[PATCH] Convert samba-tool GPO cmds to use s3 SMB Python bindings
Jeremy Allison
jra at samba.org
Wed Jan 16 21:40:20 UTC 2019
On Wed, Jan 16, 2019 at 04:11:58PM +1300, Tim Beale via samba-technical wrote:
> I added a few more patches to run the GPO and NTACL tests over more
> testenvs. This highlighted a bug in how we restore the NTACLs from
> backup-file, which I've fixed up now.
>
> Merge request: https://gitlab.com/samba-team/samba/merge_requests/192
>
> On 11/01/19 5:37 PM, Tim Beale wrote:
> > Take 2 with glaring python import error fixed...
> >
> > CI link: https://gitlab.com/catalyst-samba/samba/pipelines/42949972
> >
> > On 11/01/19 5:10 PM, Tim Beale wrote:
> >> This converts the 'samba-tool gpo' commands to use the s3 SMB bindings,
> >> which will mean the commands will now work on a DC with SMBv1 disabled.
> >>
> >> This should be the last of SMB python binding changes needed for 4.10.
> >> Then we can finally close bug 13676.
> >>
> >> CI link: https://gitlab.com/catalyst-samba/samba/pipelines/42946382
> >>
> >> Review appreciated. Thanks
> >>
LGTM (with minor change to set declared pointers initially to NULL
in the C code) ! Thanks a *LOT* for this work Tim,
RB+
Jeremy.
> From b6dab31de3b224fdbbfca324d8f9d1b197f7ceec Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Fri, 14 Dec 2018 10:37:11 +1300
> Subject: [PATCH 01/11] python/gpclass: Convert gpclass to use s3 SMB Python
> bindings
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
> python/samba/gpclass.py | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py
> index fb7c705..0040f23 100644
> --- a/python/samba/gpclass.py
> +++ b/python/samba/gpclass.py
> @@ -29,7 +29,8 @@ import xml.etree.ElementTree as etree
> import re
> from samba.net import Net
> from samba.dcerpc import nbt
> -from samba import smb
> +from samba.samba3 import libsmb_samba_internal as libsmb
> +from samba.samba3 import param as s3param
> import samba.gpo as gpo
> from samba.param import LoadParm
> from uuid import UUID
> @@ -386,7 +387,7 @@ def cache_gpo_dir(conn, cache, sub_dir):
> if e.errno != errno.EEXIST:
> raise
> for fdata in conn.list(sub_dir):
> - if fdata['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
> + if fdata['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
> cache_gpo_dir(conn, cache, os.path.join(sub_dir, fdata['name']))
> else:
> local_name = fdata['name'].upper()
> @@ -407,7 +408,10 @@ def check_safe_path(path):
>
>
> def check_refresh_gpo_list(dc_hostname, lp, creds, gpos):
> - conn = smb.SMB(dc_hostname, 'sysvol', lp=lp, creds=creds, sign=True)
> + # the SMB bindings rely on having a s3 loadparm
> + s3_lp = s3param.get_context()
> + s3_lp.load(lp.configfile)
> + conn = libsmb.Conn(dc_hostname, 'sysvol', lp=s3_lp, creds=creds, sign=True)
> cache_path = lp.cache_path('gpo_cache')
> for gpo in gpos:
> if not gpo.file_sys_path:
> --
> 2.7.4
>
>
> From 0e9fe6a984b3c51a9ec2b3316bdfd0c26a461f92 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Tue, 8 Jan 2019 14:42:05 +1300
> Subject: [PATCH 02/11] s3:pylibsmb: Add .set_acl API to SMB py bindings
>
> This is pretty similar code to py_smb_getacl(), except it's calling
> cli_set_security_descriptor() instead of cli_query_security_descriptor()
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
> source3/libsmb/pylibsmb.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 51 insertions(+)
>
> diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
> index e0ce518..1c945d2 100644
> --- a/source3/libsmb/pylibsmb.c
> +++ b/source3/libsmb/pylibsmb.c
> @@ -1525,6 +1525,54 @@ static PyObject *py_smb_getacl(struct py_cli_state *self, PyObject *args)
> sd, sd);
> }
>
> +/*
> + * Set ACL on file/directory using given security descriptor object
> + */
> +static PyObject *py_smb_setacl(struct py_cli_state *self, PyObject *args)
> +{
> + NTSTATUS status;
> + const char *filename;
> + PyObject *py_sd;
> + struct security_descriptor *sd;
> + unsigned int sinfo = SECINFO_DEFAULT_FLAGS;
> + uint16_t fnum;
> +
