The branch, v4-22-test has been updated
via 29bd6fe9cbe python:lsa_utils: Fix fallback to OpenPolicy2
via 8a7346f6c03 python:lsa_utils: Don't use optional arguments for
OpenPolicyFallback()
via 1f84f56c6df pidl: Update documentation for DCERPC interface
connections
via 82aa8314259 librpc:pyrpc: Allow new authenticated rpc connection on
the same transport as the basis_connection
via 310b5c9dcec dcesrv_core: Make dcesrv_call_disconnect_after() public
via 1a3be37e0eb s3:rpc_client: Use cli_rpc_pipe_reopen_np_noauth() for
OpenPolicy fallback
via d0420684649 s3:rpc_cerver: Use dcerpc_lsa_open_policy3() for
internal RPC
via 60dc107d2a6 s3:rpc_client: Add cli_rpc_pipe_reopen_np_noauth()
via 3a7591436e6 pytests: test pysmbd with relative path names via
samba-tool ntacl
via aad39687b6f pysmbd: Fix interactive samba-tool use after
0bb35e246141
via 78ed8d3a985 pytests: test pysmbd with non-existent file
via 836ff80b954 pysmbd: Init mangle_fns
from 65494ee1223 mdssvc: support a few more attributes
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-22-test
- Log -----------------------------------------------------------------
commit 29bd6fe9cbe538b267bf0ed66823cfe8599afb3d
Author: Stefan Metzmacher <[email protected]>
Date: Wed Jul 17 18:12:31 2024 +0200
python:lsa_utils: Fix fallback to OpenPolicy2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680
Pair-Programmed-With: Andreas Schneider <[email protected]>
Signed-off-by: Andreas Schneider <[email protected]>
Signed-off-by: Stefan Metzmacher <[email protected]>
Autobuild-User(master): Andreas Schneider <[email protected]>
Autobuild-Date(master): Mon Feb 17 18:33:15 UTC 2025 on atb-devel-224
(cherry picked from commit a814f5d90a3fb85a94c9516dba224037e8fd76f1)
Autobuild-User(v4-22-test): Jule Anger <[email protected]>
Autobuild-Date(v4-22-test): Thu Feb 20 11:22:18 UTC 2025 on atb-devel-224
commit 8a7346f6c03dd4f5e8394997e1d118d33c950c35
Author: Andreas Schneider <[email protected]>
Date: Thu Feb 13 10:31:49 2025 +0100
python:lsa_utils: Don't use optional arguments for OpenPolicyFallback()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
(cherry picked from commit f9a3fc19f1e212c54351c3f94978e66fceeb8835)
commit 1f84f56c6df0813e488701704daf2174bd0f7eb3
Author: Andreas Schneider <[email protected]>
Date: Mon Feb 17 15:41:06 2025 +0100
pidl: Update documentation for DCERPC interface connections
https://realpython.com/documenting-python-code/
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
(cherry picked from commit 73ce15e7d5b7ea867849f1aa4fa5390830660f11)
commit 82aa83142598f99d662fb9f16aa20c5e2f5fafa5
Author: Stefan Metzmacher <[email protected]>
Date: Wed Jul 17 18:11:49 2024 +0200
librpc:pyrpc: Allow new authenticated rpc connection on the same transport
as the basis_connection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 2c171fb1b8c88034a98c3aaf052e99ba5dbbafd9)
commit 310b5c9dcecfba72b3b02632fca08a68c042d2c1
Author: Stefan Metzmacher <[email protected]>
Date: Wed Jul 17 17:39:24 2024 +0200
dcesrv_core: Make dcesrv_call_disconnect_after() public
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit a094a29e426cc79e23bb4d866334d7735159fb41)
commit 1a3be37e0eb564604b20c5d2ab1842661d466433
Author: Stefan Metzmacher <[email protected]>
Date: Wed Feb 12 12:45:19 2025 +0100
s3:rpc_client: Use cli_rpc_pipe_reopen_np_noauth() for OpenPolicy fallback
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 3bbe35d42c4d4a0ce663580dfb035b6beb329ebb)
