summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/scripting/python/samba/netcmd/__init__.py2
-rw-r--r--source4/scripting/python/samba/netcmd/ntacl.py119
-rw-r--r--source4/scripting/python/samba/ntacls.py10
-rw-r--r--source4/utils/config.mk26
-rw-r--r--source4/utils/getntacl.c121
-rw-r--r--source4/utils/setntacl.c28
6 files changed, 126 insertions, 180 deletions
diff --git a/source4/scripting/python/samba/netcmd/__init__.py b/source4/scripting/python/samba/netcmd/__init__.py
index a204ab897b..d6a130c942 100644
--- a/source4/scripting/python/samba/netcmd/__init__.py
+++ b/source4/scripting/python/samba/netcmd/__init__.py
@@ -143,3 +143,5 @@ from samba.netcmd.enableaccount import cmd_enableaccount
commands["enableaccount"] = cmd_enableaccount()
from samba.netcmd.newuser import cmd_newuser
commands["newuser"] = cmd_newuser()
+from samba.netcmd.ntacl import cmd_acl
+commands["acl"] = cmd_acl()
diff --git a/source4/scripting/python/samba/netcmd/ntacl.py b/source4/scripting/python/samba/netcmd/ntacl.py
new file mode 100644
index 0000000000..a96593ef0c
--- /dev/null
+++ b/source4/scripting/python/samba/netcmd/ntacl.py
@@ -0,0 +1,119 @@
+#!/usr/bin/python
+#
+# Manipulate file NT ACLs
+#
+# Copyright Matthieu Patou 2010 <mat@matws.net>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from samba.credentials import DONT_USE_KERBEROS
+import samba.getopt as options
+from samba.dcerpc import security
+from samba.ntacls import setntacl, getntacl
+from samba import Ldb
+from samba.ndr import ndr_unpack
+
+from ldb import SCOPE_BASE
+import ldb
+import os
+import sys
+
+from samba.auth import system_session
+from samba.netcmd import (
+ Command,
+ SuperCommand,
+ CommandError,
+ Option,
+ )
+
+class cmd_acl_set(Command):
+ """Set ACLs on a file"""
+ synopsis = "%prog set <acl> <file> [--xattr-backend=native|tdb] [--eadb-file=file] [options]"
+
+ takes_optiongroups = {
+ "sambaopts": options.SambaOptions,
+ "credopts": options.CredentialsOptions,
+ "versionopts": options.VersionOptions,
+ }
+
+ takes_options = [
+ Option("--quiet", help="Be quiet", action="store_true"),
+ Option("--xattr-backend", type="choice", help="xattr backend type (native fs or tdb)",
+ choices=["native","tdb"]),
+ Option("--eadb-file", help="Name of the tdb file where attributes are stored", type="string"),
+ ]
+
+ takes_args = ["acl","file"]
+
+ def run(self, acl, file, quiet=False,xattr_backend=None,eadb_file=None,
+ credopts=None, sambaopts=None, versionopts=None):
+ lp = sambaopts.get_loadparm()
+ creds = credopts.get_credentials(lp)
+ path = os.path.join(lp.get("private dir"), lp.get("sam database") or "samdb.ldb")
+ creds = credopts.get_credentials(lp)
+ creds.set_kerberos_state(DONT_USE_KERBEROS)
+ try:
+ ldb = Ldb(path, session_info=system_session(), credentials=creds,lp=lp)
+ except:
+ print "Unable to read domain SID from configuration files"
+ sys.exit(1)
+ attrs = ["objectSid"]
+ print lp.get("realm")
+ res = ldb.search(expression="(objectClass=*)",base="DC=%s"%lp.get("realm").lower().replace(".",",DC="), scope=SCOPE_BASE, attrs=attrs)
+ if len(res) !=0:
+ domainsid = ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
+ setntacl(lp,file,acl,str(domainsid),xattr_backend,eadb_file)
+ else:
+ print "Unable to read domain SID from configuration files"
+ sys.exit(1)
+
+class cmd_acl_get(Command):
+ """Set ACLs on a file"""