> + /* there's no async version of cli_set_security_descriptor() */
> + if (self->thread_state != NULL) {
> + PyErr_SetString(PyExc_RuntimeError,
> + "set_acl() is not supported on "
> + "a multi_threaded connection");
> + return NULL;
> + }
> +
> + if (!PyArg_ParseTuple(args, "sO|I:set_acl", &filename, &py_sd,
> + &sinfo)) {
> + return NULL;
> + }
> +
> + sd = pytalloc_get_type(py_sd, struct security_descriptor);
> + if (!sd) {
> + PyErr_Format(PyExc_TypeError,
> + "Expected dcerpc.security.descriptor as argument, got %s",
> + talloc_get_name(pytalloc_get_ptr(py_sd)));
> + return NULL;
> + }
> +
> + status = cli_ntcreate(self->cli, filename, 0,
> + SEC_FLAG_MAXIMUM_ALLOWED, 0,
> + FILE_SHARE_READ|FILE_SHARE_WRITE,
> + FILE_OPEN, 0x0, 0x0, &fnum, NULL);
> + PyErr_NTSTATUS_IS_ERR_RAISE(status);
> +
> + status = cli_set_security_descriptor(self->cli, fnum, sinfo, sd);
> + PyErr_NTSTATUS_IS_ERR_RAISE(status);
> +
> + status = cli_close(self->cli, fnum);
> + PyErr_NTSTATUS_IS_ERR_RAISE(status);
> +
> + Py_RETURN_NONE;
> +}
> +
> static PyMethodDef py_cli_state_methods[] = {
> { "settimeout", (PyCFunction)py_cli_settimeout, METH_VARARGS,
> "settimeout(new_timeout_msecs) => return old_timeout_msecs" },
> @@ -1577,6 +1625,9 @@ static PyMethodDef py_cli_state_methods[] = {
> { "get_acl", (PyCFunction)py_smb_getacl, METH_VARARGS,
> "get_acl(path[, security_info=0]) -> security_descriptor object\n\n"
> "\t\tGet security descriptor for file." },
> + { "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS,
> + "set_acl(path, security_descriptor[, security_info=0]) -> None\n\n"
> + "\t\tSet security descriptor for file." },
> { NULL, NULL, 0, NULL }
> };
>
> --
> 2.7.4
>
>
> From c819cf24d0c50c55f2b8f9205bb72cb718bae1f6 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Tue, 8 Jan 2019 15:10:46 +1300
> Subject: [PATCH 03/11] netcmd: Change SMB flags from s4 Py bindings to s3
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
> python/samba/netcmd/gpo.py | 13 +++++++------
> 1 file changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
> index a064f44..d443129 100644
> --- a/python/samba/netcmd/gpo.py
> +++ b/python/samba/netcmd/gpo.py
> @@ -44,6 +44,7 @@ from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHE
> from samba.netcmd.common import netcmd_finddc
> from samba import policy
> from samba import smb
> +from samba.samba3 import libsmb_samba_internal as libsmb
> from samba import NTSTATUSError
> import uuid
> from samba.ntacls import dsacl2fsacl
> @@ -280,7 +281,7 @@ def backup_directory_remote_to_local(conn, remotedir, localdir):
> r_name = r_dir + '\\' + e['name']
> l_name = os.path.join(l_dir, e['name'])
>
> - if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
> + if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
> r_dirs.append(r_name)
> l_dirs.append(l_name)
> os.mkdir(l_name)
> @@ -294,10 +295,10 @@ def backup_directory_remote_to_local(conn, remotedir, localdir):
> parser.write_xml(l_name + '.xml')
>
>
> -attr_flags = smb.FILE_ATTRIBUTE_SYSTEM | \
> - smb.FILE_ATTRIBUTE_DIRECTORY | \
> - smb.FILE_ATTRIBUTE_ARCHIVE | \
> - smb.FILE_ATTRIBUTE_HIDDEN
> +attr_flags = libsmb.FILE_ATTRIBUTE_SYSTEM | \
> + libsmb.FILE_ATTRIBUTE_DIRECTORY | \
> + libsmb.FILE_ATTRIBUTE_ARCHIVE | \
> + libsmb.FILE_ATTRIBUTE_HIDDEN
>
>
> def copy_directory_remote_to_local(conn, remotedir, localdir):
> @@ -315,7 +316,7 @@ def copy_directory_remote_to_local(conn, remotedir, localdir):
> r_name = r_dir + '\\' + e['name']
> l_name = os.path.join(l_dir, e['name'])
>
> - if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
> + if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
> r_dirs.append(r_name)
> l_dirs.append(l_name)
> os.mkdir(l_name)
> --
> 2.7.4
>
>
> From 52f2b10a091cbce278dda71a9f3c1ad77253edd4 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Fri, 11 Jan 2019 14:25:32 +1300
> Subject: [PATCH 04/11] s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to
> .loadfile() API
>
> Add FILE_READ_ATTRIBUTES when opening the file handle, as we need to
> read the file's size.
