search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:pysmbd: fix fd leak in py_smbd_create_file()
[Samba.git] / source3 / smbd / pysmbd.c
blob3ef4fd7c248b9e808dd8297de26228b05c196137
1 /*
2 Unix SMB/CIFS implementation.
3 Set NT and POSIX ACLs and other VFS operations from Python
4
5 Copyrigyt (C) Andrew Bartlett 2012
6 Copyright (C) Jeremy Allison 1994-2009.
7 Copyright (C) Andreas Gruenbacher 2002.
8 Copyright (C) Simo Sorce <idra@samba.org> 2009.
9 Copyright (C) Simo Sorce 2002
10 Copyright (C) Eric Lorimer 2002
11
12 This program is free software; you can redistribute it and/or modify
13 it under the terms of the GNU General Public License as published by
14 the Free Software Foundation; either version 3 of the License, or
15 (at your option) any later version.
16
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License for more details.
21
22 You should have received a copy of the GNU General Public License
23 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 */
25
26 #include <Python.h>
27 #include "includes.h"
28 #include "python/py3compat.h"
29 #include "python/modules.h"
30 #include "smbd/smbd.h"
31 #include "libcli/util/pyerrors.h"
32 #include "librpc/rpc/pyrpc_util.h"
33 #include <pytalloc.h>
34 #include "system/filesys.h"
35 #include "passdb.h"
36 #include "secrets.h"
37 #include "auth.h"
38
39 extern const struct generic_mapping file_generic_mapping;
40
41 #undef DBGC_CLASS
42 #define DBGC_CLASS DBGC_ACLS
43
44 #ifdef O_DIRECTORY
45 #define DIRECTORY_FLAGS O_RDONLY|O_DIRECTORY
46 #else
47 /* POSIX allows us to open a directory with O_RDONLY. */
48 #define DIRECTORY_FLAGS O_RDONLY
49 #endif
50
51
52 static connection_struct *get_conn_tos(
53 const char *service,
54 const struct auth_session_info *session_info)
55 {
56 struct conn_struct_tos *c = NULL;
57 int snum = -1;
58 NTSTATUS status;
59 char *cwd = NULL;
60 struct smb_filename cwd_fname = {0};
61 int ret;
62
63 if (!posix_locking_init(false)) {
64 PyErr_NoMemory();
65 return NULL;
66 }
67
68 if (service) {
69 snum = lp_servicenumber(service);
70 if (snum == -1) {
71 PyErr_SetString(PyExc_RuntimeError, "unknown service");
72 return NULL;
73 }
74 }
75
76 /*
77 * Make sure that session unix info is filled,
78 * which is required by vfs operations.
79 */
80 if (session_info->unix_info == NULL) {
81 PyErr_SetString(PyExc_RuntimeError,
82 "Session unix info not initialized");
83 return NULL;
84 }
85 if (session_info->unix_info->unix_name == NULL) {
86 PyErr_SetString(PyExc_RuntimeError,
87 "Session unix info not available");
88 return NULL;
89 }
90
91 status = create_conn_struct_tos(NULL,
92 snum,
93 "/",
94 session_info,
95 &c);
96 PyErr_NTSTATUS_IS_ERR_RAISE(status);
97
98 /* Ignore read-only and share restrictions */
99 c->conn->read_only = false;
100 c->conn->share_access = SEC_RIGHTS_FILE_ALL;
101
102 /* Provided by libreplace if not present. Always mallocs. */
103 cwd = get_current_dir_name();
104 if (cwd == NULL) {
105 PyErr_NoMemory();
106 return NULL;
107 }
108
109 cwd_fname.base_name = cwd;
110 /*
111 * We need to call vfs_ChDir() to initialize
112 * conn->cwd_fsp correctly. Change directory
113 * to current directory (so no change for process).
