session_info=self.get_session_info())
# This will invalidate the ACL, as we have a hook!
- smbd.set_simple_acl(self.tempf, 0o640)
+ smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
# However, this only asks the xattr
self.assertRaises(
setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False,
session_info=self.get_session_info())
# This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
- smbd.set_simple_acl(self.tempf, 0o640)
+ smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
facl = getntacl(self.lp, self.tempf, direct_db_access=False)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))
# This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
(BA_gid, BA_type) = s4_passdb.sid_to_id(BA_sid)
- smbd.set_simple_acl(self.tempf, 0o640, BA_gid)
+ smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info(), BA_gid)
# This should re-calculate an ACL based on the posix details
facl = getntacl(self.lp, self.tempf, direct_db_access=False)
posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
def test_setposixacl_getntacl(self):
- smbd.set_simple_acl(self.tempf, 0o750)
+ smbd.set_simple_acl(self.tempf, 0o750, self.get_session_info())
# We don't expect the xattr to be filled in in this case
self.assertRaises(TypeError, getntacl, self.lp, self.tempf)
s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid)
user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
- smbd.set_simple_acl(self.tempf, 0o640)
+ smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
facl = getntacl(self.lp, self.tempf, direct_db_access=False)
acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
anysid = security.dom_sid(security.SID_NT_SELF)
(SO_id, SO_type) = s4_passdb.sid_to_id(SO_sid)
self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
smbd.chown(self.tempdir, BA_id, SO_id)
- smbd.set_simple_acl(self.tempdir, 0o750)
+ smbd.set_simple_acl(self.tempdir, 0o750, self.get_session_info())
facl = getntacl(self.lp, self.tempdir, direct_db_access=False)
acl = "O:BAG:SOD:(A;;0x001f01ff;;;BA)(A;;0x001200a9;;;SO)(A;;;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)"
group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid)
user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
- smbd.set_simple_acl(self.tempf, 0o640, BA_gid)
+ smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info(), BA_gid)
facl = getntacl(self.lp, self.tempf, direct_db_access=False)
domsid = passdb.get_global_sam_sid()
acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;BA)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
self.assertEquals(acl, facl.as_sddl(anysid))
def test_setposixacl_getposixacl(self):
- smbd.set_simple_acl(self.tempf, 0o640)
+ smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
self.assertEquals(posix_acl.count, 4, self.print_posix_acl(posix_acl))
self.assertEquals(posix_acl.acl[3].a_perm, 7)
def test_setposixacl_dir_getposixacl(self):
- smbd.set_simple_acl(self.tempdir, 0o750)
+ smbd.set_simple_acl(self.tempdir, 0o750, self.get_session_info())
posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS)
self.assertEquals(posix_acl.count, 4, self.print_posix_acl(posix_acl))
s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
(BA_gid, BA_type) = s4_passdb.sid_to_id(BA_sid)
self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
- smbd.set_simple_acl(self.tempf, 0o670, BA_gid)
+ smbd.set_simple_acl(self.tempf, 0o670, self.get_session_info(), BA_gid)
posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
self.assertEquals(posix_acl.count, 5, self.print_posix_acl(posix_acl))
const char * const kwnames[] = {
"fname",
"mode",
+ "session_info",
"gid",
"service",
NULL
};
char *fname, *service = NULL;
+ PyObject *py_session = Py_None;
+ struct auth_session_info *session_info = NULL;
int ret;
int mode, gid = -1;
SMB_ACL_T acl;
TALLOC_CTX *frame;
connection_struct *conn;
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "si|iz",
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz",
discard_const_p(char *, kwnames),
&fname,
&mode,
+ &py_session,
&gid,
&service))
return NULL;
+ if (!py_check_dcerpc_type(py_session,
+ "samba.dcerpc.auth",
+ "session_info")) {
+ return NULL;
+ }
+ session_info = pytalloc_get_type(py_session,
+ struct auth_session_info);
+ if (session_info == NULL) {
+ PyErr_Format(PyExc_TypeError,
+ "Expected auth_session_info for session_info argument got %s",
+ pytalloc_get_name(py_session));
+ return NULL;
+ }
+
frame = talloc_stackframe();
acl = make_simple_acl(frame, gid, mode);
return NULL;
}
- conn = get_conn_tos(service, NULL);
+ conn = get_conn_tos(service, session_info);
if (!conn) {
TALLOC_FREE(frame);
return NULL;