diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-11-20 14:56:56 +0100 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2012-11-30 17:17:19 +0100 |
commit | 67799962b8e6e16ac18466658a3f9924854e32f7 (patch) | |
tree | 6eb8e1cf90de66f2cca046df9971f37105b7dfce | |
parent | 6bffad67d24df2c90b174bbcc9c578899783a834 (diff) | |
download | samba-67799962b8e6e16ac18466658a3f9924854e32f7.tar.gz samba-67799962b8e6e16ac18466658a3f9924854e32f7.tar.bz2 samba-67799962b8e6e16ac18466658a3f9924854e32f7.zip |
s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when validating the nTSecurityDescriptor
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | source4/scripting/python/samba/netcmd/gpo.py | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py index 1c6f25dc39..f57c96591c 100644 --- a/source4/scripting/python/samba/netcmd/gpo.py +++ b/source4/scripting/python/samba/netcmd/gpo.py @@ -387,17 +387,18 @@ class cmd_list(Command): continue try: + sd_flags=security.SECINFO_OWNER|security.SECINFO_GROUP|security.SECINFO_DACL gmsg = self.samdb.search(base=g['dn'], scope=ldb.SCOPE_BASE, attrs=['name', 'displayName', 'flags', - 'nTSecurityDescriptor']) + 'nTSecurityDescriptor'], + controls=['sd_flags:1:%d' % sd_flags]) + secdesc_ndr = gmsg[0]['nTSecurityDescriptor'][0] + secdesc = ndr_unpack(security.descriptor, secdesc_ndr) except Exception: - self.outf.write("Failed to fetch gpo object %s\n" % + self.outf.write("Failed to fetch gpo object with nTSecurityDescriptor %s\n" % g['dn']) continue - secdesc_ndr = gmsg[0]['nTSecurityDescriptor'][0] - secdesc = ndr_unpack(security.descriptor, secdesc_ndr) - try: samba.security.access_check(secdesc, token, security.SEC_STD_READ_CONTROL | |