[SCM] Samba Shared Repository - branch v4-10-test updated
Karolin Seeger
kseeger at samba.org
Wed Jun 26 11:38:03 UTC 2019
The branch, v4-10-test has been updated
via f8d504acb4c python/ntacls: use correct "state directory" smb.conf option instead of "state dir"
via 662d66dcd3c selftest: add test for samba-tool ntacl get/set --use-ntvfs --xattr-backend=tdb
via 1970eadd123 docs: Document DCEPRC binding string for rpcclient
via 9218655399f s3:client: Link smbspool_krb5_wrapper against krb5samba
from 48c47f5dbbb wafsamba: Use native waf timer
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test
- Log -----------------------------------------------------------------
commit f8d504acb4c380f1de14ed750897218878617c4d
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Jun 12 21:16:25 2019 +0200
python/ntacls: use correct "state directory" smb.conf option instead of "state dir"
samba-tool ntacl get testfile --xattr-backend=tdb --use-ntvfs
Fixes: Unknown parameter encountered: "state dir"
Signed-off-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 670a12df52df63a067b638d37bec71341bf18bdd)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14002
Autobuild-User(v4-10-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-10-test): Wed Jun 26 11:37:29 UTC 2019 on sn-devel-144
commit 662d66dcd3c7e23eed4f4131c62b8c22692e23b8
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Jun 12 21:00:01 2019 +0200
selftest: add test for samba-tool ntacl get/set --use-ntvfs --xattr-backend=tdb
Signed-off-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 1b0184a9562689a658e75a0cfc69bdd23277cff6)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14002
commit 1970eadd1231589177dbf75031072636141060e2
Author: Andreas Schneider <asn at samba.org>
Date: Fri Feb 1 18:51:53 2019 +0100
docs: Document DCEPRC binding string for rpcclient
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Feb 4 02:03:56 CET 2019 on sn-devel-144
(cherry picked from commit cca48c1a1029685672e1c25e39e8be2be947238f)
commit 9218655399fd0ef3691dfea25d5f39b32b25fa59
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jun 18 14:43:50 2019 +0200
s3:client: Link smbspool_krb5_wrapper against krb5samba
Heimdal doesn't provide krb5_free_unparsed_name(), so we need to use the
function we provide in krb5samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 9268919e046190c7b423133de3f9d0edada3f1b8)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/rpcclient.1.xml | 74 ++++++++++++++++++++++++++---
librpc/binding-strings.txt | 53 +--------------------
python/samba/ntacls.py | 4 +-
source3/wscript_build | 2 +-
testprogs/blackbox/test_samba-tool_ntacl.sh | 21 ++++++++
5 files changed, 93 insertions(+), 61 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/rpcclient.1.xml b/docs-xml/manpages/rpcclient.1.xml
index 1e167f8437c..93983ad8388 100644
--- a/docs-xml/manpages/rpcclient.1.xml
+++ b/docs-xml/manpages/rpcclient.1.xml
@@ -29,7 +29,7 @@
<arg choice="opt">-U username[%password]</arg>
<arg choice="opt">-W workgroup</arg>
<arg choice="opt">-I destinationIP</arg>
- <arg choice="req">server</arg>
+ <arg choice="req">BINDING-STRING|HOST</arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -52,12 +52,72 @@
<variablelist>
<varlistentry>
- <term>server</term>
- <listitem><para>NetBIOS name of Server to which to connect.
