[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Jan 17 03:48:07 UTC 2019
The branch, master has been updated
via a67b711ebcc tests: Switchover auth_log from s4 SMB client bindings to s4
via 914e9d35901 tests: Refactor auth_log SMB connection to be in a single place
via e82e1b31e39 tests: Use MUST_USE_KERBEROS over AUTO_USE_KERBEROS in auth_log tests
via 065faa6a142 tests: Relax auth_log SMB assertions to cover v1 *or* v2
via 7fb93eaca74 tests: Run ntacls_backup tests against testenv with SMBv1 disabled
via a310de2db13 selftest: Give the backup testenvs a 'test1' share
via da33c2c4e48 tests: Run GPO commands against testenv with SMBv1 disabled
via f3fe96fc2e2 ntacls: Pass correct use_ntvfs through to setntacl()
via 2a7372da7b8 tests: Run samba_tool.gpo tests against backup testenvs
via 6a29e63f32c s4:pysmb: Add error log that the s4 bindings are deprecated
via 08f1627cb3f netcmd: Change GPO commands to use s3 SMB Py bindings
via 0304b08de5b s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to .loadfile() API
via 345746ea5f4 netcmd: Change SMB flags from s4 Py bindings to s3
via b982811b605 s3:pylibsmb: Add .set_acl API to SMB py bindings
via 3b2e86bba1f python/gpclass: Convert gpclass to use s3 SMB Python bindings
from 2723d900ef3 vfs_fileid: fix fsname_norootdir algorithm
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a67b711ebcc8c88f37a09e8bbdbc97e412d76911
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Wed Jan 16 13:34:29 2019 +1300
tests: Switchover auth_log from s4 SMB client bindings to s4
The main changes required are:
- we need to use an s3 loadparm instead of the standard s4 lp.
- the s3 SMB bindings don't support the use_spnego/ntlmv2_auth params,
however, we can set these in the loadparm instead, which will get the
SMB client code to do what we want. Instead of passing in boolean
parameters, we need to use yes/no strings that the lp will accept.
(We always set these values because the underlying lp context is
actually global, and setting a value is 'sticky' and will persist
across test cases. These conf settings are only used by the SMB client
code, and so will only affect the SMB test cases).
- For the no_spnego_no_ntlmv2 test cases, we now explicitly force it to
an SMBv1 connection. The s4 bindings only ever supported SMBv1
connections, so this is the same behaviour. The other test cases will
now try to negotiate SMBv2 connections, however, the no_ntlmv2 test
cases are explicitly checking for bare-NTLM (with the s3 bindings, it
now ends up as NTLMSSP by default).
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jan 17 04:47:56 CET 2019 on sn-devel-144
commit 914e9d359010361c7fcaae8f17ef6404d5c18805
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Wed Jan 16 13:20:12 2019 +1300
tests: Refactor auth_log SMB connection to be in a single place
This should not alter the behaviour of the tests at all. It just makes
it easier to switch over the underlying SMB client bindings.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e82e1b31e39631f6603be6d14debf79d2d9b16cd
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Wed Jan 16 12:12:16 2019 +1300
tests: Use MUST_USE_KERBEROS over AUTO_USE_KERBEROS in auth_log tests
The s3 SMB client bindings seem slightly different to s4, in that they
default to setting the CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS flag.
This seems to fallback to finding a valid KRB TGT (from a previous
successful test), which results in the connection succeeding rather than
failing.
Setting MUST_USE_KERBEROS explicitly avoids this behaviour.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 065faa6a1429db99ef1372ab194960f817d13ebf
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Wed Jan 16 11:18:27 2019 +1300
tests: Relax auth_log SMB assertions to cover v1 *or* v2
The s4 Python bindings currently only support SMBv1 connections.
If we change the bindings to support *either* v1 or v2, they'll
end up negotiating v2. In which case the server is "SMB2", not "SMB",
and these assertions fail.
