From: Ralph Boehme Date: Tue, 17 Dec 2019 13:49:42 +0000 (+0100) Subject: pysmbd: make "session_info" arg to py_smbd_set_nt_acl() mandatory X-Git-Tag: ldb-2.1.0~162 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=437af4d07944f201c26cd0ebc4a5622e342d0f4c;p=thirdparty%2Fsamba.git pysmbd: make "session_info" arg to py_smbd_set_nt_acl() mandatory Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher --- diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py index 80811154d4d..bea6482f99e 100644 --- a/python/samba/netcmd/domain.py +++ b/python/samba/netcmd/domain.py @@ -66,6 +66,7 @@ from samba.samba3 import param as s3param from samba.upgrade import upgrade_from_samba3 from samba.drs_utils import drsuapi_connect from samba import remove_dc, arcfour_encrypt, string_to_byte_array +from samba.auth_util import system_session_unix from samba.dsdb import ( DS_DOMAIN_FUNCTION_2000, @@ -463,7 +464,10 @@ class cmd_domain_provision(Command): try: try: samba.ntacls.setntacl(lp, file.name, - "O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native") + "O:S-1-5-32G:S-1-5-32", + "S-1-5-32", + system_session_unix(), + "native") eadb = False except Exception: self.logger.info("You are not root or your system does not support xattr, using tdb backend for attributes. ") @@ -1607,7 +1611,10 @@ class cmd_domain_classicupgrade(Command): try: try: samba.ntacls.setntacl(lp, tmpfile.name, - "O:S-1-5-32G:S-1-5-32", "S-1-5-32", "native") + "O:S-1-5-32G:S-1-5-32", + "S-1-5-32", + system_session_unix(), + "native") eadb = False except Exception: # FIXME: Don't catch all exceptions here diff --git a/python/samba/netcmd/ntacl.py b/python/samba/netcmd/ntacl.py index bd15cc4548a..0e7558d2acd 100644 --- a/python/samba/netcmd/ntacl.py +++ b/python/samba/netcmd/ntacl.py @@ -107,11 +107,11 @@ class cmd_ntacl_set(Command): file, acl, str(domain_sid), + system_session_unix(), xattr_backend, eadb_file, use_ntvfs=use_ntvfs, - service=service, - session_info=system_session_unix()) + service=service) if use_ntvfs: logger.warning("Please note that POSIX permissions have NOT been changed, only the stored NT ACL") @@ -323,11 +323,11 @@ class cmd_ntacl_changedomsid(Command): file, acl, new_domain_sid, + system_session_unix(), xattr_backend, eadb_file, use_ntvfs=use_ntvfs, - service=service, - session_info=system_session_unix()) + service=service) except Exception as e: raise CommandError("Could not set acl for %s: %s" % (file, e)) diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py index 7057938b56e..4010a437b5e 100644 --- a/python/samba/ntacls.py +++ b/python/samba/ntacls.py @@ -35,6 +35,7 @@ from samba.samba3 import smbd from samba.samba3 import libsmb_samba_internal as libsmb from samba.logger import get_samba_logger from samba import NTSTATUSError +from samba.auth_util import system_session_unix # don't include volumes SMB_FILE_ATTRIBUTE_FLAGS = libsmb.FILE_ATTRIBUTE_SYSTEM | \ @@ -134,10 +135,10 @@ def getntacl(lp, session_info=session_info) -def setntacl(lp, file, sddl, domsid, +def setntacl(lp, file, sddl, domsid, session_info, backend=None, eadbfile=None, use_ntvfs=True, skip_invalid_chown=False, - passdb=None, service=None, session_info=None): + passdb=None, service=None): """ A wrapper for smbd set_nt_acl api. @@ -190,7 +191,8 @@ def setntacl(lp, file, sddl, domsid, smbd.set_nt_acl( file, SECURITY_SECINFO_FLAGS, sd2, - service=service, session_info=session_info) + session_info, + service=service) # and then set an NTVFS ACL (which does not set the posix ACL) to pretend the owner really was set use_ntvfs = True @@ -208,7 +210,9 @@ def setntacl(lp, file, sddl, domsid, security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, - sd, service=service, session_info=session_info) + sd, + session_info, + service=service) if use_ntvfs: (backend_obj, dbname) = checkset_backend(lp, backend, eadbfile) @@ -456,9 +460,9 @@ class NtaclsHelper: return ntacl_sd.as_sddl(self.dom_sid) if as_sddl else ntacl_sd - def setntacl(self, path, ntacl_sd): + def setntacl(self, path, ntacl_sd, session_info): # ntacl_sd can be obj or str - return setntacl(self.lp, path, ntacl_sd, self.dom_sid, + return setntacl(self.lp, path, ntacl_sd, self.dom_sid, session_info, use_ntvfs=self.use_ntvfs) @@ -543,6 +547,7 @@ def backup_offline(src_service_path, dest_tarfile_path, samdb_conn, smb_conf_pat """ service = src_service_path.rstrip('/').rsplit('/', 1)[-1] tempdir = tempfile.mkdtemp() + session_info = system_session_unix() dom_sid_str = samdb_conn.get_domain_sid() dom_sid = security.dom_sid(dom_sid_str) @@ -599,6 +604,7 @@ def backup_restore(src_tarfile_path, dst_service_path, samdb_conn, smb_conf_path dom_sid = security.dom_sid(dom_sid_str) ntacls_helper = NtaclsHelper(service, smb_conf_path, dom_sid) + session_info = system_session_unix() with tarfile.open(src_tarfile_path) as f: f.extractall(path=tempdir) @@ -619,7 +625,7 @@ def backup_restore(src_tarfile_path, dst_service_path, samdb_conn, smb_conf_path ntacl_sddl_str = _read_ntacl_file(src) if ntacl_sddl_str: - ntacls_helper.setntacl(dst, ntacl_sddl_str) + ntacls_helper.setntacl(dst, ntacl_sddl_str, session_info) else: logger.warning( 'Failed to restore ntacl for directory %s.' % dst @@ -635,7 +641,7 @@ def backup_restore(src_tarfile_path, dst_service_path, samdb_conn, smb_conf_path ntacl_sddl_str = _read_ntacl_file(src) if ntacl_sddl_str: - ntacls_helper.setntacl(dst, ntacl_sddl_str) + ntacls_helper.setntacl(dst, ntacl_sddl_str, session_info) else: logger.warning('Failed to restore ntacl for file %s.' % dst + ' Please check the permissions are correct') diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py index bb9ddd15bc7..2f7707b3659 100644 --- a/python/samba/provision/__init__.py +++ b/python/samba/provision/__init__.py @@ -1633,13 +1633,14 @@ SYSVOL_SERVICE = "sysvol" def set_dir_acl(path, acl, lp, domsid, use_ntvfs, passdb, service=SYSVOL_SERVICE): - setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service) + session_info = system_session_unix() + setntacl(lp, path, acl, domsid, session_info, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service) for root, dirs, files in os.walk(path, topdown=False): for name in files: - setntacl(lp, os.path.join(root, name), acl, domsid, + setntacl(lp, os.path.join(root, name), acl, domsid, session_info, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service) for name in dirs: - setntacl(lp, os.path.join(root, name), acl, domsid, + setntacl(lp, os.path.join(root, name), acl, domsid, session_info, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service) @@ -1657,7 +1658,9 @@ def set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, p # Set ACL for GPO root folder root_policy_path = os.path.join(sysvol, dnsdomain, "Policies") - setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid), + session_info = system_session_unix() + + setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid), session_info, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE) res = samdb.search(base="CN=Policies,CN=System,%s" %(domaindn), @@ -1759,9 +1762,9 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain, def _setntacl(path): """A helper to reuse args""" return setntacl( - lp, path, SYSVOL_ACL, str(domainsid), + lp, path, SYSVOL_ACL, str(domainsid), session_info, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb, - service=SYSVOL_SERVICE, session_info=session_info) + service=SYSVOL_SERVICE) # Set the SYSVOL_ACL on the sysvol folder and subfolder (first level) _setntacl(sysvol) diff --git a/python/samba/tests/ntacls.py b/python/samba/tests/ntacls.py index b345b283a76..85ac268daaf 100644 --- a/python/samba/tests/ntacls.py +++ b/python/samba/tests/ntacls.py @@ -24,6 +24,7 @@ from samba.ntacls import setntacl, getntacl, XattrBackendError from samba.param import LoadParm