You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

216 lines
7.2 KiB

From 091731ca7cc89c10f698a8d52e0ade1a07bde0d3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 2 Jul 2018 16:18:52 +0200
Subject: [PATCH 1/2] nsswitch: Add tests to lookup user via getpwnam
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 8e96e9ea46351de34ad5cac9a9a9ece4226b462c)
---
nsswitch/tests/test_wbinfo_user_info.sh | 71 ++++++++++++++++++++++++++++-----
selftest/knownfail.d/upn_handling | 2 +
source3/selftest/tests.py | 4 +-
3 files changed, 66 insertions(+), 11 deletions(-)
diff --git a/nsswitch/tests/test_wbinfo_user_info.sh b/nsswitch/tests/test_wbinfo_user_info.sh
index 2803ac1408b..da30f97be74 100755
--- a/nsswitch/tests/test_wbinfo_user_info.sh
+++ b/nsswitch/tests/test_wbinfo_user_info.sh
@@ -2,19 +2,20 @@
# Blackbox test for wbinfo lookup for account name and upn
# Copyright (c) 2018 Andreas Schneider <asn@samba.org>
-if [ $# -lt 5 ]; then
+if [ $# -lt 6 ]; then
cat <<EOF
-Usage: $(basename $0) DOMAIN REALM USERNAME1 UPN_NAME1 USERNAME2 UPN_NAME2
+Usage: $(basename $0) DOMAIN REALM OWN_DOMAIN USERNAME1 UPN_NAME1 USERNAME2 UPN_NAME2
EOF
exit 1;
fi
DOMAIN=$1
REALM=$2
-USERNAME1=$3
-UPN_NAME1=$4
-USERNAME2=$5
-UPN_NAME2=$6
+OWN_DOMAIN=$3
+USERNAME1=$4
+UPN_NAME1=$5
+USERNAME2=$6
+UPN_NAME2=$7
shift 6
failed=0
@@ -31,9 +32,9 @@ test_user_info()
{
local cmd out ret user domain upn userinfo
- domain="$1"
- user="$2"
- upn="$3"
+ local domain="$1"
+ local user="$2"
+ local upn="$3"
if [ $# -lt 3 ]; then
userinfo="$domain/$user"
@@ -62,6 +63,39 @@ test_user_info()
return 0
}
+test_getpwnam()
+{
+ local cmd out ret
+
+ local lookup_username=$1
+ local expected_return=$2
+ local expected_output=$3
+
+ cmd='getent passwd $lookup_username'
+ eval echo "$cmd"
+ out=$(eval $cmd)
+ ret=$?
+
+ if [ $ret -ne $expected_return ]; then
+ echo "return code: $ret, expected return code is: $expected_return"
+ echo "$out"
+ return 1
+ fi
+
+ if [ -n "$expected_output" ]; then
+ echo "$out" | grep "$expected_output"
+ ret=$?
+
+ if [ $ret -ne 0 ]; then
+ echo "Unable to find $expected_output in:"
+ echo "$out"
+ return 1
+ fi
+ fi
+
+ return 0
+}
+
testit "name_to_sid.domain.$USERNAME1" $wbinfo_tool --name-to-sid $DOMAIN/$USERNAME1 || failed=$(expr $failed + 1)
testit "name_to_sid.upn.$UPN_NAME1" $wbinfo_tool --name-to-sid $UPN1 || failed=$(expr $failed + 1)
@@ -80,4 +114,23 @@ UPN3="$UPN_NAME3@${REALM}.upn"
testit "name_to_sid.upn.$UPN_NAME3" $wbinfo_tool --name-to-sid $UPN3 || failed=$(expr $failed + 1)
testit "user_info.upn.$UPN_NAME3" test_user_info $DOMAIN $USERNAME3 $UPN3 || failed=$(expr $failed + 1)
+testit "getpwnam.domain.$DOMAIN.$USERNAME1" test_getpwnam "$DOMAIN/$USERNAME1" 0 "$DOMAIN/$USERNAME1" || failed=$(expr $failed + 1)
+
+testit "getpwnam.upn.$UPN_NAME1" test_getpwnam "$UPN1" 0 "$DOMAIN/$USERNAME1" || failed=$(expr $failed + 1)
+
+# We should not be able to lookup the user just by the name
+test_ret=0
+test_output="$DOMAIN/$USERNAME1"
+
+if [ "$ENVNAME" = "ad_member" ]; then
+ test_ret=2
+ test_output=""
+fi
+if [ "$ENVNAME" = "fl2008r2dc" ]; then
+ test_ret=0
+ test_output="$OWN_DOMAIN/$USERNAME1"
+fi
+
+testit "getpwnam.local.$USERNAME1" test_getpwnam "$USERNAME1" $test_ret $test_output || failed=$(expr $failed + 1)
+
exit $failed