- The server can be any SMB/CIFS server. The name is
- resolved using the <smbconfoption name="name resolve order"/> line from <citerefentry><refentrytitle>smb.conf</refentrytitle>
- <manvolnum>5</manvolnum></citerefentry>.</para></listitem>
- </varlistentry>
+ <term>BINDING-STRING|HOST</term>
+ <listitem>
+ <para>When connecting to a dcerpc service you need to
+ specify a binding string.</para>
+
+ <para>The format is:</para>
+
+ <para>TRANSPORT:host[options]</para>
+
+ <para>where TRANSPORT is either ncacn_np (named pipes) for SMB or
+ ncacn_ip_tcp for DCERPC over TCP/IP.</para>
+
+ <para>"host" is an IP or hostname or netbios name. If the binding
+ string identifies the server side of an endpoint, "host" may be
+ an empty string. See below for more details.</para>
+
+ <para>"options" can include a SMB pipe name if using the ncacn_np
+ transport or a TCP port number if using the ncacn_ip_tcp transport,
+ otherwise they will be auto-determined.</para>
+
+ <para>Examples:</para>
+
+ <itemizedlist>
+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[1024]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[sign,seal,krb5]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[sign,spnego]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com[samr]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com[samr,sign,print]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncalrpc:/path/to/unix/socket</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">//SAMBA</parameter></para></listitem>
+ </itemizedlist>
+
+ <para>The supported transports are:</para>
+
+ <itemizedlist>
+ <listitem><para><parameter moreinfo="none">ncacn_np</parameter> - Connect using named pipes</para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp</parameter> - Connect over TCP/IP</para></listitem>
+ <listitem><para><parameter moreinfo="none">ncalrpc</parameter> - Connect over local RPC (unix sockets)</para></listitem>
+ </itemizedlist>
+
+ <para>The supported options are:</para>
+
+ <itemizedlist>
+ <listitem><para><parameter moreinfo="none">sign</parameter> - Use RPC integrety autentication level</para></listitem>
+ <listitem><para><parameter moreinfo="none">seal</parameter> - Enable RPC privacy (encryption) autentication level</para></listitem>
+ <listitem><para><parameter moreinfo="none">connect</parameter> - Use RPC connect level authentication (auth, but no sign or seal)</para></listitem>
+ <listitem><para><parameter moreinfo="none">packet</parameter> - Use RPC packet authentication level</para></listitem>
+
+ <listitem><para><parameter moreinfo="none">spnego</parameter> - Use SPNEGO instead of NTLMSSP authentication</para></listitem>
+ <listitem><para><parameter moreinfo="none">ntlm</parameter> - Use plain NTLM instead of SPNEGO or NTLMSSP</para></listitem>
+ <listitem><para><parameter moreinfo="none">krb5</parameter> - Use Kerberos instead of NTLMSSP authentication</para></listitem>
+ <listitem><para><parameter moreinfo="none">schannel</parameter> - Create a schannel connection</para></listitem>
+
+ <listitem><para><parameter moreinfo="none">smb1</parameter> - Use SMB1 for named pipes</para></listitem>
+ <listitem><para><parameter moreinfo="none">smb2</parameter> - Use SMB2/3 for named pipes</para></listitem>
+
+ <listitem><para><parameter moreinfo="none">validate</parameter> - Enable the NDR validator</para></listitem>
+ <listitem><para><parameter moreinfo="none">print</parameter> - Enable debug output of packets</para></listitem>
+ <listitem><para><parameter moreinfo="none">padcheck</parameter> - Check reply data for non-zero pad bytes</para></listitem>
+ <listitem><para><parameter moreinfo="none">bigendian</parameter> - Use big endian for RPC</para></listitem>
+ <listitem><para><parameter moreinfo="none">ndr64</parameter> - Use NDR64 for RPC</para></listitem>
+ </itemizedlist>
+
+ </listitem>
+ </varlistentry>
<varlistentry>
diff --git a/librpc/binding-strings.txt b/librpc/binding-strings.txt
index 5503da107b4..ca3d1b65972 100644
--- a/librpc/binding-strings.txt
+++ b/librpc/binding-strings.txt
@@ -1,55 +1,4 @@
DCERPC binding strings
----------------------
-When connecting to a dcerpc service you need to specify a binding
-string.
-
-The format is:
-
- TRANSPORT:host[flags]
-
-where TRANSPORT is either ncacn_np for SMB or ncacn_ip_tcp for RPC/TCP
-
-"host" is an IP or hostname or netbios name. If the binding string
-identifies the server side of an endpoint, "host" may be an empty
-string.
-
-"flags" can include a SMB pipe name if using the ncacn_np transport or
-a TCP port number if using the ncacn_ip_tcp transport, otherwise they
-will be auto-determined.
