diff options
-rw-r--r-- | source4/scripting/python/samba/ntacls.py (renamed from source4/scripting/python/samba/misc.py) | 70 |
1 files changed, 54 insertions, 16 deletions
diff --git a/source4/scripting/python/samba/misc.py b/source4/scripting/python/samba/ntacls.py index b548fbceab..d6226807ce 100644 --- a/source4/scripting/python/samba/misc.py +++ b/source4/scripting/python/samba/ntacls.py @@ -1,7 +1,7 @@ #!/usr/bin/python # Unix SMB/CIFS implementation. -# Copyright (C) Matthieu Patou <mat@matws.net> 2009 +# Copyright (C) Matthieu Patou <mat@matws.net> 2009-2010 # # # This program is free software; you can redistribute it and/or modify @@ -18,25 +18,63 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # - -import samba.xattr +import os +import tdb +import samba.xattr_native, samba.xattr_tdb from samba.dcerpc import security, xattr from samba.ndr import ndr_pack, ndr_unpack - - -def getntacl(file): - attribute = samba.xattr.wrap_getxattr(file,xattr.XATTR_NTACL_NAME) - anysid=security.dom_sid(security.SID_NT_SELF) - ntacl = ndr_unpack(xattr.NTACL,attribute,1) - return ntacl.info.as_sddl(anysid) - -def setntacl(file,sddl): +class XattrBackendError(Exception): + """A generic xattr backend error.""" + +def checkset_backend(lp,backend,eadbfile): + if backend != None: + if backend == "native": + lp.set("posix:eadb","") + elif backend == "tdb": + if eadbfile != None: + lp.set("posix:eadb",eadbfile) + else: + os.path.abspath(os.path.join(lp.get("private dir"),"eadb.tdb")) + else: + raise XattrBackendError("Unvalid xattr backend choice %s"%backend) + +def getntacl(lp,file,backend=None,eadbfile=None): + try: + checkset_backend(lp,backend,eadbfile) + except: + raise + eadbname = lp.get("posix:eadb") + if eadbname != None and eadbname != "" : + attribute = samba.xattr_tdb.wrap_getxattr(eadbname,file,xattr.XATTR_NTACL_NAME) + try: + attribute = samba.xattr_tdb.wrap_getxattr(eadbname,file,xattr.XATTR_NTACL_NAME) + except: + print "Fail to open %s"%eadbname + attribute = samba.xattr_native.wrap_getxattr(file,xattr.XATTR_NTACL_NAME) + else: + attribute = samba.xattr_native.wrap_getxattr(file,xattr.XATTR_NTACL_NAME) + ntacl = ndr_unpack(xattr.NTACL,attribute) + return ntacl + +def setntacl(lp,file,sddl,domsid,backend=None,eadbfile=None): + try: + checkset_backend(lp,backend,eadbfile) + except: + raise ntacl=xattr.NTACL() ntacl.version = 1 - anysid=security.dom_sid(security.SID_NT_SELF) + anysid=security.dom_sid(domsid) sd = security.descriptor.from_sddl(sddl, anysid) ntacl.info = sd - attribute = samba.xattr.wrap_setxattr(file,xattr.XATTR_NTACL_NAME,ndr_pack(ntacl)) + eadbname = lp.get("posix:eadb") + if eadbname != None and eadbname != "": + try: + attribute = samba.xattr_tdb.wrap_setxattr(eadbname,file,xattr.XATTR_NTACL_NAME,ndr_pack(ntacl)) + except: + print "Fail to open %s"%eadbname + attribute = samba.xattr_native.wrap_setxattr(file,xattr.XATTR_NTACL_NAME,ndr_pack(ntacl)) + else: + attribute = samba.xattr_native.wrap_setxattr(file,xattr.XATTR_NTACL_NAME,ndr_pack(ntacl)) # Takes the access mask of a DS ACE and transform them in a File ACE mask def ldapmask2filemask(ldm): @@ -96,8 +134,8 @@ def ldapmask2filemask(ldm): # ACL and return the SDDL representation of this ACL adapted # for files. It's used for Policy object provision -def dsacl2fsacl(dssddl): - anysid = security.dom_sid(security.SID_NT_SELF) +def dsacl2fsacl(dssddl,domsid): + anysid = security.dom_sid(domsid) ref = security.descriptor.from_sddl(dssddl,anysid) fdescr = security.descriptor() fdescr.owner_sid = ref.owner_sid |