a “I_æoã@sjdZddlmZddlmZddlmZddlZddlZdd„Z ifdd „Z ifd d „Z ifd d „Z ifdd„Z ifdd„Zifdd„Zifdd„Zifdd„Zifdd„Zifdd„Zifdd„Zifdd„Zifd d!„Zifd"d#„Zifd$d%„Zifd&d'„Zifd(d)„Zifd*d+„Zifd,d-„Zifd.d/„Zifd0d1„Zd2d3„Zd4d5„Z d6d7„Z!d8d9„Z"d=d;d<„Z#dS)>zFFunctions for setting up a Samba configuration (security descriptors).é)Úsecurity)Úndr_pack)Úget_schema_descriptorNcCs<d|}| ¡D]\}}| ||¡}qtj ||¡}t|ƒS)Nú%s)ÚitemsÚreplacerÚ descriptorZ from_sddlr)Zsddl_inÚ domain_sidÚname_mapÚsddlÚnameZsidZsec©r ú2/usr/lib/python3/dist-packages/samba/descriptor.pyÚ sddl2binary&s rcCsd}t|||ƒS)NÚ©r©r r r r r rÚget_empty_descriptor0srcCsd}t|||ƒS)Na O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;CIIO;RPWPCRCCLCLORCWOWDSDSW;;;DA)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)S:(AU;SA;WPWOWD;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)rrr r rÚget_config_descriptor7srcCsd}t|||ƒS)NaD:(A;;LCLORC;;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;RP;d31a8757-2447-4545-8081-3bb610cacbf2;;AU)(OA;;RP;66171887-8f3c-11d0-afda-00c04fd930c9;;AU)(OA;;RP;032160bf-9824-11d1-aec0-0000f80367c1;;AU)(OA;;RP;789ee1eb-8c8e-4e4c-8cec-79b31b7617b5;;AU)(OA;;RP;5706aeaf-b940-4fb2-bcfc-5268683ad9fe;;AU)(A;;RPWPCRCCLCLORCWOWDSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;ED)(OA;CIIO;WP;3df793df-9858-4417-a701-735a1ecebf74;bf967a8d-0de6-11d0-a285-00aa003049e2;BA)S:(AU;CISA;WPCRCCDCWOWDSDDT;;;WD)rrr r rÚ get_config_partitions_descriptorJsrcCsd}t|||ƒS)NaD:(A;;RPLCLORC;;;AU)(OA;CIIO;SW;d31a8757-2447-4545-8081-3bb610cacbf2;f0f8ffab-1191-11d0-a060-00aa006c33ed;ER)(A;;RPWPCRCCLCLORCWOWDSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:(AU;CISA;CCDCSDDT;;;WD)(OU;CIIOSA;CR;;f0f8ffab-1191-11d0-a060-00aa006c33ed;WD)(OU;CIIOSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967ab3-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967ab3-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOSA;WP;3e10944c-c354-11d0-aff8-0000f80367c1;b7b13124-b82e-11d0-afee-0000f80367c1;WD)rrr r rÚget_config_sites_descriptor\s rcCsd}t|||ƒS)NziD:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPLCLORC;;;BA)(OA;;CR;4ecc03fe-ffc0-4947-b630-eb672a8a9dbc;;WD)rrr r rÚ!get_config_ntds_quotas_descriptorksrcCsd}t|||ƒS)NzXD:AI(A;;RPLCLORC;;;AU)(A;;RPWPCRCCLCLORCWOWDSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)rrr r rÚ'get_config_delete_protected1_descriptorssrcCsd}t|||ƒS)NzXD:AI(A;;RPLCLORC;;;WD)(A;;RPWPCRCCLCLORCWOWDSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)rrr r rÚ)get_config_delete_protected1wd_descriptor{srcCsd}t|||ƒS)NzZD:AI(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)rrr r rÚ'get_config_delete_protected2_descriptorƒsrcCsd}t|||ƒS)Na O:BAG:BAD:AI(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;IF)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;CIIO;RPLCLORC;;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;;RPWPCRCCLCLORCWOWDSW;;;DA)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPRC;;;RU)(A;CI;LC;;;RU)(A;CI;RPWPCRCCLCLORCWOWDSDSW;;;BA)(A;;RP;;;WD)(A;;RPLCLORC;;;ED)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPWOWD;;;WD)rrr