-
-other recognised flags are:
-
- sign : enable ntlmssp signing
- seal : enable ntlmssp sealing
- spnego : use SPNEGO instead of NTLMSSP authentication
- krb5 : use KRB5 instead of NTLMSSP authentication
- connect : enable rpc connect level auth (auth, but no sign or seal)
- validate : enable the NDR validator
- print : enable debugging of the packets
- bigendian : use bigendian RPC
- padcheck : check reply data for non-zero pad bytes
-
-
-Here are some examples:
-
- ncacn_np:myserver
- ncacn_np:myserver[samr]
- ncacn_np:myserver[\pipe\samr]
- ncacn_np:myserver[/pipe/samr]
- ncacn_np:myserver[samr,sign,print]
- ncacn_np:myserver[sign,spnego]
- ncacn_np:myserver[\pipe\samr,sign,seal,bigendian]
- ncacn_np:myserver[/pipe/samr,seal,validate]
- ncacn_np:
- ncacn_np:[/pipe/samr]
- ncacn_ip_tcp:myserver
- ncacn_ip_tcp:myserver[1024]
- ncacn_ip_tcp:myserver[sign,seal]
- ncacn_ip_tcp:myserver[spnego,seal]
-
-
-IDEA: Maybe extend UNC names like this?
-
- smbclient //server/share
- smbclient //server/share[sign,seal,spnego]
+Please consult the rpcclient(1) manpage for binding string details.
diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
index 82d950fbbc9..cc40b32a538 100644
--- a/python/samba/ntacls.py
+++ b/python/samba/ntacls.py
@@ -77,7 +77,9 @@ def checkset_backend(lp, backend, eadbfile):
if eadbfile is not None:
return (samba.xattr_tdb, eadbfile)
else:
- return (samba.xattr_tdb, os.path.abspath(os.path.join(lp.get("state dir"), "xattr.tdb")))
+ state_dir = lp.get("state directory")
+ db_path = os.path.abspath(os.path.join(state_dir, "xattr.tdb"))
+ return (samba.xattr_tdb, db_path)
else:
raise XattrBackendError("Invalid xattr backend choice %s" % backend)
diff --git a/source3/wscript_build b/source3/wscript_build
index 1ebb006781a..26e251f442a 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -1133,7 +1133,7 @@ bld.SAMBA3_BINARY('smbspool_krb5_wrapper',
deps='''
DYNCONFIG
cups
- krb5
+ krb5samba
''',
install_path='${LIBEXECDIR}/samba',
enabled=bld.CONFIG_SET('HAVE_CUPS'))
diff --git a/testprogs/blackbox/test_samba-tool_ntacl.sh b/testprogs/blackbox/test_samba-tool_ntacl.sh
index b00d4f29ac2..64a7e6b55d3 100755
--- a/testprogs/blackbox/test_samba-tool_ntacl.sh
+++ b/testprogs/blackbox/test_samba-tool_ntacl.sh
@@ -44,6 +44,24 @@ test_set_acl()
$PYTHON $samba_tool ntacl set "$acl" "$testfile"
}
+test_get_acl_ntvfs()
+{
+ testfile="$1"
+ exptextedacl="$2"
+
+ retacl=$($PYTHON $samba_tool ntacl get "$testfile" --as-sddl --use-ntvfs --xattr-backend=tdb -s $PREFIX/ad_member/lib/server.conf) || return $?
+
+ test "$retacl" = "$exptextedacl"
+}
+
+test_set_acl_ntvfs()
+{
+ testfile="$1"
+ acl="$2"
+
+ $PYTHON $samba_tool ntacl set "$acl" "$testfile" --use-ntvfs --xattr-backend=tdb -s $PREFIX/ad_member/lib/server.conf
+}
+
# work around include error - s4-loadparm does not allow missing include files
#
# Unable to load file /home/bbaumba/src/git/samba/st/ad_member/lib/server.conf
@@ -63,6 +81,9 @@ testit "set_ntacl" test_set_acl "$testfile" "$acl" || failed=`expr $failed + 1`
testit "get_ntacl" test_get_acl "$testfile" "$acl" || failed=`expr $failed + 1`
+testit "set_ntacl_ntvfs" test_set_acl_ntvfs "$testfile" "$acl" || failed=`expr $failed + 1`
+testit "get_ntacl_ntvfs" test_get_acl_ntvfs "$testfile" "$acl" || failed=`expr $failed + 1`
+
rm -f "$testfile"
exit $failed
--
Samba Shared Repository
More information about the samba-cvs
mailing list