pysmbd: add option to pass a session info to set_nt_acl() function

A filled session info is needed by some vfs modules, e.g. full_audit.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>

diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
index 3ce27f32600ef3a03520e8848fbdcbb48e5aa9e1..838152ad6e0db89c07cf504a85e7c5dd8454fc46 100644 (file)
--- a/python/samba/ntacls.py
+++ b/python/samba/ntacls.py
@@ -93,7 +93,13 @@ def getdosinfo(lp, file):
     return ndr_unpack(xattr.DOSATTRIB, attribute)
 
 
-def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True, service=None):
+def getntacl(lp,
+             file,
+             backend=None,
+             eadbfile=None,
+             direct_db_access=True,
+             service=None,
+             session_info=None):
     if direct_db_access:
         (backend_obj, dbname) = checkset_backend(lp, backend, eadbfile)
         if dbname is not None:
@@ -119,7 +125,10 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True, servi
         elif ntacl.version == 4:
             return ntacl.info.sd
     else:
-        return smbd.get_nt_acl(file, SECURITY_SECINFO_FLAGS, service=service)
+        return smbd.get_nt_acl(file,
+                               SECURITY_SECINFO_FLAGS,
+                               service=service,
+                               session_info=session_info)
 
 
 def setntacl(lp, file, sddl, domsid,

diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
index 1431925efd03844daf926e3e8fadf77ef0bdb203..25667198840fd42e4cf9186ce0ee29fb37495e4e 100644 (file)
--- a/source3/smbd/pysmbd.c
+++ b/source3/smbd/pysmbd.c
@@ -31,6 +31,9 @@
 #include "librpc/rpc/pyrpc_util.h"
 #include <pytalloc.h>
 #include "system/filesys.h"
+#include "passdb.h"
+#include "secrets.h"
+#include "auth.h"
 
 extern const struct generic_mapping file_generic_mapping;
 
@@ -622,22 +625,55 @@ static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kw
  */
 static PyObject *py_smbd_get_nt_acl(PyObject *self, PyObject *args, PyObject *kwargs)
 {
-       const char * const kwnames[] = { "fname", "security_info_wanted", "service", NULL };
+       const char * const kwnames[] = { "fname",
+                                        "security_info_wanted",
+                                        "service",
+                                        "session_info",
+                                        NULL };
        char *fname, *service = NULL;
        int security_info_wanted;
        PyObject *py_sd;
        struct security_descriptor *sd;
        TALLOC_CTX *frame = talloc_stackframe();
+       PyObject *py_session = Py_None;
+       struct auth_session_info *session_info = NULL;
        connection_struct *conn;
        NTSTATUS status;
+       int ret = 1;
 
-       if (!PyArg_ParseTupleAndKeywords(args, kwargs, "si|z", discard_const_p(char *, kwnames),
-                                        &fname, &security_info_wanted, &service)) {
+       ret = PyArg_ParseTupleAndKeywords(args,
+                                         kwargs,
+                                         "si|zO",
+                                         discard_const_p(char *, kwnames),
+                                         &fname,
+                                         &security_info_wanted,
+                                         &service,
+                                         &py_session);
+       if (!ret) {
                TALLOC_FREE(frame);
                return NULL;
        }
 
-       conn = get_conn_tos(service, NULL);
+       if (py_session != Py_None) {
+               if (!py_check_dcerpc_type(py_session,
+                                         "samba.dcerpc.auth",
+                                         "session_info")) {
+                       TALLOC_FREE(frame);
+                       return NULL;
+               }
+               session_info = pytalloc_get_type(py_session,
+                                                struct auth_session_info);
+               if (!session_info) {
+                       PyErr_Format(
+                               PyExc_TypeError,
+                               "Expected auth_session_info for "
+                               "session_info argument got %s",
+                               talloc_get_name(pytalloc_get_ptr(py_session)));
+                       return NULL;
+               }
+       }
+
+       conn = get_conn_tos(service, session_info);
        if (!conn) {
                TALLOC_FREE(frame);
                return NULL;