[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Fri Dec 20 13:07:02 UTC 2019
The branch, master has been updated
via 670205acab1 s3: remove unused session_keystr from struct user_struct
via 5db4a881f6a s3: remove unused macro FSP_BELONGS_CONN()
via 1fa05e5c76e s3: simplify create_conn_struct_as_root()
via ee5bf29662e pysmbd: add "session_info" arg tp py_smbd_create_file()
via 7121d475794 pysmbd: add "session_info" arg to py_smbd_mkdir()
via 5cef3a13b88 pysmbd: add "session_info" arg to py_smbd_get_sys_acl()
via a9184a10990 pysmbd: add "session_info" arg to py_smbd_set_sys_acl()
via 9b2c415d2c6 pysmbd: make "session_info" arg to py_smbd_get_nt_acl() mandatory
via 437af4d0794 pysmbd: make "session_info" arg to py_smbd_set_nt_acl() mandatory
via a4f3860da31 pysmbd: add "session_info" arg to py_smbd_unlink()
via da2a9857d03 pysmbd: add "session_info" arg to py_smbd_chown()
via e6d40e6f9c0 pysmbd: add "session_info" arg to py_smbd_set_simple_acl()
via 9807d69ef41 python/tests: use a system session_info in posixacl.py
via 927c87d253c pysmbd: reformat py_smbd_create_file() kwnames
via d80259d819e pysmbd: reformat py_smbd_mkdir() kwnames
via 9ff378677af pysmbd: reformat py_smbd_get_sys_acl() kwnames and PyArg_ParseTupleAndKeywords() call
via af1f6e9fd16 pysmbd: reformat py_smbd_set_sys_acl() kwnames and PyArg_ParseTupleAndKeywords() call
via 33f33dc08e3 pysmbd: reformat py_smbd_get_nt_acl() kwnames
via 59a6c9a4ce0 pysmbd: reformat py_smbd_have_posix_acls() kwnames and PyArg_ParseTupleAndKeywords() call
via b08c955ae92 pysmbd: reformat py_smbd_unlink() kwnames and PyArg_ParseTupleAndKeywords() call
via 399ebb56865 pysmbd: reformat py_smbd_chown() kwnames and PyArg_ParseTupleAndKeywords() call
via 9796ebcec4f pysmbd: reformat py_smbd_set_simple_acl() kwnames and PyArg_ParseTupleAndKeywords() call
via cfc0ca73374 python: move system_session_unix to new auth_util.py
via 459233b9623 smbd: pass session_info to create_conn_struct_tos()
via d68d8c65382 s3:rpc_server: pass session_info to get_nt_acl_no_snum()
via 7fb188c1192 s3:rpc_server: pass session_info to elog_check_access()
via 0e57dbb8466 smbd: pass session info to create_conn_struct_tos_cwd()
via 10fa50a8454 smbd: pass session_info to form_junctions()
via d6a5aa6d0fd smbd: pass session info to count_dfs_links()
via 457c91406aa s3: pass session_info to enum_msdfs_links()
via 8d457a83dd1 smbd: pass session_info to junction_to_local_path_tos()
via e12a724f0dd s3: pass session_info to remove_msdfs_link()
via 8a0ad072ac0 s3: pass session_info to create_msdfs_link()
via 8517bb109c8 s3: pass session info to get_referred_path()
from a85d257c1ec librpc: Do not access name[-1] trying to push "" into a dnsp_name
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 670205acab186448e175433225bfebacf3500900
Author: Ralph Boehme <slow at samba.org>
Date: Mon Nov 25 10:17:38 2019 +0100
s3: remove unused session_keystr from struct user_struct
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Dec 20 13:06:20 UTC 2019 on sn-devel-184
commit 5db4a881f6ae74561d0ffd309992896f6681712d
Author: Ralph Boehme <slow at samba.org>
Date: Fri Nov 22 18:08:56 2019 +0100
