D52168

net/samba422/files/patch-python_samba_provision_____init____.py

@@ -0,0 +1,71 @@
+--- python/samba/provision/__init__.py.orig	2025-02-06 10:31:54 UTC
++++ python/samba/provision/__init__.py
+@@ -1671,19 +1671,25 @@ def setsysvolacl(samdb, sysvol, uid, gid, domainsid, d
+         s3conf = s3param.get_context()
+         s3conf.load(lp.configfile)
+ 
+-        file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol))
++        sysvol_dir = os.path.abspath(sysvol)
++
++        set_simple_acl = smbd.set_simple_acl
++        if smbd.has_nfsv4_acls(sysvol_dir):
++            set_simple_acl = smbd.set_simple_nfsv4_acl
++
++        file = tempfile.NamedTemporaryFile(dir=sysvol_dir)
+         try:
+             try:
+-                smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
++                set_simple_acl(file.name, 0o755, system_session_unix(), gid)
+             except OSError:
+-                if not smbd.have_posix_acls():
++                if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls():
+                     # This clue is only strictly correct for RPM and
+                     # Debian-like Linux systems, but hopefully other users
+                     # will get enough clue from it.
+-                    raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires.  "
++                    raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires.  "
+                                             "Try installing libacl1-dev or libacl-devel, then re-run configure and make.")
+ 
+-                raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires.  "
++                raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires.  "
+                                         "Try the mounting the filesystem with the 'acl' option.")
+             try:
+                 smbd.chown(file.name, uid, gid, system_session_unix())
+@@ -1906,7 +1912,7 @@ def interface_ips_v6(lp):
+     return ret
+ 
+ 
+-def provision_fill(samdb, secrets_ldb, logger, names, paths,
++def provision_fill(samdb, secrets_ldb, logger, names, paths, targetdir,
+                    schema=None,
+                    samdb_fill=FILL_FULL,
+                    hostip=None, hostip6=None,
+@@ -1965,6 +1971,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, 
+         samdb.transaction_commit()
+ 
+     if serverrole == "active directory domain controller":
++        if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir):
++            smbd.set_nfsv4_defaults()
++
+         # Continue setting up sysvol for GPO. This appears to require being
+         # outside a transaction.
+         if not skip_sysvolacl:
+@@ -2341,6 +2350,9 @@ def provision(logger, session_info, smbconf=None,
+             if not os.path.isdir(paths.netlogon):
+                 os.makedirs(paths.netlogon, 0o755)
+ 
++            if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol):
++                smbd.set_nfsv4_defaults()
++
+         if adminpass is None:
+             adminpass = samba.generate_random_password(12, 32)
+             adminpass_generated = True
+@@ -2350,7 +2362,7 @@ def provision(logger, session_info, smbconf=None,
+             adminpass_generated = False
+ 
+         if samdb_fill == FILL_FULL:
+-            provision_fill(samdb, secrets_ldb, logger, names, paths,
++            provision_fill(samdb, secrets_ldb, logger, names, paths, targetdir,
+                            schema=schema, samdb_fill=samdb_fill,
+                            hostip=hostip, hostip6=hostip6,
+                            next_rid=next_rid, dc_rid=dc_rid, adminpass=adminpass,