From 0533905c5df2c0de4f2714df3e29ad90b48b1892 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Dec 2012 22:09:18 +1100 Subject: [PATCH] scripting-ntacls: Optionally allow the service to be specified. Providing a service allows a VFS connect to be issued on the correct service, and so ensures that the correct modules are loaded rather than just what is specified in [globals]. Andrew Bartlett Reviewed-by: Jeremy Allison --- source4/scripting/python/samba/ntacls.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py index b89e9e94803..86fe062dc69 100644 --- a/source4/scripting/python/samba/ntacls.py +++ b/source4/scripting/python/samba/ntacls.py @@ -55,7 +55,7 @@ def checkset_backend(lp, backend, eadbfile): raise XattrBackendError("Invalid xattr backend choice %s"%backend) -def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True): +def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True, service=None): if direct_db_access: (backend_obj, dbname) = checkset_backend(lp, backend, eadbfile) if dbname is not None: @@ -81,10 +81,10 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True): elif ntacl.version == 4: return ntacl.info.sd else: - return smbd.get_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL) + return smbd.get_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, service) -def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True, skip_invalid_chown=False, passdb=None): +def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True, skip_invalid_chown=False, passdb=None, service=None): assert(isinstance(domsid, str) or isinstance(domsid, security.dom_sid)) if isinstance(domsid, str): sid = security.dom_sid(domsid) @@ -117,7 +117,7 @@ def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True sd2 = sd sd2.owner_sid = administrator - smbd.set_nt_acl(file, security.SECINFO_OWNER |security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd2) + smbd.set_nt_acl(file, security.SECINFO_OWNER |security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd2, service) # and then set an NTVFS ACL (which does not set the posix ACL) to pretend the owner really was set use_ntvfs = True @@ -130,7 +130,7 @@ def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True # This won't work in test environments, as it tries a real (rather than xattr-based fake) chown os.chown(file, 0, 0) - smbd.set_nt_acl(file, security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) + smbd.set_nt_acl(file, security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service) if use_ntvfs: (backend_obj, dbname) = checkset_backend(lp, backend, eadbfile) @@ -151,7 +151,7 @@ def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True samba.xattr_native.wrap_setxattr(file, xattr.XATTR_NTACL_NAME, ndr_pack(ntacl)) else: - smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) + smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service) def ldapmask2filemask(ldm): -- 2.11.4.GIT