s4-winbindd: Remove the winbind rewrite from the samba4 effort

This winbind implementation is undermaintained, out of date and not the future of even the AD DC, let alone any other purpose. Removing it will reduce our security and bug exposure on this off by default subsystem Signed-off-by: Andrew Bartlett <[email protected]> Reviewed-by: Jeremy Allison <[email protected]> Autobuild-User(master): Jeremy Allison <[email protected]> Autobuild-Date(master): Wed Jun 24 22:34:57 CEST 2015 on sn-devel-104
kamenim · Jun 24, 2015 · c31c300 · c31c300
1 parent 45b7992
commit c31c300
Show file tree

Hide file tree

Showing 42 changed files with 11 additions and 8,735 deletions.
diff --git a/selftest/knownfail b/selftest/knownfail
@@ -239,20 +239,12 @@
 ^samba3.rpc.netlogon.admin.*.LogonControl2\(ad_dc\)
 ^samba3.rpc.netlogon.admin.*.LogonControl\(ad_dc\)
 #
-# The Samba4 winbind does not cover the full winbind protocol, so these are expected
-#
-^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo -N against ad_dc_ntvfs
-^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo -I against ad_dc_ntvfs
-^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo  --trusted-domains against ad_dc_ntvfs
-^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo --all-domains against ad_dc_ntvfs
-#
 # This makes less sense when not running against an AD DC
 #
 ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U against ad_member
 ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G against ad_member
 ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U check for sane mapping
 ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G check for sane mapping
-^samba4.winbind.struct.show_sequence\(ad_dc_ntvfs:local\)
 ^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--allocate-uid
 ^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--allocate-gid
 ^samba.wbinfo_simple.\(s4member:local\).--allocate-uid
@@ -288,38 +280,14 @@
 ^samba3.local.nss.reentrant enumeration\(ad_member:local\)
 ^samba3.local.nss.enumeration\(ad_member:local\)
 #
-# These just happen to fail for some reason (probably because they run against the s4 winbind)
-#
-^samba4.winbind.struct.getdcname\(ad_member:local\)
-^samba4.winbind.struct.lookup_name_sid\(ad_member:local\)
-^samba4.winbind.struct.lookup_name_sid\(ad_dc_ntvfs:local\)
-^samba4.winbind.struct.list_trustdom\(ad_dc_ntvfs:local\)
-^samba4.winbind.struct.domain_info\(ad_dc_ntvfs:local\)
-^samba4.winbind.struct.getdcname\(ad_dc_ntvfs:local\)
-^samba4.winbind.struct.dsgetdcname\(ad_dc_ntvfs:local\)
-^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--all-domains.wbinfo\(ad_dc_ntvfs:local\)
-^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--trusted-domains.wbinfo\(ad_dc_ntvfs:local\)
-^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--online-status.wbinfo\(ad_dc_ntvfs:local\)
-^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--online-status --domain=BUILTIN.wbinfo\(ad_dc_ntvfs:local\)
-^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(ad_dc_ntvfs:local\)
-^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--change-secret --domain=SAMBADOMAIN.wbinfo\(ad_dc_ntvfs:local\)
-^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(ad_dc_ntvfs:local\)
-^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo -I against ad_dc_ntvfs\(ad_dc_ntvfs:local\)
-^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo  --trusted-domains against ad_dc_ntvfs\(ad_dc_ntvfs:local\)
-^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo --all-domains against ad_dc_ntvfs\(ad_dc_ntvfs:local\)
-#
-# This will fail against the NTVFS DC, because it requires functionality only in winbindd
-#
-^samba4.winbind.pac.*\(ad_dc_ntvfs:local\) # Not implemented
-#
 # These do not work against winbindd in member mode for unknown reasons
 #
 ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U against ad_member\(ad_member:local\)
 ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U check for sane mapping\(ad_member:local\)
 ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G against ad_member\(ad_member:local\)
 ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G check for sane mapping\(ad_member:local\)
-^samba.ntlm_auth.\(ad_dc_ntvfs:local\).ntlm_auth against winbindd with failed require-membership-of
-^samba.ntlm_auth.\(ad_dc_ntvfs:local\).ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind with failed require-membership-of
+^samba4.winbind.struct.getdcname\(ad_member:local\)
+^samba4.winbind.struct.lookup_name_sid\(ad_member:local\)
 ^samba4.winbind.struct.getdcname\(nt4_member:local\) # Works in other modes, just not against the classic/NT4 DC
 #
 # Differences in our KDC compared to windows

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
@@ -1432,6 +1432,10 @@ sub provision_ad_dc_ntvfs($$)
 {
 	my ($self, $prefix) = @_;
 
+	# We keep the old 'winbind' name here in server services to
+	# ensure upgrades which used that name still work with the now
+	# alias.
+
 	print "PROVISIONING AD DC (NTVFS)...";
         my $extra_conf_options = "netbios aliases = localDC1-a
         server services = +winbind -winbindd";

diff --git a/source4/winbind/wb_cmd_getdcname.c b/source4/winbind/wb_cmd_getdcname.c
diff --git a/source4/winbind/wb_cmd_getgrent.c b/source4/winbind/wb_cmd_getgrent.c