diff options
| author | Björn Baumbach <bb@sernet.de> | 2018-09-04 16:32:50 +0200 |
|---|---|---|
| committer | Björn Baumbach <bb@sernet.de> | 2018-10-11 10:28:18 +0200 |
| commit | e54d4ffbaa3fb1ab9e80d4d107bf2a4d9c3d2d8f (patch) | |
| tree | d2ebfed908f405c54732de8c7135c72135cfa0f0 /python/samba/netcmd | |
| parent | 01ff09adccc88367e807bbf5d5e8cd2eae6a38b0 (diff) | |
| download | samba-e54d4ffbaa3fb1ab9e80d4d107bf2a4d9c3d2d8f.tar.gz samba-e54d4ffbaa3fb1ab9e80d4d107bf2a4d9c3d2d8f.tar.bz2 samba-e54d4ffbaa3fb1ab9e80d4d107bf2a4d9c3d2d8f.zip | |
samba-tool ntacl: allow to run get/set-ntacl command in non-AD-DC role
Can be used to get and apply NT-ACLs on Samba member servers.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Diffstat (limited to 'python/samba/netcmd')
| -rw-r--r-- | python/samba/netcmd/ntacl.py | 66 |
1 files changed, 45 insertions, 21 deletions
diff --git a/python/samba/netcmd/ntacl.py b/python/samba/netcmd/ntacl.py index 5535cb0b942..323add7243c 100644 --- a/python/samba/netcmd/ntacl.py +++ b/python/samba/netcmd/ntacl.py @@ -77,26 +77,38 @@ class cmd_ntacl_set(Command): service=None): logger = self.get_logger() lp = sambaopts.get_loadparm() - try: - samdb = SamDB(session_info=system_session(), - lp=lp) - except Exception as e: - raise CommandError("Unable to open samdb:", e) + + is_ad_dc = False + server_role = lp.server_role() + if server_role == "ROLE_ACTIVE_DIRECTORY_DC": + is_ad_dc = True if not use_ntvfs and not use_s3fs: use_ntvfs = "smb" in lp.get("server services") elif use_s3fs: use_ntvfs = False - try: - domain_sid = security.dom_sid(samdb.domain_sid) - except: - raise CommandError("Unable to read domain SID from configuration files") - s3conf = s3param.get_context() s3conf.load(lp.configfile) - # ensure we are using the right samba_dsdb passdb backend, no matter what - s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) + + if is_ad_dc: + try: + samdb = SamDB(session_info=system_session(), + lp=lp) + except Exception as e: + raise CommandError("Unable to open samdb:", e) + # ensure we are using the right samba_dsdb passdb backend, no + # matter what + s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) + + try: + if is_ad_dc: + domain_sid = security.dom_sid(samdb.domain_sid) + else: + domain_sid = passdb.get_domain_sid() + except: + raise CommandError("Unable to read domain SID from configuration " + "files") setntacl(lp, file, @@ -161,11 +173,11 @@ class cmd_ntacl_get(Command): credopts=None, sambaopts=None, versionopts=None, service=None): lp = sambaopts.get_loadparm() - try: - samdb = SamDB(session_info=system_session(), - lp=lp) - except Exception as e: - raise CommandError("Unable to open samdb:", e) + + is_ad_dc = False + server_role = lp.server_role() + if server_role == "ROLE_ACTIVE_DIRECTORY_DC": + is_ad_dc = True if not use_ntvfs and not use_s3fs: use_ntvfs = "smb" in lp.get("server services") @@ -174,8 +186,16 @@ class cmd_ntacl_get(Command): s3conf = s3param.get_context() s3conf.load(lp.configfile) - # ensure we are using the right samba_dsdb passdb backend, no matter what - s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) + if is_ad_dc: + try: + samdb = SamDB(session_info=system_session(), + lp=lp) + except Exception as e: + raise CommandError("Unable to open samdb:", e) + + # ensure we are using the right samba_dsdb passdb backend, no + # matter what + s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) acl = getntacl(lp, file, @@ -186,9 +206,13 @@ class cmd_ntacl_get(Command): session_info=system_session_unix()) if as_sddl: try: - domain_sid = security.dom_sid(samdb.domain_sid) + if is_ad_dc: + domain_sid = security.dom_sid(samdb.domain_sid) + else: + domain_sid = passdb.get_domain_sid() except: - raise CommandError("Unable to read domain SID from configuration files") + raise CommandError("Unable to read domain SID from " + "configuration files") self.outf.write(acl.as_sddl(domain_sid) + "\n") else: self.outf.write(ndr_print(acl)) |