The branch, master has been updated via 6ac0bdc Add testcase for idmap_rfc2307 module via 8241daf packaging(RHEL-CTDB): Add idmap_rfc2307 module via b755152 s3-net: Allow setting the ldap password for idmap_rfc2307 via 30b2f74 s3-docs: Add manpage for idmap_rfc2307 module via 6aa739a s3-winbindd: Add new module idmap_rfc2307 via ad1fbe2 s3-winbindd: Move connection to AD server from idmap_ad via baf9b78 s3-winbindd: Use common helper function for connecting to ADS via 0c4e467 s3-winbindd: Move code for verifying ADS connection to common helper function via c07c167 s3-winbindd: Move idmap_fetch_secret to idmap_utils.c for reuse via 86d09ce s3-winbindd: Move common code for LDAP id mapping to idmap_utils via 666a563 s4-dns: dlz_bind9: Check result to avoid segfault via 83e4ff9 doc: add vfs_btrfs man page via 15ce3a9 s3-vfs: add vfs_btrfs module from 11d1286 Correct the name of the nss_winbind module for FreeBSD by creating a symlink from the FreeBSD required name to the built module.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 6ac0bdc4513bb5a7bf9ecf0cd0986f6122f96dba Author: Christof Schmitt <christof.schm...@us.ibm.com> Date: Thu Feb 21 12:33:23 2013 -0700 Add testcase for idmap_rfc2307 module Create a new test environment with 'idmap config DOMAIN : backend = rfc2307'. A new test script adds LDAP records and queries them again for the mapped uid and gid. Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Sat Mar 9 08:18:43 CET 2013 on sn-devel-104 commit 8241dafdb832808f0b88a7d83095105e7d532fa4 Author: Christof Schmitt <christof.schm...@us.ibm.com> Date: Thu Feb 21 12:33:19 2013 -0700 packaging(RHEL-CTDB): Add idmap_rfc2307 module Reviewed-by: Andrew Bartlett <abart...@samba.org> commit b75515248a641c1b1e1e3dad40eb323280658129 Author: Christof Schmitt <christof.schm...@us.ibm.com> Date: Thu Feb 21 12:33:13 2013 -0700 s3-net: Allow setting the ldap password for idmap_rfc2307 Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 30b2f74ffc8f7c38e132eddede7884c5195b634a Author: Christof Schmitt <christof.schm...@us.ibm.com> Date: Thu Feb 21 12:32:54 2013 -0700 s3-docs: Add manpage for idmap_rfc2307 module Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6aa739a21903d9013d6fbb45b9581f84a192b4d5 Author: Christof Schmitt <christof.schm...@us.ibm.com> Date: Thu Feb 21 12:32:37 2013 -0700 s3-winbindd: Add new module idmap_rfc2307 This module allows querying id mappings from LDAP servers as described in RFC 2307. The LDAP records can be queried from an Active Directory Server or from a stand-alone LDAP server. Reviewed-by: Andrew Bartlett <abart...@samba.org> commit ad1fbe29fbeea48381c7bedd78f7a45d07ad14d5 Author: Christof Schmitt <christof.schm...@us.ibm.com> Date: Thu Feb 21 12:31:41 2013 -0700 s3-winbindd: Move connection to AD server from idmap_ad Having this in a common place allows reuse by other idmap modules. Reviewed-by: Andrew Bartlett <abart...@samba.org> commit baf9b78d47079b81cf33682ee481cf6e30ed89e9 Author: Christof Schmitt <christof.schm...@us.ibm.com> Date: Thu Feb 21 12:31:37 2013 -0700 s3-winbindd: Use common helper function for connecting to ADS Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 0c4e467c1cc661552bfd6745825e2106ec8279d7 Author: Christof Schmitt <christof.schm...@us.ibm.com> Date: Thu Feb 21 12:31:28 2013 -0700 s3-winbindd: Move code for verifying ADS connection to common helper function Reviewed-by: Andrew Bartlett <abart...@samba.org> commit c07c167edb71568ab18f016346e60803d1195d42 Author: Christof Schmitt <christof.schm...