s3: remove unused macro FSP_BELONGS_CONN()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 1fa05e5c76e718142326915f8671299217a093df
Author: Ralph Boehme <slow at samba.org>
Date: Mon Dec 16 15:24:23 2019 +0100
s3: simplify create_conn_struct_as_root()
Now that all callers pass in a valid session_info, we can remove handling of
session_info=NULL. Add an assert(session_info != NULL) just in case... :)
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit ee5bf29662ebb164e4be8811c2fcc9bfde88add3
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:58:57 2019 +0100
pysmbd: add "session_info" arg tp py_smbd_create_file()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7121d475794b951d9bee13d50e6be125f8cc7c2f
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:57:53 2019 +0100
pysmbd: add "session_info" arg to py_smbd_mkdir()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 5cef3a13b880ee058f633e68a9b35996365b5c29
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:56:18 2019 +0100
pysmbd: add "session_info" arg to py_smbd_get_sys_acl()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a9184a109902bc899920411b7a8893f934c2fd27
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:54:40 2019 +0100
pysmbd: add "session_info" arg to py_smbd_set_sys_acl()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 9b2c415d2c614c8980fc800fa1cf967d69eb7975
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:52:49 2019 +0100
pysmbd: make "session_info" arg to py_smbd_get_nt_acl() mandatory
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 437af4d07944f201c26cd0ebc4a5622e342d0f4c
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:49:42 2019 +0100
pysmbd: make "session_info" arg to py_smbd_set_nt_acl() mandatory
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a4f3860da31a42c3905cdd8f7ff7103bf901394d
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:14:45 2019 +0100
pysmbd: add "session_info" arg to py_smbd_unlink()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit da2a9857d0397d75ac45fc62440ad29bbd0388a1
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:14:07 2019 +0100
pysmbd: add "session_info" arg to py_smbd_chown()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit e6d40e6f9c022c5e571255cd4ff248d5a188b45f
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:13:30 2019 +0100
pysmbd: add "session_info" arg to py_smbd_set_simple_acl()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 9807d69ef4178d4a2c974fed5708ad2d487d0c19
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 15:32:17 2019 +0100
python/tests: use a system session_info in posixacl.py
Previously posixacl.py passed None as session_info object from
get_session_info().
That meant that the if/else branch referring to session_info:
if nwrap_winbind_active or session_info:
self.assertEquals(posix_acl.acl[1].a_perm, 7)
else:
self.assertEquals(posix_acl.acl[1].a_perm, 6)
must be tweaked to take into account that session info is now either
* a system session_info in which case we must continue to use the if branch in
the code, or
* a user session_info in which case we must continue to go through the else
branch
Using
is_user_session = not session_info.security_token.is_system()
in place of just "session_info" does the trick.
