The branch, master has been updated via 7cc19af selftest: add more tests for plugin_s4_dc via 89fb6da selftest: change plugin_dc to test using s3fs via 265a2bf selftest: skip the troublesome samba4.rpc.unixinfo test via 692c42c s4:winbind: use ncalrpc for connections to ourself via 8e8fde5 selftest: Do not run chgdcpass test on the main DC via 7158728 s4-winbindd: Do not ask for a tree that we will not use from cac9bfe testsuite: Replace deprecated bzero with memset
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 7cc19afb1f739d68da852019ff709248b4dce97c Author: Andrew Bartlett <abart...@samba.org> Date: Wed Feb 29 12:48:21 2012 +1100 selftest: add more tests for plugin_s4_dc Autobuild-User: Andrew Bartlett <abart...@samba.org> Autobuild-Date: Wed Feb 29 12:14:05 CET 2012 on sn-devel-104 commit 89fb6da8d074be1f02a9f41d125a407fb44689b0 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Sep 9 09:03:23 2011 +1000 selftest: change plugin_dc to test using s3fs commit 265a2bf04f7d9d5203606c47997f4c0c3a9ead5f Author: Andrew Bartlett <abart...@samba.org> Date: Wed Feb 29 10:06:31 2012 +1100 selftest: skip the troublesome samba4.rpc.unixinfo test The issue here is that while the single rpc_server process is stuck in an nss_winbind getpwuid() call, winbindd cannot contact netlogon to make the connection to the domain. nss_winbind comes into play when (for s3fs) the NSS_WRAPPER_WINBIND_SO_PATH environment variable is set. In the medium term, the unixinfo pipe should either be rewritten fully async or removed. Andrew Bartlett commit 692c42c42731b017310e07549489c3ab0bca7d12 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Feb 24 15:58:40 2012 +0100 s4:winbind: use ncalrpc for connections to ourself That avoids recursion if "smbd" is used as file server. metze commit 8e8fde51b4234b75a5b132e7ea7d9c813fe29ee0 Author: Andrew Bartlett <abart...@samba.org> Date: Wed Feb 29 12:48:21 2012 +1100 selftest: Do not run chgdcpass test on the main DC If winbindd has it's password changed from under it, it becomes grumpy. Andrew Bartlett commit 71587285ccf78547ee4830b03d8a1493412504a5 Author: Andrew Bartlett <abart...@samba.org> Date: Wed Feb 29 10:37:40 2012 +1100 s4-winbindd: Do not ask for a tree that we will not use ----------------------------------------------------------------------- Summary of changes: selftest/skip | 2 + selftest/target/Samba3.pm | 73 -------------------------------- selftest/target/Samba4.pm | 61 ++++++++++++++++++++++++--- source4/selftest/tests.py | 6 +- source4/winbind/wb_cmd_list_trustdom.c | 4 -- source4/winbind/wb_dom_info.c | 20 +++++++++ source4/winbind/wb_init_domain.c | 25 ++++++++--- 7 files changed, 98 insertions(+), 93 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/skip b/selftest/skip index f9bb83a..0630512 100644 --- a/selftest/skip +++ b/selftest/skip @@ -100,3 +100,5 @@ bench # don't run benchmarks in our selftest ^samba4.drs.repl_schema.python # flakey test ^samba4.smb2.ioctl # snapshots not supported by default ^samba4.drs.delete_object.python # flakey test +^samba4.rpc.unixinfo # This contains a server-side getpwuid call which hangs the server when nss_winbindd is in use +^samba.tests.dcerpc.unix # This contains a server-side getpwuid call which hangs the server when nss_winbindd is in use diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 4b0b725..9d74e7d 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -295,79 +295,6 @@ sub setup_admember($$$$) return $ret; } -sub setup_plugin_s4_dc($$$$) -{ - my ($self, $prefix, $dcvars, $iface) = @_; - - print "PROVISIONING S4 PLUGIN AD DC$iface..."; - - my $plugin_s4_dc_options = " - workgroup = $dcvars->{DOMAIN} - realm = $dcvars->{REALM} - - security = ads - domain logons = yes - passdb backend = samba4 - auth methods = guest samba4 - server signing = on - - rpc_server:epmapper = disabled - rpc_server:rpcecho = disabled - rpc_server:dssetup = disabled - rpc_server:svctl = disabled - rpc_server:ntsvcs = disabled - rpc_server:eventlog = disabled - rpc_server:initshutdown = disabled - - rpc_server:winreg = embedded - rpc_server:srvsvc = embedded - rpc_server:netdfs = embedded - rpc_server:wkssvc = embedded - rpc_server:spoolss = embedded - - rpc_server:lsarpc = external - rpc_server:netlogon = external - rpc_server:samr = external - - rpc_daemon:epmd = disabled - rpc_daemon:lsasd = disabled - rpc_daemon:spoolssd = disabled - - rpc_server:tcpip = no - -[IPC\$] - vfs objects = dfs_samba4 -"; - - my $ret = $self->provision($prefix, - "plugindc", - $iface, - "pluGin${iface}Pass", - $plugin_s4_dc_options, 1); - - $ret or return undef; - - close(USERMAP); - $ret->{DOMAIN} = $dcvars->{DOMAIN}; - $ret->{REALM} = $dcvars->{REALM}; - $ret->{KRB5_CONFIG} = $dcvars->{KRB5_CONFIG}; - - # We need world access to this share, as otherwise the domain - # administrator from the AD domain provided by Samba4 can't - # access the share for tests. - chmod 0777, "$prefix/share"; - - $self->check_or_start($ret, - "no", "no", "yes"); - - $self->wait_for_start($ret); - - # Special case, this is called from Samba4.pm but needs to use the Samba3 check_env and get_log_env - $ret->{target} = $self; - - return $ret; -} - sub setup_secshare($$) { my ($self, $path) = @_; diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 73b73ca..38a434c 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -115,6 +115,7 @@ sub check_or_start($$$) $ENV{NSS_WRAPPER_PASSWD} = $env_vars->{NSS_WRAPPER_PASSWD}; $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP}; + $ENV{NSS_WRAPPER_WINBIND_SO_PATH} = $env_vars->{NSS_WRAPPER_WINBIND_SO_PATH}; $ENV{UID_WRAPPER} = "1"; @@ -700,6 +701,7 @@ nogroup:x:65534:nobody SAMBA_TEST_FIFO => "$ctx->{prefix}/samba_test.fifo", SAMBA_TEST_LOG => "$ctx->{prefix}/samba_test.log", SAMBA_TEST_LOG_POS => 0, + NSS_WRAPPER_WINBIND_SO_PATH => Samba::bindir_path($self, "default/nsswitch/libnss-winbind.so") }; return $ret; @@ -760,6 +762,8 @@ sub provision($$$$$$$$$) posix:sharedelay = 10000 posix:oplocktimeout = 3 posix:writetimeupdatedelay = 500000 + create mask = 777 + force create mode = 777 [test1] path = $ctx->{tmpdir}/test1 @@ -1287,8 +1291,12 @@ sub provision_plugin_s4_dc($$) my ($self, $prefix) = @_; my $extra_smbconf_options = " -server services = -smb +server services = -smb +s3fs dcerpc endpoint servers = -unixinfo -rpcecho -spoolss -winreg -wkssvc -srvsvc + +[IPC\$] + vfs objects = dfs_samba4 + "; print "PROVISIONING PLUGIN S4 DC..."; @@ -1317,6 +1325,35 @@ dcerpc endpoint servers = -unixinfo -rpcecho -spoolss -winreg -wkssvc -srvsvc return $ret; } +sub provision_chgdcpass($$) +{ + my ($self, $prefix) = @_; + + print "PROVISIONING CHGDCPASS..."; + my $ret = $self->provision($prefix, + "domain controller", + "chgdcpass", + "CHDCDOMAIN", + "chgdcpassword.samba.example.com", + "2008", + 31, + "chgDCpass1", + undef); + + return undef unless(defined $ret); + unless($self->add_wins_config("$prefix/private")) { + warn("Unable to add wins configuration"); + return