search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3/torture: use stack buffer for rbtree loop
[Samba.git] / source3 / smbd / pysmbd.c
blobdd4a70ca256992d75101871e72db9289161a885b
1 /*
2 Unix SMB/CIFS implementation.
3 Set NT and POSIX ACLs and other VFS operations from Python
4
5 Copyrigyt (C) Andrew Bartlett 2012
6 Copyright (C) Jeremy Allison 1994-2009.
7 Copyright (C) Andreas Gruenbacher 2002.
8 Copyright (C) Simo Sorce <idra@samba.org> 2009.
9 Copyright (C) Simo Sorce 2002
10 Copyright (C) Eric Lorimer 2002
11
12 This program is free software; you can redistribute it and/or modify
13 it under the terms of the GNU General Public License as published by
14 the Free Software Foundation; either version 3 of the License, or
15 (at your option) any later version.
16
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License for more details.
21
22 You should have received a copy of the GNU General Public License
23 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 */
25
26 #include <Python.h>
27 #include "includes.h"
28 #include "python/py3compat.h"
29 #include "python/modules.h"
30 #include "smbd/smbd.h"
31 #include "libcli/util/pyerrors.h"
32 #include "librpc/rpc/pyrpc_util.h"
33 #include <pytalloc.h>
34 #include "system/filesys.h"
35 #include "passdb.h"
36 #include "secrets.h"
37 #include "auth.h"
38
39 extern const struct generic_mapping file_generic_mapping;
40
41 #undef DBGC_CLASS
42 #define DBGC_CLASS DBGC_ACLS
43
44 #ifdef O_DIRECTORY
45 #define DIRECTORY_FLAGS O_RDONLY|O_DIRECTORY
46 #else
47 /* POSIX allows us to open a directory with O_RDONLY. */
48 #define DIRECTORY_FLAGS O_RDONLY
49 #endif
50
51
52 static connection_struct *get_conn_tos(
53 const char *service,
54 const struct auth_session_info *session_info)
55 {
56 struct conn_struct_tos *c = NULL;
57 int snum = -1;
58 NTSTATUS status;
59 char *cwd = NULL;
60 struct smb_filename cwd_fname = {0};
61 int ret;
62
63 if (!posix_locking_init(false)) {
64 PyErr_NoMemory();
65 return NULL;
66 }
67
68 if (service) {
69 snum = lp_servicenumber(service);
70 if (snum == -1) {
71 PyErr_SetString(PyExc_RuntimeError, "unknown service");
72 return NULL;
73 }
74 }
75
76 /*
77 * Make sure that session unix info is filled,
78 * which is required by vfs operations.
79 */
80 if (session_info->unix_info == NULL) {
81 PyErr_SetString(PyExc_RuntimeError,
82 "Session unix info not initialized");
83 return NULL;
84 }
85 if (session_info->unix_info->unix_name == NULL) {
86 PyErr_SetString(PyExc_RuntimeError,
87 "Session unix info not available");
88 return NULL;
89 }
90
91 status = create_conn_struct_tos(NULL,
92 snum,
93 "/",
94 session_info,
95 &c);
96 PyErr_NTSTATUS_IS_ERR_RAISE(status);
97
98 /* Ignore read-only and share restrictions */
99 c->conn->read_only = false;
100 c->conn->share_access = SEC_RIGHTS_FILE_ALL;
101
102 /* Provided by libreplace if not present. Always mallocs. */
103 cwd = get_current_dir_name();
104 if (cwd == NULL) {
105 PyErr_NoMemory();
106 return NULL;
107 }
108
109 cwd_fname.base_name = cwd;
110 /*
111 * We need to call vfs_ChDir() to initialize
112 * conn->cwd_fsp correctly. Change directory
113 * to current directory (so no change for process).
