|
46 |
|
46 |
|
47 |
name = 'samba-shares' |
47 |
name = 'samba-shares' |
48 |
description = 'Create configuration for Samba shares' |
48 |
description = 'Create configuration for Samba shares' |
49 |
filter = '(&(objectClass=univentionShare)(objectClass=univentionShareSamba))' # filter fqdn/ip in handler |
49 |
filter = '(objectClass=univentionShare)' # filter fqdn/ip in handler |
50 |
attributes = [] |
50 |
attributes = [] |
51 |
modrdn = '1' |
51 |
modrdn = '1' |
52 |
|
52 |
|
|
54 |
|
54 |
|
55 |
|
55 |
|
56 |
def handler(dn, new, old, command): |
56 |
def handler(dn, new, old, command): |
|
|
57 |
global reload_samba_in_postrun |
58 |
reload_samba_in_postrun = True |
57 |
|
59 |
|
58 |
configRegistry = ConfigRegistry() |
60 |
configRegistry = ConfigRegistry() |
59 |
configRegistry.load() |
61 |
configRegistry.load() |
|
63 |
current_fqdn = "%s.%s" % (configRegistry['hostname'], domainname) |
65 |
current_fqdn = "%s.%s" % (configRegistry['hostname'], domainname) |
64 |
current_ip = str(interfaces.get_default_ip_address().ip) |
66 |
current_ip = str(interfaces.get_default_ip_address().ip) |
65 |
|
67 |
|
66 |
new_univentionShareHost = new.get('univentionShareHost', [None])[0] |
68 |
if new: |
67 |
if new and new_univentionShareHost not in (current_fqdn, current_ip): |
69 |
new_univentionShareHost = new.get('univentionShareHost', [None])[0] |
68 |
new = {} # new object is not for this host |
70 |
if new_univentionShareHost not in (current_fqdn, current_ip): |
|
|
71 |
new = {} # new object is not for this host |
72 |
elif 'univentionShareSamba' not in new.get('objectClass', [None]): |
73 |
new = {} |
69 |
|
74 |
|
70 |
old_univentionShareHost = old.get('univentionShareHost', [None])[0] |
75 |
if old: |
71 |
if old and old_univentionShareHost not in (current_fqdn, current_ip): |
76 |
old_univentionShareHost = old.get('univentionShareHost', [None])[0] |
72 |
old = {} # old object is not for this host |
77 |
if old_univentionShareHost not in (current_fqdn, current_ip): |
|
|
78 |
old = {} # old object is not for this host |
79 |
elif 'univentionShareSamba' not in old.get('objectClass', [None]): |
80 |
old = {} |
73 |
|
81 |
|
74 |
if not (new or old): |
82 |
if not (new or old): |
|
|
83 |
reload_samba_in_postrun = False |
75 |
return |
84 |
return |
76 |
|
85 |
|
77 |
# create tmp dir |
86 |
# create tmp dir |
|
84 |
univention.debug.debug( |
93 |
univention.debug.debug( |
85 |
univention.debug.LISTENER, univention.debug.ERROR, |
94 |
univention.debug.LISTENER, univention.debug.ERROR, |
86 |
"%s: could not create tmp dir %s (%s)" % (name, tmpDir, str(e))) |
95 |
"%s: could not create tmp dir %s (%s)" % (name, tmpDir, str(e))) |
|
|
96 |
reload_samba_in_postrun = False |
87 |
return |
97 |
return |
88 |
finally: |
98 |
finally: |
89 |
listener.unsetuid() |
99 |
listener.unsetuid() |
|
122 |
listener.unsetuid() |
132 |
listener.unsetuid() |
123 |
|
133 |
|
124 |
if old: |
134 |
if old: |
125 |
filename = '/etc/samba/shares.conf.d/%s' % old['univentionShareSambaName'][0] |
135 |
old_sharename = old.get('univentionShareSambaName', [None])[0] |
126 |
listener.setuid(0) |
136 |
if old_sharename: |
127 |
try: |
137 |
## sanitize filename |
128 |
if os.path.exists(filename): |
138 |
filename = os.path.normpath('/' + old_sharename).lstrip('/') |
129 |
os.unlink(filename) |
139 |
