[SCM] Samba Shared Repository - branch master updated

Tim Beale timbeale at samba.org
Mon Jan 14 05:50:04 UTC 2019 

The branch, master has been updated
       via  792b8d3f833 netcmd: Change domain backup commands to use s3 SMB Py bindings
       via  15013ff9537 tests: Change ntaclsbackup tests over to use s3 Py bindings
       via  bae415453e1 s3:pylibsmb: Add .get_acl() API to SMB py bindings
      from  8900e0b4cb0 lib/ldb: Use new PYARG_ES format for parseTuple

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 792b8d3f8338988c2288bc3dc58e72cacbba2154
Author: Tim Beale <timbeale at catalyst.net.nz>
Date:   Thu Dec 13 17:31:23 2018 +1300

    netcmd: Change domain backup commands to use s3 SMB Py bindings
    
    This means we can now backup a DC that has SMBv1 disabled.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
    
    Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    
    Autobuild-User(master): Tim Beale <timbeale at samba.org>
    Autobuild-Date(master): Mon Jan 14 06:49:09 CET 2019 on sn-devel-144

commit 15013ff9537cc1103afd1afd59c2da722e655b52
Author: Tim Beale <timbeale at catalyst.net.nz>
Date:   Thu Dec 13 16:05:36 2018 +1300

    tests: Change ntaclsbackup tests over to use s3 Py bindings
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
    
    Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

commit bae415453e13ee1c54d40459c8239b72dea9fa7b
Author: Tim Beale <timbeale at catalyst.net.nz>
Date:   Wed Dec 12 16:14:43 2018 +1300

    s3:pylibsmb: Add .get_acl() API to SMB py bindings
    
    There is no obvious async-equivalent of cli_query_security_descriptor(),
    so it will throw an error if anyone tries to use it in multi-threaded
    mode. Currently only samba-tool and tests use the (s4) .get_acl() API,
    both of which will be fine using the synchronous API.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
    
    Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

-----------------------------------------------------------------------

Summary of changes:
 python/samba/netcmd/domain_backup.py |  8 ++++--
 python/samba/tests/ntacls_backup.py  |  4 +--
 selftest/knownfail.d/domain_backup   | 12 --------
 source3/libsmb/pylibsmb.c            | 53 ++++++++++++++++++++++++++++++++++++
 4 files changed, 61 insertions(+), 16 deletions(-)
 delete mode 100644 selftest/knownfail.d/domain_backup


Changeset truncated at 500 lines:

diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py
index 58d5a4c3510..4cacf571f3d 100644
--- a/python/samba/netcmd/domain_backup.py
+++ b/python/samba/netcmd/domain_backup.py
@@ -27,7 +27,8 @@ import tdb
 import samba.getopt as options
 from samba.samdb import SamDB, get_default_backend_store
 import ldb
-from samba import smb
+from samba.samba3 import libsmb_samba_internal as libsmb
+from samba.samba3 import param as s3param
 from samba.ntacls import backup_online, backup_restore, backup_offline
 from samba.auth import system_session
 from samba.join import DCJoinContext, join_clone, DCCloneAndRenameContext
@@ -103,7 +104,10 @@ def get_sid_for_restore(samdb):
 
 def smb_sysvol_conn(server, lp, creds):
     """Returns an SMB connection to the sysvol share on the DC"""
-    return smb.SMB(server, "sysvol", lp=lp, creds=creds, sign=True)
+    # the SMB bindings rely on having a s3 loadparm
+    s3_lp = s3param.get_context()
+    s3_lp.load(lp.configfile)
+    return libsmb.Conn(server, "sysvol", lp=s3_lp, creds=creds, sign=True)
 
 
 def get_timestamp():
diff --git a/python/samba/tests/ntacls_backup.py b/python/samba/tests/ntacls_backup.py
index 0ee044f1336..03ee821e595 100644
--- a/python/samba/tests/ntacls_backup.py
+++ b/python/samba/tests/ntacls_backup.py
@@ -19,7 +19,7 @@
 """Tests for samba ntacls backup"""
 import os
 
-from samba import smb
+from samba.samba3 import libsmb_samba_internal as libsmb
 from samba.samba3 import smbd
 from samba import samdb
 from samba import ntacls
@@ -60,7 +60,7 @@ class NtaclsBackupRestoreTests(TestCaseInTempDir):
                                                  self.dom_sid)
         self.lp = self.ntacls_helper.lp
 
