The Samba-Bugzilla – Attachment 14799 Details for
Bug 13676
samba-tool SMB/sysvol connections do not work if SMBv1 is disabled
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Backport of GPO fixes for 4.10
v4-10-smb-patch.txt (text/plain), 25.48 KB, created by
Tim Beale
on 2019-01-24 20:44:51 UTC
(
hide
)
Description:
Backport of GPO fixes for 4.10
Filename:
MIME Type:
Creator:
Tim Beale
Created:
2019-01-24 20:44:51 UTC
Size:
25.48 KB
patch
obsolete
>From ed953201291f6550f29290c4287535ef85b4605f Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Fri, 14 Dec 2018 10:37:11 +1300 >Subject: [PATCH 01/13] python/gpclass: Convert gpclass to use s3 SMB Python > bindings > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 3b2e86bba1f6b22b144b07db454b842f0c0779ae) >--- > python/samba/gpclass.py | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > >diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py >index fb7c705..0040f23 100644 >--- a/python/samba/gpclass.py >+++ b/python/samba/gpclass.py >@@ -29,7 +29,8 @@ import xml.etree.ElementTree as etree > import re > from samba.net import Net > from samba.dcerpc import nbt >-from samba import smb >+from samba.samba3 import libsmb_samba_internal as libsmb >+from samba.samba3 import param as s3param > import samba.gpo as gpo > from samba.param import LoadParm > from uuid import UUID >@@ -386,7 +387,7 @@ def cache_gpo_dir(conn, cache, sub_dir): > if e.errno != errno.EEXIST: > raise > for fdata in conn.list(sub_dir): >- if fdata['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY: >+ if fdata['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY: > cache_gpo_dir(conn, cache, os.path.join(sub_dir, fdata['name'])) > else: > local_name = fdata['name'].upper() >@@ -407,7 +408,10 @@ def check_safe_path(path): > > > def check_refresh_gpo_list(dc_hostname, lp, creds, gpos): >- conn = smb.SMB(dc_hostname, 'sysvol', lp=lp, creds=creds, sign=True) >+ # the SMB bindings rely on having a s3 loadparm >+ s3_lp = s3param.get_context() >+ s3_lp.load(lp.configfile) >+ conn = libsmb.Conn(dc_hostname, 'sysvol', lp=s3_lp, creds=creds, sign=True) > cache_path = lp.cache_path('gpo_cache') > for gpo in gpos: > if not gpo.file_sys_path: >-- >2.7.4 > > >From 26ad9cde93d779b5c3cf57dc50edf792484a8934 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Tue, 8 Jan 2019 14:42:05 +1300 >Subject: [PATCH 02/13] s3:pylibsmb: Add .set_acl API to SMB py bindings > >This is pretty similar code to py_smb_getacl(), except it's calling >cli_set_security_descriptor() instead of cli_query_security_descriptor() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit b982811b60521624f1f600841ffa05e306eb936a) >--- > source3/libsmb/pylibsmb.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 51 insertions(+) > >diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c >index e0ce518..ee1d91b 100644 >--- a/source3/libsmb/pylibsmb.c >+++ b/source3/libsmb/pylibsmb.c >@@ -1525,6 +1525,54 @@ static PyObject *py_smb_getacl(struct py_cli_state *self, PyObject *args) > sd, sd); > } > >+/* >+ * Set ACL on file/directory using given security descriptor object >+ */ >+static PyObject *py_smb_setacl(struct py_cli_state *self, PyObject *args) >+{ >+ NTSTATUS status; >+ char *filename = NULL; >+ PyObject *py_sd = NULL; >+ struct security_descriptor *sd = NULL; >+ unsigned int sinfo = SECINFO_DEFAULT_FLAGS; >+ uint16_t fnum; >+ >+ /* there's no async version of cli_set_security_descriptor() */ >+ if (self->thread_state != NULL) { >+ PyErr_SetString(PyExc_RuntimeError, >+ "set_acl() is not supported on " >+ "a multi_threaded connection"); >+ return NULL; >+ } >+ >+ if (!PyArg_ParseTuple(args, "sO|I:set_acl", &filename, &py_sd, >+ &sinfo)) { >+ return NULL; >+ } >+ >+ sd = pytalloc_get_type(py_sd, struct security_descriptor); >+ if (!sd) { >+ PyErr_Format(PyExc_TypeError, >+ "Expected dcerpc.security.descriptor as argument, got %s", >+ talloc_get_name(pytalloc_get_ptr(py_sd))); >+ return NULL; >+ } >+ >+ status = cli_ntcreate(self->cli, filename, 0, >+ SEC_FLAG_MAXIMUM_ALLOWED, 0, >+ FILE_SHARE_READ|FILE_SHARE_WRITE, >+ FILE_OPEN, 0x0, 0x0, &fnum, NULL); >+ PyErr_NTSTATUS_IS_ERR_RAISE(status); >+ >+ status = cli_set_security_descriptor(self->cli, fnum, sinfo, sd); >+ PyErr_NTSTATUS_IS_ERR_RAISE(status); >+ >+ status = cli_close(self->cli, fnum); >+ PyErr_NTSTATUS_IS_ERR_RAISE(status); >+ >+ Py_RETURN_NONE; >+} >+ > static PyMethodDef py_cli_state_methods[] = { > { "settimeout", (PyCFunction)py_cli_settimeout, METH_VARARGS, > "settimeout(new_timeout_msecs) => return old_timeout_msecs" }, >@@ -1577,6 +1625,9 @@ static PyMethodDef py_cli_state_methods[] = { > { "get_acl", (PyCFunction)py_smb_getacl, METH_VARARGS, > "get_acl(path[, security_info=0]) -> security_descriptor object\n\n" > "\t\tGet security descriptor for file." }, >+ { "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS, >+ "set_acl(path, security_descriptor[, security_info=0]) -> None\n\n" >+ "\t\tSet security descriptor for file." }, > { NULL, NULL, 0, NULL } > }; > >-- >2.7.4 > > >From f72a1a23687e61dc2381322e385ffe3e57dc896d Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Tue, 8 Jan 2019 15:10:46 +1300 >Subject: [PATCH 03/13] netcmd: Change SMB flags from s4 Py bindings to s3 > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 345746ea5f4cca2620421ac0c8a649a596f5c19d) >--- > python/samba/netcmd/gpo.py | 13 +++++++------ > 1 file changed, 7 insertions(+), 6 deletions(-) > >diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py >index a064f44..d443129 100644 >--- a/python/samba/netcmd/gpo.py >+++ b/python/samba/netcmd/gpo.py >@@ -44,6 +44,7 @@ from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHE > from samba.netcmd.common import netcmd_finddc > from samba import policy > from samba import smb >+from samba.samba3 import libsmb_samba_internal as libsmb > from samba import NTSTATUSError > import uuid > from samba.ntacls import dsacl2fsacl >@@ -280,7 +281,7 @@ def backup_directory_remote_to_local(conn, remotedir, localdir): > r_name = r_dir + '\\' + e['name'] > l_name = os.path.join(l_dir, e['name']) > >- if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY: >+ if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY: > r_dirs.append(r_name) > l_dirs.append(l_name) > os.mkdir(l_name) >@@ -294,10 +295,10 @@ def backup_directory_remote_to_local(conn, remotedir, localdir): > parser.write_xml(l_name + '.xml') > > >-attr_flags = smb.FILE_ATTRIBUTE_SYSTEM | \ >- smb.FILE_ATTRIBUTE_DIRECTORY | \ >- smb.FILE_ATTRIBUTE_ARCHIVE | \ >- smb.FILE_ATTRIBUTE_HIDDEN >+attr_flags = libsmb.FILE_ATTRIBUTE_SYSTEM | \ >+ libsmb.FILE_ATTRIBUTE_DIRECTORY | \ >+ libsmb.FILE_ATTRIBUTE_ARCHIVE | \ >+ libsmb.FILE_ATTRIBUTE_HIDDEN > > > def copy_directory_remote_to_local(conn, remotedir, localdir): >@@ -315,7 +316,7 @@ def copy_directory_remote_to_local(conn, remotedir, localdir): > r_name = r_dir + '\\' + e['name'] > l_name = os.path.join(l_dir, e['name']) > >- if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY: >+ if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY: > r_dirs.append(r_name) > l_dirs.append(l_name) > os.mkdir(l_name) >-- >2.7.4 > > >From 84196daef8b978984af60b0e500c8248530ce821 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Fri, 11 Jan 2019 14:25:32 +1300 >Subject: [PATCH 04/13] s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to > .loadfile() API > >Add FILE_READ_ATTRIBUTES when opening the file handle, as we need to >read the file's size. > >The .loadfile() API can end up calling cli_qfileinfo_basic() to get the >file size. This can end up doing a 'FILE_ALL_INFORMATION' SMBv2 request >underneath, which the MS-SMB2 spec (section 3.3.5.20.1 Handling >SMB2_0_INFO_FILE) says the file handle must have FILE_READ_ATTRIBUTES >access granted. > >I noticed this problem when running .loadfile() against the NTVFS >server. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 0304b08de5ba1b4a6e08568a559c52f7d9e943d3) >--- > source3/libsmb/pylibsmb.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c >index ee1d91b..b4903a9 100644 >--- a/source3/libsmb/pylibsmb.c >+++ b/source3/libsmb/pylibsmb.c >@@ -928,7 +928,8 @@ static PyObject *py_smb_loadfile(struct py_cli_state *self, PyObject *args, > > /* get a read file handle */ > req = cli_ntcreate_send(NULL, self->ev, self->cli, filename, 0, >- FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL, >+ FILE_READ_DATA | FILE_READ_ATTRIBUTES, >+ FILE_ATTRIBUTE_NORMAL, > FILE_SHARE_READ, FILE_OPEN, 0, > SMB2_IMPERSONATION_IMPERSONATION, 0); > if (!py_tevent_req_wait_exc(self, req)) { >-- >2.7.4 > > >From b69bd2870850c5fb2ab9dff378a3b5aa6f070e12 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Fri, 11 Jan 2019 14:53:16 +1300 >Subject: [PATCH 05/13] netcmd: Change GPO commands to use s3 SMB Py bindings > >This means we can now use GPO commands on a DC that has SMBv1 disabled. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 08f1627cb3fa1c9ff7a0f74e32874d305647dc42) >--- > python/samba/netcmd/gpo.py | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > >diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py >index d443129..1b5e927 100644 >--- a/python/samba/netcmd/gpo.py >+++ b/python/samba/netcmd/gpo.py >@@ -43,7 +43,7 @@ import samba.auth > from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES > from samba.netcmd.common import netcmd_finddc > from samba import policy >-from samba import smb >+from samba.samba3 import param as s3param > from samba.samba3 import libsmb_samba_internal as libsmb > from samba import NTSTATUSError > import uuid >@@ -365,7 +365,10 @@ def create_directory_hier(conn, remotedir): > def smb_connection(dc_hostname, service, lp, creds, sign=False): > # SMB connect to DC > try: >- conn = smb.SMB(dc_hostname, service, lp=lp, creds=creds, sign=sign) >+ # the SMB bindings rely on having a s3 loadparm >+ s3_lp = s3param.get_context() >+ s3_lp.load(lp.configfile) >+ conn = libsmb.Conn(dc_hostname, service, lp=s3_lp, creds=creds, sign=sign) > except Exception: > raise CommandError("Error connecting to '%s' using SMB" % dc_hostname) > return conn >-- >2.7.4 > > >From c6208e79fc06d5e6a0f79c957791b0729f3c105c Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Fri, 11 Jan 2019 15:57:21 +1300 >Subject: [PATCH 06/13] s4:pysmb: Add error log that the s4 bindings are > deprecated > >We plan to delete the s4 SMB Python bindings in the next Samba release >after v4.10, but first give external consumers a heads-up, just in case >they are currently using the s4 bindings. > >Note the auth_log tests still use the s4 bindings, but all user-facing >tools should now be updated to use the s3 bindings. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 6a29e63f32c0024587020fc1f92b3d1ecaa0afbc) >--- > source4/libcli/pysmb.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > >diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c >index 45ff9a0..5a02816 100644 >--- a/source4/libcli/pysmb.c >+++ b/source4/libcli/pysmb.c >@@ -614,6 +614,18 @@ static PyObject *py_smb_new(PyTypeObject *type, PyObject *args, PyObject *kwargs > uint8_t use_spnego = 0xFF; > PyObject *sign = Py_False; > >+ /* >+ * These Python bindings are now deprecated because the s4 SMB client >+ * code doesn't support SMBv2 (and is unlikely to ever support it). >+ * The s3 libsmb_samba_internal bindings are a better choice for use >+ * within the Samba codebase, and support much the same API. >+ * This warning is mostly for external consumers that might be using >+ * these Python bindings (in which case, note libsmb_samba_internal >+ * is not a stable API and may change in future). >+ */ >+ DBG_ERR("The smb.SMB() Python bindings are now deprecated " >+ "and will