/*
Unix SMB/CIFS implementation.
- Set NT and POSIX ACLs and other VFS operations from Python
-
+ Set NT and POSIX ACLs and other VFS operations from Python
+
Copyrigyt (C) Andrew Bartlett 2012
Copyright (C) Jeremy Allison 1994-2009.
Copyright (C) Andreas Gruenbacher 2002.
connection_struct *conn;
NTSTATUS status = NT_STATUS_OK;
int ret;
+ mode_t saved_umask;
conn = talloc_zero(NULL, connection_struct);
if (conn == NULL) {
}
if (!(conn->params = talloc(conn, struct share_params))) {
- DEBUG(0,("get_nt_acl_no_snum: talloc() failed!\n"));
+ DEBUG(0,("set_sys_acl_no_snum: talloc() failed!\n"));
TALLOC_FREE(conn);
return NT_STATUS_NO_MEMORY;
}
+ /* we want total control over the permissions on created files,
+ so set our umask to 0 */
+ saved_umask = umask(0);
+
conn->params->service = -1;
set_conn_connectpath(conn, "/");
ret = SMB_VFS_SYS_ACL_SET_FILE( conn, fname, acltype, theacl);
if (ret != 0) {
status = map_nt_error_from_unix_common(ret);
- DEBUG(0,("set_nt_acl_no_snum: fset_nt_acl returned zero.\n"));
+ DEBUG(0,("set_sys_acl_no_snum: SMB_VFS_SYS_ACL_SET_FILE "
+ "returned zero.\n"));
}
+ umask(saved_umask);
+
conn_free(conn);
return status;
files_struct *fsp;
struct smb_filename *smb_fname = NULL;
int flags;
+ mode_t saved_umask;
+
+ if (!posix_locking_init(false)) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
conn = talloc_zero(frame, connection_struct);
if (conn == NULL) {
+ TALLOC_FREE(frame);
DEBUG(0, ("talloc failed\n"));
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_NO_MEMORY;
}
- conn->params->service = -1;
-
- set_conn_connectpath(conn, "/");
-
- smbd_vfs_init(conn);
-
fsp = talloc_zero(frame, struct files_struct);
if (fsp == NULL) {
TALLOC_FREE(frame);
}
fsp->conn = conn;
+ /* we want total control over the permissions on created files,
+ so set our umask to 0 */
+ saved_umask = umask(0);
+
+ conn->params->service = -1;
+
+ set_conn_connectpath(conn, "/");
+
+ smbd_vfs_init(conn);
+
status = create_synthetic_smb_fname_split(fsp, fname, NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
+ umask(saved_umask);
return status;
}
if (fsp->fh->fd == -1) {
printf("open: error=%d (%s)\n", errno, strerror(errno));
TALLOC_FREE(frame);
+ umask(saved_umask);
return NT_STATUS_UNSUCCESSFUL;
}
DEBUG(0,("set_nt_acl_no_snum: fset_nt_acl returned %s.\n", nt_errstr(status)));
}
+ SMB_VFS_CLOSE(fsp);
+
conn_free(conn);
TALLOC_FREE(frame);
+ umask(saved_umask);
return status;
}
-static SMB_ACL_T make_simple_acl(uid_t uid, gid_t gid)
+static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode)
{
+ TALLOC_CTX *frame = talloc_stackframe();
+
mode_t mode = SMB_ACL_READ|SMB_ACL_WRITE;
- mode_t mode0 = 0;
+ mode_t mode_user = (chmod_mode & 0700) >> 6;
+ mode_t mode_group = (chmod_mode & 070) >> 3;
+ mode_t mode_other = chmod_mode & 07;
SMB_ACL_ENTRY_T entry;
- SMB_ACL_T acl = sys_acl_init(4);
+ SMB_ACL_T acl = sys_acl_init(frame);
if (!acl) {
return NULL;
}
if (sys_acl_create_entry(&acl, &entry) != 0) {
- TALLOC_FREE(acl);
+ TALLOC_FREE(frame);
return NULL;
}