Cf the classes SessionedPosixAclMappingTests and
UnixSessionedPosixAclMappingTests in posixacl.py, those are the ones that
trigger test execution with a user session.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 927c87d253c42282e8f62038363399f7643fcc76
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:58:32 2019 +0100
pysmbd: reformat py_smbd_create_file() kwnames
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d80259d819ecdb149ec5d7b9f90eb44eca421320
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:57:20 2019 +0100
pysmbd: reformat py_smbd_mkdir() kwnames
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 9ff378677afbe3298293779c9168769e15f2d021
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:55:54 2019 +0100
pysmbd: reformat py_smbd_get_sys_acl() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit af1f6e9fd165223505c7c5ec59d94bbc3a41dc55
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:54:04 2019 +0100
pysmbd: reformat py_smbd_set_sys_acl() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 33f33dc08e3ece38cf20924c0513f0857f8eb6d8
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:21:03 2019 +0100
pysmbd: reformat py_smbd_get_nt_acl() kwnames
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 59a6c9a4ce01ce1762be6cf0191db4df211d3b06
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 14:16:52 2019 +0100
pysmbd: reformat py_smbd_have_posix_acls() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit b08c955ae92db8aae57f821c4080d225b6b01944
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 12:59:32 2019 +0100
pysmbd: reformat py_smbd_unlink() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 399ebb56865202414cd2b5a8f1880d8c3e8a697a
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 12:58:08 2019 +0100
pysmbd: reformat py_smbd_chown() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 9796ebcec4f98d81608e8e3d500745b1dc5f9101
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 17 12:54:11 2019 +0100
pysmbd: reformat py_smbd_set_simple_acl() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit cfc0ca73374c8a0c418d6738753a10ab872688f6
Author: Ralph Boehme <slow at samba.org>
Date: Mon Dec 16 18:00:26 2019 +0100
python: move system_session_unix to new auth_util.py
system_session_unix() will be used by many more callers soon.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 459233b96238e319d8b37c471359bdeb4d26aadf
Author: Ralph Boehme <slow at samba.org>
Date: Mon Dec 16 14:42:04 2019 +0100
smbd: pass session_info to create_conn_struct_tos()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d68d8c6538287a8b6a4bbe4b43bf0621440592d8
Author: Ralph Boehme <slow at samba.org>
Date: Mon Dec 16 14:41:03 2019 +0100
s3:rpc_server: pass session_info to get_nt_acl_no_snum()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7fb188c119274a0e84b279ac13a0d696c4884c78
Author: Ralph Boehme <slow at samba.org>
Date: Mon Dec 16 14:40:21 2019 +0100
s3:rpc_server: pass session_info to elog_check_access()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0e57dbb8466f06c0992dd207acddc8fece47309c
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 13 16:19:37 2019 +0100
smbd: pass session info to create_conn_struct_tos_cwd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 10fa50a8454f0d7a68f17b26e00e0787325f2dfe
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 13 16:53:36 2019 +0100
smbd: pass session_info to form_junctions()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d6a5aa6d0fdc6f6057a07e8421b71e40d0f845f9
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 13 16:51:16 2019 +0100
smbd: pass session info to count_dfs_links()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 457c91406aae65689db4df12dd236d2359d7eb88
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 13 16:31:04 2019 +0100
s3: pass session_info to enum_msdfs_links()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 8d457a83dd126ac46f498c19a15089c2314625e1
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 13 16:27:51 2019 +0100
smbd: pass session_info to junction_to_local_path_tos()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit e12a724f0ddf0280b43cbd8107d34fe316585795
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 13 16:25:44 2019 +0100
s3: pass session_info to remove_msdfs_link()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 8a0ad072ac0e056ccd34f59f49c6391a50c17c74
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 13 16:23:38 2019 +0100
s3: pass session_info to create_msdfs_link()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 8517bb109c886fcc0b281dd715934138075bab1b
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 13 16:19:03 2019 +0100
s3: pass session info to get_referred_path()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/{examples/netbios.py => samba/auth_util.py} | 28 +-
python/samba/netcmd/domain.py | 11 +-
python/samba/netcmd/ntacl.py | 30 +-
python/samba/ntacls.py | 46 +--
python/samba/provision/__init__.py | 33 +-
python/samba/tests/ntacls.py | 16 +-
python/samba/tests/ntacls_backup.py | 11 +-
python/samba/tests/posixacl.py | 158 +++++-----
source3/include/smb_macros.h | 8 -
source3/modules/vfs_default.c | 4 +-
source3/rpc_server/dfs/srv_dfs_nt.c | 22 +-
source3/rpc_server/eventlog/srv_eventlog_nt.c | 9 +-
source3/smbd/globals.h | 2 -
source3/smbd/msdfs.c | 95 +++---
source3/smbd/posix_acls.c | 6 +-
source3/smbd/proto.h | 16 +-
source3/smbd/pysmbd.c | 331 ++++++++++++++++-----
source3/smbd/sesssetup.c | 2 -
source3/smbd/smb2_sesssetup.c | 1 -
19 files changed, 524 insertions(+), 305 deletions(-)
copy python/{examples/netbios.py => samba/auth_util.py} (59%)
Changeset truncated at 500 lines:
