[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Wed Jan 9 13:31:02 UTC 2019


The branch, master has been updated
       via  a9def5c6971 s3:libsmb: Revert SMB Py bindings name back to libsmb_samba_internal
       via  84069c8a547 netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg
      from  b2a9d4c1f69 xml_docs: update traffic script documentation

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a9def5c6971fa1dea3aaa2da0e5dfd9246dd0c87
Author: Tim Beale <timbeale at catalyst.net.nz>
Date:   Wed Jan 9 10:15:49 2019 +1300

    s3:libsmb: Revert SMB Py bindings name back to libsmb_samba_internal
    
    In order to make it clear that the APIs in these Python bindings are
    unstable and should not be used by external consumers, this patch
    changes the name of the Python bindings back to libsmb_samba_internal.
    
    To make the Python code that uses these bindings (i.e. samba-tool, etc)
    look a little cleaner, we can just change the module name as we import
    it, e.g.
    
      from samba.samba3 import libsmb_samba_internal as libsmb
    
    Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Wed Jan  9 14:30:31 CET 2019 on sn-devel-144

commit 84069c8a5476a47d45ab946d82abb0d6c04635c3
Author: Joe Guo <joeg at catalyst.net.nz>
Date:   Thu Dec 20 16:47:00 2018 +1300

    netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg
    
    python[3]-gpgme is deprecated since ubuntu 1804 and debian 9.
    use python[3]-gpg instead, and adapt the API.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13728
    
    Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 python/samba/netcmd/user.py               | 86 ++++++++++++++++++++++---------
 python/samba/ntacls.py                    |  2 +-
 python/samba/tests/dcerpc/raw_testcase.py |  2 +-
 python/samba/tests/libsmb.py              |  2 +-
 python/samba/tests/smb.py                 |  2 +-
 source3/libsmb/pylibsmb.c                 | 13 +++--
 source3/wscript_build                     |  2 +-
 7 files changed, 74 insertions(+), 35 deletions(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py
index b3af8fffd6a..8ead8e583f3 100644
--- a/python/samba/netcmd/user.py
+++ b/python/samba/netcmd/user.py
@@ -21,6 +21,7 @@ import samba.getopt as options
 import ldb
 import pwd
 import os
+import io
 import re
 import tempfile
 import difflib
@@ -57,15 +58,56 @@ from samba.compat import text_type
 from samba.compat import get_bytes
 from samba.compat import get_string
 
-try:
-    import io
-    import gpgme
-    gpgme_support = True
-    decrypt_samba_gpg_help = "Decrypt the SambaGPG password as cleartext source"
-except ImportError as e:
-    gpgme_support = False
-    decrypt_samba_gpg_help = "Decrypt the SambaGPG password not supported, " + \
-        "python-gpgme required"
+
+# python[3]-gpgme is abandoned since ubuntu 1804 and debian 9
+# have to use python[3]-gpg instead
+# The API is different, need to adapt.
+
+def _gpgme_decrypt(encrypted_bytes):
+    """
+    Use python[3]-gpgme to decrypt GPG.
+    """
+    ctx = gpgme.Context()
+    ctx.armor = True  # use ASCII-armored
+    out = io.BytesIO()
+    ctx.decrypt(io.BytesIO(encrypted_bytes), out)
+    return out.getvalue()
+
+
+def _gpg_decrypt(encrypted_bytes):
+    """
+    Use python[3]-gpg to decrypt GPG.
+    """
+    ciphertext = gpg.Data(string=encrypted_bytes)
+    ctx = gpg.Context(armor=True)
+    # plaintext, result, verify_result
+    plaintext, _, _ = ctx.decrypt(ciphertext)
+    return plaintext
+
+
+gpg_decrypt = None
+
+if not gpg_decrypt:
+    try:
+        import gpgme
+        gpg_decrypt = _gpgme_decrypt
+    except ImportError:
+        pass
+
+if not gpg_decrypt:
+    try:
+        import gpg
+        gpg_decrypt = _gpg_decrypt
+    except ImportError:
+        pass
+
+if gpg_decrypt:
+    decrypt_samba_gpg_help = ("Decrypt the SambaGPG password as "
+                              "cleartext source")
+else:
+    decrypt_samba_gpg_help = ("Decrypt the SambaGPG password not supported, "
+                              "python[3]-gpgme or python[3]-gpg required")
+
 
