Web lists-archives.com

Re: [Samba] print samba-tool dsacl




Hello everyone,

since I was not able to find any tool like requested previously I did a
"quick and dirty" for samba-tool.
I copied the "class cmd_dsacl_set" to a new one "class cmd_dsacl_get" and
modified it to only print (everything needed was already implemented in
"class cmd_dsacl_set").
Attached is the according diff.

Where do I need to put this to maybe have it implemented into "samba-tool"
officially in future?

Thanks


Am Fr., 9. Nov. 2018 um 21:40 Uhr schrieb Martin Krämer <mk.maddin@xxxxxxxxx
>:

> Hey,
>
> when running "samba-tool dsacl set" it prints the new acl of the applied
> object after command has finished.
> Is there a (bash) command to only print (not set/change) the current acl
> of an object?
>
> Thanks for any help & hints
>
--- /usr/lib/python2.7/dist-packages/samba/netcmd/dsacl.py	2018-11-10 07:43:52.497062076 +0000
+++ /usr/lib/python2.7/dist-packages/samba/netcmd/dsacl.py.org	2018-11-10 07:16:21.830385931 +0000
@@ -174,64 +174,9 @@
         self.add_ace(samdb, objectdn, new_ace)
         self.print_new_acl(samdb, objectdn)
 
-class cmd_dsacl_get(Command):
-    """Print access list on a directory object."""
-
-    synopsis = "%prog [options]"
-
-    takes_optiongroups = {
-        "sambaopts": options.SambaOptions,
-        "credopts": options.CredentialsOptions,
-        "versionopts": options.VersionOptions,
-        }
-
-    takes_options = [
-        Option("-H", "--URL", help="LDB URL for database or target server",
-               type=str, metavar="URL", dest="H"),
-        Option("--objectdn", help="DN of the object whose SD to modify",
-            type="string"),
-        Option("--trusteedn", help="DN of the entity that gets access",
-            type="string"),
-        ]
-
-    def find_trustee_sid(self, samdb, trusteedn):
-        res = samdb.search(base=trusteedn, expression="(objectClass=*)",
-            scope=SCOPE_BASE)
-        assert(len(res) == 1)
-        return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
-
-    def read_descriptor(self, samdb, object_dn):
-        res = samdb.search(base=object_dn, scope=SCOPE_BASE,
-                attrs=["nTSecurityDescriptor"])
-        # we should theoretically always have an SD
-        assert(len(res) == 1)
-        desc = res[0]["nTSecurityDescriptor"][0]
-        return ndr_unpack(security.descriptor, desc)
-
-    def get_domain_sid(self, samdb):
-        res = samdb.search(base=samdb.domain_dn(),
-                expression="(objectClass=*)", scope=SCOPE_BASE)
-        return ndr_unpack( security.dom_sid,res[0]["objectSid"][0])
-
-    def print_acl(self, samdb, object_dn):
-        desc = self.read_descriptor(samdb, object_dn)
-        desc_sddl = desc.as_sddl(self.get_domain_sid(samdb))
-        self.outf.write("descriptor for %s:\n" % object_dn)
-        self.outf.write(desc_sddl + "\n")
-
-    def run(self, objectdn, trusteedn,
-            H=None, credopts=None, sambaopts=None, versionopts=None):
-        lp = sambaopts.get_loadparm()
-        creds = credopts.get_credentials(lp)
-
-        samdb = SamDB(url=H, session_info=system_session(),
-            credentials=creds, lp=lp)
-        sid = self.find_trustee_sid(samdb, trusteedn)
-        self.print_acl(samdb, objectdn)
 
 class cmd_dsacl(SuperCommand):
     """DS ACLs manipulation."""
 
     subcommands = {}
     subcommands["set"] = cmd_dsacl_set()
-    subcommands["get"] = cmd_dsacl_get()
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba