diff options
author | Joe Guo <joeg@catalyst.net.nz> | 2018-07-04 10:27:23 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2018-07-12 04:32:00 +0200 |
commit | 8dc8b8d7f9dda3e83632e18bca002b71552a8fa7 (patch) | |
tree | 4cc3652cdf0e17e558f8b2a640cf70e389efe3fd /python | |
parent | e2e6dd9d865b97bd5c574181f02208b79c895006 (diff) | |
download | samba-8dc8b8d7f9dda3e83632e18bca002b71552a8fa7.tar.gz |
ntacls: add session_info arg to setntacl and pass down to set_nt_acl api
Then underneath code can reuse the authentication info in session to
improve performance.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/ntacls.py | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py index dee906acd21..32ceb54fd1b 100644 --- a/python/samba/ntacls.py +++ b/python/samba/ntacls.py @@ -30,6 +30,7 @@ from samba.samba3 import param as s3param from samba.dcerpc import security, xattr, idmap from samba.ndr import ndr_pack, ndr_unpack from samba.samba3 import smbd +from samba.auth import admin_session from samba import smb # don't include volumes @@ -117,7 +118,28 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True, servi return smbd.get_nt_acl(file, SECURITY_SECINFO_FLAGS, service=service) -def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True, skip_invalid_chown=False, passdb=None, service=None): +def setntacl(lp, file, sddl, domsid, + backend=None, eadbfile=None, + use_ntvfs=True, skip_invalid_chown=False, + passdb=None, service=None, session_info=None): + """ + A wrapper for smbd set_nt_acl api. + + Args: + lp (LoadParam): load param from conf + file (str): a path to file or dir + sddl (str): ntacl sddl string + service (str): name of share service, e.g.: sysvol + session_info (auth_session_info): session info for authentication + + Note: + Get `session_info` with `samba.auth.user_session`, do not use the + `admin_session` api. + + Returns: + None + """ + assert(isinstance(domsid, str) or isinstance(domsid, security.dom_sid)) if isinstance(domsid, str): sid = security.dom_sid(domsid) @@ -150,7 +172,9 @@ def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True sd2 = sd sd2.owner_sid = administrator - smbd.set_nt_acl(file, SECURITY_SECINFO_FLAGS, sd2, service=service) + smbd.set_nt_acl( + file, SECURITY_SECINFO_FLAGS, sd2, + service=service, session_info=session_info) # and then set an NTVFS ACL (which does not set the posix ACL) to pretend the owner really was set use_ntvfs = True @@ -163,7 +187,12 @@ def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True # This won't work in test environments, as it tries a real (rather than xattr-based fake) chown os.chown(file, 0, 0) - smbd.set_nt_acl(file, security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service) + smbd.set_nt_acl( + file, + security.SECINFO_GROUP | + security.SECINFO_DACL | + security.SECINFO_SACL, + sd, service=service, session_info=session_info) if use_ntvfs: (backend_obj, dbname) = checkset_backend(lp, backend, eadbfile) @@ -184,7 +213,9 @@ def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True samba.xattr_native.wrap_setxattr(file, xattr.XATTR_NTACL_NAME, ndr_pack(ntacl)) else: - smbd.set_nt_acl(file, SECURITY_SECINFO_FLAGS, sd, service=service) + smbd.set_nt_acl( + file, SECURITY_SECINFO_FLAGS, sd, + service=service, session_info=session_info) def ldapmask2filemask(ldm): |