sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-19 12:23:49 +03:00
Code Activity

netcmd: Improve error handling of gpo aclcheck as non-admin

Browse Source 
Reading the nTSecurityDescriptor attribute over LDAP requires admin
creds. However, if you don't specify admin creds, then you get an error
like this:

bin/samba-tool gpo aclcheck
ERROR(<class 'KeyError'>): uncaught exception - 'No such element'
  File "bin/python/samba/netcmd/__init__.py", line 184, in _run
    return self.run(*args, **kwargs)
  File "bin/python/samba/netcmd/gpo.py", line 1536, in run
    ds_sd_ndr = m['nTSecurityDescriptor'][0]

This patch adds an explicit check/error message to make the problem
clearer.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Tim Beale
2019-01-29 13:25:55 +13:00
committed by Andrew Bartlett
parent 1e0db9726b
commit 5bfad1b2b0
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/samba/netcmd/gpo.py
View File

@@ -1533,6 +1533,10 @@ class cmd_aclcheck(GPOCommand):
fs_sd = conn.get_acl(sharepath, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL, security.SEC_FLAG_MAXIMUM_ALLOWED)
if 'nTSecurityDescriptor' not in m:
raise CommandError("Could not read nTSecurityDescriptor. "
"This requires an Administrator account")
ds_sd_ndr = m['nTSecurityDescriptor'][0]
ds_sd = ndr_unpack(security.descriptor, ds_sd_ndr).as_sddl()