5 files changed, 46 insertions, 42 deletions

diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index 426d7b38a0..c2920c009e 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -26,7 +26,7 @@ from ldb import ERR_NAMING_VIOLATION, ERR_CONSTRAINT_VIOLATION
 from ldb import ERR_UNDEFINED_ATTRIBUTE_TYPE
 from ldb import Message, MessageElement, Dn
 from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
-from samba import Ldb, param, dom_sid_to_rid
+from samba import Ldb, param
 from samba import UF_NORMAL_ACCOUNT, UF_TEMP_DUPLICATE_ACCOUNT
 from samba import UF_SERVER_TRUST_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT
 from samba import UF_INTERDOMAIN_TRUST_ACCOUNT
@@ -456,7 +456,7 @@ class BasicTests(unittest.TestCase):
             self.fail()
         except LdbError, (num, _):
             self.assertEquals(num, ERR_NAMING_VIOLATION)
- 
+
         self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
 
         self.ldb.add({
@@ -642,17 +642,17 @@ objectClass: container
         res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
                           scope=SCOPE_BASE, attrs=["objectSID"])
         self.assertTrue(len(res1) == 1)
-	group_rid_1 = dom_sid_to_rid(ldb.schema_format_value("objectSID",
-          res1[0]["objectSID"][0]))
+        group_rid_1 = security.dom_sid(ldb.schema_format_value("objectSID",
+          res1[0]["objectSID"][0])).split()[1]
 
         res1 = ldb.search("cn=ldaptestgroup2,cn=users," + self.base_dn,
                           scope=SCOPE_BASE, attrs=["objectSID"])
         self.assertTrue(len(res1) == 1)
-        group_rid_2 = dom_sid_to_rid(ldb.schema_format_value("objectSID",
-          res1[0]["objectSID"][0]))
+        group_rid_2 = security.dom_sid(ldb.schema_format_value("objectSID",
+          res1[0]["objectSID"][0])).split()[1]
 
         # Try to create a user with an invalid primary group
-	try:
+        try:
             ldb.add({
                 "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
                 "objectclass": ["user", "person"],
@@ -833,7 +833,7 @@ objectClass: container
         self.assertTrue(len(res1) == 1)
         self.assertFalse("primaryGroupToken" in res1[0])
 
-	res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
+        res1 = ldb.search("cn=ldaptestgroup,cn=users," + self.base_dn,
                           scope=SCOPE_BASE)
         self.assertTrue(len(res1) == 1)
         self.assertFalse("primaryGroupToken" in res1[0])
@@ -843,7 +843,7 @@ objectClass: container
         self.assertTrue(len(res1) == 1)
         primary_group_token = int(res1[0]["primaryGroupToken"][0])
 
-	rid = dom_sid_to_rid(ldb.schema_format_value("objectSID", res1[0]["objectSID"][0]))
+        rid = security.dom_sid(ldb.schema_format_value("objectSID", res1[0]["objectSID"][0])).split()[1]
         self.assertEquals(primary_group_token, rid)
 
         m = Message()
diff --git a/source4/lib/ldb/tests/python/ldap_schema.py b/source4/lib/ldb/tests/python/ldap_schema.py
index f13a4fbc52..0a31db82f7 100755
--- a/source4/lib/ldb/tests/python/ldap_schema.py
+++ b/source4/lib/ldb/tests/python/ldap_schema.py
@@ -26,7 +26,7 @@ from ldb import ERR_NAMING_VIOLATION, ERR_CONSTRAINT_VIOLATION
 from ldb import ERR_UNDEFINED_ATTRIBUTE_TYPE
 from ldb import Message, MessageElement, Dn
 from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE, FLAG_MOD_DELETE
-from samba import Ldb, param, dom_sid_to_rid
+from samba import Ldb
 from samba import UF_NORMAL_ACCOUNT, UF_TEMP_DUPLICATE_ACCOUNT
 from samba import UF_SERVER_TRUST_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT
 from samba import UF_INTERDOMAIN_TRUST_ACCOUNT
diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c
index 02dc059f05..d04e2579f5 100644
--- a/source4/librpc/ndr/py_security.c
+++ b/source4/librpc/ndr/py_security.c
@@ -41,6 +41,33 @@ static void PyType_AddMethods(PyTypeObject *type, PyMethodDef *methods)
 	}
 }
 