Long-term we want to get rid of SMBv1, so it makes sense to write the
tests so that they pass against either v1 or v2.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7fb93eaca74ffe17bbe7255210dd3090afe8d5dc
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Wed Jan 16 10:02:07 2019 +1300
tests: Run ntacls_backup tests against testenv with SMBv1 disabled
Just to prove that the NTACL backup works over SMBv2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=1367
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a310de2db13c02a602e74139cb47ea9a25628e01
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu Dec 13 16:29:33 2018 +1300
selftest: Give the backup testenvs a 'test1' share
The ntacls_backup tests use the test1 share, and we want to run them
against the restoredc (which has SMBv1 disabled).
The xattr.tdb file is needed for the backend_obj.wrap_getxattr() call
(in ntacls.py) to work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit da33c2c4e4849f0985b08fbdc58cbd59b8426ec6
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Jan 15 17:12:20 2019 +1300
tests: Run GPO commands against testenv with SMBv1 disabled
Just to prove that they work across SMBv2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f3fe96fc2e2d942b4a2e241777b5ee12b2295b97
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Jan 15 14:09:15 2019 +1300
ntacls: Pass correct use_ntvfs through to setntacl()
We were already checking the smb.conf to see if it uses the NTVFS file
server or the default smbd server. However, we weren't passing this
through to the setntacl() call.
This fixes the problem we noticed with 'samba-tool gpo aclcheck' failing
after a restore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2a7372da7b84921b247cefc23d7003b8056d74a4
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri Jan 11 15:09:48 2019 +1300
tests: Run samba_tool.gpo tests against backup testenvs
Run the GPO tests against the backup/restore testenvs.
Because the backup/restore preserves the NTACLs of the sysvol files,
running the GPO tests against the backup testenvs is a good sanity-
check. If fact it highlights that there is currently a problem with
restoring the GPO files - this shows up in 'samba-tool gpo aclcheck',
but we never noticed it until now.
NTACL backup works slightly different for offline backups, and rename
backups end up with more sysvol files, so run the tests against both
these envs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6a29e63f32c0024587020fc1f92b3d1ecaa0afbc
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri Jan 11 15:57:21 2019 +1300
s4:pysmb: Add error log that the s4 bindings are deprecated
We plan to delete the s4 SMB Python bindings in the next Samba release
after v4.10, but first give external consumers a heads-up, just in case
they are currently using the s4 bindings.
Note the auth_log tests still use the s4 bindings, but all user-facing
tools should now be updated to use the s3 bindings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 08f1627cb3fa1c9ff7a0f74e32874d305647dc42
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri Jan 11 14:53:16 2019 +1300
netcmd: Change GPO commands to use s3 SMB Py bindings
This means we can now use GPO commands on a DC that has SMBv1 disabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0304b08de5ba1b4a6e08568a559c52f7d9e943d3
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri Jan 11 14:25:32 2019 +1300
s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to .loadfile() API
Add FILE_READ_ATTRIBUTES when opening the file handle, as we need to
read the file's size.
The .loadfile() API can end up calling cli_qfileinfo_basic() to get the
file size. This can end up doing a 'FILE_ALL_INFORMATION' SMBv2 request
underneath, which the MS-SMB2 spec (section 3.3.5.20.1 Handling
SMB2_0_INFO_FILE) says the file handle must have FILE_READ_ATTRIBUTES
access granted.
