From: Björn Baumbach Date: Mon, 17 Jun 2019 12:20:56 +0000 (+0200) Subject: samba-tool ntacl: consolidate code for getting the local domain sid X-Git-Tag: ldb-2.0.5~353 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0eee621cf1781e9c5ec68fd1a7c7cf5eab4e74b6;p=thirdparty%2Fsamba.git samba-tool ntacl: consolidate code for getting the local domain sid Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher --- diff --git a/python/samba/netcmd/ntacl.py b/python/samba/netcmd/ntacl.py index b5dbc1fcf54..e366ee72554 100644 --- a/python/samba/netcmd/ntacl.py +++ b/python/samba/netcmd/ntacl.py @@ -46,6 +46,36 @@ def system_session_unix(): return session_info_unix +def get_local_domain_sid(lp): + is_ad_dc = False + server_role = lp.server_role() + if server_role == "ROLE_ACTIVE_DIRECTORY_DC": + is_ad_dc = True + + s3conf = s3param.get_context() + s3conf.load(lp.configfile) + + if is_ad_dc: + try: + samdb = SamDB(session_info=system_session(), + lp=lp) + except Exception as e: + raise CommandError("Unable to open samdb:", e) + # ensure we are using the right samba_dsdb passdb backend, no + # matter what + s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) + + try: + if is_ad_dc: + domain_sid = security.dom_sid(samdb.domain_sid) + else: + domain_sid = passdb.get_domain_sid() + except: + raise CommandError("Unable to read domain SID from configuration " + "files") + return domain_sid + + class cmd_ntacl_set(Command): """Set ACLs on a file.""" @@ -75,39 +105,13 @@ class cmd_ntacl_set(Command): service=None): logger = self.get_logger() lp = sambaopts.get_loadparm() - - is_ad_dc = False - server_role = lp.server_role() - if server_role == "ROLE_ACTIVE_DIRECTORY_DC": - is_ad_dc = True + domain_sid = get_local_domain_sid(lp) if not use_ntvfs and not use_s3fs: use_ntvfs = "smb" in lp.get("server services") elif use_s3fs: use_ntvfs = False - s3conf = s3param.get_context() - s3conf.load(lp.configfile) - - if is_ad_dc: - try: - samdb = SamDB(session_info=system_session(), - lp=lp) - except Exception as e: - raise CommandError("Unable to open samdb:", e) - # ensure we are using the right samba_dsdb passdb backend, no - # matter what - s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) - - try: - if is_ad_dc: - domain_sid = security.dom_sid(samdb.domain_sid) - else: - domain_sid = passdb.get_domain_sid() - except: - raise CommandError("Unable to read domain SID from configuration " - "files") - setntacl(lp, file, acl, @@ -171,30 +175,13 @@ class cmd_ntacl_get(Command): credopts=None, sambaopts=None, versionopts=None, service=None): lp = sambaopts.get_loadparm() - - is_ad_dc = False - server_role = lp.server_role() - if server_role == "ROLE_ACTIVE_DIRECTORY_DC": - is_ad_dc = True + domain_sid = get_local_domain_sid(lp) if not use_ntvfs and not use_s3fs: use_ntvfs = "smb" in lp.get("server services") elif use_s3fs: use_ntvfs = False - s3conf = s3param.get_context() - s3conf.load(lp.configfile) - if is_ad_dc: - try: - samdb = SamDB(session_info=system_session(), - lp=lp) - except Exception as e: - raise CommandError("Unable to open samdb:", e) - - # ensure we are using the right samba_dsdb passdb backend, no - # matter what - s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) - acl = getntacl(lp, file, xattr_backend, @@ -203,14 +190,6 @@ class cmd_ntacl_get(Command): service=service, session_info=system_session_unix()) if as_sddl: - try: - if is_ad_dc: - domain_sid = security.dom_sid(samdb.domain_sid) - else: - domain_sid = passdb.get_domain_sid() - except: - raise CommandError("Unable to read domain SID from " - "configuration files") self.outf.write(acl.as_sddl(domain_sid) + "\n") else: self.outf.write(ndr_print(acl))