The branch, v4-8-test has been updated via 2fb77a2 libgpo: Fix the build --without-ads via bcee547 s3:smbd: fix interaction between chown and SD flags via 6ea5d16 s4:torture/smb2: new test for interaction between chown and SD flags via 682a2e2 winbind: Fix UPN handling in canonicalize_username() via 124f0e4 winbind: Fix UPN handling in parse_domain_user() via b5ba5da winbind: Remove unused function parse_domain_user_talloc() via f1dfb9f winbind: Pass upn unmodified to lookup names via a52b067 nsswitch:tests: Add test for wbinfo --user-info via 5c946eb selftest: Add a user with a different userPrincipalName via 40a1341 nsswitch: Lookup the domain in tests with the wb seperator via a28d7c4 nsswitch: Add a test looking up domain sid via ee22c6f nsswitch: Add a test looking up the user using the upn via 4bbc5a8 selftest: Make sure we have correct group mappings from cc678c4 VERSION: Bump version up to 4.8.3...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log ----------------------------------------------------------------- commit 2fb77a2b736308c019b7560315ce78c017f6495c Author: Volker Lendecke <v...@samba.org> Date: Sat Feb 3 07:07:55 2018 +0100 libgpo: Fix the build --without-ads Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> Autobuild-User(master): David Disseldorp <dd...@samba.org> Autobuild-Date(master): Tue Feb 6 15:36:01 CET 2018 on sn-devel-144 Bug: https://bugzilla.samba.org/show_bug.cgi?id=13331 (cherry picked from commit a222b7506b53e689708834237f18877231dca589) Autobuild-User(v4-8-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-8-test): Thu May 24 16:37:02 CEST 2018 on sn-devel-144 commit bcee54726fadd76ee1588c15b29066f66ad9c1c0 Author: Ralph Boehme <s...@samba.org> Date: Thu May 10 12:29:35 2018 +0200 s3:smbd: fix interaction between chown and SD flags A change ownership operation that doesn't set the NT ACLs must not touch the SD flags (type). Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Fri May 11 23:30:32 CEST 2018 on sn-devel-144 (cherry picked from commit ced55850034a3653525823bf9623912a4fcf18a0) commit 6ea5d164cd9d836cbd36aa43fa2b7f4b270a68f3 Author: Ralph Boehme <s...@samba.org> Date: Thu May 10 12:28:43 2018 +0200 s4:torture/smb2: new test for interaction between chown and SD flags This passes against Windows, but fails against Samba. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 12f6d56c4814fca64e0e3c636018e70d71ad0be5) commit 682a2e265690c3ff8ad52d5ddb24f13b636d31b6 Author: Andreas Schneider <a...@samba.org> Date: Thu Apr 26 17:32:42 2018 +0200 winbind: Fix UPN handling in canonicalize_username() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Fri May 11 12:02:37 CEST 2018 on sn-devel-144 (cherry picked from commit 1766f77493c5a76e4d7d1e5eedcaa150cc9ea552) commit 124f0e4bdaabd082cffc403b747a8f5eb2b2a4ef Author: Andreas Schneider <a...@samba.org> Date: Thu Apr 26 12:17:12 2018 +0200 winbind: Fix UPN handling in parse_domain_user() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Pair-Programmed-With: Stefan Metzmacher <me...@samba.org> Signed-off-by: Andreas Schneider <a...@samba.org> Signed-off-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit a05b63db627fdbe0bdea4d144dfaeedb39025592) commit b5ba5da438c415d2542434e95463bad4519e6310 Author: Andreas Schneider <a...