I noticed this problem when running .loadfile() against the NTVFS
server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 345746ea5f4cca2620421ac0c8a649a596f5c19d
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Jan 8 15:10:46 2019 +1300
netcmd: Change SMB flags from s4 Py bindings to s3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b982811b60521624f1f600841ffa05e306eb936a
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Jan 8 14:42:05 2019 +1300
s3:pylibsmb: Add .set_acl API to SMB py bindings
This is pretty similar code to py_smb_getacl(), except it's calling
cli_set_security_descriptor() instead of cli_query_security_descriptor()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3b2e86bba1f6b22b144b07db454b842f0c0779ae
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri Dec 14 10:37:11 2018 +1300
python/gpclass: Convert gpclass to use s3 SMB Python bindings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/gpclass.py | 10 +++--
python/samba/netcmd/gpo.py | 20 ++++++----
python/samba/ntacls.py | 3 +-
python/samba/tests/auth_log.py | 91 +++++++++++++++++++-----------------------
selftest/target/Samba4.pm | 8 ++++
source3/libsmb/pylibsmb.c | 54 ++++++++++++++++++++++++-
source4/libcli/pysmb.c | 12 ++++++
source4/selftest/tests.py | 15 +++----
8 files changed, 144 insertions(+), 69 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py
index fb7c705a47e..0040f235e6e 100644
--- a/python/samba/gpclass.py
+++ b/python/samba/gpclass.py
@@ -29,7 +29,8 @@ import xml.etree.ElementTree as etree
import re
from samba.net import Net
from samba.dcerpc import nbt
-from samba import smb
+from samba.samba3 import libsmb_samba_internal as libsmb
+from samba.samba3 import param as s3param
import samba.gpo as gpo
from samba.param import LoadParm
from uuid import UUID
@@ -386,7 +387,7 @@ def cache_gpo_dir(conn, cache, sub_dir):
if e.errno != errno.EEXIST:
raise
for fdata in conn.list(sub_dir):
- if fdata['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
+ if fdata['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
cache_gpo_dir(conn, cache, os.path.join(sub_dir, fdata['name']))
else:
local_name = fdata['name'].upper()
@@ -407,7 +408,10 @@ def check_safe_path(path):
def check_refresh_gpo_list(dc_hostname, lp, creds, gpos):
- conn = smb.SMB(dc_hostname, 'sysvol', lp=lp, creds=creds, sign=True)
+ # the SMB bindings rely on having a s3 loadparm
+ s3_lp = s3param.get_context()
+ s3_lp.load(lp.configfile)
+ conn = libsmb.Conn(dc_hostname, 'sysvol', lp=s3_lp, creds=creds, sign=True)
cache_path = lp.cache_path('gpo_cache')
for gpo in gpos:
if not gpo.file_sys_path:
diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
index a064f44147a..1b5e927f633 100644
--- a/python/samba/netcmd/gpo.py
+++ b/python/samba/netcmd/gpo.py
@@ -43,7 +43,8 @@ import samba.auth
from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES
from samba.netcmd.common import netcmd_finddc
from samba import policy
-from samba import smb
+from samba.samba3 import param as s3param
+from samba.samba3 import libsmb_samba_internal as libsmb
from samba import NTSTATUSError
import uuid
from samba.ntacls import dsacl2fsacl
@@ -280,7 +281,7 @@ def backup_directory_remote_to_local(conn, remotedir, localdir):
r_name = r_dir + '\\' + e['name']
l_name = os.path.join(l_dir, e['name'])
- if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
+ if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
r_dirs.append(r_name)
l_dirs.append(l_name)
os.mkdir(l_name)
@@ -294,10 +295,10 @@ def backup_directory_remote_to_local(conn, remotedir, localdir):
parser.write_xml(l_name + '.xml')
-attr_flags = smb.FILE_ATTRIBUTE_SYSTEM | \