>
> The .loadfile() API can end up calling cli_qfileinfo_basic() to get the
> file size. This can end up doing a 'FILE_ALL_INFORMATION' SMBv2 request
> underneath, which the MS-SMB2 spec (section 3.3.5.20.1 Handling
> SMB2_0_INFO_FILE) says the file handle must have FILE_READ_ATTRIBUTES
> access granted.
>
> I noticed this problem when running .loadfile() against the NTVFS
> server.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
> source3/libsmb/pylibsmb.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
> index 1c945d2..037a79c 100644
> --- a/source3/libsmb/pylibsmb.c
> +++ b/source3/libsmb/pylibsmb.c
> @@ -928,7 +928,8 @@ static PyObject *py_smb_loadfile(struct py_cli_state *self, PyObject *args,
>
> /* get a read file handle */
> req = cli_ntcreate_send(NULL, self->ev, self->cli, filename, 0,
> - FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
> + FILE_READ_DATA | FILE_READ_ATTRIBUTES,
> + FILE_ATTRIBUTE_NORMAL,
> FILE_SHARE_READ, FILE_OPEN, 0,
> SMB2_IMPERSONATION_IMPERSONATION, 0);
> if (!py_tevent_req_wait_exc(self, req)) {
> --
> 2.7.4
>
>
> From 6d4cf589eb52b57c6e269ec0b365bcea51190a53 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Fri, 11 Jan 2019 14:53:16 +1300
> Subject: [PATCH 05/11] netcmd: Change GPO commands to use s3 SMB Py bindings
>
> This means we can now use GPO commands on a DC that has SMBv1 disabled.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
> python/samba/netcmd/gpo.py | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
> index d443129..1b5e927 100644
> --- a/python/samba/netcmd/gpo.py
> +++ b/python/samba/netcmd/gpo.py
> @@ -43,7 +43,7 @@ import samba.auth
> from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES
> from samba.netcmd.common import netcmd_finddc
> from samba import policy
> -from samba import smb
> +from samba.samba3 import param as s3param
> from samba.samba3 import libsmb_samba_internal as libsmb
> from samba import NTSTATUSError
> import uuid
> @@ -365,7 +365,10 @@ def create_directory_hier(conn, remotedir):
> def smb_connection(dc_hostname, service, lp, creds, sign=False):
> # SMB connect to DC
> try:
> - conn = smb.SMB(dc_hostname, service, lp=lp, creds=creds, sign=sign)
> + # the SMB bindings rely on having a s3 loadparm
> + s3_lp = s3param.get_context()
> + s3_lp.load(lp.configfile)
> + conn = libsmb.Conn(dc_hostname, service, lp=s3_lp, creds=creds, sign=sign)
> except Exception:
> raise CommandError("Error connecting to '%s' using SMB" % dc_hostname)
> return conn
> --
> 2.7.4
>
>
> From bad62fdcc4dd92312f8f8d34d4105fd29e6b4aa0 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Fri, 11 Jan 2019 15:57:21 +1300
> Subject: [PATCH 06/11] s4:pysmb: Add error log that the s4 bindings are
> deprecated
>
> We plan to delete the s4 SMB Python bindings in the next Samba release
> after v4.10, but first give external consumers a heads-up, just in case
> they are currently using the s4 bindings.