commit d0420684649383ffbd309d23c69a0bf8a051fc06
Author: Stefan Metzmacher <[email protected]>
Date: Wed Feb 12 14:17:30 2025 +0100
s3:rpc_cerver: Use dcerpc_lsa_open_policy3() for internal RPC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 0c68d9bc0cd5873f7b59be0fe93d64d6d47b5a57)
commit 60dc107d2a6154bf3254218e10b91c2a91ee88d9
Author: Stefan Metzmacher <[email protected]>
Date: Wed Feb 12 12:35:20 2025 +0100
s3:rpc_client: Add cli_rpc_pipe_reopen_np_noauth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit d2ac6221db48b93581d7ce48d31f8851c88b77bc)
commit 3a7591436e68d6f18ac8db0fddf853236b5378d0
Author: Björn Baumbach <[email protected]>
Date: Thu Feb 13 18:05:44 2025 +0100
pytests: test pysmbd with relative path names via samba-tool ntacl
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15806
Signed-off-by: Björn Baumbach <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
Autobuild-User(master): Björn Baumbach <[email protected]>
Autobuild-Date(master): Fri Feb 14 16:18:19 UTC 2025 on atb-devel-224
(cherry picked from commit 3e1c19c2c3f8b0bdf21301431bc886757fd4b3ce)
commit aad39687b6f1facdba5a03319ee6bc45f5915547
Author: Volker Lendecke <[email protected]>
Date: Wed Feb 12 13:45:42 2025 +0100
pysmbd: Fix interactive samba-tool use after 0bb35e246141
samba-tool ntacl also calls into pysmbd, and 0bb35e246141 broke
relative path names. Thanks to Björn Baumbach <[email protected]> for
testing interactively!!
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15806
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
(cherry picked from commit 26705d047cb885957a49939370e03047429351b6)
commit 78ed8d3a985654a7982e63accded24ddcb5fd378
Author: Björn Baumbach <[email protected]>
Date: Wed Feb 12 17:15:37 2025 +0100
pytests: test pysmbd with non-existent file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15807
Signed-off-by: Björn Baumbach <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
(cherry picked from commit 334f621e4b74e9cda735982e223aefc7eefb4631)
commit 836ff80b95403519f6ea925d3c45fcf191bc41d1
Author: Volker Lendecke <[email protected]>
Date: Mon Jan 13 11:45:06 2025 +0100
pysmbd: Init mangle_fns
openat_pathref_fsp() eventually calls mangling functions, so we have
to initialize them.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15807
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
(cherry picked from commit 0a9946258eb4587f5c132805d7c44062c377f375)
-----------------------------------------------------------------------
Summary of changes:
librpc/rpc/dcesrv_core.c | 4 +-
librpc/rpc/dcesrv_core.h | 3 +
pidl/lib/Parse/Pidl/Samba4/Python.pm | 29 +++++++--
python/samba/lsa_utils.py | 67 +++++++++++++--------
python/samba/netcmd/domain/trust.py | 93 +++++++++++++----------------
python/samba/tests/dcerpc/lsa_utils.py | 51 ++++++++++------
python/samba/tests/krb5/kdc_base_test.py | 32 ++++++----
python/samba/tests/samba_tool/ntacl.py | 80 +++++++++++++++++++++++++
source3/lib/netapi/localgroup.c | 2 +-
source3/rpc_client/cli_lsarpc.c | 15 ++++-
source3/rpc_client/cli_lsarpc.h | 4 +-
source3/rpc_client/cli_pipe.c | 88 +++++++++++++++++++++++++++
source3/rpc_client/cli_pipe.h | 2 +
source3/rpc_server/netlogon/srv_netlog_nt.c | 2 +-
source3/rpcclient/cmd_lsarpc.c | 48 +++++++--------
source3/smbd/pysmbd.c | 44 ++++++++++++--
source3/utils/net_rpc.c | 6 +-
source3/utils/net_rpc_rights.c | 4 +-
source3/utils/net_rpc_trust.c | 2 +-