- smb.FILE_ATTRIBUTE_DIRECTORY | \
- smb.FILE_ATTRIBUTE_ARCHIVE | \
- smb.FILE_ATTRIBUTE_HIDDEN
+attr_flags = libsmb.FILE_ATTRIBUTE_SYSTEM | \
+ libsmb.FILE_ATTRIBUTE_DIRECTORY | \
+ libsmb.FILE_ATTRIBUTE_ARCHIVE | \
+ libsmb.FILE_ATTRIBUTE_HIDDEN
def copy_directory_remote_to_local(conn, remotedir, localdir):
@@ -315,7 +316,7 @@ def copy_directory_remote_to_local(conn, remotedir, localdir):
r_name = r_dir + '\\' + e['name']
l_name = os.path.join(l_dir, e['name'])
- if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
+ if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
r_dirs.append(r_name)
l_dirs.append(l_name)
os.mkdir(l_name)
@@ -364,7 +365,10 @@ def create_directory_hier(conn, remotedir):
def smb_connection(dc_hostname, service, lp, creds, sign=False):
# SMB connect to DC
try:
- conn = smb.SMB(dc_hostname, service, lp=lp, creds=creds, sign=sign)
+ # the SMB bindings rely on having a s3 loadparm
+ s3_lp = s3param.get_context()
+ s3_lp.load(lp.configfile)
+ conn = libsmb.Conn(dc_hostname, service, lp=s3_lp, creds=creds, sign=sign)
except Exception:
raise CommandError("Error connecting to '%s' using SMB" % dc_hostname)
return conn
diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
index 99245737529..5bf646caf9f 100644
--- a/python/samba/ntacls.py
+++ b/python/samba/ntacls.py
@@ -454,7 +454,8 @@ class NtaclsHelper:
def setntacl(self, path, ntacl_sd):
# ntacl_sd can be obj or str
- return setntacl(self.lp, path, ntacl_sd, self.dom_sid)
+ return setntacl(self.lp, path, ntacl_sd, self.dom_sid,
+ use_ntvfs=self.use_ntvfs)
def _create_ntacl_file(dst, ntacl_sddl_str):
diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py
index c0d0aab94aa..daf088f2f32 100644
--- a/python/samba/tests/auth_log.py
+++ b/python/samba/tests/auth_log.py
@@ -21,7 +21,8 @@ from __future__ import print_function
import samba.tests
from samba.dcerpc import srvsvc, dnsserver
import os
-from samba import smb
+from samba.samba3 import libsmb_samba_internal as libsmb
+from samba.samba3 import param as s3param
from samba.samdb import SamDB
import samba.tests.auth_log_base
from samba.credentials import DONT_USE_KERBEROS, MUST_USE_KERBEROS
@@ -47,6 +48,20 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
def tearDown(self):
super(AuthLogTests, self).tearDown()
+ def smb_connection(self, creds, use_spnego="yes", ntlmv2_auth="yes",
+ force_smb1=False):
+ # the SMB bindings rely on having a s3 loadparm
+ lp = self.get_loadparm()
+ s3_lp = s3param.get_context()
+ s3_lp.load(lp.configfile)
+
+ # Allow the testcase to skip SPNEGO or use NTLMv1
+ s3_lp.set("client use spnego", use_spnego)
+ s3_lp.set("client ntlmv2 auth", ntlmv2_auth)
+
+ return libsmb.Conn(self.server, "sysvol", lp=s3_lp, creds=creds,
+ force_smb1=force_smb1)
+
def _test_rpc_ncacn_np(self, authTypes, creds, service,
binding, protection, checkFunction):
def isLastExpectedMessage(msg):
@@ -701,15 +716,12 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
def test_smb(self):
def isLastExpectedMessage(msg):
return (msg["type"] == "Authorization" and
- msg["Authorization"]["serviceDescription"] == "SMB" and
+ "SMB" in msg["Authorization"]["serviceDescription"] and
msg["Authorization"]["authType"] == "krb5" and
msg["Authorization"]["transportProtection"] == "SMB")
creds = self.insta_creds(template=self.get_credentials())
- smb.SMB(self.server,
- "sysvol",
- lp=self.get_loadparm(),
- creds=creds)
+ self.smb_connection(creds)
messages = self.waitForMessages(isLastExpectedMessage)
self.assertEquals(3,
@@ -752,14 +764,12 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
"ENC-TS Pre-authentication"))
creds = self.insta_creds(template=self.get_credentials())
