From 079b69b2e6d3a94ce7655262c22c36f60d3ef282 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:05:16 +0100 Subject: [PATCH 1/7] samba-tool group listmembers: hide python backtracke on command error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 789d84c0a9a406f7e0c9ab48cf2f31afdc4d3829) --- python/samba/netcmd/group.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 3d55222e8d0..b0b89994f3d 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -426,7 +426,8 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com self.outf.write("%s\n" % member_name) except Exception as e: - raise CommandError('Failed to list members of "%s" group ' % groupname, e) + raise CommandError('Failed to list members of "%s" group - %s' % + (groupname, e)) class cmd_group_move(Command): -- 2.24.1 From bc05b9ef2ee2ccbec3bdab9b5b60e0fd4af661fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:08:43 +0100 Subject: [PATCH 2/7] samba-tool group listmembers: handle group-does-not-exist error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Return a error with a proper message instead of just do nothing when the target group does not exist. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 40e498e743e4677a42030373e8d97f6f9763080a) --- python/samba/netcmd/group.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index b0b89994f3d..1fe831a6d49 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -398,15 +398,14 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com credentials=creds, lp=lp) search_filter = "(&(objectClass=group)(samaccountname=%s))" % groupname - res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, - expression=(search_filter), - attrs=["objectSid"]) - - if (len(res) != 1): - return - - group_dn = res[0].get('dn', idx=0) - object_sid = res[0].get('objectSid', idx=0) + try: + res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, + expression=(search_filter), + attrs=["objectSid"]) + group_dn = res[0].get('dn', idx=0) + object_sid = res[0].get('objectSid', idx=0) + except IndexError: + raise CommandError('Unable to find group "%s"' % (groupname)) object_sid = ndr_unpack(security.dom_sid, object_sid) (group_dom_sid, rid) = object_sid.split() -- 2.24.1 From 3615e67dfe984662877ab277cd231027dd51d1a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:39:44 +0100 Subject: [PATCH 3/7] samba-tool group listmembers: find group members by groups SID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 1d2e9f27fa9cff55245e45a194f696fc9ca4376d) --- python/samba/netcmd/group.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 1fe831a6d49..f14ce1f9b05 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -402,15 +402,16 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, expression=(search_filter), attrs=["objectSid"]) - group_dn = res[0].get('dn', idx=0) - object_sid = res[0].get('objectSid', idx=0) + group_sid_binary = res[0].get('objectSid', idx=0) except IndexError: raise CommandError('Unable to find group "%s"' % (groupname)) - object_sid = ndr_unpack(security.dom_sid, object_sid) - (group_dom_sid, rid) = object_sid.split() + group_sid = ndr_unpack(security.dom_sid, group_sid_binary) + (group_dom_sid, rid) = group_sid.split() + group_sid_dn = "" % (group_sid) - search_filter = "(|(primaryGroupID=%s)(memberOf=%s))" % (rid, group_dn) + search_filter = ("(|(primaryGroupID=%s)(memberOf=%s))" % + (rid, group_sid_dn)) res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, expression=(search_filter), attrs=["samAccountName", "cn"]) -- 2.24.1 From 071936b9b877b3477423d5b6578ee2c2c532493c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:38:50 +0100 Subject: [PATCH 4/7] samba-tool group listmembers: use binary encoded group names MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows to find groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit d0f8e833653df652df01a472c4bbfd256f10f810) --- python/samba/netcmd/group.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index f14ce1f9b05..bf65a7c9dc0 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -397,7 +397,8 @@ samba-tool group listmembers \"Domain Users\" -H ldap://samba.samdom.example.com samdb = SamDB(url=H, session_info=system_session(), credentials=creds, lp=lp) - search_filter = "(&(objectClass=group)(samaccountname=%s))" % groupname + search_filter = ("(&(objectClass=group)(sAMAccountName=%s))" % + ldb.binary_encode(groupname)) try: res = samdb.search(samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE, expression=(search_filter), -- 2.24.1 From 07d1ea22750c34d9f588cd82cae3058c6b52c4ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:40:50 +0100 Subject: [PATCH 5/7] samba-tool group move: use binary encoded group name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows to move groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 626209beab2fc9b0fdb7e90338cdfec5cfa48dd7) --- python/samba/netcmd/group.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index bf65a7c9dc0..56397463fa7 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -484,7 +484,7 @@ class cmd_group_move(Command): domain_dn = ldb.Dn(samdb, samdb.domain_dn()) filter = ("(&(sAMAccountName=%s)(objectClass=group))" % - groupname) + ldb.binary_encode(groupname)) try: res = samdb.search(base=domain_dn, expression=filter, -- 2.24.1 From e3e8abdff1964bc78f1a5a4e97658cccdc1429c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 26 Feb 2020 13:55:01 +0100 Subject: [PATCH 6/7] samba-tool group delete: use binary encoded group name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows to delete groups with names like e.g. 'group1 (xy)'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 104582b73caf008600e15d76d57424263a0f28d4) --- python/samba/netcmd/group.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 56397463fa7..d81fee73f1a 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -174,7 +174,7 @@ Example2 deletes group Group2 from the local server. The command is run under r credentials=creds, lp=lp) filter = ("(&(sAMAccountName=%s)(objectClass=group))" % - groupname) + ldb.binary_encode(groupname)) try: res = samdb.search(base=samdb.domain_dn(), -- 2.24.1 From 98bba315bdd1e9ca0d9dbd7409ede848345d2589 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Thu, 27 Feb 2020 11:06:34 +0100 Subject: [PATCH 7/7] selftest: test samba-tool group commands with groupnames with brackets and spaces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296 Signed-off-by: Björn Baumbach Reviewed-by: Andrew Bartlett (cherry picked from commit 534809a0f09775390e89fa1cbfae3a1d0fafecb8) --- python/samba/tests/samba_tool/group.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/samba/tests/samba_tool/group.py b/python/samba/tests/samba_tool/group.py index 9862251ff01..14aa89c35bb 100644 --- a/python/samba/tests/samba_tool/group.py +++ b/python/samba/tests/samba_tool/group.py @@ -39,8 +39,9 @@ class GroupCmdTestCase(SambaToolCmdTest): self.groups.append(self._randomGroup({"name": "testgroup2"})) self.groups.append(self._randomGroup({"name": "testgroup3"})) self.groups.append(self._randomGroup({"name": "testgroup4"})) + self.groups.append(self._randomGroup({"name": "testgroup5 (with brackets)"})) - # setup the 4 groups and ensure they are correct + # setup the 5 groups and ensure they are correct for group in self.groups: (result, out, err) = self._create_group(group) -- 2.24.1