@samba.org> Date: Thu Apr 26 17:23:41 2018 +0200 winbind: Remove unused function parse_domain_user_talloc() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 32770e929ace8fe3f2469037ed887be14b3c5503) commit f1dfb9fe576840cc13163738e59dbe0f39ec6eec Author: Stefan Metzmacher <me...@samba.org> Date: Thu Feb 22 14:10:28 2018 +0100 winbind: Pass upn unmodified to lookup names BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Pair-Programmed-With: Andreas Schneider <a...@samba.org> Signed-off-by: Stefan Metzmacher <me...@samba.org> Signed-off-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 789c89e6ecb7d388fb5acdd5abc8fe99c58524f0) commit a52b06751c2dec3d3b04be2b1a969fad24f86a7b Author: Andreas Schneider <a...@samba.org> Date: Fri Apr 20 11:20:44 2018 +0200 nsswitch:tests: Add test for wbinfo --user-info BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 2715f52f54e66a73131a92d752a8c2447da1fd33) commit 5c946ebf9f4141db5e2b6eec6a9912919e712874 Author: Andreas Schneider <a...@samba.org> Date: Fri Apr 20 09:38:24 2018 +0200 selftest: Add a user with a different userPrincipalName BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 5319cae00096dcecc29aa9fa675a983352ad64d8) commit 40a13413eb27f261d608c8071f86175c77e31ce4 Author: Andreas Schneider <a...@samba.org> Date: Mon May 7 13:23:42 2018 +0200 nsswitch: Lookup the domain in tests with the wb seperator Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 4fa811ec7bc301e96f5e40ba281e8d4e8709b94f) commit a28d7c4110f74f615a2ca7ba7e67db3a74ce3ff0 Author: Andreas Schneider <a...@samba.org> Date: Fri May 4 12:43:05 2018 +0200 nsswitch: Add a test looking up domain sid BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 0aceca6a94e868f9c01a66f79624ca10d80560ab) commit ee22c6fb26182d8f8aca7f82b9b85debe864b3b2 Author: Andreas Schneider <a...@samba.org> Date: Fri Apr 20 11:24:30 2018 +0200 nsswitch: Add a test looking up the user using the upn BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 0d2f743d826b87b369e25fc6bb9ff61f2b0896aa) commit 4bbc5a872192191810e8297967a26a73a09ff2c1 Author: Andreas Schneider <a...@samba.org> Date: Mon May 7 16:20:30 2018 +0200 selftest: Make sure we have correct group mappings BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 9bc2b922bbc6539341a2056f33f117ac350e61f1) ----------------------------------------------------------------------- Summary of changes: libgpo/pygpo.c | 5 + nsswitch/tests/test_idmap_ad.sh | 2 +- nsswitch/tests/test_idmap_nss.sh | 4 +- nsswitch/tests/test_idmap_rid.sh | 2 +- nsswitch/tests/test_wbinfo_name_lookup.sh | 13 +- nsswitch/tests/test_wbinfo_user_info.sh | 83 +++++++++ selftest/knownfail.d/upn_handling | 8 + selftest/target/Samba3.pm | 9 + selftest/target/Samba4.pm | 19 +- source3/modules/vfs_acl_common.c | 7 +- source3/selftest/tests.py | 16 +- source3/winbindd/wb_lookupname.c | 8 +- source3/winbindd/wb_xids2sids.c | 1 + source3/winbindd/winbindd_cache.c | 5 +- source3/winbindd/winbindd_ccache_access.c | 43 +++-- source3/winbindd/winbindd_creds.c | 3 +- source3/winbindd/winbindd_getgrnam.c | 18 +- source3/winbindd/winbindd_getgroups.c | 13 +- source3/winbindd/winbindd_getpwnam.c | 13 +- source3/winbindd/winbindd_irpc.c | 7 +- source3/winbindd/winbindd_lookupname.c | 17 +- source3/winbindd/winbindd_pam.c | 83 ++++++--- source3/winbindd/winbindd_pam_auth.c | 11 +- source3/winbindd/winbindd_pam_chauthtok.c | 12 +- source3/winbindd/winbindd_pam_logoff.c | 12 +- source3/winbindd/winbindd_proto.h | 19 +- source3/winbindd/winbindd_util.c | 63 +++---- source4/torture/smb2/acls.c | 278 ++++++++++++++++++++++++++++++ 28 files changed, 663 insertions(+), 111 deletions(-) create mode 100755 nsswitch/tests/test_wbinfo_user_info.sh create mode 100644 selftest/knownfail.d/upn_handling Changeset truncated at 500 lines: diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c index 7a02a0d..b6b53b7 100644 --- a/libgpo/pygpo.c +++ b/libgpo/pygpo.c @@ -319,6 +319,7 @@ static PyObject *py_gpo_get_sysvol_gpt_version(PyObject * self, return result; } +#ifdef HAVE_ADS static ADS_STATUS find_samaccount(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *samaccountname, uint32_t *uac_ret, const char **dn_ret) @@ -468,11 +469,15 @@ out: return ret; } +#endif + static PyMethodDef ADS_methods[] = { { "connect", (PyCFunction)py_ads_connect, METH_NOARGS, "Connect to the LDAP server" }, +#ifdef HAVE_ADS { "get_gpo_list", (PyCFunction)py_ads_get_gpo_list, METH_KEYWORDS, NULL }, +#endif { NULL } }; diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh index 2f4ee32..7450ae0 100755 --- a/nsswitch/tests/test_idmap_ad.sh +++ b/nsswitch/tests/test_idmap_ad.sh @@ -20,7 +20,7 @@ failed=0 . `dirname $0`/../../testprogs/blackbox/subunit.sh -DOMAIN_SID=$($wbinfo -n "@$DOMAIN" | cut -f 1 -d " ") +DOMAIN_SID=$($wbinfo -n "$DOMAIN/" | cut -f 1 -d " ") if [ $? -ne 0 ] ; then echo "Could not find domain SID" | subunit_fail_test "test_idmap_ad" exit 1 diff --git a/nsswitch/tests/test_idmap_nss.sh b/nsswitch/tests/test_idmap_nss.sh index 5072a0d..1bbc177 100755 --- a/nsswitch/tests/test_idmap_nss.sh +++ b/nsswitch/tests/test_idmap_nss.sh @@ -13,8 +13,8 @@ failed=0 . `dirname $0`/../../testprogs/blackbox/subunit.sh -testit "wbinfo returns domain SID" $wbinfo -n "@$DOMAIN" || exit 1 -DOMAIN_SID=$($wbinfo -n "@$DOMAIN" | cut -f 1 -d " ") +testit "wbinfo returns domain SID" $wbinfo -n "$DOMAIN/" || exit 1 +DOMAIN_SID=$($wbinfo -n "$DOMAIN/" | cut -f 1 -d " ") echo "Domain $DOMAIN has SID $DOMAIN_SID" # Find an unused uid and SID diff --git a/nsswitch/tests/test_idmap_rid.sh b/nsswitch/tests/test_idmap_rid.sh index 7fb5985..8209a50 100755 --- a/nsswitch/tests/test_idmap_rid.sh +++ b/nsswitch/tests/test_idmap_rid.sh @@ -16,7 +16,7 @@ failed=0 . `dirname $0`/../../testprogs/blackbox/subunit.sh -DOMAIN_SID=$($wbinfo -n "@$DOMAIN" | cut -f 1 -d " ") +DOMAIN_SID=$($wbinfo -n "$DOMAIN/" | cut -f 1 -d " ") if [ $? -ne 0 ] ; then echo "Could not find domain SID" | subunit_fail_test "test_idmap_rid" exit 1 diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh index 696e25b..c1d39c1 100755 --- a/nsswitch/tests/test_wbinfo_name_lookup.sh +++ b/nsswitch/tests/test_wbinfo_name_lookup.sh @@ -8,8 +8,9 @@ exit 1; fi DOMAIN=$1 -DC_USERNAME=$2 -shift 2 +REALM=$2 +DC_USERNAME=$3 +shift 3 failed=0 sambabindir="$BINDIR" @@ -22,6 +23,14 @@ testit "name-to-sid.single-separator" \ $wbinfo -n $DOMAIN/$DC_USERNAME || \ failed=$(expr $failed + 1) +testit "name-to-sid.at_domain" \ + $wbinfo -n $DOMAIN/ || \ + failed=$(expr $failed + 1) + +testit "name-to-sid.upn" \ + $wbinfo -n $DC_USERNAME@$REALM || \ + failed=$(expr $failed + 1) + # Two separator characters should fail testit_expect_failure "name-to-sid.double-separator" \ $wbinfo -n $DOMAIN//$DC_USERNAME || \ diff --git a/nsswitch/tests/test_wbinfo_user_info.sh b/nsswitch/tests/test_wbinfo_user_info.sh new file mode 100755 index 0000000..2803ac1 --- /dev/null +++ b/nsswitch/tests/test_wbinfo_user_info.sh @@ -0,0 +1,83 @@ +#!