+ creds.set_kerberos_state(MUST_USE_KERBEROS)
creds.set_password("badPassword")
thrown = False
try:
- smb.SMB(self.server,
- "sysvol",
- lp=self.get_loadparm(),
- creds=creds)
+ self.smb_connection(creds)
except NTSTATUSError:
thrown = True
self.assertEquals(thrown, True)
@@ -784,14 +794,12 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
EVT_LOGON_NETWORK))
creds = self.insta_creds(template=self.get_credentials())
+ creds.set_kerberos_state(MUST_USE_KERBEROS)
creds.set_username("badUser")
thrown = False
try:
- smb.SMB(self.server,
- "sysvol",
- lp=self.get_loadparm(),
- creds=creds)
+ self.smb_connection(creds)
except NTSTATUSError:
thrown = True
self.assertEquals(thrown, True)
@@ -910,16 +918,13 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
def test_smb_no_krb_spnego(self):
def isLastExpectedMessage(msg):
return (msg["type"] == "Authorization" and
- msg["Authorization"]["serviceDescription"] == "SMB" and
+ "SMB" in msg["Authorization"]["serviceDescription"] and
msg["Authorization"]["authType"] == "NTLMSSP" and
msg["Authorization"]["transportProtection"] == "SMB")
creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS)
- smb.SMB(self.server,
- "sysvol",
- lp=self.get_loadparm(),
- creds=creds)
+ self.smb_connection(creds)
messages = self.waitForMessages(isLastExpectedMessage)
self.assertEquals(2,
@@ -929,8 +934,8 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg = messages[0]
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
- self.assertEquals("SMB",
- msg["Authentication"]["serviceDescription"])
+ self.assertIn(msg["Authentication"]["serviceDescription"],
+ ["SMB", "SMB2"])
self.assertEquals("NTLMSSP",
msg["Authentication"]["authDescription"])
self.assertEquals("NTLMv2",
@@ -943,7 +948,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
def test_smb_no_krb_spnego_bad_password(self):
def isLastExpectedMessage(msg):
return (msg["type"] == "Authentication" and
- msg["Authentication"]["serviceDescription"] == "SMB" and
+ "SMB" in msg["Authentication"]["serviceDescription"] and
msg["Authentication"]["authDescription"] == "NTLMSSP" and
msg["Authentication"]["passwordType"] == "NTLMv2" and
(msg["Authentication"]["status"] ==
@@ -959,10 +964,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
thrown = False
try:
- smb.SMB(self.server,
- "sysvol",
- lp=self.get_loadparm(),
- creds=creds)
+ self.smb_connection(creds)
except NTSTATUSError:
thrown = True
self.assertEquals(thrown, True)
@@ -975,7 +977,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
def test_smb_no_krb_spnego_bad_user(self):
def isLastExpectedMessage(msg):
return (msg["type"] == "Authentication" and
- msg["Authentication"]["serviceDescription"] == "SMB" and
+ "SMB" in msg["Authentication"]["serviceDescription"] and
msg["Authentication"]["authDescription"] == "NTLMSSP" and
msg["Authentication"]["passwordType"] == "NTLMv2" and
(msg["Authentication"]["status"] ==
@@ -991,10 +993,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
thrown = False
try:
- smb.SMB(self.server,
- "sysvol",
- lp=self.get_loadparm(),
- creds=creds)
+ self.smb_connection(creds)
except NTSTATUSError:
thrown = True
self.assertEquals(thrown, True)
@@ -1013,12 +1012,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
creds = self.insta_creds(template=self.get_credentials(),
kerberos_state=DONT_USE_KERBEROS)
- smb.SMB(self.server,
- "sysvol",
- lp=self.get_loadparm(),
- creds=creds,
- ntlmv2_auth=False,
- use_spnego=False)
+ self.smb_connection(creds,
+ force_smb1=True,
+ ntlmv2_auth="no",
+ use_spnego="no")
messages = self.waitForMessages(isLastExpectedMessage)
self.assertEquals(2,
