Attachment 14799 Details for Bug 13676 – Backport of GPO fixes for 4.10

Backport of GPO fixes for 4.10

v4-10-smb-patch.txt (text/plain), 25.48 KB, created by Tim Beale on 2019-01-24 20:44:51 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Tim Beale

Created: 2019-01-24 20:44:51 UTC

Size: 25.48 KB

patch

obsolete

>From ed953201291f6550f29290c4287535ef85b4605f Mon Sep 17 00:00:00 2001
>From: Tim Beale <timbeale@catalyst.net.nz>
>Date: Fri, 14 Dec 2018 10:37:11 +1300
>Subject: [PATCH 01/13] python/gpclass: Convert gpclass to use s3 SMB Python
> bindings
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
>Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 3b2e86bba1f6b22b144b07db454b842f0c0779ae)
>---
> python/samba/gpclass.py | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
>diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py
>index fb7c705..0040f23 100644
>--- a/python/samba/gpclass.py
>+++ b/python/samba/gpclass.py
>@@ -29,7 +29,8 @@ import xml.etree.ElementTree as etree
> import re
> from samba.net import Net
> from samba.dcerpc import nbt
>-from samba import smb
>+from samba.samba3 import libsmb_samba_internal as libsmb
>+from samba.samba3 import param as s3param
> import samba.gpo as gpo
> from samba.param import LoadParm
> from uuid import UUID
>@@ -386,7 +387,7 @@ def cache_gpo_dir(conn, cache, sub_dir):
>         if e.errno != errno.EEXIST:
>             raise
>     for fdata in conn.list(sub_dir):
>-        if fdata['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
>+        if fdata['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
>             cache_gpo_dir(conn, cache, os.path.join(sub_dir, fdata['name']))
>         else:
>             local_name = fdata['name'].upper()
>@@ -407,7 +408,10 @@ def check_safe_path(path):
> 
> 
> def check_refresh_gpo_list(dc_hostname, lp, creds, gpos):
>-    conn = smb.SMB(dc_hostname, 'sysvol', lp=lp, creds=creds, sign=True)
>+    # the SMB bindings rely on having a s3 loadparm
>+    s3_lp = s3param.get_context()
>+    s3_lp.load(lp.configfile)
>+    conn = libsmb.Conn(dc_hostname, 'sysvol', lp=s3_lp, creds=creds, sign=True)
>     cache_path = lp.cache_path('gpo_cache')
>     for gpo in gpos:
>         if not gpo.file_sys_path:
>-- 
>2.7.4
>
>
>From 26ad9cde93d779b5c3cf57dc50edf792484a8934 Mon Sep 17 00:00:00 2001
>From: Tim Beale <timbeale@catalyst.net.nz>
>Date: Tue, 8 Jan 2019 14:42:05 +1300
>Subject: [PATCH 02/13] s3:pylibsmb: Add .set_acl API to SMB py bindings
>
>This is pretty similar code to py_smb_getacl(), except it's calling
>cli_set_security_descriptor() instead of cli_query_security_descriptor()
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
>Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit b982811b60521624f1f600841ffa05e306eb936a)
>---
> source3/libsmb/pylibsmb.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 51 insertions(+)
>
>diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
>index e0ce518..ee1d91b 100644
>--- a/source3/libsmb/pylibsmb.c
>+++ b/source3/libsmb/pylibsmb.c
>@@ -1525,6 +1525,54 @@ static PyObject *py_smb_getacl(struct py_cli_state *self, PyObject *args)
> 				    sd, sd);
> }
> 
>+/*
>+ * Set ACL on file/directory using given security descriptor object
>+ */
>+static PyObject *py_smb_setacl(struct py_cli_state *self, PyObject *args)
>+{
>+	NTSTATUS status;
