From 0eee621cf1781e9c5ec68fd1a7c7cf5eab4e74b6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bj=C3=B6rn=20Baumbach?= Date: Mon, 17 Jun 2019 14:20:56 +0200 Subject: [PATCH] samba-tool ntacl: consolidate code for getting the local domain sid MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher --- python/samba/netcmd/ntacl.py | 85 ++++++++++++++---------------------- 1 file changed, 32 insertions(+), 53 deletions(-) diff --git a/python/samba/netcmd/ntacl.py b/python/samba/netcmd/ntacl.py index b5dbc1fcf54..e366ee72554 100644 --- a/python/samba/netcmd/ntacl.py +++ b/python/samba/netcmd/ntacl.py @@ -46,6 +46,36 @@ def system_session_unix(): return session_info_unix +def get_local_domain_sid(lp): + is_ad_dc = False + server_role = lp.server_role() + if server_role == "ROLE_ACTIVE_DIRECTORY_DC": + is_ad_dc = True + + s3conf = s3param.get_context() + s3conf.load(lp.configfile) + + if is_ad_dc: + try: + samdb = SamDB(session_info=system_session(), + lp=lp) + except Exception as e: + raise CommandError("Unable to open samdb:", e) + # ensure we are using the right samba_dsdb passdb backend, no + # matter what + s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) + + try: + if is_ad_dc: + domain_sid = security.dom_sid(samdb.domain_sid) + else: + domain_sid = passdb.get_domain_sid() + except: + raise CommandError("Unable to read domain SID from configuration " + "files") + return domain_sid + + class cmd_ntacl_set(Command): """Set ACLs on a file.""" @@ -75,39 +105,13 @@ class cmd_ntacl_set(Command): service=None): logger = self.get_logger() lp = sambaopts.get_loadparm() - - is_ad_dc = False - server_role = lp.server_role() - if server_role == "ROLE_ACTIVE_DIRECTORY_DC": - is_ad_dc = True + domain_sid = get_local_domain_sid(lp) if not use_ntvfs and not use_s3fs: use_ntvfs = "smb" in lp.get("server services") elif use_s3fs: use_ntvfs = False - s3conf = s3param.get_context() - s3conf.load(lp.configfile) - - if is_ad_dc: - try: - samdb = SamDB(session_info=system_session(), - lp=lp) - except Exception as e: - raise CommandError("Unable to open samdb:", e) - # ensure we are using the right samba_dsdb passdb backend, no - # matter what - s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) - - try: - if is_ad_dc: - domain_sid = security.dom_sid(samdb.domain_sid) - else: - domain_sid = passdb.get_domain_sid() - except: - raise CommandError("Unable to read domain SID from configuration " - "files") - setntacl(lp, file, acl, @@ -171,30 +175,13 @@ class cmd_ntacl_get(Command): credopts=None, sambaopts=None, versionopts=None, service=None): lp = sambaopts.get_loadparm() - - is_ad_dc = False - server_role = lp.server_role() - if server_role == "ROLE_ACTIVE_DIRECTORY_DC": - is_ad_dc = True + domain_sid = get_local_domain_sid(lp) if not use_ntvfs and not use_s3fs: use_ntvfs = "smb" in lp.get("server services") elif use_s3fs: use_ntvfs = False - s3conf = s3param.get_context() - s3conf.load(lp.configfile) - if is_ad_dc: - try: - samdb = SamDB(session_info=system_session(), - lp=lp) - except Exception as e: - raise CommandError("Unable to open samdb:", e) - - # ensure we are using the right samba_dsdb passdb backend, no - # matter what - s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) - acl = getntacl(lp, file, xattr_backend, @@ -203,14 +190,6 @@ class cmd_ntacl_get(Command): service=service, session_info=system_session_unix()) if as_sddl: - try: - if is_ad_dc: - domain_sid = security.dom_sid(samdb.domain_sid) - else: - domain_sid = passdb.get_domain_sid() - except: - raise CommandError("Unable to read domain SID from " - "configuration files") self.outf.write(acl.as_sddl(domain_sid) + "\n") else: self.outf.write(ndr_print(acl)) -- 2.47.3