[PATCH] Convert samba-tool GPO cmds to use s3 SMB Python bindings

Jeremy Allison jra at samba.org
Wed Jan 16 21:40:20 UTC 2019


On Wed, Jan 16, 2019 at 04:11:58PM +1300, Tim Beale via samba-technical wrote:
> I added a few more patches to run the GPO and NTACL tests over more
> testenvs. This highlighted a bug in how we restore the NTACLs from
> backup-file, which I've fixed up now.
> 
> Merge request: https://gitlab.com/samba-team/samba/merge_requests/192
> 
> On 11/01/19 5:37 PM, Tim Beale wrote:
> > Take 2 with glaring python import error fixed...
> >
> > CI link: https://gitlab.com/catalyst-samba/samba/pipelines/42949972
> >
> > On 11/01/19 5:10 PM, Tim Beale wrote:
> >> This converts the 'samba-tool gpo' commands to use the s3 SMB bindings,
> >> which will mean the commands will now work on a DC with SMBv1 disabled.
> >>
> >> This should be the last of SMB python binding changes needed for 4.10.
> >> Then we can finally close bug 13676.
> >>
> >> CI link: https://gitlab.com/catalyst-samba/samba/pipelines/42946382
> >>
> >> Review appreciated. Thanks
> >>

LGTM (with minor change to set declared pointers initially to NULL
in the C code) ! Thanks a *LOT* for this work Tim,

RB+

Jeremy.

> From b6dab31de3b224fdbbfca324d8f9d1b197f7ceec Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Fri, 14 Dec 2018 10:37:11 +1300
> Subject: [PATCH 01/11] python/gpclass: Convert gpclass to use s3 SMB Python
>  bindings
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
> 
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
>  python/samba/gpclass.py | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py
> index fb7c705..0040f23 100644
> --- a/python/samba/gpclass.py
> +++ b/python/samba/gpclass.py
> @@ -29,7 +29,8 @@ import xml.etree.ElementTree as etree
>  import re
>  from samba.net import Net
>  from samba.dcerpc import nbt
> -from samba import smb
> +from samba.samba3 import libsmb_samba_internal as libsmb
> +from samba.samba3 import param as s3param
>  import samba.gpo as gpo
>  from samba.param import LoadParm
>  from uuid import UUID
> @@ -386,7 +387,7 @@ def cache_gpo_dir(conn, cache, sub_dir):
>          if e.errno != errno.EEXIST:
>              raise
>      for fdata in conn.list(sub_dir):
> -        if fdata['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
> +        if fdata['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
>              cache_gpo_dir(conn, cache, os.path.join(sub_dir, fdata['name']))
>          else:
>              local_name = fdata['name'].upper()
> @@ -407,7 +408,10 @@ def check_safe_path(path):
>  
>  
>  def check_refresh_gpo_list(dc_hostname, lp, creds, gpos):
> -    conn = smb.SMB(dc_hostname, 'sysvol', lp=lp, creds=creds, sign=True)
> +    # the SMB bindings rely on having a s3 loadparm
> +    s3_lp = s3param.get_context()
> +    s3_lp.load(lp.configfile)
> +    conn = libsmb.Conn(dc_hostname, 'sysvol', lp=s3_lp, creds=creds, sign=True)
>      cache_path = lp.cache_path('gpo_cache')
>      for gpo in gpos:
>          if not gpo.file_sys_path:
> -- 
> 2.7.4
> 
> 
> From 0e9fe6a984b3c51a9ec2b3316bdfd0c26a461f92 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Tue, 8 Jan 2019 14:42:05 +1300
> Subject: [PATCH 02/11] s3:pylibsmb: Add .set_acl API to SMB py bindings
> 
> This is pretty similar code to py_smb_getacl(), except it's calling
> cli_set_security_descriptor() instead of cli_query_security_descriptor()
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
> 
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
>  source3/libsmb/pylibsmb.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 51 insertions(+)
> 
> diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
> index e0ce518..1c945d2 100644
> --- a/source3/libsmb/pylibsmb.c
> +++ b/source3/libsmb/pylibsmb.c
> @@ -1525,6 +1525,54 @@ static PyObject *py_smb_getacl(struct py_cli_state *self, PyObject *args)
>  				    sd, sd);
>  }
>  
> +/*
> + * Set ACL on file/directory using given security descriptor object
> + */
> +static PyObject *py_smb_setacl(struct py_cli_state *self, PyObject *args)
> +{
> +	NTSTATUS status;
> +	const char *filename;
> +	PyObject *py_sd;
> +	struct security_descriptor *sd;
> +	unsigned int sinfo = SECINFO_DEFAULT_FLAGS;
> +	uint16_t fnum;
> +
> +	/* there's no async version of cli_set_security_descriptor() */
> +	if (self->thread_state != NULL) {
> +		PyErr_SetString(PyExc_RuntimeError,