114 */
115 ret = vfs_ChDir(c->conn, &cwd_fname);
116 if (ret != 0) {
117 status = map_nt_error_from_unix(errno);
118 SAFE_FREE(cwd);
119 PyErr_NTSTATUS_IS_ERR_RAISE(status);
120 }
121
122 SAFE_FREE(cwd);
123
124 return c->conn;
125 }
126
127 static int set_sys_acl_conn(const char *fname,
128 SMB_ACL_TYPE_T acltype,
129 SMB_ACL_T theacl, connection_struct *conn)
130 {
131 int ret;
132 struct smb_filename *smb_fname = NULL;
133
134 TALLOC_CTX *frame = talloc_stackframe();
135
136 smb_fname = synthetic_smb_fname_split(frame,
137 fname,
138 lp_posix_pathnames());
139 if (smb_fname == NULL) {
140 TALLOC_FREE(frame);
141 return -1;
142 }
143
144 ret = SMB_VFS_SYS_ACL_SET_FILE( conn, smb_fname, acltype, theacl);
145
146 TALLOC_FREE(frame);
147 return ret;
148 }
149
150
151 static NTSTATUS init_files_struct(TALLOC_CTX *mem_ctx,
152 const char *fname,
153 struct connection_struct *conn,
154 int flags,
155 struct files_struct **_fsp)
156 {
157 struct smb_filename *smb_fname = NULL;
158 int ret;
159 mode_t saved_umask;
160 struct files_struct *fsp;
161 struct files_struct *fspcwd = NULL;
162 NTSTATUS status;
163
164 fsp = talloc_zero(mem_ctx, struct files_struct);
165 if (fsp == NULL) {
166 return NT_STATUS_NO_MEMORY;
167 }
168 fsp->fh = talloc(fsp, struct fd_handle);
169 if (fsp->fh == NULL) {
170 return NT_STATUS_NO_MEMORY;
171 }
172 fsp->conn = conn;
173
174 smb_fname = synthetic_smb_fname_split(fsp,
175 fname,
176 lp_posix_pathnames());
177 if (smb_fname == NULL) {
178 return NT_STATUS_NO_MEMORY;
179 }
180
181 fsp->fsp_name = smb_fname;
182
183 status = vfs_at_fspcwd(fsp, conn, &fspcwd);
184 if (!NT_STATUS_IS_OK(status)) {
185 return status;
186 }
187
188 /*
189 * we want total control over the permissions on created files,
190 * so set our umask to 0 (this matters if flags contains O_CREAT)
191 */
192 saved_umask = umask(0);
193
194 fsp->fh->fd = SMB_VFS_OPENAT(conn,
195 fspcwd,
196 smb_fname,
197 fsp,
198 flags,
199 00644);
200
201 umask(saved_umask);
202
203 if (fsp->fh->fd == -1) {
204 int err = errno;
205 if (err == ENOENT) {
206 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
207 }
208 return NT_STATUS_INVALID_PARAMETER;
209 }
210
211 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
212 if (ret == -1) {
213 /* If we have an fd, this stat should succeed. */
214 DEBUG(0,("Error doing fstat on open file %s (%s)\n",
215 smb_fname_str_dbg(smb_fname),
216 strerror(errno) ));
217 return map_nt_error_from_unix(errno);
218 }
219
220 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
221 fsp->vuid = UID_FIELD_INVALID;
222 fsp->file_pid = 0;
223 fsp->fsp_flags.can_lock = true;
224 fsp->fsp_flags.can_read = true;
225 fsp->fsp_flags.can_write = true;
226 fsp->print_file = NULL;
227 fsp->fsp_flags.modified = false;
228 fsp->sent_oplock_break = NO_BREAK_SENT;
229 fsp->fsp_flags.is_directory = S_ISDIR(smb_fname->st.st_ex_mode);
230
231 *_fsp = fsp;
232
233 return NT_STATUS_OK;
234 }
235
236 static NTSTATUS set_nt_acl_conn(const char *fname,
237 uint32_t security_info_sent, const struct security_descriptor *sd,
238 connection_struct *conn)
239 {
240 TALLOC_CTX *frame = talloc_stackframe();
241 struct files_struct *fsp = NULL;
242 NTSTATUS status = NT_STATUS_OK;
243
244 /* first, try to open it as a file with flag O_RDWR */
245 status = init_files_struct(frame,
246 fname,
247 conn,
248 O_RDWR,
249 &fsp);
250 if (!NT_STATUS_IS_OK(status) && errno == EISDIR) {
251 /* if fail, try to open as dir */
252 status = init_files_struct(frame,
253 fname,
254 conn,
255 DIRECTORY_FLAGS,
256 &fsp);
257 }
258
259 if (!NT_STATUS_IS_OK(status)) {
260 DBG_ERR("init_files_struct failed: %s\n",
261 nt_errstr(status));
262 if (fsp != NULL) {
263 SMB_VFS_CLOSE(fsp);
264 }
265 TALLOC_FREE(frame);
266 return status;
267 }
268
269 status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, sd);
270 if (!NT_STATUS_IS_OK(status)) {
271 DEBUG(0,("set_nt_acl_no_snum: fset_nt_acl returned %s.\n", nt_errstr(status)));
272 }
273
274 SMB_VFS_CLOSE(fsp);
275
276 TALLOC_FREE(frame);
277 return status;
278 }
279
280 static NTSTATUS get_nt_acl_conn(TALLOC_CTX *mem_ctx,
281 const char *fname,
282 connection_struct *conn,
283 uint32_t security_info_wanted,
284 struct security_descriptor **sd)
285 {
286 TALLOC_CTX *frame = talloc_stackframe();
287 NTSTATUS status;
288 struct smb_filename *smb_fname = synthetic_smb_fname(talloc_tos(),
289 fname,
290 NULL,
291 NULL,
292 0,
293 lp_posix_pathnames() ?
