|
46 |
|
46 |
|
47 |
name = 'samba-shares' |
47 |
name = 'samba-shares' |
48 |
description = 'Create configuration for Samba shares' |
48 |
description = 'Create configuration for Samba shares' |
49 |
filter = '(&(objectClass=univentionShare)(objectClass=univentionShareSamba))' # filter fqdn/ip in handler |
49 |
filter = '(objectClass=univentionShare)' # filter fqdn/ip in handler |
50 |
attributes = [] |
50 |
attributes = [] |
51 |
modrdn = '1' |
51 |
modrdn = '1' |
52 |
|
52 |
|
|
54 |
|
54 |
|
55 |
|
55 |
|
56 |
def handler(dn, new, old, command): |
56 |
def handler(dn, new, old, command): |
|
|
57 |
global reload_samba_in_postrun |
58 |
reload_samba_in_postrun = True |
57 |
|
59 |
|
58 |
configRegistry = ConfigRegistry() |
60 |
configRegistry = ConfigRegistry() |
59 |
configRegistry.load() |
61 |
configRegistry.load() |
|
63 |
current_fqdn = "%s.%s" % (configRegistry['hostname'], domainname) |
65 |
current_fqdn = "%s.%s" % (configRegistry['hostname'], domainname) |
64 |
current_ip = str(interfaces.get_default_ip_address().ip) |
66 |
current_ip = str(interfaces.get_default_ip_address().ip) |
65 |
|
67 |
|
66 |
new_univentionShareHost = new.get('univentionShareHost', [None])[0] |
68 |
if new: |
67 |
if new and new_univentionShareHost not in (current_fqdn, current_ip): |
69 |
new_univentionShareHost = new.get('univentionShareHost', [None])[0] |
68 |
new = {} # new object is not for this host |
70 |
if new_univentionShareHost not in (current_fqdn, current_ip): |
|
|
71 |
new = {} # new object is not for this host |
72 |
elif 'univentionShareSamba' not in new.get('objectClass', [None]): |
73 |
new = {} |
69 |
|
74 |
|
70 |
old_univentionShareHost = old.get('univentionShareHost', [None])[0] |
75 |
if old: |
71 |
if old and old_univentionShareHost not in (current_fqdn, current_ip): |
76 |
old_univentionShareHost = old.get('univentionShareHost', [None])[0] |
72 |
old = {} # old object is not for this host |
77 |
if old_univentionShareHost not in (current_fqdn, current_ip): |
|
|
78 |
old = {} # old object is not for this host |
79 |
elif 'univentionShareSamba' not in old.get('objectClass', [None]): |
80 |
old = {} |
73 |
|
81 |
|
74 |
if not (new or old): |
82 |
if not (new or old): |
|
|
83 |
reload_samba_in_postrun = False |
75 |
return |
84 |
return |
76 |
|
85 |
|
77 |
# create tmp dir |
86 |
# create tmp dir |
|
84 |
univention.debug.debug( |
93 |
univention.debug.debug( |
85 |
univention.debug.LISTENER, univention.debug.ERROR, |
94 |
univention.debug.LISTENER, univention.debug.ERROR, |
86 |
"%s: could not create tmp dir %s (%s)" % (name, tmpDir, str(e))) |
95 |
"%s: could not create tmp dir %s (%s)" % (name, tmpDir, str(e))) |
|
|
96 |
reload_samba_in_postrun = False |
87 |
return |
97 |
return |
88 |
finally: |
98 |
finally: |
89 |
listener.unsetuid() |
99 |
listener.unsetuid() |
|
121 |
listener.unsetuid() |
131 |
listener.unsetuid() |
122 |
|
132 |
|
123 |
if old: |
133 |
if old: |
124 |
filename = '/etc/samba/shares.conf.d/%s' % old['univentionShareSambaName'][0] |
134 |
old_sharename = old.get('univentionShareSambaName', [None])[0] |
125 |
listener.setuid(0) |
135 |
if old_sharename: |
126 |
try: |
136 |
## sanitize filename |
127 |
if os.path.exists(filename): |
137 |
filename = os.path.normpath('/' + old_sharename).lstrip('/') |
128 |
os.unlink(filename) |
138 |
filename = os.path.join('/etc/samba/shares.conf.d', filename) |
129 |
finally: |