> +				"set_acl() is not supported on "
> +				"a multi_threaded connection");
> +		return NULL;
> +	}
> +
> +	if (!PyArg_ParseTuple(args, "sO|I:set_acl", &filename, &py_sd,
> +			      &sinfo)) {
> +		return NULL;
> +	}
> +
> +	sd = pytalloc_get_type(py_sd, struct security_descriptor);
> +	if (!sd) {
> +		PyErr_Format(PyExc_TypeError,
> +			"Expected dcerpc.security.descriptor as argument, got %s",
> +			talloc_get_name(pytalloc_get_ptr(py_sd)));
> +		return NULL;
> +	}
> +
> +	status = cli_ntcreate(self->cli, filename, 0,
> +			      SEC_FLAG_MAXIMUM_ALLOWED, 0,
> +			      FILE_SHARE_READ|FILE_SHARE_WRITE,
> +			      FILE_OPEN, 0x0, 0x0, &fnum, NULL);
> +	PyErr_NTSTATUS_IS_ERR_RAISE(status);
> +
> +	status = cli_set_security_descriptor(self->cli, fnum, sinfo, sd);
> +	PyErr_NTSTATUS_IS_ERR_RAISE(status);
> +
> +	status = cli_close(self->cli, fnum);
> +	PyErr_NTSTATUS_IS_ERR_RAISE(status);
> +
> +	Py_RETURN_NONE;
> +}
> +
>  static PyMethodDef py_cli_state_methods[] = {
>  	{ "settimeout", (PyCFunction)py_cli_settimeout, METH_VARARGS,
>  	  "settimeout(new_timeout_msecs) => return old_timeout_msecs" },
> @@ -1577,6 +1625,9 @@ static PyMethodDef py_cli_state_methods[] = {
>  	{ "get_acl", (PyCFunction)py_smb_getacl, METH_VARARGS,
>  	  "get_acl(path[, security_info=0]) -> security_descriptor object\n\n"
>  	  "\t\tGet security descriptor for file." },
> +	{ "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS,
> +	  "set_acl(path, security_descriptor[, security_info=0]) -> None\n\n"
> +	  "\t\tSet security descriptor for file." },
>  	{ NULL, NULL, 0, NULL }
>  };
>  
> -- 
> 2.7.4
> 
> 
> From c819cf24d0c50c55f2b8f9205bb72cb718bae1f6 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Tue, 8 Jan 2019 15:10:46 +1300
> Subject: [PATCH 03/11] netcmd: Change SMB flags from s4 Py bindings to s3
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
> 
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
>  python/samba/netcmd/gpo.py | 13 +++++++------
>  1 file changed, 7 insertions(+), 6 deletions(-)
> 
> diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
> index a064f44..d443129 100644
> --- a/python/samba/netcmd/gpo.py
> +++ b/python/samba/netcmd/gpo.py
> @@ -44,6 +44,7 @@ from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHE
>  from samba.netcmd.common import netcmd_finddc
>  from samba import policy
>  from samba import smb
> +from samba.samba3 import libsmb_samba_internal as libsmb
>  from samba import NTSTATUSError
>  import uuid
>  from samba.ntacls import dsacl2fsacl
> @@ -280,7 +281,7 @@ def backup_directory_remote_to_local(conn, remotedir, localdir):
>              r_name = r_dir + '\\' + e['name']
>              l_name = os.path.join(l_dir, e['name'])
>  
> -            if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
> +            if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
>                  r_dirs.append(r_name)
>                  l_dirs.append(l_name)
>                  os.mkdir(l_name)
> @@ -294,10 +295,10 @@ def backup_directory_remote_to_local(conn, remotedir, localdir):
>                  parser.write_xml(l_name + '.xml')
>  
>  
> -attr_flags = smb.FILE_ATTRIBUTE_SYSTEM | \
> -             smb.FILE_ATTRIBUTE_DIRECTORY | \
> -             smb.FILE_ATTRIBUTE_ARCHIVE | \
> -             smb.FILE_ATTRIBUTE_HIDDEN
> +attr_flags = libsmb.FILE_ATTRIBUTE_SYSTEM | \
> +             libsmb.FILE_ATTRIBUTE_DIRECTORY | \
> +             libsmb.FILE_ATTRIBUTE_ARCHIVE | \
> +             libsmb.FILE_ATTRIBUTE_HIDDEN
>  
>  
>  def copy_directory_remote_to_local(conn, remotedir, localdir):
> @@ -315,7 +316,7 @@ def copy_directory_remote_to_local(conn, remotedir, localdir):
>              r_name = r_dir + '\\' + e['name']
>              l_name = os.path.join(l_dir, e['name'])
>  
> -            if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY:
> +            if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY:
>                  r_dirs.append(r_name)
>                  l_dirs.append(l_name)
>                  os.mkdir(l_name)
> -- 
> 2.7.4
> 
> 
> From 52f2b10a091cbce278dda71a9f3c1ad77253edd4 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Fri, 11 Jan 2019 14:25:32 +1300
> Subject: [PATCH 04/11] s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to
>  .loadfile() API
> 
> Add FILE_READ_ATTRIBUTES when opening the file handle, as we need to
> read the file's size.