294 SMB_FILENAME_POSIX_PATH : 0);
295
296 if (smb_fname == NULL) {
297 TALLOC_FREE(frame);
298 return NT_STATUS_NO_MEMORY;
299 }
300
301 status = SMB_VFS_GET_NT_ACL_AT(conn,
302 conn->cwd_fsp,
303 smb_fname,
304 security_info_wanted,
305 mem_ctx,
306 sd);
307 if (!NT_STATUS_IS_OK(status)) {
308 DBG_ERR("get_nt_acl_at returned %s.\n",
309 nt_errstr(status));
310 }
311
312 TALLOC_FREE(frame);
313
314 return status;
315 }
316
317 static int set_acl_entry_perms(SMB_ACL_ENTRY_T entry, mode_t perm_mask)
318 {
319 SMB_ACL_PERMSET_T perms = NULL;
320
321 if (sys_acl_get_permset(entry, &perms) != 0) {
322 return -1;
323 }
324
325 if (sys_acl_clear_perms(perms) != 0) {
326 return -1;
327 }
328
329 if ((perm_mask & SMB_ACL_READ) != 0 &&
330 sys_acl_add_perm(perms, SMB_ACL_READ) != 0) {
331 return -1;
332 }
333
334 if ((perm_mask & SMB_ACL_WRITE) != 0 &&
335 sys_acl_add_perm(perms, SMB_ACL_WRITE) != 0) {
336 return -1;
337 }
338
339 if ((perm_mask & SMB_ACL_EXECUTE) != 0 &&
340 sys_acl_add_perm(perms, SMB_ACL_EXECUTE) != 0) {
341 return -1;
342 }
343
344 if (sys_acl_set_permset(entry, perms) != 0) {
345 return -1;
346 }
347
348 return 0;
349 }
350
351 static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx,
352 gid_t gid,
353 mode_t chmod_mode)
354 {
355 mode_t mode = SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE;
356
357 mode_t mode_user = (chmod_mode & 0700) >> 6;
358 mode_t mode_group = (chmod_mode & 070) >> 3;
359 mode_t mode_other = chmod_mode & 07;
360 SMB_ACL_ENTRY_T entry;
361 SMB_ACL_T acl = sys_acl_init(mem_ctx);
362
363 if (!acl) {
364 return NULL;
365 }
366
367 if (sys_acl_create_entry(&acl, &entry) != 0) {
368 TALLOC_FREE(acl);
369 return NULL;
370 }
371
372 if (sys_acl_set_tag_type(entry, SMB_ACL_USER_OBJ) != 0) {
373 TALLOC_FREE(acl);
374 return NULL;
375 }
376
377 if (set_acl_entry_perms(entry, mode_user) != 0) {
378 TALLOC_FREE(acl);
379 return NULL;
380 }
381
382 if (sys_acl_create_entry(&acl, &entry) != 0) {
383 TALLOC_FREE(acl);
384 return NULL;
385 }
386
387 if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP_OBJ) != 0) {
388 TALLOC_FREE(acl);
389 return NULL;
390 }
391
392 if (set_acl_entry_perms(entry, mode_group) != 0) {
393 TALLOC_FREE(acl);
394 return NULL;
395 }
396
397 if (sys_acl_create_entry(&acl, &entry) != 0) {
398 TALLOC_FREE(acl);
399 return NULL;
400 }
401
402 if (sys_acl_set_tag_type(entry, SMB_ACL_OTHER) != 0) {
403 TALLOC_FREE(acl);
404 return NULL;
405 }
406
407 if (set_acl_entry_perms(entry, mode_other) != 0) {
408 TALLOC_FREE(acl);
409 return NULL;
410 }
411
412 if (gid != -1) {
413 if (sys_acl_create_entry(&acl, &entry) != 0) {
414 TALLOC_FREE(acl);
415 return NULL;
416 }
417
418 if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP) != 0) {
419 TALLOC_FREE(acl);
420 return NULL;
421 }
422
423 if (sys_acl_set_qualifier(entry, &gid) != 0) {
424 TALLOC_FREE(acl);
425 return NULL;
426 }
427
428 if (set_acl_entry_perms(entry, mode_group) != 0) {
429 TALLOC_FREE(acl);
430 return NULL;
431 }
432 }
433
434 if (sys_acl_create_entry(&acl, &entry) != 0) {
435 TALLOC_FREE(acl);
436 return NULL;
437 }
438
439 if (sys_acl_set_tag_type(entry, SMB_ACL_MASK) != 0) {
440 TALLOC_FREE(acl);
441 return NULL;
442 }
443
444 if (set_acl_entry_perms(entry, mode) != 0) {
445 TALLOC_FREE(acl);
446 return NULL;
447 }
448
449 return acl;
450 }
451
452 /*
453 set a simple ACL on a file, as a test