+static PyObject *py_dom_sid_split(PyObject *py_self, PyObject *args)
+{
+	struct dom_sid *self = py_talloc_get_ptr(py_self);
+	struct dom_sid *domain_sid;
+	TALLOC_CTX *mem_ctx;
+	uint32_t rid;
+	NTSTATUS status;
+	PyObject *py_domain_sid;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	status = dom_sid_split_rid(mem_ctx, self, &domain_sid, &rid);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetString(PyExc_RuntimeError, "dom_sid_split_rid failed");
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	py_domain_sid = py_talloc_steal(&dom_sid_Type, domain_sid);
+	talloc_free(mem_ctx);
+	return Py_BuildValue("(OI)", py_domain_sid, rid);
+}
+
 static int py_dom_sid_cmp(PyObject *py_self, PyObject *py_other)
 {
 	struct dom_sid *self = py_talloc_get_ptr(py_self), *other;
@@ -86,12 +113,21 @@ static int py_dom_sid_init(PyObject *self, PyObject *args, PyObject *kwargs)
 	return 0;
 }
 
+static PyMethodDef py_dom_sid_extra_methods[] = {
+	{ "split", (PyCFunction)py_dom_sid_split, METH_NOARGS,
+		"S.split() -> (domain_sid, rid)\n"
+		"Split a domain sid" },
+	{ NULL }
+};
+
+
 static void py_dom_sid_patch(PyTypeObject *type)
 {
 	type->tp_init = py_dom_sid_init;
 	type->tp_str = py_dom_sid_str;
 	type->tp_repr = py_dom_sid_repr;
 	type->tp_compare = py_dom_sid_cmp;
+	PyType_AddMethods(type, py_dom_sid_extra_methods);
 }
 
 #define PY_DOM_SID_PATCH py_dom_sid_patch
diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c
index 9f01102316..3d33e605db 100644
--- a/source4/scripting/python/pyglue.c
+++ b/source4/scripting/python/pyglue.c
@@ -442,27 +442,6 @@ static PyObject *py_dsdb_make_schema_global(PyObject *self, PyObject *args)
 	Py_RETURN_NONE;
 }
 
-static PyObject *py_dom_sid_to_rid(PyLdbObject *self, PyObject *args)
-{
-	PyObject *py_sid;
-	struct dom_sid *sid;
-	uint32_t rid;
-	NTSTATUS status;
-	
-	if(!PyArg_ParseTuple(args, "O", &py_sid))
-		return NULL;
-
-	sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
-
-	status = dom_sid_split_rid(NULL, sid, NULL, &rid);
-	if (!NT_STATUS_IS_OK(status)) {
-		PyErr_SetString(PyExc_RuntimeError, "dom_sid_split_rid failed");
-		return NULL;
-	}
-
-	return PyInt_FromLong(rid);
-}
-
 static PyMethodDef py_misc_methods[] = {
 	{ "generate_random_str", (PyCFunction)py_generate_random_str, METH_VARARGS,
 		"random_password(len) -> string\n"
@@ -506,8 +485,6 @@ static PyMethodDef py_misc_methods[] = {
 		NULL },
 	{ "dsdb_make_schema_global", (PyCFunction)py_dsdb_make_schema_global, METH_VARARGS,
 		NULL },
-	{ "dom_sid_to_rid", (PyCFunction)py_dom_sid_to_rid, METH_VARARGS,
-		NULL },
 	{ "set_debug_level", (PyCFunction)py_set_debug_level, METH_VARARGS,
 		"set debug level" },
 	{ NULL }
diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py
index f74304c01c..d501fd7b88 100644
--- a/source4/scripting/python/samba/__init__.py
+++ b/source4/scripting/python/samba/__init__.py
@@ -370,15 +370,6 @@ def valid_netbios_name(name):
     return True
 
 
-def dom_sid_to_rid(sid_str):
-    """Converts a domain SID to the relative RID.
-
-    :param sid_str: The domain SID formatted as string
-    """
-
-    return glue.dom_sid_to_rid(sid_str)
-
-
 version = glue.version
 
 # "userAccountControl" flags