diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2013-02-17 22:03:18 +1100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2013-03-04 08:33:08 +0100 |
| commit | 5074b98714c9e038cc31872111508c1d92562841 (patch) | |
| tree | 06c5ebd2131a9a6d5968bb541a75797a4cbb87a0 /source4/scripting | |
| parent | 787a6aacc3003731784b29fd92c683036c8730a7 (diff) | |
| download | samba-5074b98714c9e038cc31872111508c1d92562841.tar.gz samba-5074b98714c9e038cc31872111508c1d92562841.tar.bz2 samba-5074b98714c9e038cc31872111508c1d92562841.zip | |
scripting: Rework samba.upgradehelpers.get_diff_sddls to be get_diff_sds
This moves the SDDL conversion inside the get_diff_sds function and prepares
for removing inherited ACEs from the SD before comparison.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/scripting')
| -rwxr-xr-x | source4/scripting/bin/samba_upgradeprovision | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision index 36f6a60068..9cd5c8147a 100755 --- a/source4/scripting/bin/samba_upgradeprovision +++ b/source4/scripting/bin/samba_upgradeprovision @@ -75,7 +75,7 @@ from samba.dcerpc.security import ( from samba.ndr import ndr_unpack from samba.upgradehelpers import (dn_sort, get_paths, newprovision, get_ldbs, findprovisionrange, - usn_in_range, identic_rename, get_diff_sddls, + usn_in_range, identic_rename, get_diff_sds, update_secrets, CHANGE, ERROR, SIMPLE, CHANGEALL, GUESS, CHANGESD, PROVISION, updateOEMInfo, getOEMInfo, update_gpo, @@ -963,12 +963,10 @@ def checkKeepAttributeWithMetadata(delta, att, message, reference, current, if att == "nTSecurityDescriptor": cursd = ndr_unpack(security.descriptor, str(current[0]["nTSecurityDescriptor"])) - cursddl = cursd.as_sddl(names.domainsid) refsd = ndr_unpack(security.descriptor, str(reference[0]["nTSecurityDescriptor"])) - refsddl = refsd.as_sddl(names.domainsid) - diff = get_diff_sddls(refsddl, cursddl) + diff = get_diff_sds(refsd, cursd, names.domainsid) if diff == "": # FIXME find a way to have it only with huge huge verbose mode # message(CHANGE, "%ssd are identical" % txt) @@ -1267,19 +1265,20 @@ def check_updated_sd(ref_sam, cur_sam, names): controls=["search_options:1:2"]) hash = {} for i in range(0, len(reference)): - refsd = ndr_unpack(security.descriptor, - str(reference[i]["nTSecurityDescriptor"])) - hash[str(reference[i]["dn"]).lower()] = refsd.as_sddl(names.domainsid) + refsd_blob = str(reference[i]["nTSecurityDescriptor"]) + hash[str(reference[i]["dn"]).lower()] = refsd_blob for i in range(0, len(current)): key = str(current[i]["dn"]).lower() if hash.has_key(key): + cursd_blob = str(current[i]["nTSecurityDescriptor"]) cursd = ndr_unpack(security.descriptor, - str(current[i]["nTSecurityDescriptor"])) - sddl = cursd.as_sddl(names.domainsid) - if sddl != hash[key]: - txt = get_diff_sddls(hash[key], sddl, False) + cursd_blob) + if cursd_blob != hash[key]: + refsd = ndr_unpack(security.descriptor, + hash[key]) + txt = get_diff_sds(refsd, cursd, names.domainsid, False) if txt != "": message(CHANGESD, "On object %s ACL is different" " \n%s" % (current[i]["dn"], txt)) |