> 
> The .loadfile() API can end up calling cli_qfileinfo_basic() to get the
> file size. This can end up doing a 'FILE_ALL_INFORMATION' SMBv2 request
> underneath, which the MS-SMB2 spec (section 3.3.5.20.1 Handling
> SMB2_0_INFO_FILE) says the file handle must have FILE_READ_ATTRIBUTES
> access granted.
> 
> I noticed this problem when running .loadfile() against the NTVFS
> server.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
> 
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
>  source3/libsmb/pylibsmb.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
> index 1c945d2..037a79c 100644
> --- a/source3/libsmb/pylibsmb.c
> +++ b/source3/libsmb/pylibsmb.c
> @@ -928,7 +928,8 @@ static PyObject *py_smb_loadfile(struct py_cli_state *self, PyObject *args,
>  
>  	/* get a read file handle */
>  	req = cli_ntcreate_send(NULL, self->ev, self->cli, filename, 0,
> -				FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
> +				FILE_READ_DATA | FILE_READ_ATTRIBUTES,
> +				FILE_ATTRIBUTE_NORMAL,
>  				FILE_SHARE_READ, FILE_OPEN, 0,
>  				SMB2_IMPERSONATION_IMPERSONATION, 0);
>  	if (!py_tevent_req_wait_exc(self, req)) {
> -- 
> 2.7.4
> 
> 
> From 6d4cf589eb52b57c6e269ec0b365bcea51190a53 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Fri, 11 Jan 2019 14:53:16 +1300
> Subject: [PATCH 05/11] netcmd: Change GPO commands to use s3 SMB Py bindings
> 
> This means we can now use GPO commands on a DC that has SMBv1 disabled.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
> 
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
>  python/samba/netcmd/gpo.py | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
> index d443129..1b5e927 100644
> --- a/python/samba/netcmd/gpo.py
> +++ b/python/samba/netcmd/gpo.py
> @@ -43,7 +43,7 @@ import samba.auth
>  from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES
>  from samba.netcmd.common import netcmd_finddc
>  from samba import policy
> -from samba import smb
> +from samba.samba3 import param as s3param
>  from samba.samba3 import libsmb_samba_internal as libsmb
>  from samba import NTSTATUSError
>  import uuid
> @@ -365,7 +365,10 @@ def create_directory_hier(conn, remotedir):
>  def smb_connection(dc_hostname, service, lp, creds, sign=False):
>      # SMB connect to DC
>      try:
> -        conn = smb.SMB(dc_hostname, service, lp=lp, creds=creds, sign=sign)
> +        # the SMB bindings rely on having a s3 loadparm
> +        s3_lp = s3param.get_context()
> +        s3_lp.load(lp.configfile)
> +        conn = libsmb.Conn(dc_hostname, service, lp=s3_lp, creds=creds, sign=sign)
>      except Exception:
>          raise CommandError("Error connecting to '%s' using SMB" % dc_hostname)
>      return conn
> -- 
> 2.7.4
> 
> 
> From bad62fdcc4dd92312f8f8d34d4105fd29e6b4aa0 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Fri, 11 Jan 2019 15:57:21 +1300
> Subject: [PATCH 06/11] s4:pysmb: Add error log that the s4 bindings are
>  deprecated
> 
> We plan to delete the s4 SMB Python bindings in the next Samba release
> after v4.10, but first give external consumers a heads-up, just in case
> they are currently using the s4 bindings.