diff --git a/python/examples/netbios.py b/python/samba/auth_util.py
similarity index 59%
copy from python/examples/netbios.py
copy to python/samba/auth_util.py
index 7a3a9da828f..570c638fbeb 100644
--- a/python/examples/netbios.py
+++ b/python/samba/auth_util.py
@@ -1,7 +1,7 @@
-#!/usr/bin/env python3
-
# Unix SMB/CIFS implementation.
-# Copyright (C) Jelmer Vernooij <jelmer at samba.org> 2008
+# auth util helpers
+#
+# Copyright (C) Ralph Boehme <slow at sambba.org> 2019
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -15,14 +15,20 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-from samba.netbios import Node
+from samba.auth import (
+ system_session,
+ session_info_fill_unix,
+ copy_session_info,
+)
+
+def system_session_unix():
+ """
+ Return a copy of the system session_info with a valid UNIX token
+ """
-n = Node()
-(reply_from, names, addresses) = n.query_name("GANIEDA", "192.168.4.0",
- timeout=4)
+ session_info = system_session()
+ session_info_unix = copy_session_info(session_info)
+ session_info_fill_unix(session_info_unix, None)
-print "Received reply from %s:" % (reply_from, )
-print "Names: %r" % (names, )
-print "Addresses: %r" % (addresses, )
+ return session_info_unix
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 80811154d4d..bea6482f99e 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -66,6 +66,7 @@ from samba.samba3 import param as s3param
from samba.upgrade import upgrade_from_samba3
from samba.drs_utils import drsuapi_connect
from samba import remove_dc, arcfour_encrypt, string_to_byte_array
+from samba.auth_util import system_session_unix
from samba.dsdb import (
DS_DOMAIN_FUNCTION_2000,
@@ -463,7 +464,10 @@ class cmd_domain_provision(Command):
try:
try:
samba.ntacls.setntacl(lp, file.name,
- "O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native")
+ "O:S-1-5-32G:S-1-5-32",
+ "S-1-5-32",
+ system_session_unix(),
+ "native")
eadb = False
except Exception:
self.logger.info("You are not root or your system does not support xattr, using tdb backend for attributes. ")
@@ -1607,7 +1611,10 @@ class cmd_domain_classicupgrade(Command):
try:
try:
samba.ntacls.setntacl(lp, tmpfile.name,
- "O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native")
+ "O:S-1-5-32G:S-1-5-32",
+ "S-1-5-32",
+ system_session_unix(),
+ "native")
eadb = False
except Exception:
# FIXME: Don't catch all exceptions here
diff --git a/python/samba/netcmd/ntacl.py b/python/samba/netcmd/ntacl.py
index 4cc7737ae77..a8a9fa1e49f 100644
--- a/python/samba/netcmd/ntacl.py
+++ b/python/samba/netcmd/ntacl.py
@@ -25,13 +25,10 @@ from samba.ndr import ndr_unpack, ndr_print
from samba.samdb import SamDB
from samba.samba3 import param as s3param, passdb, smbd
from samba import provision
+from samba.auth_util import system_session_unix
import os
-from samba.auth import (
- system_session,
- session_info_fill_unix,
- copy_session_info,
-)