diff --git a/selftest/knownfail.d/upn_handling b/selftest/knownfail.d/upn_handling
index bcbedb4f903..7dc9b71dc5e 100644
--- a/selftest/knownfail.d/upn_handling
+++ b/selftest/knownfail.d/upn_handling
@@ -1,8 +1,10 @@
^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.ad_member
^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.ad_member
+^samba3\.wbinfo_user_info\.getpwnam\.local\.alice.ad_member
^samba3\.wbinfo_user_info\.user_info\.domain\.alice.fl2008r2dc
^samba3\.wbinfo_user_info\.user_info\.upn\.alice.fl2008r2dc
^samba3\.wbinfo_user_info\.user_info\.domain\.jane.fl2008r2dc
^samba3\.wbinfo_user_info\.user_info\.upn\.jane\.doe.fl2008r2dc
^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.fl2008r2dc
^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.fl2008r2dc
+^samba3\.wbinfo_user_info\.getpwnam\.local\.alice.fl2008r2dc
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index f43d2b14d3a..a9cb2dad792 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -216,13 +216,13 @@ env = "ad_member:local"
plantestsuite("samba3.wbinfo_user_info", env,
[ os.path.join(srcdir(),
"nsswitch/tests/test_wbinfo_user_info.sh"),
- '$DOMAIN', '$REALM', 'alice', 'alice', 'jane', 'jane.doe' ])
+ '$DOMAIN', '$REALM', '$DOMAIN', 'alice', 'alice', 'jane', 'jane.doe' ])
env = "fl2008r2dc:local"
plantestsuite("samba3.wbinfo_user_info", env,
[ os.path.join(srcdir(),
"nsswitch/tests/test_wbinfo_user_info.sh"),
- '$TRUST_DOMAIN', '$TRUST_REALM', 'alice', 'alice', 'jane', 'jane.doe' ])
+ '$TRUST_DOMAIN', '$TRUST_REALM', '$DOMAIN', 'alice', 'alice', 'jane', 'jane.doe' ])
env = "ad_member"
t = "WBCLIENT-MULTI-PING"
--
2.13.6
From 495f43f5fa972076de996f9c639657672e378c7d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 2 Jul 2018 16:38:01 +0200
Subject: [PATCH 2/2] s3:winbind: Do not lookup local system accounts in AD
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 4 23:55:56 CEST 2018 on sn-devel-144
(cherry picked from commit 9f28d30633af721efec02d8816a9fa48f795a01c)
---
selftest/knownfail.d/upn_handling | 2 --
source3/winbindd/winbindd_util.c | 2 ++
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/selftest/knownfail.d/upn_handling b/selftest/knownfail.d/upn_handling
index 7dc9b71dc5e..bcbedb4f903 100644
--- a/selftest/knownfail.d/upn_handling
+++ b/selftest/knownfail.d/upn_handling
@@ -1,10 +1,8 @@
^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.ad_member
^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.ad_member
-^samba3\.wbinfo_user_info\.getpwnam\.local\.alice.ad_member
^samba3\.wbinfo_user_info\.user_info\.domain\.alice.fl2008r2dc
^samba3\.wbinfo_user_info\.user_info\.upn\.alice.fl2008r2dc
^samba3\.wbinfo_user_info\.user_info\.domain\.jane.fl2008r2dc
^samba3\.wbinfo_user_info\.user_info\.upn\.jane\.doe.fl2008r2dc
^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.fl2008r2dc
^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.fl2008r2dc
-^samba3\.wbinfo_user_info\.getpwnam\.local\.alice.fl2008r2dc
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index aa633419c9a..7a5fb73cdef 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1605,6 +1605,8 @@ bool parse_domain_user(const char *domuser,
} else if (assume_domain(lp_workgroup())) {
fstrcpy(domain, lp_workgroup());
fstrcpy(namespace, domain);
+ } else {
+ fstrcpy(namespace, lp_netbios_name());
}
}
--
2.13.6