]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
pysmbd: add "session_info" arg to py_smbd_set_simple_acl()
authorRalph Boehme <slow@samba.org>
Tue, 17 Dec 2019 13:13:30 +0000 (14:13 +0100)
committerRalph Boehme <slow@samba.org>
Fri, 20 Dec 2019 11:41:42 +0000 (11:41 +0000)
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
python/samba/provision/__init__.py
python/samba/tests/posixacl.py
source3/smbd/pysmbd.c

index 217840989aa63c1bee67543febead68a8205600f..152e1923e83c7eab2b87098ce9103335df43cf69 100644 (file)
@@ -46,6 +46,7 @@ import samba.dsdb
 import ldb
 
 from samba.auth import system_session, admin_session
+from samba.auth_util import system_session_unix
 import samba
 from samba import auth
 from samba.samba3 import smbd, passdb
@@ -1694,7 +1695,7 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain,
         file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol))
         try:
             try:
-                smbd.set_simple_acl(file.name, 0o755, gid)
+                smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
             except OSError:
                 if not smbd.have_posix_acls():
                     # This clue is only strictly correct for RPM and
index 0c95d9061fe1426528101405d9bb52528ade8efe..c6030024651116a2c182247d69cdfb46b66394c5 100644 (file)
@@ -86,7 +86,7 @@ class PosixAclMappingTests(SmbdBaseTests):
                  session_info=self.get_session_info())
 
         # This will invalidate the ACL, as we have a hook!
-        smbd.set_simple_acl(self.tempf, 0o640)
+        smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
 
         # However, this only asks the xattr
         self.assertRaises(
@@ -161,7 +161,7 @@ class PosixAclMappingTests(SmbdBaseTests):
         setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False,
                  session_info=self.get_session_info())
         # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
-        smbd.set_simple_acl(self.tempf, 0o640)
+        smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
         facl = getntacl(self.lp, self.tempf, direct_db_access=False)
         anysid = security.dom_sid(security.SID_NT_SELF)
         self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid))
@@ -175,7 +175,7 @@ class PosixAclMappingTests(SmbdBaseTests):
         # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code
         s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
         (BA_gid, BA_type) = s4_passdb.sid_to_id(BA_sid)
-        smbd.set_simple_acl(self.tempf, 0o640, BA_gid)
+        smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info(), BA_gid)
 
         # This should re-calculate an ACL based on the posix details
         facl = getntacl(self.lp, self.tempf, direct_db_access=False)
@@ -200,7 +200,7 @@ class PosixAclMappingTests(SmbdBaseTests):
         posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
 
     def test_setposixacl_getntacl(self):
-        smbd.set_simple_acl(self.tempf, 0o750)
+        smbd.set_simple_acl(self.tempf, 0o750, self.get_session_info())
         # We don't expect the xattr to be filled in in this case
         self.assertRaises(TypeError, getntacl, self.lp, self.tempf)
 
@@ -208,7 +208,7 @@ class PosixAclMappingTests(SmbdBaseTests):
         s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
         group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid)
         user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
-        smbd.set_simple_acl(self.tempf, 0o640)
+        smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
         facl = getntacl(self.lp, self.tempf, direct_db_access=False)
         acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
         anysid = security.dom_sid(security.SID_NT_SELF)
@@ -225,7 +225,7 @@ class PosixAclMappingTests(SmbdBaseTests):
         (SO_id, SO_type) = s4_passdb.sid_to_id(SO_sid)
         self.assertEquals(SO_type, idmap.ID_TYPE_BOTH)
         smbd.chown(self.tempdir, BA_id, SO_id)
-        smbd.set_simple_acl(self.tempdir, 0o750)
+        smbd.set_simple_acl(self.tempdir, 0o750, self.get_session_info())
         facl = getntacl(self.lp, self.tempdir, direct_db_access=False)
         acl = "O:BAG:SOD:(A;;0x001f01ff;;;BA)(A;;0x001200a9;;;SO)(A;;;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)"
 
@@ -239,7 +239,7 @@ class PosixAclMappingTests(SmbdBaseTests):
         group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid)
         user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid)
         self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
-        smbd.set_simple_acl(self.tempf, 0o640, BA_gid)
+        smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info(), BA_gid)
         facl = getntacl(self.lp, self.tempf, direct_db_access=False)
         domsid = passdb.get_global_sam_sid()
         acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;BA)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID)
@@ -247,7 +247,7 @@ class PosixAclMappingTests(SmbdBaseTests):
         self.assertEquals(acl, facl.as_sddl(anysid))
 
     def test_setposixacl_getposixacl(self):
-        smbd.set_simple_acl(self.tempf, 0o640)
+        smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info())
         posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
         self.assertEquals(posix_acl.count, 4, self.print_posix_acl(posix_acl))
 
@@ -264,7 +264,7 @@ class PosixAclMappingTests(SmbdBaseTests):
         self.assertEquals(posix_acl.acl[3].a_perm, 7)
 
     def test_setposixacl_dir_getposixacl(self):
-        smbd.set_simple_acl(self.tempdir, 0o750)
+        smbd.set_simple_acl(self.tempdir, 0o750, self.get_session_info())
         posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS)
         self.assertEquals(posix_acl.count, 4, self.print_posix_acl(posix_acl))
 
@@ -285,7 +285,7 @@ class PosixAclMappingTests(SmbdBaseTests):
         s4_passdb = passdb.PDB(self.lp.get("passdb backend"))
         (BA_gid, BA_type) = s4_passdb.sid_to_id(BA_sid)
         self.assertEquals(BA_type, idmap.ID_TYPE_BOTH)
-        smbd.set_simple_acl(self.tempf, 0o670, BA_gid)
+        smbd.set_simple_acl(self.tempf, 0o670, self.get_session_info(), BA_gid)
         posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS)
 
         self.assertEquals(posix_acl.count, 5, self.print_posix_acl(posix_acl))
index 5bb35fcfd91888601a9e459da6ace2d7db31aec1..ea062a5a7e8c19fe3be0bb6b76f9caaef9947214 100644 (file)
@@ -427,25 +427,43 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject
        const char * const kwnames[] = {
                "fname",
                "mode",
+               "session_info",
                "gid",
                "service",
                NULL
        };
        char *fname, *service = NULL;
+       PyObject *py_session = Py_None;
+       struct auth_session_info *session_info = NULL;
        int ret;
        int mode, gid = -1;
        SMB_ACL_T acl;
        TALLOC_CTX *frame;
        connection_struct *conn;
 
-       if (!PyArg_ParseTupleAndKeywords(args, kwargs, "si|iz",
+       if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz",
                                         discard_const_p(char *, kwnames),
                                         &fname,
                                         &mode,
+                                        &py_session,
                                         &gid,
                                         &service))
                return NULL;
 
+       if (!py_check_dcerpc_type(py_session,
+                                 "samba.dcerpc.auth",
+                                 "session_info")) {
+               return NULL;
+       }
+       session_info = pytalloc_get_type(py_session,
+                                        struct auth_session_info);
+       if (session_info == NULL) {
+               PyErr_Format(PyExc_TypeError,
+                            "Expected auth_session_info for session_info argument got %s",
+                            pytalloc_get_name(py_session));
+               return NULL;
+       }
+
        frame = talloc_stackframe();
 
        acl = make_simple_acl(frame, gid, mode);
@@ -454,7 +472,7 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject
                return NULL;
        }
 
-       conn = get_conn_tos(service, NULL);
+       conn = get_conn_tos(service, session_info);
        if (!conn) {
                TALLOC_FREE(frame);
                return NULL;