diff options
author | Nadezhda Ivanova <nivanova@samba.org> | 2011-02-10 15:04:23 +0200 |
---|---|---|
committer | Nadezhda Ivanova <nivanova@samba.org> | 2011-02-10 15:28:04 +0100 |
commit | a38d04a7a863d628f23b2bae95ee184eecb502f0 (patch) | |
tree | 64ea0d776949ff426156947fc24c3cb36f7e9b39 /source4/scripting/python | |
parent | 6d3625de675e3e6e91b1ac19d9323b95267acf14 (diff) | |
download | samba-a38d04a7a863d628f23b2bae95ee184eecb502f0.tar.gz |
s4-tools: Added --sddl option, which allows the user to add an ACE to an object's security descriptor in SDDL format
Useful for testing purposes.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Thu Feb 10 15:28:04 CET 2011 on sn-devel-104
Diffstat (limited to 'source4/scripting/python')
-rw-r--r-- | source4/scripting/python/samba/netcmd/dsacl.py | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/source4/scripting/python/samba/netcmd/dsacl.py b/source4/scripting/python/samba/netcmd/dsacl.py index 2d74145709a..58a35526870 100644 --- a/source4/scripting/python/samba/netcmd/dsacl.py +++ b/source4/scripting/python/samba/netcmd/dsacl.py @@ -79,6 +79,8 @@ class cmd_ds_acl_set(Command): type="string"), Option("--trusteedn", help="DN of the entity that gets access", type="string"), + Option("--sddl", help="An ACE or group of ACEs to be added on the object", + type="string"), ] def find_trustee_sid(self, samdb, trusteedn): @@ -133,13 +135,13 @@ class cmd_ds_acl_set(Command): print "new descriptor for %s:" % object_dn print desc_sddl - def run(self, car, action, objectdn, trusteedn, + def run(self, car, action, objectdn, trusteedn, sddl, host=None, credopts=None, sambaopts=None, versionopts=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) - if (car is None or action is None or objectdn is None or - trusteedn is None): + if sddl is None and (car is None or action is None + or objectdn is None or trusteedn is None): return self.usage() samdb = SamDB(url=host, session_info=system_session(), @@ -159,7 +161,9 @@ class cmd_ds_acl_set(Command): 'ro-repl-secret-sync' : GUID_DRS_RO_REPL_SECRET_SYNC, } sid = self.find_trustee_sid(samdb, trusteedn) - if action == "allow": + if sddl: + new_ace = sddl + elif action == "allow": new_ace = "(OA;;CR;%s;;%s)" % (cars[car], str(sid)) elif action == "deny": new_ace = "(OD;;CR;%s;;%s)" % (cars[car], str(sid)) |