139 |
listener.setuid(0) |
130 |
listener.unsetuid() |
140 |
try: |
|
|
141 |
if os.path.exists(filename): |
142 |
os.unlink(filename) |
143 |
finally: |
144 |
listener.unsetuid() |
131 |
|
145 |
|
132 |
if new: |
146 |
if new: |
|
|
147 |
new_sharename = new.get('univentionShareSambaName', [None])[0] |
148 |
if new_sharename: |
149 |
## sanitize filename |
150 |
filename = os.path.normpath('/' + new_sharename).lstrip('/') |
151 |
filename = os.path.join('/etc/samba/shares.conf.d', filename) |
152 |
listener.setuid(0) |
153 |
try: |
154 |
fp = open(filename, 'w') |
133 |
|
155 |
|
134 |
filename = '/etc/samba/shares.conf.d/%s' % new['univentionShareSambaName'][0] |
156 |
print >>fp, '[%s]' % new_sharename |
135 |
listener.setuid(0) |
157 |
if new_sharename != 'homes': |
136 |
try: |
158 |
print >>fp, 'path = %s' % new['univentionSharePath'][0] |
137 |
fp = open(filename, 'w') |
159 |
mapping = [ |
|
|
160 |
('description', 'comment'), |
161 |
('univentionShareSambaMSDFS', 'msdfs root'), |
162 |
('univentionShareSambaWriteable', 'writeable'), |
163 |
('univentionShareSambaBrowseable', 'browseable'), |
164 |
('univentionShareSambaPublic', 'public'), |
165 |
('univentionShareSambaDosFilemode', 'dos filemode'), |
166 |
('univentionShareSambaHideUnreadable', 'hide unreadable'), |
167 |
('univentionShareSambaCreateMode', 'create mode'), |
168 |
('univentionShareSambaDirectoryMode', 'directory mode'), |
169 |
('univentionShareSambaForceCreateMode', 'force create mode'), |
170 |
('univentionShareSambaForceDirectoryMode', 'force directory mode'), |
171 |
('univentionShareSambaLocking', 'locking'), |
172 |
('univentionShareSambaBlockingLocks', 'blocking locks'), |
173 |
('univentionShareSambaStrictLocking', 'strict locking'), |
174 |
('univentionShareSambaOplocks', 'oplocks'), |
175 |
('univentionShareSambaLevel2Oplocks', 'level2 oplocks'), |
176 |
('univentionShareSambaFakeOplocks', 'fake oplocks'), |
177 |
('univentionShareSambaBlockSize', 'block size'), |
178 |
('univentionShareSambaCscPolicy', 'csc policy'), |
179 |
('univentionShareSambaValidUsers', 'valid users'), |
180 |
('univentionShareSambaInvalidUsers', 'invalid users'), |
181 |
('univentionShareSambaForceUser', 'force user'), |
182 |
('univentionShareSambaForceGroup', 'force group'), |
183 |
('univentionShareSambaHideFiles', 'hide files'), |
184 |
('univentionShareSambaNtAclSupport', 'nt acl support'), |
185 |
('univentionShareSambaInheritAcls', 'inherit acls'), |
186 |
('univentionShareSambaPostexec', 'postexec'), |
187 |
('univentionShareSambaPreexec', 'preexec'), |
188 |
('univentionShareSambaWriteList', 'write list'), |
189 |
('univentionShareSambaVFSObjects', 'vfs objects'), |
190 |
('univentionShareSambaInheritOwner', 'inherit owner'), |
191 |
('univentionShareSambaInheritPermissions', 'inherit permissions'), |
192 |
('univentionShareSambaHostsAllow', 'hosts allow'), |
193 |
('univentionShareSambaHostsDeny', 'hosts deny'), |
194 |
] |
138 |
|
195 |
|
139 |
print >>fp, '[%s]' % new['univentionShareSambaName'][0] |
196 |
vfs_objects = [] |
140 |
if new['univentionShareSambaName'][0] != 'homes': |
197 |
samba4_ntacl_backend = listener.configRegistry.get('samba4/ntacl/backend', 'native') |
141 |
print >>fp, 'path = %s' % new['univentionSharePath'][0] |
198 |
if samba4_ntacl_backend == 'native': |
142 |
mapping = [ |
199 |
vfs_objects.append('acl_xattr') |
143 |
('description', 'comment'), |
200 |