undef; + } + $ret->{DC_SERVER} = $ret->{SERVER}; + $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; + $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $ret->{USERNAME}; + $ret->{DC_PASSWORD} = $ret->{PASSWORD}; + + return $ret; +} + sub teardown_env($$) { my ($self, $envvars) = @_; @@ -1425,6 +1462,8 @@ sub setup_env($$$) $self->setup_dc("$path/dc"); } return $self->setup_rodc("$path/rodc", $self->{vars}->{dc}); + } elsif ($envname eq "chgdcpass") { + return $self->setup_chgdcpass("$path/chgdcpass", $self->{vars}->{chgdcpass}); } elsif ($envname eq "s3member") { if (not defined($self->{vars}->{dc})) { $self->setup_dc("$path/dc"); @@ -1485,6 +1524,21 @@ sub setup_dc($$) return $env; } +sub setup_chgdcpass($$) +{ + my ($self, $path) = @_; + + my $env = $self->provision_chgdcpass($path); + if (defined $env) { + $self->check_or_start($env, "single"); + + $self->wait_for_start($env); + + $self->{vars}->{chgdcpass} = $env; + } + return $env; +} + sub setup_fl2000dc($$) { my ($self, $path) = @_; @@ -1676,11 +1730,6 @@ sub setup_plugin_s4_dc($$) $self->wait_for_start($env); - my $s3_part_env = $self->{target3}->setup_plugin_s4_dc($path, $env, 30); - unless ($s3_part_env) { - return undef; - } - $self->{vars}->{plugin_s4_dc} = $env; return $env; } diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index d00c6d2..5ad9861 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -315,7 +315,7 @@ plantestsuite("samba4.blackbox.masktest", "dc", [os.path.join(samba4srcdir, "tor plantestsuite("samba4.blackbox.gentest(dc)", "dc", [os.path.join(samba4srcdir, "torture/tests/test_gentest.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', "$PREFIX"]) plantestsuite("samba4.blackbox.wbinfo(dc:local)", "dc:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$USERNAME', '$PASSWORD', "dc"]) plantestsuite("samba4.blackbox.wbinfo(s4member:local)", "s4member:local", [os.path.join(samba4srcdir, "../nsswitch/tests/test_wbinfo.sh"), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', "s4member"]) -plantestsuite("samba4.blackbox.chgdcpass(dc)", "dc", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "LOCALDC\$", '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/dc']) +plantestsuite("samba4.blackbox.chgdcpass", "chgdcpass", [os.path.join(bbdir, "test_chgdcpass.sh"), '$SERVER', "CHGDCPASS\$", '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", '$SELFTEST_PREFIX/chgdcpass']) plantestsuite_loadlist("samba4.rpc.echo against NetBIOS alias", "dc", [valgrindify(smb4torture), "$LISTOPT", 'ncacn_np:$NETBIOSALIAS', '-U$DOMAIN/$USERNAME%$PASSWORD', 'rpc.echo']) # Tests using the "Simple" NTVFS backend @@ -375,7 +375,7 @@ wb_opts = ["--option=\"torture:strict mode=no\"", "--option=\"torture:timelimit= winbind_struct_tests = smb4torture_testsuites("winbind.struct") winbind_ndr_tests = smb4torture_testsuites("winbind.ndr") -for env in ["dc", "s4member"]: +for env in ["plugin_s4_dc", "dc", "s4member"]: for t in winbind_struct_tests: plansmbtorturetestsuite(t, env, wb_opts + ['//_none_/_none_']) @@ -383,7 +383,7 @@ for env in ["dc", "s4member"]: plansmbtorturetestsuite(t, env, wb_opts + ['//_none_/_none_']) nsstest4 = binpath("nsstest") -for env in ["dc", "s4member", "s3dc", "s3member", "member"]: +for env in ["plugin_s4_dc", "dc", "s4member", "s3dc", "s3member", "member"]: if os.path.exists(nsstest4): plantestsuite("samba4.nss.test using winbind(%s)" % env, env, [os.path.join(bbdir, "nsstest.sh"), nsstest4, os.path.join(samba4bindir, "default/nsswitch/libnss-winbind.so")]) else: diff --git a/source4/winbind/wb_cmd_list_trustdom.c b/source4/winbind/wb_cmd_list_trustdom.c