from samba.dcerpc import security from samba.tests import TestCaseInTempDir, SkipTest +from samba.auth_util import system_session_unix NTACL_SDDL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" DOMAIN_SID = "S-1-5-21-2212615479-2695158682-2101375467" @@ -35,6 +36,7 @@ class NtaclsTests(TestCaseInTempDir): super(NtaclsTests, self).setUp() self.tempf = os.path.join(self.tempdir, "test") open(self.tempf, 'w').write("empty") + self.session_info = system_session_unix() def tearDown(self): os.unlink(self.tempf) @@ -44,14 +46,14 @@ class NtaclsTests(TestCaseInTempDir): lp = LoadParm() open(self.tempf, 'w').write("empty") lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb")) - setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID) + setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, self.session_info) os.unlink(os.path.join(self.tempdir, "eadbtest.tdb")) def test_setntacl_getntacl(self): lp = LoadParm() open(self.tempf, 'w').write("empty") lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb")) - setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID) + setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, self.session_info) facl = getntacl(lp, self.tempf) anysid = security.dom_sid(security.SID_NT_SELF) self.assertEquals(facl.as_sddl(anysid), NTACL_SDDL) @@ -60,7 +62,7 @@ class NtaclsTests(TestCaseInTempDir): def test_setntacl_getntacl_param(self): lp = LoadParm() open(self.tempf, 'w').write("empty") - setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, "tdb", + setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, self.session_info, "tdb", os.path.join(self.tempdir, "eadbtest.tdb")) facl = getntacl(lp, self.tempf, "tdb", os.path.join( self.tempdir, "eadbtest.tdb")) @@ -72,7 +74,7 @@ class NtaclsTests(TestCaseInTempDir): lp = LoadParm() open(self.tempf, 'w').write("empty") self.assertRaises(XattrBackendError, setntacl, lp, self.tempf, - NTACL_SDDL, DOMAIN_SID, "ttdb", + NTACL_SDDL, DOMAIN_SID, self.session_info, "ttdb", os.path.join(self.tempdir, "eadbtest.tdb")) def test_setntacl_forcenative(self): @@ -82,4 +84,4 @@ class NtaclsTests(TestCaseInTempDir): open(self.tempf, 'w').write("empty") lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb")) self.assertRaises(Exception, setntacl, lp, self.tempf, NTACL_SDDL, - DOMAIN_SID, "native") + DOMAIN_SID, self.session_info, "native") diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py index a2c14edc239..3043776d54f 100644 --- a/python/samba/tests/posixacl.py +++ b/python/samba/tests/posixacl.py @@ -69,21 +69,21 @@ class PosixAclMappingTests(SmbdBaseTests): def test_setntacl(self): acl = ACL - setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False, - session_info=self.get_session_info()) + setntacl(self.lp, self.tempf, acl, DOM_SID, + self.get_session_info(), use_ntvfs=False) def test_setntacl_smbd_getntacl(self): acl = ACL - setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=True, - session_info=self.get_session_info()) + setntacl(self.lp, self.tempf, acl, DOM_SID, + self.get_session_info(), use_ntvfs=True) facl = getntacl(self.lp, self.tempf, direct_db_access=True) anysid = security.dom_sid(security.SID_NT_SELF) self.assertEquals(facl.as_sddl(anysid), acl) def test_setntacl_smbd_setposixacl_getntacl(self): acl = ACL - setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=True, - session_info=self.get_session_info()) + setntacl(self.lp, self.tempf, acl, DOM_SID, + self.get_session_info(), use_ntvfs=True) # This will invalidate the ACL, as we have a hook! smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info()) @@ -94,8 +94,8 @@ class PosixAclMappingTests(SmbdBaseTests): def test_setntacl_invalidate_getntacl(self): acl = ACL - setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=True, - session_info=self.get_session_info()) + setntacl(self.lp, self.tempf, acl, DOM_SID, + self.get_session_info(), use_ntvfs=True) # This