|
|
|---|
| 46 |
|
46 |
|
| 47 |
name = 'samba-shares' |
47 |
name = 'samba-shares' |
| 48 |
description = 'Create configuration for Samba shares' |
48 |
description = 'Create configuration for Samba shares' |
| 49 |
filter = '(&(objectClass=univentionShare)(objectClass=univentionShareSamba))' # filter fqdn/ip in handler |
49 |
filter = '(objectClass=univentionShare)' # filter fqdn/ip in handler |
| 50 |
attributes = [] |
50 |
attributes = [] |
| 51 |
modrdn = '1' |
51 |
modrdn = '1' |
| 52 |
|
52 |
|
|
|
|---|
| 54 |
|
54 |
|
| 55 |
|
55 |
|
| 56 |
def handler(dn, new, old, command): |
56 |
def handler(dn, new, old, command): |
|
|
57 |
global reload_samba_in_postrun |
| 58 |
reload_samba_in_postrun = True |
| 57 |
|
59 |
|
| 58 |
configRegistry = ConfigRegistry() |
60 |
configRegistry = ConfigRegistry() |
| 59 |
configRegistry.load() |
61 |
configRegistry.load() |
|
|
|---|
| 63 |
current_fqdn = "%s.%s" % (configRegistry['hostname'], domainname) |
65 |
current_fqdn = "%s.%s" % (configRegistry['hostname'], domainname) |
| 64 |
current_ip = str(interfaces.get_default_ip_address().ip) |
66 |
current_ip = str(interfaces.get_default_ip_address().ip) |
| 65 |
|
67 |
|
| 66 |
new_univentionShareHost = new.get('univentionShareHost', [None])[0] |
68 |
if new: |
| 67 |
if new and new_univentionShareHost not in (current_fqdn, current_ip): |
69 |
new_univentionShareHost = new.get('univentionShareHost', [None])[0] |
| 68 |
new = {} # new object is not for this host |
70 |
if new_univentionShareHost not in (current_fqdn, current_ip): |
|
|
71 |
new = {} # new object is not for this host |
| 72 |
elif 'univentionShareSamba' not in new.get('objectClass', [None]): |
| 73 |
new = {} |
| 69 |
|
74 |
|
| 70 |
old_univentionShareHost = old.get('univentionShareHost', [None])[0] |
75 |
if old: |
| 71 |
if old and old_univentionShareHost not in (current_fqdn, current_ip): |
76 |
old_univentionShareHost = old.get('univentionShareHost', [None])[0] |
| 72 |
old = {} # old object is not for this host |
77 |
if old_univentionShareHost not in (current_fqdn, current_ip): |
|
|
78 |
old = {} # old object is not for this host |
| 79 |
elif 'univentionShareSamba' not in old.get('objectClass', [None]): |
| 80 |
old = {} |
| 73 |
|
81 |
|
| 74 |
if not (new or old): |
82 |
if not (new or old): |
|
|
83 |
reload_samba_in_postrun = False |
| 75 |
return |
84 |
return |
| 76 |
|
85 |
|
| 77 |
# create tmp dir |
86 |
# create tmp dir |
|
|
|---|
| 84 |
univention.debug.debug( |
93 |
univention.debug.debug( |
| 85 |
univention.debug.LISTENER, univention.debug.ERROR, |
94 |
univention.debug.LISTENER, univention.debug.ERROR, |
| 86 |
"%s: could not create tmp dir %s (%s)" % (name, tmpDir, str(e))) |
95 |
"%s: could not create tmp dir %s (%s)" % (name, tmpDir, str(e))) |
|
|
96 |
reload_samba_in_postrun = False |
| 87 |
return |
97 |
return |
| 88 |
finally: |
98 |
finally: |
| 89 |
listener.unsetuid() |
99 |
listener.unsetuid() |
|
|
|---|
| 121 |
listener.unsetuid() |
131 |
listener.unsetuid() |
| 122 |
|
132 |
|
| 123 |
if old: |
133 |
if old: |
| 124 |
filename = '/etc/samba/shares.conf.d/%s' % old['univentionShareSambaName'][0] |
134 |
old_sharename = old.get('univentionShareSambaName', [None])[0] |
| 125 |
listener.setuid(0) |
135 |
if old_sharename: |
| 126 |
try: |
136 |
## sanitize filename |
| 127 |
if os.path.exists(filename): |
137 |
filename = os.path.normpath('/' + old_sharename).lstrip('/') |
| 128 |
os.unlink(filename) |
138 |
filename = os.path.join('/etc/samba/shares.conf.d', filename) |
| 129 |
