How to add SeBackup privilege for make test user ?
Jeremy Allison
jra at samba.org
Fri Oct 26 17:05:16 MDT 2012
On Fri, Oct 26, 2012 at 12:44:02PM +1100, Andrew Bartlett wrote:
> On Thu, 2012-10-25 at 16:48 -0700, Jeremy Allison wrote:
> > Hi Andrew and Jelmer,
> >
> > I'm adding a regression test for my fix for the crash
> > in smbd when doing a listing for a user with SeBackup
> > privilege.
> >
> > However this depends on the test user being used in
> > the source3/script/tests/test_smbclient_s3.sh test
> > scripts having SeBackup privilege assigned.
> >
> > We seem to only create the one test user ($USER)
> > who is logged in, and that user doesn't have
> > SeBackup privilege. How do I fix that ?
> >
> > When I do:
> >
> > net rpc rights grant $USERNAME SeBackupPrivilege -U$USERNAME%$PASSWORD -I $SERVER_IP
> >
> > before trying the backup list, I get:
> >
> > Could not connect to server 127.0.0.2
> > The username or password was not correct.
> > Connection failed: NT_STATUS_LOGON_FAILURE
> >
> > which is plainly incorrect as this is the
> > same user and password that smbclient uses
> > (although I'm not sure if this user has the
> > rights to add SeBackupPrivilege).
> >
> > Any clues here ?
>
> Two thoughts come to mind:
>
> if you run the test in plugin_s4_dc, you will probably have the
> privileges already, which might unblock you.
I don't think plugin_s4_dc has the smbclient tests setup,
so that makes it harder, unless you can show me how to run
an smbclient test there.
> On why 'net rpc rights': the command you are running is missing
> $ADDARGS, which contains a pointer to the smb.conf (we need a test
> smb.conf, not the system default), and missing that might be why it
> fails.
>
> Otherwise, playing around with make testenv is often very helpful for
> this kind of thing.
>
> SELFTEST_TESTENV=s3dc make testenv
Thanks, that helped a lot.
> We can also create more test users if you want, but it's a little
> involved in the s3dc case. For a privileges test, it might be worth
> it.
Actually, for the Samba3 case it looks like it's easier
to use tdbtool to directly insert the privilege record
in account_policy.tdb. That way I can add the changes
into source3/script/tests/test_smbclient_s3.sh, which has
all the smbclient infrastructure setup.
I'm still working on this.
Jeremy.
More information about the samba-technical
mailing list