diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-08-23 10:37:46 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-08-23 15:02:26 +0200 |
| commit | ebcdc4a36be9b79325b11ec0c44a43db93e29519 (patch) | |
| tree | 6973d52f33386d3d55f4cd812e2985e3994e7e5f /source4/scripting/python/samba/netcmd | |
| parent | 0aed29105e9d8ddcd27a70d7af820da8813ca47b (diff) | |
| download | samba-ebcdc4a36be9b79325b11ec0c44a43db93e29519.tar.gz samba-ebcdc4a36be9b79325b11ec0c44a43db93e29519.tar.xz samba-ebcdc4a36be9b79325b11ec0c44a43db93e29519.zip | |
s4-samba-tool: Add samba-tool ntacl sysvolcheck command
This command verifies that the current on-disk ACLs match the directory and
the defaults from provision.
Unlike sysvolreset, this does not change any of the permissions.
Andrew Bartlett
Diffstat (limited to 'source4/scripting/python/samba/netcmd')
| -rw-r--r-- | source4/scripting/python/samba/netcmd/ntacl.py | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/netcmd/ntacl.py b/source4/scripting/python/samba/netcmd/ntacl.py index 81217b76d6b..4a0c91c2894 100644 --- a/source4/scripting/python/samba/netcmd/ntacl.py +++ b/source4/scripting/python/samba/netcmd/ntacl.py @@ -179,6 +179,39 @@ class cmd_ntacl_sysvolreset(Command): lp.get("realm").lower(), samdb.domain_dn(), lp, use_ntvfs=use_ntvfs) +class cmd_ntacl_sysvolcheck(Command): + """Check sysvol ACLs match defaults (including correct ACLs on GPOs)""" + synopsis = "%prog <file> [options]" + + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "credopts": options.CredentialsOptions, + "versionopts": options.VersionOptions, + } + + def run(self, + credopts=None, sambaopts=None, versionopts=None): + lp = sambaopts.get_loadparm() + path = lp.private_path("secrets.ldb") + creds = credopts.get_credentials(lp) + creds.set_kerberos_state(DONT_USE_KERBEROS) + logger = self.get_logger() + + netlogon = lp.get("path", "netlogon") + sysvol = lp.get("path", "sysvol") + try: + samdb = SamDB(session_info=system_session(), + lp=lp) + except Exception, e: + raise CommandError("Unable to open samdb:", e) + + domain_sid = security.dom_sid(samdb.domain_sid) + + provision.checksysvolacl(samdb, netlogon, sysvol, + domain_sid, + lp.get("realm").lower(), samdb.domain_dn(), + lp) + class cmd_ntacl(SuperCommand): """NT ACLs manipulation""" @@ -187,4 +220,5 @@ class cmd_ntacl(SuperCommand): subcommands["set"] = cmd_ntacl_set() subcommands["get"] = cmd_ntacl_get() subcommands["sysvolreset"] = cmd_ntacl_sysvolreset() + subcommands["sysvolcheck"] = cmd_ntacl_sysvolcheck() |