summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNadezhda Ivanova <nivanova@samba.org>2011-02-10 15:04:23 +0200
committerNadezhda Ivanova <nivanova@samba.org>2011-02-10 15:28:04 +0100
commita38d04a7a863d628f23b2bae95ee184eecb502f0 (patch)
tree64ea0d776949ff426156947fc24c3cb36f7e9b39
parent6d3625de675e3e6e91b1ac19d9323b95267acf14 (diff)
downloadsamba-a38d04a7a863d628f23b2bae95ee184eecb502f0.tar.gz
samba-a38d04a7a863d628f23b2bae95ee184eecb502f0.tar.bz2
samba-a38d04a7a863d628f23b2bae95ee184eecb502f0.zip
s4-tools: Added --sddl option, which allows the user to add an ACE to an object's security descriptor in SDDL format
Useful for testing purposes. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Thu Feb 10 15:28:04 CET 2011 on sn-devel-104
-rw-r--r--source4/scripting/python/samba/netcmd/dsacl.py12
1 files changed, 8 insertions, 4 deletions
diff --git a/source4/scripting/python/samba/netcmd/dsacl.py b/source4/scripting/python/samba/netcmd/dsacl.py
index 2d74145709..58a3552687 100644
--- a/source4/scripting/python/samba/netcmd/dsacl.py
+++ b/source4/scripting/python/samba/netcmd/dsacl.py
@@ -79,6 +79,8 @@ class cmd_ds_acl_set(Command):
type="string"),
Option("--trusteedn", help="DN of the entity that gets access",
type="string"),
+ Option("--sddl", help="An ACE or group of ACEs to be added on the object",
+ type="string"),
]
def find_trustee_sid(self, samdb, trusteedn):
@@ -133,13 +135,13 @@ class cmd_ds_acl_set(Command):
print "new descriptor for %s:" % object_dn
print desc_sddl
- def run(self, car, action, objectdn, trusteedn,
+ def run(self, car, action, objectdn, trusteedn, sddl,
host=None, credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
- if (car is None or action is None or objectdn is None or
- trusteedn is None):
+ if sddl is None and (car is None or action is None
+ or objectdn is None or trusteedn is None):
return self.usage()
samdb = SamDB(url=host, session_info=system_session(),
@@ -159,7 +161,9 @@ class cmd_ds_acl_set(Command):
'ro-repl-secret-sync' : GUID_DRS_RO_REPL_SECRET_SYNC,
}
sid = self.find_trustee_sid(samdb, trusteedn)
- if action == "allow":
+ if sddl:
+ new_ace = sddl
+ elif action == "allow":
new_ace = "(OA;;CR;%s;;%s)" % (cars[car], str(sid))
elif action == "deny":
new_ace = "(OD;;CR;%s;;%s)" % (cars[car], str(sid))