source3/winbindd/winbindd_cm.c | 2 +-
source3/wscript_build | 2 +-
source4/librpc/rpc/pyrpc_util.c | 78 +++++++++++++++++++++---
22 files changed, 496 insertions(+), 162 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index 66478001640..7fb23d49d61 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -783,8 +783,8 @@ static void dcesrv_call_set_list(struct dcesrv_call_state
*call,
}
}
-static void dcesrv_call_disconnect_after(struct dcesrv_call_state *call,
- const char *reason)
+void dcesrv_call_disconnect_after(struct dcesrv_call_state *call,
+ const char *reason)
{
struct dcesrv_auth *a = NULL;
diff --git a/librpc/rpc/dcesrv_core.h b/librpc/rpc/dcesrv_core.h
index 90f5bd21d64..0b69af575b2 100644
--- a/librpc/rpc/dcesrv_core.h
+++ b/librpc/rpc/dcesrv_core.h
@@ -566,6 +566,9 @@ NTSTATUS dcesrv_auth_session_key(struct dcesrv_call_state
*call,
NTSTATUS dcesrv_transport_session_key(struct dcesrv_call_state *call,
DATA_BLOB *session_key);
+void dcesrv_call_disconnect_after(struct dcesrv_call_state *call,
+ const char *reason);
+
/* a useful macro for generating a RPC fault in the backend code */
#define DCESRV_FAULT(code) do { \
dce_call->fault_code = code; \
diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm
b/pidl/lib/Parse/Pidl/Samba4/Python.pm
index 1d32f71c886..e6a5ac8bb17 100644
--- a/pidl/lib/Parse/Pidl/Samba4/Python.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm
@@ -1597,11 +1597,30 @@ sub Interface($$$)
$self->pidl("");
my $signature =
-"\"$interface->{NAME}(binding, lp_ctx=None, credentials=None) ->
connection\\n\"
-\"\\n\"
-\"binding should be a DCE/RPC binding string (for example:
ncacn_ip_tcp:127.0.0.1)\\n\"
-\"lp_ctx should be a path to a smb.conf file or a param.LoadParm object\\n\"
-\"credentials should be a credentials.Credentials object.\\n\\n\"";
+"\"$interface->{NAME}(binding, lp_ctx=None, credentials=None,
basis_connection=None) -> connection\\n\"
+\"\\n\\n\"
+\"Parameters\\n\"
+\"----------\\n\"
+\"binding : str\\n\"
+\" A DCE/RPC binding string (for example: ncacn_ip_tcp:127.0.0.1)\\n\"
+\"lp_ctx : param.LoadParm\\n\"
+\" Should be a path to a smb.conf file or a param.LoadParm object\\n\"
+\"credentials : credentials.Credentials, optional\\n\"
+\" A credentials.Credentials object (default is None).\\n\"
+\"basis_connection : samba.dcerpc.ClientConnection, optional\\n\"
+\" A $interface->{NAME} client connection object (default is None).\\n\"
+\"\\n\\n\"
+\"Returns\\n\"
+\"-------\\n\"
+\"samba.dcerpc.ClientConnection\\n\"
+\" A ClientConnection object\\n\"
+\"\\n\\n\"
+\"Raises\\n\"
+\"------\\n\"
+\"samba.NTSTATUSError\\n\"
+\" An NTSTATUS error\\n\"
+\"\\n\"";
+
my $docstring = $self->DocString($interface,
$interface->{NAME});
diff --git a/python/samba/lsa_utils.py b/python/samba/lsa_utils.py
index 043e65f3341..506dc399c93 100644
--- a/python/samba/lsa_utils.py
+++ b/python/samba/lsa_utils.py
@@ -20,24 +20,27 @@ from samba.dcerpc import lsa, drsblobs, misc
from samba.ndr import ndr_pack
from samba import (
NTSTATUSError,
+ ntstatus,
aead_aes_256_cbc_hmac_sha512,
arcfour_encrypt,
)
-from samba.ntstatus import (
- NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE
-)
from samba import crypto
from secrets import token_bytes
+# FIXME from collections.abc import Callable
def OpenPolicyFallback(
- conn: lsa.lsarpc,
+ # new_lsa_conn: Callable[[], lsa.lsarpc], - FIXME the type doesn't work
+ # with python version 3.6 (CentOS8, SLES15).