+ synopsis = "%prog get <file> [--as-sddl] [--xattr-backend=native|tdb] [--eadb-file=file] [options]"
+
+ takes_optiongroups = {
+ "sambaopts": options.SambaOptions,
+ "credopts": options.CredentialsOptions,
+ "versionopts": options.VersionOptions,
+ }
+
+ takes_options = [
+ Option("--as-sddl", help="Output ACL in the SDDL format", action="store_true"),
+ Option("--xattr-backend", type="choice", help="xattr backend type (native fs or tdb)",
+ choices=["native","tdb"]),
+ Option("--eadb-file", help="Name of the tdb file where attributes are stored", type="string"),
+ ]
+
+ takes_args = ["file"]
+
+ def run(self, file, as_sddl=False,xattr_backend=None,eadb_file=None,
+ credopts=None, sambaopts=None, versionopts=None):
+ lp = sambaopts.get_loadparm()
+ creds = credopts.get_credentials(lp)
+ acl = getntacl(lp,file,xattr_backend,eadb_file)
+ if as_sddl:
+ anysid=security.dom_sid(security.SID_NT_SELF)
+ print acl.info.as_sddl(anysid)
+ else:
+ acl.dump()
+
+
+class cmd_acl(SuperCommand):
+ """NT ACLs manipulation"""
+
+ subcommands = {}
+ subcommands["set"] = cmd_acl_set()
+ subcommands["get"] = cmd_acl_get()
+
diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py
index d6226807ce..15f310b27d 100644
--- a/source4/scripting/python/samba/ntacls.py
+++ b/source4/scripting/python/samba/ntacls.py
@@ -63,8 +63,8 @@ def setntacl(lp,file,sddl,domsid,backend=None,eadbfile=None):
raise
ntacl=xattr.NTACL()
ntacl.version = 1
- anysid=security.dom_sid(domsid)
- sd = security.descriptor.from_sddl(sddl, anysid)
+ sid=security.dom_sid(domsid)
+ sd = security.descriptor.from_sddl(sddl, sid)
ntacl.info = sd
eadbname = lp.get("posix:eadb")
if eadbname != None and eadbname != "":
@@ -135,8 +135,8 @@ def ldapmask2filemask(ldm):
# for files. It's used for Policy object provision
def dsacl2fsacl(dssddl,domsid):
- anysid = security.dom_sid(domsid)
- ref = security.descriptor.from_sddl(dssddl,anysid)
+ sid = security.dom_sid(domsid)
+ ref = security.descriptor.from_sddl(dssddl,sid)
fdescr = security.descriptor()
fdescr.owner_sid = ref.owner_sid
fdescr.group_sid = ref.group_sid
@@ -155,4 +155,4 @@ def dsacl2fsacl(dssddl,domsid):
ace.access_mask = ldapmask2filemask(ace.access_mask)
fdescr.dacl_add(ace)
- return fdescr.as_sddl(anysid)
+ return fdescr.as_sddl(sid)
diff --git a/source4/utils/config.mk b/source4/utils/config.mk
index 5fa7e200f0..dcf1bdf2d0 100644
--- a/source4/utils/config.mk
+++ b/source4/utils/config.mk
@@ -23,33 +23,7 @@ ntlm_auth_OBJ_FILES = $(utilssrcdir)/ntlm_auth.o
MANPAGES += $(utilssrcdir)/man/ntlm_auth.1
-#################################
-# Start BINARY getntacl
-[BINARY::getntacl]
-INSTALLDIR = BINDIR
-PRIVATE_DEPENDENCIES = \
- LIBSAMBA-HOSTCONFIG \
- LIBSAMBA-UTIL \
- NDR_XATTR \
- WRAP_XATTR \
- LIBSAMBA-ERRORS
-
-getntacl_OBJ_FILES = $(utilssrcdir)/getntacl.o
-
-# End BINARY getntacl
-#################################
-
-MANPAGES += $(utilssrcdir)/man/getntacl.1
-
-#################################
-# Start BINARY setntacl
-[BINARY::setntacl]
-# disabled until rewritten
-#INSTALLDIR = BINDIR
-# End BINARY setntacl
-#################################
-setntacl_OBJ_FILES = $(utilssrcdir)/setntacl.o
#################################
# Start BINARY setnttoken
diff --git a/source4/utils/getntacl.c b/source4/utils/getntacl.c
deleted file mode 100644
index f26c87bd85..0000000000
--- a/source4/utils/getntacl.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Get NT ACLs from UNIX files.