@@ -1058,12 +1055,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
thrown = False
try:
- smb.SMB(self.server,
- "sysvol",
- lp=self.get_loadparm(),
- creds=creds,
- ntlmv2_auth=False,
- use_spnego=False)
+ self.smb_connection(creds,
+ force_smb1=True,
+ ntlmv2_auth="no",
+ use_spnego="no")
except NTSTATUSError:
thrown = True
self.assertEquals(thrown, True)
@@ -1092,12 +1087,10 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
thrown = False
try:
- smb.SMB(self.server,
- "sysvol",
- lp=self.get_loadparm(),
- creds=creds,
- ntlmv2_auth=False,
- use_spnego=False)
+ self.smb_connection(creds,
+ force_smb1=True,
+ ntlmv2_auth="no",
+ use_spnego="no")
except NTSTATUSError:
thrown = True
self.assertEquals(thrown, True)
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 5346cb172df..f2635e574cd 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -3007,12 +3007,14 @@ sub prepare_dc_testenv
# add support for sysvol/netlogon/tmp shares
$ctx->{share} = "$ctx->{prefix_abs}/share";
push(@{$ctx->{directories}}, "$ctx->{share}");
+ push(@{$ctx->{directories}}, "$ctx->{share}/test1");
$ctx->{smb_conf_extra_options} = "
$conf_options
max xmit = 32K
server max protocol = SMB2
samba kcc command = /bin/true
+ xattr_tdb:file = $ctx->{statedir}/xattr.tdb
[sysvol]
path = $ctx->{statedir}/sysvol
@@ -3029,6 +3031,12 @@ sub prepare_dc_testenv
posix:oplocktimeout = 3
posix:writetimeupdatedelay = 50000
+[test1]
+ path = $ctx->{share}/test1
+ read only = no
+ posix:sharedelay = 100000
+ posix:oplocktimeout = 3
+ posix:writetimeupdatedelay = 500000
";
my $env = $self->provision_raw_step1($ctx);
diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
index e0ce518d91b..b4903a9b8c5 100644
--- a/source3/libsmb/pylibsmb.c
+++ b/source3/libsmb/pylibsmb.c
@@ -928,7 +928,8 @@ static PyObject *py_smb_loadfile(struct py_cli_state *self, PyObject *args,
/* get a read file handle */
req = cli_ntcreate_send(NULL, self->ev, self->cli, filename, 0,
- FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+ FILE_READ_DATA | FILE_READ_ATTRIBUTES,
+ FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ, FILE_OPEN, 0,
SMB2_IMPERSONATION_IMPERSONATION, 0);
if (!py_tevent_req_wait_exc(self, req)) {
@@ -1525,6 +1526,54 @@ static PyObject *py_smb_getacl(struct py_cli_state *self, PyObject *args)
sd, sd);
}
+/*
+ * Set ACL on file/directory using given security descriptor object
+ */
+static PyObject *py_smb_setacl(struct py_cli_state *self, PyObject *args)
+{
+ NTSTATUS status;
+ char *filename = NULL;
+ PyObject *py_sd = NULL;
+ struct security_descriptor *sd = NULL;
+ unsigned int sinfo = SECINFO_DEFAULT_FLAGS;
+ uint16_t fnum;
+
+ /* there's no async version of cli_set_security_descriptor() */
+ if (self->thread_state != NULL) {
+ PyErr_SetString(PyExc_RuntimeError,
+ "set_acl() is not supported on "
+ "a multi_threaded connection");
+ return NULL;
+ }
+
+ if (!PyArg_ParseTuple(args, "sO|I:set_acl", &filename, &py_sd,
+ &sinfo)) {
+ return NULL;
+ }
+
+ sd = pytalloc_get_type(py_sd, struct security_descriptor);
+ if (!sd) {
+ PyErr_Format(PyExc_TypeError,
+ "Expected dcerpc.security.descriptor as argument, got %s",
+ talloc_get_name(pytalloc_get_ptr(py_sd)));
+ return NULL;
+ }
+
+ status = cli_ntcreate(self->cli, filename, 0,
+ SEC_FLAG_MAXIMUM_ALLOWED, 0,
+ FILE_SHARE_READ|FILE_SHARE_WRITE,
+ FILE_OPEN, 0x0, 0x0, &fnum, NULL);
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+ status = cli_set_security_descriptor(self->cli, fnum, sinfo, sd);
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+ status = cli_close(self->cli, fnum);
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+ Py_RETURN_NONE;
+}
+
