[PATCH] Convert samba-tool GPO cmds to use s3 SMB Python bindings

Tim Beale timbeale at catalyst.net.nz
Wed Jan 16 03:11:58 UTC 2019


I added a few more patches to run the GPO and NTACL tests over more
testenvs. This highlighted a bug in how we restore the NTACLs from
backup-file, which I've fixed up now.

Merge request: https://gitlab.com/samba-team/samba/merge_requests/192

On 11/01/19 5:37 PM, Tim Beale wrote:
> Take 2 with glaring python import error fixed...
>
> CI link: https://gitlab.com/catalyst-samba/samba/pipelines/42949972
>
> On 11/01/19 5:10 PM, Tim Beale wrote:
>> This converts the 'samba-tool gpo' commands to use the s3 SMB bindings,
>> which will mean the commands will now work on a DC with SMBv1 disabled.
>>
>> This should be the last of SMB python binding changes needed for 4.10.
>> Then we can finally close bug 13676.
>>
>> CI link: https://gitlab.com/catalyst-samba/samba/pipelines/42946382
>>
>> Review appreciated. Thanks
>>
-------------- next part --------------
From b6dab31de3b224fdbbfca324d8f9d1b197f7ceec Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri, 14 Dec 2018 10:37:11 +1300
Subject: [PATCH 01/11] python/gpclass: Convert gpclass to use s3 SMB Python
 bindings

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
---
 python/samba/gpclass.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py
index fb7c705..0040f23 100644
--- a/python/samba/gpclass.py
+++ b/python/samba/gpclass.py
@@ -29,7 +29,8 @@ import xml.etree.ElementTree as etree
 import re
 from samba.net import Net
 from samba.dcerpc import nbt
-from samba import smb
+from samba.samba3 import libsmb_samba_internal as libsmb
+from samba.samba3 import param as s3param
 import samba.gpo as gpo
 from samba.param import LoadParm
 from uuid import UUID
@@ -386,7 +387,7 @@ def cache_gpo_dir(conn, cache, sub_dir):
         if e.errno != errno.EEXIST:
             raise
     for fdata in conn.list(sub_dir):
-        if fdata['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
+        if fdata['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
             cache_gpo_dir(conn, cache, os.path.join(sub_dir, fdata['name']))
         else:
             local_name = fdata['name'].upper()
@@ -407,7 +408,10 @@ def check_safe_path(path):
 
 
 def check_refresh_gpo_list(dc_hostname, lp, creds, gpos):
-    conn = smb.SMB(dc_hostname, 'sysvol', lp=lp, creds=creds, sign=True)
+    # the SMB bindings rely on having a s3 loadparm
+    s3_lp = s3param.get_context()
+    s3_lp.load(lp.configfile)
+    conn = libsmb.Conn(dc_hostname, 'sysvol', lp=s3_lp, creds=creds, sign=True)
     cache_path = lp.cache_path('gpo_cache')
     for gpo in gpos:
         if not gpo.file_sys_path:
-- 
2.7.4


From 0e9fe6a984b3c51a9ec2b3316bdfd0c26a461f92 Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue, 8 Jan 2019 14:42:05 +1300
Subject: [PATCH 02/11] s3:pylibsmb: Add .set_acl API to SMB py bindings

This is pretty similar code to py_smb_getacl(), except it's calling
cli_set_security_descriptor() instead of cli_query_security_descriptor()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
---
 source3/libsmb/pylibsmb.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
index e0ce518..1c945d2 100644
--- a/source3/libsmb/pylibsmb.c
+++ b/source3/libsmb/pylibsmb.c
@@ -1525,6 +1525,54 @@ static PyObject *py_smb_getacl(struct py_cli_state *self, PyObject *args)
 				    sd, sd);
 }
 