@us.ibm.com> Date: Thu Feb 21 12:31:19 2013 -0700 s3-winbindd: Move idmap_fetch_secret to idmap_utils.c for reuse Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 86d09ce779fdc9d6ebbbe44b25656808ab37ee14 Author: Christof Schmitt <christof.schm...@us.ibm.com> Date: Thu Feb 21 12:30:48 2013 -0700 s3-winbindd: Move common code for LDAP id mapping to idmap_utils idmap_ad and idmap_ldap use the same helper functions and the same maximum query size. Move the code to idmap_utils so that it can be shared by every module issuing LDAP queries. Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 666a5630ef3b03640089a0b6e81bf578b91b88ab Author: Stefan Gohmann <gohm...@univention.de> Date: Fri Mar 8 20:57:31 2013 +0100 s4-dns: dlz_bind9: Check result to avoid segfault We saw this issue in a customer environment with many CNF objects. I wasn't able to reproduce it, but I got the following core dump: (gdb) directory samba4-4.0.0~rc6/source4/dns_server/ Source directories searched: /root/samba4-4.0.0~rc6/source4/dns_server:$cdir:$cwd (gdb) bt #0 0xb4b0bc13 in dlz_lookup_types (state=0x9648e48, zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", lookup=0xb6db7588, types=0x0) at ../source4/dns_server/dlz_bind9.c:830 #1 0xb4b0bdb8 in dlz_lookup (zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", dbdata=0x9648e48, lookup=0xb6db7588) at ../source4/dns_server/dlz_bind9.c:875 #2 0x080b43d8 in dlopen_dlz_lookup () #3 0xb7701755 in findnode () from /usr/lib/libdns.so.81 #4 0xb7701d22 in find () from /usr/lib/libdns.so.81 #5 0xb7639e5f in dns_db_find () from /usr/lib/libdns.so.81 #6 0x08075476 in query_find () #7 0x0807acb9 in ns_query_start () #8 0x08060712 in client_request () #9 0xb743022b in run () from /usr/lib/libisc.so.81 #10 0xb7216955 in start_thread () from /lib/i686/cmov/libpthread.so.0 #11 0xb706c1de in clone () from /lib/i686/cmov/libc.so.6 (gdb) f 0 #0 0xb4b0bc13 in dlz_lookup_types (state=0x9648e48, zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", lookup=0xb6db7588, types=0x0) at ../source4/dns_server/dlz_bind9.c:830 830 el = ldb_msg_find_element(res->msgs[0], "dnsRecord"); (gdb) p res->msgs $1 = (struct ldb_message **) 0x0 (gdb) p res->count $2 = 0 (gdb) Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 83e4ff9a4ed06bd60a902a3b2f385ab69356b35b Author: David Disseldorp <dd...@samba.org> Date: Fri Mar 8 11:47:56 2013 +0100 doc: add vfs_btrfs man page Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 15ce3a9c2f2aedcd4896235238a4ffdf23aa9178 Author: David Disseldorp <dd...@samba.org> Date: Fri Mar 8 11:47:55 2013 +0100 s3-vfs: add vfs_btrfs module Currently it only plumbs itself into the copy_chunk call path, translating such requests into BTRFS_IOC_CLONE_RANGE calls. Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages/idmap_rfc2307.8.xml | 165 +++++++ docs-xml/manpages/vfs_btrfs.8.xml | 85 ++++ docs-xml/wscript_build | 2 + nsswitch/tests/test_idmap_rfc2307.sh | 94 ++++ packaging/RHEL-CTDB/configure.rpm | 2 +- selftest/target/Samba.pm | 1 + selftest/target/Samba3.pm | 79 +++ selftest/target/Samba4.pm | 6 + source3/Makefile.in | 9 + source3/configure.in | 9 + source3/modules/vfs_btrfs.c | 196 ++++++++ source3/modules/wscript_build | 9 + source3/selftest/tests.py | 6 +- source3/utils/net_idmap.c | 6 +- source3/winbindd/idmap_ad.c | 143 +----- source3/winbindd/idmap_ldap.c | 70 +--- source3/winbindd/idmap_proto.h | 8 + source3/winbindd/idmap_rfc2307.c | 870 +++++++++++++++++++++++++++++++++ source3/winbindd/idmap_util.c | 66 +++ source3/winbindd/winbindd_ads.c | 202 ++++++--- source3/winbindd/winbindd_proto.h | 5 + source3/winbindd/wscript_build | 10 + source3/wscript | 8 +- source4/dns_server/dlz_bind9.c | 2 +- 24 files changed, 1780 insertions(+), 273 deletions(-) create mode 100644 docs-xml/manpages/idmap_rfc2307.8.xml create mode 100644 docs-xml/manpages/vfs_btrfs.8.xml create mode 100755 nsswitch/tests/test_idmap_rfc2307.sh create mode 100644 source3/modules/vfs_btrfs.c create mode 100644 source3/winbindd/idmap_rfc2307.c Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/idmap_rfc2307.8.xml b/docs-xml/manpages/idmap_rfc2307.8.xml new file mode 100644 index 0000000..f680945 --- /dev/null +++ b/docs-xml/manpages/idmap_rfc2307.8.xml @@ -0,0 +1,165 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="idmap_rfc2307.8"> + +<refmeta> + <refentrytitle>idmap_rfc2307</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> +</refmeta> + +<refnamediv> + <refname>idmap_rfc2307</refname> + <refpurpose>Samba's idmap_rfc2307 Backend for Winbind</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <title>DESCRIPTION</title> + + <para>The idmap_rfc2307 plugin provides a way for winbind to + read id mappings from records in an LDAP server as defined in + RFC 2307. The LDAP server can be stand-alone or the LDAP + server provided by the AD server. An AD server is always + required to provide the mapping between name and SID, and the + LDAP server is queried for the mapping between name and + uid/gid. This module implements only the "idmap" + API, and is READONLY.</para> + + <para>Mappings must be provided in advance by the + administrator by creating the user accounts in the Active + Directory server and the posixAccount and posixGroup objects + in the LDAP server. The names in the Active Directory server + and in the LDAP server have to be the same.</para> + + <para>This id mapping approach allows the reuse of existing + LDAP authentication servers that store records in the RFC 2307 + format.</para> +</refsynopsisdiv> + +<refsect1> + <title>IDMAP OPTIONS</title> + + <variablelist> + <varlistentry> + <term>range = low - high</term> + <listitem><para> Defines the available + matching UID and GID range for which the + backend is authoritative. Note that the range + acts as a filter. If specified any UID or GID + stored in AD that fall outside the range is + ignored and the corresponding map is + discarded. It is intended as a way to avoid + accidental UID/GID overlaps between local and + remotely defined IDs.</para></listitem> + </varlistentry> + <varlistentry> + <term>ldap_server = <ad | stand-alone ></term> + <listitem><para>Defines the type of LDAP + server to use. This can either be the LDAP + server provided by the Active Directory server + (ad) or a stand-alone LDAP + server.</para></listitem> + </varlistentry> + <varlistentry> + <term>bind_path_user</term> + <listitem><para>Specifies the bind path where + user objects can be found in the LDAP + server.</para></listitem> + </varlistentry> + <varlistentry> + <term>bind_path_group</term> + <listitem><para>Specifies the bind path where + group objects can be found in the LDAP + server.</para></listitem> + </varlistentry> + <varlistentry> + <term>user_cn = <yes | no></term> + <listitem><para>Query cn attribute instead of + uid attribute for the user name in LDAP. This + option is not required, the default is + no.</para></listitem> + </varlistentry> + <varlistentry> + <term>cn_realm = <yes | no></term> + <listitem><para>Append @realm to cn for groups + (and users if user_cn is set) in + LDAP. This option is not required, the default + is no.</para></listitem> + </varlistentry> + <varlistentry> + <term>ldap_domain</term> + <listitem><para>When using the LDAP server in + the Active Directory server, this allows to + specify the domain where to access the Active + Directory server. This allows using trust + relationships while keeping all RFC 2307 + records in one place. This parameter is + optional, the default is to access the AD + server in the current domain to query LDAP + records.