114 */
115 ret = vfs_ChDir(c->conn, &cwd_fname);
116 if (ret != 0) {
117 status = map_nt_error_from_unix(errno);
118 SAFE_FREE(cwd);
119 PyErr_NTSTATUS_IS_ERR_RAISE(status);
120 }
121
122 SAFE_FREE(cwd);
123
124 return c->conn;
125 }
126
127 static int set_sys_acl_conn(const char *fname,
128 SMB_ACL_TYPE_T acltype,
129 SMB_ACL_T theacl, connection_struct *conn)
130 {
131 int ret;
132 struct smb_filename *smb_fname = NULL;
133 TALLOC_CTX *frame = talloc_stackframe();
134 NTSTATUS status;
135
136 smb_fname = synthetic_smb_fname_split(frame,
137 fname,
138 lp_posix_pathnames());
139 if (smb_fname == NULL) {
140 TALLOC_FREE(frame);
141 return -1;
142 }
143
144 ret = vfs_stat(conn, smb_fname);
145 if (ret == -1) {
146 TALLOC_FREE(frame);
147 return -1;
148 }
149
150 status = openat_pathref_fsp(conn->cwd_fsp, smb_fname);
151 if (!NT_STATUS_IS_OK(status)) {
152 TALLOC_FREE(frame);
153 errno = map_errno_from_nt_status(status);
154 return -1;
155 }
156
157 ret = SMB_VFS_SYS_ACL_SET_FD(smb_fname->fsp, acltype, theacl);
158
159 TALLOC_FREE(frame);
160 return ret;
161 }
162
163
164 static NTSTATUS init_files_struct(TALLOC_CTX *mem_ctx,
165 const char *fname,
166 struct connection_struct *conn,
167 int flags,
168 struct files_struct **_fsp)
169 {
170 struct smb_filename *smb_fname = NULL;
171 int fd;
172 int ret;
173 mode_t saved_umask;
174 struct files_struct *fsp;
175 struct files_struct *fspcwd = NULL;
176 NTSTATUS status;
177
178 fsp = talloc_zero(mem_ctx, struct files_struct);
179 if (fsp == NULL) {
180 return NT_STATUS_NO_MEMORY;
181 }
182 fsp->fh = fd_handle_create(fsp);
183 if (fsp->fh == NULL) {
184 return NT_STATUS_NO_MEMORY;
185 }
186 fsp->conn = conn;
187
188 smb_fname = synthetic_smb_fname_split(fsp,
189 fname,
190 lp_posix_pathnames());
191 if (smb_fname == NULL) {
192 return NT_STATUS_NO_MEMORY;
193 }
194
195 fsp->fsp_name = smb_fname;
196
197 status = vfs_at_fspcwd(fsp, conn, &fspcwd);
198 if (!NT_STATUS_IS_OK(status)) {
199 return status;
200 }
201
202 /*
203 * we want total control over the permissions on created files,
204 * so set our umask to 0 (this matters if flags contains O_CREAT)
205 */
206 saved_umask = umask(0);
207
208 fd = SMB_VFS_OPENAT(conn,
209 fspcwd,
210 smb_fname,
211 fsp,
212 flags,
213 00644);
214
215 umask(saved_umask);
216
217 if (fd == -1) {
218 int err = errno;
219 if (err == ENOENT) {
220 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
221 }
222 return NT_STATUS_INVALID_PARAMETER;
223 }
224 fsp_set_fd(fsp, fd);
225
226 ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
227 if (ret == -1) {
228 /* If we have an fd, this stat should succeed. */
229 DEBUG(0,("Error doing fstat on open file %s (%s)\n",
230 smb_fname_str_dbg(smb_fname),
231 strerror(errno) ));
232 return map_nt_error_from_unix(errno);
233 }
234
235 fsp->file_id = vfs_file_id_from_sbuf(conn, &smb_fname->st);
236 fsp->vuid = UID_FIELD_INVALID;
237 fsp->file_pid = 0;
238 fsp->fsp_flags.can_lock = true;
239 fsp->fsp_flags.can_read = true;
240 fsp->fsp_flags.can_write = true;
241 fsp->print_file = NULL;
242 fsp->fsp_flags.modified = false;
243 fsp->sent_oplock_break = NO_BREAK_SENT;
244 fsp->fsp_flags.is_directory = S_ISDIR(smb_fname->st.st_ex_mode);
245
246 *_fsp = fsp;
247
248 return NT_STATUS_OK;
249 }
250
251 static NTSTATUS set_nt_acl_conn(const char *fname,
252 uint32_t security_info_sent, const struct security_descriptor *sd,
253 connection_struct *conn)
254 {
255 TALLOC_CTX *frame = talloc_stackframe();
256 struct files_struct *fsp = NULL;
257 NTSTATUS status = NT_STATUS_OK;
258
259 /* first, try to open it as a file with flag O_RDWR */
260 status = init_files_struct(frame,
261 fname,
262 conn,
263 O_RDWR,
264 &fsp);
265 if (!NT_STATUS_IS_OK(status) && errno == EISDIR) {
266 /* if fail, try to open as dir */
267 status = init_files_struct(frame,
268 fname,
269 conn,
270 DIRECTORY_FLAGS,
271 &fsp);
272 }
273
274 if (!NT_STATUS_IS_OK(status)) {
275 DBG_ERR("init_files_struct failed: %s\n",
276 nt_errstr(status));
277 if (fsp != NULL) {
278 SMB_VFS_CLOSE(fsp);
279 }
280 TALLOC_FREE(frame);
281 return status;
282 }
283
284 status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, sd);
285 if (!NT_STATUS_IS_OK(status)) {
286 DEBUG(0,("set_nt_acl_no_snum: fset_nt_acl returned %s.\n", nt_errstr(status)));
287 }
288
289 SMB_VFS_CLOSE(fsp);
290
291 TALLOC_FREE(frame);
292 return status;
293 }
294
295 static NTSTATUS get_nt_acl_conn(TALLOC_CTX *mem_ctx,
296 const char *fname,
297 connection_struct *conn,
298 uint32_t security_info_wanted,
299 struct security_descriptor **sd)
300 {
301 TALLOC_CTX *frame = talloc_stackframe();
302 NTSTATUS status;
303 struct smb_filename *smb_fname = synthetic_smb_fname(talloc_tos(),
304 fname,
305 NULL,
306 NULL,
307 0,
308 lp_posix_pathnames() ?