+/*
+ * Set ACL on file/directory using given security descriptor object
+ */
+static PyObject *py_smb_setacl(struct py_cli_state *self, PyObject *args)
+{
+	NTSTATUS status;
+	const char *filename;
+	PyObject *py_sd;
+	struct security_descriptor *sd;
+	unsigned int sinfo = SECINFO_DEFAULT_FLAGS;
+	uint16_t fnum;
+
+	/* there's no async version of cli_set_security_descriptor() */
+	if (self->thread_state != NULL) {
+		PyErr_SetString(PyExc_RuntimeError,
+				"set_acl() is not supported on "
+				"a multi_threaded connection");
+		return NULL;
+	}
+
+	if (!PyArg_ParseTuple(args, "sO|I:set_acl", &filename, &py_sd,
+			      &sinfo)) {
+		return NULL;
+	}
+
+	sd = pytalloc_get_type(py_sd, struct security_descriptor);
+	if (!sd) {
+		PyErr_Format(PyExc_TypeError,
+			"Expected dcerpc.security.descriptor as argument, got %s",
+			talloc_get_name(pytalloc_get_ptr(py_sd)));
+		return NULL;
+	}
+
+	status = cli_ntcreate(self->cli, filename, 0,
+			      SEC_FLAG_MAXIMUM_ALLOWED, 0,
+			      FILE_SHARE_READ|FILE_SHARE_WRITE,
+			      FILE_OPEN, 0x0, 0x0, &fnum, NULL);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+	status = cli_set_security_descriptor(self->cli, fnum, sinfo, sd);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+	status = cli_close(self->cli, fnum);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+	Py_RETURN_NONE;
+}
+
 static PyMethodDef py_cli_state_methods[] = {
 	{ "settimeout", (PyCFunction)py_cli_settimeout, METH_VARARGS,
 	  "settimeout(new_timeout_msecs) => return old_timeout_msecs" },
@@ -1577,6 +1625,9 @@ static PyMethodDef py_cli_state_methods[] = {
 	{ "get_acl", (PyCFunction)py_smb_getacl, METH_VARARGS,
 	  "get_acl(path[, security_info=0]) -> security_descriptor object\n\n"
 	  "\t\tGet security descriptor for file." },
+	{ "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS,
+	  "set_acl(path, security_descriptor[, security_info=0]) -> None\n\n"
+	  "\t\tSet security descriptor for file." },
 	{ NULL, NULL, 0, NULL }
 };
 
-- 
2.7.4


From c819cf24d0c50c55f2b8f9205bb72cb718bae1f6 Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue, 8 Jan 2019 15:10:46 +1300
Subject: [PATCH 03/11] netcmd: Change SMB flags from s4 Py bindings to s3

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
---
 python/samba/netcmd/gpo.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
index a064f44..d443129 100644
--- a/python/samba/netcmd/gpo.py
+++ b/python/samba/netcmd/gpo.py
@@ -44,6 +44,7 @@ from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHE
 from samba.netcmd.common import netcmd_finddc
 from samba import policy
 from samba import smb
+from samba.samba3 import libsmb_samba_internal as libsmb
 from samba import NTSTATUSError
 import uuid
 from samba.ntacls import dsacl2fsacl
@@ -280,7 +281,7 @@ def backup_directory_remote_to_local(conn, remotedir, localdir):
             r_name = r_dir + '\\' + e['name']
             l_name = os.path.join(l_dir, e['name'])
 
-            if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
+            if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
                 r_dirs.append(r_name)
                 l_dirs.append(l_name)
                 os.mkdir(l_name)
@@ -294,10 +295,10 @@ def backup_directory_remote_to_local(conn, remotedir, localdir):
                 parser.write_xml(l_name + '.xml')
 
 
-attr_flags = smb.FILE_ATTRIBUTE_SYSTEM | \
-             smb.FILE_ATTRIBUTE_DIRECTORY | \
-             smb.FILE_ATTRIBUTE_ARCHIVE | \
-             smb.FILE_ATTRIBUTE_HIDDEN
+attr_flags = libsmb.FILE_ATTRIBUTE_SYSTEM | \
+             libsmb.FILE_ATTRIBUTE_DIRECTORY | \
+             libsmb.FILE_ATTRIBUTE_ARCHIVE | \
+             libsmb.FILE_ATTRIBUTE_HIDDEN
 
 
 def copy_directory_remote_to_local(conn, remotedir, localdir):
@@ -315,7 +316,7 @@ def copy_directory_remote_to_local(conn, remotedir, localdir):
             r_name = r_dir + '\\' + e['name']
             l_name = os.path.join(l_dir, e['name'])
 