finally: |
139 |
listener.setuid(0) |
| 130 |
listener.unsetuid() |
140 |
try: |
|
|
141 |
if os.path.exists(filename): |
| 142 |
os.unlink(filename) |
| 143 |
finally: |
| 144 |
listener.unsetuid() |
| 131 |
|
145 |
|
| 132 |
if new: |
146 |
if new: |
|
|
147 |
new_sharename = new.get('univentionShareSambaName', [None])[0] |
| 148 |
if new_sharename: |
| 149 |
## sanitize filename |
| 150 |
filename = os.path.normpath('/' + new_sharename).lstrip('/') |
| 151 |
filename = os.path.join('/etc/samba/shares.conf.d', filename) |
| 152 |
listener.setuid(0) |
| 153 |
try: |
| 154 |
fp = open(filename, 'w') |
| 133 |
|
155 |
|
| 134 |
filename = '/etc/samba/shares.conf.d/%s' % new['univentionShareSambaName'][0] |
156 |
print >>fp, '[%s]' % new_sharename |
| 135 |
listener.setuid(0) |
157 |
if new_sharename != 'homes': |
| 136 |
try: |
158 |
print >>fp, 'path = %s' % new['univentionSharePath'][0] |
| 137 |
fp = open(filename, 'w') |
159 |
mapping = [ |
|
|
160 |
('description', 'comment'), |
| 161 |
('univentionShareSambaMSDFS', 'msdfs root'), |
| 162 |
('univentionShareSambaWriteable', 'writeable'), |
| 163 |
('univentionShareSambaBrowseable', 'browseable'), |
| 164 |
('univentionShareSambaPublic', 'public'), |
| 165 |
('univentionShareSambaDosFilemode', 'dos filemode'), |
| 166 |
('univentionShareSambaHideUnreadable', 'hide unreadable'), |
| 167 |
('univentionShareSambaCreateMode', 'create mode'), |
| 168 |
('univentionShareSambaDirectoryMode', 'directory mode'), |
| 169 |
('univentionShareSambaForceCreateMode', 'force create mode'), |
| 170 |
('univentionShareSambaForceDirectoryMode', 'force directory mode'), |
| 171 |
('univentionShareSambaLocking', 'locking'), |
| 172 |
('univentionShareSambaBlockingLocks', 'blocking locks'), |
| 173 |
('univentionShareSambaStrictLocking', 'strict locking'), |
| 174 |
('univentionShareSambaOplocks', 'oplocks'), |
| 175 |
('univentionShareSambaLevel2Oplocks', 'level2 oplocks'), |
| 176 |
('univentionShareSambaFakeOplocks', 'fake oplocks'), |
| 177 |
('univentionShareSambaBlockSize', 'block size'), |
| 178 |
('univentionShareSambaCscPolicy', 'csc policy'), |
| 179 |
('univentionShareSambaValidUsers', 'valid users'), |
| 180 |
('univentionShareSambaInvalidUsers', 'invalid users'), |
| 181 |
('univentionShareSambaForceUser', 'force user'), |
| 182 |
('univentionShareSambaForceGroup', 'force group'), |
| 183 |
('univentionShareSambaHideFiles', 'hide files'), |
| 184 |
('univentionShareSambaNtAclSupport', 'nt acl support'), |
| 185 |
('univentionShareSambaInheritAcls', 'inherit acls'), |
| 186 |
('univentionShareSambaPostexec', 'postexec'), |
| 187 |
('univentionShareSambaPreexec', 'preexec'), |
| 188 |
('univentionShareSambaWriteList', 'write list'), |
| 189 |
('univentionShareSambaVFSObjects', 'vfs objects'), |
| 190 |
('univentionShareSambaInheritOwner', 'inherit owner'), |
| 191 |
('univentionShareSambaInheritPermissions', 'inherit permissions'), |
| 192 |
('univentionShareSambaHostsAllow', 'hosts allow'), |
| 193 |
('univentionShareSambaHostsDeny', 'hosts deny'), |
| 194 |
] |
| 138 |
|
195 |
|
| 139 |
print >>fp, '[%s]' % new['univentionShareSambaName'][0] |
196 |
vfs_objects = [] |
| 140 |
if new['univentionShareSambaName'][0] != 'homes': |
197 |
samba4_ntacl_backend = listener.configRegistry.get('samba4/ntacl/backend', 'native') |
| 141 |
print >>fp, 'path = %s' % new['univentionSharePath'][0] |
198 |
if samba4_ntacl_backend == 'native': |
| 142 |
mapping = [ |
199 |
vfs_objects.append('acl_xattr') |
| 143 |
('description', 'comment'), |
200 |
