diff options
| author | Joe Guo <joeg@catalyst.net.nz> | 2018-07-04 12:07:25 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2018-07-12 04:32:00 +0200 |
| commit | 5dd25a654f01797607d82c44e0fff0a5c390f67d (patch) | |
| tree | ef97e17975432ffd138b137d4f0d48c41e6f23e5 | |
| parent | 8dc8b8d7f9dda3e83632e18bca002b71552a8fa7 (diff) | |
| download | samba-5dd25a654f01797607d82c44e0fff0a5c390f67d.tar.gz | |
provision/setsysvolacl: build session_info and pass down to setntacl
Get the admin session info, and pass it down to setntacl.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13521
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
| -rw-r--r-- | python/samba/provision/__init__.py | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py index 8bdb95ccfa8..976503ecc0c 100644 --- a/python/samba/provision/__init__.py +++ b/python/samba/provision/__init__.py @@ -46,6 +46,7 @@ import ldb from samba.auth import system_session, admin_session import samba +from samba import auth from samba.samba3 import smbd, passdb from samba.samba3 import param as s3param from samba.dsdb import DS_DOMAIN_FUNCTION_2000 @@ -1687,23 +1688,36 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain, else: canchown = True + # use admin sid dn as user dn, since admin should own most of the files, + # the operation will be much faster + userdn = '<SID={}-{}>'.format(domainsid, security.DOMAIN_RID_ADMINISTRATOR) + + flags = (auth.AUTH_SESSION_INFO_DEFAULT_GROUPS | + auth.AUTH_SESSION_INFO_AUTHENTICATED | + auth.AUTH_SESSION_INFO_SIMPLE_PRIVILEGES) + + session_info = auth.user_session(samdb, lp_ctx=lp, dn=userdn, + session_info_flags=flags) + # Set the SYSVOL_ACL on the sysvol folder and subfolder (first level) setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb, - service=SYSVOL_SERVICE) + service=SYSVOL_SERVICE, session_info=session_info) for root, dirs, files in os.walk(sysvol, topdown=False): for name in files: if use_ntvfs and canchown: os.chown(os.path.join(root, name), -1, gid) setntacl(lp, os.path.join(root, name), SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, - passdb=s4_passdb, service=SYSVOL_SERVICE) + passdb=s4_passdb, service=SYSVOL_SERVICE, + session_info=session_info) for name in dirs: if use_ntvfs and canchown: os.chown(os.path.join(root, name), -1, gid) setntacl(lp, os.path.join(root, name), SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, - passdb=s4_passdb, service=SYSVOL_SERVICE) + passdb=s4_passdb, service=SYSVOL_SERVICE, + session_info=session_info) # Set acls on Policy folder and policies folders set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) |