309 SMB_FILENAME_POSIX_PATH : 0);
310
311 if (smb_fname == NULL) {
312 TALLOC_FREE(frame);
313 return NT_STATUS_NO_MEMORY;
314 }
315
316 status = SMB_VFS_GET_NT_ACL_AT(conn,
317 conn->cwd_fsp,
318 smb_fname,
319 security_info_wanted,
320 mem_ctx,
321 sd);
322 if (!NT_STATUS_IS_OK(status)) {
323 DBG_ERR("get_nt_acl_at returned %s.\n",
324 nt_errstr(status));
325 }
326
327 TALLOC_FREE(frame);
328
329 return status;
330 }
331
332 static int set_acl_entry_perms(SMB_ACL_ENTRY_T entry, mode_t perm_mask)
333 {
334 SMB_ACL_PERMSET_T perms = NULL;
335
336 if (sys_acl_get_permset(entry, &perms) != 0) {
337 return -1;
338 }
339
340 if (sys_acl_clear_perms(perms) != 0) {
341 return -1;
342 }
343
344 if ((perm_mask & SMB_ACL_READ) != 0 &&
345 sys_acl_add_perm(perms, SMB_ACL_READ) != 0) {
346 return -1;
347 }
348
349 if ((perm_mask & SMB_ACL_WRITE) != 0 &&
350 sys_acl_add_perm(perms, SMB_ACL_WRITE) != 0) {
351 return -1;
352 }
353
354 if ((perm_mask & SMB_ACL_EXECUTE) != 0 &&
355 sys_acl_add_perm(perms, SMB_ACL_EXECUTE) != 0) {
356 return -1;
357 }
358
359 if (sys_acl_set_permset(entry, perms) != 0) {
360 return -1;
361 }
362
363 return 0;
364 }
365
366 static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx,
367 gid_t gid,
368 mode_t chmod_mode)
369 {
370 mode_t mode = SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE;
371
372 mode_t mode_user = (chmod_mode & 0700) >> 6;
373 mode_t mode_group = (chmod_mode & 070) >> 3;
374 mode_t mode_other = chmod_mode & 07;
375 SMB_ACL_ENTRY_T entry;
376 SMB_ACL_T acl = sys_acl_init(mem_ctx);
377
378 if (!acl) {
379 return NULL;
380 }
381
382 if (sys_acl_create_entry(&acl, &entry) != 0) {
383 TALLOC_FREE(acl);
384 return NULL;
385 }
386
387 if (sys_acl_set_tag_type(entry, SMB_ACL_USER_OBJ) != 0) {
388 TALLOC_FREE(acl);
389 return NULL;
390 }
391
392 if (set_acl_entry_perms(entry, mode_user) != 0) {
393 TALLOC_FREE(acl);
394 return NULL;
395 }
396
397 if (sys_acl_create_entry(&acl, &entry) != 0) {
398 TALLOC_FREE(acl);
399 return NULL;
400 }
401
402 if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP_OBJ) != 0) {
403 TALLOC_FREE(acl);
404 return NULL;
405 }
406
407 if (set_acl_entry_perms(entry, mode_group) != 0) {
408 TALLOC_FREE(acl);
409 return NULL;
410 }
411
412 if (sys_acl_create_entry(&acl, &entry) != 0) {
413 TALLOC_FREE(acl);
414 return NULL;
415 }
416
417 if (sys_acl_set_tag_type(entry, SMB_ACL_OTHER) != 0) {
418 TALLOC_FREE(acl);
419 return NULL;
420 }
421
422 if (set_acl_entry_perms(entry, mode_other) != 0) {
423 TALLOC_FREE(acl);
424 return NULL;
425 }
426
427 if (gid != -1) {
428 if (sys_acl_create_entry(&acl, &entry) != 0) {
429 TALLOC_FREE(acl);
430 return NULL;
431 }
432
433 if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP) != 0) {
434 TALLOC_FREE(acl);
435 return NULL;
436 }
437
438 if (sys_acl_set_qualifier(entry, &gid) != 0) {
439 TALLOC_FREE(acl);
440 return NULL;
441 }
442
443 if (set_acl_entry_perms(entry, mode_group) != 0) {
444 TALLOC_FREE(acl);
445 return NULL;
446 }
447 }
448
449 if (sys_acl_create_entry(&acl, &entry) != 0) {
450 TALLOC_FREE(acl);
451 return NULL;
452 }
453
454 if (sys_acl_set_tag_type(entry, SMB_ACL_MASK) != 0) {
455 TALLOC_FREE(acl);
456 return NULL;
457 }
458
459 if (set_acl_entry_perms(entry, mode) != 0) {
460 TALLOC_FREE(acl);
461 return NULL;
462 }
463
464 return acl;
465 }
466
467 /*
468 set a simple ACL on a file, as a test