-            if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
+            if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
                 r_dirs.append(r_name)
                 l_dirs.append(l_name)
                 os.mkdir(l_name)
-- 
2.7.4


From 52f2b10a091cbce278dda71a9f3c1ad77253edd4 Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri, 11 Jan 2019 14:25:32 +1300
Subject: [PATCH 04/11] s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to
 .loadfile() API

Add FILE_READ_ATTRIBUTES when opening the file handle, as we need to
read the file's size.

The .loadfile() API can end up calling cli_qfileinfo_basic() to get the
file size. This can end up doing a 'FILE_ALL_INFORMATION' SMBv2 request
underneath, which the MS-SMB2 spec (section 3.3.5.20.1 Handling
SMB2_0_INFO_FILE) says the file handle must have FILE_READ_ATTRIBUTES
access granted.

I noticed this problem when running .loadfile() against the NTVFS
server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
---
 source3/libsmb/pylibsmb.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
index 1c945d2..037a79c 100644
--- a/source3/libsmb/pylibsmb.c
+++ b/source3/libsmb/pylibsmb.c
@@ -928,7 +928,8 @@ static PyObject *py_smb_loadfile(struct py_cli_state *self, PyObject *args,
 
 	/* get a read file handle */
 	req = cli_ntcreate_send(NULL, self->ev, self->cli, filename, 0,
-				FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+				FILE_READ_DATA | FILE_READ_ATTRIBUTES,
+				FILE_ATTRIBUTE_NORMAL,
 				FILE_SHARE_READ, FILE_OPEN, 0,
 				SMB2_IMPERSONATION_IMPERSONATION, 0);
 	if (!py_tevent_req_wait_exc(self, req)) {
-- 
2.7.4


From 6d4cf589eb52b57c6e269ec0b365bcea51190a53 Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri, 11 Jan 2019 14:53:16 +1300
Subject: [PATCH 05/11] netcmd: Change GPO commands to use s3 SMB Py bindings

This means we can now use GPO commands on a DC that has SMBv1 disabled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
---
 python/samba/netcmd/gpo.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
index d443129..1b5e927 100644
--- a/python/samba/netcmd/gpo.py
+++ b/python/samba/netcmd/gpo.py
@@ -43,7 +43,7 @@ import samba.auth
 from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES
 from samba.netcmd.common import netcmd_finddc
 from samba import policy
-from samba import smb
+from samba.samba3 import param as s3param
 from samba.samba3 import libsmb_samba_internal as libsmb
 from samba import NTSTATUSError
 import uuid
@@ -365,7 +365,10 @@ def create_directory_hier(conn, remotedir):
 def smb_connection(dc_hostname, service, lp, creds, sign=False):
     # SMB connect to DC
     try:
-        conn = smb.SMB(dc_hostname, service, lp=lp, creds=creds, sign=sign)
+        # the SMB bindings rely on having a s3 loadparm
+        s3_lp = s3param.get_context()
+        s3_lp.load(lp.configfile)
+        conn = libsmb.Conn(dc_hostname, service, lp=s3_lp, creds=creds, sign=sign)
     except Exception:
         raise CommandError("Error connecting to '%s' using SMB" % dc_hostname)
     return conn
-- 
2.7.4


From bad62fdcc4dd92312f8f8d34d4105fd29e6b4aa0 Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri, 11 Jan 2019 15:57:21 +1300
Subject: [PATCH 06/11] s4:pysmb: Add error log that the s4 bindings are
 deprecated

We plan to delete the s4 SMB Python bindings in the next Samba release
after v4.10, but first give external consumers a heads-up, just in case
they are currently using the s4 bindings.

