summaryrefslogtreecommitdiff
path: root/source4/scripting
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-11-29 09:28:23 +0100
committerStefan Metzmacher <metze@samba.org>2012-12-03 08:46:46 +0100
commit06f026368e5b657394bb9e681c3d0184104bc120 (patch)
tree815965c470c2fc600e6475c40071259549cd5e8f /source4/scripting
parentd48d0c5bbf70394dfc6ab44ef124582fd836695f (diff)
downloadsamba-06f026368e5b657394bb9e681c3d0184104bc120.tar.gz
samba-06f026368e5b657394bb9e681c3d0184104bc120.tar.bz2
samba-06f026368e5b657394bb9e681c3d0184104bc120.zip
s4:python/ntacl: allow string or objects for sd/sid in setntacl()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Diffstat (limited to 'source4/scripting')
-rw-r--r--source4/scripting/python/samba/ntacls.py17
1 files changed, 14 insertions, 3 deletions
diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py
index 8992b61266..d86c5171b3 100644
--- a/source4/scripting/python/samba/ntacls.py
+++ b/source4/scripting/python/samba/ntacls.py
@@ -85,8 +85,19 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True):
def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True, skip_invalid_chown=False, passdb=None):
- sid = security.dom_sid(domsid)
- sd = security.descriptor.from_sddl(sddl, sid)
+ assert(isinstance(domsid, str) or isinstance(domsid, security.dom_sid))
+ if isinstance(domsid, str):
+ sid = security.dom_sid(domsid)
+ elif isinstance(domsid, security.dom_sid):
+ sid = domsid
+ domsid = str(sid)
+
+ assert(isinstance(sddl, str) or isinstance(sddl, security.descriptor))
+ if isinstance(sddl, str):
+ sd = security.descriptor.from_sddl(sddl, sid)
+ elif isinstance(sddl, security.descriptor):
+ sd = sddl
+ sddl = sd.as_sddl(sid)
if not use_ntvfs and skip_invalid_chown:
# Check if the owner can be resolved as a UID
@@ -103,7 +114,7 @@ def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True
if ((admin_type == idmap.ID_TYPE_UID) or (admin_type == idmap.ID_TYPE_BOTH)):
# Set it, changing the owner to 'administrator' rather than domain admins
- sd2 = security.descriptor.from_sddl(sddl, sid)
+ sd2 = sd
sd2.owner_sid = administrator
smbd.set_nt_acl(file, security.SECINFO_OWNER |security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd2)