if listener.configRegistry.is_true('samba/vfs/acl_xattr/ignore_system_acls', False): |
144 |
('univentionShareSambaMSDFS', 'msdfs root'), |
201 |
print 'acl_xattr:ignore system acls = yes' |
145 |
('univentionShareSambaWriteable', 'writeable'), |
202 |
elif samba4_ntacl_backend == 'tdb': |
146 |
('univentionShareSambaBrowseable', 'browseable'), |
203 |
vfs_objects.append('acl_tdb') |
147 |
('univentionShareSambaPublic', 'public'), |
|
|
148 |
('univentionShareSambaDosFilemode', 'dos filemode'), |
149 |
('univentionShareSambaHideUnreadable', 'hide unreadable'), |
150 |
('univentionShareSambaCreateMode', 'create mode'), |
151 |
('univentionShareSambaDirectoryMode', 'directory mode'), |
152 |
('univentionShareSambaForceCreateMode', 'force create mode'), |
153 |
('univentionShareSambaForceDirectoryMode', 'force directory mode'), |
154 |
('univentionShareSambaLocking', 'locking'), |
155 |
('univentionShareSambaBlockingLocks', 'blocking locks'), |
156 |
('univentionShareSambaStrictLocking', 'strict locking'), |
157 |
('univentionShareSambaOplocks', 'oplocks'), |
158 |
('univentionShareSambaLevel2Oplocks', 'level2 oplocks'), |
159 |
('univentionShareSambaFakeOplocks', 'fake oplocks'), |
160 |
('univentionShareSambaBlockSize', 'block size'), |
161 |
('univentionShareSambaCscPolicy', 'csc policy'), |
162 |
('univentionShareSambaValidUsers', 'valid users'), |
163 |
('univentionShareSambaInvalidUsers', 'invalid users'), |
164 |
('univentionShareSambaForceUser', 'force user'), |
165 |
('univentionShareSambaForceGroup', 'force group'), |
166 |
('univentionShareSambaHideFiles', 'hide files'), |
167 |
('univentionShareSambaNtAclSupport', 'nt acl support'), |
168 |
('univentionShareSambaInheritAcls', 'inherit acls'), |
169 |
('univentionShareSambaPostexec', 'postexec'), |
170 |
('univentionShareSambaPreexec', 'preexec'), |
171 |
('univentionShareSambaWriteList', 'write list'), |
172 |
('univentionShareSambaVFSObjects', 'vfs objects'), |
173 |
('univentionShareSambaInheritOwner', 'inherit owner'), |
174 |
('univentionShareSambaInheritPermissions', 'inherit permissions'), |
175 |
('univentionShareSambaHostsAllow', 'hosts allow'), |
176 |
('univentionShareSambaHostsDeny', 'hosts deny'), |
177 |
] |
178 |
|
204 |
|
179 |
vfs_objects = [] |
205 |
additional_vfs_objects = new.get('univentionShareSambaVFSObjects', []) |
180 |
samba4_ntacl_backend = listener.configRegistry.get('samba4/ntacl/backend', 'native') |
206 |
if additional_vfs_objects: |
181 |
if samba4_ntacl_backend == 'native': |
207 |
vfs_objects.extend(additional_vfs_objects) |
182 |
vfs_objects.append('acl_xattr') |
|
|
183 |
if listener.configRegistry.is_true('samba/vfs/acl_xattr/ignore_system_acls', False): |
184 |
print 'acl_xattr:ignore system acls = yes' |
185 |
elif samba4_ntacl_backend == 'tdb': |
186 |
vfs_objects.append('acl_tdb') |
187 |
|
208 |
|
188 |
additional_vfs_objects = new.get('univentionShareSambaVFSObjects', []) |
209 |
if vfs_objects: |
189 |
if additional_vfs_objects: |
210 |
print >>fp, 'vfs objects = %s' % ' '.join(vfs_objects) |
190 |
vfs_objects.extend(additional_vfs_objects) |
|
|
191 |
|
211 |
|
192 |
if vfs_objects: |
212 |
for attr, var in mapping: |
193 |
print >>fp, 'vfs objects = %s' % ' '.join(vfs_objects) |
213 |
if not new.get(attr): |
|
|
214 |
continue |
215 |
if attr == 'univentionShareSambaVFSObjects': |
216 |
continue |
217 |
if attr == 'univentionShareSambaDirectoryMode' and new['univentionSharePath'] == '/tmp': |
218 |
continue |
219 |
if attr in ('univentionShareSambaHostsAllow', 'univentionShareSambaHostsDeny'): |
220 |
print >>fp, '%s = %s' % (var, ', '.join(new[attr])) |
221 |
else: |
222 |
print >>fp, '%s = %s' % (var, new[attr][0]) |
223 |
# try to create directory to share |
224 |
if new['univentionShareSambaName'][0] != 'homes': |
225 |
directory = os.path.join('/', new['univentionSharePath'][0]) |
226 |
# object was renamed |
227 |
if not old and oldObject and command == "a": |
228 |
old = oldObject |
229 |
ret = univention.lib.listenerSharePath.createOrRename(old, new, listener.configRegistry) |
230 |
if ret: |
231 |
univention.debug.debug( |
232 |
univention.debug.LISTENER, univention.debug.ERROR, |
233 |
"%s: rename/create of sharePath for %s failed (%s)" % (name, dn, ret)) |
194 |
|
234 |
|
195 |
for attr, var in mapping: |
235 |
if new.get('univentionShareSambaCustomSetting'): |
196 |
if not new.get(attr): |
236 |
for setting in new['univentionShareSambaCustomSetting']: |
197 |
continue |
237 |
print >>fp, setting |
198 |
if attr == 'univentionShareSambaVFSObjects': |
238 |
finally: |
199 |
continue |
239 |
listener.unsetuid() |
200 |
if attr == 'univentionShareSambaDirectoryMode' and new['univentionSharePath'] == '/tmp': |
|
|
201 |
continue |
202 |
if attr in ('univentionShareSambaHostsAllow', 'univentionShareSambaHostsDeny'): |
203 |
print >>fp, '%s = %s' % (var, ', '.join(new[attr])) |
204 |
else: |
205 |
print >>fp, '%s = %s' % (var, new[attr][0]) |
206 |
# try to create directory to share |
207 |
if new['univentionShareSambaName'][0] != 'homes': |
208 |
directory = os.path.join('/', new['univentionSharePath'][0]) |
209 |
# object was renamed |
210 |
if not old and oldObject and command == "a": |
211 |
old = oldObject |
212 |
ret = univention.lib.listenerSharePath.createOrRename(old, new, listener.configRegistry) |
213 |
if ret: |
214 |
univention.debug.debug( |
215 |
univention.debug.LISTENER, univention.debug.ERROR, |
216 |
"%s: rename/create of sharePath for %s failed (%s)" % (name, dn, ret)) |
217 |
|
240 |
|
218 |
if new.get('univentionShareSambaCustomSetting'): |
241 |
if (not (new and old)) or (new_sharename != old_sharename): |
219 |
for setting in new['univentionShareSambaCustomSetting']: |
|
|
220 |
print >>fp, setting |
221 |
finally: |
222 |
listener.unsetuid() |
223 |
|
224 |
if (not (new and old)) or (new['univentionShareSambaName'][0] != old['univentionShareSambaName'][0]): |
225 |
global ucr_handlers |
242 |
global ucr_handlers |
226 |
listener.setuid(0) |
243 |
listener.setuid(0) |
227 |
try: |
244 |
try: |
|
273 |
finally: |
290 |
finally: |
274 |
listener.unsetuid() |
291 |
listener.unsetuid() |
275 |
|
292 |
|
276 |
|
293 |
def reload_smbd(): |
277 |
def postrun(): |
294 |
global reload_samba_in_postrun |
278 |
listener.setuid(0) |
295 |
listener.setuid(0) |
279 |
try: |
296 |
try: |
280 |
initscript = '/etc/init.d/samba' |
297 |
initscript = '/etc/init.d/samba' |
|
281 |
os.spawnv(os.P_WAIT, initscript, ['samba', 'reload']) |
298 |
os.spawnv(os.P_WAIT, initscript, ['samba', 'reload']) |
282 |
finally: |
299 |
finally: |
283 |
listener.unsetuid() |
300 |
listener.unsetuid() |
|
|
301 |
reload_samba_in_postrun = False # flag that this has been done. |
302 |
|
303 |
|
304 |
def postrun(): |
305 |
global reload_samba_in_postrun |
306 |
if reload_samba_in_postrun: |
307 |
reload_smbd() |