+from samba.auth import system_session
from samba.netcmd import (
Command,
@@ -40,13 +37,6 @@ from samba.netcmd import (
Option,
)
-def system_session_unix():
- session_info = system_session()
- session_info_unix = copy_session_info(session_info)
- session_info_fill_unix(session_info_unix, None)
-
- return session_info_unix
-
def get_local_domain_sid(lp):
is_ad_dc = False
server_role = lp.server_role()
@@ -117,11 +107,11 @@ class cmd_ntacl_set(Command):
file,
acl,
str(domain_sid),
+ system_session_unix(),
xattr_backend,
eadb_file,
use_ntvfs=use_ntvfs,
- service=service,
- session_info=system_session_unix())
+ service=service)
if use_ntvfs:
logger.warning("Please note that POSIX permissions have NOT been changed, only the stored NT ACL")
@@ -185,11 +175,11 @@ class cmd_ntacl_get(Command):
acl = getntacl(lp,
file,
+ system_session_unix(),
xattr_backend,
eadb_file,
direct_db_access=use_ntvfs,
- service=service,
- session_info=system_session_unix())
+ service=service)
if as_sddl:
self.outf.write(acl.as_sddl(domain_sid) + "\n")
else:
@@ -291,11 +281,11 @@ class cmd_ntacl_changedomsid(Command):
try:
acl = getntacl(lp,
file,
+ system_session_unix(),
xattr_backend,
eadb_file,
direct_db_access=use_ntvfs,
- service=service,
- session_info=system_session_unix())
+ service=service)
except Exception as e:
raise CommandError("Could not get acl for %s: %s" % (file, e))
@@ -333,11 +323,11 @@ class cmd_ntacl_changedomsid(Command):
file,
acl,
new_domain_sid,
+ system_session_unix(),
xattr_backend,
eadb_file,
use_ntvfs=use_ntvfs,
- service=service,
- session_info=system_session_unix())
+ service=service)
except Exception as e:
raise CommandError("Could not set acl for %s: %s" % (file, e))
diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
index 7057938b56e..0dcf958f727 100644
--- a/python/samba/ntacls.py
+++ b/python/samba/ntacls.py
@@ -35,6 +35,7 @@ from samba.samba3 import smbd
from samba.samba3 import libsmb_samba_internal as libsmb
from samba.logger import get_samba_logger
from samba import NTSTATUSError
+from samba.auth_util import system_session_unix
# don't include volumes
SMB_FILE_ATTRIBUTE_FLAGS = libsmb.FILE_ATTRIBUTE_SYSTEM | \
@@ -98,11 +99,11 @@ def getdosinfo(lp, file):
def getntacl(lp,
file,
+ session_info,
backend=None,
eadbfile=None,
direct_db_access=True,
- service=None,
- session_info=None):
+ service=None):
if direct_db_access:
(backend_obj, dbname) = checkset_backend(lp, backend, eadbfile)
if dbname is not None:
@@ -130,14 +131,14 @@ def getntacl(lp,
else:
return smbd.get_nt_acl(file,
SECURITY_SECINFO_FLAGS,
- service=service,
- session_info=session_info)
+ session_info,
+ service=service)
-def setntacl(lp, file, sddl, domsid,
+def setntacl(lp, file, sddl, domsid, session_info,
backend=None, eadbfile=None,
use_ntvfs=True, skip_invalid_chown=False,
- passdb=None, service=None, session_info=None):
+ passdb=None, service=None):
"""
A wrapper for smbd set_nt_acl api.
