sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-03 04:22:09 +03:00
Code Activity

python-s4: use secrets.ldb instead of sam.ldb for reading domain SID

Browse Source 
This allow to be able to run net acl set xxx yyy on DC, but also on domain
  member.

Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
This commit is contained in:
Matthieu Patou
2010-01-27 01:32:29 +03:00
committed by Matthias Dieter Wallnöfer
parent d1c2923151
commit bcba41c351
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
source4/scripting/python/samba/netcmd/ntacl.py
View File

@ -61,7 +61,7 @@ class cmd_acl_set(Command):
credopts=None, sambaopts=None, versionopts=None): credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm() lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp) creds = credopts.get_credentials(lp)
path = os.path.join(lp.get("private dir"), lp.get("sam database") or "samdb.ldb") path = os.path.join(lp.get("private dir"), lp.get("secrets database") or "secrets.ldb")
creds = credopts.get_credentials(lp) creds = credopts.get_credentials(lp)
creds.set_kerberos_state(DONT_USE_KERBEROS) creds.set_kerberos_state(DONT_USE_KERBEROS)
try: try:
@ -71,7 +71,7 @@ class cmd_acl_set(Command):
sys.exit(1) sys.exit(1)
attrs = ["objectSid"] attrs = ["objectSid"]
print lp.get("realm") print lp.get("realm")
res = ldb.search(expression="(objectClass=*)",base="DC=%s"%lp.get("realm").lower().replace(".",",DC="), scope=SCOPE_BASE, attrs=attrs) res = ldb.search(expression="(objectClass=*)",base="flatname=%s,cn=Primary Domains"%lp.get("workgroup"), scope=SCOPE_BASE, attrs=attrs)
if len(res) !=0: if len(res) !=0:
domainsid = ndr_unpack( security.dom_sid,res[0]["objectSid"][0]) domainsid = ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
setntacl(lp,file,acl,str(domainsid),xattr_backend,eadb_file) setntacl(lp,file,acl,str(domainsid),xattr_backend,eadb_file)