diff options
Diffstat (limited to 'source4/scripting/python/samba/netcmd')
| -rw-r--r-- | source4/scripting/python/samba/netcmd/domainlevel.py | 2 | ||||
| -rw-r--r-- | source4/scripting/python/samba/netcmd/dsacl.py | 21 |
2 files changed, 15 insertions, 8 deletions
diff --git a/source4/scripting/python/samba/netcmd/domainlevel.py b/source4/scripting/python/samba/netcmd/domainlevel.py index c97ed7bad6..1874191e1f 100644 --- a/source4/scripting/python/samba/netcmd/domainlevel.py +++ b/source4/scripting/python/samba/netcmd/domainlevel.py @@ -114,7 +114,7 @@ class cmd_domainlevel(Command): raise CommandError("Could not retrieve the actual domain, forest level and/or lowest DC function level!") if subcommand == "show": - self.message("Domain and forest function level for domain '" + domain_dn + "'") + self.message("Domain and forest function level for domain '%s'" % domain_dn) if level_forest < DS_DOMAIN_FUNCTION_2003: self.message("\nATTENTION: You run SAMBA 4 on a forest function level lower than Windows 2003 (Native). This isn't supported! Please raise!") if level_domain < DS_DOMAIN_FUNCTION_2003: diff --git a/source4/scripting/python/samba/netcmd/dsacl.py b/source4/scripting/python/samba/netcmd/dsacl.py index 58fb9c611a..17982b8119 100644 --- a/source4/scripting/python/samba/netcmd/dsacl.py +++ b/source4/scripting/python/samba/netcmd/dsacl.py @@ -57,7 +57,8 @@ class cmd_ds_acl_set(Command): } takes_options = [ - Option("--host", help="LDB URL for database or target server", type=str), + Option("--host", help="LDB URL for database or target server", + type=str), Option("--car", type="choice", choices=["change-rid", "change-pdc", "change-infrastructure", @@ -74,12 +75,15 @@ class cmd_ds_acl_set(Command): help=car_help), Option("--action", type="choice", choices=["allow", "deny"], help="""Deny or allow access"""), - Option("--objectdn", help="DN of the object whose SD to modify", type="string"), - Option("--trusteedn", help="DN of the entity that gets access", type="string"), + Option("--objectdn", help="DN of the object whose SD to modify", + type="string"), + Option("--trusteedn", help="DN of the entity that gets access", + type="string"), ] def find_trustee_sid(self, samdb, trusteedn): - res = samdb.search(base=trusteedn, expression="(objectClass=*)", scope=SCOPE_BASE) + res = samdb.search(base=trusteedn, expression="(objectClass=*)", + scope=SCOPE_BASE) assert(len(res) == 1) return ndr_unpack( security.dom_sid,res[0]["objectSid"][0]) @@ -93,18 +97,20 @@ class cmd_ds_acl_set(Command): samdb.modify(m) def read_descriptor(self, samdb, object_dn): - res = samdb.search(base=object_dn, scope=SCOPE_BASE, attrs=["nTSecurityDescriptor"]) + res = samdb.search(base=object_dn, scope=SCOPE_BASE, + attrs=["nTSecurityDescriptor"]) # we should theoretically always have an SD assert(len(res) == 1) desc = res[0]["nTSecurityDescriptor"][0] return ndr_unpack(security.descriptor, desc) def get_domain_sid(self, samdb): - res = samdb.search(base=SamDB.domain_dn(samdb), expression="(objectClass=*)", scope=SCOPE_BASE) + res = samdb.search(base=SamDB.domain_dn(samdb), + expression="(objectClass=*)", scope=SCOPE_BASE) return ndr_unpack( security.dom_sid,res[0]["objectSid"][0]) - #add new ace explicitly def add_ace(self, samdb, object_dn, new_ace): + """Add new ace explicitly.""" desc = self.read_descriptor(samdb, object_dn) desc_sddl = desc.as_sddl(self.get_domain_sid(samdb)) #TODO add bindings for descriptor manipulation and get rid of this @@ -164,6 +170,7 @@ class cmd_ds_acl_set(Command): self.add_ace(samdb, objectdn, new_ace) self.print_new_acl(samdb, objectdn) + class cmd_ds_acl(SuperCommand): """DS ACLs manipulation""" |