From: Stefan Metzmacher Date: Sat, 28 Mar 2015 08:31:05 +0000 (+0000) Subject: s3:winbindd: don't remove the DOMAIN\ prefix for principals of our own domain as... X-Git-Tag: tevent-0.9.25~611 X-Git-Url: http://git.samba.org/samba.git/?p=kamenim%2Fsamba-autobuild%2F.git;a=commitdiff_plain;h=419910532f13c7966dfbf21f9ac274f07a69f8b5 s3:winbindd: don't remove the DOMAIN\ prefix for principals of our own domain as AD DC This also matches the behaviour of the source4/winbind code. In Samba 4.0 and 4.1 we had the following > getent passwd administrator S4XDOM\Administrator:*:0:100::/home/S4XDOM/Administrator:/bin/false > getent passwd S4XDOM\\administrator S4XDOM\Administrator:*:0:100::/home/S4XDOM/Administrator:/bin/false With Samba 4.2.0 we have: > getent passwd administrator administrator:*:0:100::/home/S4XDOM/administrator:/bin/false > getent passwd S4XDOM\\administrator administrator:*:0:100::/home/S4XDOM/administrator:/bin/false With the patches we have: > getent passwd administrator S4XDOM\administrator:*:0:100::/home/S4XDOM/administrator:/bin/false > getent passwd S4XDOM\\administrator S4XDOM\administrator:*:0:100::/home/S4XDOM/administrator:/bin/false Bug: https://bugzilla.samba.org/show_bug.cgi?id=11183 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/selftest/knownfail b/selftest/knownfail index ab77e0f08bb..3e78002402e 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -265,7 +265,6 @@ # ^samba4.winbind.struct.domain_info\(s4member:local\) ^samba4.winbind.struct.getdcname\(s4member:local\) -^samba4.winbind.struct.lookup_name_sid\(s4member:local\) ^samba.blackbox.wbinfo\(s4member:local\).wbinfo -r against s4member\(s4member:local\) ^samba.blackbox.wbinfo\(s4member:local\).wbinfo --user-sids against s4member\(s4member:local\) ^samba4.winbind.struct.getpwent\(ad_dc:local\) diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index d4a1cf36547..88c7568bf4b 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -1052,12 +1052,18 @@ bool canonicalize_username(fstring username_inout, fstring domain, fstring user) Also, if omit DOMAIN if 'winbind trusted domains only = true', as the username is then unqualified in unix + On an AD DC we always fill DOMAIN\\USERNAME. + We always canonicalize as UPPERCASE DOMAIN, lowercase username. */ void fill_domain_username(fstring name, const char *domain, const char *user, bool can_assume) { fstring tmp_user; + if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) { + can_assume = false; + } + fstrcpy(tmp_user, user); (void)strlower_m(tmp_user); @@ -1081,6 +1087,10 @@ char *fill_domain_username_talloc(TALLOC_CTX *mem_ctx, { char *tmp_user, *name; + if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) { + can_assume = false; + } + tmp_user = talloc_strdup(mem_ctx, user); if (!strlower_m(tmp_user)) { TALLOC_FREE(tmp_user); diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index ad6e1d10384..4855c6bb45d 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -374,7 +374,8 @@ winbind_ad_client_tests = smbtorture4_testsuites("winbind.struct") + smbtorture4 winbind_wbclient_tests = smbtorture4_testsuites("winbind.wbclient") for env in ["ad_dc", "s4member", "ad_member"]: wb_opts = wb_opts_default[:] - wb_opts += ["--option=\"torture:winbindd_domain_without_prefix=$DOMAIN\""] + if env in ["ad_member"]: + wb_opts += ["--option=\"torture:winbindd_domain_without_prefix=$DOMAIN\""] for t in winbind_ad_client_tests: plansmbtorture4testsuite(t, "%s:local" % env, wb_opts + ['//$SERVER/tmp', '--realm=$REALM', '--machine-pass', '--option=torture:addc=$DC_SERVER'])