Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lts-team/packages/samba
  • thctlo/samba-lintianfix
  • arnaudr/samba
  • jrwren/samba
  • paride/samba
  • athos/samba
  • henrich/samba
  • cnotin/samba
  • mimi89999/samba
  • samba-team/samba
  • ahasenack/samba
  • jrtc27/samba
  • noel/samba
13 results
Show changes
Commits on Source (5)
......@@ -7,7 +7,7 @@ Uploaders: Steve Langasek <vorlon@debian.org>,
Mathieu Parent <sathieu@debian.org>,
Andrew Bartlett <abartlet+debian@catalyst.net.nz>
Homepage: http://www.samba.org
Standards-Version: 4.2.1
Standards-Version: 4.3.0
Build-Depends: bison,
debhelper (>= 11),
dh-exec,
......@@ -242,7 +242,6 @@ Pre-Depends: ${misc:Pre-Depends}
Architecture: any
Section: python
Provides: ${python:Provides}
Suggests: python-gpgme
Depends: python-crypto,
python-ldb,
python-tdb,
......@@ -250,6 +249,7 @@ Depends: python-crypto,
${misc:Depends},
${python:Depends},
${shlibs:Depends}
Recommends: python-gpg
Description: Python bindings for Samba
Samba is an implementation of the SMB/CIFS protocol for Unix systems,
providing support for cross-platform file sharing with Microsoft Windows, OS X,
......
From f1e2bedbbc1446073876e0a0e02e9c4f02fa67f6 Mon Sep 17 00:00:00 2001
From: Joe Guo <joeg@catalyst.net.nz>
Date: Thu, 20 Dec 2018 16:47:00 +1300
Subject: [PATCH] netcmd/user: python[3]-gpgme unsupported and replaced by
python[3]-gpg
python[3]-gpgme is deprecated since ubuntu 1804 and debian 9.
use python[3]-gpg instead, and adapt the API.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13728
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 84069c8a5476a47d45ab946d82abb0d6c04635c3)
---
python/samba/netcmd/user.py | 86 ++++++++++++++++++++++++++-----------
1 file changed, 61 insertions(+), 25 deletions(-)
diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py
index 5af76c9be7d1..437866c0a42f 100644
--- a/python/samba/netcmd/user.py
+++ b/python/samba/netcmd/user.py
@@ -21,6 +21,7 @@ import samba.getopt as options
import ldb
import pwd
import os
+import io
import re
import tempfile
import difflib
@@ -56,15 +57,56 @@ from samba.netcmd import (
)
from samba.compat import text_type
-try:
- import io
- import gpgme
- gpgme_support = True
- decrypt_samba_gpg_help = "Decrypt the SambaGPG password as cleartext source"
-except ImportError as e:
- gpgme_support = False
- decrypt_samba_gpg_help = "Decrypt the SambaGPG password not supported, " + \
- "python-gpgme required"
+
+# python[3]-gpgme is abandoned since ubuntu 1804 and debian 9
+# have to use python[3]-gpg instead
+# The API is different, need to adapt.
+
+def _gpgme_decrypt(encrypted_bytes):
+ """
+ Use python[3]-gpgme to decrypt GPG.
+ """
+ ctx = gpgme.Context()
+ ctx.armor = True # use ASCII-armored
+ out = io.BytesIO()
+ ctx.decrypt(io.BytesIO(encrypted_bytes), out)
+ return out.getvalue()
+
+
+def _gpg_decrypt(encrypted_bytes):
+ """
+ Use python[3]-gpg to decrypt GPG.
+ """
+ ciphertext = gpg.Data(string=encrypted_bytes)
+ ctx = gpg.Context(armor=True)
+ # plaintext, result, verify_result
+ plaintext, _, _ = ctx.decrypt(ciphertext)
+ return plaintext
+
+
+gpg_decrypt = None
+
+if not gpg_decrypt:
+ try:
+ import gpgme
+ gpg_decrypt = _gpgme_decrypt
+ except ImportError:
+ pass
+
+if not gpg_decrypt:
+ try:
+ import gpg
+ gpg_decrypt = _gpg_decrypt
+ except ImportError:
+ pass
+
+if gpg_decrypt:
+ decrypt_samba_gpg_help = ("Decrypt the SambaGPG password as "
+ "cleartext source")
+else:
+ decrypt_samba_gpg_help = ("Decrypt the SambaGPG password not supported, "
+ "python[3]-gpgme or python[3]-gpg required")
+
disabled_virtual_attributes = {
}
@@ -1024,13 +1066,8 @@ class GetPasswordCommand(Command):
#
sgv = get_package("Primary:SambaGPG", min_idx=-1)
if sgv is not None and unicodePwd is not None:
- ctx = gpgme.Context()
- ctx.armor = True
- cipher_io = io.BytesIO(sgv)
- plain_io = io.BytesIO()
try:
- ctx.decrypt(cipher_io, plain_io)
- cv = plain_io.getvalue()
+ cv = gpg_decrypt(sgv)
#
# We only use the password if it matches
# the current nthash stored in the unicodePwd
@@ -1042,14 +1079,13 @@ class GetPasswordCommand(Command):
nthash = tmp.get_nt_hash()
if nthash == unicodePwd:
calculated["Primary:CLEARTEXT"] = cv
- except gpgme.GpgmeError as e1:
- (major, minor, msg) = e1.args
- if major == gpgme.ERR_BAD_SECKEY:
- msg = "ERR_BAD_SECKEY: " + msg
- else:
- msg = "MAJOR:%d, MINOR:%d: %s" % (major, minor, msg)
- self.outf.write("WARNING: '%s': SambaGPG can't be decrypted into CLEARTEXT: %s\n" % (
