[PATCH] Fix domain backups when SMBv1 is disabled
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Thu Jan 10 05:08:58 UTC 2019
On 9/01/19 5:30 PM, Tim Beale via samba-technical wrote:
> Here's the last few patches required to make domain backups work against
> a DC with SMBv1 disabled. These patches relies on the
> libsmb_samba_internal and cli_smb2_list() patches I sent out earlier today.
>
> There's not a lot to it - it adds an extra 'get_acl' Python API (to make
> it consistent with the source4 bindings), then switches over the backup
> code to use the source3 bindings.
>
> CI link: https://gitlab.com/catalyst-samba/samba/pipelines/42628003
>
> Review appreciated. Thanks.
RB+ on 2/3 and 3/3, but somebody who knows SMB really ought to look at 1/3.
> +/*
> + * Read ACL on a given file/directory as a security descriptor object
> + */
> +static PyObject *py_smb_getacl(struct py_cli_state *self, PyObject *args)
> +{
> + NTSTATUS status;
> + const char *filename = NULL;
> + uint32_t sinfo = SECINFO_DEFAULT_FLAGS;
> + int access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
^^^^^^^^^^^^^^^
One thing I did notice is cli_ntcreate() wants uint32_t for the access
mask, which would affect the ParseTuple format string too.
> + uint16_t fnum;
> + struct security_descriptor *sd = NULL;
> +
> + /* there's no async version of cli_query_security_descriptor() */
> + if (self->thread_state != NULL) {
> + PyErr_SetString(PyExc_RuntimeError,
(I don't really like that we use RuntimeError everywhere, but this is
one of the few cases where it perhaps makes sense).
Douglas
More information about the samba-technical
mailing list