+ new_lsa_conn,
system_name: str,
in_version: int,
in_revision_info: lsa.revision_info1,
- sec_qos: bool = False,
- access_mask: int = 0,
+ sec_qos: bool,
+ access_mask: int,
):
+ conn = new_lsa_conn()
+
attr = lsa.ObjectAttribute()
if sec_qos:
qos = lsa.QosInfo()
@@ -48,26 +51,38 @@ def OpenPolicyFallback(
attr.sec_qos = qos
- try:
- out_version, out_rev_info, policy = conn.OpenPolicy3(
- system_name,
- attr,
- access_mask,
- in_version,
- in_revision_info
- )
- except NTSTATUSError as e:
- if e.args[0] == NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE:
- out_version = 1
- out_rev_info = lsa.revision_info1()
- out_rev_info.revision = 1
- out_rev_info.supported_features = 0
-
- policy = conn.OpenPolicy2(system_name, attr, access_mask)
- else:
- raise
-
- return out_version, out_rev_info, policy
+ open_policy2 = False
+ if in_revision_info is not None:
+ try:
+ out_version, out_rev_info, policy = conn.OpenPolicy3(
+ system_name,
+ attr,
+ access_mask,
+ in_version,
+ in_revision_info
+ )
+ except NTSTATUSError as e:
+ if e.args[0] == ntstatus.NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE:
+ open_policy2 = True
+ if e.args[0] == ntstatus.NT_STATUS_ACCESS_DENIED:
+ # We need a new connection
+ conn = new_lsa_conn(basis_connection=conn)
+
+ open_policy2 = True
+ else:
+ raise
+ else:
+ open_policy2 = True
+
+ if open_policy2:
+ out_version = 1
+ out_rev_info = lsa.revision_info1()
+ out_rev_info.revision = 1
+ out_rev_info.supported_features = 0
+
+ policy = conn.OpenPolicy2(system_name, attr, access_mask)
+
+ return conn, out_version, out_rev_info, policy
def CreateTrustedDomainRelax(
diff --git a/python/samba/netcmd/domain/trust.py
b/python/samba/netcmd/domain/trust.py
index 0784fa5e282..f3d75f84137 100644
--- a/python/samba/netcmd/domain/trust.py
+++ b/python/samba/netcmd/domain/trust.py
@@ -125,8 +125,13 @@ class DomainTrustCommand(Command):
self.local_creds = local_creds
return self.local_server
- def new_local_lsa_connection(self):
- return lsa.lsarpc(self.local_binding_string, self.local_lp,
self.local_creds)
+ def new_local_lsa_connection(self, basis_connection=None):
+ return lsa.lsarpc(
+ self.local_binding_string,
+ self.local_lp,
+ self.local_creds,
+ basis_connection=basis_connection
+ )
def new_local_netlogon_connection(self):
return netlogon.netlogon(self.local_binding_string, self.local_lp,
self.local_creds)
@@ -203,13 +208,23 @@ class DomainTrustCommand(Command):
self.remote_creds = remote_creds
return self.remote_server
- def new_remote_lsa_connection(self):
- return lsa.lsarpc(self.remote_binding_string, self.local_lp,
self.remote_creds)
+ def new_remote_lsa_connection(self, basis_connection=None):
+ return lsa.lsarpc(
+ self.remote_binding_string,
+ self.local_lp,
+ self.remote_creds,
+ basis_connection=basis_connection
+ )
- def new_remote_netlogon_connection(self):
- return netlogon.netlogon(self.remote_binding_string, self.local_lp,
self.remote_creds)
+ def new_remote_netlogon_connection(self, basis_connection=None):
+ return netlogon.netlogon(
+ self.remote_binding_string,
+ self.local_lp,
+ self.remote_creds,
+ basis_connection=basis_connection
+ )
- def get_lsa_info(self, conn, policy_access):
+ def get_lsa_info(self, conn_fn, policy_access):
in_version = 1
in_revision_info1 = lsa.revision_info1()
in_revision_info1.revision = 1
@@ -217,17 +232,18 @@ class DomainTrustCommand(Command):
lsa.LSA_FEATURE_TDO_AUTH_INFO_AES_CIPHER
)
- out_version, out_revision_info1, policy = OpenPolicyFallback(
- conn,
- b''.decode('utf-8'),
+ conn, out_version, out_revision_info1, policy = OpenPolicyFallback(
+ conn_fn,
+ '',
in_version,
in_revision_info1,
+ False,
policy_access
)
info = conn.QueryInfoPolicy2(policy, lsa.LSA_POLICY_INFO_DNS)
- return (policy, out_version, out_revision_info1, info)
+ return (conn, policy, out_version, out_revision_info1, info)