</para></listitem> + </varlistentry> + <varlistentry> + <term>ldap_url</term> + <listitem><para>When using a stand-alone LDAP + server, this parameter specifies the ldap URL + for accessing the LDAP + server.</para></listitem> + </varlistentry> + <varlistentry> + <term>ldap_user_dn</term> + <listitem><para>Defines the user DN to be used + for authentication. The secret for + authenticating this user should be stored with + net idmap secret (see + <citerefentry><refentrytitle>net</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>). If + absent, an anonymous bind will be + performed.</para></listitem> + </varlistentry> + <varlistentry> + <term>ldap_realm</term> + <listitem><para>Defines the realm to use in + the user and group names. This is only + required when using cn_realm together with a + stand-alone ldap server.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + + <para>The following example shows how to retrieve id mappings + from a stand-alone LDAP server. This example also shows how + to leave a small non conflicting range for local id allocation + that may be used in internal backends like BUILTIN.</para> + + <programlisting> + [global] + idmap config * : backend = tdb + idmap config * : range = 1000000-1999999 + + idmap config DOMAIN : backend = rfc2307 + idmap config DOMAIN : range = 2000000-2999999 + idmap config DOMAIN : ldap_server = stand-alone + idmap config DOMAIN : ldap_url = ldap://ldap1.example.com + idmap config DOMAIN : ldap_user_dn = cn=ldapmanager,dc=example,dc=com + idmap config DOMAIN : bind_path_user = ou=People,dc=example,dc=com + idmap config DOMAIN : bind_path_group = ou=Group,dc=example,dc=com + </programlisting> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para> + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + </para> +</refsect1> + +</refentry> diff --git a/docs-xml/manpages/vfs_btrfs.8.xml b/docs-xml/manpages/vfs_btrfs.8.xml new file mode 100644 index 0000000..3cd55d3 --- /dev/null +++ b/docs-xml/manpages/vfs_btrfs.8.xml @@ -0,0 +1,85 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="vfs_btrfs.8"> + +<refmeta> + <refentrytitle>vfs_btrfs</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>vfs_btrfs</refname> + <refpurpose> + Utilize features provided by the Btrfs filesystem + </refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>vfs objects = btrfs</command> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This VFS module is part of the + <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> suite.</para> + + <para> + The <command>vfs_btrfs</command> VFS module exposes Btrfs + specific features for use by Samba. + </para> + + <para> + Btrfs allows for multiple files to share the same on-disk data + through the use cloned ranges. When an SMB client issues a + request to copy duplicate data (via FSCTL_SRV_COPYCHUNK), this + module maps the request to a Btrfs clone range IOCTL, instead + of performing reads and writes required by a traditional copy. + Doing so saves storage capacity and greatly reduces disk IO. + </para> + + <para> + This module is stackable. + </para> +</refsect1> + +<refsect1> + <title>CONFIGURATION</title> + + <para> + <command>vfs_btrfs</command> requires that the underlying share + path is a Btrfs filesystem. + </para> + + <programlisting> + <smbconfsection name="[share]"/> + <smbconfoption name="vfs objects">btrfs</smbconfoption> + </programlisting> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para> + This