454 */
455 static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject *kwargs)
456 {
457 const char * const kwnames[] = {
458 "fname",
459 "mode",
460 "session_info",
461 "gid",
462 "service",
463 NULL
464 };
465 char *fname, *service = NULL;
466 PyObject *py_session = Py_None;
467 struct auth_session_info *session_info = NULL;
468 int ret;
469 int mode, gid = -1;
470 SMB_ACL_T acl;
471 TALLOC_CTX *frame;
472 connection_struct *conn;
473
474 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz",
475 discard_const_p(char *, kwnames),
476 &fname,
477 &mode,
478 &py_session,
479 &gid,
480 &service))
481 return NULL;
482
483 if (!py_check_dcerpc_type(py_session,
484 "samba.dcerpc.auth",
485 "session_info")) {
486 return NULL;
487 }
488 session_info = pytalloc_get_type(py_session,
489 struct auth_session_info);
490 if (session_info == NULL) {
491 PyErr_Format(PyExc_TypeError,
492 "Expected auth_session_info for session_info argument got %s",
493 pytalloc_get_name(py_session));
494 return NULL;
495 }
496
497 frame = talloc_stackframe();
498
499 acl = make_simple_acl(frame, gid, mode);
500 if (acl == NULL) {
501 TALLOC_FREE(frame);
502 return NULL;
503 }
504
505 conn = get_conn_tos(service, session_info);
506 if (!conn) {
507 TALLOC_FREE(frame);
508 return NULL;
509 }
510
511 ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn);
512
513 if (ret != 0) {
514 TALLOC_FREE(frame);
515 errno = ret;
516 return PyErr_SetFromErrno(PyExc_OSError);
517 }
518
519 TALLOC_FREE(frame);
520
521 Py_RETURN_NONE;
522 }
523
524 /*
525 chown a file
526 */
527 static PyObject *py_smbd_chown(PyObject *self, PyObject *args, PyObject *kwargs)
528 {
529 const char * const kwnames[] = {
530 "fname",
531 "uid",
532 "gid",
533 "session_info",
534 "service",
535 NULL
536 };
537 connection_struct *conn;
538 int ret;
539 NTSTATUS status;
540 char *fname, *service = NULL;
541 PyObject *py_session = Py_None;
542 struct auth_session_info *session_info = NULL;
543 int uid, gid;
544 TALLOC_CTX *frame;
545 struct files_struct *fsp = NULL;
546
547 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siiO|z",
548 discard_const_p(char *, kwnames),
549 &fname,
550 &uid,
551 &gid,
552 &py_session,
553 &service))
554 return NULL;
555
556 if (!py_check_dcerpc_type(py_session,
557 "samba.dcerpc.auth",
558 "session_info")) {
559 return NULL;
560 }
561 session_info = pytalloc_get_type(py_session,
562 struct auth_session_info);
563 if (session_info == NULL) {
564 PyErr_Format(PyExc_TypeError,
565 "Expected auth_session_info for session_info argument got %s",
566 pytalloc_get_name(py_session));
567 return NULL;
568 }
569
570 frame = talloc_stackframe();
571
572 conn = get_conn_tos(service, session_info);
573 if (!conn) {
574 TALLOC_FREE(frame);
575 return NULL;
576 }
577
578 /* first, try to open it as a file with flag O_RDWR */
579 status = init_files_struct(frame,
580 fname,
581 conn,
582 O_RDWR,
583 &fsp);
584 if (!NT_STATUS_IS_OK(status) && errno == EISDIR) {
585 /* if fail, try to open as dir */
586 status = init_files_struct(frame,
587 fname,
588 conn,
589 DIRECTORY_FLAGS,
590 &fsp);
591 }
592
593 if (!NT_STATUS_IS_OK(status)) {
594 DBG_ERR("init_files_struct failed: %s\n",
595 nt_errstr(status));
596 if (fsp != NULL) {
597 SMB_VFS_CLOSE(fsp);
598 }
599 TALLOC_FREE(frame);
600 /*
601 * The following macro raises a python
602 * error then returns NULL.
