From 1fdfb058003706abc32e8d6c660769093774e2b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:05:16 +0100 Subject: [PATCH 1/8] samba-tool group listmembers: hide python backtracke on command error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 789d84c0a9a406f7e0c9ab48cf2f31afdc4d3829) --- python/samba/netcmd/group.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 536c1cba613..8ba0f30ab9e 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -430,7 +430,8 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com self.outf.write("%s\n" % member_name) except Exception as e: - raise CommandError('Failed to list members of "%s" group ' % groupname, e) + raise CommandError('Failed to list members of "%s" group - %s' % + (groupname, e)) class cmd_group_move(Command): -- 2.24.1 From 31ad16ef2faed8e9392050acc3a76733c95e9ffa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:08:43 +0100 Subject: [PATCH 2/8] samba-tool group listmembers: handle group-does-not-exist error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Return a error with a proper message instead of just do nothing when the target group does not exist. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 40e498e743e4677a42030373e8d97f6f9763080a) --- python/samba/netcmd/group.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 8ba0f30ab9e..25bed70380c 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -402,15 +402,14 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com credentials=creds, lp=lp) search_filter = "(&(objectClass=group)(samaccountname=%s))" % groupname - res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, - expression=(search_filter), - attrs=["objectSid"]) - - if (len(res) != 1): - return - - group_dn = res[0].get('dn', idx=0) - object_sid = res[0].get('objectSid', idx=0) + try: + res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, + expression=(search_filter), + attrs=["objectSid"]) + group_dn = res[0].get('dn', idx=0) + object_sid = res[0].get('objectSid', idx=0) + except IndexError: + raise CommandError('Unable to find group "%s"' % (groupname)) object_sid = ndr_unpack(security.dom_sid, object_sid) (group_dom_sid, rid) = object_sid.split() -- 2.24.1 From 8649cda557a83426d3d49d5782f9a41e3ed60256 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:39:44 +0100 Subject: [PATCH 3/8] samba-tool group listmembers: find group members by groups SID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 1d2e9f27fa9cff55245e45a194f696fc9ca4376d) --- python/samba/netcmd/group.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 25bed70380c..5c608732ec3 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -406,15 +406,16 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, expression=(search_filter), attrs=["objectSid"]) - group_dn = res[0].get('dn', idx=0) - object_sid = res[0].get('objectSid', idx=0) + group_sid_binary = res[0].get('objectSid', idx=0) except IndexError: raise CommandError('Unable to find group "%s"' % (groupname)) - object_sid = ndr_unpack(security.dom_sid, object_sid) - (group_dom_sid, rid) = object_sid.split() + group_sid = ndr_unpack(security.dom_sid, group_sid_binary) + (group_dom_sid, rid) = group_sid.split() + group_sid_dn = "" % (group_sid) - search_filter = "(|(primaryGroupID=%s)(memberOf=%s))" % (rid, group_dn) + search_filter = ("(|(primaryGroupID=%s)(memberOf=%s))" % + (rid, group_sid_dn)) res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, expression=(search_filter), attrs=["samAccountName", "cn"]) -- 2.24.1 From 82d4600b189a10d719e9d92733796aa97b0cd6ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:38:50 +0100 Subject: [PATCH 4/8] samba-tool group listmembers: use binary encoded group names MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows to find groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit d0f8e833653df652df01a472c4bbfd256f10f810) --- python/samba/netcmd/group.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 5c608732ec3..db06a72bb73 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -401,7 +401,8 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com samdb = SamDB(url=H, session_info=system_session(), credentials=creds, lp=lp) - search_filter = "(&(objectClass=group)(samaccountname=%s))" % groupname + search_filter = ("(&(objectClass=group)(sAMAccountName=%s))" % + ldb.binary_encode(groupname)) try: res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, expression=(search_filter), -- 2.24.1 From 376b550c875711568512a76e964e12b8d3e70801 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:40:50 +0100 Subject: [PATCH 5/8] samba-tool group move: use binary encoded group name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows to move groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 626209beab2fc9b0fdb7e90338cdfec5cfa48dd7) --- python/samba/netcmd/group.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index db06a72bb73..680d9e74908 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -488,7 +488,7 @@ class cmd_group_move(Command): domain_dn = ldb.Dn(samdb, samdb.domain_dn()) filter = ("(&(sAMAccountName=%s)(objectClass=group))" % - groupname) + ldb.binary_encode(groupname)) try: res = samdb.search(base=domain_dn, expression=filter, -- 2.24.1 From 4d09cc01aaca98936349c02e9a645568035ffd14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:55:01 +0100 Subject: [PATCH 6/8] samba-tool group delete: use binary encoded group name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows to delete groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 104582b73caf008600e15d76d57424263a0f28d4) --- python/samba/netcmd/group.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 680d9e74908..50864385702 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -178,7 +178,7 @@ Example2 deletes group Group2 from the local server. The command is run under r credentials=creds, lp=lp) filter = ("(&(sAMAccountName=%s)(objectClass=group))" % - groupname) + ldb.binary_encode(groupname)) try: res = samdb.search(base=samdb.domain_dn(), -- 2.24.1 From 4a2cd4c8194f010fc4c48038c8a9cff9715232ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:56:14 +0100 Subject: [PATCH 7/8] samba-tool group edit: use binary encoded group name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows to edit groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit f3e7ea0405d46ddfbeba9b3a84c13b7878464180) --- python/samba/netcmd/group.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 50864385702..88e666e27dc 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -756,7 +756,8 @@ class cmd_group_edit(Command): samdb = SamDB(url=H, session_info=system_session(), credentials=creds, lp=lp) - filter = ("(&(sAMAccountName=%s)(objectClass=group))" % groupname) + filter = ("(&(sAMAccountName=%s)(objectClass=group))" % + ldb.binary_encode(groupname)) domaindn = samdb.domain_dn() -- 2.24.1 From d47fb91bd2b1cb65853b39def56f0570cb4338df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Thu, 27 Feb 2020 11:06:34 +0100 Subject: [PATCH 8/8] selftest: test samba-tool group commands with groupnames with brackets and spaces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 534809a0f09775390e89fa1cbfae3a1d0fafecb8) --- python/samba/tests/samba_tool/group.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/samba/tests/samba_tool/group.py b/python/samba/tests/samba_tool/group.py index e521c720b77..864c3876acb 100644 --- a/python/samba/tests/samba_tool/group.py +++ b/python/samba/tests/samba_tool/group.py @@ -39,8 +39,9 @@ class GroupCmdTestCase(SambaToolCmdTest): self.groups.append(self._randomGroup({"name": "testgroup2"})) self.groups.append(self._randomGroup({"name": "testgroup3"})) self.groups.append(self._randomGroup({"name": "testgroup4"})) + self.groups.append(self._randomGroup({"name": "testgroup5 (with brackets)"})) - # setup the 4 groups and ensure they are correct + # setup the 5 groups and ensure they are correct for group in self.groups: (result, out, err) = self._create_group(group) -- 2.24.1