or security.descriptor object
"""
m = Message()
- m.dn = Dn(self.ldb, object_dn)
+ if isinstance(object_dn, Dn):
+ m.dn = object_dn
+ else:
+ m.dn = Dn(self.ldb, object_dn)
+
assert(isinstance(sd, str) or isinstance(sd, security.descriptor))
if isinstance(sd, str):
tmp_desc = security.descriptor.from_sddl(sd, self.domain_sid)
tmp_desc = sd
m["nTSecurityDescriptor"] = MessageElement(ndr_pack(tmp_desc),
- FLAG_MOD_REPLACE,
- "nTSecurityDescriptor")
+ FLAG_MOD_REPLACE,
+ "nTSecurityDescriptor")
self.ldb.modify(m, controls)
def read_sd_on_dn(self, object_dn, controls=None):
def dacl_add_ace(self, object_dn, ace):
"""Add an ACE to an objects security descriptor
"""
- desc = self.read_sd_on_dn(object_dn)
+ desc = self.read_sd_on_dn(object_dn, ["show_deleted:1"])
desc_sddl = desc.as_sddl(self.domain_sid)
if ace in desc_sddl:
return
desc_sddl[desc_sddl.index("("):])
else:
desc_sddl = desc_sddl + ace
- self.modify_sd_on_dn(object_dn, desc_sddl)
+ self.modify_sd_on_dn(object_dn, desc_sddl, ["show_deleted:1"])
- def get_sd_as_sddl(self, object_dn, controls=None):
+ def get_sd_as_sddl(self, object_dn, controls=[]):
"""Return object nTSecutiryDescriptor in SDDL format
"""
- desc = self.read_sd_on_dn(object_dn, controls=controls)
+ desc = self.read_sd_on_dn(object_dn, controls + ["show_deleted:1"])
return desc.as_sddl(self.domain_sid)