@@ -190,7 +191,8 @@ def setntacl(lp, file, sddl, domsid,
smbd.set_nt_acl(
file, SECURITY_SECINFO_FLAGS, sd2,
- service=service, session_info=session_info)
+ session_info,
+ service=service)
# and then set an NTVFS ACL (which does not set the posix ACL) to pretend the owner really was set
use_ntvfs = True
@@ -208,7 +210,9 @@ def setntacl(lp, file, sddl, domsid,
security.SECINFO_GROUP |
security.SECINFO_DACL |
security.SECINFO_SACL,
- sd, service=service, session_info=session_info)
+ sd,
+ session_info,
+ service=service)
if use_ntvfs:
(backend_obj, dbname) = checkset_backend(lp, backend, eadbfile)
@@ -445,20 +449,20 @@ class NtaclsHelper:
self.use_ntvfs = "smb" in self.lp.get("server services")
- def getntacl(self, path, as_sddl=False, direct_db_access=None):
+ def getntacl(self, path, session_info, as_sddl=False, direct_db_access=None):
if direct_db_access is None:
direct_db_access = self.use_ntvfs
ntacl_sd = getntacl(
- self.lp, path,
+ self.lp, path, session_info,
direct_db_access=direct_db_access,
service=self.service)
return ntacl_sd.as_sddl(self.dom_sid) if as_sddl else ntacl_sd
- def setntacl(self, path, ntacl_sd):
+ def setntacl(self, path, ntacl_sd, session_info):
# ntacl_sd can be obj or str
- return setntacl(self.lp, path, ntacl_sd, self.dom_sid,
+ return setntacl(self.lp, path, ntacl_sd, self.dom_sid, session_info,
use_ntvfs=self.use_ntvfs)
@@ -543,6 +547,7 @@ def backup_offline(src_service_path, dest_tarfile_path, samdb_conn, smb_conf_pat
"""
service = src_service_path.rstrip('/').rsplit('/', 1)[-1]
tempdir = tempfile.mkdtemp()
+ session_info = system_session_unix()
dom_sid_str = samdb_conn.get_domain_sid()
dom_sid = security.dom_sid(dom_sid_str)
@@ -559,8 +564,8 @@ def backup_offline(src_service_path, dest_tarfile_path, samdb_conn, smb_conf_pat
src = os.path.join(dirpath, dirname)
dst = os.path.join(dst_dirpath, dirname)
# mkdir with metadata
- smbd.mkdir(dst, service)
- ntacl_sddl_str = ntacls_helper.getntacl(src, as_sddl=True)
+ smbd.mkdir(dst, session_info, service)
+ ntacl_sddl_str = ntacls_helper.getntacl(src, session_info, as_sddl=True)
_create_ntacl_file(dst, ntacl_sddl_str)
# create files and NTACL file, then copy data
@@ -568,8 +573,8 @@ def backup_offline(src_service_path, dest_tarfile_path, samdb_conn, smb_conf_pat
src = os.path.join(dirpath, filename)
dst = os.path.join(dst_dirpath, filename)
# create an empty file with metadata
- smbd.create_file(dst, service)
- ntacl_sddl_str = ntacls_helper.getntacl(src, as_sddl=True)
+ smbd.create_file(dst, session_info, service)
+ ntacl_sddl_str = ntacls_helper.getntacl(src, session_info, as_sddl=True)
_create_ntacl_file(dst, ntacl_sddl_str)
# now put data in
@@ -599,6 +604,7 @@ def backup_restore(src_tarfile_path, dst_service_path, samdb_conn, smb_conf_path
dom_sid = security.dom_sid(dom_sid_str)
ntacls_helper = NtaclsHelper(service, smb_conf_path, dom_sid)
+ session_info = system_session_unix()
with tarfile.open(src_tarfile_path) as f:
f.extractall(path=tempdir)
@@ -615,11 +621,11 @@ def backup_restore(src_tarfile_path, dst_service_path, samdb_conn, smb_conf_path
dst = os.path.join(dst_dirpath, dirname)
if not os.path.isdir(dst):
# dst must be absolute path for smbd API
- smbd.mkdir(dst, service)
+ smbd.mkdir(dst, session_info, service)
ntacl_sddl_str = _read_ntacl_file(src)
if ntacl_sddl_str:
- ntacls_helper.setntacl(dst, ntacl_sddl_str)
+ ntacls_helper.setntacl(dst, ntacl_sddl_str, session_info)
else:
logger.warning(
'Failed to restore ntacl for directory %s.' % dst
@@ -631,11 +637,11 @@ def backup_restore(src_tarfile_path, dst_service_path, samdb_conn, smb_conf_path
dst = os.path.join(dst_dirpath, filename)
if not os.path.isfile(dst):
# dst must be absolute path for smbd API
- smbd.create_file(dst, service)
+ smbd.create_file(dst, session_info, service)
ntacl_sddl_str = _read_ntacl_file(src)
if ntacl_sddl_str:
- ntacls_helper.setntacl(dst, ntacl_sddl_str)
+ ntacls_helper.setntacl(dst, ntacl_sddl_str, session_info)
else:
logger.warning('Failed to restore ntacl for file %s.' % dst
+ ' Please check the permissions are correct')
