[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Mon May 7 22:42:02 MDT 2012 

The branch, master has been updated
       via  470cfb3 lib/util: Map 0x7fffffffffffffffLL as 0x7fffffffffffffffLL in time conversion
       via  0678eb6 s4-provision Ensure we have posix ACLs before we permit a s3fs-based Samba4 to be configured
       via  859aa43 s3-python: Add python bindings for posix ACL layer
      from  5d4d8fe s4:torture/raw/context: add subtests as torture testcases

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 470cfb34aea693cdb774b648d51ceccda130f329
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 7 19:21:10 2012 +1000

    lib/util: Map 0x7fffffffffffffffLL as 0x7fffffffffffffffLL in time conversion
    
    TIME_T_MAX is not actually INT64_MAX at the moment, so check both
    values and set to the magic end-of-time value.
    
    Andrew Bartlett
    
    Autobuild-User: Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date: Tue May  8 06:41:43 CEST 2012 on sn-devel-104

commit 0678eb6cdfa19f27de8093eee2a15b7493bbce67
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 7 17:06:23 2012 +1000

    s4-provision Ensure we have posix ACLs before we permit a s3fs-based Samba4 to be configured

commit 859aa43f7348e721a6ce0417d300d9db8086fc7b
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 7 16:24:03 2012 +1000

    s3-python: Add python bindings for posix ACL layer
    
    This will allow us to check that posix ACLs work in the s4 provision, and avoid
    --use-s3fs if they do not.
    
    Andrew Bartlett

-----------------------------------------------------------------------

Summary of changes:
 lib/util/time.c                                    |    2 +-
 source3/smbd/pysmbd.c                              |  203 ++++++++++++++++++++
 source3/wscript_build                              |    6 +
 .../scripting/python/samba/provision/__init__.py   |   14 ++
 4 files changed, 224 insertions(+), 1 deletions(-)
 create mode 100644 source3/smbd/pysmbd.c


Changeset truncated at 500 lines:

diff --git a/lib/util/time.c b/lib/util/time.c
index dc3ca68..d5a429a 100644
--- a/lib/util/time.c
+++ b/lib/util/time.c
@@ -148,7 +148,7 @@ _PUBLIC_ void unix_to_nt_time(NTTIME *nt, time_t t)
 		return;
 	}	
 