r rÚget_domain_descriptor‹s1rcCsd}t|||ƒS)NziD:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:(AU;SA;WPCR;;;WD)rrr r rÚ$get_domain_infrastructure_descriptorÀsrcCsd}t|||ƒS)Na D:(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;IF)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;CIIO;RPLCLORC;;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;;RPWPCRCCLCLORCWOWDSW;;;DA)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPRC;;;RU)(A;CI;LC;;;RU)(A;CI;RPWPCRCCLCLORCWOWDSDSW;;;BA)(A;;RP;;;WD)(A;;RPLCLORC;;;ED)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPWOWD;;;WD)rrr r rÚget_domain_builtin_descriptorÊs5rcCsd}t|||ƒS)NaYD:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(OA;;CCDC;4828cc14-1437-45bc-9b07-ad6f015e5f28;;AO)S:rrr r rÚget_domain_computers_descriptors rcCsd}t|||ƒS)Na&D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(OA;;CCDC;4828cc14-1437-45bc-9b07-ad6f015e5f28;;AO)S:rrr r rÚget_domain_users_descriptors rcCsd}t|||ƒS)NzóD:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(OA;;CCDC;ce206244-5827-4a86-ba1c-1c0c386c1b64;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(A;;RPLCLORC;;;AU)S:rrr r rÚ'get_managed_service_accounts_descriptorsr cCsd}t|||ƒS)Nz”D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;ED)S:(AU;SA;CCDCWOWDSDDT;;;WD)(AU;CISA;WP;;;WD)rrr r rÚ!get_domain_controllers_descriptor*sr!cCsd}t|||ƒS)NzXD:AI(A;;RPLCLORC;;;AU)(A;;RPWPCRCCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)rrr r rÚ'get_domain_delete_protected1_descriptor6sr"cCsd}t|||ƒS)NzZD:AI(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)rrr r rÚ'get_domain_delete_protected2_descriptor>sr#cCsd}t|||ƒS)Na O:SYG:BAD:AI(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;IF)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;CIIO;RPLCLORC;;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;;RPWPCRCCLCLORCWOWDSW;;;DA)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;;RPRC;;;RU)(A;CI;LC;;;RU)(A;CI;RPWPCRCCLCLORCWOWDSDSW;;;BA)(A;;RP;;;WD)(A;;RPLCLORC;;;ED)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:AI(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPWOWD;;;WD)rrr r rÚget_dns_partition_descriptorFs3r$cCsd}t|||ƒS)NzTO:SYG:SYD:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)rrr r rÚ'get_dns_forest_microsoft_dns_descriptor}sr%cCsd}t|||ƒS)Nz£O:SYG:SYD:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;DnsAdmins)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)rrr r rÚ'get_dns_domain_microsoft_dns_descriptor„sr&cCsd}t|||ƒS)Nz‡O:SubdomainAdminsG:SubdomainAdminsD:AI(A;;RPWPCRCCLCLORCWOWDSW;;;SubdomainAdmins)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)rrr r rÚ+get_paritions_crossref_subdomain_descriptorsr'cCsÊt |dt| ¡ƒ¡tft |dt| ¡ƒ¡tft |dt| ¡ƒ¡tft |dt| ¡ƒ¡tft |dt| ¡ƒ¡tft |dt| ¡ƒ¡t ft |dt| ¡ƒ¡t ft |dt| ¡ƒ¡t ft |d t| ¡ƒ¡t ft |dt|  ¡ƒ¡tft |d t|  ¡ƒ¡tft |d t|  ¡ƒ¡tft |d t|  ¡ƒ¡tft |d t|  ¡ƒ¡tft |dt|  ¡ƒ¡tft |dt|  ¡ƒ¡tft |dt|  ¡ƒ¡tft |dt|  ¡ƒ¡tft |dt|  ¡ƒ¡tft |dt|  ¡ƒ¡tft |dt| ¡ƒ¡tfg}|jddtjdgd}|ddD]z}t |dt| ¡ƒ¡}t || d¡¡|kr t |dt|ƒ¡tf}| |¡t |dt|ƒ¡tf}| |¡t |dt|ƒ¡tf}| |¡t |dt|ƒ¡tf}| |¡qHt |dt| ¡ƒ¡}t || d¡¡|krHt |dt|ƒ¡tf}| |¡t |dt|ƒ¡tf}| |¡t |dt|ƒ¡tf}| |¡t |dt|ƒ¡t f}| |¡qH|S)NrzCN=LostAndFound,%sz CN=System,%szCN=Infrastructure,%sz CN=Builtin,%szCN=Computers,%sz CN=Users,%szOU=Domain Controllers,%szCN=MicrosoftDNS,CN=System,%szCN=NTDS Quotas,%szCN=LostAndFoundConfig,%szCN=Services,%szCN=Physical Locations,%sz#CN=WellKnown Security Principals,%szCN=ForestUpdates,%szCN=DisplaySpecifiers,%szCN=Extended-Rights,%szCN=Partitions,%sz CN=Sites,%sz(objectClass=*)rZnamingContexts)Z expressionÚbaseZscopeÚattrsrzDC=ForestDnsZones,%sÚutf8zCN=MicrosoftDNS,%szDC=DomainDnsZones,%s)ÚldbZDnÚstrZ domain_dnrr#r"rrrrr!r&Zget_config_basednrrrrrrrZget_schema_basednrÚsearchZ SCOPE_BASEZget_root_basednÚdecoder$Úappendr%)ZsamdbZ subcontainersZcurrentZncZ dnsforestdnÚcZ dnsdomaindnr r rÚget_wellknown_sds•széþ ÿ ÿ ÿ  ÿ ÿ ÿr1cCs\t d¡}| |¡}i}g|d<|D]2}t|dƒdkrD|d|d<|d |d¡q$|S)zzReturn separate ACE of an ACL :param acl: A string representing the ACL :return: A hash with different parts z(\w+)?(\(.*?\))ÚacesrÚflagsé)ÚreÚcompileÚfindallÚlenr/)ZaclÚpÚtabÚhashÚer r rÚ chunck_aclØs   r=cCs†t d¡}| |¡}i}|D]d}|ddkr8|d|d<|ddkrP|d|d<|ddkrh|d|d <|dd kr|d|d <q|S) z¡ Return separate parts of the SDDL (owner, group, ...) :param sddl: An string containing the SDDL to chunk :return: A hash with the different chunk z([OGDS]:)(.*?)(?=(?:[GDS]:|$))rzO:r4ÚownerzG:ÚgroupzD:ÚdaclzS:Úsacl)r5r6r7)r r9r:r;r<r r rÚ chunck_sddlìs         rBcCsÀt ¡}|j|_|j|_|j|_|j|_g}|jdur>|jj}tdt |ƒƒD]$}||}|j tj @sL|  |¡qLqLg}|j durˆ|j j}tdt |ƒƒD]$}||}|j tj @s–| |¡q–q–|S)zvGet the SD without any inherited ACEs :param sd: SD to strip :return: An SD with inherited ACEs stripped Nr)rrZ owner_sidZ group_sidÚtypeZrevisionrAr2Úranger8r3ZSEC_ACE_FLAG_INHERITED_ACEZsacl_addr@Zdacl_add)ZsdZsd_cleanr2ÚiZacer r rÚ get_clean_sds,      rFTcCsút|ƒ |¡}t|ƒ |¡}d}t|ƒ}t|ƒ}d|vr>d}n,d|vrj|d|dkrjd|d|df}d|vr|d|}n.d|vrª|d|dkrªd||d|df}dg} |r¾|  d ¡| D]0} | |vr¶| |vr¶tƒ} tƒ} t|| ƒ} t|| ƒ}| d D]}|  |¡q|d D]}|  |¡q"t| ƒD]$}|| vr<|  |¡|  |¡qz No owner in current SDz, Owner mismatch: %s (in ref) %s(in current) r?z%s No group in current SDz.%s Group mismatch: %s (in ref) %s(in current) r@rAr2rzJ%s Part %s is different between reference and current here is the detail: z+%s %s ACE is not present in the reference z)%s %s ACE is not present in the current z"%s Reference ACL hasn't a %s part z %s Current ACL hasn't a %s part ) rFZas_sddlrBr/Úsetr=ÚaddÚremover8)ZrefsdZcursdZ domainsidZ checkSaclZcursddlZrefsddlZtxtZhash_curZhash_refÚpartsÚpartZh_curZh_refZc_curZc_refÚelemÚkÚitemr r rÚ get_diff_sds'sf ÿ ÿ         ÿÿÿ rO)T)$Ú__doc__Z samba.dcerpcrZ samba.ndrrZ samba.schemarr+r5rrrrrrrrrrrrrrr r!r"r#r$r%r&r'r1r=rBrFrOr r r rÚs@            5 9    7  C#