[SCM] Samba Shared Repository - branch master updated

Ralph Böhme slow at samba.org
Fri Jun 5 11:55:08 UTC 2020


The branch, master has been updated
       via  72d69eef136 pysmbd: make sure that session unix info is filled
       via  26fd73de7b2 tests/pysmbd: fill session unix info in ntacl tests
       via  efea16f367e python/samba/provision: set unix session info for user session, used for sysvol acl reset
       via  d72a512e0f1 pyauth: add python binding for auth_session_info_set_unix()
       via  bde136a2802 s4-auth/unix_token: add new function auth_session_info_set_unix()
       via  d159b4c0a50 s4-auth/unix_token: separate out filling the unix_info elements in a struct session_info
       via  824fa5f45c8 python: fix slow's mail address
      from  6f1db2d19e7 libsmb: Remove unused cli_smb2_qfileinfo_basic()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 72d69eef136d135788942cbdef3775ddd74e241f
Author: Björn Baumbach <bb at sernet.de>
Date:   Tue Jun 2 15:33:36 2020 +0200

    pysmbd: make sure that session unix info is filled
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Fri Jun  5 11:54:06 UTC 2020 on sn-devel-184

commit 26fd73de7b25dfc191e5c164d3c375bae2b4c113
Author: Björn Baumbach <bb at sernet.de>
Date:   Thu Jun 4 13:51:30 2020 +0200

    tests/pysmbd: fill session unix info in ntacl tests
    
    Valid unix info is required.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit efea16f367e4b4e7bf140b15a023770470124898
Author: Björn Baumbach <bb at sernet.de>
Date:   Thu Jun 4 16:02:24 2020 +0200

    python/samba/provision: set unix session info for user session, used for sysvol acl reset
    
    The unix session info is required and expected by e.g. many vfs
    modules. Missing unix session info leads to samba panic.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit d72a512e0f1ce265f6bd2af01feebcfe809c9079
Author: Björn Baumbach <bb at sernet.de>
Date:   Thu Jun 4 16:00:04 2020 +0200

    pyauth: add python binding for auth_session_info_set_unix()
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit bde136a280291354c06b528f1ef9e002d265b2a2
Author: Björn Baumbach <bb at sernet.de>
Date:   Thu Jun 4 15:41:34 2020 +0200

    s4-auth/unix_token: add new function auth_session_info_set_unix()
    
    Used to fill the unix info in a struct auth_session_info similar to
    auth_session_info_fill_unix().
    
    The new auth_session_info_set_unix() receives the uid and gid for
    the unix token as an parameter. It does not query the unix token from
    winbind (via security_token_to_unix_token()).
    This is useful to fill a user session info manually if winbind is not
    available.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit d159b4c0a506162f8644943f7a66c590efd0df55
Author: Björn Baumbach <bb at sernet.de>
Date:   Thu Jun 4 15:39:02 2020 +0200

    s4-auth/unix_token: separate out filling the unix_info elements in a struct session_info
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit 824fa5f45c82e1d0daf801d227ca2caa272ec45e
Author: Björn Baumbach <bb at sernet.de>
Date:   Fri May 29 16:05:10 2020 +0200

    python: fix slow's mail address
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Ralph Boehme <slow at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 python/samba/auth_util.py          |  2 +-
 python/samba/provision/__init__.py |  5 +++
 python/samba/tests/posixacl.py     | 22 ++++++++--
 source3/smbd/pysmbd.c              | 15 +++++++
 source4/auth/pyauth.c              | 72 ++++++++++++++++++++++++++++++
 source4/auth/unix_token.c          | 90 +++++++++++++++++++++++++++++++-------
 6 files changed, 184 insertions(+), 22 deletions(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/auth_util.py b/python/samba/auth_util.py
index 570c638fbeb..f616bb48c10 100644
--- a/python/samba/auth_util.py
+++ b/python/samba/auth_util.py
@@ -1,7 +1,7 @@
 # Unix SMB/CIFS implementation.
 # auth util helpers
 #
-# Copyright (C) Ralph Boehme <slow at sambba.org> 2019
+# Copyright (C) Ralph Boehme <slow at samba.org> 2019
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 05451c33491..fe58569e5e5 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1742,6 +1742,11 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain,
 
     session_info = auth.user_session(samdb, lp_ctx=lp, dn=userdn,
                                      session_info_flags=flags)
+    auth.session_info_set_unix(session_info,
+                               lp_ctx=lp,
+                               user_name="Administrator",
+                               uid=uid,
+                               gid=gid)
 
