From: Ralph Boehme Date: Tue, 17 Dec 2019 13:13:30 +0000 (+0100) Subject: pysmbd: add "session_info" arg to py_smbd_set_simple_acl() X-Git-Tag: ldb-2.1.0~165 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6d40e6f9c022c5e571255cd4ff248d5a188b45f;p=thirdparty%2Fsamba.git pysmbd: add "session_info" arg to py_smbd_set_simple_acl() Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher --- diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py index 217840989aa..152e1923e83 100644 --- a/python/samba/provision/__init__.py +++ b/python/samba/provision/__init__.py @@ -46,6 +46,7 @@ import samba.dsdb import ldb from samba.auth import system_session, admin_session +from samba.auth_util import system_session_unix import samba from samba import auth from samba.samba3 import smbd, passdb @@ -1694,7 +1695,7 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain, file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol)) try: try: - smbd.set_simple_acl(file.name, 0o755, gid) + smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid) except OSError: if not smbd.have_posix_acls(): # This clue is only strictly correct for RPM and diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py index 0c95d9061fe..c6030024651 100644 --- a/python/samba/tests/posixacl.py +++ b/python/samba/tests/posixacl.py @@ -86,7 +86,7 @@ class PosixAclMappingTests(SmbdBaseTests): session_info=self.get_session_info()) # This will invalidate the ACL, as we have a hook! - smbd.set_simple_acl(self.tempf, 0o640) + smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info()) # However, this only asks the xattr self.assertRaises( @@ -161,7 +161,7 @@ class PosixAclMappingTests(SmbdBaseTests): setntacl(self.lp, self.tempf, acl, DOM_SID, use_ntvfs=False, session_info=self.get_session_info()) # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code - smbd.set_simple_acl(self.tempf, 0o640) + smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info()) facl = getntacl(self.lp, self.tempf, direct_db_access=False) anysid = security.dom_sid(security.SID_NT_SELF) self.assertEquals(simple_acl_from_posix, facl.as_sddl(anysid)) @@ -175,7 +175,7 @@ class PosixAclMappingTests(SmbdBaseTests): # This invalidates the hash of the NT acl just set because there is a hook in the posix ACL set code s4_passdb = passdb.PDB(self.lp.get("passdb backend")) (BA_gid, BA_type) = s4_passdb.sid_to_id(BA_sid) - smbd.set_simple_acl(self.tempf, 0o640, BA_gid) + smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info(), BA_gid) # This should re-calculate an ACL based on the posix details facl = getntacl(self.lp, self.tempf, direct_db_access=False) @@ -200,7 +200,7 @@ class PosixAclMappingTests(SmbdBaseTests): posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS) def test_setposixacl_getntacl(self): - smbd.set_simple_acl(self.tempf, 0o750) + smbd.set_simple_acl(self.tempf, 0o750, self.get_session_info()) # We don't expect the xattr to be filled in in this case self.assertRaises(TypeError, getntacl, self.lp, self.tempf) @@ -208,7 +208,7 @@ class PosixAclMappingTests(SmbdBaseTests): s4_passdb = passdb.PDB(self.lp.get("passdb backend")) group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid) user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid) - smbd.set_simple_acl(self.tempf, 0o640) + smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info()) facl = getntacl(self.lp, self.tempf, direct_db_access=False) acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID) anysid = security.dom_sid(security.SID_NT_SELF) @@ -225,7 +225,7 @@ class