[SCM] Samba Shared Repository - branch master updated
Björn Baumbach
bbaumbach at samba.org
Thu Mar 11 21:42:02 UTC 2021
The branch, master has been updated
via 6686db1132b samba-tool gpo: add missing newline to admxload warning
via 2d6bed495e1 samba-gpupdate: Check sysvol download paths in case-insensitive way
via 554f2134a9f samba-gpupdate: Test that sysvol paths download in case-insensitive way
via 6054564d4f2 samba-gpupdate: Enable the Startup Scripts Extension
via 88c9c291b0b samba-tool: gpo manage sudoers handle missing and dispersed principal names
via bba91c462e6 samba-tool: Ensure that gpo manage sudoers handles missing/dispersed principal names
from 9c682d794e6 Update status of SMB_VFS_SETXATTR
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6686db1132b3a61c5b6bbbc80b9c8107f53b994b
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Mar 9 13:11:08 2021 +0100
samba-tool gpo: add missing newline to admxload warning
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): Björn Baumbach <bb at sernet.de>
Autobuild-Date(master): Thu Mar 11 21:41:04 UTC 2021 on sn-devel-184
commit 2d6bed495e14349e19ba680bd72c3f110f1c397b
Author: David Mulder <dmulder at suse.com>
Date: Tue Mar 9 11:13:40 2021 -0700
samba-gpupdate: Check sysvol download paths in case-insensitive way
https://bugzilla.samba.org/show_bug.cgi?id=14665
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Björn Baumbach <bb at sernet.de>
commit 554f2134a9f9638ebd8ac2500e5b6c94b74c27d5
Author: David Mulder <dmulder at suse.com>
Date: Tue Mar 9 12:30:14 2021 -0700
samba-gpupdate: Test that sysvol paths download in case-insensitive way
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14665
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Björn Baumbach <bb at sernet.de>
commit 6054564d4f2fa8b14e24d72f1655c559ad1ce016
Author: David Mulder <dmulder at suse.com>
Date: Tue Mar 9 09:28:15 2021 -0700
samba-gpupdate: Enable the Startup Scripts Extension
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Björn Baumbach <bb at sernet.de>
commit 88c9c291b0b928fc404d9f19eb55c5fa62266f93
Author: David Mulder <dmulder at suse.com>
Date: Tue Mar 9 09:16:27 2021 -0700
samba-tool: gpo manage sudoers handle missing and dispersed principal names
If we don't anticipate a missing principal name,
samba-tool crashes. Also, principal names could
be in dispersed listelements.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Björn Baumbach <bb at sernet.de>
commit bba91c462e697d91496e7d7f31d85b46422db6fa
Author: David Mulder <dmulder at suse.com>
Date: Tue Mar 9 14:14:24 2021 -0700
samba-tool: Ensure that gpo manage sudoers handles missing/dispersed principal names
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Björn Baumbach <bb at sernet.de>
-----------------------------------------------------------------------
Summary of changes:
python/samba/gpclass.py | 5 +--
python/samba/netcmd/gpo.py | 12 ++++++--
python/samba/tests/gpo.py | 10 ++++++
python/samba/tests/samba_tool/gpo.py | 59 ++++++++++++++++++++++++++++++++++++
source4/scripting/bin/samba-gpupdate | 2 ++
5 files changed, 83 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py
index 51b006f7f7f..7d3841ba8da 100644
--- a/python/samba/gpclass.py
+++ b/python/samba/gpclass.py
@@ -393,8 +393,9 @@ def cache_gpo_dir(conn, cache, sub_dir):
def check_safe_path(path):
dirs = re.split('/|\\\\', path)
- if 'sysvol' in path:
- dirs = dirs[dirs.index('sysvol') + 1:]
+ if 'sysvol' in path.lower():
+ ldirs = re.split('/|\\\\', path.lower())
+ dirs = dirs[ldirs.index('sysvol') + 1:]
if '..' not in dirs:
return os.path.join(*dirs)
raise OSError(path)
diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
index cb70367509e..1b4159c4c0c 100644
--- a/python/samba/netcmd/gpo.py
+++ b/python/samba/netcmd/gpo.py
@@ -1674,7 +1674,7 @@ class cmd_admxload(Command):
'in the Group Policy Management Console. You will '
'need to install these templates '
'from https://www.microsoft.com/en-us/download/102157 '
- 'to continue using Windows Administrative Templates. ')
