summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-05-07 16:24:03 +1000
committerAndrew Bartlett <abartlet@samba.org>2012-05-08 04:51:59 +0200
commit859aa43f7348e721a6ce0417d300d9db8086fc7b (patch)
treee5472927cc057fc0f90b3f81a1a02974c74d823d /source3/smbd
parent5d4d8fefe28051ace587494bff5e16b4e4211773 (diff)
downloadsamba-859aa43f7348e721a6ce0417d300d9db8086fc7b.tar.gz
samba-859aa43f7348e721a6ce0417d300d9db8086fc7b.tar.bz2
samba-859aa43f7348e721a6ce0417d300d9db8086fc7b.zip
s3-python: Add python bindings for posix ACL layer
This will allow us to check that posix ACLs work in the s4 provision, and avoid --use-s3fs if they do not. Andrew Bartlett
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/pysmbd.c203
1 files changed, 203 insertions, 0 deletions
diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
new file mode 100644
index 0000000000..76167e1477
--- /dev/null
+++ b/source3/smbd/pysmbd.c
@@ -0,0 +1,203 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB NT Security Descriptor / Unix permission conversion.
+ Copyright (C) Jeremy Allison 1994-2009.
+ Copyright (C) Andreas Gruenbacher 2002.
+ Copyright (C) Simo Sorce <idra@samba.org> 2009.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smbd/smbd.h"
+#include <Python.h>
+#include "libcli/util/pyerrors.h"
+
+extern const struct generic_mapping file_generic_mapping;
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_ACLS
+
+static NTSTATUS set_sys_acl_no_snum(const char *fname,
+ SMB_ACL_TYPE_T acltype,
+ SMB_ACL_T theacl)
+{
+ connection_struct *conn;
+ NTSTATUS status = NT_STATUS_OK;
+ int ret;
+
+ conn = talloc_zero(NULL, connection_struct);
+ if (conn == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!(conn->params = talloc(conn, struct share_params))) {
+ DEBUG(0,("get_nt_acl_no_snum: talloc() failed!\n"));
+ TALLOC_FREE(conn);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ conn->params->service = -1;
+
+ set_conn_connectpath(conn, "/");
+
+ smbd_vfs_init(conn);
+
+ ret = SMB_VFS_SYS_ACL_SET_FILE( conn, fname, acltype, theacl);
+ if (ret != 0) {
+ status = map_nt_error_from_unix_common(ret);
+ DEBUG(0,("get_nt_acl_no_snum: fset_nt_acl returned zero.\n"));
+ }
+
+ conn_free(conn);
+
+ return status;
+}
+
+
+static SMB_ACL_T make_simple_acl(uid_t uid, gid_t gid)
+{
+ mode_t mode = SMB_ACL_READ|SMB_ACL_WRITE;
+ mode_t mode0 = 0;
+
+ SMB_ACL_ENTRY_T entry;
+ SMB_ACL_T acl = sys_acl_init(4);
+
+ if (!acl) {
+ return NULL;
+ }
+
+ if (sys_acl_create_entry(&acl, &entry) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_tag_type(entry, SMB_ACL_USER_OBJ) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_permset(entry, &mode) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_create_entry(&acl, &entry) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP_OBJ) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_permset(entry, &mode) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_create_entry(&acl, &entry) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_tag_type(entry, SMB_ACL_OTHER) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_permset(entry, &mode0) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_create_entry(&acl, &entry) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_qualifier(entry, &gid) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_permset(entry, &mode) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_create_entry(&acl, &entry) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_tag_type(entry, SMB_ACL_MASK) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+
+ if (sys_acl_set_permset(entry, &mode0) != 0) {
+ sys_acl_free_acl(acl);
+ return NULL;
+ }
+ return acl;
+}
+
+/*
+ set a simple ACL on a file, as a test
+ */
+static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args)
+{
+ NTSTATUS status;
+ char *fname;
+ int uid, gid;
+ SMB_ACL_T acl;
+
+ if (!PyArg_ParseTuple(args, "sii", &fname, &uid, &gid))
+ return NULL;
+
+ acl = make_simple_acl(uid, gid);
+
+ status = set_sys_acl_no_snum(fname, SMB_ACL_TYPE_ACCESS, acl);
+ sys_acl_free_acl(acl);
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+ Py_RETURN_NONE;
+}
+
+static PyMethodDef py_smbd_methods[] = {
+ { "set_simple_acl",
+ (PyCFunction)py_smbd_set_simple_acl, METH_VARARGS,
+ NULL },
+ { NULL }
+};
+
+void initsmbd(void);
+void initsmbd(void)
+{
+ PyObject *m;
+
+ m = Py_InitModule3("smbd", py_smbd_methods,
+ "Python bindings for the smbd file server.");
+ if (m == NULL)
+ return;
+
+}