603 */
604 PyErr_NTSTATUS_IS_ERR_RAISE(status);
605 }
606
607 ret = SMB_VFS_FCHOWN(fsp, uid, gid);
608 if (ret != 0) {
609 int saved_errno = errno;
610 SMB_VFS_CLOSE(fsp);
611 TALLOC_FREE(frame);
612 errno = saved_errno;
613 return PyErr_SetFromErrno(PyExc_OSError);
614 }
615
616 SMB_VFS_CLOSE(fsp);
617 TALLOC_FREE(frame);
618
619 Py_RETURN_NONE;
620 }
621
622 /*
623 unlink a file
624 */
625 static PyObject *py_smbd_unlink(PyObject *self, PyObject *args, PyObject *kwargs)
626 {
627 const char * const kwnames[] = {
628 "fname",
629 "session_info",
630 "service",
631 NULL
632 };
633 connection_struct *conn;
634 int ret;
635 struct smb_filename *smb_fname = NULL;
636 PyObject *py_session = Py_None;
637 struct auth_session_info *session_info = NULL;
638 char *fname, *service = NULL;
639 TALLOC_CTX *frame;
640
641 frame = talloc_stackframe();
642
643 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO|z",
644 discard_const_p(char *, kwnames),
645 &fname,
646 &py_session ,
647 &service)) {
648 TALLOC_FREE(frame);
649 return NULL;
650 }
651
652 if (!py_check_dcerpc_type(py_session,
653 "samba.dcerpc.auth",
654 "session_info")) {
655 TALLOC_FREE(frame);
656 return NULL;
657 }
658 session_info = pytalloc_get_type(py_session,
659 struct auth_session_info);
660 if (session_info == NULL) {
661 PyErr_Format(PyExc_TypeError,
662 "Expected auth_session_info for session_info argument got %s",
663 pytalloc_get_name(py_session));
664 TALLOC_FREE(frame);
665 return NULL;
666 }
667
668 conn = get_conn_tos(service, session_info);
669 if (!conn) {
670 TALLOC_FREE(frame);
671 return NULL;
672 }
673
674 smb_fname = synthetic_smb_fname_split(frame,
675 fname,
676 lp_posix_pathnames());
677 if (smb_fname == NULL) {
678 TALLOC_FREE(frame);
679 return PyErr_NoMemory();
680 }
681
682 ret = SMB_VFS_UNLINKAT(conn,
683 conn->cwd_fsp,
684 smb_fname,
685 0);
686 if (ret != 0) {
687 TALLOC_FREE(frame);
688 errno = ret;
689 return PyErr_SetFromErrno(PyExc_OSError);
690 }
691
692 TALLOC_FREE(frame);
693
694 Py_RETURN_NONE;
695 }
696
697 /*
698 check if we have ACL support
699 */
700 static PyObject *py_smbd_have_posix_acls(PyObject *self,
701 PyObject *Py_UNUSED(ignored))
702 {
703 #ifdef HAVE_POSIX_ACLS
704 return PyBool_FromLong(true);
705 #else
706 return PyBool_FromLong(false);
707 #endif
708 }
709
710 /*
711 set the NT ACL on a file
712 */
713 static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kwargs)
714 {
715 const char * const kwnames[] = {
716 "fname",
717 "security_info_sent",
718 "sd",
719 "session_info",
720 "service",
721 NULL
722 };
723
724 NTSTATUS status;
725 char *fname, *service = NULL;
726 int security_info_sent;
727 PyObject *py_sd;
728 struct security_descriptor *sd;
729 PyObject *py_session = Py_None;
730 struct auth_session_info *session_info = NULL;
731 connection_struct *conn;
732 TALLOC_CTX *frame;
733
734 frame = talloc_stackframe();
735
736 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siOO|z",
737 discard_const_p(char *, kwnames),
738 &fname,
739 &security_info_sent,
740 &py_sd,
741 &py_session,
742 &service)) {
743 TALLOC_FREE(frame);
744 return NULL;
745 }
746
747 if (!py_check_dcerpc_type(py_sd, "samba.dcerpc.security", "descriptor")) {
748 TALLOC_FREE(frame);
749 return NULL;
750 }
751
752 if (!py_check_dcerpc_type(py_session,
753 "samba.dcerpc.auth",
754 "session_info")) {
755 TALLOC_FREE(frame);
756 return NULL;
757 }
758 session_info = pytalloc_get_type(py_session,
759 struct auth_session_info);
760 if (session_info == NULL) {
761 PyErr_Format(PyExc_TypeError,