+ 'to continue using Windows Administrative Templates.\n')
class cmd_add_sudoers(Command):
"""Adds a Samba Sudoers Group Policy to the sysvol
@@ -1859,7 +1859,10 @@ samba-tool gpo manage sudoers list {31B2F340-016D-11D2-945F-00C04FB984F9}
for entry in data.findall('sudoers_entry'):
command = entry.find('command').text
user = entry.find('user').text
- principals = entry.find('listelement').findall('principal')
+ listelements = entry.findall('listelement')
+ principals = []
+ for listelement in listelements:
+ principals.extend(listelement.findall('principal'))
if len(principals) > 0:
uname = ','.join([u.text if u.attrib['type'] == 'user' \
else '%s%%' % u.text for u in principals])
@@ -1935,7 +1938,10 @@ samba-tool gpo manage sudoers remove {31B2F340-016D-11D2-945F-00C04FB984F9} 'fak
for e in data.findall('sudoers_entry'):
command = e.find('command').text
user = e.find('user').text
- principals = e.find('listelement').findall('principal')
+ listelements = e.findall('listelement')
+ principals = []
+ for listelement in listelements:
+ principals.extend(listelement.findall('principal'))
if len(principals) > 0:
uname = ','.join([u.text if u.attrib['type'] == 'user' \
else '%s%%' % u.text for u in principals])
diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index dfd2394f353..b5d195b0445 100644
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -188,6 +188,16 @@ class GPOTests(tests.TestCase):
self.assertEqual(result, after, 'check_safe_path() didn\'t'
' correctly convert \\ to /')
+ def test_check_safe_path_typesafe_name(self):
+ path = '\\\\toady.suse.de\\SysVol\\toady.suse.de\\Policies\\' \
+ '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
+ expected_path = 'toady.suse.de/Policies/' \
+ '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
+
+ result = check_safe_path(path)
+ self.assertEqual(result, expected_path,
+ 'check_safe_path unable to detect variable case sysvol components')
+
def test_gpt_ext_register(self):
this_path = os.path.dirname(os.path.realpath(__file__))
samba_path = os.path.realpath(os.path.join(this_path, '../../../'))
diff --git a/python/samba/tests/samba_tool/gpo.py b/python/samba/tests/samba_tool/gpo.py
index 851a76b9885..d60e5b96c34 100644
--- a/python/samba/tests/samba_tool/gpo.py
+++ b/python/samba/tests/samba_tool/gpo.py
@@ -802,10 +802,32 @@ class GpoCmdTestCase(SambaToolCmdTest):
principal = etree.SubElement(listelement, 'principal')
principal.text = 'fakeu'
principal.attrib['type'] = 'user'
+ # Ensure an empty principal doesn't cause a crash
+ sudoers_entry = etree.SubElement(data, 'sudoers_entry')
+ command = etree.SubElement(sudoers_entry, 'command')
+ command.text = 'ALL'
+ user = etree.SubElement(sudoers_entry, 'user')
+ user.text = 'ALL'
+ # Ensure having dispersed principals still works
+ sudoers_entry = etree.SubElement(data, 'sudoers_entry')
+ command = etree.SubElement(sudoers_entry, 'command')
+ command.text = 'ALL'
+ user = etree.SubElement(sudoers_entry, 'user')
+ user.text = 'ALL'
+ listelement = etree.SubElement(sudoers_entry, 'listelement')
+ principal = etree.SubElement(listelement, 'principal')
+ principal.text = 'fakeu2'
+ principal.attrib['type'] = 'user'
+ listelement = etree.SubElement(sudoers_entry, 'listelement')
+ group = etree.SubElement(listelement, 'principal')
+ group.text = 'fakeg2'
+ group.attrib['type'] = 'group'
ret = stage_file(vgp_xml, etree.tostring(stage, 'utf-8'))
self.assertTrue(ret, 'Could not create the target %s' % vgp_xml)
sudoer = 'fakeu ALL=(ALL) NOPASSWD: ALL'
+ sudoer2 = 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL'
+ sudoer_no_principal = 'ALL ALL=(ALL) NOPASSWD: ALL'
(result, out, err) = self.runsublevelcmd("gpo", ("manage",
"sudoers", "list"),
self.gpo_guid, "-H",
@@ -814,7 +836,44 @@ class GpoCmdTestCase(SambaToolCmdTest):
"-U%s%%%s" %
(os.environ["USERNAME"],
os.environ["PASSWORD"]))
+ self.assertCmdSuccess(result, out, err, 'Sudoers list failed')
self.assertIn(sudoer, out, 'The test entry was not found!')
