From f0954c73723618f905cc8082546e9b4cf3e39ddf Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Fri, 8 Jan 2010 13:06:47 +0300 Subject: [PATCH] s4: update setntacl and getntacl to select the adaquate backend (fs/tdb) for storing xattr --- .../scripting/python/samba/{misc.py => ntacls.py} | 70 +++++++++++++++++----- 1 file changed, 54 insertions(+), 16 deletions(-) rename source4/scripting/python/samba/{misc.py => ntacls.py} (68%) diff --git a/source4/scripting/python/samba/misc.py b/source4/scripting/python/samba/ntacls.py similarity index 68% rename from source4/scripting/python/samba/misc.py rename to source4/scripting/python/samba/ntacls.py index b548fbceabf..d6226807ce5 100644 --- a/source4/scripting/python/samba/misc.py +++ b/source4/scripting/python/samba/ntacls.py @@ -1,7 +1,7 @@ #!/usr/bin/python # Unix SMB/CIFS implementation. -# Copyright (C) Matthieu Patou 2009 +# Copyright (C) Matthieu Patou 2009-2010 # # # This program is free software; you can redistribute it and/or modify @@ -18,25 +18,63 @@ # along with this program. If not, see . # - -import samba.xattr +import os +import tdb +import samba.xattr_native, samba.xattr_tdb from samba.dcerpc import security, xattr from samba.ndr import ndr_pack, ndr_unpack - - -def getntacl(file): - attribute = samba.xattr.wrap_getxattr(file,xattr.XATTR_NTACL_NAME) - anysid=security.dom_sid(security.SID_NT_SELF) - ntacl = ndr_unpack(xattr.NTACL,attribute,1) - return ntacl.info.as_sddl(anysid) - -def setntacl(file,sddl): +class XattrBackendError(Exception): + """A generic xattr backend error.""" + +def checkset_backend(lp,backend,eadbfile): + if backend != None: + if backend == "native": + lp.set("posix:eadb","") + elif backend == "tdb": + if eadbfile != None: + lp.set("posix:eadb",eadbfile) + else: + os.path.abspath(os.path.join(lp.get("private dir"),"eadb.tdb")) + else: + raise XattrBackendError("Unvalid xattr backend choice %s"%backend) + +def getntacl(lp,file,backend=None,eadbfile=None): + try: + checkset_backend(lp,backend,eadbfile) + except: + raise + eadbname = lp.get("posix:eadb") + if eadbname != None and eadbname != "" : + attribute = samba.xattr_tdb.wrap_getxattr(eadbname,file,xattr.XATTR_NTACL_NAME) + try: + attribute = samba.xattr_tdb.wrap_getxattr(eadbname,file,xattr.XATTR_NTACL_NAME) + except: + print "Fail to open %s"%eadbname + attribute = samba.xattr_native.wrap_getxattr(file,xattr.XATTR_NTACL_NAME) + else: + attribute = samba.xattr_native.wrap_getxattr(file,xattr.XATTR_NTACL_NAME) + ntacl = ndr_unpack(xattr.NTACL,attribute) + return ntacl + +def setntacl(lp,file,sddl,domsid,backend=None,eadbfile=None): + try: + checkset_backend(lp,backend,eadbfile) + except: + raise ntacl=xattr.NTACL() ntacl.version = 1 - anysid=security.dom_sid(security.SID_NT_SELF) + anysid=security.dom_sid(domsid) sd = security.descriptor.from_sddl(sddl, anysid) ntacl.info = sd - attribute = samba.xattr.wrap_setxattr(file,xattr.XATTR_NTACL_NAME,ndr_pack(ntacl)) + eadbname = lp.get("posix:eadb") + if eadbname != None and eadbname != "": + try: + attribute = samba.xattr_tdb.wrap_setxattr(eadbname,file,xattr.XATTR_NTACL_NAME,ndr_pack(ntacl)) + except: + print "Fail to open %s"%eadbname + attribute = samba.xattr_native.wrap_setxattr(file,xattr.XATTR_NTACL_NAME,ndr_pack(ntacl)) + else: + attribute = samba.xattr_native.wrap_setxattr(file,xattr.XATTR_NTACL_NAME,ndr_pack(ntacl)) # Takes the access mask of a DS ACE and transform them in a File ACE mask def ldapmask2filemask(ldm): @@ -96,8 +134,8 @@ def ldapmask2filemask(ldm): # ACL and return the SDDL representation of this ACL adapted # for files. It's used for Policy object provision -def dsacl2fsacl(dssddl): - anysid = security.dom_sid(security.SID_NT_SELF) +def dsacl2fsacl(dssddl,domsid): + anysid = security.dom_sid(domsid) ref = security.descriptor.from_sddl(dssddl,anysid) fdescr = security.descriptor() fdescr.owner_sid = ref.owner_sid -- 2.11.4.GIT