if (sys_acl_set_tag_type(entry, SMB_ACL_USER_OBJ) != 0) {
- TALLOC_FREE(acl);
+ TALLOC_FREE(frame);
return NULL;
}
- if (sys_acl_set_permset(entry, &mode) != 0) {
- TALLOC_FREE(acl);
+ if (sys_acl_set_permset(entry, &mode_user) != 0) {
+ TALLOC_FREE(frame);
return NULL;
}
if (sys_acl_create_entry(&acl, &entry) != 0) {
- TALLOC_FREE(acl);
+ TALLOC_FREE(frame);
return NULL;
}
if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP_OBJ) != 0) {
- TALLOC_FREE(acl);
+ TALLOC_FREE(frame);
return NULL;
}
- if (sys_acl_set_permset(entry, &mode) != 0) {
- TALLOC_FREE(acl);
+ if (sys_acl_set_permset(entry, &mode_group) != 0) {
+ TALLOC_FREE(frame);
return NULL;
}
if (sys_acl_create_entry(&acl, &entry) != 0) {
- TALLOC_FREE(acl);
+ TALLOC_FREE(frame);
return NULL;
}
if (sys_acl_set_tag_type(entry, SMB_ACL_OTHER) != 0) {
- TALLOC_FREE(acl);
+ TALLOC_FREE(frame);
return NULL;
}
- if (sys_acl_set_permset(entry, &mode0) != 0) {
- TALLOC_FREE(acl);
+ if (sys_acl_set_permset(entry, &mode_other) != 0) {
+ TALLOC_FREE(frame);
return NULL;
}
- if (sys_acl_create_entry(&acl, &entry) != 0) {
- TALLOC_FREE(acl);
- return NULL;
- }
+ if (gid != -1) {
+ if (sys_acl_create_entry(&acl, &entry) != 0) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
- if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP) != 0) {
- TALLOC_FREE(acl);
- return NULL;
- }
+ if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP) != 0) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
- if (sys_acl_set_qualifier(entry, &gid) != 0) {
- TALLOC_FREE(acl);
- return NULL;
- }
+ if (sys_acl_set_qualifier(entry, &gid) != 0) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
- if (sys_acl_set_permset(entry, &mode) != 0) {
- TALLOC_FREE(acl);
- return NULL;
+ if (sys_acl_set_permset(entry, &mode_group) != 0) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
}
if (sys_acl_create_entry(&acl, &entry) != 0) {
- TALLOC_FREE(acl);
+ TALLOC_FREE(frame);
return NULL;
}
if (sys_acl_set_tag_type(entry, SMB_ACL_MASK) != 0) {
- TALLOC_FREE(acl);
+ TALLOC_FREE(frame);
return NULL;
}
- if (sys_acl_set_permset(entry, &mode0) != 0) {
- TALLOC_FREE(acl);
+ if (sys_acl_set_permset(entry, &mode) != 0) {
+ TALLOC_FREE(frame);
return NULL;
}
return acl;
{
NTSTATUS status;
char *fname;
- int uid, gid;
+ int mode, gid = -1;
SMB_ACL_T acl;
TALLOC_CTX *frame;
- if (!PyArg_ParseTuple(args, "sii", &fname, &uid, &gid))
+ if (!PyArg_ParseTuple(args, "si|i", &fname, &mode, &gid))
return NULL;
- acl = make_simple_acl(uid, gid);
+ acl = make_simple_acl(gid, mode);
frame = talloc_stackframe();
char *fname;
int uid, gid;
TALLOC_CTX *frame;
+ mode_t saved_umask;
if (!PyArg_ParseTuple(args, "sii", &fname, &uid, &gid))
return NULL;
return NULL;
}
+ /* we want total control over the permissions on created files,
+ so set our umask to 0 */
+ saved_umask = umask(0);
+
conn->params->service = -1;
set_conn_connectpath(conn, "/");
ret = SMB_VFS_CHOWN( conn, fname, uid, gid);
if (ret != 0) {
- status = map_nt_error_from_unix_common(ret);
- DEBUG(0,("chwon returned failure: %s\n", strerror(ret)));
