Univention Bugzilla – Attachment 5701 Details for
Bug 33751
sysvol-sync: GPO ACL's changes on the master can be overwritten
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
sysvol_dsacl_to_ntacl.py
sysvol_dsacl_to_ntacl.py (text/plain), 2.18 KB, created by
Arvid Requate
on 2013-12-16 18:50:33 CET
(
hide
)
Description:
sysvol_dsacl_to_ntacl.py
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2013-12-16 18:50:33 CET
Size:
2.18 KB
patch
obsolete
>#!/usr/bin/python >from samba.param import LoadParm >from samba.dcerpc import security, idmap >from samba.auth import system_session >from samba.samdb import SamDB >from samba.samba3 import param as s3param, passdb >from samba import provision > >def sysvol_dsacl_to_ntacl(): > lp = LoadParm() > lp.load('/etc/samba/smb.conf') > path = lp.private_path("secrets.ldb") > > netlogon = lp.get("path", "netlogon") > sysvol = lp.get("path", "sysvol") > try: > samdb = SamDB(session_info=system_session(), > lp=lp) > except Exception, e: > print "Unable to open samdb: %s" % (e,) > raise "Unable to open samdb: %s" % (e,) > > use_ntvfs = "smb" in lp.get("server services") > > domain_sid = security.dom_sid(samdb.domain_sid) > > s3conf = s3param.get_context() > s3conf.load(lp.configfile) > # ensure we are using the right samba_dsdb passdb backend, no matter what > s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) > > LA_sid = security.dom_sid(str(domain_sid) > +"-"+str(security.DOMAIN_RID_ADMINISTRATOR)) > BA_sid = security.dom_sid(security.SID_BUILTIN_ADMINISTRATORS) > > s4_passdb = passdb.PDB(s3conf.get("passdb backend")) > > # These assertions correct for current plugin_s4_dc selftest > # configuration. When other environments have a broad range of > # groups mapped via passdb, we can relax some of these checks > (LA_uid,LA_type) = s4_passdb.sid_to_id(LA_sid) > if (LA_type != idmap.ID_TYPE_UID and LA_type != idmap.ID_TYPE_BOTH): > raise CommandError("SID %s is not mapped to a UID" % LA_sid) > (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid) > if (BA_type != idmap.ID_TYPE_GID and BA_type != idmap.ID_TYPE_BOTH): > raise CommandError("SID %s is not mapped to a GID" % BA_sid) > > s3conf = s3param.get_context() > s3conf.load(lp.configfile) > # ensure we are using the right samba_dsdb passdb backend, no matter what > s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url) > passdb.reload_static_pdb() > > # ensure that we init the samba_dsdb backend, so the domain sid is > # marked in secrets.tdb > s4_passdb = passdb.PDB(s3conf.get("passdb backend")) > > provision.set_gpos_acl(sysvol, lp.get("realm").lower(), domain_sid, samdb.domain_dn(), samdb, lp, use_ntvfs=use_ntvfs, passdb=s4_passdb) > >if __name__ == '__main__': > sysvol_dsacl_to_ntacl()
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5701">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 33751
: 5701 |
5731
|
5743
|
5930