Index: samba-shares.py
===================================================================
--- samba-shares.py	(Revision 78614)
+++ samba-shares.py	(Arbeitskopie)
@@ -46,7 +46,7 @@
 
 name = 'samba-shares'
 description = 'Create configuration for Samba shares'
-filter = '(&(objectClass=univentionShare)(objectClass=univentionShareSamba))'  # filter fqdn/ip in handler
+filter = '(objectClass=univentionShare)'  # filter fqdn/ip in handler
 attributes = []
 modrdn = '1'
 
@@ -54,6 +54,8 @@
 
 
 def handler(dn, new, old, command):
+	global reload_samba_in_postrun
+	reload_samba_in_postrun = True
 
 	configRegistry = ConfigRegistry()
 	configRegistry.load()
@@ -63,15 +65,22 @@
 	current_fqdn = "%s.%s" % (configRegistry['hostname'], domainname)
 	current_ip = str(interfaces.get_default_ip_address().ip)
 
-	new_univentionShareHost = new.get('univentionShareHost', [None])[0]
-	if new and new_univentionShareHost not in (current_fqdn, current_ip):
-		new = {}  # new object is not for this host
+	if new:
+		new_univentionShareHost = new.get('univentionShareHost', [None])[0]
+		if new_univentionShareHost not in (current_fqdn, current_ip):
+			new = {}  # new object is not for this host
+		elif 'univentionShareSamba' not in new.get('objectClass', [None]):
+			new = {}
 
-	old_univentionShareHost = old.get('univentionShareHost', [None])[0]
-	if old and old_univentionShareHost not in (current_fqdn, current_ip):
-		old = {}  # old object is not for this host
+	if old:
+		old_univentionShareHost = old.get('univentionShareHost', [None])[0]
+		if old_univentionShareHost not in (current_fqdn, current_ip):
+			old = {}  # old object is not for this host
+		elif 'univentionShareSamba' not in old.get('objectClass', [None]):
+			old = {}
 
 	if not (new or old):
+		reload_samba_in_postrun = False
 		return
 
 	# create tmp dir
@@ -84,6 +93,7 @@
 		univention.debug.debug(
 			univention.debug.LISTENER, univention.debug.ERROR,
 			"%s: could not create tmp dir %s (%s)" % (name, tmpDir, str(e)))
+		reload_samba_in_postrun = False
 		return
 	finally:
 		listener.unsetuid()
@@ -122,106 +132,112 @@
 		listener.unsetuid()
 
 	if old:
-		filename = '/etc/samba/shares.conf.d/%s' % old['univentionShareSambaName'][0]
-		listener.setuid(0)
-		try:
-			if os.path.exists(filename):
-				os.unlink(filename)
-		finally:
-			listener.unsetuid()
-
+		old_sharename = old.get('univentionShareSambaName', [None])[0]
+		if old_sharename:
+			## sanitize filename
+			filename = os.path.normpath('/' + old_sharename).lstrip('/')
+			filename = os.path.join('/etc/samba/shares.conf.d', filename)
+			listener.setuid(0)
+			try:
+				if os.path.exists(filename):
+					os.unlink(filename)
+			finally:
+				listener.unsetuid()
 	if new:
+		new_sharename = new.get('univentionShareSambaName', [None])[0]
+		if new_sharename:
+			## sanitize filename
+			filename = os.path.normpath('/' + new_sharename).lstrip('/')
+			filename = os.path.join('/etc/samba/shares.conf.d', filename)
+			listener.setuid(0)
+			try:
+				fp = open(filename, 'w')
 
