a cl_%@sddlmZddlmZddlmZddlmZm Z ddl m Z m Z m Z mZmZmZmZmZmZmZmZmZmZddlZddlmZddlZddlmZddlmZmZm Z m!Z!Gd d d eZ"Gd d d eZ#Gd dde Z$dS)N)security)SamDB) ndr_unpackndr_pack) GUID_DRS_ALLOCATE_RIDSGUID_DRS_CHANGE_DOMAIN_MASTERGUID_DRS_CHANGE_INFR_MASTERGUID_DRS_CHANGE_PDCGUID_DRS_CHANGE_RID_MASTERGUID_DRS_CHANGE_SCHEMA_MASTERGUID_DRS_GET_CHANGESGUID_DRS_GET_ALL_CHANGES GUID_DRS_GET_FILTERED_ATTRIBUTESGUID_DRS_MANAGE_TOPOLOGYGUID_DRS_MONITOR_TOPOLOGYGUID_DRS_REPL_SYNCRONIZEGUID_DRS_RO_REPL_SECRET_SYNC) SCOPE_BASE)system_session)Command CommandError SuperCommandOptionc @seZdZdZdZdZejejej dZ e ddde dd d e d d gd ede dd ddgdde dddde dddde ddddgZ ddZd+ddZd d!Zd"d#Zd$d%Zd,d'd(Zd-d)d*ZdS). cmd_dsacl_setz)Modify access list on a directory object.%prog [options]z+ The access control right to allow or deny  sambaoptscredopts versionopts-H--URL%LDB URL for database or target serverURLHhelptypemetavardestz--carZchoice z change-ridz change-pdczchange-infrastructurez change-schemaz change-namingZ allocate_ridsz get-changeszget-changes-allzget-changes-filteredztopology-manageztopology-monitorz repl-synczro-repl-secret-sync)r&choicesr%z--actionallowdenyzDeny or allow access --objectdn#DN of the object whose SD to modifystringr%r&z --trusteednz!DN of the entity that gets accessz--sddlz1An ACE or group of ACEs to be added on the objectcCs8|j|dtd}t|dks Jttj|dddS)N(objectClass=*)baseZ expressionscoper objectSid)searchrlenrrdom_sid)selfsamdb trusteednresr>4/usr/lib/python3/dist-packages/samba/netcmd/dsacl.pyfind_trustee_sidUs zcmd_dsacl_set.find_trustee_sidNcCsLt|tjsJt}t|||_tt|tj d|d<| |dS)NnTSecurityDescriptor) isinstancer descriptorldbZMessageZDnZdnZMessageElementrZFLAG_MOD_REPLACEZmodify)r:r; object_dndescZcontrolsmr>r>r?modify_descriptor[s zcmd_dsacl_set.modify_descriptorcCs>|j|tdgd}t|dks"J|ddd}ttj|SNrA)r3r4attrsr5rr7rr8rrrCr:r;rEr=rFr>r>r?read_descriptords zcmd_dsacl_set.read_descriptorcCs,|j|dtd}ttj|dddSNr1r2rr6r7Z domain_dnrrrr9r:r;r=r>r>r?get_domain_sidls zcmd_dsacl_set.get_domain_sidc Cs|||}tjd|||}td|}|D]}|||}td|}|D]}d|vr\||d}q\||vrq8| ddkr|d| d||| dd}n||}tj|||}| |||q8dS)zAdd new ace explicitly.zD:z\(.*?\)ZID(rN) rMrrCZ from_sddlrQrefindallas_sddlreplacefindindexrH) r:r;rEnew_acerFZ new_ace_list desc_sddlZ desc_acesZacer>r>r?add_aceqs   *zcmd_dsacl_set.add_aceFcCsV|||}|||}|r2|jd|n|jd||j|ddS)Nznew descriptor for %s: zold descriptor for %s:  rMrVrQZoutfwrite)r:r;rEnewrFr[r>r>r? print_acls  zcmd_dsacl_set.print_aclc Cs|} || } |durB|dus:|dus:|dus:|durB|St|t| | d} ttttt t t t t ttttd } || |}|r|}nH|dkrd| |t|f}n*|dkrd| |t|f}n td||| ||| |||j| |dd dS) NZurlZ session_infoZ credentialslpr)r+z(OA;;CR;%s;;%s)r,z(OD;;CR;%s;;%s)zWrong argument '%s'!T)r`) get_loadparmget_credentialsZusagerrr r rr rrr r rrrrrr@strrrar\)r:Zcaractionobjectdnr<Zsddlr#rrrrccredsr;ZcarsZsidrZr>r>r?runsH    zcmd_dsacl_set.run)N)F)NNNN)__name__ __module__ __qualname____doc__synopsisZcar_helpoptions SambaOptionsCredentialsOptionsVersionOptionstakes_optiongroupsrrf takes_optionsr@rHrMrQr\rarjr>r>r>r?r.sD    rc@sjeZdZdZdZejejejdZ e ddde ddd e d d d d gZ ddZ ddZddZdddZdS) cmd_dsacl_getz(Print access list on a directory object.rrrr r!r"r#r$r-r.r/r0cCs>|j|tdgd}t|dks"J|ddd}ttj|SrIrKrLr>r>r?rMs zcmd_dsacl_get.read_descriptorcCs,|j|dtd}ttj|dddSrNrOrPr>r>r?rQs zcmd_dsacl_get.get_domain_sidcCs@|||}|||}|jd||j|ddS)Nzdescriptor for %s: r]r^)r:r;rErFr[r>r>r?ras zcmd_dsacl_get.print_aclNc Cs4|}||}t|t||d}|||dS)Nrb)rdrerrra) r:rhr#rrrrcrir;r>r>r?rjs  zcmd_dsacl_get.run)NNNN)rkrlrmrnrorprqrrrsrtrrfrurMrQrarjr>r>r>r?rvs$rvc@s(eZdZdZiZeed<eed<dS) cmd_dsaclzDS ACLs manipulation.setgetN)rkrlrmrnZ subcommandsrrvr>r>r>r?rws rw)%Z samba.getoptZgetoptrpZ samba.dcerpcrZ samba.samdbrZ samba.ndrrrZsamba.dcerpc.securityrrrr r r r r rrrrrrDrrTZ samba.authrZ samba.netcmdrrrrrrvrwr>r>r>r?s   <    /