From 2c35258a318f2a000fd860d8762dbf33f9668c59 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 2 Jul 2018 16:18:52 +0200
Subject: [PATCH 1/3] nsswitch: Add tests to lookup user via getpwnam

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 8e96e9ea46351de34ad5cac9a9a9ece4226b462c)
---
 nsswitch/tests/test_wbinfo_user_info.sh | 71 +++++++++++++++++++++----
 selftest/knownfail.d/upn_handling       |  2 +
 source3/selftest/tests.py               |  4 +-
 3 files changed, 66 insertions(+), 11 deletions(-)

diff --git a/nsswitch/tests/test_wbinfo_user_info.sh b/nsswitch/tests/test_wbinfo_user_info.sh
index 2803ac1408b..da30f97be74 100755
--- a/nsswitch/tests/test_wbinfo_user_info.sh
+++ b/nsswitch/tests/test_wbinfo_user_info.sh
@@ -2,19 +2,20 @@
 # Blackbox test for wbinfo lookup for account name and upn
 # Copyright (c) 2018 Andreas Schneider <asn@samba.org>
 
-if [ $# -lt 5 ]; then
+if [ $# -lt 6 ]; then
 cat <<EOF
-Usage: $(basename $0) DOMAIN REALM USERNAME1 UPN_NAME1 USERNAME2 UPN_NAME2
+Usage: $(basename $0) DOMAIN REALM OWN_DOMAIN USERNAME1 UPN_NAME1 USERNAME2 UPN_NAME2
 EOF
 exit 1;
 fi
 
 DOMAIN=$1
 REALM=$2
-USERNAME1=$3
-UPN_NAME1=$4
-USERNAME2=$5
-UPN_NAME2=$6
+OWN_DOMAIN=$3
+USERNAME1=$4
+UPN_NAME1=$5
+USERNAME2=$6
+UPN_NAME2=$7
 shift 6
 
 failed=0
@@ -31,9 +32,9 @@ test_user_info()
 {
 	local cmd out ret user domain upn userinfo
 
-	domain="$1"
-	user="$2"
-	upn="$3"
+	local domain="$1"
+	local user="$2"
+	local upn="$3"
 
 	if [ $# -lt 3 ]; then
 		userinfo="$domain/$user"
@@ -62,6 +63,39 @@ test_user_info()
 	return 0
 }
 
+test_getpwnam()
+{
+	local cmd out ret
+
+	local lookup_username=$1
+	local expected_return=$2
+	local expected_output=$3
+
+	cmd='getent passwd $lookup_username'
+	eval echo "$cmd"
+	out=$(eval $cmd)
+	ret=$?
+
+	if [ $ret -ne $expected_return ]; then
+		echo "return code: $ret, expected return code is: $expected_return"
+		echo "$out"
+		return 1
+	fi
+
+	if [ -n "$expected_output" ]; then
+		echo "$out" | grep "$expected_output"
+		ret=$?
+
+		if [ $ret -ne 0 ]; then
+			echo "Unable to find $expected_output in:"
+			echo "$out"
+			return 1
+		fi
+	fi
+
+	return 0
+}
+
 testit "name_to_sid.domain.$USERNAME1" $wbinfo_tool --name-to-sid $DOMAIN/$USERNAME1 || failed=$(expr $failed + 1)
 testit "name_to_sid.upn.$UPN_NAME1" $wbinfo_tool --name-to-sid $UPN1 || failed=$(expr $failed + 1)
 
@@ -80,4 +114,23 @@ UPN3="$UPN_NAME3@${REALM}.upn"
 testit "name_to_sid.upn.$UPN_NAME3" $wbinfo_tool --name-to-sid $UPN3 || failed=$(expr $failed + 1)
 testit "user_info.upn.$UPN_NAME3" test_user_info $DOMAIN $USERNAME3 $UPN3 || failed=$(expr $failed + 1)
 
+testit "getpwnam.domain.$DOMAIN.$USERNAME1" test_getpwnam "$DOMAIN/$USERNAME1" 0 "$DOMAIN/$USERNAME1" || failed=$(expr $failed + 1)
+
+testit "getpwnam.upn.$UPN_NAME1" test_getpwnam "$UPN1" 0 "$DOMAIN/$USERNAME1" || failed=$(expr $failed + 1)
+
+# We should not be able to lookup the user just by the name
+test_ret=0
+test_output="$DOMAIN/$USERNAME1"
+
+if [ "$ENVNAME" = "ad_member" ]; then
+	test_ret=2
+	test_output=""
+fi
+if [ "$ENVNAME" = "fl2008r2dc" ]; then
+	test_ret=0
+	test_output="$OWN_DOMAIN/$USERNAME1"
+fi
+
+testit "getpwnam.local.$USERNAME1" test_getpwnam "$USERNAME1" $test_ret $test_output || failed=$(expr $failed + 1)
+
 exit $failed
diff --git a/selftest/knownfail.d/upn_handling b/selftest/knownfail.d/upn_handling
index bcbedb4f903..7dc9b71dc5e 100644
--- a/selftest/knownfail.d/upn_handling
+++ b/selftest/knownfail.d/upn_handling
@@ -1,8 +1,10 @@
 ^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.ad_member
 ^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.ad_member
+^samba3\.wbinfo_user_info\.getpwnam\.local\.alice.ad_member
 ^samba3\.wbinfo_user_info\.user_info\.domain\.alice.fl2008r2dc
 ^samba3\.wbinfo_user_info\.user_info\.upn\.alice.fl2008r2dc
 ^samba3\.wbinfo_user_info\.user_info\.domain\.jane.fl2008r2dc
 ^samba3\.wbinfo_user_info\.user_info\.upn\.jane\.doe.fl2008r2dc
 ^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.fl2008r2dc
 ^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.fl2008r2dc
+^samba3\.wbinfo_user_info\.getpwnam\.local\.alice.fl2008r2dc
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 9092c1776c8..95f3073b121 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -216,13 +216,13 @@ env = "ad_member:local"
 plantestsuite("samba3.wbinfo_user_info", env,
               [ os.path.join(srcdir(),
                             "nsswitch/tests/test_wbinfo_user_info.sh"),
-                '$DOMAIN', '$REALM', 'alice', 'alice', 'jane', 'jane.doe' ])
+                '$DOMAIN', '$REALM', '$DOMAIN', 'alice', 'alice', 'jane', 'jane.doe' ])
 