469 */
470 static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject *kwargs)
471 {
472 const char * const kwnames[] = {
473 "fname",
474 "mode",
475 "session_info",
476 "gid",
477 "service",
478 NULL
479 };
480 char *fname, *service = NULL;
481 PyObject *py_session = Py_None;
482 struct auth_session_info *session_info = NULL;
483 int ret;
484 int mode, gid = -1;
485 SMB_ACL_T acl;
486 TALLOC_CTX *frame;
487 connection_struct *conn;
488
489 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz",
490 discard_const_p(char *, kwnames),
491 &fname,
492 &mode,
493 &py_session,
494 &gid,
495 &service))
496 return NULL;
497
498 if (!py_check_dcerpc_type(py_session,
499 "samba.dcerpc.auth",
500 "session_info")) {
501 return NULL;
502 }
503 session_info = pytalloc_get_type(py_session,
504 struct auth_session_info);
505 if (session_info == NULL) {
506 PyErr_Format(PyExc_TypeError,
507 "Expected auth_session_info for session_info argument got %s",
508 pytalloc_get_name(py_session));
509 return NULL;
510 }
511
512 frame = talloc_stackframe();
513
514 acl = make_simple_acl(frame, gid, mode);
515 if (acl == NULL) {
516 TALLOC_FREE(frame);
517 return NULL;
518 }
519
520 conn = get_conn_tos(service, session_info);
521 if (!conn) {
522 TALLOC_FREE(frame);
523 return NULL;
524 }
525
526 ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn);
527
528 if (ret != 0) {
529 TALLOC_FREE(frame);
530 errno = ret;
531 return PyErr_SetFromErrno(PyExc_OSError);
532 }
533
534 TALLOC_FREE(frame);
535
536 Py_RETURN_NONE;
537 }
538
539 /*
540 chown a file
541 */
542 static PyObject *py_smbd_chown(PyObject *self, PyObject *args, PyObject *kwargs)
543 {
544 const char * const kwnames[] = {
545 "fname",
546 "uid",
547 "gid",
548 "session_info",
549 "service",
550 NULL
551 };
552 connection_struct *conn;
553 int ret;
554 NTSTATUS status;
555 char *fname, *service = NULL;
556 PyObject *py_session = Py_None;
557 struct auth_session_info *session_info = NULL;
558 int uid, gid;
559 TALLOC_CTX *frame;
560 struct files_struct *fsp = NULL;
561
562 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siiO|z",
563 discard_const_p(char *, kwnames),
564 &fname,
565 &uid,
566 &gid,
567 &py_session,
568 &service))
569 return NULL;
570
571 if (!py_check_dcerpc_type(py_session,
572 "samba.dcerpc.auth",
573 "session_info")) {
574 return NULL;
575 }
576 session_info = pytalloc_get_type(py_session,
577 struct auth_session_info);
578 if (session_info == NULL) {
579 PyErr_Format(PyExc_TypeError,
580 "Expected auth_session_info for session_info argument got %s",
581 pytalloc_get_name(py_session));
582 return NULL;
583 }
584
585 frame = talloc_stackframe();
586
587 conn = get_conn_tos(service, session_info);
588 if (!conn) {
589 TALLOC_FREE(frame);
590 return NULL;
591 }
592
593 /* first, try to open it as a file with flag O_RDWR */
594 status = init_files_struct(frame,
595 fname,
596 conn,
597 O_RDWR,
598 &fsp);
599 if (!NT_STATUS_IS_OK(status) && errno == EISDIR) {
600 /* if fail, try to open as dir */
601 status = init_files_struct(frame,
602 fname,
603 conn,
604 DIRECTORY_FLAGS,
605 &fsp);
606 }
607
608 if (!NT_STATUS_IS_OK(status)) {
609 DBG_ERR("init_files_struct failed: %s\n",
610 nt_errstr(status));
611 if (fsp != NULL) {
612 SMB_VFS_CLOSE(fsp);
613 }
614 TALLOC_FREE(frame);
615 /*
616 * The following macro raises a python
617 * error then returns NULL.
