1 files changed, 230 insertions, 0 deletions
diff --git a/net/samba422/files/patch-source3_smbd_pysmbd.c b/net/samba422/files/patch-source3_smbd_pysmbd.c
new file mode 100644
index 000000000000..2f0c06720168
--- /dev/null
+++ b/net/samba422/files/patch-source3_smbd_pysmbd.c
@@ -0,0 +1,230 @@
+--- source3/smbd/pysmbd.c.orig	2025-02-20 12:58:50 UTC
++++ source3/smbd/pysmbd.c
+@@ -507,6 +507,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx,
+ 	return acl;
+ }
+ 
++static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx,
++					gid_t gid,
++					mode_t chmod_mode)
++{
++	/*
++	 * This function needs to create an NFSv4 ACL. Currently, the only way
++	 * to do so is to use the operating system interface, or to use the
++	 * functions in source3/modules/nfs4_acls.c. These seems ugly and
++	 * hacky. NFSv4 ACL's should be a first class citizen and
++	 * librpc/idl/smb_acl.idl should be modified accordingly.
++	 */
++	return NULL;
++}
++
+ /*
+   set a simple ACL on a file, as a test
+  */
+@@ -579,7 +593,85 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self
+ 	Py_RETURN_NONE;
+ }
+ 
++
+ /*
++  set a simple NFSv4 ACL on a file, as a test
++ */
++static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs)
++{
++	const char * const kwnames[] = {
++		"fname",
++		"mode",
++		"session_info",
++		"gid",
++		"service",
++		NULL
++	};
++	char *fname, *service = NULL;
++	PyObject *py_session = Py_None;
++	struct auth_session_info *session_info = NULL;
++	int ret;
++	int mode, gid = -1;
++	SMB_ACL_T acl;
++	TALLOC_CTX *frame;
++	connection_struct *conn;
++
++	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz",
++					 discard_const_p(char *, kwnames),
++					 &fname,
++					 &mode,
++					 &py_session,
++					 &gid,
++					 &service))
++		return NULL;
++
++	if (!py_check_dcerpc_type(py_session,
++				  "samba.dcerpc.auth",
++				  "session_info")) {
++		return NULL;
++	}
++	session_info = pytalloc_get_type(py_session,
++					 struct auth_session_info);
++	if (session_info == NULL) {
++		PyErr_Format(PyExc_TypeError,
++			     "Expected auth_session_info for session_info argument got %s",
++			     pytalloc_get_name(py_session));
++		return NULL;
++	}
++
++	frame = talloc_stackframe();
++
++	acl = make_simple_nfsv4_acl(frame, gid, mode);
++	if (acl == NULL) {
++		TALLOC_FREE(frame);
++		Py_RETURN_NONE;
++	}
++
++	conn = get_conn_tos(service, session_info);
++	if (!conn) {
++		TALLOC_FREE(frame);
++		Py_RETURN_NONE;
++	}
++
++	/*
++	 * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL
++	 */
++	ret = 0;
++
++	/* ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn); */
++
++	if (ret != 0) {
++		TALLOC_FREE(frame);
++		errno = ret;
++		return PyErr_SetFromErrno(PyExc_OSError);
++	}
++
++	TALLOC_FREE(frame);
++
++	Py_RETURN_NONE;
++}
++
++/*
+   chown a file
+  */
+ static PyObject *py_smbd_chown(PyObject *self, PyObject *args, PyObject *kwargs)
+@@ -767,7 +859,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObje
+ }
+ 
+ /*
+-  check if we have ACL support
++  check if we have POSIX.1e ACL support
+  */
+ static PyObject *py_smbd_have_posix_acls(PyObject *self,
+ 		PyObject *Py_UNUSED(ignored))
+@@ -779,7 +871,84 @@ static PyObject *py_smbd_have_posix_acls(PyObject *sel
+ #endif
+ }
+ 
++static PyObject *py_smbd_has_posix_acls(PyObject *self, PyObject *args, PyObject *kwargs)
++{
++	const char * const kwnames[] = { "path", NULL };
++	char *path = NULL;
++	TALLOC_CTX *frame;
++	struct statfs fs;
++	int ret = false;
++
++	frame = talloc_stackframe();
++
++	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
++					 discard_const_p(char *, kwnames), &path)) {
++		TALLOC_FREE(frame);
++		return NULL;
++	}
++
++	if (statfs(path, &fs) != 0) {
++		TALLOC_FREE(frame);
++		return NULL;
++	}
++
++	if (fs.f_flags & MNT_ACLS)
++		ret = true;
++
++	TALLOC_FREE(frame);
++	return PyBool_FromLong(ret);
++}
++
+ /*
++  check if we have NFSv4 ACL support
++ */
++static PyObject *py_smbd_have_nfsv4_acls(PyObject *self)
++{
++#ifdef HAVE_LIBSUNACL
++	return PyBool_FromLong(true);
++#else
++	return PyBool_FromLong(false);
++#endif
++}
++
++static PyObject *py_smbd_has_nfsv4_acls(PyObject *self, PyObject *args, PyObject *kwargs)
++{
++	const char * const kwnames[] = { "path", NULL };
++	char *path = NULL;
++	TALLOC_CTX *frame;
++	struct statfs fs;
++	int ret = false;
++
++	frame = talloc_stackframe();
++
++	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
++					 discard_const_p(char *, kwnames), &path)) {
++		TALLOC_FREE(frame);
++		return NULL;
++	}
++
++	if (statfs(path, &fs) != 0) {
++		TALLOC_FREE(frame);
++		return NULL;
++	}
++
++	if (fs.f_flags & MNT_NFS4ACLS)
++		ret = true;
++
++	TALLOC_FREE(frame);
++	return PyBool_FromLong(ret);
++}
++
++
++static PyObject *py_smbd_set_nfsv4_defaults(PyObject *self)
++{
++	/*
++	 * It is really be done in source3/param/loadparm.c
++	 */
++	Py_RETURN_NONE;
++}
++
++/*
+   set the NT ACL on a file
+  */
+ static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args, PyObject *kwargs)
+@@ -1284,8 +1453,26 @@ static PyMethodDef py_smbd_methods[] = {
+ 	{ "have_posix_acls",
+ 		(PyCFunction)py_smbd_have_posix_acls, METH_NOARGS,
+ 		NULL },
++	{ "has_posix_acls",
++		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_posix_acls),
++		METH_VARARGS|METH_KEYWORDS,
++		NULL },
++	{ "have_nfsv4_acls",
++		(PyCFunction)py_smbd_have_nfsv4_acls, METH_NOARGS,
++		NULL },
++	{ "has_nfsv4_acls",
++		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_nfsv4_acls),
++		METH_VARARGS|METH_KEYWORDS,
++		NULL },
++	{ "set_nfsv4_defaults",
++		(PyCFunction)py_smbd_set_nfsv4_defaults, METH_NOARGS,
++		NULL },
+ 	{ "set_simple_acl",
+ 		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl),
++		METH_VARARGS|METH_KEYWORDS,
++		NULL },
++	{ "set_simple_nfsv4_acl",
++		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_nfsv4_acl),
+ 		METH_VARARGS|METH_KEYWORDS,
+ 		NULL },
+ 	{ "set_nt_acl",