SambaConfig - file /etc/samba/smb.conf

This parser reads the Samba configuration file /etc/samba/smb.conf, which is in standard .ini format, with a couple of notable features:

  • Samba ignores spaces at the start of options, which the ConfigParser class normally does not. This spacing is stripped by this parser.

  • Samba likewise ignores spaces in section heading names.

  • Samba allows the same section to be defined multiple times, with the options therein being merged as if they were one section.

  • Samba allows options to be declared before the first section marker. This parser puts these options in a global section.

  • Samba treats ‘;’ as a comment prefix, similar to ‘#’.

Sample configuration file:

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
#...
#======================= Global Settings =====================================

[global]
    workgroup = MYGROUP
    server string = Samba Server Version %v
    max log size = 50

[homes]
    comment = Home Directories
    browseable = no
    writable = yes
;   valid users = %S
;   valid users = MYDOMAIN\%S

[printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    writable = no
    printable = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
[public]
   comment = Public Stuff
   path = /home/samba
   public = yes
   writable = yes
   printable = no
   write list = +staff

Examples

>>> type(conf)
<class 'insights.parsers.samba.SambaConfig'>
>>> sorted(conf.sections()) == [u'global', u'homes', u'printers', u'public']
True
>>> global_options = conf.items('global')  # get a section as a dictionary
>>> type(global_options) == type({})
True
>>> conf.get('public', 'comment') == u'Public Stuff'  # Accessor for section and option
True
>>> conf.getboolean('public', 'writable')  # Type conversion, but no default
True
>>> conf.getint('global', 'max log size')  # Same for integer conversion
50
class insights.parsers.samba.SambaConfig(context)[source]

Bases: insights.core.IniConfigFile

This parser reads the Samba configuration file /etc/samba/smb.conf.

Note: It is needed for better resolution descriptions when it is necessary to know what exactly is in the configuration file. For generic tasks use SambaConfigs or SambaConfigsAll instead.

parse_content(content)[source]

Parses content of the config file.

In child class overload and call super to set flag allow_no_values and allow keys with no value in config file:

def parse_content(self, content):
    super(YourClass, self).parse_content(content,
                                         allow_no_values=True)
class insights.parsers.samba.SambaConfigs(context)[source]

Bases: insights.parsers.samba.SambaConfig

This parser reads the Samba configuration from command testparm -s which is more reliable than parsing the config file, as it includes configuration in internal registry. It also includes server role.

Note: This is the most suitable parser when only user changes to the configuration are important for the detection logic, i.e. misconfiguration.

server_role

Server role as reported by the command.

Type

string

parse_content(content)[source]

Parses content of the config file.

In child class overload and call super to set flag allow_no_values and allow keys with no value in config file:

def parse_content(self, content):
    super(YourClass, self).parse_content(content,
                                         allow_no_values=True)
class insights.parsers.samba.SambaConfigsAll(context)[source]

Bases: insights.parsers.samba.SambaConfigs

This parser reads the Samba configuration from command testparm -v -s which is more reliable than parsing the config file, as it includes configuration in internal registry. It also includes all default values and server role.

Note: This parser is needed for cases when active value of specific option is needed for the detection logic, irrespective of its origin from user changes or defaults, i.e. security vulnerabilities.

server_role

Server role as reported by the command.

Type

string