618 */
619 PyErr_NTSTATUS_IS_ERR_RAISE(status);
620 }
621
622 ret = SMB_VFS_FCHOWN(fsp, uid, gid);
623 if (ret != 0) {
624 int saved_errno = errno;
625 SMB_VFS_CLOSE(fsp);
626 TALLOC_FREE(frame);
627 errno = saved_errno;
628 return PyErr_SetFromErrno(PyExc_OSError);
629 }
630
631 SMB_VFS_CLOSE(fsp);
632 TALLOC_FREE(frame);
633
634 Py_RETURN_NONE;
635 }
636
637 /*
638 unlink a file
639 */
640 static PyObject *py_smbd_unlink(PyObject *self, PyObject *args, PyObject *kwargs)
641 {
642 const char * const kwnames[] = {
643 "fname",
644 "session_info",
645 "service",
646 NULL
647 };
648 connection_struct *conn;
649 int ret;
650 struct smb_filename *smb_fname = NULL;
651 PyObject *py_session = Py_None;
652 struct auth_session_info *session_info = NULL;
653 char *fname, *service = NULL;
654 TALLOC_CTX *frame;
655
656 frame = talloc_stackframe();
657
658 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO|z",
659 discard_const_p(char *, kwnames),
660 &fname,
661 &py_session ,
662 &service)) {
663 TALLOC_FREE(frame);
664 return NULL;
665 }
666
667 if (!py_check_dcerpc_type(py_session,
668 "samba.dcerpc.auth",
669 "session_info")) {
670 TALLOC_FREE(frame);
671 return NULL;
672 }
673 session_info = pytalloc_get_type(py_session,
674 struct auth_session_info);
675 if (session_info == NULL) {
676 PyErr_Format(PyExc_TypeError,
677 "Expected auth_session_info for session_info argument got %s",
678 pytalloc_get_name(py_session));
679 TALLOC_FREE(frame);
680 return NULL;
681 }
682
683 conn = get_conn_tos(service, session_info);
684 if (!conn) {
685 TALLOC_FREE(frame);
686 return NULL;
687 }
688
689 smb_fname = synthetic_smb_fname_split(frame,
690 fname,
691 lp_posix_pathnames());
692 if (smb_fname == NULL) {
693 TALLOC_FREE(frame);
694 return PyErr_NoMemory();
695 }
696
697 ret = SMB_VFS_UNLINKAT(conn,
698 conn->cwd_fsp,
699 smb_fname,
700 0);
701 if (ret != 0) {
702 TALLOC_FREE(frame);
703 errno = ret;
704 return PyErr_SetFromErrno(PyExc_OSError);
705 }
706
707 TALLOC_FREE(frame);
708
709 Py_RETURN_NONE;
710 }
711
712 /*
713 check if we have ACL support
714 */
715 static PyObject *py_smbd_have_posix_acls(PyObject *self,
716 PyObject *Py_UNUSED(ignored))
717 {
718 #ifdef HAVE_POSIX_ACLS
719 return PyBool_FromLong(true);
720 #else
721 return PyBool_FromLong(false);
722 #endif
723 }
724
725 /*
726 set the NT ACL on a file
727 */
728 static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kwargs)
729 {
730 const char * const kwnames[] = {
731 "fname",
732 "security_info_sent",
733 "sd",
734 "session_info",
735 "service",
736 NULL
737 };
738
739 NTSTATUS status;
740 char *fname, *service = NULL;
741 int security_info_sent;
742 PyObject *py_sd;
743 struct security_descriptor *sd;
744 PyObject *py_session = Py_None;
745 struct auth_session_info *session_info = NULL;
746 connection_struct *conn;
747 TALLOC_CTX *frame;
748
749 frame = talloc_stackframe();
750
751 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siOO|z",
752 discard_const_p(char *, kwnames),
753 &fname,
754 &security_info_sent,
755 &py_sd,
756 &py_session,
757 &service)) {
758 TALLOC_FREE(frame);
759 return NULL;
760 }
761
762 if (!py_check_dcerpc_type(py_sd, "samba.dcerpc.security", "descriptor")) {
763 TALLOC_FREE(frame);
764 return NULL;
765 }
766
767 if (!py_check_dcerpc_type(py_session,
768 "samba.dcerpc.auth",
769 "session_info")) {
770 TALLOC_FREE(frame);
771 return NULL;
772 }
773 session_info = pytalloc_get_type(py_session,
774 struct auth_session_info);
775 if (session_info == NULL) {
776 PyErr_Format(PyExc_TypeError,
777 "Expected auth_session_info for session_info argument got %s",
