samba.smb.SMB:set_acl seems to generate a bad nttrans:SET_SD request

Sun Mar 25 10:06:41 MDT 2012

On Sun, Mar 25, 2012 at 8:54 AM, Alexander Bokovoy <ab at samba.org> wrote:
> On Sun, Mar 25, 2012 at 18:38, Richard Sharpe
> <realrichardsharpe at gmail.com> wrote:
>> 2012/3/25 Richard Sharpe <realrichardsharpe at gmail.com>:
>>> On Sun, Mar 25, 2012 at 7:56 AM, Alexander Bokovoy <ab at samba.org> wrote:
>>>> 2012/3/25 Richard Sharpe <realrichardsharpe at gmail.com>:
>>>> There are quite few places where Python bindings are not yet finished.
>>>> Basically, they followed needs of Samba4 thus perhaps certain features
>>>> are hardcoded.
>>>
>>> Well, if I could only figure out how to quickly rebuild the Python
>>> support (even the stuff in source4/... I would be able to make more
>>> progress :-(
>>
>> Still no progress on that, but here is a more correct patch that also
>> fixes, I think, the PyDoc stuff:
> This one looks fine to me. Perhaps we need to be more expressive on
> what security_info is -- in definitions of the flags, not here.
>
>  Let's run it past Jelmer as well.
>
> I've added samba-technical@ back.

Actually, I think we need to introduce an optional argument to get_acl
as well, because the creds used might not have the ability to retrieve
the SACL.

In that case, I think I want to make the security_info parameter to
set_acl optional as well, and ...

I want to go through the code changing all {set|get}_acl to
{set|get}_sd ... since that is what we are doing.

>>
>> diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c
>> index 2f9a579..591d471 100644
>> --- a/source4/libcli/pysmb.c
>> +++ b/source4/libcli/pysmb.c
>> @@ -367,9 +367,10 @@ static PyObject *py_smb_setacl(pytalloc_Object *self, PyObj
>>        const char *filename;
>>        PyObject *py_sd;
>>        struct security_descriptor *sd;
>> +       uint32_t sinfo = 0;
>>        int fnum;
>>
>> -       if (!PyArg_ParseTuple(args, "sO:set_acl", &filename, &py_sd)) {
>> +       if (!PyArg_ParseTuple(args, "sOl:set_acl", &filename, &py_sd, &sinfo)) {
>>                return NULL;
>>        }
>>
>> @@ -410,7 +411,7 @@ static PyObject *py_smb_setacl(pytalloc_Object *self, PyObje
>>
>>        fio.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
>>        fio.set_secdesc.in.file.fnum = fnum;
>> -       fio.set_secdesc.in.secinfo_flags = 0;
>> +       fio.set_secdesc.in.secinfo_flags = sinfo;
>>        fio.set_secdesc.in.sd = sd;
>>
>>        status = smb_raw_set_secdesc(spdata->tree, &fio);
>> @@ -450,7 +451,7 @@ static PyMethodDef py_smb_methods[] = {
>>                "get_acl(path) -> security_descriptor object\n\n \
>>                Get security descriptor for file." },
>>        { "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS,
>> -               "set_acl(path, security_descriptor) -> None\n\n \
>> +               "set_acl(path, security_descriptor, security_info) -> None\n\n \
>>                Set security descriptor for file." },
>>        { NULL },
>>  };
>> @@ -522,7 +523,7 @@ static PyTypeObject PySMB = {
>>        .tp_new = py_smb_new,
>>        .tp_flags = Py_TPFLAGS_DEFAULT,
>>        .tp_methods = py_smb_methods,
>> -       .tp_doc = "SMB(hostname, service[, lp[, creds]]) -> SMB connection objec
>> +       .tp_doc = "SMB(hostname, service[, creds[, lp]]) -> SMB
>> connection object
>>
>>  };
>>
>>
>>
>> --
>> Regards,
>> Richard Sharpe
>> (何以解憂？唯有杜康。--曹操)
>
>
>
> --
> / Alexander Bokovoy

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)