> 
> Note the auth_log tests still use the s4 bindings, but all user-facing
> tools should now be updated to use the s3 bindings.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
> 
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
>  source4/libcli/pysmb.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c
> index 45ff9a0..5a02816 100644
> --- a/source4/libcli/pysmb.c
> +++ b/source4/libcli/pysmb.c
> @@ -614,6 +614,18 @@ static PyObject *py_smb_new(PyTypeObject *type, PyObject *args, PyObject *kwargs
>  	uint8_t use_spnego = 0xFF;
>  	PyObject *sign = Py_False;
>  
> +	/*
> +	 * These Python bindings are now deprecated because the s4 SMB client
> +	 * code doesn't support SMBv2 (and is unlikely to ever support it).
> +	 * The s3 libsmb_samba_internal bindings are a better choice for use
> +	 * within the Samba codebase, and support much the same API.
> +	 * This warning is mostly for external consumers that might be using
> +	 * these Python bindings (in which case, note libsmb_samba_internal
> +	 * is not a stable API and may change in future).
> +	 */
> +	DBG_ERR("The smb.SMB() Python bindings are now deprecated "
> +		"and will be removed in the next samba release\n");
> +
>  	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "zz|OObbO",
>  					 discard_const_p(char *, kwnames),
>  					 &hostname, &service, &py_creds, &py_lp,
> -- 
> 2.7.4
> 
> 
> From 0eae1e6d4b1c9824ac3d9fb25814f6f628aced33 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Fri, 11 Jan 2019 15:09:48 +1300
> Subject: [PATCH 07/11] tests: Run samba_tool.gpo tests against backup testenvs
> 
> Run the GPO tests against the backup/restore testenvs.
> 
> Because the backup/restore preserves the NTACLs of the sysvol files,
> running the GPO tests against the backup testenvs is a good sanity-
> check. If fact it highlights that there is currently a problem with
> restoring the GPO files - this shows up in 'samba-tool gpo aclcheck',
> but we never noticed it until now.
> 
> NTACL backup works slightly different for offline backups, and rename
> backups end up with more sysvol files, so run the tests against both
> these envs.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
> 
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
>  selftest/knownfail.d/gpo  | 3 +++
>  source4/selftest/tests.py | 8 +++++---
>  2 files changed, 8 insertions(+), 3 deletions(-)
>  create mode 100644 selftest/knownfail.d/gpo
> 
> diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
> new file mode 100644
> index 0000000..fabe2ba
> --- /dev/null
> +++ b/selftest/knownfail.d/gpo
> @@ -0,0 +1,3 @@
> +# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug)
> +samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(renamedc:local\)
> +samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(offlinebackupdc:local\)
> diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
> index a1f3842..9d56e0b 100755
> --- a/source4/selftest/tests.py
> +++ b/source4/selftest/tests.py
> @@ -656,11 +656,13 @@ for env in ["ad_dc_ntvfs", "fl2000dc", "fl2003dc", "fl2008r2dc"]:
>  for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]:
>      plantestsuite("samba.tests.samba_tool.edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD'])
>  
> -# We run this test against both AD DC implemetnations because it is
> +# We run this test against both AD DC implementations because it is
>  # the only test we have of GPO get/set behaviour, and this involves
>  # the file server as well as the LDAP server.
> -planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.gpo",  py3_compatible=True)
> -planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.gpo", py3_compatible=True)
> +# It's also a good sanity-check that sysvol backup worked correctly.
> +for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]:
> +    planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo",
> +                        py3_compatible=True)
>  
>  planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.processes", py3_compatible=True)
>  planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user", py3_compatible=True)
> -- 
> 2.7.4
> 
> 
> From 1669f27bf750420709f3873ed62f4cab9544eacb Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Tue, 15 Jan 2019 14:09:15 +1300
> Subject: [PATCH 08/11] ntacls: Pass correct use_ntvfs through to setntacl()
> 
> We were already checking the smb.conf to see if it uses the NTVFS file
> server or the default smbd server. However, we weren't passing this
> through to the setntacl() call.