778 pytalloc_get_name(py_session));
779 return NULL;
780 }
781
782 conn = get_conn_tos(service, session_info);
783 if (!conn) {
784 TALLOC_FREE(frame);
785 return NULL;
786 }
787
788 sd = pytalloc_get_type(py_sd, struct security_descriptor);
789
790 status = set_nt_acl_conn(fname, security_info_sent, sd, conn);
791 TALLOC_FREE(frame);
792 PyErr_NTSTATUS_IS_ERR_RAISE(status);
793
794 Py_RETURN_NONE;
795 }
796
797 /*
798 Return the NT ACL on a file
799 */
800 static PyObject *py_smbd_get_nt_acl(PyObject *self, PyObject *args, PyObject *kwargs)
801 {
802 const char * const kwnames[] = {
803 "fname",
804 "security_info_wanted",
805 "session_info",
806 "service",
807 NULL
808 };
809 char *fname, *service = NULL;
810 int security_info_wanted;
811 PyObject *py_sd;
812 struct security_descriptor *sd;
813 TALLOC_CTX *frame = talloc_stackframe();
814 PyObject *py_session = Py_None;
815 struct auth_session_info *session_info = NULL;
816 connection_struct *conn;
817 NTSTATUS status;
818 int ret = 1;
819
820 ret = PyArg_ParseTupleAndKeywords(args,
821 kwargs,
822 "siO|z",
823 discard_const_p(char *, kwnames),
824 &fname,
825 &security_info_wanted,
826 &py_session,
827 &service);
828 if (!ret) {
829 TALLOC_FREE(frame);
830 return NULL;
831 }
832
833 if (!py_check_dcerpc_type(py_session,
834 "samba.dcerpc.auth",
835 "session_info")) {
836 TALLOC_FREE(frame);
837 return NULL;
838 }
839 session_info = pytalloc_get_type(py_session,
840 struct auth_session_info);
841 if (session_info == NULL) {
842 PyErr_Format(
843 PyExc_TypeError,
844 "Expected auth_session_info for "
845 "session_info argument got %s",
846 pytalloc_get_name(py_session));
847 return NULL;
848 }
849
850 conn = get_conn_tos(service, session_info);
851 if (!conn) {
852 TALLOC_FREE(frame);
853 return NULL;
854 }
855
856 status = get_nt_acl_conn(frame, fname, conn, security_info_wanted, &sd);
857 PyErr_NTSTATUS_IS_ERR_RAISE(status);
858
859 py_sd = py_return_ndr_struct("samba.dcerpc.security", "descriptor", sd, sd);
860
861 TALLOC_FREE(frame);
862
863 return py_sd;
864 }
865
866 /*
867 set the posix (or similar) ACL on a file
868 */
869 static PyObject *py_smbd_set_sys_acl(PyObject *self, PyObject *args, PyObject *kwargs)
870 {
871 const char * const kwnames[] = {
872 "fname",
873 "acl_type",
874 "acl",
875 "session_info",
876 "service",
877 NULL
878 };
879 TALLOC_CTX *frame = talloc_stackframe();
880 int ret;
881 char *fname, *service = NULL;
882 PyObject *py_acl;
883 PyObject *py_session = Py_None;
884 struct auth_session_info *session_info = NULL;
885 struct smb_acl_t *acl;
886 int acl_type;
887 connection_struct *conn;
888
889 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siOO|z",
890 discard_const_p(char *, kwnames),
891 &fname,
892 &acl_type,
893 &py_acl,
894 &py_session,
895 &service)) {
896 TALLOC_FREE(frame);
897 return NULL;
898 }
899
900 if (!py_check_dcerpc_type(py_acl, "samba.dcerpc.smb_acl", "t")) {
901 TALLOC_FREE(frame);
902 return NULL;
903 }
904
905 if (!py_check_dcerpc_type(py_session,
906 "samba.dcerpc.auth",
907 "session_info")) {
908 TALLOC_FREE(frame);
909 return NULL;
910 }
911 session_info = pytalloc_get_type(py_session,
912 struct auth_session_info);
913 if (session_info == NULL) {
914 PyErr_Format(PyExc_TypeError,
915 "Expected auth_session_info for session_info argument got %s",
916 pytalloc_get_name(py_session));
917 TALLOC_FREE(frame);
918 return NULL;
919 }
920
921 conn = get_conn_tos(service, session_info);
922 if (!conn) {
923 TALLOC_FREE(frame);
924 return NULL;
925 }
926
927 acl = pytalloc_get_type(py_acl, struct smb_acl_t);
928