-		filename = '/etc/samba/shares.conf.d/%s' % new['univentionShareSambaName'][0]
-		listener.setuid(0)
-		try:
-			fp = open(filename, 'w')
+				print >>fp, '[%s]' % new_sharename
+				if new_sharename != 'homes':
+					print >>fp, 'path = %s' % new['univentionSharePath'][0]
+				mapping = [
+					('description', 'comment'),
+					('univentionShareSambaMSDFS', 'msdfs root'),
+					('univentionShareSambaWriteable', 'writeable'),
+					('univentionShareSambaBrowseable', 'browseable'),
+					('univentionShareSambaPublic', 'public'),
+					('univentionShareSambaDosFilemode', 'dos filemode'),
+					('univentionShareSambaHideUnreadable', 'hide unreadable'),
+					('univentionShareSambaCreateMode', 'create mode'),
+					('univentionShareSambaDirectoryMode', 'directory mode'),
+					('univentionShareSambaForceCreateMode', 'force create mode'),
+					('univentionShareSambaForceDirectoryMode', 'force directory mode'),
+					('univentionShareSambaLocking', 'locking'),
+					('univentionShareSambaBlockingLocks', 'blocking locks'),
+					('univentionShareSambaStrictLocking', 'strict locking'),
+					('univentionShareSambaOplocks', 'oplocks'),
+					('univentionShareSambaLevel2Oplocks', 'level2 oplocks'),
+					('univentionShareSambaFakeOplocks', 'fake oplocks'),
+					('univentionShareSambaBlockSize', 'block size'),
+					('univentionShareSambaCscPolicy', 'csc policy'),
+					('univentionShareSambaValidUsers', 'valid users'),
+					('univentionShareSambaInvalidUsers', 'invalid users'),
+					('univentionShareSambaForceUser', 'force user'),
+					('univentionShareSambaForceGroup', 'force group'),
+					('univentionShareSambaHideFiles', 'hide files'),
+					('univentionShareSambaNtAclSupport', 'nt acl support'),
+					('univentionShareSambaInheritAcls', 'inherit acls'),
+					('univentionShareSambaPostexec', 'postexec'),
+					('univentionShareSambaPreexec', 'preexec'),
+					('univentionShareSambaWriteList', 'write list'),
+					('univentionShareSambaVFSObjects', 'vfs objects'),
+					('univentionShareSambaInheritOwner', 'inherit owner'),
+					('univentionShareSambaInheritPermissions', 'inherit permissions'),
+					('univentionShareSambaHostsAllow', 'hosts allow'),
+					('univentionShareSambaHostsDeny', 'hosts deny'),
 
-			print >>fp, '[%s]' % new['univentionShareSambaName'][0]
-			if new['univentionShareSambaName'][0] != 'homes':
-				print >>fp, 'path = %s' % new['univentionSharePath'][0]
-			mapping = [
-				('description', 'comment'),
-				('univentionShareSambaMSDFS', 'msdfs root'),
-				('univentionShareSambaWriteable', 'writeable'),
-				('univentionShareSambaBrowseable', 'browseable'),
-				('univentionShareSambaPublic', 'public'),
-				('univentionShareSambaDosFilemode', 'dos filemode'),
-				('univentionShareSambaHideUnreadable', 'hide unreadable'),
-				('univentionShareSambaCreateMode', 'create mode'),
-				('univentionShareSambaDirectoryMode', 'directory mode'),
-				('univentionShareSambaForceCreateMode', 'force create mode'),
-				('univentionShareSambaForceDirectoryMode', 'force directory mode'),
-				('univentionShareSambaLocking', 'locking'),
-				('univentionShareSambaBlockingLocks', 'blocking locks'),
-				('univentionShareSambaStrictLocking', 'strict locking'),
-				('univentionShareSambaOplocks', 'oplocks'),
-				('univentionShareSambaLevel2Oplocks', 'level2 oplocks'),
-				('univentionShareSambaFakeOplocks', 'fake oplocks'),
-				('univentionShareSambaBlockSize', 'block size'),
-				('univentionShareSambaCscPolicy', 'csc policy'),
-				('univentionShareSambaValidUsers', 'valid users'),
-				('univentionShareSambaInvalidUsers', 'invalid users'),
-				('univentionShareSambaForceUser', 'force user'),
-				('univentionShareSambaForceGroup', 'force group'),
-				('univentionShareSambaHideFiles', 'hide files'),
-				('univentionShareSambaNtAclSupport', 'nt acl support'),
-				('univentionShareSambaInheritAcls', 'inherit acls'),
-				('univentionShareSambaPostexec', 'postexec'),
-				('univentionShareSambaPreexec', 'preexec'),
-				('univentionShareSambaWriteList', 'write list'),
-				('univentionShareSambaVFSObjects', 'vfs objects'),
-				('univentionShareSambaInheritOwner', 'inherit owner'),
-				('univentionShareSambaInheritPermissions', 'inherit permissions'),
-				('univentionShareSambaHostsAllow', 'hosts allow'),
-				('univentionShareSambaHostsDeny', 'hosts deny'),
+				]
 
-			]
+				vfs_objects = []
+				samba4_ntacl_backend = listener.configRegistry.get('samba4/ntacl/backend', 'native')
+				if samba4_ntacl_backend == 'native':
+					vfs_objects.append('acl_xattr')
+				elif samba4_ntacl_backend == 'tdb':
+					vfs_objects.append('acl_tdb')
 