Note the auth_log tests still use the s4 bindings, but all user-facing
tools should now be updated to use the s3 bindings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
---
 source4/libcli/pysmb.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c
index 45ff9a0..5a02816 100644
--- a/source4/libcli/pysmb.c
+++ b/source4/libcli/pysmb.c
@@ -614,6 +614,18 @@ static PyObject *py_smb_new(PyTypeObject *type, PyObject *args, PyObject *kwargs
 	uint8_t use_spnego = 0xFF;
 	PyObject *sign = Py_False;
 
+	/*
+	 * These Python bindings are now deprecated because the s4 SMB client
+	 * code doesn't support SMBv2 (and is unlikely to ever support it).
+	 * The s3 libsmb_samba_internal bindings are a better choice for use
+	 * within the Samba codebase, and support much the same API.
+	 * This warning is mostly for external consumers that might be using
+	 * these Python bindings (in which case, note libsmb_samba_internal
+	 * is not a stable API and may change in future).
+	 */
+	DBG_ERR("The smb.SMB() Python bindings are now deprecated "
+		"and will be removed in the next samba release\n");
+
 	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "zz|OObbO",
 					 discard_const_p(char *, kwnames),
 					 &hostname, &service, &py_creds, &py_lp,
-- 
2.7.4


From 0eae1e6d4b1c9824ac3d9fb25814f6f628aced33 Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri, 11 Jan 2019 15:09:48 +1300
Subject: [PATCH 07/11] tests: Run samba_tool.gpo tests against backup testenvs

Run the GPO tests against the backup/restore testenvs.

Because the backup/restore preserves the NTACLs of the sysvol files,
running the GPO tests against the backup testenvs is a good sanity-
check. If fact it highlights that there is currently a problem with
restoring the GPO files - this shows up in 'samba-tool gpo aclcheck',
but we never noticed it until now.

NTACL backup works slightly different for offline backups, and rename
backups end up with more sysvol files, so run the tests against both
these envs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
---
 selftest/knownfail.d/gpo  | 3 +++
 source4/selftest/tests.py | 8 +++++---
 2 files changed, 8 insertions(+), 3 deletions(-)
 create mode 100644 selftest/knownfail.d/gpo

diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
new file mode 100644
index 0000000..fabe2ba
--- /dev/null
+++ b/selftest/knownfail.d/gpo
@@ -0,0 +1,3 @@
+# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug)
+samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(renamedc:local\)
+samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(offlinebackupdc:local\)
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index a1f3842..9d56e0b 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -656,11 +656,13 @@ for env in ["ad_dc_ntvfs", "fl2000dc", "fl2003dc", "fl2008r2dc"]:
 for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]:
     plantestsuite("samba.tests.samba_tool.edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
 
-# We run this test against both AD DC implemetnations because it is
+# We run this test against both AD DC implementations because it is
 # the only test we have of GPO get/set behaviour, and this involves
 # the file server as well as the LDAP server.
-planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.gpo",  py3_compatible=True)
-planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.gpo", py3_compatible=True)
+# It's also a good sanity-check that sysvol backup worked correctly.
+for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]:
+    planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo",
+                        py3_compatible=True)
 
 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.processes", py3_compatible=True)
 planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user", py3_compatible=True)
-- 
2.7.4


From 1669f27bf750420709f3873ed62f4cab9544eacb Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue, 15 Jan 2019 14:09:15 +1300
Subject: [PATCH 08/11] ntacls: Pass correct use_ntvfs through to setntacl()

We were already checking the smb.conf to see if it uses the NTVFS file
server or the default smbd server. However, we weren't passing this
through to the setntacl() call.

This fixes the problem we noticed with 'samba-tool gpo aclcheck' failing
after a restore.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
---
 python/samba/ntacls.py   | 3 ++-
 selftest/knownfail.d/gpo | 3 ---
 2 files changed, 2 insertions(+), 4 deletions(-)
 delete mode 100644 selftest/knownfail.d/gpo

diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
index 9924573..5bf646c 100644
--- a/python/samba/ntacls.py
+++ b/python/samba/ntacls.py
@@ -454,7 +454,8 @@ class NtaclsHelper:
 
     def setntacl(self, path, ntacl_sd):
         # ntacl_sd can be obj or str
-        return setntacl(self.lp, path, ntacl_sd, self.dom_sid)
+        return setntacl(self.lp, path, ntacl_sd, self.dom_sid,
+                        use_ntvfs=self.use_ntvfs)
 
 
 def _create_ntacl_file(dst, ntacl_sddl_str):
diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
deleted file mode 100644
index fabe2ba..0000000
--- a/selftest/knownfail.d/gpo
+++ /dev/null
@@ -1,3 +0,0 @@
-# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug)
-samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(renamedc:local\)
-samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(offlinebackupdc:local\)
-- 
2.7.4