>+	char *filename = NULL;
>+	PyObject *py_sd = NULL;
>+	struct security_descriptor *sd = NULL;
>+	unsigned int sinfo = SECINFO_DEFAULT_FLAGS;
>+	uint16_t fnum;
>+
>+	/* there's no async version of cli_set_security_descriptor() */
>+	if (self->thread_state != NULL) {
>+		PyErr_SetString(PyExc_RuntimeError,
>+				"set_acl() is not supported on "
>+				"a multi_threaded connection");
>+		return NULL;
>+	}
>+
>+	if (!PyArg_ParseTuple(args, "sO|I:set_acl", &filename, &py_sd,
>+			      &sinfo)) {
>+		return NULL;
>+	}
>+
>+	sd = pytalloc_get_type(py_sd, struct security_descriptor);
>+	if (!sd) {
>+		PyErr_Format(PyExc_TypeError,
>+			"Expected dcerpc.security.descriptor as argument, got %s",
>+			talloc_get_name(pytalloc_get_ptr(py_sd)));
>+		return NULL;
>+	}
>+
>+	status = cli_ntcreate(self->cli, filename, 0,
>+			      SEC_FLAG_MAXIMUM_ALLOWED, 0,
>+			      FILE_SHARE_READ|FILE_SHARE_WRITE,
>+			      FILE_OPEN, 0x0, 0x0, &fnum, NULL);
>+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
>+
>+	status = cli_set_security_descriptor(self->cli, fnum, sinfo, sd);
>+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
>+
>+	status = cli_close(self->cli, fnum);
>+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
>+
>+	Py_RETURN_NONE;
>+}
>+
> static PyMethodDef py_cli_state_methods[] = {
> 	{ "settimeout", (PyCFunction)py_cli_settimeout, METH_VARARGS,
> 	  "settimeout(new_timeout_msecs) => return old_timeout_msecs" },
>@@ -1577,6 +1625,9 @@ static PyMethodDef py_cli_state_methods[] = {
> 	{ "get_acl", (PyCFunction)py_smb_getacl, METH_VARARGS,
> 	  "get_acl(path[, security_info=0]) -> security_descriptor object\n\n"
> 	  "\t\tGet security descriptor for file." },
>+	{ "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS,
>+	  "set_acl(path, security_descriptor[, security_info=0]) -> None\n\n"
>+	  "\t\tSet security descriptor for file." },
> 	{ NULL, NULL, 0, NULL }
> };
> 
>-- 
>2.7.4
>
>
>From f72a1a23687e61dc2381322e385ffe3e57dc896d Mon Sep 17 00:00:00 2001
>From: Tim Beale <timbeale@catalyst.net.nz>
>Date: Tue, 8 Jan 2019 15:10:46 +1300
>Subject: [PATCH 03/13] netcmd: Change SMB flags from s4 Py bindings to s3
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
>Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 345746ea5f4cca2620421ac0c8a649a596f5c19d)
>---
> python/samba/netcmd/gpo.py | 13 +++++++------
> 1 file changed, 7 insertions(+), 6 deletions(-)
>
>diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
>index a064f44..d443129 100644
>--- a/python/samba/netcmd/gpo.py
>+++ b/python/samba/netcmd/gpo.py
>@@ -44,6 +44,7 @@ from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHE
> from samba.netcmd.common import netcmd_finddc
> from samba import policy
> from samba import smb
>+from samba.samba3 import libsmb_samba_internal as libsmb
> from samba import NTSTATUSError
> import uuid
> from samba.ntacls import dsacl2fsacl
>@@ -280,7 +281,7 @@ def backup_directory_remote_to_local(conn, remotedir, localdir):
>             r_name = r_dir + '\\' + e['name']
>             l_name = os.path.join(l_dir, e['name'])
> 
>-            if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
>+            if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
>                 r_dirs.append(r_name)
>                 l_dirs.append(l_name)
>                 os.mkdir(l_name)
