From 67799962b8e6e16ac18466658a3f9924854e32f7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 20 Nov 2012 14:56:56 +0100 Subject: s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when validating the nTSecurityDescriptor Signed-off-by: Stefan Metzmacher Reviewed-by: Michael Adam --- source4/scripting/python/samba/netcmd/gpo.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py index 1c6f25dc39..f57c96591c 100644 --- a/source4/scripting/python/samba/netcmd/gpo.py +++ b/source4/scripting/python/samba/netcmd/gpo.py @@ -387,17 +387,18 @@ class cmd_list(Command): continue try: + sd_flags=security.SECINFO_OWNER|security.SECINFO_GROUP|security.SECINFO_DACL gmsg = self.samdb.search(base=g['dn'], scope=ldb.SCOPE_BASE, attrs=['name', 'displayName', 'flags', - 'nTSecurityDescriptor']) + 'nTSecurityDescriptor'], + controls=['sd_flags:1:%d' % sd_flags]) + secdesc_ndr = gmsg[0]['nTSecurityDescriptor'][0] + secdesc = ndr_unpack(security.descriptor, secdesc_ndr) except Exception: - self.outf.write("Failed to fetch gpo object %s\n" % + self.outf.write("Failed to fetch gpo object with nTSecurityDescriptor %s\n" % g['dn']) continue - secdesc_ndr = gmsg[0]['nTSecurityDescriptor'][0] - secdesc = ndr_unpack(security.descriptor, secdesc_ndr) - try: samba.security.access_check(secdesc, token, security.SEC_STD_READ_CONTROL | -- cgit