From f15a770d6bb85a1d4e177d815a1b58adfb3fa9e2 Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue, 15 Jan 2019 17:12:20 +1300
Subject: [PATCH 09/11] tests: Run GPO commands against testenv with SMBv1
 disabled

Just to prove that they work across SMBv2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
---
 source4/selftest/tests.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 9d56e0b..7073755 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -660,7 +660,8 @@ for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:loca
 # the only test we have of GPO get/set behaviour, and this involves
 # the file server as well as the LDAP server.
 # It's also a good sanity-check that sysvol backup worked correctly.
-for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]:
+for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc",
+            smbv1_disabled_testenv]:
     planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo",
                         py3_compatible=True)
 
-- 
2.7.4


From 2fa085905b7cee3de13cf16d8ec71684e3aa4135 Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu, 13 Dec 2018 16:29:33 +1300
Subject: [PATCH 10/11] selftest: Give the backup testenvs a 'test1' share

The ntacls_backup tests use the test1 share, and we want to run them
against the restoredc (which has SMBv1 disabled).

The xattr.tdb file is needed for the backend_obj.wrap_getxattr() call
(in ntacls.py) to work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
---
 selftest/target/Samba4.pm | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 5346cb1..f2635e5 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -3007,12 +3007,14 @@ sub prepare_dc_testenv
 	# add support for sysvol/netlogon/tmp shares
 	$ctx->{share} = "$ctx->{prefix_abs}/share";
 	push(@{$ctx->{directories}}, "$ctx->{share}");
+	push(@{$ctx->{directories}}, "$ctx->{share}/test1");
 
 	$ctx->{smb_conf_extra_options} = "
 	$conf_options
 	max xmit = 32K
 	server max protocol = SMB2
 	samba kcc command = /bin/true
+	xattr_tdb:file = $ctx->{statedir}/xattr.tdb
 
 [sysvol]
 	path = $ctx->{statedir}/sysvol
@@ -3029,6 +3031,12 @@ sub prepare_dc_testenv
 	posix:oplocktimeout = 3
 	posix:writetimeupdatedelay = 50000
 
+[test1]
+	path = $ctx->{share}/test1
+	read only = no
+	posix:sharedelay = 100000
+	posix:oplocktimeout = 3
+	posix:writetimeupdatedelay = 500000
 ";
 
 	my $env = $self->provision_raw_step1($ctx);
-- 
2.7.4


From 495e67d0752aeb84a70ef2e4500772a46593706e Mon Sep 17 00:00:00 2001
From: Tim Beale <timbeale at catalyst.net.nz>
Date: Wed, 16 Jan 2019 10:02:07 +1300
Subject: [PATCH 11/11] tests: Run ntacls_backup tests against testenv with
 SMBv1 disabled

Just to prove that the NTACL backup works over SMBv2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=1367

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
---
 source4/selftest/tests.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 7073755..b813208 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -695,15 +695,13 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$U
 
 for env in ["ad_dc", smbv1_disabled_testenv]:
     planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
+    planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup",
+        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
 
 planoldpythontestsuite(
     "ad_dc_ntvfs:local", "samba.tests.dcerpc.registry",
     extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
 
-planoldpythontestsuite(
-    "ad_dc:local", "samba.tests.ntacls_backup",
-    extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
-
 planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
 planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
 planoldpythontestsuite("chgdcpass", "samba.tests.dcerpc.raw_protocol", py3_compatible=True,
-- 
2.7.4



More information about the samba-technical mailing list