 disabled_virtual_attributes = {
 }
@@ -1033,13 +1075,8 @@ class GetPasswordCommand(Command):
             #
             sgv = get_package("Primary:SambaGPG", min_idx=-1)
             if sgv is not None and unicodePwd is not None:
-                ctx = gpgme.Context()
-                ctx.armor = True
-                cipher_io = io.BytesIO(sgv)
-                plain_io = io.BytesIO()
                 try:
-                    ctx.decrypt(cipher_io, plain_io)
-                    cv = plain_io.getvalue()
+                    cv = gpg_decrypt(sgv)
                     #
                     # We only use the password if it matches
                     # the current nthash stored in the unicodePwd
@@ -1051,14 +1088,13 @@ class GetPasswordCommand(Command):
                     nthash = tmp.get_nt_hash()
                     if nthash == unicodePwd:
                         calculated["Primary:CLEARTEXT"] = cv
-                except gpgme.GpgmeError as e1:
-                    (major, minor, msg) = e1.args
-                    if major == gpgme.ERR_BAD_SECKEY:
-                        msg = "ERR_BAD_SECKEY: " + msg
-                    else:
-                        msg = "MAJOR:%d, MINOR:%d: %s" % (major, minor, msg)
-                    self.outf.write("WARNING: '%s': SambaGPG can't be decrypted into CLEARTEXT: %s\n" % (
-                                    username or account_name, msg))
+
+                except Exception as e:
+                    self.outf.write(
+                        "WARNING: '%s': SambaGPG can't be decrypted "
+                        "into CLEARTEXT: %s\n" % (
+                            username or account_name, e))
+
 
         def get_utf8(a, b, username):
             try:
@@ -1473,7 +1509,7 @@ samba-tool user getpassword --filter=samaccountname=TestUser3 --attributes=msDS-
             sambaopts=None, versionopts=None):
         self.lp = sambaopts.get_loadparm()
 
-        if decrypt_samba_gpg and not gpgme_support:
+        if decrypt_samba_gpg and not gpg_decrypt:
             raise CommandError(decrypt_samba_gpg_help)
 
         if filter is None and username is None:
@@ -1816,7 +1852,7 @@ samba-tool user syncpasswords --terminate \\
             if H is None:
                 H = "ldapi://%s" % os.path.abspath(self.lp.private_path("ldap_priv/ldapi"))
 
-            if decrypt_samba_gpg and not gpgme_support:
+            if decrypt_samba_gpg and not gpg_decrypt:
                 raise CommandError(decrypt_samba_gpg_help)
 
             password_attrs = self.parse_attributes(attributes)
diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
index 1ab5fd36e15..99245737529 100644
--- a/python/samba/ntacls.py
+++ b/python/samba/ntacls.py
@@ -32,7 +32,7 @@ from samba.samba3 import param as s3param
 from samba.dcerpc import security, xattr, idmap
 from samba.ndr import ndr_pack, ndr_unpack
 from samba.samba3 import smbd
-from samba.samba3 import libsmb
+from samba.samba3 import libsmb_samba_internal as libsmb
 
