|
72 |
domain_sid = security.dom_sid(s4connector.s4_sid) |
72 |
domain_sid = security.dom_sid(s4connector.s4_sid) |
73 |
return decode_sd_in_ndr_to_sddl(domain_sid, ntsd_ndr) |
73 |
return decode_sd_in_ndr_to_sddl(domain_sid, ntsd_ndr) |
74 |
|
74 |
|
|
|
75 |
# Pre-modify function |
76 |
|
77 |
def ntsd_is_unchanged_in_s4(s4connector, key, object): |
78 |
(s4_dn, s4_attributes) = s4connector.lo_s4.lo.search_s(s4_dn, ldap.SCOPE_BASE, '(objectClass=*)', ['nTSecurityDescriptor', 'uSNChanged', 'objectGUID'])[0] |
79 |
ntsd_ndr = s4_attributes.get('nTSecurityDescriptor') |
80 |
if ntsd_ndr: |
81 |
domain_sid = security.dom_sid(s4connector.s4_sid) |
82 |
s4_ntsd_sddl = decode_sd_in_ndr_to_sddl(domain_sid, ntsd_ndr[0]) |
83 |
if s4_ntsd_sddl == ucs_ntsd_sddl: |
84 |
ud.debug(ud.LDAP, ud.INFO, 'ntsd_to_s4: nTSecurityDescriptors are equal') |
85 |
return True |
86 |
|
87 |
guid_blob = s4_attributes.get('objectGUID')[0] |
88 |
objectGUID = str(ndr_unpack(misc.GUID, guid_blob)) |
89 |
old_s4_object = s4connector.s4cache.get_entry(objectGUID) |
90 |
if old_s4_object: |
91 |
if old_s4_object.get('uSNChanged')[0] != s4_attributes.get('uSNChanged')[0]: |
92 |
ud.debug(ud.LDAP, ud.PROCESS, "ntsd_to_s4: skipping, S4-Object changed: %s" % object['dn']) |
93 |
return False |
94 |
return True |
95 |
|
75 |
# Post-create/modify functions |
96 |
# Post-create/modify functions |
76 |
|
97 |
|
77 |
|
98 |
|
|
88 |
return |
109 |
return |
89 |
|
110 |
|
90 |
ucs_ntsd_sddl = object['attributes']['msNTSecurityDescriptor'][0] |
111 |
ucs_ntsd_sddl = object['attributes']['msNTSecurityDescriptor'][0] |
91 |
(s4_dn, s4_attributes) = s4connector.lo_s4.lo.search_s(s4_dn, ldap.SCOPE_BASE, '(objectClass=*)', ['nTSecurityDescriptor', 'uSNChanged' , 'objectGUID'])[0] |
112 |
(s4_dn, s4_attributes) = s4connector.lo_s4.lo.search_s(s4_dn, ldap.SCOPE_BASE, '(objectClass=*)', ['nTSecurityDescriptor', 'objectGUID'])[0] |
92 |
ntsd_ndr = s4_attributes.get('nTSecurityDescriptor') |
113 |
ntsd_ndr = s4_attributes.get('nTSecurityDescriptor') |
93 |
if ntsd_ndr: |
114 |
if ntsd_ndr: |
94 |
domain_sid = security.dom_sid(s4connector.s4_sid) |
115 |
domain_sid = security.dom_sid(s4connector.s4_sid) |
|
97 |
ud.debug(ud.LDAP, ud.INFO, 'ntsd_to_s4: nTSecurityDescriptors are equal') |
118 |
ud.debug(ud.LDAP, ud.INFO, 'ntsd_to_s4: nTSecurityDescriptors are equal') |
98 |
return |
119 |
return |
99 |
|
120 |
|
100 |
guid_blob = s4_attributes.get('objectGUID')[0] |
|
|
101 |
objectGUID = str(ndr_unpack(misc.GUID, guid_blob)) |
102 |
old_s4_object = s4connector.s4cache.get_entry(objectGUID) |
103 |
if old_s4_object: |
104 |
if old_s4_object.get('uSNChanged')[0] != s4_attributes.get('uSNChanged')[0]: |
105 |
ud.debug(ud.LDAP, ud.PROCESS, "ntsd_to_s4: skipping, S4-Object changed: %s" % object['dn']) |
106 |
return |
107 |
|
108 |
ud.debug(ud.LDAP, ud.INFO, 'ntsd_to_s4: changing nTSecurityDescriptor from %s to %s' % (s4_ntsd_sddl, ucs_ntsd_sddl)) |
121 |
ud.debug(ud.LDAP, ud.INFO, 'ntsd_to_s4: changing nTSecurityDescriptor from %s to %s' % (s4_ntsd_sddl, ucs_ntsd_sddl)) |
109 |
|
122 |
|
110 |
ucs_ntsd_ndr = encode_sddl_to_sd_in_ndr(domain_sid, ucs_ntsd_sddl) |
123 |
ucs_ntsd_ndr = encode_sddl_to_sd_in_ndr(domain_sid, ucs_ntsd_sddl) |