[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon May 7 22:42:02 MDT 2012
The branch, master has been updated
via 470cfb3 lib/util: Map 0x7fffffffffffffffLL as 0x7fffffffffffffffLL in time conversion
via 0678eb6 s4-provision Ensure we have posix ACLs before we permit a s3fs-based Samba4 to be configured
via 859aa43 s3-python: Add python bindings for posix ACL layer
from 5d4d8fe s4:torture/raw/context: add subtests as torture testcases
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 470cfb34aea693cdb774b648d51ceccda130f329
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 7 19:21:10 2012 +1000
lib/util: Map 0x7fffffffffffffffLL as 0x7fffffffffffffffLL in time conversion
TIME_T_MAX is not actually INT64_MAX at the moment, so check both
values and set to the magic end-of-time value.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Tue May 8 06:41:43 CEST 2012 on sn-devel-104
commit 0678eb6cdfa19f27de8093eee2a15b7493bbce67
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 7 17:06:23 2012 +1000
s4-provision Ensure we have posix ACLs before we permit a s3fs-based Samba4 to be configured
commit 859aa43f7348e721a6ce0417d300d9db8086fc7b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 7 16:24:03 2012 +1000
s3-python: Add python bindings for posix ACL layer
This will allow us to check that posix ACLs work in the s4 provision, and avoid
--use-s3fs if they do not.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
lib/util/time.c | 2 +-
source3/smbd/pysmbd.c | 203 ++++++++++++++++++++
source3/wscript_build | 6 +
.../scripting/python/samba/provision/__init__.py | 14 ++
4 files changed, 224 insertions(+), 1 deletions(-)
create mode 100644 source3/smbd/pysmbd.c
Changeset truncated at 500 lines:
diff --git a/lib/util/time.c b/lib/util/time.c
index dc3ca68..d5a429a 100644
--- a/lib/util/time.c
+++ b/lib/util/time.c
@@ -148,7 +148,7 @@ _PUBLIC_ void unix_to_nt_time(NTTIME *nt, time_t t)
return;
}
- if (t == TIME_T_MAX) {
+ if (t == TIME_T_MAX || t == INT64_MAX) {
*nt = 0x7fffffffffffffffLL;
return;
}
diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
new file mode 100644
index 0000000..76167e1
--- /dev/null
+++ b/source3/smbd/pysmbd.c
@@ -0,0 +1,203 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB NT Security Descriptor / Unix permission conversion.
+ Copyright (C) Jeremy Allison 1994-2009.
+ Copyright (C) Andreas Gruenbacher 2002.
+ Copyright (C) Simo Sorce <idra at samba.org> 2009.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smbd/smbd.h"
+#include <Python.h>
+#include "libcli/util/pyerrors.h"
+
+extern const struct generic_mapping file_generic_mapping;
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_ACLS
+
+static NTSTATUS set_sys_acl_no_snum(const char *fname,
+ SMB_ACL_TYPE_T acltype,
+ SMB_ACL_T theacl)
+{
+ connection_struct *conn;
+ NTSTATUS status = NT_STATUS_OK;
+ int ret;
+
+ conn = talloc_zero(NULL, connection_struct);
+ if (conn == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!(conn->params = talloc(conn, struct share_params))) {
+ DEBUG(0,("get_nt_acl_no_snum: talloc() failed!\n"));
+ TALLOC_FREE(conn);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ conn->params->service = -1;
+
+ set_conn_connectpath(conn, "/");
+
+ smbd_vfs_init(conn);
+
+ ret = SMB_VFS_SYS_ACL_SET_FILE( conn, fname, acltype, theacl);
+ if (ret != 0) {
+ status = map_nt_error_from_unix_common(ret);
+ DEBUG(0,("get_nt_acl_no_snum: fset_nt_acl returned zero.\n"));
+ }
+
+ conn_free(conn);
+
+ return status;
+}
+
+
+static SMB_ACL_T make_simple_acl(uid_t uid, gid_t gid)
+{
+ mode_t mode = SMB_ACL_READ|SMB_ACL_WRITE;
+ mode_t mode0 = 0;
+
+ SMB_ACL_ENTRY_T entry;
+ SMB_ACL_T acl = sys_acl_init(4);
