From 3b42327a0d488858cd75fc905f717f93c072d61e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:05:16 +0100 Subject: [PATCH 1/8] samba-tool group listmembers: hide python backtracke on command error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 789d84c0a9a406f7e0c9ab48cf2f31afdc4d3829) --- python/samba/netcmd/group.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 6e5ed1def28..46000e7f9de 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -549,7 +549,8 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com self.outf.write("%s\n" % member_name) except Exception as e: - raise CommandError('Failed to list members of "%s" group ' % groupname, e) + raise CommandError('Failed to list members of "%s" group - %s' % + (groupname, e)) class cmd_group_move(Command): -- 2.24.1 From 0c7a3ddb2b1541a7e195d0b1a5b53418c791229c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:08:43 +0100 Subject: [PATCH 2/8] samba-tool group listmembers: handle group-does-not-exist error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Return a error with a proper message instead of just do nothing when the target group does not exist. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 40e498e743e4677a42030373e8d97f6f9763080a) --- python/samba/netcmd/group.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 46000e7f9de..7f51c8e0d27 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -517,15 +517,14 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com credentials=creds, lp=lp) search_filter = "(&(objectClass=group)(samaccountname=%s))" % groupname - res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, - expression=(search_filter), - attrs=["objectSid"]) - - if (len(res) != 1): - return - - group_dn = res[0].get('dn', idx=0) - object_sid = res[0].get('objectSid', idx=0) + try: + res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, + expression=(search_filter), + attrs=["objectSid"]) + group_dn = res[0].get('dn', idx=0) + object_sid = res[0].get('objectSid', idx=0) + except IndexError: + raise CommandError('Unable to find group "%s"' % (groupname)) object_sid = ndr_unpack(security.dom_sid, object_sid) (group_dom_sid, rid) = object_sid.split() -- 2.24.1 From 20ff4ebe5f931594e55beb11df98ab1c2f2144f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:39:44 +0100 Subject: [PATCH 3/8] samba-tool group listmembers: find group members by groups SID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 1d2e9f27fa9cff55245e45a194f696fc9ca4376d) --- python/samba/netcmd/group.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 7f51c8e0d27..e3116ee71c4 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -521,15 +521,16 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, expression=(search_filter), attrs=["objectSid"]) - group_dn = res[0].get('dn', idx=0) - object_sid = res[0].get('objectSid', idx=0) + group_sid_binary = res[0].get('objectSid', idx=0) except IndexError: raise CommandError('Unable to find group "%s"' % (groupname)) - object_sid = ndr_unpack(security.dom_sid, object_sid) - (group_dom_sid, rid) = object_sid.split() + group_sid = ndr_unpack(security.dom_sid, group_sid_binary) + (group_dom_sid, rid) = group_sid.split() + group_sid_dn = "" % (group_sid) - search_filter = "(|(primaryGroupID=%s)(memberOf=%s))" % (rid, group_dn) + search_filter = ("(|(primaryGroupID=%s)(memberOf=%s))" % + (rid, group_sid_dn)) res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, expression=(search_filter), attrs=["samAccountName", "cn"]) -- 2.24.1 From 880bce83cf4e275fa57bc1a2323ed45863f629a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:38:50 +0100 Subject: [PATCH 4/8] samba-tool group listmembers: use binary encoded group names MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows to find groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit d0f8e833653df652df01a472c4bbfd256f10f810) --- python/samba/netcmd/group.