/bin/sh +# Blackbox test for wbinfo lookup for account name and upn +# Copyright (c) 2018 Andreas Schneider <a...@samba.org> + +if [ $# -lt 5 ]; then +cat <<EOF +Usage: $(basename $0) DOMAIN REALM USERNAME1 UPN_NAME1 USERNAME2 UPN_NAME2 +EOF +exit 1; +fi + +DOMAIN=$1 +REALM=$2 +USERNAME1=$3 +UPN_NAME1=$4 +USERNAME2=$5 +UPN_NAME2=$6 +shift 6 + +failed=0 + +samba_bindir="$BINDIR" +wbinfo_tool="$VALGRIND $samba_bindir/wbinfo" + +UPN1="$UPN_NAME1@$REALM" +UPN2="$UPN_NAME2@$REALM" + +. $(dirname $0)/../../testprogs/blackbox/subunit.sh + +test_user_info() +{ + local cmd out ret user domain upn userinfo + + domain="$1" + user="$2" + upn="$3" + + if [ $# -lt 3 ]; then + userinfo="$domain/$user" + else + userinfo="$upn" + fi + + cmd='$wbinfo_tool --user-info $userinfo' + eval echo "$cmd" + out=$(eval $cmd) + ret=$? + if [ $ret -ne 0 ]; then + echo "failed to lookup $userinfo" + echo "$out" + return 1 + fi + + echo "$out" | grep "$domain/$user:.*:.*:.*::/home/$domain/Domain Users/$user" + ret=$? + if [ $ret != 0 ]; then + echo "failed to lookup $userinfo" + echo "$out" + return 1 + fi + + return 0 +} + +testit "name_to_sid.domain.$USERNAME1" $wbinfo_tool --name-to-sid $DOMAIN/$USERNAME1 || failed=$(expr $failed + 1) +testit "name_to_sid.upn.$UPN_NAME1" $wbinfo_tool --name-to-sid $UPN1 || failed=$(expr $failed + 1) + +testit "user_info.domain.$USERNAME1" test_user_info $DOMAIN $USERNAME1 || failed=$(expr $failed + 1) +testit "user_info.upn.$UPN_NAME1" test_user_info $DOMAIN $USERNAME1 $UPN1 || failed=$(expr $failed + 1) + +testit "name_to_sid.domain.$USERNAME2" $wbinfo_tool --name-to-sid $DOMAIN/$USERNAME2 || failed=$(expr $failed + 1) +testit "name_to_sid.upn.$UPN_NAME2" $wbinfo_tool --name-to-sid $UPN2 || failed=$(expr $failed + 1) + +testit "user_info.domain.$USERNAME2" test_user_info $DOMAIN $USERNAME2 || failed=$(expr $failed + 1) +testit "user_info.upn.$UPN_NAME2" test_user_info $DOMAIN $USERNAME2 $UPN2 || failed=$(expr $failed + 1) + +USERNAME3="testdenied" +UPN_NAME3="testdenied_upn" +UPN3="$UPN_NAME3@${REALM}.upn" +testit "name_to_sid.upn.$UPN_NAME3" $wbinfo_tool --name-to-sid $UPN3 || failed=$(expr $failed + 1) +testit "user_info.upn.$UPN_NAME3" test_user_info $DOMAIN $USERNAME3 $UPN3 || failed=$(expr $failed + 1) + +exit $failed diff --git a/selftest/knownfail.d/upn_handling b/selftest/knownfail.d/upn_handling new file mode 100644 index 0000000..bcbedb4 --- /dev/null +++ b/selftest/knownfail.d/upn_handling @@ -0,0 +1,8 @@ +^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.ad_member +^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.ad_member +^samba3\.wbinfo_user_info\.user_info\.domain\.alice.fl2008r2dc +^samba3\.wbinfo_user_info\.user_info\.upn\.alice.fl2008r2dc +^samba3\.wbinfo_user_info\.user_info\.domain\.jane.fl2008r2dc +^samba3\.wbinfo_user_info\.user_info\.upn\.jane\.doe.fl2008r2dc +^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.fl2008r2dc +^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.fl2008r2dc diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 1f80f86..52c7d3e 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -2425,6 +2425,9 @@ sub wait_for_start($$$$$) $netcmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' "; $netcmd .= Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} "; + $cmd = $netcmd . "groupmap delete ntgroup=domusers"; + $ret = system($cmd); + $cmd = $netcmd . "groupmap add rid=513 unixgroup=domusers type=domain"; $ret = system($cmd); if ($ret != 0) { @@ -2432,6 +2435,9 @@ sub wait_for_start($$$$$) return 1; } + $cmd = $netcmd . "groupmap delete ntgroup=domadmins"; + $ret = system($cmd); + $cmd = $netcmd . "groupmap add rid=512 unixgroup=domadmins type=domain"; $ret = system($cmd); if ($ret != 0) { @@ -2439,6 +2445,9 @@ sub wait_for_start($$$$$) return 1; } + $cmd = $netcmd . "groupmap delete ntgroup=everyone"; + $ret = system($cmd); + $cmd = $netcmd . "groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin"; $ret = system($cmd); if ($ret != 0) { diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index c161ee0..d6d67f5 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -847,7 +847,7 @@ userPrincipalName: testdenied_upn\@$ctx->{realm}.upn } # Create to users alice and bob! - my $user_account_array = ["alice", "bob"]; + my $user_account_array = ["alice", "bob", "jane"]; foreach my $user_account (@{$user_account_array}) { my $samba_tool_cmd = ""; @@ -862,6 +862,23 @@ userPrincipalName: testdenied_upn\@$ctx->{realm}.upn } } + my $ldbmodify = ""; + $ldbmodify .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $ldbmodify .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" "; + $ldbmodify .= Samba::bindir_path($self, "ldbmodify"); + + my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm})); + my $user_dn = "cn=jane,cn=users,$base_dn"; + + open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb"); + print LDIF "dn: $user_dn +changetype: modify +replace: userPrincipalName +userPrincipalName: jane.doe\@$ctx->{realm} +- +"; + close(LDIF); + return $ret; } diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 546e97b..f2b2df1 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -941,8 +941,11 @@ NTSTATUS fset_nt_acl_common( } psd->revision = orig_psd->revision; - /* All our SD's are self relative. */ - psd->type = orig_psd->type | SEC_DESC_SELF_RELATIVE; + if (security_info_sent & SECINFO_DACL) { + psd->type = orig_psd->type; + /* All our SD's are self relative. */ + psd->type |= SEC_DESC_SELF_RELATIVE; + } if ((security_info_sent & SECINFO_OWNER) && (orig_psd->owner_sid != NULL)) { if (!dom_sid_equal(orig_psd->owner_sid, psd->owner_sid)) { diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 172d330..ac21284 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -210,7 +210,21 @@ plantestsuite("samba3.wbinfo_simple.(%s:local).%s" % (env, t), "%s:local" % env, plantestsuite("samba3.wbinfo_name_lookup", env, [ os.path.join(srcdir(), "nsswitch/tests/test_wbinfo_name_lookup.sh"), - '$DOMAIN', '$DC_USERNAME' ]) + '$DOMAIN', '$REALM', '$DC_USERNAME' ]) + +env = "ad_member:local" +plantestsuite("samba3.wbinfo_user_info", env, + [ os.path.join(srcdir(), + "nsswitch/tests/test_wbinfo_user_info.sh"), + '$DOMAIN', '$REALM', 'alice', 'alice', 'jane', 'jane.doe' ]) + +env = "fl2008r2dc:local" +plantestsuite("samba3.wbinfo_user_info", env, + [ os.path.join(srcdir(), + "nsswitch/tests/test_wbinfo_user_info.sh"), + '$TRUST_DOMAIN', '$TRUST_REALM', 'alice', 'alice', 'jane', 'jane.doe' ]) + +env = "ad_member" t = "WBCLIENT-MULTI-PING" plantestsuite("samba3.smbtorture_s3.