-	if (t == TIME_T_MAX) {
+	if (t == TIME_T_MAX || t == INT64_MAX) {
 		*nt = 0x7fffffffffffffffLL;
 		return;
 	}
diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
new file mode 100644
index 0000000..76167e1
--- /dev/null
+++ b/source3/smbd/pysmbd.c
@@ -0,0 +1,203 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB NT Security Descriptor / Unix permission conversion.
+   Copyright (C) Jeremy Allison 1994-2009.
+   Copyright (C) Andreas Gruenbacher 2002.
+   Copyright (C) Simo Sorce <idra at samba.org> 2009.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smbd/smbd.h"
+#include <Python.h>
+#include "libcli/util/pyerrors.h"
+
+extern const struct generic_mapping file_generic_mapping;
+
+#undef  DBGC_CLASS
+#define DBGC_CLASS DBGC_ACLS
+
+static NTSTATUS set_sys_acl_no_snum(const char *fname,
+				     SMB_ACL_TYPE_T acltype,
+				     SMB_ACL_T theacl)
+{
+	connection_struct *conn;
+	NTSTATUS status = NT_STATUS_OK;
+	int ret;
+
+	conn = talloc_zero(NULL, connection_struct);
+	if (conn == NULL) {
+		DEBUG(0, ("talloc failed\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!(conn->params = talloc(conn, struct share_params))) {
+		DEBUG(0,("get_nt_acl_no_snum: talloc() failed!\n"));
+		TALLOC_FREE(conn);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	conn->params->service = -1;
+
+	set_conn_connectpath(conn, "/");
+
+	smbd_vfs_init(conn);
+
+	ret = SMB_VFS_SYS_ACL_SET_FILE( conn, fname, acltype, theacl);
+	if (ret != 0) {
+		status = map_nt_error_from_unix_common(ret);
+		DEBUG(0,("get_nt_acl_no_snum: fset_nt_acl returned zero.\n"));
+	}
+
+	conn_free(conn);
+
+	return status;
+}
+
+
+static SMB_ACL_T make_simple_acl(uid_t uid, gid_t gid)
+{
+	mode_t mode = SMB_ACL_READ|SMB_ACL_WRITE;
+	mode_t mode0 = 0;
+
+	SMB_ACL_ENTRY_T entry;
+	SMB_ACL_T acl = sys_acl_init(4);
+
+	if (!acl) {
+		return NULL;
+	}
+
+	if (sys_acl_create_entry(&acl, &entry) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_set_tag_type(entry, SMB_ACL_USER_OBJ) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_set_permset(entry, &mode) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_create_entry(&acl, &entry) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP_OBJ) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_set_permset(entry, &mode) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_create_entry(&acl, &entry) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_set_tag_type(entry, SMB_ACL_OTHER) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_set_permset(entry, &mode0) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_create_entry(&acl, &entry) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_set_qualifier(entry, &gid) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_set_permset(entry, &mode) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_create_entry(&acl, &entry) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_set_tag_type(entry, SMB_ACL_MASK) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+
+	if (sys_acl_set_permset(entry, &mode0) != 0) {
+		sys_acl_free_acl(acl);
+		return NULL;
+	}
+	return acl;
+}
+
+/*
+  set a simple ACL on a file, as a test
+ */
+static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args)
+{
+	NTSTATUS status;
+	char *fname;
+	int uid, gid;
+	SMB_ACL_T acl;
+
+	if (!PyArg_ParseTuple(args, "sii", &fname, &uid, &gid))
+		return NULL;
+
+	acl = make_simple_acl(uid, gid);
+
+	status = set_sys_acl_no_snum(fname, SMB_ACL_TYPE_ACCESS, acl);
+	sys_acl_free_acl(acl);
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+	Py_RETURN_NONE;
+}
+
+static PyMethodDef py_smbd_methods[] = {
+	{ "set_simple_acl",
+		(PyCFunction)py_smbd_set_simple_acl, METH_VARARGS,
+		NULL },
+	{ NULL }
+};
+
+void initsmbd(void);
+void initsmbd(void)
+{
+	PyObject *m;
+
+	m = Py_InitModule3("smbd", py_smbd_methods,
+			   "Python bindings for the smbd file server.");
+	if (m == NULL)
+		return;
+
+}
diff --git a/source3/wscript_build b/source3/wscript_build
index 5d5396a..5e85b79 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -1580,6 +1580,12 @@ bld.SAMBA3_BINARY('vlp',
                  param''',
                  vars=locals())
 
+bld.SAMBA3_PYTHON('pysmbd',
+                  source='smbd/pysmbd.c',
+                  deps='smbd_base',
+                  realname='samba/samba3/smbd.so'
+                  )
+
 swat_dir = os.path.join(bld.curdir, '../swat')
 swat_files = recursive_dirlist(swat_dir, swat_dir, '*')
 bld.INSTALL_FILES('${SWATDIR}', swat_files, base_name='../swat')
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index a60c05a..db98d51 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -38,11 +38,13 @@ import uuid
 import socket
 import urllib
 import string
+import tempfile
 
 import ldb
 
 from samba.auth import system_session, admin_session
 import samba
+from samba.samba3 import smbd
 from samba.dsdb import DS_DOMAIN_FUNCTION_2000
 from samba import (
     Ldb,
@@ -1658,6 +1660,18 @@ def provision(logger, session_info, credentials, smbconf=None,
         server_services.append("+s3fs")
         global_param["dcerpc endpoint servers"] = ["-winreg", "-srvsvc"]
 
+        if targetdir is not None:
+            file = tempfile.NamedTemporaryFile(dir=os.path.abspath(targetdir))
+        else:
+            file = tempfile.NamedTemporaryFile(dir=os.path.abspath(os.path.dirname(lp.get("private dir"))))
+        try:
+            try:
+                smbd.set_simple_acl(file.name, root_uid, wheel_gid)
+            except Exception:
+                raise ProvisioningError("Your filesystem or build does not support posix ACLs, s3fs is unworkable in this mode")
+        finally:
+            file.close()
+
     if len(server_services) > 0:
         global_param["server services"] = server_services
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list