diff options
author | Nadezhda Ivanova <nivanova@samba.org> | 2011-01-17 14:22:22 +0200 |
---|---|---|
committer | Nadezhda Ivanova <nivanova@samba.org> | 2011-01-17 14:09:09 +0100 |
commit | 3ecce7f2ee243eb1411e4aa8cb0648d118c1c364 (patch) | |
tree | 38d4221860fcee59d9ca1d116287f4f982e5740f /source4/scripting/python | |
parent | 528bcedbc55e9fa9e700db74c2f7e7323c3f08c1 (diff) | |
download | samba-3ecce7f2ee243eb1411e4aa8cb0648d118c1c364.tar.gz samba-3ecce7f2ee243eb1411e4aa8cb0648d118c1c364.tar.bz2 samba-3ecce7f2ee243eb1411e4aa8cb0648d118c1c364.zip |
s4-tools: Added a --sort-aces option to ldapcmp
This option sorts the ACE lists during SD comparison in collision view to make it easier to
determine of a difference is only in ACE order, and if not, where do differences start.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Mon Jan 17 14:09:09 CET 2011 on sn-devel-104
Diffstat (limited to 'source4/scripting/python')
-rwxr-xr-x | source4/scripting/python/samba/netcmd/ldapcmp.py | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/source4/scripting/python/samba/netcmd/ldapcmp.py b/source4/scripting/python/samba/netcmd/ldapcmp.py index dff0c1e8fd..d62b554424 100755 --- a/source4/scripting/python/samba/netcmd/ldapcmp.py +++ b/source4/scripting/python/samba/netcmd/ldapcmp.py @@ -46,7 +46,7 @@ summary = {} class LDAPBase(object): def __init__(self, host, creds, lp, - two=False, quiet=False, descriptor=False, verbose=False, + two=False, quiet=False, descriptor=False, sort_aces=False, verbose=False, view="section", base="", scope="SUB"): ldb_options = [] samdb_url = host @@ -67,6 +67,7 @@ class LDAPBase(object): self.two_domains = two self.quiet = quiet self.descriptor = descriptor + self.sort_aces = sort_aces self.view = view self.verbose = verbose self.host = host @@ -208,6 +209,8 @@ class Descriptor(object): self.dn = dn self.sddl = self.con.get_descriptor_sddl(self.dn) self.dacl_list = self.extract_dacl() + if self.con.sort_aces: + self.dacl_list.sort() def extract_dacl(self): """ Extracts the DACL as a list of ACE string (with the brakets). @@ -781,6 +784,8 @@ class cmd_ldapcmp(Command): help="Print all DN pairs that have been compared"), Option("--sd", dest="descriptor", action="store_true", default=False, help="Compare nTSecurityDescriptor attibutes only"), + Option("--sort-aces", dest="sort_aces", action="store_true", default=False, + help="Sort ACEs before comparison of nTSecurityDescriptor attribute"), Option("--view", dest="view", default="section", help="Display mode for nTSecurityDescriptor results. Possible values: section or collision."), Option("--base", dest="base", default="", @@ -793,9 +798,8 @@ class cmd_ldapcmp(Command): def run(self, URL1, URL2, context1=None, context2=None, context3=None, - two=False, quiet=False, verbose=False, descriptor=False, view="section", - base="", base2="", scope="SUB", - credopts=None, sambaopts=None, versionopts=None): + two=False, quiet=False, verbose=False, descriptor=False, sort_aces=False, view="section", + base="", base2="", scope="SUB", credopts=None, sambaopts=None, versionopts=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp, fallback_machine=True) creds2 = credopts.get_credentials2(lp, guess=False) @@ -835,11 +839,13 @@ class cmd_ldapcmp(Command): raise CommandError("Invalid --scope value. Choose from: SUB, ONE, BASE") con1 = LDAPBase(URL1, creds, lp, - two=two, quiet=quiet, descriptor=descriptor, verbose=verbose, view=view, base=base, scope=scope) + two=two, quiet=quiet, descriptor=descriptor, sort_aces=sort_aces, + verbose=verbose,view=view, base=base, scope=scope) assert len(con1.base_dn) > 0 con2 = LDAPBase(URL2, creds2, lp, - two=two, quiet=quiet, descriptor=descriptor, verbose=verbose, view=view, base=base2, scope=scope) + two=two, quiet=quiet, descriptor=descriptor, sort_aces=sort_aces, + verbose=verbose, view=view, base=base2, scope=scope) assert len(con2.base_dn) > 0 status = 0 |