python: samdb: Move get_connecting_user_sid to samdb

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/samdb.py b/python/samba/samdb.py
index cab11d635d25be37a210c08c2da1ba10aad1b264..6bd8262ad04bbf7c625a0146ba4430cd826aa07b 100644 (file)
--- a/python/samba/samdb.py
+++ b/python/samba/samdb.py
@@ -962,6 +962,11 @@ accountExpires: %u
     domain_sid = property(get_domain_sid, set_domain_sid,
                           doc="SID for the domain")
 
+    def get_connecting_user_sid(self):
+        """Returns the SID of the connected user."""
+        msg = self.search(base="", scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])[0]
+        return str(ndr_unpack(security.dom_sid, msg["tokenGroups"][0]))
+
     def set_invocation_id(self, invocation_id):
         """Set the invocation id for this SamDB handle.
 

diff --git a/python/samba/tests/samba_tool/user_getpassword_gmsa.py b/python/samba/tests/samba_tool/user_getpassword_gmsa.py
index 95187703f41009c8e7a541215f44ca832705858f..967ec9e49c3706a79dc1c5477b64e49932fb11a2 100644 (file)
--- a/python/samba/tests/samba_tool/user_getpassword_gmsa.py
+++ b/python/samba/tests/samba_tool/user_getpassword_gmsa.py
@@ -69,8 +69,7 @@ class GMSAPasswordTest(BlackboxTestCase):
         cls.base_dn = f"CN=Managed Service Accounts,{cls.samdb.domain_dn()}"
         cls.user_dn = f"CN={cls.username},{cls.base_dn}"
 
-        msg = cls.samdb.search(base="", scope=SCOPE_BASE, attrs=["tokenGroups"])[0]
-        connecting_user_sid = str(ndr_unpack(security.dom_sid, msg["tokenGroups"][0]))
+        connecting_user_sid = cls.samdb.get_connecting_user_sid()
 
         domain_sid = security.dom_sid(cls.samdb.get_domain_sid())
         allow_sddl = f"O:SYD:(A;;RP;;;{connecting_user_sid})"