>@@ -294,10 +295,10 @@ def backup_directory_remote_to_local(conn, remotedir, localdir):
>                 parser.write_xml(l_name + '.xml')
> 
> 
>-attr_flags = smb.FILE_ATTRIBUTE_SYSTEM | \
>-             smb.FILE_ATTRIBUTE_DIRECTORY | \
>-             smb.FILE_ATTRIBUTE_ARCHIVE | \
>-             smb.FILE_ATTRIBUTE_HIDDEN
>+attr_flags = libsmb.FILE_ATTRIBUTE_SYSTEM | \
>+             libsmb.FILE_ATTRIBUTE_DIRECTORY | \
>+             libsmb.FILE_ATTRIBUTE_ARCHIVE | \
>+             libsmb.FILE_ATTRIBUTE_HIDDEN
> 
> 
> def copy_directory_remote_to_local(conn, remotedir, localdir):
>@@ -315,7 +316,7 @@ def copy_directory_remote_to_local(conn, remotedir, localdir):
>             r_name = r_dir + '\\' + e['name']
>             l_name = os.path.join(l_dir, e['name'])
> 
>-            if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
>+            if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
>                 r_dirs.append(r_name)
>                 l_dirs.append(l_name)
>                 os.mkdir(l_name)
>-- 
>2.7.4
>
>
>From 84196daef8b978984af60b0e500c8248530ce821 Mon Sep 17 00:00:00 2001
>From: Tim Beale <timbeale@catalyst.net.nz>
>Date: Fri, 11 Jan 2019 14:25:32 +1300
>Subject: [PATCH 04/13] s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to
> .loadfile() API
>
>Add FILE_READ_ATTRIBUTES when opening the file handle, as we need to
>read the file's size.
>
>The .loadfile() API can end up calling cli_qfileinfo_basic() to get the
>file size. This can end up doing a 'FILE_ALL_INFORMATION' SMBv2 request
>underneath, which the MS-SMB2 spec (section 3.3.5.20.1 Handling
>SMB2_0_INFO_FILE) says the file handle must have FILE_READ_ATTRIBUTES
>access granted.
>
>I noticed this problem when running .loadfile() against the NTVFS
>server.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
>Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 0304b08de5ba1b4a6e08568a559c52f7d9e943d3)
>---
> source3/libsmb/pylibsmb.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
>index ee1d91b..b4903a9 100644
>--- a/source3/libsmb/pylibsmb.c
>+++ b/source3/libsmb/pylibsmb.c
>@@ -928,7 +928,8 @@ static PyObject *py_smb_loadfile(struct py_cli_state *self, PyObject *args,
> 
> 	/* get a read file handle */
> 	req = cli_ntcreate_send(NULL, self->ev, self->cli, filename, 0,
>-				FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
>+				FILE_READ_DATA | FILE_READ_ATTRIBUTES,
>+				FILE_ATTRIBUTE_NORMAL,
> 				FILE_SHARE_READ, FILE_OPEN, 0,
> 				SMB2_IMPERSONATION_IMPERSONATION, 0);
> 	if (!py_tevent_req_wait_exc(self, req)) {
>-- 
>2.7.4
>
>
>From b69bd2870850c5fb2ab9dff378a3b5aa6f070e12 Mon Sep 17 00:00:00 2001
>From: Tim Beale <timbeale@catalyst.net.nz>
>Date: Fri, 11 Jan 2019 14:53:16 +1300
>Subject: [PATCH 05/13] netcmd: Change GPO commands to use s3 SMB Py bindings
>
>This means we can now use GPO commands on a DC that has SMBv1 disabled.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
>Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 08f1627cb3fa1c9ff7a0f74e32874d305647dc42)
>---
> python/samba/netcmd/gpo.py | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
>diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
>index d443129..1b5e927 100644
>--- a/python/samba/netcmd/gpo.py
>+++ b/python/samba/netcmd/gpo.py
>@@ -43,7 +43,7 @@ import samba.auth
> from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES
> from samba.netcmd.common import netcmd_finddc
> from samba import policy
>-from samba import smb
>+from samba.samba3 import param as s3param
> from samba.samba3 import libsmb_samba_internal as libsmb
> from samba import NTSTATUSError
> import uuid
>@@ -365,7 +365,10 @@ def create_directory_hier(conn, remotedir):
> def smb_connection(dc_hostname, service, lp, creds, sign=False):
>     # SMB connect to DC
>     try:
>-        conn = smb.SMB(dc_hostname, service, lp=lp, creds=creds, sign=sign)
>+        # the SMB bindings rely on having a s3 loadparm
>+        s3_lp = s3param.get_context()
>+        s3_lp.load(lp.configfile)
>+        conn = libsmb.Conn(dc_hostname, service, lp=s3_lp, creds=creds, sign=sign)
>     except Exception:
>         raise CommandError("Error connecting to '%s' using SMB" % dc_hostname)
>     return conn
>-- 
>2.7.4
>
>
>From c6208e79fc06d5e6a0f79c957791b0729f3c105c Mon Sep 17 00:00:00 2001
>From: Tim Beale <timbeale@catalyst.net.nz>
>Date: Fri, 11 Jan 2019 15:57:21 +1300
>Subject: [PATCH 06/13] s4:pysmb: Add error log that the s4 bindings are
> deprecated
>
>We plan to delete the s4 SMB Python bindings in the next Samba release
>after v4.10, but first give external consumers a heads-up, just in case
>they are currently using the s4 bindings.
>
>Note the auth_log tests still use the s4 bindings, but all user-facing
>tools should now be updated to use the s3 bindings.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
>Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 6a29e63f32c0024587020fc1f92b3d1ecaa0afbc)
>---
> source4/libcli/pysmb.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
>diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c
>index 45ff9a0..5a02816 100644
>--- a/source4/libcli/pysmb.c
>+++ b/source4/libcli/pysmb.c
>@@ -614,6 +614,18 @@ static PyObject *py_smb_new(PyTypeObject *type, PyObject *args, PyObject *kwargs
> 	uint8_t use_spnego = 0xFF;
> 	PyObject *sign = Py_False;
> 
>+	/*
>+	 * These Python bindings are now deprecated because the s4 SMB client
>+	 * code doesn't support SMBv2 (and is unlikely to ever support it).
>+	 * The s3 libsmb_samba_internal bindings are a better choice for use
>+	 * within the Samba codebase, and support much the same API.
>+	 * This warning is mostly for external consumers that might be using
>+	 * these Python bindings (in which case, note libsmb_samba_internal
>+	 * is not a stable API and may change in future).
>+	 */
>+	DBG_ERR("The smb.SMB() Python bindings are now deprecated "
>+		"and will be removed in the next samba release\n");
>+
> 	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "zz|OObbO",
> 					 discard_const_p(char *, kwnames),
> 					 &hostname, &service, &py_creds, &py_lp,
>-- 
>2.7.4
>
>
>From e88612625b94b94b8c428fc741ac27f3aa9d4b21 Mon Sep 17 00:00:00 2001
>From: Tim Beale <timbeale@catalyst.net.nz>
>Date: Fri, 11 Jan 2019 15:09:48 +1300
>Subject: [PATCH 07/13] tests: Run samba_tool.gpo tests against backup testenvs
>
>Run the GPO tests against the backup/restore testenvs.
>
>Because the backup/restore preserves the NTACLs of the sysvol files,
>running the GPO tests against the backup testenvs is a good sanity-
>check. If fact it highlights that there is currently a problem with
>restoring the GPO files - this shows up in 'samba-tool gpo aclcheck',
>but we never noticed it until now.