if listener.configRegistry.is_true('samba/vfs/acl_xattr/ignore_system_acls', False): |
| 144 |
('univentionShareSambaMSDFS', 'msdfs root'), |
201 |
print 'acl_xattr:ignore system acls = yes' |
| 145 |
('univentionShareSambaWriteable', 'writeable'), |
202 |
elif samba4_ntacl_backend == 'tdb': |
| 146 |
('univentionShareSambaBrowseable', 'browseable'), |
203 |
vfs_objects.append('acl_tdb') |
| 147 |
('univentionShareSambaPublic', 'public'), |
|
|
| 148 |
('univentionShareSambaDosFilemode', 'dos filemode'), |
| 149 |
('univentionShareSambaHideUnreadable', 'hide unreadable'), |
| 150 |
('univentionShareSambaCreateMode', 'create mode'), |
| 151 |
('univentionShareSambaDirectoryMode', 'directory mode'), |
| 152 |
('univentionShareSambaForceCreateMode', 'force create mode'), |
| 153 |
('univentionShareSambaForceDirectoryMode', 'force directory mode'), |
| 154 |
('univentionShareSambaLocking', 'locking'), |
| 155 |
('univentionShareSambaBlockingLocks', 'blocking locks'), |
| 156 |
('univentionShareSambaStrictLocking', 'strict locking'), |
| 157 |
('univentionShareSambaOplocks', 'oplocks'), |
| 158 |
('univentionShareSambaLevel2Oplocks', 'level2 oplocks'), |
| 159 |
('univentionShareSambaFakeOplocks', 'fake oplocks'), |
| 160 |
('univentionShareSambaBlockSize', 'block size'), |
| 161 |
('univentionShareSambaCscPolicy', 'csc policy'), |
| 162 |
('univentionShareSambaValidUsers', 'valid users'), |
| 163 |
('univentionShareSambaInvalidUsers', 'invalid users'), |
| 164 |
('univentionShareSambaForceUser', 'force user'), |
| 165 |
('univentionShareSambaForceGroup', 'force group'), |
| 166 |
('univentionShareSambaHideFiles', 'hide files'), |
| 167 |
('univentionShareSambaNtAclSupport', 'nt acl support'), |
| 168 |
('univentionShareSambaInheritAcls', 'inherit acls'), |
| 169 |
('univentionShareSambaPostexec', 'postexec'), |
| 170 |
('univentionShareSambaPreexec', 'preexec'), |
| 171 |
('univentionShareSambaWriteList', 'write list'), |
| 172 |
('univentionShareSambaVFSObjects', 'vfs objects'), |
| 173 |
('univentionShareSambaInheritOwner', 'inherit owner'), |
| 174 |
('univentionShareSambaInheritPermissions', 'inherit permissions'), |
| 175 |
('univentionShareSambaHostsAllow', 'hosts allow'), |
| 176 |
('univentionShareSambaHostsDeny', 'hosts deny'), |
| 177 |
] |
| 178 |
|
204 |
|
| 179 |
vfs_objects = [] |
205 |
additional_vfs_objects = new.get('univentionShareSambaVFSObjects', []) |
| 180 |
samba4_ntacl_backend = listener.configRegistry.get('samba4/ntacl/backend', 'native') |
206 |
if additional_vfs_objects: |
| 181 |
if samba4_ntacl_backend == 'native': |
207 |
vfs_objects.extend(additional_vfs_objects) |
| 182 |
vfs_objects.append('acl_xattr') |
|
|
| 183 |
if listener.configRegistry.is_true('samba/vfs/acl_xattr/ignore_system_acls', False): |
| 184 |
print 'acl_xattr:ignore system acls = yes' |
| 185 |
elif samba4_ntacl_backend == 'tdb': |
| 186 |
vfs_objects.append('acl_tdb') |
| 187 |
|
208 |
|
| 188 |
additional_vfs_objects = new.get('univentionShareSambaVFSObjects', []) |
209 |
if vfs_objects: |
| 189 |
if additional_vfs_objects: |
210 |
print >>fp, 'vfs objects = %s' % ' '.join(vfs_objects) |
| 190 |
vfs_objects.extend(additional_vfs_objects) |
|
|
| 191 |
|
211 |
|
| 192 |
if vfs_objects: |
212 |
for attr, var in mapping: |
| 193 |
print >>fp, 'vfs objects = %s' % ' '.join(vfs_objects) |
213 |
if not new.get(attr): |
|
|
214 |
continue |
| 215 |
if attr == 'univentionShareSambaVFSObjects': |
| 216 |
continue |
| 217 |
if attr == 'univentionShareSambaDirectoryMode' and new['univentionSharePath'] == '/tmp': |