- username or account_name, msg))
+
+ except Exception as e:
+ self.outf.write(
+ "WARNING: '%s': SambaGPG can't be decrypted "
+ "into CLEARTEXT: %s\n" % (
+ username or account_name, e))
+
def get_utf8(a, b, username):
try:
@@ -1458,7 +1494,7 @@ samba-tool user getpassword --filter=samaccountname=TestUser3 --attributes=msDS-
sambaopts=None, versionopts=None):
self.lp = sambaopts.get_loadparm()
- if decrypt_samba_gpg and not gpgme_support:
+ if decrypt_samba_gpg and not gpg_decrypt:
raise CommandError(decrypt_samba_gpg_help)
if filter is None and username is None:
@@ -1800,7 +1836,7 @@ samba-tool user syncpasswords --terminate \\
if H is None:
H = "ldapi://%s" % os.path.abspath(self.lp.private_path("ldap_priv/ldapi"))
- if decrypt_samba_gpg and not gpgme_support:
+ if decrypt_samba_gpg and not gpg_decrypt:
raise CommandError(decrypt_samba_gpg_help)
password_attrs = self.parse_attributes(attributes)
--
2.17.1
......@@ -8,3 +8,4 @@ add-so-version-to-private-libraries
heimdal-rfc3454.txt
nsswitch-Add-try_authtok-option-to-pam_winbind.patch
s3-auth-ignore-create_builtin_guests-failing-without.patch
python-gpg.patch
......@@ -21,6 +21,7 @@ import samba.getopt as options
import ldb
import pwd
import os
import io
import re
import tempfile
import difflib
......@@ -56,15 +57,56 @@ from samba.netcmd import (
)
from samba.compat import text_type
try:
import io
import gpgme
gpgme_support = True
decrypt_samba_gpg_help = "Decrypt the SambaGPG password as cleartext source"
except ImportError as e:
gpgme_support = False
decrypt_samba_gpg_help = "Decrypt the SambaGPG password not supported, " + \
"python-gpgme required"
# python[3]-gpgme is abandoned since ubuntu 1804 and debian 9
# have to use python[3]-gpg instead
# The API is different, need to adapt.
def _gpgme_decrypt(encrypted_bytes):
"""
Use python[3]-gpgme to decrypt GPG.
"""
ctx = gpgme.Context()
ctx.armor = True # use ASCII-armored
out = io.BytesIO()
ctx.decrypt(io.BytesIO(encrypted_bytes), out)
return out.getvalue()
def _gpg_decrypt(encrypted_bytes):
"""
Use python[3]-gpg to decrypt GPG.
"""
ciphertext = gpg.Data(string=encrypted_bytes)
ctx = gpg.Context(armor=True)
# plaintext, result, verify_result
plaintext, _, _ = ctx.decrypt(ciphertext)
return plaintext
gpg_decrypt = None
if not gpg_decrypt:
try:
import gpgme
gpg_decrypt = _gpgme_decrypt
except ImportError:
pass
if not gpg_decrypt:
try:
import gpg
gpg_decrypt = _gpg_decrypt
except ImportError:
pass
if gpg_decrypt:
decrypt_samba_gpg_help = ("Decrypt the SambaGPG password as "
"cleartext source")
else:
decrypt_samba_gpg_help = ("Decrypt the SambaGPG password not supported, "
"python[3]-gpgme or python[3]-gpg required")
disabled_virtual_attributes = {
}
......@@ -1024,13 +1066,8 @@ class GetPasswordCommand(Command):
#
sgv = get_package("Primary:SambaGPG", min_idx=-1)
if sgv is not None and unicodePwd is not None:
ctx = gpgme.Context()
ctx.armor = True
cipher_io = io.BytesIO(sgv)
plain_io = io.BytesIO()
try:
ctx.decrypt(cipher_io, plain_io)
cv = plain_io.getvalue()
cv = gpg_decrypt(sgv)
#
# We only use the password if it matches
# the current nthash stored in the unicodePwd
......@@ -1042,14 +1079,13 @@ class GetPasswordCommand(Command):
nthash = tmp.get_nt_hash()
if nthash == unicodePwd:
calculated["Primary:CLEARTEXT"] = cv
except gpgme.GpgmeError as e1:
(major, minor, msg) = e1.args
if major == gpgme.ERR_BAD_SECKEY:
msg = "ERR_BAD_SECKEY: " + msg
else:
msg = "MAJOR:%d, MINOR:%d: %s" % (major, minor, msg)
self.outf.write("WARNING: '%s': SambaGPG can't be decrypted into CLEARTEXT: %s\n" % (
username or account_name, msg))
except Exception as e:
self.outf.write(
"WARNING: '%s': SambaGPG can't be decrypted "
"into CLEARTEXT: %s\n" % (
username or account_name, e))
def get_utf8(a, b, username):
try:
......@@ -1458,7 +1494,7 @@ samba-tool user getpassword --filter=samaccountname=TestUser3 --attributes=msDS-
sambaopts=None, versionopts=None):
self.lp = sambaopts.get_loadparm()
if decrypt_samba_gpg and not gpgme_support:
if decrypt_samba_gpg and not gpg_decrypt:
raise CommandError(decrypt_samba_gpg_help)
if filter is None and username is None:
......@@ -1800,7 +1836,7 @@ samba-tool user syncpasswords --terminate \\
if H is None:
H = "ldapi://%s" % os.path.abspath(self.lp.private_path("ldap_priv/ldapi"))
if decrypt_samba_gpg and not gpgme_support:
if decrypt_samba_gpg and not gpg_decrypt:
raise CommandError(decrypt_samba_gpg_help)
password_attrs = self.parse_attributes(attributes)
......