man page is correct for version 4.1.0 of the Samba suite. + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + +</refsect1> + +</refentry> diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build index 25e381e..a75ae05 100644 --- a/docs-xml/wscript_build +++ b/docs-xml/wscript_build @@ -12,6 +12,7 @@ manpages=''' manpages/idmap_hash.8 manpages/idmap_ldap.8 manpages/idmap_nss.8 + manpages/idmap_rfc2307.8 manpages/idmap_rid.8 manpages/idmap_tdb.8 manpages/idmap_tdb2.8 @@ -48,6 +49,7 @@ manpages=''' manpages/vfs_aio_linux.8 manpages/vfs_aio_pthread.8 manpages/vfs_audit.8 + manpages/vfs_btrfs.8 manpages/vfs_cacheprime.8 manpages/vfs_cap.8 manpages/vfs_catia.8 diff --git a/nsswitch/tests/test_idmap_rfc2307.sh b/nsswitch/tests/test_idmap_rfc2307.sh new file mode 100755 index 0000000..b9efd34 --- /dev/null +++ b/nsswitch/tests/test_idmap_rfc2307.sh @@ -0,0 +1,94 @@ +#!/bin/sh +# Test id mapping through idmap_rfc2307 module +if [ $# -lt 9 ]; then + echo Usage: $0 DOMAIN USERNAME UID GROUPNAME GID LDAPPREFIX DC_SERVER DC_USERNAME DC_PASSWORD + exit 1 +fi + +DOMAIN="$1" +USERNAME="$2" +USERUID="$3" +GROUPNAME="$4" +GROUPGID="$5" +LDAPPREFIX="$6" +DC_SERVER="$7" +DC_USERNAME="$8" +DC_PASSWORD="$9" + +echo called with: $1 $2 $3 $4 $5 $6 $7 $8 $9 + +wbinfo="$VALGRIND $BINDIR/wbinfo" +ldbadd="$BINDIR/ldbadd" +ldbdel="$BINDIR/ldbdel" +failed=0 + +. `dirname $0`/../../testprogs/blackbox/subunit.sh + +# Delete LDAP records +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX" +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX" +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX" + +# Add id mapping information to LDAP + +cat > $PREFIX/tmpldb <<EOF +dn: $LDAPPREFIX +objectclass: organizationalUnit +EOF + +testit "add ldap prefix" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb + +cat > $PREFIX/tmpldb <<EOF +dn: cn=$USERNAME,$LDAPPREFIX +objectClass: organizationalPerson +objectClass: posixAccount +ou: People +cn: $USERNAME +uid: $USERNAME +uidNumber: $USERUID +gidNumber: 1 +homeDirectory: /home/admin +EOF + +testit "add ldap user mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb + +cat > $PREFIX/tmpldb <<EOF +dn: cn=$GROUPNAME,$LDAPPREFIX +objectClass: posixGroup +objectClass: groupOfNames +cn: $GROUPNAME +gidNumber: $GROUPGID +member: cn=$USERNAME,$LDAPPREFIX +EOF + +testit "add ldap group mapping record" $VALGRIND $ldbadd -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD $PREFIX/tmpldb + +rm -f $PREFIX/tmpldbmodify + +testit "wbinfo --name-to-sid" $wbinfo --name-to-sid "$DOMAIN\\$USERNAME" || failed=$(expr $failed + 1) +user_sid=$($wbinfo -n "$DOMAIN\\$USERNAME" | cut -d " " -f1) +echo "$DOMAIN\\$USERNAME resolved to $user_sid" + +testit "wbinfo --sid-to-uid=$user_sid" $wbinfo --sid-to-uid=$user_sid || failed=$(expr $failed + 1) +user_uid=$($wbinfo --sid-to-uid=$user_sid | cut -d " " -f1) +echo "$DOMAIN\\$USERNAME resolved to $user_uid" + +testit "test $user_uid -eq $USERUID" test $user_uid -eq $USERUID || failed=$(expr $failed + 1) + +# Not sure how to get group names with spaces to resolve through testit +#testit "wbinfo --name-to-sid" $wbinfo --name-to-sid="$DOMAIN\\$GROUPNAME" || failed=$(expr $failed + 1) +group_sid=$($wbinfo --name-to-sid="$DOMAIN\\$GROUPNAME" | cut -d " " -f1) +echo "$DOMAIN\\$GROUPNAME resolved to $group_sid" + +testit "wbinfo --sid-to-gid=$group_sid" $wbinfo --sid-to-gid=$group_sid || failed=$(expr $failed + 1) +group_gid=$($wbinfo --sid-to-gid=$group_sid | cut -d " " -f1) +echo "$DOMAIN\\$GROUPNAME resolved to $group_gid" + +testit "test $group_gid -eq $GROUPGID" test $group_gid -eq $GROUPGID || failed=$(expr $failed + 1) + +# Delete LDAP records +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$USERNAME,$LDAPPREFIX" +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "cn=$GROUPNAME,$LDAPPREFIX" +$VALGRIND $ldbdel -H ldap://$DC_SERVER -U$DOMAIN/$DC_USERNAME%$DC_PASSWORD "$LDAPPREFIX" + +exit $failed diff --git a/packaging/RHEL-CTDB/configure.rpm b/packaging/RHEL-CTDB/configure.rpm index f16b352..398a3f9 100755 --- a/packaging/RHEL-CTDB/configure.rpm +++ b/packaging/RHEL-CTDB/configure.rpm @@ -24,7 +24,7 @@ else CC="gcc" fi -shared_modules="idmap_rid,idmap_ad,idmap_tdb2" +shared_modules="idmap_rid,idmap_ad,idmap_tdb2,idmap_rfc2307" if test "x$BUILD_GPFS" != "xno"; then shared_modules="${shared_modules},vfs_gpfs,vfs_tsmsm" diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index d811053..fa18985 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -171,6 +171,7 @@ sub get_interface($) $interfaces{"localsubdc"} = 31; $interfaces{"chgdcpass"} = 32; $interfaces{"promotedvdc"} = 33; + $interfaces{"rfc2307member"} = 34; # update lib/socket_wrapper/socket_wrapper.c # #define MAX_WRAPPED_INTERFACES 32 diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index c71419d..8d9c4b9 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -331,6 +331,85 @@ sub setup_admember($$$$) return $ret; } +sub setup_admember_rfc2307($$$$) +{ + my ($self, $prefix, $dcvars) = @_; + + # If we didn't build with ADS, pretend this env was never available + if (not $self->have_ads()) { + return "UNKNOWN"; + } + + print "PROVISIONING S3 AD MEMBER WITH idmap_rfc2307 config..."; + + my $member_options = " + security = ads + server signing = on + workgroup = $dcvars->{DOMAIN} + realm = $dcvars->{REALM} + idmap config $dcvars->{DOMAIN} : backend = rfc2307 + idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 + idmap config $dcvars->{DOMAIN} : ldap_server = ad + idmap config $dcvars->{DOMAIN} : bind_path_user = ou=idmap,dc=samba,dc=example,dc=com + idmap config $dcvars->{DOMAIN} : bind_path_group = ou=idmap,dc=samba,dc=example,dc=com +"; + + my $ret = $self->provision($prefix, + "RFC2307MEMBER", + "loCalMemberPass", + $member_options); + + $ret or return undef; + + close(USERMAP); + $ret->{DOMAIN} = $dcvars->{DOMAIN}; + $ret->{REALM} = $dcvars->{REALM}; + + my $ctx; + my $prefix_abs = abs_path($prefix); + $ctx = {}; + $ctx->{krb5_conf} = "$prefix_abs/lib/krb5.conf"; + $ctx->{domain} = $dcvars->{DOMAIN}; + $ctx->{realm} = $dcvars->{REALM}; + $ctx->{dnsname} = lc($dcvars->{REALM}); + $ctx->{kdc_ipv4} = $dcvars->{SERVER_IP}; + Samba::mk_krb5_conf($ctx, ""); + + $ret->{KRB5_CONFIG} = $ctx->{krb5_conf}; + + my $net = Samba::bindir_path($self, "net"); + my $cmd = ""; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" "; + $cmd .= "$net join $ret->{CONFIGURATION}"; + $cmd .= " -U$dcvars->{USERNAME}\%$dcvars->{PASSWORD}"; + + if (system($cmd) != 0) { + warn("Join failed\n$cmd"); + return undef; + } + + # We need world access to this share, as otherwise the domain + # administrator from the AD domain provided by Samba4 can't + # access the share for tests. + chmod 0777, "$prefix/share"; + + if (not $self->check_or_start($ret, "yes", "yes", "yes")) { + return undef; + } + + $ret->{DC_SERVER} = $dcvars->{SERVER}; + $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + + # Special case, this is called from Samba4.pm but needs to use the Samba3 check_env and get_log_env + $ret->{target} = $self; + + return $ret; +} + sub setup_simpleserver($$) { my ($self, $path) = @_; diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 05541d9..6f69414 100644 --- a/selftest/target/Samba4.pm -- Samba Shared Repository