929 ret = set_sys_acl_conn(fname, acl_type, acl, conn);
930 if (ret != 0) {
931 TALLOC_FREE(frame);
932 errno = ret;
933 return PyErr_SetFromErrno(PyExc_OSError);
934 }
935
936 TALLOC_FREE(frame);
937 Py_RETURN_NONE;
938 }
939
940 /*
941 Return the posix (or similar) ACL on a file
942 */
943 static PyObject *py_smbd_get_sys_acl(PyObject *self, PyObject *args, PyObject *kwargs)
944 {
945 const char * const kwnames[] = {
946 "fname",
947 "acl_type",
948 "session_info",
949 "service",
950 NULL
951 };
952 char *fname;
953 PyObject *py_acl;
954 PyObject *py_session = Py_None;
955 struct auth_session_info *session_info = NULL;
956 struct smb_acl_t *acl;
957 int acl_type;
958 TALLOC_CTX *frame = talloc_stackframe();
959 connection_struct *conn;
960 char *service = NULL;
961 struct smb_filename *smb_fname = NULL;
962
963 if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|z",
964 discard_const_p(char *, kwnames),
965 &fname,
966 &acl_type,
967 &py_session,
968 &service)) {
969 TALLOC_FREE(frame);
970 return NULL;
971 }
972
973 if (!py_check_dcerpc_type(py_session,
974 "samba.dcerpc.auth",
975 "session_info")) {
976 TALLOC_FREE(frame);
977 return NULL;
978 }
979 session_info = pytalloc_get_type(py_session,
980 struct auth_session_info);
981 if (session_info == NULL) {
982 PyErr_Format(PyExc_TypeError,
983 "Expected auth_session_info for session_info argument got %s",
984 pytalloc_get_name(py_session));
985 TALLOC_FREE(frame);
986 return NULL;
987 }
988
989 conn = get_conn_tos(service, session_info);
990 if (!conn) {
991 TALLOC_FREE(frame);
992 return NULL;
993 }
994
995 smb_fname = synthetic_smb_fname_split(frame,
996 fname,
997 lp_posix_pathnames());
998 if (smb_fname == NULL) {
999 TALLOC_FREE(frame);
1000 return NULL;
1001 }
1002 acl = SMB_VFS_SYS_ACL_GET_FILE( conn, smb_fname, acl_type, frame);
1003 if (!acl) {
1004 TALLOC_FREE(frame);
1005 return PyErr_SetFromErrno(PyExc_OSError);
1006 }
1007
1008 py_acl = py_return_ndr_struct("samba.dcerpc.smb_acl", "t", acl, acl);
1009
1010 TALLOC_FREE(frame);
1011
1012 return py_acl;
1013 }
1014
1015 static PyObject *py_smbd_mkdir(PyObject *self, PyObject *args, PyObject *kwargs)
1016 {
1017 const char * const kwnames[] = {
1018 "fname",
1019 "session_info",
1020 "service",
1021 NULL
1022 };
1023 char *fname, *service = NULL;
1024 PyObject *py_session = Py_None;
1025 struct auth_session_info *session_info = NULL;
1026 TALLOC_CTX *frame = talloc_stackframe();
1027 struct connection_struct *conn = NULL;
1028 struct smb_filename *smb_fname = NULL;
1029 struct smb_filename *parent_fname = NULL;
1030 struct smb_filename *base_name = NULL;
1031 NTSTATUS status;
1032 int ret;
1033 mode_t saved_umask;
1034 bool ok;
1035
1036 if (!PyArg_ParseTupleAndKeywords(args,
1037 kwargs,
1038 "sO|z",
1039 discard_const_p(char *,
1040 kwnames),
1041 &fname,
1042 &py_session,
1043 &service)) {
1044 TALLOC_FREE(frame);
1045 return NULL;
1046 }
1047
1048 if (!py_check_dcerpc_type(py_session,
1049 "samba.dcerpc.auth",
1050 "session_info")) {
1051 TALLOC_FREE(frame);
1052 return NULL;
1053 }
1054 session_info = pytalloc_get_type(py_session,
1055 struct auth_session_info);
1056 if (session_info == NULL) {
1057 PyErr_Format(PyExc_TypeError,
1058 "Expected auth_session_info for session_info argument got %s",
1059 pytalloc_get_name(py_session));
1060 TALLOC_FREE(frame);
1061 return NULL;
1062 }
1063
1064 conn = get_conn_tos(service, session_info);
1065 if (!conn) {
1066 TALLOC_FREE(frame);
1067 return NULL;
1068 }
1069
1070 smb_fname = synthetic_smb_fname(talloc_tos(),
1071 fname,
1072 NULL,
1073 NULL,
1074 0,
1075 lp_posix_pathnames() ?