762 "Expected auth_session_info for session_info argument got %s",
763 pytalloc_get_name(py_session));
764 return NULL;
765 }
766
767 conn = get_conn_tos(service, session_info);
768 if (!conn) {
769 TALLOC_FREE(frame);
770 return NULL;
771 }
772
773 sd = pytalloc_get_type(py_sd, struct security_descriptor);
774
775 status = set_nt_acl_conn(fname, security_info_sent, sd, conn);
776 TALLOC_FREE(frame);
777 PyErr_NTSTATUS_IS_ERR_RAISE(status);
778
779 Py_RETURN_NONE;
780 }
781
782 /*
783 Return the NT ACL on a file
784 */
785 static PyObject *py_smbd_get_nt_acl(PyObject *self, PyObject *args, PyObject *kwargs)
786 {
787 const char * const kwnames[] = {
788 "fname",
789 "security_info_wanted",
790 "session_info",
791 "service",
792 NULL
793 };
794 char *fname, *service = NULL;
795 int security_info_wanted;
796 PyObject *py_sd;
797 struct security_descriptor *sd;
798 TALLOC_CTX *frame = talloc_stackframe();
799 PyObject *py_session = Py_None;
800 struct auth_session_info *session_info = NULL;
801 connection_struct *conn;
802 NTSTATUS status;
803 int ret = 1;
804
805 ret = PyArg_ParseTupleAndKeywords(args,
806 kwargs,
807 "siO|z",
808 discard_const_p(char *, kwnames),
809 &fname,
810 &security_info_wanted,
811 &py_session,
812 &service);
813 if (!ret) {
814 TALLOC_FREE(frame);
815 return NULL;
816 }
817
818 if (!py_check_dcerpc_type(py_session,
819 "samba.dcerpc.auth",
820 "session_info")) {
821 TALLOC_FREE(frame);
822 return NULL;
823 }
824 session_info = pytalloc_get_type(py_session,
825 struct auth_session_info);
826 if (session_info == NULL) {
827 PyErr_Format(
828 PyExc_TypeError,
829 "Expected auth_session_info for "
830 "session_info argument got %s",
831 pytalloc_get_name(py_session));
832 return NULL;
833 }
834
835 conn = get_conn_tos(service, session_info);
836 if (!conn) {
837 TALLOC_FREE(frame);
838 return NULL;
839 }
840
841 status = get_nt_acl_conn(frame, fname, conn, security_info_wanted, &sd);
842 PyErr_NTSTATUS_IS_ERR_RAISE(status);
843
844 py_sd = py_return_ndr_struct("samba.dcerpc.security", "descriptor", sd, sd);
845
846 TALLOC_FREE(frame);
847
848 return py_sd;
849 }
850
851 /*
852 set the posix (or similar) ACL on a file
853 */
854 static PyObject *py_smbd_set_sys_acl(PyObject *self, PyObject *args, PyObject *kwargs)
855 {
856 const char * const kwnames[] = {
857 "fname",
858 "acl_type",
859 "acl",
860 "session_info",
861 "service",
862 NULL
863 };
864 TALLOC_CTX *frame = talloc_stackframe();
865 int ret;
866 char *fname, *service = NULL;
867 PyObject *py_acl;
868 PyObject *py_session = Py_None;
869 struct auth_session_info *session_info = NULL;
870 struct smb_acl_t *acl;
871 int acl_type;
872 connection_struct *conn;
873
874 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siOO|z",
875 discard_const_p(char *, kwnames),
876 &fname,
877 &acl_type,
878 &py_acl,
879 &py_session,
880 &service)) {
881 TALLOC_FREE(frame);
882 return NULL;
883 }
884
885 if (!py_check_dcerpc_type(py_acl, "samba.dcerpc.smb_acl", "t")) {
886 TALLOC_FREE(frame);
887 return NULL;
888 }
889
890 if (!py_check_dcerpc_type(py_session,
891 "samba.dcerpc.auth",
892 "session_info")) {
893 TALLOC_FREE(frame);
894 return NULL;
895 }
896 session_info = pytalloc_get_type(py_session,
897 struct auth_session_info);
898 if (session_info == NULL) {
899 PyErr_Format(PyExc_TypeError,
900 "Expected auth_session_info for session_info argument got %s",
901 pytalloc_get_name(py_session));
902 TALLOC_FREE(frame);
903 return NULL;
904 }
905
906 conn = get_conn_tos(service, session_info);
907 if (!conn) {
908 TALLOC_FREE(frame);