     def _setntacl(path):
         """A helper to reuse args"""
diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py
index 9f60b297c9b..4fcf7bb21ed 100644
--- a/python/samba/tests/posixacl.py
+++ b/python/samba/tests/posixacl.py
@@ -821,14 +821,24 @@ class SessionedPosixAclMappingTests(PosixAclMappingTests):
         """
         if str(domsid) != str(self.samdb.get_domain_sid()):
             # fake it with admin session as domsid is not in local db
-            return auth.admin_session(self.lp, str(domsid))
+            admin_session = auth.admin_session(self.lp, str(domsid))
+            auth.session_info_fill_unix(admin_session,
+                                        lp_ctx=self.lp,
+                                        user_name="Administrator")
+            return admin_session
 
         dn = '<SID={0}-{1}>'.format(domsid, security.DOMAIN_RID_ADMINISTRATOR)
         flags = (auth.AUTH_SESSION_INFO_DEFAULT_GROUPS |
                  auth.AUTH_SESSION_INFO_AUTHENTICATED |
                  auth.AUTH_SESSION_INFO_SIMPLE_PRIVILEGES)
-        return auth.user_session(self.samdb, lp_ctx=self.lp, dn=dn,
-                                 session_info_flags=flags)
+        user_session = auth.user_session(self.samdb,
+                                         lp_ctx=self.lp,
+                                         dn=dn,
+                                         session_info_flags=flags)
+        auth.session_info_fill_unix(user_session,
+                                    lp_ctx=self.lp,
+                                    user_name="Administrator")
+        return user_session
 
 
 class UnixSessionedPosixAclMappingTests(PosixAclMappingTests):
@@ -842,7 +852,11 @@ class UnixSessionedPosixAclMappingTests(PosixAclMappingTests):
         """
         if str(domsid) != str(self.samdb.get_domain_sid()):
             # fake it with admin session as domsid is not in local db
-            return auth.admin_session(self.lp, str(domsid))
+            admin_session = auth.admin_session(self.lp, str(domsid))
+            auth.session_info_fill_unix(admin_session,
+                                        lp_ctx=self.lp,
+                                        user_name="Administrator")
+            return admin_session
 
         dn = '<SID={0}-{1}>'.format(domsid, security.DOMAIN_RID_ADMINISTRATOR)
         flags = (auth.AUTH_SESSION_INFO_DEFAULT_GROUPS |
diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
index 7f671cf6eeb..dd4a70ca256 100644
--- a/source3/smbd/pysmbd.c
+++ b/source3/smbd/pysmbd.c
@@ -73,6 +73,21 @@ static connection_struct *get_conn_tos(
 		}
 	}
 
+	/*
+	 * Make sure that session unix info is filled,
+	 * which is required by vfs operations.
+	 */
+	if (session_info->unix_info == NULL) {
+		PyErr_SetString(PyExc_RuntimeError,
+				"Session unix info not initialized");
+		return NULL;
+	}
+	if (session_info->unix_info->unix_name == NULL) {
+		PyErr_SetString(PyExc_RuntimeError,
+				"Session unix info not available");
+		return NULL;
+	}
+
 	status = create_conn_struct_tos(NULL,
 					snum,
 					"/",
diff --git a/source4/auth/pyauth.c b/source4/auth/pyauth.c
index ed88a1751fe..ec6065d7d0a 100644
--- a/source4/auth/pyauth.c
+++ b/source4/auth/pyauth.c
@@ -282,6 +282,74 @@ static PyObject *py_session_info_fill_unix(PyObject *module,
 }
 
