The branch, master has been updated via 1e5098d s3-pysmbd: Add hook for get_nt_acl() via 64f494d s3-pysmbd: fix DEBUG via e5686a4 s3-pysmbd: Add my copyright via 55a0d66 s3-pysmbd: Add set_nt_acl() function based on parts of vfstest via b041d29 s3-pypassdb: Fix wrapper for pdb_domain_info to return correct dns_{domain,forest} from e956253 s4:torture: send the TCONX_FLAG_EXTENDED_RESPONSE flag
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 1e5098d5e1bb4dd2df6af690ad5555e1b4b52a8d Author: Andrew Bartlett <abart...@samba.org> Date: Thu Aug 2 15:16:13 2012 +1000 s3-pysmbd: Add hook for get_nt_acl() Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Thu Aug 2 13:27:55 CEST 2012 on sn-devel-104 commit 64f494de5e8e468a3adde62b02843d734d6cc483 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Aug 2 13:36:55 2012 +1000 s3-pysmbd: fix DEBUG commit e5686a4cf0931d8a89ed8f5922fd00d93b7893ea Author: Andrew Bartlett <abart...@samba.org> Date: Thu Aug 2 13:36:43 2012 +1000 s3-pysmbd: Add my copyright commit 55a0d6606c76463296188582c52821a7607ade7b Author: Andrew Bartlett <abart...@samba.org> Date: Thu Aug 2 13:35:24 2012 +1000 s3-pysmbd: Add set_nt_acl() function based on parts of vfstest This will allow us to set the full NT ACL on a file, using the VFS layer, during provision of the AD DC. Andrew Bartlett commit b041d29c116a5d93b70a2cea5f808e81b9e12556 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Aug 2 18:05:03 2012 +1000 s3-pypassdb: Fix wrapper for pdb_domain_info to return correct dns_{domain,forest} ----------------------------------------------------------------------- Summary of changes: source3/passdb/py_passdb.c | 4 +- source3/smbd/pysmbd.c | 143 +++++++++++++++++++++++++++++++++++++++++++- source3/wscript_build | 2 +- 3 files changed, 144 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c index 7043ce6..bd332e1 100644 --- a/source3/passdb/py_passdb.c +++ b/source3/passdb/py_passdb.c @@ -1368,8 +1368,8 @@ static PyObject *py_pdb_domain_info(pytalloc_Object *self, PyObject *args) } PyDict_SetItemString(py_domain_info, "name", PyString_FromString(domain_info->name)); - PyDict_SetItemString(py_domain_info, "dns_domain", PyString_FromString(domain_info->name)); - PyDict_SetItemString(py_domain_info, "dns_forest", PyString_FromString(domain_info->name)); + PyDict_SetItemString(py_domain_info, "dns_domain", PyString_FromString(domain_info->dns_domain)); + PyDict_SetItemString(py_domain_info, "dns_forest", PyString_FromString(domain_info->dns_forest)); PyDict_SetItemString(py_domain_info, "dom_sid", pytalloc_steal(dom_sid_Type, sid)); PyDict_SetItemString(py_domain_info, "guid", pytalloc_steal(guid_Type, guid)); diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index 5badb3a..9a44d25 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -1,9 +1,13 @@ /* Unix SMB/CIFS implementation. - SMB NT Security Descriptor / Unix permission conversion. + Set NT and POSIX ACLs and other VFS operations from Python + + Copyrigyt (C) Andrew Bartlett 2012 Copyright (C) Jeremy Allison 1994-2009. Copyright (C) Andreas Gruenbacher 2002. Copyright (C) Simo Sorce <i...@samba.org> 2009. + Copyright (C) Simo Sorce 2002 + Copyright (C) Eric Lorimer 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,6 +27,9 @@ #include "smbd/smbd.h" #include <Python.h> #include "libcli/util/pyerrors.h" +#include "librpc/rpc/pyrpc_util.h" +#include <pytalloc.h> +#include "system/filesys.h" extern const struct generic_mapping file_generic_mapping; @@ -58,7 +65,7 @@ static NTSTATUS set_sys_acl_no_snum(const char *fname, ret = SMB_VFS_SYS_ACL_SET_FILE( conn, fname, acltype, theacl); if (ret != 0) { status = map_nt_error_from_unix_common(ret); - DEBUG(0,("get_nt_acl_no_snum: fset_nt_acl returned zero.\n")); + DEBUG(0,("set_nt_acl_no_snum: fset_nt_acl returned zero.