>
>NTACL backup works slightly different for offline backups, and rename
>backups end up with more sysvol files, so run the tests against both
>these envs.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
>Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 2a7372da7b84921b247cefc23d7003b8056d74a4)
>---
> selftest/knownfail.d/gpo  | 3 +++
> source4/selftest/tests.py | 8 +++++---
> 2 files changed, 8 insertions(+), 3 deletions(-)
> create mode 100644 selftest/knownfail.d/gpo
>
>diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
>new file mode 100644
>index 0000000..fabe2ba
>--- /dev/null
>+++ b/selftest/knownfail.d/gpo
>@@ -0,0 +1,3 @@
>+# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug)
>+samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck$renamedc:local$
>+samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck$offlinebackupdc:local$
>diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
>index a1f3842..9d56e0b 100755
>--- a/source4/selftest/tests.py
>+++ b/source4/selftest/tests.py
>@@ -656,11 +656,13 @@ for env in ["ad_dc_ntvfs", "fl2000dc", "fl2003dc", "fl2008r2dc"]:
> for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]:
>     plantestsuite("samba.tests.samba_tool.edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
> 
>-# We run this test against both AD DC implemetnations because it is
>+# We run this test against both AD DC implementations because it is
> # the only test we have of GPO get/set behaviour, and this involves
> # the file server as well as the LDAP server.
>-planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.gpo",  py3_compatible=True)
>-planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.gpo", py3_compatible=True)
>+# It's also a good sanity-check that sysvol backup worked correctly.
>+for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]:
>+    planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo",
>+                        py3_compatible=True)
> 
> planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.processes", py3_compatible=True)
> planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user", py3_compatible=True)
>-- 
>2.7.4
>
>
>From a184cbd086cf4aa385fab80b043f97555723802e Mon Sep 17 00:00:00 2001
>From: Tim Beale <timbeale@catalyst.net.nz>
>Date: Tue, 15 Jan 2019 14:09:15 +1300
>Subject: [PATCH 08/13] ntacls: Pass correct use_ntvfs through to setntacl()
>
>We were already checking the smb.conf to see if it uses the NTVFS file
>server or the default smbd server. However, we weren't passing this
>through to the setntacl() call.
>
>This fixes the problem we noticed with 'samba-tool gpo aclcheck' failing
>after a restore.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
>Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit f3fe96fc2e2d942b4a2e241777b5ee12b2295b97)
>---
> python/samba/ntacls.py   | 3 ++-
> selftest/knownfail.d/gpo | 3 ---
> 2 files changed, 2 insertions(+), 4 deletions(-)
> delete mode 100644 selftest/knownfail.d/gpo
>
>diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
>index 9924573..5bf646c 100644
>--- a/python/samba/ntacls.py
>+++ b/python/samba/ntacls.py
>@@ -454,7 +454,8 @@ class NtaclsHelper:
> 
>     def setntacl(self, path, ntacl_sd):
>         # ntacl_sd can be obj or str
>-        return setntacl(self.lp, path, ntacl_sd, self.dom_sid)
>+        return setntacl(self.lp, path, ntacl_sd, self.dom_sid,
>+                        use_ntvfs=self.use_ntvfs)
> 
> 
> def _create_ntacl_file(dst, ntacl_sddl_str):
>diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
>deleted file mode 100644
>index fabe2ba..0000000
>--- a/selftest/knownfail.d/gpo
>+++ /dev/null
>@@ -1,3 +0,0 @@
>-# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug)
>-samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck$renamedc:local$
>-samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck$offlinebackupdc:local$
>-- 
>2.7.4
>
>
>From 74b6ea7f89ebc7c886c4e10844cb21a8ae039231 Mon Sep 17 00:00:00 2001
>From: Tim Beale <timbeale@catalyst.net.nz>
>Date: Tue, 15 Jan 2019 17:12:20 +1300
>Subject: [PATCH 09/13] tests: Run GPO commands against testenv with SMBv1
> disabled
>
>Just to prove that they work across SMBv2.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
>Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit da33c2c4e4849f0985b08fbdc58cbd59b8426ec6)
>---
> source4/selftest/tests.py | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
>index 9d56e0b..7073755 100755
>--- a/source4/selftest/tests.py
>+++ b/source4/selftest/tests.py
>@@ -660,7 +660,8 @@ for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:loca
> # the only test we have of GPO get/set behaviour, and this involves
> # the file server as well as the LDAP server.