>
> Note the auth_log tests still use the s4 bindings, but all user-facing
> tools should now be updated to use the s3 bindings.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
> source4/libcli/pysmb.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c
> index 45ff9a0..5a02816 100644
> --- a/source4/libcli/pysmb.c
> +++ b/source4/libcli/pysmb.c
> @@ -614,6 +614,18 @@ static PyObject *py_smb_new(PyTypeObject *type, PyObject *args, PyObject *kwargs
> uint8_t use_spnego = 0xFF;
> PyObject *sign = Py_False;
>
> + /*
> + * These Python bindings are now deprecated because the s4 SMB client
> + * code doesn't support SMBv2 (and is unlikely to ever support it).
> + * The s3 libsmb_samba_internal bindings are a better choice for use
> + * within the Samba codebase, and support much the same API.
> + * This warning is mostly for external consumers that might be using
> + * these Python bindings (in which case, note libsmb_samba_internal
> + * is not a stable API and may change in future).
> + */
> + DBG_ERR("The smb.SMB() Python bindings are now deprecated "
> + "and will be removed in the next samba release\n");
> +
> if (!PyArg_ParseTupleAndKeywords(args, kwargs, "zz|OObbO",
> discard_const_p(char *, kwnames),
> &hostname, &service, &py_creds, &py_lp,
> --
> 2.7.4
>
>
> From 0eae1e6d4b1c9824ac3d9fb25814f6f628aced33 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Fri, 11 Jan 2019 15:09:48 +1300
> Subject: [PATCH 07/11] tests: Run samba_tool.gpo tests against backup testenvs
>
> Run the GPO tests against the backup/restore testenvs.
>
> Because the backup/restore preserves the NTACLs of the sysvol files,
> running the GPO tests against the backup testenvs is a good sanity-
> check. If fact it highlights that there is currently a problem with
> restoring the GPO files - this shows up in 'samba-tool gpo aclcheck',
> but we never noticed it until now.
>
> NTACL backup works slightly different for offline backups, and rename
> backups end up with more sysvol files, so run the tests against both
> these envs.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
> selftest/knownfail.d/gpo | 3 +++
> source4/selftest/tests.py | 8 +++++---
> 2 files changed, 8 insertions(+), 3 deletions(-)
> create mode 100644 selftest/knownfail.d/gpo
>
> diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
> new file mode 100644
> index 0000000..fabe2ba
> --- /dev/null
> +++ b/selftest/knownfail.d/gpo
> @@ -0,0 +1,3 @@
> +# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug)
> +samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(renamedc:local\)
> +samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(offlinebackupdc:local\)
> diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
> index a1f3842..9d56e0b 100755
> --- a/source4/selftest/tests.py
> +++ b/source4/selftest/tests.py
> @@ -656,11 +656,13 @@ for env in ["ad_dc_ntvfs", "fl2000dc", "fl2003dc", "fl2008r2dc"]:
> for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]:
> plantestsuite("samba.tests.samba_tool.edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
>
> -# We run this test against both AD DC implemetnations because it is
> +# We run this test against both AD DC implementations because it is
> # the only test we have of GPO get/set behaviour, and this involves
> # the file server as well as the LDAP server.
> -planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.gpo", py3_compatible=True)
> -planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.gpo", py3_compatible=True)
> +# It's also a good sanity-check that sysvol backup worked correctly.
> +for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]:
> + planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo",
> + py3_compatible=True)
>
> planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.processes", py3_compatible=True)
> planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user", py3_compatible=True)
> --
> 2.7.4
>
>
> From 1669f27bf750420709f3873ed62f4cab9544eacb Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Tue, 15 Jan 2019 14:09:15 +1300
> Subject: [PATCH 08/11] ntacls: Pass correct use_ntvfs through to setntacl()
>
> We were already checking the smb.conf to see if it uses the NTVFS file
> server or the default smbd server. However, we weren't passing this
> through to the setntacl() call.