\n")); } conn_free(conn); @@ -66,6 +73,83 @@ static NTSTATUS set_sys_acl_no_snum(const char *fname, return status; } +static NTSTATUS set_nt_acl_no_snum(const char *fname, + uint32 security_info_sent, const struct security_descriptor *sd) +{ + TALLOC_CTX *frame = talloc_stackframe(); + connection_struct *conn; + NTSTATUS status = NT_STATUS_OK; + files_struct *fsp; + struct smb_filename *smb_fname = NULL; + int flags; + + conn = talloc_zero(frame, connection_struct); + if (conn == NULL) { + DEBUG(0, ("talloc failed\n")); + return NT_STATUS_NO_MEMORY; + } + + if (!(conn->params = talloc(conn, struct share_params))) { + DEBUG(0,("get_nt_acl_no_snum: talloc() failed!\n")); + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + + conn->params->service = -1; + + set_conn_connectpath(conn, "/"); + + smbd_vfs_init(conn); + + fsp = talloc(frame, struct files_struct); + if (fsp == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + fsp->fh = talloc(fsp, struct fd_handle); + if (fsp->fh == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + fsp->conn = conn; + + status = create_synthetic_smb_fname_split(fsp, fname, NULL, + &smb_fname); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; + } + + fsp->fsp_name = smb_fname; + +#ifdef O_DIRECTORY + flags = O_RDONLY|O_DIRECTORY; +#else + /* POSIX allows us to open a directory with O_RDONLY. */ + flags = O_RDONLY; +#endif + + fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, 00400); + if (fsp->fh->fd == -1 && errno == EISDIR) { + fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, O_RDWR, 00400); + } + if (fsp->fh->fd == -1) { + printf("open: error=%d (%s)\n", errno, strerror(errno)); + TALLOC_FREE(frame); + return NT_STATUS_UNSUCCESSFUL; + } + + status = SMB_VFS_FSET_NT_ACL( fsp, security_info_sent, sd); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("set_nt_acl_no_snum: fset_nt_acl returned %s.\n", nt_errstr(status))); + } + + conn_free(conn); + TALLOC_FREE(frame); + + return status; +} + static SMB_ACL_T make_simple_acl(uid_t uid, gid_t gid) { @@ -195,6 +279,55 @@ static PyObject *py_smbd_have_posix_acls(PyObject *self, PyObject *args) #endif } +/* + set a simple ACL on a file, as a test + */ +static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args) +{ + NTSTATUS status; + char *fname; + int security_info_sent; + PyObject *py_sd; + struct security_descriptor *sd; + + if (!PyArg_ParseTuple(args, "siO", &fname, &security_info_sent, &py_sd)) + return NULL; + + if (!py_check_dcerpc_type(py_sd, "samba.dcerpc.security", "descriptor")) { + return NULL; + } + + sd = pytalloc_get_type(py_sd, struct security_descriptor); + + status = set_nt_acl_no_snum(fname, security_info_sent, sd); + PyErr_NTSTATUS_IS_ERR_RAISE(status); + + Py_RETURN_NONE; +} + +/* + set a simple ACL on a file, as a test + */ +static PyObject *py_smbd_get_nt_acl(PyObject *self, PyObject *args) +{ + char *fname; + int security_info_sent; + PyObject *py_sd; + struct security_descriptor *sd; + TALLOC_CTX *tmp_ctx = talloc_new(NULL); + + if (!PyArg_ParseTuple(args, "si", &fname, &security_info_sent)) + return NULL; + + sd = get_nt_acl_no_snum(tmp_ctx, fname); + + py_sd = py_return_ndr_struct("samba.dcerpc.security", "security_descriptor", sd, sd); + + talloc_free(tmp_ctx); + + return py_sd; +} + static PyMethodDef py_smbd_methods[] = { { "have_posix_acls", (PyCFunction)py_smbd_have_posix_acls, METH_VARARGS, @@ -202,6 +335,12 @@ static PyMethodDef py_smbd_methods[] = { { "set_simple_acl", (PyCFunction)py_smbd_set_simple_acl, METH_VARARGS, NULL }, + { "set_nt_acl", + (PyCFunction)py_smbd_set_nt_acl, METH_VARARGS, + NULL }, + { "get_nt_acl", + (PyCFunction)py_smbd_get_nt_acl, METH_VARARGS, + NULL }, { NULL } }; diff --git a/source3/wscript_build b/source3/wscript_build index bed31a1..40afdd7 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -1585,7 +1585,7 @@ bld.SAMBA3_BINARY('vlp', bld.SAMBA3_PYTHON('pysmbd', source='smbd/pysmbd.c', - deps='smbd_base', + deps='smbd_base pyrpc_util', realname='samba/samba3/smbd.so' ) -- Samba Shared Repository