 
+static PyObject *py_session_info_set_unix(PyObject *module,
+					  PyObject *args,
+					  PyObject *kwargs)
+{
+	NTSTATUS nt_status;
+	char *user_name = NULL;
+	int uid = -1;
+	int gid = -1;
+	struct loadparm_context *lp_ctx = NULL;
+	struct auth_session_info *session_info;
+	PyObject *py_lp_ctx = Py_None;
+	PyObject *py_session = Py_None;
+	TALLOC_CTX *frame;
+
+	const char * const kwnames[] = { "session_info",
+					 "user_name",
+					 "uid",
+					 "gid",
+					 "lp_ctx",
+					 NULL };
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Ozii|O",
+					 discard_const_p(char *, kwnames),
+					 &py_session,
+					 &user_name,
+					 &uid,
+					 &gid,
+					 &py_lp_ctx)) {
+		return NULL;
+	}
+
+	if (!py_check_dcerpc_type(py_session,
+				  "samba.dcerpc.auth",
+				  "session_info")) {
+		return NULL;
+	}
+	session_info = pytalloc_get_type(py_session,
+					 struct auth_session_info);
+	if (!session_info) {
+		PyErr_Format(PyExc_TypeError,
+			     "Expected auth_session_info for session_info "
+			     "argument got %s",
+			     pytalloc_get_name(py_session));
+		return NULL;
+	}
+
+	frame = talloc_stackframe();
+
+	lp_ctx = lpcfg_from_py_object(frame, py_lp_ctx);
+	if (lp_ctx == NULL) {
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	nt_status = auth_session_info_set_unix(lp_ctx,
+					       user_name,
+					       uid,
+					       gid,
+					       session_info);
+	TALLOC_FREE(frame);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		PyErr_NTSTATUS_IS_ERR_RAISE(nt_status);
+	}
+
+	Py_RETURN_NONE;
+}
+
+
 static const char **PyList_AsStringList(TALLOC_CTX *mem_ctx, PyObject *list, 
 					const char *paramname)
 {
@@ -430,6 +498,10 @@ static PyMethodDef py_auth_methods[] = {
 	  PY_DISCARD_FUNC_SIG(PyCFunction,py_session_info_fill_unix),
 	  METH_VARARGS|METH_KEYWORDS,
 	  NULL },
+	{ "session_info_set_unix",
+	  PY_DISCARD_FUNC_SIG(PyCFunction,py_session_info_set_unix),
+	  METH_VARARGS|METH_KEYWORDS,
+	  NULL },
 	{ "copy_session_info",
 	  PY_DISCARD_FUNC_SIG(PyCFunction,py_copy_session_info),
 	  METH_VARARGS|METH_KEYWORDS,
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
index c1b39ccf3de..b3396b852df 100644
--- a/source4/auth/unix_token.c
+++ b/source4/auth/unix_token.c
@@ -136,26 +136,21 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
 }
 
 /*
-  Fill in the auth_user_info_unix and auth_unix_token elements in a struct session_info
-*/
-NTSTATUS auth_session_info_fill_unix(struct loadparm_context *lp_ctx,
-				     const char *original_user_name,
-				     struct auth_session_info *session_info)
+ * Fill in the unix_info elements in a struct session_info
+ */
+NTSTATUS fill_unix_info(struct loadparm_context *lp_ctx,
+			const char *original_user_name,
+			struct auth_session_info *session_info)
 {
-	NTSTATUS status = security_token_to_unix_token(session_info,
-						       session_info->security_token,
-						       &session_info->unix_token);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
-	session_info->unix_info = talloc_zero(session_info, struct auth_user_info_unix);
+	session_info->unix_info = talloc_zero(session_info,
+					      struct auth_user_info_unix);
 	NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info);
 
-	session_info->unix_info->unix_name = talloc_asprintf(session_info->unix_info,
-							     "%s%s%s", session_info->info->domain_name,
-							     lpcfg_winbind_separator(lp_ctx),
-							     session_info->info->account_name);
+	session_info->unix_info->unix_name =
+		talloc_asprintf(session_info->unix_info,
+				"%s%s%s", session_info->info->domain_name,
+				lpcfg_winbind_separator(lp_ctx),
+				session_info->info->account_name);
 	NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info->unix_name);
 
 	if (original_user_name == NULL) {
@@ -170,3 +165,64 @@ NTSTATUS auth_session_info_fill_unix(struct loadparm_context *lp_ctx,
 
 	return NT_STATUS_OK;
 }
+
+/*
+  Fill in the auth_user_info_unix and auth_unix_token elements in a struct session_info
+*/
+NTSTATUS auth_session_info_fill_unix(struct loadparm_context *lp_ctx,
+				     const char *original_user_name,
+				     struct auth_session_info *session_info)
+{
+	NTSTATUS status = NT_STATUS_OK;
+
+	status = security_token_to_unix_token(session_info,
+					      session_info->security_token,
+					      &session_info->unix_token);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = fill_unix_info(lp_ctx,
+				original_user_name,
+				session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+ * Set the given auth_user_info_unix and auth_unix_token elements in a
+ * struct session_info, similar auth_session_info_fill_unix().
+ * Receives the uid and gid for the unix token as parameters and does
+ * not query the unix token from winbind (via security_token_to_unix_token()).
+ * This is useful to fill a user session info manually if winbind is not
+ * available.
+ */
+NTSTATUS auth_session_info_set_unix(struct loadparm_context *lp_ctx,
+				    const char *original_user_name,
+				    int uid,
+				    int gid,
+				    struct auth_session_info *session_info)
+{
+	NTSTATUS status;
+
+	session_info->unix_token = talloc_zero(session_info,
+					       struct security_unix_token);
+	if (session_info->unix_token == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	session_info->unix_token->uid = uid;
+	session_info->unix_token->gid = gid;
+
+	status = fill_unix_info(lp_ctx,
+				original_user_name,
+				session_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}


-- 
Samba Shared Repository



More information about the samba-cvs mailing list