%s" % t, env, [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//foo/bar', '""', '""', smbtorture3, ""]) plantestsuite("samba3.substitutions", env, [os.path.join(samba3srcdir, "script/tests/test_substitutions.sh"), "$SERVER", "alice", "Secret007", "$PREFIX"]) diff --git a/source3/winbindd/wb_lookupname.c b/source3/winbindd/wb_lookupname.c index 1dd6b68..c7b027b 100644 --- a/source3/winbindd/wb_lookupname.c +++ b/source3/winbindd/wb_lookupname.c @@ -35,7 +35,9 @@ static void wb_lookupname_done(struct tevent_req *subreq); struct tevent_req *wb_lookupname_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - const char *dom_name, const char *name, + const char *namespace, + const char *dom_name, + const char *name, uint32_t flags) { struct tevent_req *req, *subreq; @@ -61,9 +63,9 @@ struct tevent_req *wb_lookupname_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } - domain = find_lookup_domain_from_name(state->dom_name); + domain = find_lookup_domain_from_name(namespace); if (domain == NULL) { - DEBUG(5, ("Could not find domain for %s\n", state->dom_name)); + DEBUG(5, ("Could not find domain for %s\n", namespace)); tevent_req_nterror(req, NT_STATUS_NONE_MAPPED); return tevent_req_post(req, ev); } diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c index a2a4493..0d21e55 100644 --- a/source3/winbindd/wb_xids2sids.c +++ b/source3/winbindd/wb_xids2sids.c @@ -185,6 +185,7 @@ static void wb_xids2sids_init_dom_maps_lookupname_next( subreq = wb_lookupname_send(state, state->ev, dom_maps[state->dom_idx].name, + dom_maps[state->dom_idx].name, "", LOOKUP_NAME_NO_NSS); if (tevent_req_nomem(subreq, state->req)) { diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 9f9e878..2778e27 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -3221,7 +3221,8 @@ bool lookup_cached_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, return NT_STATUS_IS_OK(status); } -bool lookup_cached_name(const char *domain_name, +bool lookup_cached_name(const char *namespace, + const char *domain_name, const char *name, struct dom_sid *sid, enum lsa_SidType *type) @@ -3230,7 +3231,7 @@ bool lookup_cached_name(const char *domain_name, NTSTATUS status; bool original_online_state; - domain = find_lookup_domain_from_name(domain_name); + domain = find_lookup_domain_from_name(namespace); if (domain == NULL) { return false; } diff --git a/source3/winbindd/winbindd_ccache_access.c b/source3/winbindd/winbindd_ccache_access.c index 039e653..ddeaf1d 100644 --- a/source3/winbindd/winbindd_ccache_access.c +++ b/source3/winbindd/winbindd_ccache_access.c @@ -43,8 +43,9 @@ static bool client_can_access_ccache_entry(uid_t client_uid, return False; } -static NTSTATUS do_ntlm_auth_with_stored_pw(const char *username, +static NTSTATUS do_ntlm_auth_with_stored_pw(const char *namespace, const char *domain, + const char *username, const char *password, const DATA_BLOB initial_msg, const DATA_BLOB challenge_msg, @@ -182,11 +183,12 @@ static bool check_client_uid(struct winbindd_cli_state *state, uid_t uid) void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state) { struct winbindd_domain *domain; - fstring name_domain, name_user; + fstring