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 217840989aa..a27c3ee78b3 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -46,6 +46,7 @@ import samba.dsdb
import ldb
from samba.auth import system_session, admin_session
+from samba.auth_util import system_session_unix
import samba
from samba import auth
from samba.samba3 import smbd, passdb
@@ -1632,13 +1633,14 @@ SYSVOL_SERVICE = "sysvol"
def set_dir_acl(path, acl, lp, domsid, use_ntvfs, passdb, service=SYSVOL_SERVICE):
- setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
+ session_info = system_session_unix()
+ setntacl(lp, path, acl, domsid, session_info, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
for root, dirs, files in os.walk(path, topdown=False):
for name in files:
- setntacl(lp, os.path.join(root, name), acl, domsid,
+ setntacl(lp, os.path.join(root, name), acl, domsid, session_info,
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
for name in dirs:
- setntacl(lp, os.path.join(root, name), acl, domsid,
+ setntacl(lp, os.path.join(root, name), acl, domsid, session_info,
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
@@ -1656,7 +1658,9 @@ def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, p
# Set ACL for GPO root folder
root_policy_path = os.path.join(sysvol, dnsdomain, "Policies")
- setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid),
+ session_info = system_session_unix()
+
+ setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid), session_info,
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
res = samdb.search(base="CN=Policies,CN=System,%s" %(domaindn),
@@ -1694,7 +1698,7 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain,
file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol))
try:
try:
- smbd.set_simple_acl(file.name, 0o755, gid)
+ smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
except OSError:
if not smbd.have_posix_acls():
# This clue is only strictly correct for RPM and
@@ -1706,7 +1710,7 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain,
raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. "
"Try the mounting the filesystem with the 'acl' option.")
try:
- smbd.chown(file.name, uid, gid)
+ smbd.chown(file.name, uid, gid, system_session_unix())
except OSError:
raise ProvisioningError("Unable to chown a file on your filesystem. "
"You may not be running provision as root.")
@@ -1758,9 +1762,9 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain,
def _setntacl(path):
"""A helper to reuse args"""
return setntacl(
- lp, path, SYSVOL_ACL, str(domainsid),
+ lp, path, SYSVOL_ACL, str(domainsid), session_info,
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb,
- service=SYSVOL_SERVICE, session_info=session_info)
+ service=SYSVOL_SERVICE)
# Set the SYSVOL_ACL on the sysvol folder and subfolder (first level)
_setntacl(sysvol)
@@ -1786,14 +1790,15 @@ def acl_type(direct_db_access):
def check_dir_acl(path, acl, lp, domainsid, direct_db_access):
- fsacl = getntacl(lp, path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
+ session_info = system_session_unix()
+ fsacl = getntacl(lp, path, session_info, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
fsacl_sddl = fsacl.as_sddl(domainsid)
if fsacl_sddl != acl:
raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))
for root, dirs, files in os.walk(path, topdown=False):
for name in files:
- fsacl = getntacl(lp, os.path.join(root, name),
+ fsacl = getntacl(lp, os.path.join(root, name), session_info,
direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
if fsacl is None:
raise ProvisioningError('%s ACL on GPO file %s not found!' %
@@ -1804,7 +1809,7 @@ def check_dir_acl(path, acl, lp, domainsid, direct_db_access):
raise ProvisioningError('%s ACL on GPO file %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), os.path.join(root, name), fsacl_sddl, acl))
for name in dirs:
- fsacl = getntacl(lp, os.path.join(root, name),
+ fsacl = getntacl(lp, os.path.join(root, name), session_info,
direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
if fsacl is None:
raise ProvisioningError('%s ACL on GPO directory %s not found!'