filename = os.path.join('/etc/samba/shares.conf.d', filename) |
130 |
finally: |
140 |
listener.setuid(0) |
131 |
listener.unsetuid() |
141 |
try: |
132 |
|
142 |
if os.path.exists(filename): |
|
|
143 |
os.unlink(filename) |
144 |
finally: |
145 |
listener.unsetuid() |
133 |
if new: |
146 |
if new: |
|
|
147 |
new_sharename = new.get('univentionShareSambaName', [None])[0] |
148 |
if new_sharename: |
149 |
## sanitize filename |
150 |
filename = os.path.normpath('/' + new_sharename).lstrip('/') |
151 |
filename = os.path.join('/etc/samba/shares.conf.d', filename) |
152 |
listener.setuid(0) |
153 |
try: |
154 |
fp = open(filename, 'w') |
134 |
|
155 |
|
135 |
filename = '/etc/samba/shares.conf.d/%s' % new['univentionShareSambaName'][0] |
156 |
print >>fp, '[%s]' % new_sharename |
136 |
listener.setuid(0) |
157 |
if new_sharename != 'homes': |
137 |
try: |
158 |
print >>fp, 'path = %s' % new['univentionSharePath'][0] |
138 |
fp = open(filename, 'w') |
159 |
mapping = [ |
|
|
160 |
('description', 'comment'), |
161 |
('univentionShareSambaMSDFS', 'msdfs root'), |
162 |
('univentionShareSambaWriteable', 'writeable'), |
163 |
('univentionShareSambaBrowseable', 'browseable'), |
164 |
('univentionShareSambaPublic', 'public'), |
165 |
('univentionShareSambaDosFilemode', 'dos filemode'), |
166 |
('univentionShareSambaHideUnreadable', 'hide unreadable'), |
167 |
('univentionShareSambaCreateMode', 'create mode'), |
168 |
('univentionShareSambaDirectoryMode', 'directory mode'), |
169 |
('univentionShareSambaForceCreateMode', 'force create mode'), |
170 |
('univentionShareSambaForceDirectoryMode', 'force directory mode'), |
171 |
('univentionShareSambaLocking', 'locking'), |
172 |
('univentionShareSambaBlockingLocks', 'blocking locks'), |
173 |
('univentionShareSambaStrictLocking', 'strict locking'), |
174 |
('univentionShareSambaOplocks', 'oplocks'), |
175 |
('univentionShareSambaLevel2Oplocks', 'level2 oplocks'), |
176 |
('univentionShareSambaFakeOplocks', 'fake oplocks'), |
177 |
('univentionShareSambaBlockSize', 'block size'), |
178 |
('univentionShareSambaCscPolicy', 'csc policy'), |
179 |
('univentionShareSambaValidUsers', 'valid users'), |
180 |
('univentionShareSambaInvalidUsers', 'invalid users'), |
181 |
('univentionShareSambaForceUser', 'force user'), |
182 |
('univentionShareSambaForceGroup', 'force group'), |
183 |
('univentionShareSambaHideFiles', 'hide files'), |
184 |
('univentionShareSambaNtAclSupport', 'nt acl support'), |
185 |
('univentionShareSambaInheritAcls', 'inherit acls'), |
186 |
('univentionShareSambaPostexec', 'postexec'), |
187 |
('univentionShareSambaPreexec', 'preexec'), |
188 |
('univentionShareSambaWriteList', 'write list'), |
189 |
('univentionShareSambaVFSObjects', 'vfs objects'), |
190 |
('univentionShareSambaInheritOwner', 'inherit owner'), |
191 |
('univentionShareSambaInheritPermissions', 'inherit permissions'), |
192 |
('univentionShareSambaHostsAllow', 'hosts allow'), |
193 |
('univentionShareSambaHostsDeny', 'hosts deny'), |
139 |
|
194 |
|
140 |
print >>fp, '[%s]' % new['univentionShareSambaName'][0] |
195 |
] |
141 |
if new['univentionShareSambaName'][0] != 'homes': |
|
|
142 |
print >>fp, 'path = %s' % new['univentionSharePath'][0] |
143 |
mapping = [ |
144 |
('description', 'comment'), |
145 |
('univentionShareSambaMSDFS', 'msdfs root'), |
146 |
('univentionShareSambaWriteable', 'writeable'), |
147 |
('univentionShareSambaBrowseable', 'browseable'), |
148 |
('univentionShareSambaPublic', 'public'), |
149 |
('univentionShareSambaDosFilemode', 'dos filemode'), |
150 |
('univentionShareSambaHideUnreadable', 'hide unreadable'), |
151 |
('univentionShareSambaCreateMode', 'create mode'), |
152 |
('univentionShareSambaDirectoryMode', 'directory mode'), |
153 |
('univentionShareSambaForceCreateMode', 'force create mode'), |
154 |
('univentionShareSambaForceDirectoryMode', 'force directory mode'), |
155 |
('univentionShareSambaLocking', 'locking'), |
156 |
('univentionShareSambaBlockingLocks', 'blocking locks'), |
157 |
('univentionShareSambaStrictLocking', 'strict locking'), |
158 |
('univentionShareSambaOplocks', 'oplocks'), |
159 |
('univentionShareSambaLevel2Oplocks', 'level2 oplocks'), |
160 |
('univentionShareSambaFakeOplocks', 'fake oplocks'), |
161 |
('univentionShareSambaBlockSize', 'block size'), |
162 |
('univentionShareSambaCscPolicy', 'csc policy'), |
163 |
('univentionShareSambaValidUsers', 'valid users'), |
164 |
('univentionShareSambaInvalidUsers', 'invalid users'), |
165 |
('univentionShareSambaForceUser', 'force user'), |
166 |
('univentionShareSambaForceGroup', 'force group'), |
167 |
('univentionShareSambaHideFiles', 'hide files'), |
168 |
('univentionShareSambaNtAclSupport', 'nt acl support'), |
169 |
('univentionShareSambaInheritAcls', 'inherit acls'), |
170 |
('univentionShareSambaPostexec', 'postexec'), |
171 |
('univentionShareSambaPreexec', 'preexec'), |
172 |
('univentionShareSambaWriteList', 'write list'), |
173 |
('univentionShareSambaVFSObjects', 'vfs objects'), |
174 |
('univentionShareSambaInheritOwner', 'inherit owner'), |
175 |
('univentionShareSambaInheritPermissions', 'inherit permissions'), |
176 |
('univentionShareSambaHostsAllow', 'hosts allow'), |
177 |
('univentionShareSambaHostsDeny', 'hosts deny'), |
178 |
|
196 |
|
179 |
] |
197 |
vfs_objects = [] |
|
|
198 |
samba4_ntacl_backend = listener.configRegistry.get('samba4/ntacl/backend', 'native') |
199 |
if samba4_ntacl_backend == 'native': |
200 |
vfs_objects.append('acl_xattr') |
201 |
elif samba4_ntacl_backend == 'tdb': |
202 |
vfs_objects.append('acl_tdb') |
180 |
|
203 |
|
181 |
vfs_objects = [] |
204 |
additional_vfs_objects = new.get('univentionShareSambaVFSObjects', []) |
182 |
samba4_ntacl_backend = listener.configRegistry.get('samba4/ntacl/backend', 'native') |
205 |
if additional_vfs_objects: |
183 |
if samba4_ntacl_backend == 'native': |
206 |
vfs_objects.extend(additional_vfs_objects) |
184 |
vfs_objects.append('acl_xattr') |
|
|
185 |
elif samba4_ntacl_backend == 'tdb': |
186 |
vfs_objects.append('acl_tdb') |
187 |
|
207 |
|
188 |
additional_vfs_objects = new.get('univentionShareSambaVFSObjects', []) |
208 |
if vfs_objects: |
189 |
if additional_vfs_objects: |
209 |
print >>fp, 'vfs objects = %s' % ' '.join(vfs_objects) |
190 |
vfs_objects.extend(additional_vfs_objects) |
|
|
191 |
|
210 |
|
192 |
if vfs_objects: |
211 |
for attr, var in mapping: |
193 |
print >>fp, 'vfs objects = %s' % ' '.join(vfs_objects) |
212 |
if attr not in new: |
|
|
213 |
continue |
214 |
if attr == 'univentionShareSambaVFSObjects': |
215 |
continue |
216 |
if attr == 'univentionShareSambaDirectoryMode' and new['univentionSharePath'] == '/tmp': |
217 |
continue |
218 |
