1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
--- python/samba/provision/__init__.py.orig 2025-02-06 10:31:54 UTC
+++ python/samba/provision/__init__.py
@@ -1671,19 +1671,25 @@ def setsysvolacl(samdb, sysvol, uid, gid, domainsid, d
s3conf = s3param.get_context()
s3conf.load(lp.configfile)
- file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol))
+ sysvol_dir = os.path.abspath(sysvol)
+
+ set_simple_acl = smbd.set_simple_acl
+ if smbd.has_nfsv4_acls(sysvol_dir):
+ set_simple_acl = smbd.set_simple_nfsv4_acl
+
+ file = tempfile.NamedTemporaryFile(dir=sysvol_dir)
try:
try:
- smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
+ set_simple_acl(file.name, 0o755, system_session_unix(), gid)
except OSError:
- if not smbd.have_posix_acls():
+ if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls():
# This clue is only strictly correct for RPM and
# Debian-like Linux systems, but hopefully other users
# will get enough clue from it.
- raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires. "
+ raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires. "
"Try installing libacl1-dev or libacl-devel, then re-run configure and make.")
- raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. "
+ raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires. "
"Try the mounting the filesystem with the 'acl' option.")
try:
smbd.chown(file.name, uid, gid, system_session_unix())
@@ -1906,7 +1912,7 @@ def interface_ips_v6(lp):
return ret
-def provision_fill(samdb, secrets_ldb, logger, names, paths,
+def provision_fill(samdb, secrets_ldb, logger, names, paths, targetdir,
schema=None,
samdb_fill=FILL_FULL,
hostip=None, hostip6=None,
@@ -1965,6 +1971,9 @@ def provision_fill(samdb, secrets_ldb, logger, names,
samdb.transaction_commit()
if serverrole == "active directory domain controller":
+ if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir):
+ smbd.set_nfsv4_defaults()
+
# Continue setting up sysvol for GPO. This appears to require being
# outside a transaction.
if not skip_sysvolacl:
@@ -2341,6 +2350,9 @@ def provision(logger, session_info, smbconf=None,
if not os.path.isdir(paths.netlogon):
os.makedirs(paths.netlogon, 0o755)
+ if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol):
+ smbd.set_nfsv4_defaults()
+
if adminpass is None:
adminpass = samba.generate_random_password(12, 32)
adminpass_generated = True
@@ -2350,7 +2362,7 @@ def provision(logger, session_info, smbconf=None,
adminpass_generated = False
if samdb_fill == FILL_FULL:
- provision_fill(samdb, secrets_ldb, logger, names, paths,
+ provision_fill(samdb, secrets_ldb, logger, names, paths, targetdir,
schema=schema, samdb_fill=samdb_fill,
hostip=hostip, hostip6=hostip6,
next_rid=next_rid, dc_rid=dc_rid, adminpass=adminpass,
|