 env = "fl2008r2dc:local"
 plantestsuite("samba3.wbinfo_user_info", env,
               [ os.path.join(srcdir(),
                             "nsswitch/tests/test_wbinfo_user_info.sh"),
-                '$TRUST_DOMAIN', '$TRUST_REALM', 'alice', 'alice', 'jane', 'jane.doe' ])
+                '$TRUST_DOMAIN', '$TRUST_REALM', '$DOMAIN', 'alice', 'alice', 'jane', 'jane.doe' ])
 
 env = "ad_member"
 t = "WBCLIENT-MULTI-PING"
-- 
2.18.0


From 24738d9031370b3ff8080aa1e0adf87f904abd53 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 2 Jul 2018 16:38:01 +0200
Subject: [PATCH 2/3] s3:winbind: Do not lookup local system accounts in AD

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 9f28d30633af721efec02d8816a9fa48f795a01c)
---
 selftest/knownfail.d/upn_handling | 2 --
 source3/winbindd/winbindd_util.c  | 2 ++
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/selftest/knownfail.d/upn_handling b/selftest/knownfail.d/upn_handling
index 7dc9b71dc5e..bcbedb4f903 100644
--- a/selftest/knownfail.d/upn_handling
+++ b/selftest/knownfail.d/upn_handling
@@ -1,10 +1,8 @@
 ^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.ad_member
 ^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.ad_member
-^samba3\.wbinfo_user_info\.getpwnam\.local\.alice.ad_member
 ^samba3\.wbinfo_user_info\.user_info\.domain\.alice.fl2008r2dc
 ^samba3\.wbinfo_user_info\.user_info\.upn\.alice.fl2008r2dc
 ^samba3\.wbinfo_user_info\.user_info\.domain\.jane.fl2008r2dc
 ^samba3\.wbinfo_user_info\.user_info\.upn\.jane\.doe.fl2008r2dc
 ^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.fl2008r2dc
 ^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.fl2008r2dc
-^samba3\.wbinfo_user_info\.getpwnam\.local\.alice.fl2008r2dc
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index aa633419c9a..7a5fb73cdef 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1605,6 +1605,8 @@ bool parse_domain_user(const char *domuser,
 		} else if (assume_domain(lp_workgroup())) {
 			fstrcpy(domain, lp_workgroup());
 			fstrcpy(namespace, domain);
+		} else {
+			fstrcpy(namespace, lp_netbios_name());
 		}
 	}
 
-- 
2.18.0


From 46cfc61bbe2a99a1767af7ea9a97e70398a72a1f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 6 Jul 2018 14:07:37 +0200
Subject: [PATCH 3/3] nsswitch: Use a swtich in the wbinfo test to lookup users

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 77be96379bcef56ea580010f1d60fe54e5647ff4)
---
 nsswitch/tests/test_wbinfo_user_info.sh | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/nsswitch/tests/test_wbinfo_user_info.sh b/nsswitch/tests/test_wbinfo_user_info.sh
index da30f97be74..8158ead5a4b 100755
--- a/nsswitch/tests/test_wbinfo_user_info.sh
+++ b/nsswitch/tests/test_wbinfo_user_info.sh
@@ -118,18 +118,21 @@ testit "getpwnam.domain.$DOMAIN.$USERNAME1" test_getpwnam "$DOMAIN/$USERNAME1" 0
 
 testit "getpwnam.upn.$UPN_NAME1" test_getpwnam "$UPN1" 0 "$DOMAIN/$USERNAME1" || failed=$(expr $failed + 1)
 
-# We should not be able to lookup the user just by the name
-test_ret=0
-test_output="$DOMAIN/$USERNAME1"
-
-if [ "$ENVNAME" = "ad_member" ]; then
+case ${ENVNAME} in
+	ad_member*)
+	# We should not be able to lookup the user just by the name
 	test_ret=2
 	test_output=""
-fi
-if [ "$ENVNAME" = "fl2008r2dc" ]; then
+	;;
+	fl2008r2dc*)
 	test_ret=0
 	test_output="$OWN_DOMAIN/$USERNAME1"
-fi
+	;;
+	*)
+	test_ret=0
+	test_output="$DOMAIN/$USERNAME1"
+	;;
+esac
 
 testit "getpwnam.local.$USERNAME1" test_getpwnam "$USERNAME1" $test_ret $test_output || failed=$(expr $failed + 1)
 
-- 
2.18.0