static PyMethodDef py_cli_state_methods[] = {
{ "settimeout", (PyCFunction)py_cli_settimeout, METH_VARARGS,
"settimeout(new_timeout_msecs) => return old_timeout_msecs" },
@@ -1577,6 +1626,9 @@ static PyMethodDef py_cli_state_methods[] = {
{ "get_acl", (PyCFunction)py_smb_getacl, METH_VARARGS,
"get_acl(path[, security_info=0]) -> security_descriptor object\n\n"
"\t\tGet security descriptor for file." },
+ { "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS,
+ "set_acl(path, security_descriptor[, security_info=0]) -> None\n\n"
+ "\t\tSet security descriptor for file." },
{ NULL, NULL, 0, NULL }
};
diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c
index 45ff9a0a7c0..5a028169661 100644
--- a/source4/libcli/pysmb.c
+++ b/source4/libcli/pysmb.c
@@ -614,6 +614,18 @@ static PyObject *py_smb_new(PyTypeObject *type, PyObject *args, PyObject *kwargs
uint8_t use_spnego = 0xFF;
PyObject *sign = Py_False;
+ /*
+ * These Python bindings are now deprecated because the s4 SMB client
+ * code doesn't support SMBv2 (and is unlikely to ever support it).
+ * The s3 libsmb_samba_internal bindings are a better choice for use
+ * within the Samba codebase, and support much the same API.
+ * This warning is mostly for external consumers that might be using
+ * these Python bindings (in which case, note libsmb_samba_internal
+ * is not a stable API and may change in future).
+ */
+ DBG_ERR("The smb.SMB() Python bindings are now deprecated "
+ "and will be removed in the next samba release\n");
+
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "zz|OObbO",
discard_const_p(char *, kwnames),
&hostname, &service, &py_creds, &py_lp,
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index a1f38424af7..b8132086ef8 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -656,11 +656,14 @@ for env in ["ad_dc_ntvfs", "fl2000dc", "fl2003dc", "fl2008r2dc"]:
for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]:
plantestsuite("samba.tests.samba_tool.edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
-# We run this test against both AD DC implemetnations because it is
+# We run this test against both AD DC implementations because it is
# the only test we have of GPO get/set behaviour, and this involves
# the file server as well as the LDAP server.
-planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.gpo", py3_compatible=True)
-planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.gpo", py3_compatible=True)
+# It's also a good sanity-check that sysvol backup worked correctly.
+for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc",
+ smbv1_disabled_testenv]:
+ planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo",
+ py3_compatible=True)
planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.processes", py3_compatible=True)
planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user", py3_compatible=True)
@@ -692,15 +695,13 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$U
for env in ["ad_dc", smbv1_disabled_testenv]:
planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
+ planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup",
+ extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
planoldpythontestsuite(
"ad_dc_ntvfs:local", "samba.tests.dcerpc.registry",
extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
-planoldpythontestsuite(
- "ad_dc:local", "samba.tests.ntacls_backup",
- extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
-
planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
planoldpythontestsuite("chgdcpass", "samba.tests.dcerpc.raw_protocol", py3_compatible=True,
--
Samba Shared Repository
More information about the samba-cvs
mailing list