samba.git/python/samba/ntacls.py, branch talloc-2.4.4 Unnamed repository; edit this file 'description' to name the repository. python: Fix code spelling 2025-05-26T02:41:37+00:00 Jennifer Sutton jennifersutton@catalyst.net.nz 2025-02-14T03:21:45+00:00 10a68f570866f186a7610641267fdc98ad887d69 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
python:ntacls: pull allow list out of loop 2025-03-19T15:56:38+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2025-03-07T02:51:18+00:00 20129d16dc30a2ab9ad0ae04fec5cf007ebb035d BUG: https://bugzilla.samba.org/show_bug.cgi?id=14927 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Mar 19 15:56:38 UTC 2025 on atb-devel-224 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14927

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 19 15:56:38 UTC 2025 on atb-devel-224
python/ntacls.py: only allow allow and deny ACEs in setntacl() 2025-03-19T14:58:32+00:00 Ralph Boehme slow@samba.org 2023-07-31T13:24:19+00:00 ff0e0045ed5ec619e8ef1910c0b72eb118f59bd3 Commit 27dd0afb62d4f7427c966e984c7c8b01bc4d93b5 introduced a regression. Before that commit we included only SEC_ACE_TYPE_ACCESS_ALLOWED(0) as 'not type & SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT' filtered out SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT(5), but also SEC_ACE_TYPE_ACCESS_DENIED and SEC_ACE_TYPE_ACCESS_DENIED_OBJECT. After that commit we started to include SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT, which is wrong. It was also always wrong to exclude SEC_ACE_TYPE_ACCESS_DENIED(1). So now we make it explicit that we only include SEC_ACE_TYPE_ACCESS_ALLOWED and SEC_ACE_TYPE_ACCESS_DENIED. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14927 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> 
Commit 27dd0afb62d4f7427c966e984c7c8b01bc4d93b5 introduced a
regression.

Before that commit we included only SEC_ACE_TYPE_ACCESS_ALLOWED(0)
as 'not type & SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT' filtered out
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT(5), but also
SEC_ACE_TYPE_ACCESS_DENIED and SEC_ACE_TYPE_ACCESS_DENIED_OBJECT.

After that commit we started to include
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT, which is wrong.

It was also always wrong to exclude SEC_ACE_TYPE_ACCESS_DENIED(1).

So now we make it explicit that we only include
SEC_ACE_TYPE_ACCESS_ALLOWED and SEC_ACE_TYPE_ACCESS_DENIED.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14927

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
python: pep257: docstring should use double quotes 2023-12-15T02:54:34+00:00 Rob van der Linde rob@catalyst.net.nz 2023-12-14T02:14:27+00:00 ddba4a06bbe236dfecf6ee6fee8493e8ca0c2b14 Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python: Remove redundant backslashes 2023-08-30T02:15:29+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-08-25T01:55:23+00:00 12f1c7825db44d83e94ba37335c1582363281f75 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python:samba: Fix code spelling 2023-06-23T14:51:14+00:00 Andreas Schneider asn@samba.org 2023-06-06T11:31:52+00:00 c837ecf442cfb8e19abaa917ff61f323a41829fd Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jun 23 14:51:14 UTC 2023 on atb-devel-224 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 23 14:51:14 UTC 2023 on atb-devel-224
CVE-2007-4559 python: ensure sanity in our tarfiles 2022-10-04T03:48:43+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2022-09-23T00:32:25+00:00 37406b9d97f123576c811b9fe22b39b02af62f83 Python's tarfile module is not very careful about paths that step out of the target directory. We can be a bit better at little cost. This was reported in 2007[1], and has recently been publicised [2, for example]. We were informed of this bug in December 2021 by Luis Alberto López Alvar, but decided then that there were no circumstances under which this was a security concern. That is, if you can alter the backup files, you can already do worse things. But there is a case to guard against an administrator being tricked into trying to restore a file that isn't based on a real backup. [1] https://nvd.nist.gov/vuln/detail/CVE-2007-4559 [2] https://www.theregister.com/2022/09/22/python_vulnerability_tarfile/ BUG: https://bugzilla.samba.org/show_bug.cgi?id=15185 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Oct 4 03:48:43 UTC 2022 on sn-devel-184 
Python's tarfile module is not very careful about paths that step out
of the target directory. We can be a bit better at little cost.

This was reported in 2007[1], and has recently been publicised [2, for
example].

We were informed of this bug in December 2021 by Luis Alberto López
Alvar, but decided then that there were no circumstances under which
this was a security concern. That is, if you can alter the backup
files, you can already do worse things. But there is a case to guard
against an administrator being tricked into trying to restore a file
that isn't based on a real backup.

[1] https://nvd.nist.gov/vuln/detail/CVE-2007-4559
[2] https://www.theregister.com/2022/09/22/python_vulnerability_tarfile/

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15185

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct  4 03:48:43 UTC 2022 on sn-devel-184
python/ntacls.py: Fix ACE type comparison 2022-03-17T00:41:34+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-03-04T03:11:42+00:00 27dd0afb62d4f7427c966e984c7c8b01bc4d93b5 SEC_ACE_TYPE_ values are not flags, so this comparison does not behave as intended. Modify the check to more closely match the one in gp_create_gpt_security_descriptor(). Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
SEC_ACE_TYPE_ values are not flags, so this comparison does not behave
as intended. Modify the check to more closely match the one in
gp_create_gpt_security_descriptor().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python: remove all 'from __future__ import print_function' 2021-04-28T03:43:34+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2021-04-28T01:02:37+00:00 aecb2b779b88c13784b7c2691ae08da716d65ab2 This made Python 2's print behave like Python 3's print(). In some cases, where we had: from __future__ import print_function """Intended module documentation...""" this will have the side effect of making the intended module documentation work as the actual module documentation (i.e. becoming __doc__), because it is once again the first statement in the module. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This made Python 2's print behave like Python 3's print().

In some cases, where we had:

   from __future__ import print_function
   """Intended module documentation..."""

this will have the side effect of making the intended module documentation
work as the actual module documentation (i.e. becoming __doc__), because
it is once again the first statement in the module.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: Fix opening SamDB database for offline backup 2021-03-24T02:08:54+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2021-03-21T22:06:30+00:00 d7c111514ad53787af5a7084355126df9999a34f When opening the backed-up SamDB database, open the top-level database without loading any modules so the backend database files aren't unnecessarily opened. The domain SID is now fetched from the original database rather than from the backup. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> 
When opening the backed-up SamDB database, open the top-level database
without loading any modules so the backend database files aren't
unnecessarily opened. The domain SID is now fetched from the original
database rather than from the backup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>