summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-11-20 14:56:56 +0100
committerMichael Adam <obnox@samba.org>2012-11-30 17:17:19 +0100
commit67799962b8e6e16ac18466658a3f9924854e32f7 (patch)
tree6eb8e1cf90de66f2cca046df9971f37105b7dfce
parent6bffad67d24df2c90b174bbcc9c578899783a834 (diff)
downloadsamba-67799962b8e6e16ac18466658a3f9924854e32f7.tar.gz
samba-67799962b8e6e16ac18466658a3f9924854e32f7.tar.bz2
samba-67799962b8e6e16ac18466658a3f9924854e32f7.zip
s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when validating the nTSecurityDescriptor
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r--source4/scripting/python/samba/netcmd/gpo.py11
1 files changed, 6 insertions, 5 deletions
diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py
index 1c6f25dc39..f57c96591c 100644
--- a/source4/scripting/python/samba/netcmd/gpo.py
+++ b/source4/scripting/python/samba/netcmd/gpo.py
@@ -387,17 +387,18 @@ class cmd_list(Command):
continue
try:
+ sd_flags=security.SECINFO_OWNER|security.SECINFO_GROUP|security.SECINFO_DACL
gmsg = self.samdb.search(base=g['dn'], scope=ldb.SCOPE_BASE,
attrs=['name', 'displayName', 'flags',
- 'nTSecurityDescriptor'])
+ 'nTSecurityDescriptor'],
+ controls=['sd_flags:1:%d' % sd_flags])
+ secdesc_ndr = gmsg[0]['nTSecurityDescriptor'][0]
+ secdesc = ndr_unpack(security.descriptor, secdesc_ndr)
except Exception:
- self.outf.write("Failed to fetch gpo object %s\n" %
+ self.outf.write("Failed to fetch gpo object with nTSecurityDescriptor %s\n" %
g['dn'])
continue
- secdesc_ndr = gmsg[0]['nTSecurityDescriptor'][0]
- secdesc = ndr_unpack(security.descriptor, secdesc_ndr)
-
try:
samba.security.access_check(secdesc, token,
security.SEC_STD_READ_CONTROL |