> # It's also a good sanity-check that sysvol backup worked correctly.
>-for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]:
>+for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc",
>+            smbv1_disabled_testenv]:
>     planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo",
>                         py3_compatible=True)
> 
>-- 
>2.7.4
>
>
>From 55f32918c944333d71116cdbcd3d1de78a180042 Mon Sep 17 00:00:00 2001
>From: Tim Beale <timbeale@catalyst.net.nz>
>Date: Thu, 13 Dec 2018 16:29:33 +1300
>Subject: [PATCH 10/13] selftest: Give the backup testenvs a 'test1' share
>
>The ntacls_backup tests use the test1 share, and we want to run them
>against the restoredc (which has SMBv1 disabled).
>
>The xattr.tdb file is needed for the backend_obj.wrap_getxattr() call
>(in ntacls.py) to work.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
>Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit a310de2db13c02a602e74139cb47ea9a25628e01)
>---
> selftest/target/Samba4.pm | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
>diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
>index 5346cb1..f2635e5 100755
>--- a/selftest/target/Samba4.pm
>+++ b/selftest/target/Samba4.pm
>@@ -3007,12 +3007,14 @@ sub prepare_dc_testenv
> 	# add support for sysvol/netlogon/tmp shares
> 	$ctx->{share} = "$ctx->{prefix_abs}/share";
> 	push(@{$ctx->{directories}}, "$ctx->{share}");
>+	push(@{$ctx->{directories}}, "$ctx->{share}/test1");
> 
> 	$ctx->{smb_conf_extra_options} = "
> 	$conf_options
> 	max xmit = 32K
> 	server max protocol = SMB2
> 	samba kcc command = /bin/true
>+	xattr_tdb:file = $ctx->{statedir}/xattr.tdb
> 
> [sysvol]
> 	path = $ctx->{statedir}/sysvol
>@@ -3029,6 +3031,12 @@ sub prepare_dc_testenv
> 	posix:oplocktimeout = 3
> 	posix:writetimeupdatedelay = 50000
> 
>+[test1]
>+	path = $ctx->{share}/test1
>+	read only = no
>+	posix:sharedelay = 100000
>+	posix:oplocktimeout = 3
>+	posix:writetimeupdatedelay = 500000
> ";
> 
> 	my $env = $self->provision_raw_step1($ctx);
>-- 
>2.7.4
>
>
>From 3ee0ae08e871fc12419fdbfe22cc53218b409acb Mon Sep 17 00:00:00 2001
>From: Tim Beale <timbeale@catalyst.net.nz>
>Date: Wed, 16 Jan 2019 10:02:07 +1300
>Subject: [PATCH 11/13] tests: Run ntacls_backup tests against testenv with
> SMBv1 disabled
>
>Just to prove that the NTACL backup works over SMBv2.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
>Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 7fb93eaca74ffe17bbe7255210dd3090afe8d5dc)
>---
> source4/selftest/tests.py | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
>diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
>index 7073755..b813208 100755
>--- a/source4/selftest/tests.py
>+++ b/source4/selftest/tests.py
>@@ -695,15 +695,13 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$U
> 
> for env in ["ad_dc", smbv1_disabled_testenv]:
>     planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
>+    planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup",
>+        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
> 
> planoldpythontestsuite(
>     "ad_dc_ntvfs:local", "samba.tests.dcerpc.registry",
>     extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
> 
>-planoldpythontestsuite(
>-    "ad_dc:local", "samba.tests.ntacls_backup",
>-    extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
>-
> planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
> planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
> planoldpythontestsuite("chgdcpass", "samba.tests.dcerpc.raw_protocol", py3_compatible=True,
>-- 
>2.7.4
>
>
>From 23585c24c23d4d7760034100ab6f5b3eff9bc5e2 Mon Sep 17 00:00:00 2001