909 return NULL;
910 }
911
912 acl = pytalloc_get_type(py_acl, struct smb_acl_t);
913
914 ret = set_sys_acl_conn(fname, acl_type, acl, conn);
915 if (ret != 0) {
916 TALLOC_FREE(frame);
917 errno = ret;
918 return PyErr_SetFromErrno(PyExc_OSError);
919 }
920
921 TALLOC_FREE(frame);
922 Py_RETURN_NONE;
923 }
924
925 /*
926 Return the posix (or similar) ACL on a file
927 */
928 static PyObject *py_smbd_get_sys_acl(PyObject *self, PyObject *args, PyObject *kwargs)
929 {
930 const char * const kwnames[] = {
931 "fname",
932 "acl_type",
933 "session_info",
934 "service",
935 NULL
936 };
937 char *fname;
938 PyObject *py_acl;
939 PyObject *py_session = Py_None;
940 struct auth_session_info *session_info = NULL;
941 struct smb_acl_t *acl;
942 int acl_type;
943 TALLOC_CTX *frame = talloc_stackframe();
944 connection_struct *conn;
945 char *service = NULL;
946 struct smb_filename *smb_fname = NULL;
947
948 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|z",
949 discard_const_p(char *, kwnames),
950 &fname,
951 &acl_type,
952 &py_session,
953 &service)) {
954 TALLOC_FREE(frame);
955 return NULL;
956 }
957
958 if (!py_check_dcerpc_type(py_session,
959 "samba.dcerpc.auth",
960 "session_info")) {
961 TALLOC_FREE(frame);
962 return NULL;
963 }
964 session_info = pytalloc_get_type(py_session,
965 struct auth_session_info);
966 if (session_info == NULL) {
967 PyErr_Format(PyExc_TypeError,
968 "Expected auth_session_info for session_info argument got %s",
969 pytalloc_get_name(py_session));
970 TALLOC_FREE(frame);
971 return NULL;
972 }
973
974 conn = get_conn_tos(service, session_info);
975 if (!conn) {
976 TALLOC_FREE(frame);
977 return NULL;
978 }
979
980 smb_fname = synthetic_smb_fname_split(frame,
981 fname,
982 lp_posix_pathnames());
983 if (smb_fname == NULL) {
984 TALLOC_FREE(frame);
985 return NULL;
986 }
987 acl = SMB_VFS_SYS_ACL_GET_FILE( conn, smb_fname, acl_type, frame);
988 if (!acl) {
989 TALLOC_FREE(frame);
990 return PyErr_SetFromErrno(PyExc_OSError);
991 }
992
993 py_acl = py_return_ndr_struct("samba.dcerpc.smb_acl", "t", acl, acl);
994
995 TALLOC_FREE(frame);
996
997 return py_acl;
998 }
999
1000 static PyObject *py_smbd_mkdir(PyObject *self, PyObject *args, PyObject *kwargs)
1001 {
1002 const char * const kwnames[] = {
1003 "fname",
1004 "session_info",
1005 "service",
1006 NULL
1007 };
1008 char *fname, *service = NULL;
1009 PyObject *py_session = Py_None;
1010 struct auth_session_info *session_info = NULL;
1011 TALLOC_CTX *frame = talloc_stackframe();
1012 struct connection_struct *conn = NULL;
1013 struct smb_filename *smb_fname = NULL;
1014 int ret;
1015 mode_t saved_umask;
1016
1017 if (!PyArg_ParseTupleAndKeywords(args,
1018 kwargs,
1019 "sO|z",
1020 discard_const_p(char *,
1021 kwnames),
1022 &fname,
1023 &py_session,
1024 &service)) {
1025 TALLOC_FREE(frame);
1026 return NULL;
1027 }
1028
1029 if (!py_check_dcerpc_type(py_session,
1030 "samba.dcerpc.auth",
1031 "session_info")) {
1032 TALLOC_FREE(frame);
1033 return NULL;
1034 }
1035 session_info = pytalloc_get_type(py_session,
1036 struct auth_session_info);
1037 if (session_info == NULL) {
1038 PyErr_Format(PyExc_TypeError,
1039 "Expected auth_session_info for session_info argument got %s",
1040 pytalloc_get_name(py_session));
1041 TALLOC_FREE(frame);
1042 return NULL;
1043 }
1044
1045 conn = get_conn_tos(service, session_info);
1046 if (!conn) {
1047 TALLOC_FREE(frame);
1048 return NULL;
1049 }
1050
1051 smb_fname = synthetic_smb_fname(talloc_tos(),
1052 fname,
1053 NULL,
1054 NULL,
1055 0,
1056 lp_posix_pathnames() ?