+ self.assertIn(sudoer2, out, 'The test entry was not found!')
+ self.assertIn(sudoer_no_principal, out,
+ 'The test entry was not found!')
+
+ (result, out, err) = self.runsublevelcmd("gpo", ("manage",
+ "sudoers", "remove"),
+ self.gpo_guid, sudoer2,
+ "-H", "ldap://%s" %
+ os.environ["SERVER"],
+ "-U%s%%%s" %
+ (os.environ["USERNAME"],
+ os.environ["PASSWORD"]))
+ self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
+
+ (result, out, err) = self.runsublevelcmd("gpo", ("manage",
+ "sudoers", "remove"),
+ self.gpo_guid,
+ sudoer_no_principal,
+ "-H", "ldap://%s" %
+ os.environ["SERVER"],
+ "-U%s%%%s" %
+ (os.environ["USERNAME"],
+ os.environ["PASSWORD"]))
+ self.assertCmdSuccess(result, out, err, 'Sudoers remove failed')
+
+ (result, out, err) = self.runsublevelcmd("gpo", ("manage",
+ "sudoers", "list"),
+ self.gpo_guid, "-H",
+ "ldap://%s" %
+ os.environ["SERVER"],
+ "-U%s%%%s" %
+ (os.environ["USERNAME"],
+ os.environ["PASSWORD"]))
+ self.assertNotIn(sudoer2, out, 'The test entry was still found!')
+ self.assertNotIn(sudoer_no_principal, out,
+ 'The test entry was still found!')
# Unstage the manifest.xml file
unstage_file(vgp_xml)
diff --git a/source4/scripting/bin/samba-gpupdate b/source4/scripting/bin/samba-gpupdate
index 3b0b7ce3d1f..a5f5c81e26f 100755
--- a/source4/scripting/bin/samba-gpupdate
+++ b/source4/scripting/bin/samba-gpupdate
@@ -42,6 +42,7 @@ from samba.vgp_files_ext import vgp_files_ext
from samba.vgp_openssh_ext import vgp_openssh_ext
from samba.vgp_motd_ext import vgp_motd_ext
from samba.vgp_issue_ext import vgp_issue_ext
+from samba.vgp_startup_scripts_ext import vgp_startup_scripts_ext
import logging
if __name__ == "__main__":
@@ -103,6 +104,7 @@ if __name__ == "__main__":
gp_extensions.append(vgp_openssh_ext)
gp_extensions.append(vgp_motd_ext)
gp_extensions.append(vgp_issue_ext)
+ gp_extensions.append(vgp_startup_scripts_ext)
gp_extensions.extend(machine_exts)
elif opts.target == 'User':
gp_extensions.extend(user_exts)
--
Samba Shared Repository
More information about the samba-cvs
mailing list