-        self.smb_conn = smb.SMB(
+        self.smb_conn = libsmb.Conn(
             self.server, self.service, lp=self.lp, creds=self.creds)
 
         self.smb_helper = ntacls.SMBHelper(self.smb_conn, self.dom_sid)
diff --git a/selftest/knownfail.d/domain_backup b/selftest/knownfail.d/domain_backup
deleted file mode 100644
index 24f4d87981c..00000000000
--- a/selftest/knownfail.d/domain_backup
+++ /dev/null
@@ -1,12 +0,0 @@
-# these tests only work with SMBv1, which is disabled on the restoredc
-samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupRename.test_one_way_links\(restoredc:local\)
-samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupRename.test_backup_untar\(restoredc:local\)
-samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupRename.test_backup_restore_with_conf\(restoredc:local\)
-samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupRename.test_backup_restore_no_secrets\(restoredc:local\)
-samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupRename.test_backup_restore_into_site\(restoredc:local\)
-samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupRename.test_backup_restore\(restoredc:local\)
-samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupOnline.test_backup_untar\(restoredc:local\)
-samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupOnline.test_backup_restore_with_conf\(restoredc:local\)
-samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupOnline.test_backup_restore_no_secrets\(restoredc:local\)
-samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupOnline.test_backup_restore_into_site\(restoredc:local\)
-samba.tests.domain_backup.samba.tests.domain_backup.DomainBackupOnline.test_backup_restore\(restoredc:local\)
diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
index 9acfbb2df55..e0ce518d91b 100644
--- a/source3/libsmb/pylibsmb.c
+++ b/source3/libsmb/pylibsmb.c
@@ -32,10 +32,16 @@
 #include "auth/credentials/pycredentials.h"
 #include "trans2.h"
 #include "libsmb/clirap.h"
+#include "librpc/rpc/pyrpc_util.h"
 
 #define LIST_ATTRIBUTE_MASK \
 	(FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN)
 
+#define SECINFO_DEFAULT_FLAGS \
+	(SECINFO_OWNER | SECINFO_GROUP | \
+	 SECINFO_DACL | SECINFO_PROTECTED_DACL | SECINFO_UNPROTECTED_DACL | \
+	 SECINFO_SACL | SECINFO_PROTECTED_SACL | SECINFO_UNPROTECTED_SACL)
+
 static PyTypeObject *get_pytype(const char *module, const char *type)
 {
 	PyObject *mod;
@@ -1475,6 +1481,50 @@ static PyObject *py_smb_deltree(struct py_cli_state *self, PyObject *args)
 	Py_RETURN_NONE;
 }
 
+/*
+ * Read ACL on a given file/directory as a security descriptor object
+ */
+static PyObject *py_smb_getacl(struct py_cli_state *self, PyObject *args)
+{
+	NTSTATUS status;
+	const char *filename = NULL;
+	unsigned int sinfo = SECINFO_DEFAULT_FLAGS;
+	unsigned int access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	uint16_t fnum;
+	struct security_descriptor *sd = NULL;
+
+	/* there's no async version of cli_query_security_descriptor() */
+	if (self->thread_state != NULL) {
+		PyErr_SetString(PyExc_RuntimeError,
+				"get_acl() is not supported on "
+				"a multi_threaded connection");
+		return NULL;
+	}
+
+	if (!PyArg_ParseTuple(args, "s|II:get_acl", &filename, &sinfo,
+			      &access_mask)) {
+		return NULL;
+	}
+
+	/* get a file handle with the desired access */
+	status = cli_ntcreate(self->cli, filename, 0, access_mask, 0,
+			      FILE_SHARE_READ|FILE_SHARE_WRITE,
+			      FILE_OPEN, 0x0, 0x0, &fnum, NULL);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+	/* query the security descriptor for this file */
+	status = cli_query_security_descriptor(self->cli, fnum, sinfo,
+					       NULL, &sd);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+	/* close the file handle and convert the SD to a python struct */
+	status = cli_close(self->cli, fnum);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+	return py_return_ndr_struct("samba.dcerpc.security", "descriptor",
+				    sd, sd);
+}
+
 static PyMethodDef py_cli_state_methods[] = {
 	{ "settimeout", (PyCFunction)py_cli_settimeout, METH_VARARGS,
 	  "settimeout(new_timeout_msecs) => return old_timeout_msecs" },
@@ -1524,6 +1574,9 @@ static PyMethodDef py_cli_state_methods[] = {
 	{ "deltree", (PyCFunction)py_smb_deltree, METH_VARARGS,
 	  "deltree(path) -> None\n\n"
 	  "\t\tDelete a directory and all its contents." },
+	{ "get_acl", (PyCFunction)py_smb_getacl, METH_VARARGS,
+	  "get_acl(path[, security_info=0]) -> security_descriptor object\n\n"
+	  "\t\tGet security descriptor for file." },
 	{ NULL, NULL, 0, NULL }
 };
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list