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index e3116ee71c4..c56eb2d3354 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -516,7 +516,8 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com samdb = SamDB(url=H, session_info=system_session(), credentials=creds, lp=lp) - search_filter = "(&(objectClass=group)(samaccountname=%s))" % groupname + search_filter = ("(&(objectClass=group)(sAMAccountName=%s))" % + ldb.binary_encode(groupname)) try: res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, expression=(search_filter), -- 2.24.1 From dbc929971725f6cb31d6d500d9c7d6d1a2e234b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:40:50 +0100 Subject: [PATCH 5/8] samba-tool group move: use binary encoded group name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows to move groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 626209beab2fc9b0fdb7e90338cdfec5cfa48dd7) --- python/samba/netcmd/group.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index c56eb2d3354..f0af886a58e 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -607,7 +607,7 @@ class cmd_group_move(Command): domain_dn = ldb.Dn(samdb, samdb.domain_dn()) filter = ("(&(sAMAccountName=%s)(objectClass=group))" % - groupname) + ldb.binary_encode(groupname)) try: res = samdb.search(base=domain_dn, expression=filter, -- 2.24.1 From 99f2f4b1f23c16b9fbd1b6a4b6c496db0194bfcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:55:01 +0100 Subject: [PATCH 6/8] samba-tool group delete: use binary encoded group name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows to delete groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 104582b73caf008600e15d76d57424263a0f28d4) --- python/samba/netcmd/group.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index f0af886a58e..c063657a5ae 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -179,7 +179,7 @@ Example2 deletes group Group2 from the local server. The command is run under r credentials=creds, lp=lp) filter = ("(&(sAMAccountName=%s)(objectClass=group))" % - groupname) + ldb.binary_encode(groupname)) try: res = samdb.search(base=samdb.domain_dn(), -- 2.24.1 From 14f10f0110b41ff88770f32736bf292680a463d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:56:14 +0100 Subject: [PATCH 7/8] samba-tool group edit: use binary encoded group name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows to edit groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit f3e7ea0405d46ddfbeba9b3a84c13b7878464180) --- python/samba/netcmd/group.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index c063657a5ae..76705100960 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -873,7 +873,8 @@ class cmd_group_edit(Command): samdb = SamDB(url=H, session_info=system_session(), credentials=creds, lp=lp) - filter = ("(&(sAMAccountName=%s)(objectClass=group))" % groupname) + filter = ("(&(sAMAccountName=%s)(objectClass=group))" % + ldb.binary_encode(groupname)) domaindn = samdb.domain_dn() -- 2.24.1 From 91df9e074b77b3222831d26cf54865d3055709e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Thu, 27 Feb 2020 11:06:34 +0100 Subject: [PATCH 8/8] selftest: test samba-tool group commands with groupnames with brackets and spaces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 534809a0f09775390e89fa1cbfae3a1d0fafecb8) --- python/samba/tests/samba_tool/group.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python/samba/tests/samba_tool/group.py b/python/samba/tests/samba_tool/group.py index c5c9cdb1d34..cd9d9d9ed28 100644 --- a/python/samba/tests/samba_tool/group.py +++ b/python/samba/tests/samba_tool/group.py @@ -39,16 +39,19 @@ class GroupCmdTestCase(SambaToolCmdTest): self.groups.append(self._randomGroup({"name": "testgroup2"})) self.groups.append(self._randomGroup({"name": "testgroup3"})) self.groups.append(self._randomGroup({"name": "testgroup4"})) + self.groups.append(self._randomGroup({"name": "testgroup5 (with brackets)"})) self.groups.append(self._randomPosixGroup({"name": "posixgroup1"})) self.groups.append(self._randomPosixGroup({"name": "posixgroup2"})) self.groups.append(self._randomPosixGroup({"name": "posixgroup3"})) self.groups.append(self._randomPosixGroup({"name": "posixgroup4"})) + self.groups.append(self._randomPosixGroup({"name": "posixgroup5 (with brackets)"})) self.groups.append(self._randomUnixGroup({"name": "unixgroup1"})) self.groups.append(self._randomUnixGroup({"name": "unixgroup2"})) self.groups.append(self._randomUnixGroup({"name": "unixgroup3"})) self.groups.append(self._randomUnixGroup({"name": "unixgroup4"})) + self.groups.append(self._randomUnixGroup({"name": "unixgroup5 (with brackets)"})) - # setup the 12 groups and ensure they are correct + # setup the groups and ensure they are correct for group in self.groups: (result, out, err) = group["createGroupFn"](group) -- 2.24.1