The branch, master has been updated
via 6dc463d3e2e s3:auth: Fix user_in_list() for UNIX groups
via af8747a28bd s3:tests Test "username map" for UNIX groups
via 0feeb6d58a6 selftest: Add to "username.map" mapping for
jackthemappergroup
via 26e4268d6e3 selftest: Create groups "jackthemappergroup" and
"jacknomappergroup"
via 1b014618222 selftest: Create users "jackthemapper" and
"jacknomapper"
from a27bbfc8a96 streams_depot: Simplify stream_dir()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6dc463d3e2eb229df1c4f620cfcaf22ac71738d4
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Fri Mar 25 11:11:50 2022 +0100
s3:auth: Fix user_in_list() for UNIX groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Noel Power <npo...@samba.org>
Autobuild-User(master): Noel Power <npo...@samba.org>
Autobuild-Date(master): Thu Apr 7 09:49:44 UTC 2022 on sn-devel-184
commit af8747a28bd62937a01fa4648f404bd0b09a44c0
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Tue Apr 5 14:04:52 2022 +0200
s3:tests Test "username map" for UNIX groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Noel Power <npo...@samba.org>
commit 0feeb6d58a6d6b1949faa842473053af4562c979
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Tue Apr 5 08:31:41 2022 +0200
selftest: Add to "username.map" mapping for jackthemappergroup
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Only for environment ad_member_idmap_nss.
* !jacknompapper = \@jackthemappergroup
jackthemaper from group jackthemappergroup is mapped to jacknompapper
* !root = jacknomappergroup
since there is no '@' or '+' prefix, it is not an UNIX group mapping
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Noel Power <npo...@samba.org>
commit 26e4268d6e3bde74520e36f3ca3cc9d979292d1d
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Tue Apr 5 08:30:23 2022 +0200
selftest: Create groups "jackthemappergroup" and "jacknomappergroup"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Noel Power <npo...@samba.org>
commit 1b0146182224fe01ed70815364656a626038685a
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Fri Apr 1 15:56:30 2022 +0200
selftest: Create users "jackthemapper" and "jacknomapper"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Reviewed-by: Noel Power <npo...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/target/Samba3.pm | 22 ++++++++++++++++++++--
source3/auth/user_util.c | 12 +++++++-----
source3/script/tests/test_usernamemap.sh | 28 ++++++++++++++++++++++++++++
source3/selftest/tests.py | 2 ++
4 files changed, 57 insertions(+), 7 deletions(-)
create mode 100755 source3/script/tests/test_usernamemap.sh
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 068d3b1f06e..4a86a77bb95 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1569,8 +1569,10 @@ sub setup_ad_member_idmap_nss
my $extra_member_options = "