| 218 |
continue |
| 219 |
if attr in ('univentionShareSambaHostsAllow', 'univentionShareSambaHostsDeny'): |
| 220 |
print >>fp, '%s = %s' % (var, ', '.join(new[attr])) |
| 221 |
else: |
| 222 |
print >>fp, '%s = %s' % (var, new[attr][0]) |
| 223 |
# try to create directory to share |
| 224 |
if new['univentionShareSambaName'][0] != 'homes': |
| 225 |
directory = os.path.join('/', new['univentionSharePath'][0]) |
| 226 |
# object was renamed |
| 227 |
if not old and oldObject and command == "a": |
| 228 |
old = oldObject |
| 229 |
ret = univention.lib.listenerSharePath.createOrRename(old, new, listener.configRegistry) |
| 230 |
if ret: |
| 231 |
univention.debug.debug( |
| 232 |
univention.debug.LISTENER, univention.debug.ERROR, |
| 233 |
"%s: rename/create of sharePath for %s failed (%s)" % (name, dn, ret)) |
| 194 |
|
234 |
|
| 195 |
for attr, var in mapping: |
235 |
if new.get('univentionShareSambaCustomSetting'): |
| 196 |
if not new.get(attr): |
236 |
for setting in new['univentionShareSambaCustomSetting']: |
| 197 |
continue |
237 |
print >>fp, setting |
| 198 |
if attr == 'univentionShareSambaVFSObjects': |
238 |
finally: |
| 199 |
continue |
239 |
listener.unsetuid() |
| 200 |
if attr == 'univentionShareSambaDirectoryMode' and new['univentionSharePath'] == '/tmp': |
|
|
| 201 |
continue |
| 202 |
if attr in ('univentionShareSambaHostsAllow', 'univentionShareSambaHostsDeny'): |
| 203 |
print >>fp, '%s = %s' % (var, ', '.join(new[attr])) |
| 204 |
else: |
| 205 |
print >>fp, '%s = %s' % (var, new[attr][0]) |
| 206 |
# try to create directory to share |
| 207 |
if new['univentionShareSambaName'][0] != 'homes': |
| 208 |
directory = os.path.join('/', new['univentionSharePath'][0]) |
| 209 |
# object was renamed |
| 210 |
if not old and oldObject and command == "a": |
| 211 |
old = oldObject |
| 212 |
ret = univention.lib.listenerSharePath.createOrRename(old, new, listener.configRegistry) |
| 213 |
if ret: |
| 214 |
univention.debug.debug( |
| 215 |
univention.debug.LISTENER, univention.debug.ERROR, |
| 216 |
"%s: rename/create of sharePath for %s failed (%s)" % (name, dn, ret)) |
| 217 |
|
240 |
|
| 218 |
if new.get('univentionShareSambaCustomSetting'): |
241 |
if (not (new and old)) or (new_sharename != old_sharename): |
| 219 |
for setting in new['univentionShareSambaCustomSetting']: |
|
|
| 220 |
print >>fp, setting |
| 221 |
finally: |
| 222 |
listener.unsetuid() |
| 223 |
|
| 224 |
if (not (new and old)) or (new['univentionShareSambaName'][0] != old['univentionShareSambaName'][0]): |
| 225 |
global ucr_handlers |
242 |
global ucr_handlers |
| 226 |
listener.setuid(0) |
243 |
listener.setuid(0) |
| 227 |
try: |
244 |
try: |
|
|
|---|
| 273 |
finally: |
290 |
finally: |
| 274 |
listener.unsetuid() |
291 |
listener.unsetuid() |
| 275 |
|
292 |
|
| 276 |
|
293 |
def reload_smbd(): |
| 277 |
def postrun(): |
294 |
global reload_samba_in_postrun |
| 278 |
listener.setuid(0) |
295 |
listener.setuid(0) |
| 279 |
try: |
296 |
try: |
| 280 |
initscript = '/etc/init.d/samba' |
297 |
initscript = '/etc/init.d/samba' |
|
|
|---|
| 281 |
os.spawnv(os.P_WAIT, initscript, ['samba', 'reload']) |
298 |
os.spawnv(os.P_WAIT, initscript, ['samba', 'reload']) |
| 282 |
finally: |
299 |
finally: |
| 283 |
listener.unsetuid() |
300 |
listener.unsetuid() |
|
|
301 |
reload_samba_in_postrun = False # flag that this has been done. |
| 302 |
|
| 303 |
|
| 304 |
def postrun(): |
| 305 |
global reload_samba_in_postrun |
| 306 |
if reload_samba_in_postrun: |
| 307 |
reload_smbd() |