sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-28 01:58:17 +03:00
Code

Add command "samba-tool dsacl get" This code is very equal to "samba-tool dsacl set", except it only prints out the current sddl of an object.

Browse Source 
Signed-off-by: Martin Krämer <mk.maddin@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Martin Krämer 2019-01-09 15:13:58 +00:00 committed by Andrew Bartlett
parent cf8ff6b821
commit fb7a806483
1 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
python/samba/netcmd/dsacl.py
View File

@ -177,8 +177,56 @@ class cmd_dsacl_set(Command):
self.print_new_acl(samdb, objectdn)
class cmd_dsacl_get(Command):
"""Print access list on a directory object."""
synopsis = "%prog [options]"
takes_optiongroups = {
"sambaopts": options.SambaOptions,
"credopts": options.CredentialsOptions,
"versionopts": options.VersionOptions,
}
takes_options = [
Option("-H", "--URL", help="LDB URL for database or target server",
type=str, metavar="URL", dest="H"),
Option("--objectdn", help="DN of the object whose SD to modify",
type="string"),
]
def read_descriptor(self, samdb, object_dn):
res = samdb.search(base=object_dn, scope=SCOPE_BASE,
attrs=["nTSecurityDescriptor"])
# we should theoretically always have an SD
assert(len(res) == 1)
desc = res[0]["nTSecurityDescriptor"][0]
return ndr_unpack(security.descriptor, desc)
def get_domain_sid(self, samdb):
res = samdb.search(base=samdb.domain_dn(),
expression="(objectClass=*)", scope=SCOPE_BASE)
return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
def print_acl(self, samdb, object_dn):
desc = self.read_descriptor(samdb, object_dn)
desc_sddl = desc.as_sddl(self.get_domain_sid(samdb))
self.outf.write("descriptor for %s:\n" % object_dn)
self.outf.write(desc_sddl + "\n")
def run(self, objectdn,
H=None, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=H, session_info=system_session(),
credentials=creds, lp=lp)
self.print_acl(samdb, objectdn)
class cmd_dsacl(SuperCommand):
"""DS ACLs manipulation."""
subcommands = {}
subcommands["set"] = cmd_dsacl_set()
subcommands["get"] = cmd_dsacl_get()