1057 SMB_FILENAME_POSIX_PATH : 0);
1058
1059 if (smb_fname == NULL) {
1060 TALLOC_FREE(frame);
1061 return NULL;
1062 }
1063
1064 /* we want total control over the permissions on created files,
1065 so set our umask to 0 */
1066 saved_umask = umask(0);
1067
1068 ret = SMB_VFS_MKDIRAT(conn,
1069 conn->cwd_fsp,
1070 smb_fname,
1071 00755);
1072
1073 umask(saved_umask);
1074
1075 if (ret == -1) {
1076 DBG_ERR("mkdirat error=%d (%s)\n", errno, strerror(errno));
1077 TALLOC_FREE(frame);
1078 return NULL;
1079 }
1080
1081 TALLOC_FREE(frame);
1082 Py_RETURN_NONE;
1083 }
1084
1085
1086 /*
1087 Create an empty file
1088 */
1089 static PyObject *py_smbd_create_file(PyObject *self, PyObject *args, PyObject *kwargs)
1090 {
1091 const char * const kwnames[] = {
1092 "fname",
1093 "session_info",
1094 "service",
1095 NULL
1096 };
1097 char *fname, *service = NULL;
1098 PyObject *py_session = Py_None;
1099 struct auth_session_info *session_info = NULL;
1100 TALLOC_CTX *frame = talloc_stackframe();
1101 struct connection_struct *conn = NULL;
1102 struct files_struct *fsp = NULL;
1103 NTSTATUS status;
1104
1105 if (!PyArg_ParseTupleAndKeywords(args,
1106 kwargs,
1107 "sO|z",
1108 discard_const_p(char *,
1109 kwnames),
1110 &fname,
1111 &py_session,
1112 &service)) {
1113 TALLOC_FREE(frame);
1114 return NULL;
1115 }
1116
1117 if (!py_check_dcerpc_type(py_session,
1118 "samba.dcerpc.auth",
1119 "session_info")) {
1120 TALLOC_FREE(frame);
1121 return NULL;
1122 }
1123 session_info = pytalloc_get_type(py_session,
1124 struct auth_session_info);
1125 if (session_info == NULL) {
1126 PyErr_Format(PyExc_TypeError,
1127 "Expected auth_session_info for session_info argument got %s",
1128 pytalloc_get_name(py_session));
1129 TALLOC_FREE(frame);
1130 return NULL;
1131 }
1132
1133 conn = get_conn_tos(service, session_info);
1134 if (!conn) {
1135 TALLOC_FREE(frame);
1136 return NULL;
1137 }
1138
1139 status = init_files_struct(frame,
1140 fname,
1141 conn,
1142 O_CREAT|O_EXCL|O_RDWR,
1143 &fsp);
1144 if (!NT_STATUS_IS_OK(status)) {
1145 DBG_ERR("init_files_struct failed: %s\n",
1146 nt_errstr(status));
1147 }
1148
1149 TALLOC_FREE(frame);
1150 Py_RETURN_NONE;
1151 }
1152
1153
1154 static PyMethodDef py_smbd_methods[] = {
1155 { "have_posix_acls",
1156 (PyCFunction)py_smbd_have_posix_acls, METH_NOARGS,
1157 NULL },
1158 { "set_simple_acl",
1159 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl),
1160 METH_VARARGS|METH_KEYWORDS,
1161 NULL },
1162 { "set_nt_acl",
1163 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_nt_acl),
1164 METH_VARARGS|METH_KEYWORDS,
1165 NULL },
1166 { "get_nt_acl",
1167 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_get_nt_acl),
1168 METH_VARARGS|METH_KEYWORDS,
1169 NULL },
1170 { "get_sys_acl",
1171 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_get_sys_acl),
1172 METH_VARARGS|METH_KEYWORDS,
1173 NULL },
1174 { "set_sys_acl",
1175 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_sys_acl),
1176 METH_VARARGS|METH_KEYWORDS,
1177 NULL },
1178 { "chown",
1179 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_chown),
1180 METH_VARARGS|METH_KEYWORDS,
1181 NULL },
1182 { "unlink",
1183 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_unlink),
1184 METH_VARARGS|METH_KEYWORDS,
1185 NULL },
1186 { "mkdir",
1187 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_mkdir),
1188 METH_VARARGS|METH_KEYWORDS,
1189 NULL },
1190 { "create_file",
1191 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_create_file),
1192 METH_VARARGS|METH_KEYWORDS,
1193 NULL },
1194 {0}
1195 };
1196
1197 void initsmbd(void);
1198
1199 static struct PyModuleDef moduledef = {
1200 PyModuleDef_HEAD_INIT,
1201 .m_name = "smbd",
1202 .m_doc = "Python bindings for the smbd file server.",
1203 .m_size = -1,
1204 .m_methods = py_smbd_methods,
1205 };
1206
1207 MODULE_INIT_FUNC(smbd)
1208 {
1209 PyObject *m = NULL;
1210
1211 m = PyModule_Create(&moduledef);
1212 return m;
1213 }
Samba GIT mirror