>
> This fixes the problem we noticed with 'samba-tool gpo aclcheck' failing
> after a restore.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
> python/samba/ntacls.py | 3 ++-
> selftest/knownfail.d/gpo | 3 ---
> 2 files changed, 2 insertions(+), 4 deletions(-)
> delete mode 100644 selftest/knownfail.d/gpo
>
> diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
> index 9924573..5bf646c 100644
> --- a/python/samba/ntacls.py
> +++ b/python/samba/ntacls.py
> @@ -454,7 +454,8 @@ class NtaclsHelper:
>
> def setntacl(self, path, ntacl_sd):
> # ntacl_sd can be obj or str
> - return setntacl(self.lp, path, ntacl_sd, self.dom_sid)
> + return setntacl(self.lp, path, ntacl_sd, self.dom_sid,
> + use_ntvfs=self.use_ntvfs)
>
>
> def _create_ntacl_file(dst, ntacl_sddl_str):
> diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
> deleted file mode 100644
> index fabe2ba..0000000
> --- a/selftest/knownfail.d/gpo
> +++ /dev/null
> @@ -1,3 +0,0 @@
> -# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug)
> -samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(renamedc:local\)
> -samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(offlinebackupdc:local\)
> --
> 2.7.4
>
>
> From f15a770d6bb85a1d4e177d815a1b58adfb3fa9e2 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Tue, 15 Jan 2019 17:12:20 +1300
> Subject: [PATCH 09/11] tests: Run GPO commands against testenv with SMBv1
> disabled
>
> Just to prove that they work across SMBv2.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
> source4/selftest/tests.py | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
> index 9d56e0b..7073755 100755
> --- a/source4/selftest/tests.py
> +++ b/source4/selftest/tests.py
> @@ -660,7 +660,8 @@ for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:loca
> # the only test we have of GPO get/set behaviour, and this involves
> # the file server as well as the LDAP server.
> # It's also a good sanity-check that sysvol backup worked correctly.
> -for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]:
> +for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc",
> + smbv1_disabled_testenv]:
> planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo",
> py3_compatible=True)
>
> --
> 2.7.4
>
>
> From 2fa085905b7cee3de13cf16d8ec71684e3aa4135 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Thu, 13 Dec 2018 16:29:33 +1300
> Subject: [PATCH 10/11] selftest: Give the backup testenvs a 'test1' share
>
> The ntacls_backup tests use the test1 share, and we want to run them
> against the restoredc (which has SMBv1 disabled).
>
> The xattr.tdb file is needed for the backend_obj.wrap_getxattr() call
> (in ntacls.py) to work.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
>
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
> selftest/target/Samba4.pm | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
> index 5346cb1..f2635e5 100755
> --- a/selftest/target/Samba4.pm
> +++ b/selftest/target/Samba4.pm
> @@ -3007,12 +3007,14 @@ sub prepare_dc_testenv
> # add support for sysvol/netlogon/tmp shares
> $ctx->{share} = "$ctx->{prefix_abs}/share";
> push(@{$ctx->{directories}}, "$ctx->{share}");
> + push(@{$ctx->{directories}}, "$ctx->{share}/test1");
>
> $ctx->{smb_conf_extra_options} = "
> $conf_options
> max xmit = 32K
> server max protocol = SMB2
> samba kcc command = /bin/true
> + xattr_tdb:file = $ctx->{statedir}/xattr.tdb
>
> [sysvol]
> path = $ctx->{statedir}/sysvol
> @@ -3029,6 +3031,12 @@ sub prepare_dc_testenv
> posix:oplocktimeout = 3
> posix:writetimeupdatedelay = 50000
>
> +[test1]
> + path = $ctx->{share}/test1
> + read only = no
> + posix:sharedelay = 100000
> + posix:oplocktimeout = 3
> + posix:writetimeupdatedelay = 500000
> ";
>
> my $env = $self->provision_raw_step1($ctx);
> --
> 2.7.4
>
>
> From 495e67d0752aeb84a70ef2e4500772a46593706e Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Wed, 16 Jan 2019 10:02:07 +1300
> Subject: [PATCH 11/11] tests: Run ntacls_backup tests against testenv with
> SMBv1 disabled
>
> Just to prove that the NTACL backup works over SMBv2.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=1367
>
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
> source4/selftest/tests.py | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
> index 7073755..b813208 100755
> --- a/source4/selftest/tests.py
> +++ b/source4/selftest/tests.py
> @@ -695,15 +695,13 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$U
>
> for env in ["ad_dc", smbv1_disabled_testenv]:
> planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
> + planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup",
> + extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
>
> planoldpythontestsuite(
> "ad_dc_ntvfs:local", "samba.tests.dcerpc.registry",
> extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
>
> -planoldpythontestsuite(
> - "ad_dc:local", "samba.tests.ntacls_backup",
> - extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
> -
> planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
> planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
> planoldpythontestsuite("chgdcpass", "samba.tests.dcerpc.raw_protocol", py3_compatible=True,
> --
> 2.7.4
>
More information about the samba-technical
mailing list