1076 SMB_FILENAME_POSIX_PATH : 0);
1077
1078 if (smb_fname == NULL) {
1079 TALLOC_FREE(frame);
1080 return NULL;
1081 }
1082
1083 ok = parent_smb_fname(frame,
1084 smb_fname,
1085 &parent_fname,
1086 &base_name);
1087 if (!ok) {
1088 TALLOC_FREE(frame);
1089 return NULL;
1090 }
1091
1092 ret = vfs_stat(conn, parent_fname);
1093 if (ret == -1) {
1094 TALLOC_FREE(frame);
1095 return NULL;
1096 }
1097 status = openat_pathref_fsp(conn->cwd_fsp, parent_fname);
1098 if (!NT_STATUS_IS_OK(status)) {
1099 TALLOC_FREE(frame);
1100 return NULL;
1101 }
1102
1103 /* we want total control over the permissions on created files,
1104 so set our umask to 0 */
1105 saved_umask = umask(0);
1106
1107 ret = SMB_VFS_MKDIRAT(conn,
1108 parent_fname->fsp,
1109 base_name,
1110 00755);
1111
1112 umask(saved_umask);
1113
1114 if (ret == -1) {
1115 DBG_ERR("mkdirat error=%d (%s)\n", errno, strerror(errno));
1116 TALLOC_FREE(frame);
1117 return NULL;
1118 }
1119
1120 TALLOC_FREE(frame);
1121 Py_RETURN_NONE;
1122 }
1123
1124
1125 /*
1126 Create an empty file
1127 */
1128 static PyObject *py_smbd_create_file(PyObject *self, PyObject *args, PyObject *kwargs)
1129 {
1130 const char * const kwnames[] = {
1131 "fname",
1132 "session_info",
1133 "service",
1134 NULL
1135 };
1136 char *fname, *service = NULL;
1137 PyObject *py_session = Py_None;
1138 struct auth_session_info *session_info = NULL;
1139 TALLOC_CTX *frame = talloc_stackframe();
1140 struct connection_struct *conn = NULL;
1141 struct files_struct *fsp = NULL;
1142 NTSTATUS status;
1143
1144 if (!PyArg_ParseTupleAndKeywords(args,
1145 kwargs,
1146 "sO|z",
1147 discard_const_p(char *,
1148 kwnames),
1149 &fname,
1150 &py_session,
1151 &service)) {
1152 TALLOC_FREE(frame);
1153 return NULL;
1154 }
1155
1156 if (!py_check_dcerpc_type(py_session,
1157 "samba.dcerpc.auth",
1158 "session_info")) {
1159 TALLOC_FREE(frame);
1160 return NULL;
1161 }
1162 session_info = pytalloc_get_type(py_session,
1163 struct auth_session_info);
1164 if (session_info == NULL) {
1165 PyErr_Format(PyExc_TypeError,
1166 "Expected auth_session_info for session_info argument got %s",
1167 pytalloc_get_name(py_session));
1168 TALLOC_FREE(frame);
1169 return NULL;
1170 }
1171
1172 conn = get_conn_tos(service, session_info);
1173 if (!conn) {
1174 TALLOC_FREE(frame);
1175 return NULL;
1176 }
1177
1178 status = init_files_struct(frame,
1179 fname,
1180 conn,
1181 O_CREAT|O_EXCL|O_RDWR,
1182 &fsp);
1183 if (!NT_STATUS_IS_OK(status)) {
1184 DBG_ERR("init_files_struct failed: %s\n",
1185 nt_errstr(status));
1186 } else if (fsp != NULL) {
1187 SMB_VFS_CLOSE(fsp);
1188 }
1189
1190 TALLOC_FREE(frame);
1191 PyErr_NTSTATUS_NOT_OK_RAISE(status);
1192 Py_RETURN_NONE;
1193 }
1194
1195
1196 static PyMethodDef py_smbd_methods[] = {
1197 { "have_posix_acls",
1198 (PyCFunction)py_smbd_have_posix_acls, METH_NOARGS,
1199 NULL },
1200 { "set_simple_acl",
1201 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl),
1202 METH_VARARGS|METH_KEYWORDS,
1203 NULL },
1204 { "set_nt_acl",
1205 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_nt_acl),
1206 METH_VARARGS|METH_KEYWORDS,
1207 NULL },
1208 { "get_nt_acl",
1209 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_get_nt_acl),
1210 METH_VARARGS|METH_KEYWORDS,
1211 NULL },
1212 { "get_sys_acl",
1213 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_get_sys_acl),
1214 METH_VARARGS|METH_KEYWORDS,
1215 NULL },
1216 { "set_sys_acl",
1217 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_sys_acl),
1218 METH_VARARGS|METH_KEYWORDS,
1219 NULL },
1220 { "chown",
1221 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_chown),
1222 METH_VARARGS|METH_KEYWORDS,
1223 NULL },
1224 { "unlink",
1225 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_unlink),
1226 METH_VARARGS|METH_KEYWORDS,
1227 NULL },
1228 { "mkdir",
1229 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_mkdir),
1230 METH_VARARGS|METH_KEYWORDS,
1231 NULL },
1232 { "create_file",
1233 PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_create_file),
1234 METH_VARARGS|METH_KEYWORDS,
1235 NULL },
1236 {0}
1237 };
1238
1239 void initsmbd(void);
1240
1241 static struct PyModuleDef moduledef = {
1242 PyModuleDef_HEAD_INIT,
1243 .m_name = "smbd",
1244 .m_doc = "Python bindings for the smbd file server.",
1245 .m_size = -1,
1246 .m_methods = py_smbd_methods,
1247 };
1248
1249 MODULE_INIT_FUNC(smbd)
1250 {
1251 PyObject *m = NULL;
1252
1253 m = PyModule_Create(&moduledef);
1254 return m;
1255 }
Samba GIT mirror