-
- Copyright (C) Tim Potter <tpot@samba.org> 2005
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "system/filesys.h"
-#include "librpc/gen_ndr/ndr_xattr.h"
-#include "../lib/util/wrap_xattr.h"
-#include "param/param.h"
-
-static void ntacl_print_debug_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
-
-static void ntacl_print_debug_helper(struct ndr_print *ndr, const char *format, ...)
-{
- va_list ap;
- char *s = NULL;
- int i;
-
- va_start(ap, format);
- vasprintf(&s, format, ap);
- va_end(ap);
-
- for (i=0;i<ndr->depth;i++) {
- printf(" ");
- }
-
- printf("%s\n", s);
- free(s);
-}
-
-static NTSTATUS get_ntacl(TALLOC_CTX *mem_ctx,
- char *filename,
- struct xattr_NTACL **ntacl,
- ssize_t *ntacl_len)
-{
- DATA_BLOB blob;
- ssize_t size;
- enum ndr_err_code ndr_err;
- struct ndr_pull *ndr;
-
- *ntacl = talloc(mem_ctx, struct xattr_NTACL);
-
- size = wrap_getxattr(filename, XATTR_NTACL_NAME, NULL, 0);
-
- if (size < 0) {
- fprintf(stderr, "get_ntacl: %s\n", strerror(errno));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- blob.data = talloc_array(*ntacl, uint8_t, size);
- size = wrap_getxattr(filename, XATTR_NTACL_NAME, blob.data, size);
- if (size < 0) {
- fprintf(stderr, "get_ntacl: %s\n", strerror(errno));
- return NT_STATUS_INTERNAL_ERROR;
- }
- blob.length = size;
-
- ndr = ndr_pull_init_blob(&blob, NULL, NULL);
-
- ndr_err = ndr_pull_xattr_NTACL(ndr, NDR_SCALARS|NDR_BUFFERS, *ntacl);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- return ndr_map_error2ntstatus(ndr_err);
- }
-
- return NT_STATUS_OK;
-}
-
-static void print_ntacl(TALLOC_CTX *mem_ctx,
- const char *fname,
- struct xattr_NTACL *ntacl)
-{
- struct ndr_print *pr;
-
- pr = talloc_zero(mem_ctx, struct ndr_print);
- if (!pr) return;
- pr->print = ntacl_print_debug_helper;
-
- ndr_print_xattr_NTACL(pr, fname, ntacl);
- talloc_free(pr);
-}
-
-int main(int argc, char *argv[])
-{
- NTSTATUS status;
- struct xattr_NTACL *ntacl;
- ssize_t ntacl_len;
-
- if (argc != 2) {
- fprintf(stderr, "Usage: getntacl FILENAME\n");
- return 1;
- }
-
- status = get_ntacl(NULL, argv[1], &ntacl, &ntacl_len);
- if (!NT_STATUS_IS_OK(status)) {
- fprintf(stderr, "get_ntacl failed: %s\n", nt_errstr(status));
- return 1;
- }
-
- print_ntacl(ntacl, argv[1], ntacl);
-
- talloc_free(ntacl);
-
- return 0;
-}
diff --git a/source4/utils/setntacl.c b/source4/utils/setntacl.c
deleted file mode 100644
index 3a008a4c37..0000000000
--- a/source4/utils/setntacl.c
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- Set NT ACLs on UNIX files.
-
- Copyright (C) Tim Potter <tpot@samba.org> 2004
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-
-int main(int argc, char **argv)
-{
- printf("This utility disabled until rewritten\n");
- return 1;
-}