def get_netlogon_dc_unc(self, conn, server, domain):
try:
@@ -507,19 +523,15 @@ class cmd_domain_trust_show(DomainTrustCommand):
def run(self, domain, sambaopts=None, versionopts=None, localdcopts=None):
self.setup_local_server(sambaopts, localdcopts)
- try:
- local_lsa = self.new_local_lsa_connection()
- except RuntimeError as error:
- raise self.LocalRuntimeError(self, error, "failed to connect lsa
server")
-
try:
local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
(
+ local_lsa,
local_policy,
local_version,
local_revision_info1,
local_lsa_info
- ) = self.get_lsa_info(local_lsa, local_policy_access)
+ ) = self.get_lsa_info(self.new_local_lsa_connection,
local_policy_access)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "failed to query
LSA_POLICY_INFO_DNS")
@@ -648,19 +660,16 @@ class cmd_domain_trust_modify(DomainTrustCommand):
raise CommandError("modification arguments are required, try
--help")
self.setup_local_server(sambaopts, localdcopts)
- try:
- local_lsa = self.new_local_lsa_connection()
- except RuntimeError as error:
- raise self.LocalRuntimeError(self, error, "failed to connect to
lsa server")
try:
local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
(
+ local_lsa,
local_policy,
local_version,
local_revision_info1,
local_lsa_info
- ) = self.get_lsa_info(local_lsa, local_policy_access)
+ ) = self.get_lsa_info(self.new_local_lsa_connection,
local_policy_access)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "failed to query
LSA_POLICY_INFO_DNS")
@@ -907,18 +916,15 @@ class cmd_domain_trust_create(DomainTrustCommand):
remote_trust_info.trust_attributes |=
lsa.LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
local_server = self.setup_local_server(sambaopts, localdcopts)
- try:
- local_lsa = self.new_local_lsa_connection()
- except RuntimeError as error:
- raise self.LocalRuntimeError(self, error, "failed to connect lsa
server")
try:
(
+ local_lsa,
local_policy,
local_version,
local_revision_info1,
local_lsa_info
- ) = self.get_lsa_info(local_lsa, local_policy_access)
+ ) = self.get_lsa_info(self.new_local_lsa_connection,
local_policy_access)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "failed to query
LSA_POLICY_INFO_DNS")
@@ -932,18 +938,14 @@ class cmd_domain_trust_create(DomainTrustCommand):
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "failed to locate
remote server")
- try:
- remote_lsa = self.new_remote_lsa_connection()
- except RuntimeError as error:
- raise self.RemoteRuntimeError(self, error, "failed to connect lsa
server")
-
try:
(
+ remote_lsa,
remote_policy,
remote_version,
remote_revision_info1,
remote_lsa_info
- ) = self.get_lsa_info(remote_lsa, remote_policy_access)
+ ) = self.get_lsa_info(self.new_remote_lsa_connection,
remote_policy_access)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "failed to query
LSA_POLICY_INFO_DNS")
@@ -1296,18 +1298,15 @@ class cmd_domain_trust_delete(DomainTrustCommand):
remote_policy_access |= lsa.LSA_POLICY_CREATE_SECRET
self.setup_local_server(sambaopts, localdcopts)
- try:
- local_lsa = self.new_local_lsa_connection()
- except RuntimeError as error:
- raise self.LocalRuntimeError(self, error, "failed to connect lsa
server")
try:
(
+ local_lsa,
local_policy,
local_version,
local_revision_info1,
local_lsa_info
- ) = self.get_lsa_info(local_lsa, local_policy_access)
+ ) = self.get_lsa_info(self.new_local_lsa_connection,
local_policy_access)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "failed to query
LSA_POLICY_INFO_DNS")
@@ -1337,18 +1336,14 @@ class cmd_domain_trust_delete(DomainTrustCommand):
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "failed to locate
remote server")
- try:
- remote_lsa = self.new_remote_lsa_connection()
- except RuntimeError as error:
- raise self.RemoteRuntimeError(self, error, "failed to connect