-			vfs_objects = []
-			samba4_ntacl_backend = listener.configRegistry.get('samba4/ntacl/backend', 'native')
-			if samba4_ntacl_backend == 'native':
-				vfs_objects.append('acl_xattr')
-			elif samba4_ntacl_backend == 'tdb':
-				vfs_objects.append('acl_tdb')
+				additional_vfs_objects = new.get('univentionShareSambaVFSObjects', [])
+				if additional_vfs_objects:
+					vfs_objects.extend(additional_vfs_objects)
 
-			additional_vfs_objects = new.get('univentionShareSambaVFSObjects', [])
-			if additional_vfs_objects:
-				vfs_objects.extend(additional_vfs_objects)
+				if vfs_objects:
+					print >>fp, 'vfs objects = %s' % ' '.join(vfs_objects)
 
-			if vfs_objects:
-				print >>fp, 'vfs objects = %s' % ' '.join(vfs_objects)
+				for attr, var in mapping:
+					if attr not in new:
+						continue
+					if attr == 'univentionShareSambaVFSObjects':
+						continue
+					if attr == 'univentionShareSambaDirectoryMode' and new['univentionSharePath'] == '/tmp':
+						continue
+					if attr in ('univentionShareSambaHostsAllow', 'univentionShareSambaHostsDeny'):
+						print >>fp, '%s = %s' % (var, ', '.join(new[attr]))
+					else:
+						print >>fp, '%s = %s' % (var, new[attr][0])
+				# try to create directory to share
+				if new['univentionShareSambaName'][0] != 'homes':
+					directory = os.path.join('/', new['univentionSharePath'][0])
+					# object was renamed
+					if not old and oldObject and command == "a":
+						old = oldObject
+					ret = univention.lib.listenerSharePath.createOrRename(old, new, listener.configRegistry)
+					if ret:
+						univention.debug.debug(
+							univention.debug.LISTENER, univention.debug.ERROR,
+							"%s: rename/create of sharePath for %s failed (%s)" % (name, dn, ret))
 
-			for attr, var in mapping:
-				if attr not in new:
-					continue
-				if attr == 'univentionShareSambaVFSObjects':
-					continue
-				if attr == 'univentionShareSambaDirectoryMode' and new['univentionSharePath'] == '/tmp':
-					continue
-				if attr in ('univentionShareSambaHostsAllow', 'univentionShareSambaHostsDeny'):
-					print >>fp, '%s = %s' % (var, ', '.join(new[attr]))
-				else:
-					print >>fp, '%s = %s' % (var, new[attr][0])
-			# try to create directory to share
-			if new['univentionShareSambaName'][0] != 'homes':
-				directory = os.path.join('/', new['univentionSharePath'][0])
-				# object was renamed
-				if not old and oldObject and command == "a":
-					old = oldObject
-				ret = univention.lib.listenerSharePath.createOrRename(old, new, listener.configRegistry)
-				if ret:
-					univention.debug.debug(
-						univention.debug.LISTENER, univention.debug.ERROR,
-						"%s: rename/create of sharePath for %s failed (%s)" % (name, dn, ret))
+				if new.get('univentionShareSambaCustomSetting'):
+					for setting in new['univentionShareSambaCustomSetting']:
+						print >>fp, setting
+			finally:
+				listener.unsetuid()
 
-			if new.get('univentionShareSambaCustomSetting'):
-				for setting in new['univentionShareSambaCustomSetting']:
-					print >>fp, setting
-		finally:
-			listener.unsetuid()
-
-	if (not (new and old)) or (new['univentionShareSambaName'][0] != old['univentionShareSambaName'][0]):
+	if (not (new and old)) or (new_sharename != old_sharename):
 		global ucr_handlers
 		listener.setuid(0)
 		try:
@@ -273,8 +289,8 @@
 	finally:
 		listener.unsetuid()
 
-
-def postrun():
+def reload_smbd():
+	global reload_samba_in_postrun
 	listener.setuid(0)
 	try:
 		initscript = '/etc/init.d/samba'
@@ -281,3 +297,10 @@
 		os.spawnv(os.P_WAIT, initscript, ['samba', 'reload'])
 	finally:
 		listener.unsetuid()
+	reload_samba_in_postrun = False  # flag that this has been done.
+	
+
+def postrun():
+	global reload_samba_in_postrun
+	if reload_samba_in_postrun:
+		reload_smbd()