Getting and setting SDs from Python for testing ...
Amitay Isaacs
amitay at gmail.com
Sun Mar 25 17:34:48 MDT 2012
On Mon, Mar 26, 2012 at 10:16 AM, Richard Sharpe
<realrichardsharpe at gmail.com> wrote:
> On Sun, Mar 25, 2012 at 4:07 PM, Amitay Isaacs <amitay at gmail.com> wrote:
>> Hi Richard,
>>
>> 2012/3/26 Richard Sharpe <realrichardsharpe at gmail.com>:
>>> Hi Folks,
>>>
>>> Well, this patch now works for me but I am unhappy with it and want to
>>> move to treating the security_info parameters as optional. The
>>> following patch is sent mainly to get feedback ...
>>>
>>> diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c
>>> index 2f9a579..bc90df7 100644
>>> --- a/source4/libcli/pysmb.c
>>> +++ b/source4/libcli/pysmb.c
>>> @@ -302,9 +302,10 @@ static PyObject *py_smb_getacl(pytalloc_Object *self, PyObj
>>> union smb_fileinfo fio;
>>> struct smb_private_data *spdata;
>>> const char *filename;
>>> + int sinfo = 0;
>>> int fnum;
>>>
>>> - if (!PyArg_ParseTuple(args, "s:get_acl", &filename)) {
>>> + if (!PyArg_ParseTuple(args, "si:get_acl", &filename, &sinfo)) {
>>> return NULL;
>>> }
>>>
>>> @@ -335,7 +336,10 @@ static PyObject *py_smb_getacl(pytalloc_Object *self, PyObj
>>>
>>> fio.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
>>> fio.query_secdesc.in.file.fnum = fnum;
>>> - fio.query_secdesc.in.secinfo_flags = SECINFO_OWNER |
>>> + if (sinfo)
>>> + fio.query_secdesc.in.secinfo_flags = sinfo;
>>> + else
>>> + fio.query_secdesc.in.secinfo_flags = SECINFO_OWNER |
>>> SECINFO_GROUP |
>>> SECINFO_DACL |
>>> SECINFO_PROTECTED_DACL |
>>> @@ -367,9 +371,10 @@ static PyObject *py_smb_setacl(pytalloc_Object *self, PyObj
>>> const char *filename;
>>> PyObject *py_sd;
>>> struct security_descriptor *sd;
>>> + uint32_t sinfo = 0;
>>> int fnum;
>>>
>>> - if (!PyArg_ParseTuple(args, "sO:set_acl", &filename, &py_sd)) {
>>> + if (!PyArg_ParseTuple(args, "sOi:set_acl", &filename, &py_sd, &sinfo)) {
>>> return NULL;
>>> }
>>>
>>> @@ -410,7 +415,7 @@ static PyObject *py_smb_setacl(pytalloc_Object *self, PyObje
>>>
>>> fio.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
>>> fio.set_secdesc.in.file.fnum = fnum;
>>> - fio.set_secdesc.in.secinfo_flags = 0;
>>> + fio.set_secdesc.in.secinfo_flags = sinfo;
>>> fio.set_secdesc.in.sd = sd;
>>>
>>> status = smb_raw_set_secdesc(spdata->tree, &fio);
>>> @@ -447,10 +452,10 @@ static PyMethodDef py_smb_methods[] = {
>>> "chkpath(path) -> True or False\n\n \
>>> Return true if path exists, false otherwise." },
>>> { "get_acl", (PyCFunction)py_smb_getacl, METH_VARARGS,
>>> - "get_acl(path) -> security_descriptor object\n\n \
>>> + "get_acl(path, security_info) -> security_descriptor object\n\n
>>> Get security descriptor for file." },
>>> { "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS,
>>> - "set_acl(path, security_descriptor) -> None\n\n \
>>> + "set_acl(path, security_descriptor, security_info) -> None\n\n \
>>> Set security descriptor for file." },
>>> { NULL },
>>> };
>>> @@ -522,7 +527,7 @@ static PyTypeObject PySMB = {
>>> .tp_new = py_smb_new,
>>> .tp_flags = Py_TPFLAGS_DEFAULT,
>>> .tp_methods = py_smb_methods,
>>> - .tp_doc = "SMB(hostname, service[, lp[, creds]]) -> SMB connection objec
>>> + .tp_doc = "SMB(hostname, service[, creds[, lp]]) -> SMB connection objec
>>>
>>> };
>>>
>>
>> You can convert sinfo as an optional argument using kwargs.
>>
>> For example, check py_smb_new().
>
> Sure, thanks.
>
> Do you have any objections to the approach I am taking?
Not at all. I wrote this python module mainly to support samba-tool
gpo command which requires files to be copied to/from SMB share.
>
> I would also want to fix the issue in set_acl (security_info needs to
> be set to something useful if it is not supplied on the call.)
Hopefully that will get me to fix some of the ACL issues when creating GPOs. ;)
Amitay.
More information about the samba-technical
mailing list