+ status = map_nt_error_from_unix_common(errno);
+ DEBUG(0,("chown returned failure: %s\n", strerror(errno)));
+ }
+
+ umask(saved_umask);
+
+ conn_free(conn);
+
+ TALLOC_FREE(frame);
+
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+ Py_RETURN_NONE;
+}
+
+/*
+ chown a file
+ */
+static PyObject *py_smbd_unlink(PyObject *self, PyObject *args)
+{
+ connection_struct *conn;
+ NTSTATUS status = NT_STATUS_OK;
+ int ret;
+ struct smb_filename *smb_fname = NULL;
+ char *fname;
+ int uid, gid;
+ TALLOC_CTX *frame;
+ mode_t saved_umask;
+
+ if (!PyArg_ParseTuple(args, "s", &fname))
+ return NULL;
+
+ frame = talloc_stackframe();
+
+ conn = talloc_zero(frame, connection_struct);
+ if (conn == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
+
+ if (!(conn->params = talloc(conn, struct share_params))) {
+ PyErr_NoMemory();
+ return NULL;
+ }
+
+ /* we want total control over the permissions on created files,
+ so set our umask to 0 */
+ saved_umask = umask(0);
+
+ conn->params->service = -1;
+
+ set_conn_connectpath(conn, "/");
+
+ smbd_vfs_init(conn);
+
+ status = create_synthetic_smb_fname_split(frame, fname, NULL,
+ &smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ umask(saved_umask);
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+ }
+
+ ret = SMB_VFS_UNLINK(conn, smb_fname);
+ if (ret != 0) {
+ status = map_nt_error_from_unix_common(errno);
+ DEBUG(0,("unlink returned failure: %s\n", strerror(errno)));
}
+ umask(saved_umask);
+
conn_free(conn);
TALLOC_FREE(frame);
static PyObject *py_smbd_get_nt_acl(PyObject *self, PyObject *args)
{
char *fname;
- int security_info_sent;
+ int security_info_wanted;
PyObject *py_sd;
struct security_descriptor *sd;
TALLOC_CTX *tmp_ctx = talloc_new(NULL);
- if (!PyArg_ParseTuple(args, "si", &fname, &security_info_sent))
+ if (!PyArg_ParseTuple(args, "si", &fname, &security_info_wanted))
return NULL;
-
- sd = get_nt_acl_no_snum(tmp_ctx, fname);
- py_sd = py_return_ndr_struct("samba.dcerpc.security", "security_descriptor", sd, sd);
+ sd = get_nt_acl_no_snum(tmp_ctx, fname, security_info_wanted);
+
+ py_sd = py_return_ndr_struct("samba.dcerpc.security", "descriptor", sd, sd);
talloc_free(tmp_ctx);
if (!PyArg_ParseTuple(args, "siO", &fname, &acl_type, &py_acl))
return NULL;
- if (!py_check_dcerpc_type(py_acl, "samba.dcerpc.smb_acl", "sys_acl_t")) {
+ if (!py_check_dcerpc_type(py_acl, "samba.dcerpc.smb_acl", "t")) {
return NULL;
}
smbd_vfs_init(conn);
- acl = SMB_VFS_SYS_ACL_GET_FILE( conn, fname, acl_type);
+ acl = SMB_VFS_SYS_ACL_GET_FILE( conn, fname, acl_type, frame);
if (!acl) {
TALLOC_FREE(frame);
status = map_nt_error_from_unix_common(errno);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
}
- talloc_steal(frame, acl);
conn_free(conn);
- py_acl = py_return_ndr_struct("samba.dcerpc.smb_acl", "sys_acl_t", acl, acl);
+ py_acl = py_return_ndr_struct("samba.dcerpc.smb_acl", "t", acl, acl);
TALLOC_FREE(frame);
{ "chown",
(PyCFunction)py_smbd_chown, METH_VARARGS,
NULL },
+ { "unlink",
+ (PyCFunction)py_smbd_unlink, METH_VARARGS,
+ NULL },
{ NULL }
};