summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoe Guo <joeg@catalyst.net.nz>2018-07-04 10:27:23 +1200
committerAndrew Bartlett <abartlet@samba.org>2018-07-12 04:32:00 +0200
commit8dc8b8d7f9dda3e83632e18bca002b71552a8fa7 (patch)
tree4cc3652cdf0e17e558f8b2a640cf70e389efe3fd
parente2e6dd9d865b97bd5c574181f02208b79c895006 (diff)
downloadsamba-8dc8b8d7f9dda3e83632e18bca002b71552a8fa7.tar.gz
ntacls: add session_info arg to setntacl and pass down to set_nt_acl api
Then underneath code can reuse the authentication info in session to improve performance. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521 Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat
-rw-r--r--python/samba/ntacls.py39
1 files changed, 35 insertions, 4 deletions
diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
index dee906acd21..32ceb54fd1b 100644
--- a/python/samba/ntacls.py
+++ b/python/samba/ntacls.py
@@ -30,6 +30,7 @@ from samba.samba3 import param as s3param
from samba.dcerpc import security, xattr, idmap
from samba.ndr import ndr_pack, ndr_unpack
from samba.samba3 import smbd
+from samba.auth import admin_session
from samba import smb
# don't include volumes
@@ -117,7 +118,28 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True, servi
return smbd.get_nt_acl(file, SECURITY_SECINFO_FLAGS, service=service)
-def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True, skip_invalid_chown=False, passdb=None, service=None):
+def setntacl(lp, file, sddl, domsid,
+ backend=None, eadbfile=None,
+ use_ntvfs=True, skip_invalid_chown=False,
+ passdb=None, service=None, session_info=None):
+ """
+ A wrapper for smbd set_nt_acl api.
+
+ Args:
+ lp (LoadParam): load param from conf
+ file (str): a path to file or dir
+ sddl (str): ntacl sddl string
+ service (str): name of share service, e.g.: sysvol
+ session_info (auth_session_info): session info for authentication
+
+ Note:
+ Get `session_info` with `samba.auth.user_session`, do not use the
+ `admin_session` api.
+
+ Returns:
+ None
+ """
+
assert(isinstance(domsid, str) or isinstance(domsid, security.dom_sid))
if isinstance(domsid, str):
sid = security.dom_sid(domsid)
@@ -150,7 +172,9 @@ def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True
sd2 = sd
sd2.owner_sid = administrator
- smbd.set_nt_acl(file, SECURITY_SECINFO_FLAGS, sd2, service=service)
+ smbd.set_nt_acl(
+ file, SECURITY_SECINFO_FLAGS, sd2,
+ service=service, session_info=session_info)
# and then set an NTVFS ACL (which does not set the posix ACL) to pretend the owner really was set
use_ntvfs = True
@@ -163,7 +187,12 @@ def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True
# This won't work in test environments, as it tries a real (rather than xattr-based fake) chown
os.chown(file, 0, 0)
- smbd.set_nt_acl(file, security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
+ smbd.set_nt_acl(
+ file,
+ security.SECINFO_GROUP |
+ security.SECINFO_DACL |
+ security.SECINFO_SACL,
+ sd, service=service, session_info=session_info)
if use_ntvfs:
(backend_obj, dbname) = checkset_backend(lp, backend, eadbfile)
@@ -184,7 +213,9 @@ def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True
samba.xattr_native.wrap_setxattr(file, xattr.XATTR_NTACL_NAME,
ndr_pack(ntacl))
else:
- smbd.set_nt_acl(file, SECURITY_SECINFO_FLAGS, sd, service=service)
+ smbd.set_nt_acl(
+ file, SECURITY_SECINFO_FLAGS, sd,
+ service=service, session_info=session_info)
def ldapmask2filemask(ldm):
View Lorry Controller Status