# bob:x:65521:65531:localbob gecos:/:/bin/false
# jane:x:65520:65531:localjane gecos:/:/bin/false
+ # jackthemapper:x:65519:65531:localjackthemaper gecos:/:/bin/false
+ # jacknomapper:x:65518:65531:localjacknomaper gecos:/:/bin/false
idmap config $dcvars->{DOMAIN} : backend = nss
- idmap config $dcvars->{DOMAIN} : range = 65520-65521
+ idmap config $dcvars->{DOMAIN} : range = 65518-65521
# Support SMB1 so that we can use posix_whoami().
client min protocol = CORE
@@ -1591,6 +1593,8 @@ sub setup_ad_member_idmap_nss
open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open
$prefix/lib/username.map");
print USERMAP "
+!jacknomapper = \@jackthemappergroup
+!root = jacknomappergroup
root = $dcvars->{DOMAIN}/root
bob = $dcvars->{DOMAIN}/bob
";
@@ -2663,6 +2667,8 @@ sub provision($$)
my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers,
$gid_domadmins);
my ($gid_userdup, $gid_everyone);
my ($gid_force_user);
+ my ($gid_jackthemapper);
+ my ($gid_jacknomapper);
my ($uid_user1);
my ($uid_user2);
my ($uid_gooduser);
@@ -2670,6 +2676,8 @@ sub provision($$)
my ($uid_slashuser);
my ($uid_localbob);
my ($uid_localjane);
+ my ($uid_localjackthemapper);
+ my ($uid_localjacknomapper);
if ($unix_uid < 0xffff - 13) {
$max_uid = 0xffff;
@@ -2692,6 +2700,8 @@ sub provision($$)
$uid_slashuser = $max_uid - 13;
$uid_localbob = $max_uid - 14;
$uid_localjane = $max_uid - 15;
+ $uid_localjackthemapper = $max_uid - 16;
+ $uid_localjacknomapper = $max_uid - 17;
if ($unix_gids[0] < 0xffff - 8) {
$max_gid = 0xffff;
@@ -2707,6 +2717,8 @@ sub provision($$)
$gid_userdup = $max_gid - 6;
$gid_everyone = $max_gid - 7;
$gid_force_user = $max_gid - 8;
+ $gid_jackthemapper = $max_gid - 9;
+ $gid_jacknomapper = $max_gid - 10;
##
## create conffile
@@ -3436,6 +3448,8 @@ eviluser:x:$uid_eviluser:$gid_domusers:eviluser
gecos::/bin/false
slashuser:x:$uid_slashuser:$gid_domusers:slashuser gecos:/:/bin/false
bob:x:$uid_localbob:$gid_domusers:localbob gecos:/:/bin/false
jane:x:$uid_localjane:$gid_domusers:localjane gecos:/:/bin/false
+jackthemapper:x:$uid_localjackthemapper:$gid_domusers:localjackthemaper
gecos:/:/bin/false
+jacknomapper:x:$uid_localjacknomapper:$gid_domusers:localjacknomaper
gecos:/:/bin/false
";
if ($unix_uid != 0) {
print PASSWD "root:x:$uid_root:$gid_root:root
gecos:$prefix_abs:/bin/false
@@ -3455,6 +3469,8 @@ domadmins:X:$gid_domadmins:
userdup:x:$gid_userdup:$unix_name
everyone:x:$gid_everyone:
force_user:x:$gid_force_user:
+jackthemappergroup:x:$gid_jackthemapper:jackthemapper
+jacknomappergroup:x:$gid_jacknomapper:jacknomapper
";
if ($unix_gids[0] != 0) {
print GROUP "root:x:$gid_root:
@@ -3500,6 +3516,8 @@ force_user:x:$gid_force_user:
createuser($self, "gooduser", $password, $conffile, \%createuser_env)
|| die("Unable to create gooduser");
createuser($self, "eviluser", $password, $conffile, \%createuser_env)
|| die("Unable to create eviluser");
createuser($self, "slashuser", $password, $conffile, \%createuser_env)
|| die("Unable to create slashuser");
+ createuser($self, "jackthemapper", "mApsEcrEt", $conffile,
\%createuser_env) || die("Unable to create jackthemapper");
+ createuser($self, "jacknomapper", "nOmApsEcrEt", $conffile,
\%createuser_env) || die("Unable to create jacknomapper");
open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to
open $$prefix/dns_update_list");
print DNS_UPDATE_LIST "A $server. $server_ip\n";
@@ -4012,4 +4030,4 @@ sub wait_for_start_ctdb($$)
return 1;
}
-1;
\ No newline at end of file
