = 4000 @@ -1301,7 +1302,7 @@ sub wait_for_start($$$$$) print "checking for winbindd\n"; my $count = 0; do { - $ret = system("SELFTEST_WINBINDD_SOCKET_DIR=" . $envvars->{SELFTEST_WINBINDD_SOCKET_DIR} . " " . Samba::bindir_path($self, "wbinfo") . " -p"); + $ret = system("SELFTEST_WINBINDD_SOCKET_DIR=" . $envvars->{SELFTEST_WINBINDD_SOCKET_DIR} . " " . Samba::bindir_path($self, "wbinfo") . " --ping-dc"); if ($ret != 0) { sleep(2); } diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index c4e8f31..7bdd396 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -654,6 +654,8 @@ sub provision_raw_step1($$) server signing = on idmap_ldb:use rfc2307=yes + winbind enum users = yes + winbind enum groups = yes "; print CONFFILE " @@ -916,7 +918,7 @@ $extra_smbconf_shares return $self->provision_raw_step2($ctx, $ret); } -sub provision_member($$$) +sub provision_s4member($$$) { my ($self, $prefix, $dcvars) = @_; print "PROVISIONING MEMBER..."; @@ -929,7 +931,7 @@ sub provision_member($$$) "2008", "locMEMpass3", $dcvars->{SERVER_IP}, - "", "", undef); + "passdb backend = samba_dsdb", "", undef); unless ($ret) { return undef; } @@ -968,6 +970,7 @@ sub provision_rpc_proxy($$$) print "PROVISIONING RPC PROXY..."; my $extra_smbconf_options = " + passdb backend = samba_dsdb # rpc_proxy dcerpc_remote:binding = ncacn_ip_tcp:$dcvars->{SERVER} @@ -1321,6 +1324,34 @@ sub provision_fl2003dc($$) "locDCpass6", undef, "allow dns updates = nonsecure and secure", "", undef); + unless (defined $ret) { + return undef; + } + + $ret->{DC_SERVER} = $ret->{SERVER}; + $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; + $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $ret->{USERNAME}; + $ret->{DC_PASSWORD} = $ret->{PASSWORD}; + + my @samba_tool_options; + push (@samba_tool_options, Samba::bindir_path($self, "samba-tool")); + push (@samba_tool_options, "domain"); + push (@samba_tool_options, "passwordsettings"); + push (@samba_tool_options, "set"); + push (@samba_tool_options, "--configfile=$ret->{SERVERCONFFILE}"); + push (@samba_tool_options, "--min-pwd-age=0"); + push (@samba_tool_options, "--history-length=1"); + + my $samba_tool_cmd = join(" ", @samba_tool_options); + + unless (system($samba_tool_cmd) == 0) { + warn("Unable to set min password age to 0: \n$samba_tool_cmd\n"); + return undef; + } + + return $ret; + unless($self->add_wins_config("$prefix/private")) { warn("Unable to add wins configuration"); return undef; @@ -1703,7 +1734,7 @@ sub setup_env($$$) if (not defined($self->{vars}->{dc})) { $self->setup_dc("$path/dc"); } - return $self->setup_member("$path/s4member", $self->{vars}->{dc}); + return $self->setup_s4member("$path/s4member", $self->{vars}->{dc}); } elsif ($envname eq "rodc") { if (not defined($self->{vars}->{dc})) { $self->setup_dc("$path/dc"); @@ -1729,18 +1760,18 @@ sub setup_env($$$) } } -sub setup_member($$$) +sub setup_s4member($$$) { my ($self, $path, $dc_vars) = @_; - my $env = $self->provision_member($path, $dc_vars); + my $env = $self->provision_s4member($path, $dc_vars); if (defined $env) { $self->check_or_start($env, "single"); $self->wait_for_start($env); - $self->{vars}->{member} = $env; + $self->{vars}->{s4member} = $env; } return $env; diff --git a/source3/include/proto.h b/source3/include/proto.h index 356bf91..d401dfb 100644 -- Samba Shared Repository