diff options
author | Martin Krämer <mk.maddin@gmail.com> | 2019-01-26 09:17:25 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-02-21 04:09:20 +0100 |
commit | cf8ff6b821bce02def8e3846bfbae96e3ebe0778 (patch) | |
tree | bed52ec17d81e684ff704e12edc6b778ffade188 /python/samba/netcmd | |
parent | d6f6eb4f25aca1a55709feb1f87afc01cb851d8b (diff) | |
download | samba-cf8ff6b821bce02def8e3846bfbae96e3ebe0778.tar.gz |
Update dsacl.py - add_ace to handle/verify sddl parameter correct
Test for samba-tool dsacl set --sddl parmeter
Update tests.py - add dsacl (dsacl.py / samba-tool dsacl set) test
Signed-off-by: <Martin Krämer mk.maddin@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'python/samba/netcmd')
-rw-r--r-- | python/samba/netcmd/dsacl.py | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/python/samba/netcmd/dsacl.py b/python/samba/netcmd/dsacl.py index 176d14d1a4d..ef57560801c 100644 --- a/python/samba/netcmd/dsacl.py +++ b/python/samba/netcmd/dsacl.py @@ -113,20 +113,23 @@ class cmd_dsacl_set(Command): def add_ace(self, samdb, object_dn, new_ace): """Add new ace explicitly.""" desc = self.read_descriptor(samdb, object_dn) - desc_sddl = desc.as_sddl(self.get_domain_sid(samdb)) - # TODO add bindings for descriptor manipulation and get rid of this - desc_aces = re.findall("\(.*?\)", desc_sddl) - for ace in desc_aces: - if ("ID" in ace): - desc_sddl = desc_sddl.replace(ace, "") - if new_ace.lower() in desc_sddl.lower(): - return - if desc_sddl.find("(") >= 0: - desc_sddl = desc_sddl[:desc_sddl.index("(")] + new_ace + desc_sddl[desc_sddl.index("("):] - else: - desc_sddl = desc_sddl + new_ace - desc = security.descriptor.from_sddl(desc_sddl, self.get_domain_sid(samdb)) - self.modify_descriptor(samdb, object_dn, desc) + new_ace = security.descriptor.from_sddl("D:" + new_ace,self.get_domain_sid(samdb)) + new_ace_list = re.findall("\(.*?\)",new_ace.as_sddl()) + for new_ace in new_ace_list: + desc_sddl = desc.as_sddl(self.get_domain_sid(samdb)) + # TODO add bindings for descriptor manipulation and get rid of this + desc_aces = re.findall("\(.*?\)", desc_sddl) + for ace in desc_aces: + if ("ID" in ace): + desc_sddl = desc_sddl.replace(ace, "") + if new_ace in desc_sddl: + continue + if desc_sddl.find("(") >= 0: + desc_sddl = desc_sddl[:desc_sddl.index("(")] + new_ace + desc_sddl[desc_sddl.index("("):] + else: + desc_sddl = desc_sddl + new_ace + desc = security.descriptor.from_sddl(desc_sddl, self.get_domain_sid(samdb)) + self.modify_descriptor(samdb, object_dn, desc) def print_new_acl(self, samdb, object_dn): desc = self.read_descriptor(samdb, object_dn) |