lsa server")
-
try:
(
+ remote_lsa,
remote_policy,
remote_version,
remote_revision_info1,
remote_lsa_info
- ) = self.get_lsa_info(remote_lsa, remote_policy_access)
+ ) = self.get_lsa_info(self.new_remote_lsa_connection,
remote_policy_access)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "failed to query
LSA_POLICY_INFO_DNS")
@@ -1449,18 +1444,15 @@ class cmd_domain_trust_validate(DomainTrustCommand):
local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION
local_server = self.setup_local_server(sambaopts, localdcopts)
- try:
- local_lsa = self.new_local_lsa_connection()
- except RuntimeError as error:
- raise self.LocalRuntimeError(self, error, "failed to connect lsa
server")
try:
(
+ local_lsa,
local_policy,
local_version,
local_revision_info1,
local_lsa_info
- ) = self.get_lsa_info(local_lsa, local_policy_access)
+ ) = self.get_lsa_info(self.new_local_lsa_connection,
local_policy_access)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "failed to query
LSA_POLICY_INFO_DNS")
@@ -1896,11 +1888,12 @@ class cmd_domain_trust_namespaces(DomainTrustCommand):
try:
(
+ local_lsa,
local_policy,
local_version,
local_revision_info1,
local_lsa_info
- ) = self.get_lsa_info(local_lsa, local_policy_access)
+ ) = self.get_lsa_info(self.new_local_lsa_connection,
local_policy_access)
except RuntimeError as error:
raise self.LocalRuntimeError(self, error, "failed to query
LSA_POLICY_INFO_DNS")
diff --git a/python/samba/tests/dcerpc/lsa_utils.py
b/python/samba/tests/dcerpc/lsa_utils.py
index 229f57ec546..8a3e7d24276 100644
--- a/python/samba/tests/dcerpc/lsa_utils.py
+++ b/python/samba/tests/dcerpc/lsa_utils.py
@@ -35,6 +35,7 @@ from samba.lsa_utils import (
class CreateTrustedDomain(TestCase):
+ smbencrypt = True
def get_user_creds(self):
c = Credentials()
@@ -47,26 +48,35 @@ class CreateTrustedDomain(TestCase):
c.set_password(password)
return c
- def _create_trust_relax(self, smbencrypt=True):
+ def new_lsa_conn(self, basis_connection=None):
creds = self.get_user_creds()
-
- if smbencrypt:
+ if self.smbencrypt:
creds.set_smb_encryption(SMB_ENCRYPTION_REQUIRED)
else:
creds.set_smb_encryption(SMB_ENCRYPTION_OFF)
lp = self.get_loadparm()
-
binding_string = (
"ncacn_np:%s" % (samba.tests.env_get_var_value('SERVER'))
)
- lsa_conn = lsa.lsarpc(binding_string, lp, creds)
- if smbencrypt:
+ lsa_conn = lsa.lsarpc(
+ binding_string,
+ lp,
+ creds,
+ basis_connection=basis_connection
+ )
+
+ if self.smbencrypt:
self.assertTrue(lsa_conn.transport_encrypted())
else:
self.assertFalse(lsa_conn.transport_encrypted())
+ return lsa_conn
+
+ def _create_trust_relax(self, smbencrypt=True):
+ self.smbencrypt = smbencrypt
+
in_version = 1
in_revision_info1 = lsa.revision_info1()
in_revision_info1.revision = 1
@@ -74,12 +84,18 @@ class CreateTrustedDomain(TestCase):
lsa.LSA_FEATURE_TDO_AUTH_INFO_AES_CIPHER
)
- out_version, out_revision_info1, pol_handle = OpenPolicyFallback(
+ (
lsa_conn,
+ out_version,
+ out_revision_info1,
+ pol_handle
+ ) = OpenPolicyFallback(
+ self.new_lsa_conn,
'',
in_version,
in_revision_info1,
- access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED
+ False,
+ security.SEC_FLAG_MAXIMUM_ALLOWED
)
self.assertIsNotNone(pol_handle)
@@ -147,14 +163,7 @@ class CreateTrustedDomain(TestCase):
self.assertIsNone(trustdom_handle)
def _create_trust_fallback(self):
- creds = self.get_user_creds()
-
- lp = self.get_loadparm()
-
- binding_string = (
- "ncacn_np:%s" % (samba.tests.env_get_var_value('SERVER'))
- )
- lsa_conn = lsa.lsarpc(binding_string, lp, creds)
+ self.smbencrypt = True
in_version = 1
in_revision_info1 = lsa.revision_info1()
@@ -163,12 +172,18 @@ class CreateTrustedDomain(TestCase):
lsa.LSA_FEATURE_TDO_AUTH_INFO_AES_CIPHER
)
- out_version, out_revision_info1, pol_handle = OpenPolicyFallback(
+ (
lsa_conn,
+ out_version,
--
Samba Shared Repository
