From 2c35258a318f2a000fd860d8762dbf33f9668c59 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 2 Jul 2018 16:18:52 +0200 Subject: [PATCH 1/3] nsswitch: Add tests to lookup user via getpwnam BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme (cherry picked from commit 8e96e9ea46351de34ad5cac9a9a9ece4226b462c) --- nsswitch/tests/test_wbinfo_user_info.sh | 71 +++++++++++++++++++++---- selftest/knownfail.d/upn_handling | 2 + source3/selftest/tests.py | 4 +- 3 files changed, 66 insertions(+), 11 deletions(-) diff --git a/nsswitch/tests/test_wbinfo_user_info.sh b/nsswitch/tests/test_wbinfo_user_info.sh index 2803ac1408b..da30f97be74 100755 --- a/nsswitch/tests/test_wbinfo_user_info.sh +++ b/nsswitch/tests/test_wbinfo_user_info.sh @@ -2,19 +2,20 @@ # Blackbox test for wbinfo lookup for account name and upn # Copyright (c) 2018 Andreas Schneider -if [ $# -lt 5 ]; then +if [ $# -lt 6 ]; then cat < Date: Mon, 2 Jul 2018 16:38:01 +0200 Subject: [PATCH 2/3] s3:winbind: Do not lookup local system accounts in AD BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme (cherry picked from commit 9f28d30633af721efec02d8816a9fa48f795a01c) --- selftest/knownfail.d/upn_handling | 2 -- source3/winbindd/winbindd_util.c | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/selftest/knownfail.d/upn_handling b/selftest/knownfail.d/upn_handling index 7dc9b71dc5e..bcbedb4f903 100644 --- a/selftest/knownfail.d/upn_handling +++ b/selftest/knownfail.d/upn_handling @@ -1,10 +1,8 @@ ^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.ad_member ^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.ad_member -^samba3\.wbinfo_user_info\.getpwnam\.local\.alice.ad_member ^samba3\.wbinfo_user_info\.user_info\.domain\.alice.fl2008r2dc ^samba3\.wbinfo_user_info\.user_info\.upn\.alice.fl2008r2dc ^samba3\.wbinfo_user_info\.user_info\.domain\.jane.fl2008r2dc ^samba3\.wbinfo_user_info\.user_info\.upn\.jane\.doe.fl2008r2dc ^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.fl2008r2dc ^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.fl2008r2dc -^samba3\.wbinfo_user_info\.getpwnam\.local\.alice.fl2008r2dc diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index aa633419c9a..7a5fb73cdef 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -1605,6 +1605,8 @@ bool parse_domain_user(const char *domuser, } else if (assume_domain(lp_workgroup())) { fstrcpy(domain, lp_workgroup()); fstrcpy(namespace, domain); + } else { + fstrcpy(namespace, lp_netbios_name()); } } -- 2.18.0 From 46cfc61bbe2a99a1767af7ea9a97e70398a72a1f Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 6 Jul 2018 14:07:37 +0200 Subject: [PATCH 3/3] nsswitch: Use a swtich in the wbinfo test to lookup users BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme (cherry picked from commit 77be96379bcef56ea580010f1d60fe54e5647ff4) --- nsswitch/tests/test_wbinfo_user_info.sh | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/nsswitch/tests/test_wbinfo_user_info.sh b/nsswitch/tests/test_wbinfo_user_info.sh index da30f97be74..8158ead5a4b 100755 --- a/nsswitch/tests/test_wbinfo_user_info.sh +++ b/nsswitch/tests/test_wbinfo_user_info.sh @@ -118,18 +118,21 @@ testit "getpwnam.domain.$DOMAIN.$USERNAME1" test_getpwnam "$DOMAIN/$USERNAME1" 0 testit "getpwnam.upn.$UPN_NAME1" test_getpwnam "$UPN1" 0 "$DOMAIN/$USERNAME1" || failed=$(expr $failed + 1) -# We should not be able to lookup the user just by the name -test_ret=0 -test_output="$DOMAIN/$USERNAME1" - -if [ "$ENVNAME" = "ad_member" ]; then +case ${ENVNAME} in + ad_member*) + # We should not be able to lookup the user just by the name test_ret=2 test_output="" -fi -if [ "$ENVNAME" = "fl2008r2dc" ]; then + ;; + fl2008r2dc*) test_ret=0 test_output="$OWN_DOMAIN/$USERNAME1" -fi + ;; + *) + test_ret=0 + test_output="$DOMAIN/$USERNAME1" + ;; +esac testit "getpwnam.local.$USERNAME1" test_getpwnam "$USERNAME1" $test_ret $test_output || failed=$(expr $failed + 1) -- 2.18.0