PosixAclMappingTests(SmbdBaseTests): (SO_id, SO_type) = s4_passdb.sid_to_id(SO_sid) self.assertEquals(SO_type, idmap.ID_TYPE_BOTH) smbd.chown(self.tempdir, BA_id, SO_id) - smbd.set_simple_acl(self.tempdir, 0o750) + smbd.set_simple_acl(self.tempdir, 0o750, self.get_session_info()) facl = getntacl(self.lp, self.tempdir, direct_db_access=False) acl = "O:BAG:SOD:(A;;0x001f01ff;;;BA)(A;;0x001200a9;;;SO)(A;;;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)" @@ -239,7 +239,7 @@ class PosixAclMappingTests(SmbdBaseTests): group_SID = s4_passdb.gid_to_sid(os.stat(self.tempf).st_gid) user_SID = s4_passdb.uid_to_sid(os.stat(self.tempf).st_uid) self.assertEquals(BA_type, idmap.ID_TYPE_BOTH) - smbd.set_simple_acl(self.tempf, 0o640, BA_gid) + smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info(), BA_gid) facl = getntacl(self.lp, self.tempf, direct_db_access=False) domsid = passdb.get_global_sam_sid() acl = "O:%sG:%sD:(A;;0x001f019f;;;%s)(A;;0x00120089;;;BA)(A;;0x00120089;;;%s)(A;;;;;WD)" % (user_SID, group_SID, user_SID, group_SID) @@ -247,7 +247,7 @@ class PosixAclMappingTests(SmbdBaseTests): self.assertEquals(acl, facl.as_sddl(anysid)) def test_setposixacl_getposixacl(self): - smbd.set_simple_acl(self.tempf, 0o640) + smbd.set_simple_acl(self.tempf, 0o640, self.get_session_info()) posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS) self.assertEquals(posix_acl.count, 4, self.print_posix_acl(posix_acl)) @@ -264,7 +264,7 @@ class PosixAclMappingTests(SmbdBaseTests): self.assertEquals(posix_acl.acl[3].a_perm, 7) def test_setposixacl_dir_getposixacl(self): - smbd.set_simple_acl(self.tempdir, 0o750) + smbd.set_simple_acl(self.tempdir, 0o750, self.get_session_info()) posix_acl = smbd.get_sys_acl(self.tempdir, smb_acl.SMB_ACL_TYPE_ACCESS) self.assertEquals(posix_acl.count, 4, self.print_posix_acl(posix_acl)) @@ -285,7 +285,7 @@ class PosixAclMappingTests(SmbdBaseTests): s4_passdb = passdb.PDB(self.lp.get("passdb backend")) (BA_gid, BA_type) = s4_passdb.sid_to_id(BA_sid) self.assertEquals(BA_type, idmap.ID_TYPE_BOTH) - smbd.set_simple_acl(self.tempf, 0o670, BA_gid) + smbd.set_simple_acl(self.tempf, 0o670, self.get_session_info(), BA_gid) posix_acl = smbd.get_sys_acl(self.tempf, smb_acl.SMB_ACL_TYPE_ACCESS) self.assertEquals(posix_acl.count, 5, self.print_posix_acl(posix_acl)) diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index 5bb35fcfd91..ea062a5a7e8 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -427,25 +427,43 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject const char * const kwnames[] = { "fname", "mode", + "session_info", "gid", "service", NULL }; char *fname, *service = NULL; + PyObject *py_session = Py_None; + struct auth_session_info *session_info = NULL; int ret; int mode, gid = -1; SMB_ACL_T acl; TALLOC_CTX *frame; connection_struct *conn; - if (!PyArg_ParseTupleAndKeywords(args, kwargs, "si|iz", + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz", discard_const_p(char *, kwnames), &fname, &mode, + &py_session, &gid, &service)) return NULL; + if (!py_check_dcerpc_type(py_session, + "samba.dcerpc.auth", + "session_info")) { + return NULL; + } + session_info = pytalloc_get_type(py_session, + struct auth_session_info); + if (session_info == NULL) { + PyErr_Format(PyExc_TypeError, + "Expected auth_session_info for session_info argument got %s", + pytalloc_get_name(py_session)); + return NULL; + } + frame = talloc_stackframe(); acl = make_simple_acl(frame, gid, mode); @@ -454,7 +472,7 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject return NULL; } - conn = get_conn_tos(service, NULL); + conn = get_conn_tos(service, session_info); if (!conn) { TALLOC_FREE(frame); return NULL;