+1;
diff --git a/source3/auth/user_util.c b/source3/auth/user_util.c
index 70b4f320c5e..aa765c2a692 100644
--- a/source3/auth/user_util.c
+++ b/source3/auth/user_util.c
@@ -143,11 +143,11 @@ bool user_in_list(TALLOC_CTX *ctx, const char *user,
const char * const *list)
return false;
}
- DBG_DEBUG("Checking user %s in list\n", user);
-
while (*list) {
const char *p = *list;
- bool ok;
+ bool check_unix_group = false;
+
+ DBG_DEBUG("Checking user '%s' in list '%s'.\n", user, *list);
/* Check raw username */
if (strequal(user, p)) {
@@ -155,11 +155,13 @@ bool user_in_list(TALLOC_CTX *ctx, const char *user,
const char * const *list)
}
while (*p == '@' || *p == '&' || *p == '+') {
+ if (*p == '@' || *p == '+') {
+ check_unix_group = true;
+ }
p++;
}
- ok = user_in_group(user, p);
- if (ok) {
+ if (check_unix_group && user_in_group(user, p)) {
return true;
}
diff --git a/source3/script/tests/test_usernamemap.sh
b/source3/script/tests/test_usernamemap.sh
new file mode 100755
index 00000000000..3a3344a8781
--- /dev/null
+++ b/source3/script/tests/test_usernamemap.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# Copyright (c) 2022 Pavel Filipenský <pfili...@redhat.com>
+#
+# Tests for "username map" smb.conf parameter for UNIX groups
+
+if [ $# -lt 2 ]; then
+cat <<EOF
+Usage: test_usernamemap.sh SERVER SMBCLIENT
+EOF
+exit 1;
+fi
+
+SERVER="$1"
+SMBCLIENT="$2"
+SMBCLIENT="${VALGRIND} ${SMBCLIENT}"
+
+incdir=$(dirname "$0")/../../../testprogs/blackbox
+. "${incdir}"/subunit.sh
+
+failed=0
+
+# jackthemapper is mapped to jacknomapper, so we need jacknomapper password
+testit "jackthemapper" "${SMBCLIENT}" //"${SERVER}"/tmp
-U"${SERVER}/jackthemapper%nOmApsEcrEt" -c ls || failed=$((failed + 1))
+# jacknomapper is not mapped, so we need jacknomapper password
+testit "jacknomapper" "${SMBCLIENT}" //"${SERVER}"/tmp
-U"${SERVER}/jacknomapper%nOmApsEcrEt" -c ls || failed=$((failed + 1))
+
+testok "$0" "${failed}"
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 199ebf23a57..bddc26a95db 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -401,6 +401,8 @@ plantestsuite("samba3.blackbox.smbclient_basic.SMB2_10",
"nt4_dc_schannel", [os.
plantestsuite("samba3.blackbox.smbclient_basic.SMB3_02", "nt4_dc_schannel",
[os.path.join(samba3srcdir, "script/tests/test_smbclient_basic.sh"), '$SERVER',
'$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', smbclient3, configuration,
"-mSMB3_02"])
plantestsuite("samba3.blackbox.smbclient_basic.SMB3_11", "nt4_dc_schannel",
[os.path.join(samba3srcdir, "script/tests/test_smbclient_basic.sh"), '$SERVER',
'$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', smbclient3, configuration,
"-mSMB3_11"])
+plantestsuite("samba3.blackbox.smbclient_usernamemap",
"ad_member_idmap_nss:local", [os.path.join(samba3srcdir,
"script/tests/test_usernamemap.sh"), '$SERVER', smbclient3])
+
plantestsuite("samba3.blackbox.smbclient_basic", "ad_member",
[os.path.join(samba3srcdir, "script/tests/test_smbclient_basic.sh"), '$SERVER',
'$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', smbclient3, configuration])
for options in ["", "--option=clientntlmv2auth=no",
"--option=clientusespnego=no", "--option=clientusespnego=no
--option=clientntlmv2auth=no", "--option=clientntlmv2auth=no
--option=clientlanmanauth=yes --max-protocol=LANMAN2",
"--option=clientntlmv2auth=no --option=clientlanmanauth=yes
--option=clientmaxprotocol=NT1"]:
if "NT1" in options or "LANMAN2" in options:
--
Samba Shared Repository