 # don't include volumes
 SMB_FILE_ATTRIBUTE_FLAGS = libsmb.FILE_ATTRIBUTE_SYSTEM | \
diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py
index 4f3f9992549..fc1c86a1283 100644
--- a/python/samba/tests/dcerpc/raw_testcase.py
+++ b/python/samba/tests/dcerpc/raw_testcase.py
@@ -35,7 +35,7 @@ from samba.ntstatus import (
 )
 from samba import NTSTATUSError
 from samba.samba3 import param as s3param
-from samba.samba3 import libsmb
+from samba.samba3 import libsmb_samba_internal as libsmb
 
 class smb_pipe_socket(object):
 
diff --git a/python/samba/tests/libsmb.py b/python/samba/tests/libsmb.py
index 5a37b09978b..e8f8e7fe94d 100644
--- a/python/samba/tests/libsmb.py
+++ b/python/samba/tests/libsmb.py
@@ -17,7 +17,7 @@
 
 """Tests for samba.samba3.libsmb."""
 
-from samba.samba3 import libsmb
+from samba.samba3 import libsmb_samba_internal as libsmb
 from samba.dcerpc import security
 from samba.samba3 import param as s3param
 from samba import credentials
diff --git a/python/samba/tests/smb.py b/python/samba/tests/smb.py
index fcb0b7fd7b8..5a52885c2f4 100644
--- a/python/samba/tests/smb.py
+++ b/python/samba/tests/smb.py
@@ -22,7 +22,7 @@ import sys
 from samba import NTSTATUSError
 from samba.ntstatus import (NT_STATUS_OBJECT_NAME_NOT_FOUND,
                             NT_STATUS_OBJECT_PATH_NOT_FOUND)
-from samba.samba3 import libsmb
+from samba.samba3 import libsmb_samba_internal as libsmb
 from samba.samba3 import param as s3param
 
 PY3 = sys.version_info[0] == 3
diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
index 4322c2b0712..9acfbb2df55 100644
--- a/source3/libsmb/pylibsmb.c
+++ b/source3/libsmb/pylibsmb.c
@@ -1,6 +1,9 @@
 /*
  * Unix SMB/CIFS implementation.
- * Samba-internal work in progress Python binding for libsmbclient
+ *
+ * SMB client Python bindings used internally by Samba (for things like
+ * samba-tool). These Python bindings may change without warning, and so
+ * should not be used outside of the Samba codebase.
  *
  * Copyright (C) Volker Lendecke 2012
  *
@@ -1526,7 +1529,7 @@ static PyMethodDef py_cli_state_methods[] = {
 
 static PyTypeObject py_cli_state_type = {
 	PyVarObject_HEAD_INIT(NULL, 0)
-	.tp_name = "libsmb.Conn",
+	.tp_name = "libsmb_samba_internal.Conn",
 	.tp_basicsize = sizeof(struct py_cli_state),
 	.tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
 	.tp_doc = "libsmb connection",
@@ -1540,17 +1543,17 @@ static PyMethodDef py_libsmb_methods[] = {
 	{ NULL },
 };
 
-void initlibsmb(void);
+void initlibsmb_samba_internal(void);
 
 static struct PyModuleDef moduledef = {
     PyModuleDef_HEAD_INIT,
-    .m_name = "libsmb",
+    .m_name = "libsmb_samba_internal",
     .m_doc = "libsmb wrapper",
     .m_size = -1,
     .m_methods = py_libsmb_methods,
 };
 
-MODULE_INIT_FUNC(libsmb)
+MODULE_INIT_FUNC(libsmb_samba_internal)
 {
 	PyObject *m = NULL;
 
diff --git a/source3/wscript_build b/source3/wscript_build
index 9d188a8d36a..a8ea8e581df 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -1323,7 +1323,7 @@ for env in bld.gen_python_environments():
     bld.SAMBA3_PYTHON('pylibsmb',
                   source='libsmb/pylibsmb.c',
                   deps='smbclient samba-credentials %s' % pycredentials,
-                  realname='samba/samba3/libsmb.so'
+                  realname='samba/samba3/libsmb_samba_internal.so'
                   )
 
 bld.SAMBA3_BINARY('spotlight2sparql',


-- 
Samba Shared Repository



More information about the samba-cvs mailing list