diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-11-29 09:28:23 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-12-03 08:46:46 +0100 |
commit | 06f026368e5b657394bb9e681c3d0184104bc120 (patch) | |
tree | 815965c470c2fc600e6475c40071259549cd5e8f /source4/scripting | |
parent | d48d0c5bbf70394dfc6ab44ef124582fd836695f (diff) | |
download | samba-06f026368e5b657394bb9e681c3d0184104bc120.tar.gz samba-06f026368e5b657394bb9e681c3d0184104bc120.tar.bz2 samba-06f026368e5b657394bb9e681c3d0184104bc120.zip |
s4:python/ntacl: allow string or objects for sd/sid in setntacl()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Diffstat (limited to 'source4/scripting')
-rw-r--r-- | source4/scripting/python/samba/ntacls.py | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py index 8992b61266..d86c5171b3 100644 --- a/source4/scripting/python/samba/ntacls.py +++ b/source4/scripting/python/samba/ntacls.py @@ -85,8 +85,19 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True): def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True, skip_invalid_chown=False, passdb=None): - sid = security.dom_sid(domsid) - sd = security.descriptor.from_sddl(sddl, sid) + assert(isinstance(domsid, str) or isinstance(domsid, security.dom_sid)) + if isinstance(domsid, str): + sid = security.dom_sid(domsid) + elif isinstance(domsid, security.dom_sid): + sid = domsid + domsid = str(sid) + + assert(isinstance(sddl, str) or isinstance(sddl, security.descriptor)) + if isinstance(sddl, str): + sd = security.descriptor.from_sddl(sddl, sid) + elif isinstance(sddl, security.descriptor): + sd = sddl + sddl = sd.as_sddl(sid) if not use_ntvfs and skip_invalid_chown: # Check if the owner can be resolved as a UID @@ -103,7 +114,7 @@ def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True if ((admin_type == idmap.ID_TYPE_UID) or (admin_type == idmap.ID_TYPE_BOTH)): # Set it, changing the owner to 'administrator' rather than domain admins - sd2 = security.descriptor.from_sddl(sddl, sid) + sd2 = sd sd2.owner_sid = administrator smbd.set_nt_acl(file, security.SECINFO_OWNER |security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd2) |