be removed in the next samba release\n"); >+ > if (!PyArg_ParseTupleAndKeywords(args, kwargs, "zz|OObbO", > discard_const_p(char *, kwnames), > &hostname, &service, &py_creds, &py_lp, >-- >2.7.4 > > >From e88612625b94b94b8c428fc741ac27f3aa9d4b21 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Fri, 11 Jan 2019 15:09:48 +1300 >Subject: [PATCH 07/13] tests: Run samba_tool.gpo tests against backup testenvs > >Run the GPO tests against the backup/restore testenvs. > >Because the backup/restore preserves the NTACLs of the sysvol files, >running the GPO tests against the backup testenvs is a good sanity- >check. If fact it highlights that there is currently a problem with >restoring the GPO files - this shows up in 'samba-tool gpo aclcheck', >but we never noticed it until now. > >NTACL backup works slightly different for offline backups, and rename >backups end up with more sysvol files, so run the tests against both >these envs. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 2a7372da7b84921b247cefc23d7003b8056d74a4) >--- > selftest/knownfail.d/gpo | 3 +++ > source4/selftest/tests.py | 8 +++++--- > 2 files changed, 8 insertions(+), 3 deletions(-) > create mode 100644 selftest/knownfail.d/gpo > >diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo >new file mode 100644 >index 0000000..fabe2ba >--- /dev/null >+++ b/selftest/knownfail.d/gpo >@@ -0,0 +1,3 @@ >+# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug) >+samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(renamedc:local\) >+samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(offlinebackupdc:local\) >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index a1f3842..9d56e0b 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -656,11 +656,13 @@ for env in ["ad_dc_ntvfs", "fl2000dc", "fl2003dc", "fl2008r2dc"]: > for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]: > plantestsuite("samba.tests.samba_tool.edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD']) > >-# We run this test against both AD DC implemetnations because it is >+# We run this test against both AD DC implementations because it is > # the only test we have of GPO get/set behaviour, and this involves > # the file server as well as the LDAP server. >-planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.gpo", py3_compatible=True) >-planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.gpo", py3_compatible=True) >+# It's also a good sanity-check that sysvol backup worked correctly. >+for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]: >+ planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo", >+ py3_compatible=True) > > planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.processes", py3_compatible=True) > planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user", py3_compatible=True) >-- >2.7.4 > > >From a184cbd086cf4aa385fab80b043f97555723802e Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Tue, 15 Jan 2019 14:09:15 +1300 >Subject: [PATCH 08/13] ntacls: Pass correct use_ntvfs through to setntacl() > >We were already checking the smb.conf to see if it uses the NTVFS file >server or the default smbd server. However, we weren't passing this >through to the setntacl() call. > >This fixes the problem we noticed with 'samba-tool gpo aclcheck' failing >after a restore. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit f3fe96fc2e2d942b4a2e241777b5ee12b2295b97) >--- > python/samba/ntacls.py | 3 ++- > selftest/knownfail.d/gpo | 3 --- > 2 files changed, 2 insertions(+), 4 deletions(-) > delete mode 100644 selftest/knownfail.d/gpo > >diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py >index 9924573..5bf646c 100644 >--- a/python/samba/ntacls.py >+++ b/python/samba/ntacls.py >@@ -454,7 +454,8 @@ class NtaclsHelper: > > def setntacl(self, path, ntacl_sd): > # ntacl_sd can be obj or str >- return setntacl(self.lp, path, ntacl_sd, self.dom_sid) >+ return setntacl(self.lp, path, ntacl_sd, self.dom_sid, >+ use_ntvfs=self.use_ntvfs) > > > def _create_ntacl_file(dst, ntacl_sddl_str): >diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo >deleted file mode 100644 >index fabe2ba..0000000 >--- a/selftest/knownfail.d/gpo >+++ /dev/null >@@ -1,3 +0,0 @@ >-# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug) >-samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(renamedc:local\) >-samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(offlinebackupdc:local\) >-- >2.7.4 > > >From 74b6ea7f89ebc7c886c4e10844cb21a8ae039231 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Tue, 15 Jan 2019 17:12:20 +1300 >Subject: [PATCH 09/13] tests: Run GPO commands against testenv with SMBv1 > disabled > >Just to prove that they work across SMBv2. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit da33c2c4e4849f0985b08fbdc58cbd59b8426ec6) >--- > source4/selftest/tests.py | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 9d56e0b..7073755 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -660,7 +660,8 @@ for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:loca > # the only test we have of GPO get/set behaviour, and this involves > # the file server as well as the LDAP server. > # It's also a good sanity-check that sysvol backup worked correctly. >-for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]: >+for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc", >+ smbv1_disabled_testenv]: > planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo", > py3_compatible=True) > >-- >2.7.4 > > >From 55f32918c944333d71116cdbcd3d1de78a180042 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Thu, 13 Dec 2018 16:29:33 +1300 >Subject: [PATCH 10/13] selftest: Give the backup testenvs a 'test1' share > >The ntacls_backup tests use the test1 share, and we want to run them >against the restoredc (which has SMBv1 disabled). > >The xattr.tdb file is needed for the backend_obj.wrap_getxattr() call >(in ntacls.py) to work. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit a310de2db13c02a602e74139cb47ea9a25628e01) >--- > selftest/target/Samba4.pm | 8 ++++++++ > 1 file changed, 8 insertions(+) > >diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >index 5346cb1..f2635e5 100755 >--- a/selftest/target/Samba4.pm >+++ b/selftest/target/Samba4.pm >@@ -3007,12 +3007,14 @@ sub prepare_dc_testenv > # add support for sysvol/netlogon/tmp shares > $ctx->{share} = "$ctx->{prefix_abs}/share"; > push(@{$ctx->{directories}}, "$ctx->{share}"); >+ push(@{$ctx->{directories}}, "$ctx->{share}/test1"); > > $ctx->{smb_conf_extra_options} = " > $conf_options > max xmit = 32K > server max protocol = SMB2 > samba kcc command = /bin/true >+ xattr_tdb:file = $ctx->{statedir}/xattr.tdb > > [sysvol] > path = $ctx->{statedir}/sysvol >@@ -3029,6 +3031,12 @@ sub prepare_dc_testenv > posix:oplocktimeout = 3 > posix:writetimeupdatedelay = 50000 > >+[test1] >+ path = $ctx->{share}/test1 >+ read only = no >+ posix:sharedelay = 100000 >+ posix:oplocktimeout = 3 >+ posix:writetimeupdatedelay = 500000 > "; > > my $env = $self->provision_raw_step1($ctx); >-- >2.7.4 > > >From 3ee0ae08e871fc12419fdbfe22cc53218b409acb Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Wed, 16 Jan 2019 10:02:07 +1300 >Subject: [PATCH 11/13] tests: Run ntacls_backup tests against testenv with > SMBv1 disabled > >Just to prove that the NTACL backup works over SMBv2. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 7fb93eaca74ffe17bbe7255210dd3090afe8d5dc) >--- > source4/selftest/tests.py | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 7073755..b813208 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -695,15 +695,13 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$U > > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) >+ planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup", >+ extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) > > planoldpythontestsuite( > "ad_dc_ntvfs:local", "samba.tests.dcerpc.registry", > extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) > >-planoldpythontestsuite( >- "ad_dc:local", "samba.tests.ntacls_backup", >- extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) >- > planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) > planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) > planoldpythontestsuite("chgdcpass", "samba.tests.dcerpc.raw_protocol", py3_compatible=True, >-- >2.7.4 > > >From 23585c24c23d4d7760034100ab6f5b3eff9bc5e2 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Thu, 17 Jan 2019 09:41:21 +1300 >Subject: [PATCH 12/13] netcmd: Try to improve domain backup error message > >I ran this command as non-root by mistake and didn't find the error >message particularly helpful. Tweak the error message so it reminds the >user that they should be root. Also display the path we're looking for >the sam.ldb file in, to give them more clues. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Noel Power <npower@samba.org> > >Autobuild-User(master): Noel Power <npower@samba.org> >Autobuild-Date(master): Mon Jan 21 16:34:06 CET 2019 on sn-devel-144 > >(cherry picked from commit 10e54a095f005c0988a7e5e8a35cea6200197854) >--- > python/samba/netcmd/domain_backup.py | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > >diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py >index 4cacf57..4e32b4b 100644 >--- a/python/samba/netcmd/domain_backup.py >+++ b/python/samba/netcmd/domain_backup.py >@@ -1009,8 +1009,9 @@ class cmd_domain_backup_offline(samba.netcmd.Command): > > paths = samba.provision.provision_paths_from_lp(lp, lp.get('realm')) > if not (paths.samdb and os.path.exists(paths.samdb)): >- raise CommandError('No sam.db found. This backup ' + >- 'tool is only for AD DCs') >+ logger.error("No database found at {0}".format(paths.samdb)) >+ raise CommandError('Please check you are root, and ' + >+ 'are running this command on an AD DC') > > check_targetdir(logger, targetdir) > >-- >2.7.4 > > >From b1a68605fbe87be8db01364393619b60719be479 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Tue, 22 Jan 2019 11:08:13 +1300 >Subject: [PATCH 13/13] WHATSNEW: Update for Bug 13676 changes in Samba 4.10 > >Although it's unlikely that users will be using the 'smb' Python >bindings, it's probably worth noting in the release notes that these >bindings will be deprecated in future releases. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >--- > WHATSNEW.txt | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index 267cc54..493d9c2 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -153,7 +153,13 @@ log entries has been removed to make the parsing of the JSON log messages > easier. JSON log entries now start with 2 spaces followed by an opening brace > i.e. " {" > >+SMBv2 samba-tool support >+------------------------ > >+On previous releases, some samba-tool commands would not work against a remote >+DC that had SMBv1 disabled. SMBv2 support has now been added for samba-tool. >+The affected commands are 'samba-tool domain backup|rename' and the >+'samba-tool gpo' set of commands. Refer also bug #13676. > > > REMOVED FEATURES >@@ -176,6 +182,14 @@ samba_backup > The samba_backup script has been removed. This has now been replaced by the > 'samba-tool domain backup offline' command. > >+SMB client Python bindings >+-------------------------- >+ >+The SMB client python bindings are now deprecated and will be removed in future >+Samba releases. This will only affects users that may have used the Samba >+Python bindings to write their own utilities, i.e. users with a custom Python >+script that includes the line 'from samba import smb'. >+ > smb.conf changes > ================ > >-- >2.7.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 13676
: 14799