name_namespace, name_domain, name_user; NTSTATUS result = NT_STATUS_NOT_SUPPORTED; struct WINBINDD_MEMORY_CREDS *entry; DATA_BLOB initial, challenge, auth; uint32_t initial_blob_len, challenge_blob_len, extra_len; + bool ok; /* Ensure null termination */ state->request->data.ccache_ntlm_auth.user[ @@ -197,8 +199,11 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state) /* Parse domain and username */ - if (!canonicalize_username(state->request->data.ccache_ntlm_auth.user, - name_domain, name_user)) { + ok = canonicalize_username(state->request->data.ccache_ntlm_auth.user, + name_namespace, + name_domain, + name_user); + if (!ok) { DEBUG(5,("winbindd_ccache_ntlm_auth: cannot parse domain and user from name [%s]\n", state->request->data.ccache_ntlm_auth.user)); request_error(state); @@ -238,7 +243,11 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state) } /* Parse domain and username */ - if (!parse_domain_user(state->request->data.ccache_ntlm_auth.user, name_domain, name_user)) { + ok = parse_domain_user(state->request->data.ccache_ntlm_auth.user, + name_namespace, + name_domain, + name_user); + if (!ok) { DEBUG(10,("winbindd_dual_ccache_ntlm_auth: cannot parse " "domain and user from name [%s]\n", state->request->data.ccache_ntlm_auth.user)); @@ -273,10 +282,16 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state) state->request->data.ccache_ntlm_auth.challenge_blob_len); result = do_ntlm_auth_with_stored_pw( - name_user, name_domain, entry->pass, - initial, challenge, talloc_tos(), &auth, - state->response->data.ccache_ntlm_auth.session_key, - &state->response->data.ccache_ntlm_auth.new_spnego); + name_namespace, + name_domain, + name_user, + entry->pass, + initial, + challenge, + talloc_tos(), + &auth, + state->response->data.ccache_ntlm_auth.session_key, + &state->response->data.ccache_ntlm_auth.new_spnego); if (!NT_STATUS_IS_OK(result)) { goto process_result; @@ -304,8 +319,9 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state) void winbindd_ccache_save(struct winbindd_cli_state *state) { struct winbindd_domain *domain; - fstring name_domain, name_user; + fstring name_namespace, name_domain, name_user; NTSTATUS status; + bool ok; /* Ensure null termination */ state->request->data.ccache_save.user[ @@ -319,8 +335,11 @@ void winbindd_ccache_save(struct winbindd_cli_state *state) /* Parse domain and username */ - if (!canonicalize_username(state->request->data.ccache_save.user, - name_domain, name_user)) { + ok = canonicalize_username(state->request->data.ccache_save.user, + name_namespace, + name_domain, + name_user); + if (!ok) { DEBUG(5,("winbindd_ccache_save: cannot parse domain and user " "from name [%s]\n", state->request->data.ccache_save.user)); diff --git a/source3/winbindd/winbindd_creds.c b/source3/winbindd/winbindd_creds.c index 15cca55..2d7aacf 100644 --- a/source3/winbindd/winbindd_creds.c +++ b/source3/winbindd/winbindd_creds.c @@ -76,7 +76,8 @@ NTSTATUS winbindd_store_creds(struct winbindd_domain *domain, enum lsa_SidType type; - if (!lookup_cached_name(domain->name, + if (!lookup_cached_name(domain->name, /* namespace */ + domain->name, user, &cred_sid, &type)) { diff --git a/source3/winbindd/winbindd_getgrnam.c b/source3/winbindd/winbindd_getgrnam.c index 02d9abc..37c205d 100644 --- a/source3/winbindd/winbindd_getgrnam.c -- Samba Shared Repository