should invalidate the ACL, as we include the posix ACL in the hash (backend_obj, dbname) = checkset_backend(self.lp, None, None) @@ -109,8 +109,8 @@ class PosixAclMappingTests(SmbdBaseTests): def test_setntacl_invalidate_getntacl_smbd(self): acl = ACL - setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False, - session_info=self.get_session_info()) + setntacl(self.lp, self.tempf, acl, DOM_SID, + self.get_session_info(), use_ntvfs=False) # This should invalidate the ACL, as we include the posix ACL in the hash (backend_obj, dbname) = checkset_backend(self.lp, None, None) @@ -126,8 +126,8 @@ class PosixAclMappingTests(SmbdBaseTests): acl = ACL simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x001200a9;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)" os.chmod(self.tempf, 0o750) - setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False, - session_info=self.get_session_info()) + setntacl(self.lp, self.tempf, acl, DOM_SID, + self.get_session_info(), use_ntvfs=False) # This should invalidate the ACL, as we include the posix ACL in the hash (backend_obj, dbname) = checkset_backend(self.lp, None, None) @@ -141,16 +141,16 @@ class PosixAclMappingTests(SmbdBaseTests): def test_setntacl_getntacl_smbd(self): acl = ACL - setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=True, - session_info=self.get_session_info()) + setntacl(self.lp, self.tempf, acl, DOM_SID, + self.get_session_info(), use_ntvfs=True) facl = getntacl(self.lp, self.tempf, direct_db_access=False) anysid = security.dom_sid(security.SID_NT_SELF) self.assertEquals(facl.as_sddl(anysid), acl) def test_setntacl_smbd_getntacl_smbd(self): acl = ACL - setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False, - session_info=self.get_session_info()) + setntacl(self.lp, self.tempf, acl, DOM_SID, + self.get_session_info(), use_ntvfs=False) facl = getntacl(self.lp, self.tempf, direct_db_access=False) anysid = security.dom_sid(security.SID_NT_SELF) self.assertEquals(facl.as_sddl(anysid), acl) @@ -158,8 +158,8 @@ class PosixAclMappingTests(SmbdBaseTests): def test_setntacl_smbd_setposixacl_getntacl_smbd(self): acl = ACL simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)" - setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False, - session_info=self.get_session_info()) + setntacl(self.lp, self.tempf, acl, DOM_SID, + self.get_session_info(), use_ntvfs=False) # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info()) facl = getntacl(self.lp, self.tempf, direct_db_access=False) @@ -170,8 +170,8 @@ class PosixAclMappingTests(SmbdBaseTests): acl = ACL BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS) simple_acl_from_posix = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;;0x001f019f;;;S-1-5-21-2212615479-2695158682-2101375467-512)(A;;0x00120089;;;BA)(A;;0x00120089;;;S-1-5-21-2212615479-2695158682-2101375467-513)(A;;;;;WD)" - setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False, - session_info=self.get_session_info()) + setntacl(self.lp, self.tempf, acl, DOM_SID, + self.get_session_info(), use_ntvfs=False) # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code s4_passdb = passdb.PDB(self.lp.get("passdb backend")) (BA_gid, BA_type) = s4_passdb.sid_to_id(BA_sid) @@ -184,16 +184,16 @@ class PosixAclMappingTests(SmbdBaseTests): def test_setntacl_smbd_getntacl_smbd_gpo(self): acl = "O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)S:AI(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)" - setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False, - session_info=self.get_session_info()) + setntacl(self.lp, self.tempf, acl, DOM_SID, + self.get_session_info(), use_ntvfs=False) facl = getntacl(self.lp, self.tempf, direct_db_access=False) domsid = security.dom_sid(DOM_SID) self.assertEquals(facl.as_sddl(domsid), acl) def test_setntacl_getposixacl(self): acl = ACL - setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False, - session_info=self.get_session_info()) + setntacl(self.lp, self.tempf, acl, DOM_SID, + self.get_session_info(), use_ntvfs=False) facl = getntacl(self.lp, self.tempf) anysid = security.dom_sid(security.SID_NT_SELF) self.assertEquals(facl.as_sddl(anysid), acl) @@ -310,8 +310,8 @@ class PosixAclMappingTests(SmbdBaseTests): acl = provision.SYSVOL_ACL domsid = passdb.get_global_sam_sid() session_info = self.get_session_info(domsid) - setntacl(self.lp, self.tempf, acl, str(domsid), use_ntvfs=False, - session_info=session_info) + setntacl(self.lp, self.tempf, acl, str(domsid), + session_info, use_ntvfs=False) facl = getntacl(self.lp, self.tempf) self.assertEquals(facl.as_sddl(domsid), acl) posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS) @@ -454,8 +454,8 @@ class PosixAclMappingTests(SmbdBaseTests): acl = provision.SYSVOL_ACL domsid = passdb.get_global_sam_sid() session_info = self.get_session_info(domsid) - setntacl(self.lp, self.tempdir, acl, str(domsid), use_ntvfs=False, - session_info=session_info) + setntacl(self.lp, self.tempdir, acl, str(domsid), + session_info, use_ntvfs=False) facl = getntacl(self.lp, self.tempdir) self.assertEquals(facl.as_sddl(domsid), acl) posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS) @@ -547,8 +547,8 @@ class PosixAclMappingTests(SmbdBaseTests): acl = provision.POLICIES_ACL domsid = passdb.get_global_sam_sid() session_info = self.get_session_info(domsid) - setntacl(self.lp, self.tempdir, acl, str(domsid), use_ntvfs=False, - session_info=session_info) + setntacl(self.lp, self.tempdir, acl, str(domsid), + session_info, use_ntvfs=False) facl = getntacl(self.lp, self.tempdir) self.assertEquals(facl.as_sddl(domsid), acl) posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS) @@ -653,8 +653,8 @@ class PosixAclMappingTests(SmbdBaseTests): domsid = passdb.get_global_sam_sid() session_info = self.get_session_info(domsid) - setntacl(self.lp, self.tempf, acl, str(domsid), use_ntvfs=False, - session_info=session_info) + setntacl(self.lp, self.tempf, acl, str(domsid), + session_info, use_ntvfs=False) facl = getntacl(self.lp, self.tempf) self.assertEquals(facl.as_sddl(domsid), acl) posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS) diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index a00c11f3fe9..b0cf85613f8 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -686,8 +686,8 @@ static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kw "fname", "security_info_sent", "sd", - "service", "session_info", + "service", NULL }; @@ -703,13 +703,13 @@ static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kw frame = talloc_stackframe(); - if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|zO", + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siOO|z", discard_const_p(char *, kwnames), &fname, &security_info_sent, &py_sd, - &service, - &py_session)) { + &py_session, + &service)) { TALLOC_FREE(frame); return NULL; } @@ -719,21 +719,19 @@ static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kw return NULL; } - if (py_session != Py_None) { - if (!py_check_dcerpc_type(py_session, - "samba.dcerpc.auth", - "session_info")) { - TALLOC_FREE(frame); - return NULL; - } - session_info = pytalloc_get_type(py_session, - struct auth_session_info); - if (!session_info) { - PyErr_Format(PyExc_TypeError, - "Expected auth_session_info for session_info argument got %s", - pytalloc_get_name(py_session)); - return NULL; - } + if (!py_check_dcerpc_type(py_session, + "samba.dcerpc.auth", + "session_info")) { + TALLOC_FREE(frame); + return NULL; + } + session_info = pytalloc_get_type(py_session, + struct auth_session_info); + if (session_info == NULL) { + PyErr_Format(PyExc_TypeError, + "Expected auth_session_info for session_info argument got %s", + pytalloc_get_name(py_session)); + return NULL; } conn = get_conn_tos(service, session_info);