if attr in ('univentionShareSambaHostsAllow', 'univentionShareSambaHostsDeny'): |
219 |
print >>fp, '%s = %s' % (var, ', '.join(new[attr])) |
220 |
else: |
221 |
print >>fp, '%s = %s' % (var, new[attr][0]) |
222 |
# try to create directory to share |
223 |
if new['univentionShareSambaName'][0] != 'homes': |
224 |
directory = os.path.join('/', new['univentionSharePath'][0]) |
225 |
# object was renamed |
226 |
if not old and oldObject and command == "a": |
227 |
old = oldObject |
228 |
ret = univention.lib.listenerSharePath.createOrRename(old, new, listener.configRegistry) |
229 |
if ret: |
230 |
univention.debug.debug( |
231 |
univention.debug.LISTENER, univention.debug.ERROR, |
232 |
"%s: rename/create of sharePath for %s failed (%s)" % (name, dn, ret)) |
194 |
|
233 |
|
195 |
for attr, var in mapping: |
234 |
if new.get('univentionShareSambaCustomSetting'): |
196 |
if attr not in new: |
235 |
for setting in new['univentionShareSambaCustomSetting']: |
197 |
continue |
236 |
print >>fp, setting |
198 |
if attr == 'univentionShareSambaVFSObjects': |
237 |
finally: |
199 |
continue |
238 |
listener.unsetuid() |
200 |
if attr == 'univentionShareSambaDirectoryMode' and new['univentionSharePath'] == '/tmp': |
|
|
201 |
continue |
202 |
if attr in ('univentionShareSambaHostsAllow', 'univentionShareSambaHostsDeny'): |
203 |
print >>fp, '%s = %s' % (var, ', '.join(new[attr])) |
204 |
else: |
205 |
print >>fp, '%s = %s' % (var, new[attr][0]) |
206 |
# try to create directory to share |
207 |
if new['univentionShareSambaName'][0] != 'homes': |
208 |
directory = os.path.join('/', new['univentionSharePath'][0]) |
209 |
# object was renamed |
210 |
if not old and oldObject and command == "a": |
211 |
old = oldObject |
212 |
ret = univention.lib.listenerSharePath.createOrRename(old, new, listener.configRegistry) |
213 |
if ret: |
214 |
univention.debug.debug( |
215 |
univention.debug.LISTENER, univention.debug.ERROR, |
216 |
"%s: rename/create of sharePath for %s failed (%s)" % (name, dn, ret)) |
217 |
|
239 |
|
218 |
if new.get('univentionShareSambaCustomSetting'): |
240 |
if (not (new and old)) or (new_sharename != old_sharename): |
219 |
for setting in new['univentionShareSambaCustomSetting']: |
|
|
220 |
print >>fp, setting |
221 |
finally: |
222 |
listener.unsetuid() |
223 |
|
224 |
if (not (new and old)) or (new['univentionShareSambaName'][0] != old['univentionShareSambaName'][0]): |
225 |
global ucr_handlers |
241 |
global ucr_handlers |
226 |
listener.setuid(0) |
242 |
listener.setuid(0) |
227 |
try: |
243 |
try: |
|
273 |
finally: |
289 |
finally: |
274 |
listener.unsetuid() |
290 |
listener.unsetuid() |
275 |
|
291 |
|
276 |
|
292 |
def reload_smbd(): |
277 |
def postrun(): |
293 |
global reload_samba_in_postrun |
278 |
listener.setuid(0) |
294 |
listener.setuid(0) |
279 |
try: |
295 |
try: |
280 |
initscript = '/etc/init.d/samba' |
296 |
initscript = '/etc/init.d/samba' |
|
281 |
os.spawnv(os.P_WAIT, initscript, ['samba', 'reload']) |
297 |
os.spawnv(os.P_WAIT, initscript, ['samba', 'reload']) |
282 |
finally: |
298 |
finally: |
283 |
listener.unsetuid() |
299 |
listener.unsetuid() |
|
|
300 |
reload_samba_in_postrun = False # flag that this has been done. |
301 |
|
302 |
|
303 |
def postrun(): |
304 |
global reload_samba_in_postrun |
305 |
if reload_samba_in_postrun: |
306 |
reload_smbd() |