>From: Tim Beale <timbeale@catalyst.net.nz>
>Date: Thu, 17 Jan 2019 09:41:21 +1300
>Subject: [PATCH 12/13] netcmd: Try to improve domain backup error message
>
>I ran this command as non-root by mistake and didn't find the error
>message particularly helpful. Tweak the error message so it reminds the
>user that they should be root. Also display the path we're looking for
>the sam.ldb file in, to give them more clues.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
>Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
>Reviewed-by: Noel Power <npower@samba.org>
>
>Autobuild-User(master): Noel Power <npower@samba.org>
>Autobuild-Date(master): Mon Jan 21 16:34:06 CET 2019 on sn-devel-144
>
>(cherry picked from commit 10e54a095f005c0988a7e5e8a35cea6200197854)
>---
> python/samba/netcmd/domain_backup.py | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
>diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py
>index 4cacf57..4e32b4b 100644
>--- a/python/samba/netcmd/domain_backup.py
>+++ b/python/samba/netcmd/domain_backup.py
>@@ -1009,8 +1009,9 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
> 
>         paths = samba.provision.provision_paths_from_lp(lp, lp.get('realm'))
>         if not (paths.samdb and os.path.exists(paths.samdb)):
>-            raise CommandError('No sam.db found.  This backup ' +
>-                               'tool is only for AD DCs')
>+            logger.error("No database found at {0}".format(paths.samdb))
>+            raise CommandError('Please check you are root, and ' +
>+                               'are running this command on an AD DC')
> 
>         check_targetdir(logger, targetdir)
> 
>-- 
>2.7.4
>
>
>From b1a68605fbe87be8db01364393619b60719be479 Mon Sep 17 00:00:00 2001
>From: Tim Beale <timbeale@catalyst.net.nz>
>Date: Tue, 22 Jan 2019 11:08:13 +1300
>Subject: [PATCH 13/13] WHATSNEW: Update for Bug 13676 changes in Samba 4.10
>
>Although it's unlikely that users will be using the 'smb' Python
>bindings, it's probably worth noting in the release notes that these
>bindings will be deprecated in future releases.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
>Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>---
> WHATSNEW.txt | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
>diff --git a/WHATSNEW.txt b/WHATSNEW.txt
>index 267cc54..493d9c2 100644
>--- a/WHATSNEW.txt
>+++ b/WHATSNEW.txt
>@@ -153,7 +153,13 @@ log entries has been removed to make the parsing of the JSON log messages
> easier. JSON log entries now start with 2 spaces followed by an opening brace
> i.e. "  {"
> 
>+SMBv2 samba-tool support
>+------------------------
> 
>+On previous releases, some samba-tool commands would not work against a remote
>+DC that had SMBv1 disabled. SMBv2 support has now been added for samba-tool.
>+The affected commands are 'samba-tool domain backup|rename' and the
>+'samba-tool gpo' set of commands. Refer also bug #13676.
> 
> 
> REMOVED FEATURES
>@@ -176,6 +182,14 @@ samba_backup
> The samba_backup script has been removed. This has now been replaced by the
> 'samba-tool domain backup offline' command.
> 
>+SMB client Python bindings
>+--------------------------
>+
>+The SMB client python bindings are now deprecated and will be removed in future
>+Samba releases. This will only affects users that may have used the Samba
>+Python bindings to write their own utilities, i.e. users with a custom Python
>+script that includes the line 'from samba import smb'.
>+
> smb.conf changes
> ================
> 
>-- 
>2.7.4
>

Flags:

jra: review+

Actions: View

Attachments on bug 13676: 14799