@@ -1830,7 +1835,8 @@ def check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
# Set ACL for GPO root folder
root_policy_path = os.path.join(sysvol, dnsdomain, "Policies")
- fsacl = getntacl(lp, root_policy_path,
+ session_info = system_session_unix()
+ fsacl = getntacl(lp, root_policy_path, session_info,
direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
if fsacl is None:
raise ProvisioningError('DB ACL on policy root %s %s not found!' % (acl_type(direct_db_access), root_policy_path))
@@ -1883,10 +1889,11 @@ def checksysvolacl(samdb, netlogon, sysvol, domainsid, dnsdomain, domaindn,
raise ProvisioningError('Realm as seen by pdb_samba_dsdb [%s] does not match Realm as seen by the provision script [%s]!' % (domain_info["dns_domain"].upper(), dnsdomain.upper()))
# Ensure we can read this directly, and via the smbd VFS
+ session_info = system_session_unix()
for direct_db_access in [True, False]:
# Check the SYSVOL_ACL on the sysvol folder and subfolder (first level)
for dir_path in [os.path.join(sysvol, dnsdomain), netlogon]:
- fsacl = getntacl(lp, dir_path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
+ fsacl = getntacl(lp, dir_path, session_info, direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
if fsacl is None:
raise ProvisioningError('%s ACL on sysvol directory %s not found!' % (acl_type(direct_db_access), dir_path))
fsacl_sddl = fsacl.as_sddl(domainsid)
diff --git a/python/samba/tests/ntacls.py b/python/samba/tests/ntacls.py
index b345b283a76..44c8e535218 100644
--- a/python/samba/tests/ntacls.py
+++ b/python/samba/tests/ntacls.py
@@ -24,6 +24,7 @@ from samba.ntacls import setntacl, getntacl, XattrBackendError
from samba.param import LoadParm
from samba.dcerpc import security
from samba.tests import TestCaseInTempDir, SkipTest
+from samba.auth_util import system_session_unix
NTACL_SDDL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
DOMAIN_SID = "S-1-5-21-2212615479-2695158682-2101375467"
@@ -35,6 +36,7 @@ class NtaclsTests(TestCaseInTempDir):
super(NtaclsTests, self).setUp()
self.tempf = os.path.join(self.tempdir, "test")
open(self.tempf, 'w').write("empty")
+ self.session_info = system_session_unix()
def tearDown(self):
os.unlink(self.tempf)
@@ -44,15 +46,15 @@ class NtaclsTests(TestCaseInTempDir):
lp = LoadParm()
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb"))
- setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID)
+ setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, self.session_info)
os.unlink(os.path.join(self.tempdir, "eadbtest.tdb"))
def test_setntacl_getntacl(self):
lp = LoadParm()
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb"))
- setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID)
- facl = getntacl(lp, self.tempf)
+ setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, self.session_info)
+ facl = getntacl(lp, self.tempf, self.session_info)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.as_sddl(anysid), NTACL_SDDL)
os.unlink(os.path.join(self.tempdir, "eadbtest.tdb"))
@@ -60,9 +62,9 @@ class NtaclsTests(TestCaseInTempDir):
def test_setntacl_getntacl_param(self):
lp = LoadParm()
open(self.tempf, 'w').write("empty")
- setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, "tdb",
+ setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, self.session_info, "tdb",
os.path.join(self.tempdir, "eadbtest.tdb"))
- facl = getntacl(lp, self.tempf, "tdb", os.path.join(
+ facl = getntacl(lp, self.tempf, self.session_info, "tdb", os.path.join(
self.tempdir, "eadbtest.tdb"))
--
Samba Shared Repository
More information about the samba-cvs
mailing list