> 
> This fixes the problem we noticed with 'samba-tool gpo aclcheck' failing
> after a restore.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
> 
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
>  python/samba/ntacls.py   | 3 ++-
>  selftest/knownfail.d/gpo | 3 ---
>  2 files changed, 2 insertions(+), 4 deletions(-)
>  delete mode 100644 selftest/knownfail.d/gpo
> 
> diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
> index 9924573..5bf646c 100644
> --- a/python/samba/ntacls.py
> +++ b/python/samba/ntacls.py
> @@ -454,7 +454,8 @@ class NtaclsHelper:
>  
>      def setntacl(self, path, ntacl_sd):
>          # ntacl_sd can be obj or str
> -        return setntacl(self.lp, path, ntacl_sd, self.dom_sid)
> +        return setntacl(self.lp, path, ntacl_sd, self.dom_sid,
> +                        use_ntvfs=self.use_ntvfs)
>  
>  
>  def _create_ntacl_file(dst, ntacl_sddl_str):
> diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo
> deleted file mode 100644
> index fabe2ba..0000000
> --- a/selftest/knownfail.d/gpo
> +++ /dev/null
> @@ -1,3 +0,0 @@
> -# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug)
> -samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(renamedc:local\)
> -samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(offlinebackupdc:local\)
> -- 
> 2.7.4
> 
> 
> From f15a770d6bb85a1d4e177d815a1b58adfb3fa9e2 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Tue, 15 Jan 2019 17:12:20 +1300
> Subject: [PATCH 09/11] tests: Run GPO commands against testenv with SMBv1
>  disabled
> 
> Just to prove that they work across SMBv2.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
> 
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
>  source4/selftest/tests.py | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
> index 9d56e0b..7073755 100755
> --- a/source4/selftest/tests.py
> +++ b/source4/selftest/tests.py
> @@ -660,7 +660,8 @@ for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:loca
>  # the only test we have of GPO get/set behaviour, and this involves
>  # the file server as well as the LDAP server.
>  # It's also a good sanity-check that sysvol backup worked correctly.
> -for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]:
> +for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc",
> +            smbv1_disabled_testenv]:
>      planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo",
>                          py3_compatible=True)
>  
> -- 
> 2.7.4
> 
> 
> From 2fa085905b7cee3de13cf16d8ec71684e3aa4135 Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Thu, 13 Dec 2018 16:29:33 +1300
> Subject: [PATCH 10/11] selftest: Give the backup testenvs a 'test1' share
> 
> The ntacls_backup tests use the test1 share, and we want to run them
> against the restoredc (which has SMBv1 disabled).
> 
> The xattr.tdb file is needed for the backend_obj.wrap_getxattr() call
> (in ntacls.py) to work.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
> 
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
>  selftest/target/Samba4.pm | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
> index 5346cb1..f2635e5 100755
> --- a/selftest/target/Samba4.pm
> +++ b/selftest/target/Samba4.pm
> @@ -3007,12 +3007,14 @@ sub prepare_dc_testenv
>  	# add support for sysvol/netlogon/tmp shares
>  	$ctx->{share} = "$ctx->{prefix_abs}/share";
>  	push(@{$ctx->{directories}}, "$ctx->{share}");
> +	push(@{$ctx->{directories}}, "$ctx->{share}/test1");
>  
>  	$ctx->{smb_conf_extra_options} = "
>  	$conf_options
>  	max xmit = 32K
>  	server max protocol = SMB2
>  	samba kcc command = /bin/true
> +	xattr_tdb:file = $ctx->{statedir}/xattr.tdb
>  
>  [sysvol]
>  	path = $ctx->{statedir}/sysvol
> @@ -3029,6 +3031,12 @@ sub prepare_dc_testenv
>  	posix:oplocktimeout = 3
>  	posix:writetimeupdatedelay = 50000
>  
> +[test1]
> +	path = $ctx->{share}/test1
> +	read only = no
> +	posix:sharedelay = 100000
> +	posix:oplocktimeout = 3
> +	posix:writetimeupdatedelay = 500000
>  ";
>  
>  	my $env = $self->provision_raw_step1($ctx);
> -- 
> 2.7.4
> 
> 
> From 495e67d0752aeb84a70ef2e4500772a46593706e Mon Sep 17 00:00:00 2001
> From: Tim Beale <timbeale at catalyst.net.nz>
> Date: Wed, 16 Jan 2019 10:02:07 +1300
> Subject: [PATCH 11/11] tests: Run ntacls_backup tests against testenv with
>  SMBv1 disabled
> 
> Just to prove that the NTACL backup works over SMBv2.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=1367
> 
> Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
> ---
>  source4/selftest/tests.py | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
> index 7073755..b813208 100755
> --- a/source4/selftest/tests.py
> +++ b/source4/selftest/tests.py
> @@ -695,15 +695,13 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$U
>  
>  for env in ["ad_dc", smbv1_disabled_testenv]:
>      planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
> +    planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup",
> +        extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
>  
>  planoldpythontestsuite(
>      "ad_dc_ntvfs:local", "samba.tests.dcerpc.registry",
>      extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
>  
> -planoldpythontestsuite(
> -    "ad_dc:local", "samba.tests.ntacls_backup",
> -    extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
> -
>  planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
>  planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True)
>  planoldpythontestsuite("chgdcpass", "samba.tests.dcerpc.raw_protocol", py3_compatible=True,
> -- 
> 2.7.4
> 




More information about the samba-technical mailing list