ds_sd = ndr_unpack(security.descriptor, ds_sd_ndr).as_sddl()
# Create a file system security descriptor
- domain_sid = self.samdb.get_domain_sid()
+ domain_sid = security.dom_sid(self.samdb.get_domain_sid())
sddl = dsacl2fsacl(ds_sd, domain_sid)
- fs_sd = security.descriptor.from_sddl(sddl, security.dom_sid(domain_sid))
+ fs_sd = security.descriptor.from_sddl(sddl, domain_sid)
# Set ACL
sio = ( security.SECINFO_OWNER |
return filemask
-def dsacl2fsacl(dssddl, domsid):
+def dsacl2fsacl(dssddl, sid):
"""
This function takes an the SDDL representation of a DS
ACL and return the SDDL representation of this ACL adapted
for files. It's used for Policy object provision
"""
- sid = security.dom_sid(domsid)
ref = security.descriptor.from_sddl(dssddl, sid)
fdescr = security.descriptor()
fdescr.owner_sid = ref.owner_sid
acl = ndr_unpack(security.descriptor,
str(policy["nTSecurityDescriptor"])).as_sddl()
policy_path = getpolicypath(sysvol, dnsdomain, str(policy["cn"]))
- set_dir_acl(policy_path, dsacl2fsacl(acl, str(domainsid)), lp,
+ set_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
str(domainsid), use_ntvfs,
passdb=passdb)
acl = ndr_unpack(security.descriptor,
str(policy["nTSecurityDescriptor"])).as_sddl()
policy_path = getpolicypath(sysvol, dnsdomain, str(policy["cn"]))
- check_dir_acl(policy_path, dsacl2fsacl(acl, str(domainsid)), lp,
+ check_dir_acl(policy_path, dsacl2fsacl(acl, domainsid), lp,
domainsid, direct_db_access)