+
+ if (!acl) {
+ return NULL;
+ }
+
+ if (sys_acl_create_entry(&acl, &entry) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_tag_type(entry, SMB_ACL_USER_OBJ) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_permset(entry, &mode) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_create_entry(&acl, &entry) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP_OBJ) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_permset(entry, &mode) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_create_entry(&acl, &entry) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_tag_type(entry, SMB_ACL_OTHER) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_permset(entry, &mode0) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_create_entry(&acl, &entry) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_qualifier(entry, &gid) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_permset(entry, &mode) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_create_entry(&acl, &entry) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_tag_type(entry, SMB_ACL_MASK) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_permset(entry, &mode0) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+ return acl;
+}
+
+/*
+ set a simple ACL on a file, as a test
+ */
+static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args)
+{
+ NTSTATUS status;
+ char *fname;
+ int uid, gid;
+ SMB_ACL_T acl;
+
+ if (!PyArg_ParseTuple(args, "sii", &fname, &uid, &gid))
+ return NULL;
+
+ acl = make_simple_acl(uid, gid);
+
+ status = set_sys_acl_no_snum(fname, SMB_ACL_TYPE_ACCESS, acl);
+ sys_acl_free_acl(acl);
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+ Py_RETURN_NONE;
+}
+
+static PyMethodDef py_smbd_methods[] = {
+ { "set_simple_acl",
+ (PyCFunction)py_smbd_set_simple_acl, METH_VARARGS,
+ NULL },
+ { NULL }
+};
+
+void initsmbd(void);
+void initsmbd(void)
+{
+ PyObject *m;
+
+ m = Py_InitModule3("smbd", py_smbd_methods,
+ "Python bindings for the smbd file server.");
+ if (m == NULL)
+ return;
+
+}
diff --git a/source3/wscript_build b/source3/wscript_build
index 5d5396a..5e85b79 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -1580,6 +1580,12 @@ bld.SAMBA3_BINARY('vlp',
param''',
vars=locals())
+bld.SAMBA3_PYTHON('pysmbd',
+ source='smbd/pysmbd.c',
+ deps='smbd_base',
+ realname='samba/samba3/smbd.so'
+ )
+
swat_dir = os.path.join(bld.curdir, '../swat')
swat_files = recursive_dirlist(swat_dir, swat_dir, '*')
bld.INSTALL_FILES('${SWATDIR}', swat_files, base_name='../swat')
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index a60c05a..db98d51 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -38,11 +38,13 @@ import uuid
import socket
import urllib
import string
+import tempfile
import ldb
from samba.auth import system_session, admin_session
import samba
+from samba.samba3 import smbd
from samba.dsdb import DS_DOMAIN_FUNCTION_2000
from samba import (
Ldb,
@@ -1658,6 +1660,18 @@ def provision(logger, session_info, credentials, smbconf=None,
server_services.append("+s3fs")
global_param["dcerpc endpoint servers"] = ["-winreg", "-srvsvc"]
+ if targetdir is not None:
+ file = tempfile.NamedTemporaryFile(dir=os.path.abspath(targetdir))
+ else:
+ file = tempfile.NamedTemporaryFile(dir=os.path.abspath(os.path.dirname(lp.get("private dir"))))
+ try:
+ try:
+ smbd.set_simple_acl(file.name, root_uid, wheel_gid)
+ except Exception:
+ raise ProvisioningError("Your filesystem or build does not support posix ACLs, s3fs is unworkable in this mode")
+ finally:
+ file.close()
+
if len(server_services) > 0:
global_param["server services"] = server_services
--
Samba Shared Repository
More information about the samba-cvs
mailing list