index 5f132ef..899de61 100644 --- a/source4/winbind/wb_cmd_list_trustdom.c +++ b/source4/winbind/wb_cmd_list_trustdom.c @@ -76,14 +76,10 @@ static void cmd_list_trustdoms_recv_domain(struct composite_context *ctx) talloc_get_type(ctx->async.private_data, struct cmd_list_trustdom_state); struct wbsrv_domain *domain; - struct smbcli_tree *tree; state->ctx->status = wb_sid2domain_recv(ctx, &domain); if (!composite_is_ok(state->ctx)) return; - tree = dcerpc_smb_tree(domain->libnet_ctx->lsa.pipe->conn); - if (composite_nomem(tree, state->ctx)) return; - ctx = wb_init_lsa_send(state, domain); composite_continue(state->ctx, ctx, cmd_list_trustdoms_recv_lsa, state); diff --git a/source4/winbind/wb_dom_info.c b/source4/winbind/wb_dom_info.c index 5402c1c..e2b5def 100644 --- a/source4/winbind/wb_dom_info.c +++ b/source4/winbind/wb_dom_info.c @@ -27,6 +27,8 @@ #include "winbind/wb_server.h" #include "smbd/service_task.h" #include "libcli/finddc.h" +#include "lib/socket/netif.h" +#include "param/param.h" struct get_dom_info_state { struct composite_context *ctx; @@ -65,6 +67,24 @@ struct composite_context *wb_get_dom_info_send(TALLOC_CTX *mem_ctx, state->info->sid = dom_sid_dup(state->info, sid); if (state->info->sid == NULL) goto failed; + if ((lpcfg_server_role(service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) && + dom_sid_equal(sid, service->primary_sid) && + service->sec_channel_type != SEC_CHAN_RODC) { + struct interface *ifaces = NULL; + + load_interface_list(state, service->task->lp_ctx, &ifaces); + + state->info->dc = talloc(state->info, struct nbt_dc_name); + + state->info->dc->address = talloc_strdup(state->info->dc, + iface_list_n_ip(ifaces, 0)); + state->info->dc->name = talloc_strdup(state->info->dc, + lpcfg_netbios_name(service->task->lp_ctx)); + + composite_done(state->ctx); + return result; + } + dom_sid = dom_sid_dup(mem_ctx, sid); if (dom_sid == NULL) goto failed; diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index 9d807d8..4d6177b 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -78,23 +78,34 @@ static struct dcerpc_binding *init_domain_binding(struct init_domain_state *stat const struct ndr_interface_table *table) { struct dcerpc_binding *binding; + char *s; NTSTATUS status; /* Make a binding string */ - { - char *s = talloc_asprintf(state, "ncacn_np:%s", state->domain->dc_name); + if ((lpcfg_server_role(state->service->task->lp_ctx) != ROLE_DOMAIN_MEMBER) && + dom_sid_equal(state->domain->info->sid, state->service->primary_sid) && + state->service->sec_channel_type != SEC_CHAN_RODC) { + s = talloc_asprintf(state, "ncalrpc:%s", state->domain->dc_name); if (s == NULL) return NULL; - status = dcerpc_parse_binding(state, s, &binding); - talloc_free(s); - if (!NT_STATUS_IS_OK(status)) { - return NULL; - } + } else { + s = talloc_asprintf(state, "ncacn_np:%s", state->domain->dc_name); + if (s == NULL) return NULL; + + } + status = dcerpc_parse_binding(state, s, &binding); + talloc_free(s); + if (!NT_STATUS_IS_OK(status)) { + return NULL; } /* Alter binding to contain hostname, but also address (so we don't look it up twice) */ binding->target_hostname = state->domain->dc_name; binding->host = state->domain->dc_address; + if (binding->transport == NCALRPC) { + return binding; + } + /* This shouldn't make a network call, as the mappings for named pipes are well known */ status = dcerpc_epm_map_binding(binding, binding, table, state->service->task->event_ctx, state->service->task->lp_ctx); -- Samba Shared Repository