%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/samba/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/samba/__pycache__/ntacls.cpython-312.pyc

�

�I�d^���dZddlZddlZddlZddlZddlZddlZddlm	Z
ddlmZm
Z
mZddlmZmZddlmZddlmZddlmZdd	lmZdd
lmZddlmZej8ej:zej<zej>zZ ejBejDzejFzejHzZ%Gd�d
e&�Z'd�Z(d�Z)				dd�Z*			dd�Z+d�Z,dd�Z-Gd�d�Z.Gd�d�Z/d�Z0d�Z1d�Z2d�Z3d�Z4y) zNT Acls.�N)�param)�security�xattr�idmap)�ndr_pack�
ndr_unpack)�smbd)�libsmb_samba_internal)�get_samba_logger)�
NTSTATUSError)�system_session_unix)�safe_tarfilec��eZdZdZy)�XattrBackendErrorzA generic xattr backend error.N)�__name__�
__module__�__qualname__�__doc__���./usr/lib/python3/dist-packages/samba/ntacls.pyrr3s��(rrc���|�i|jd�}|�!tj|jd�fS|jd�}|�!tj|jd�fSy|dk(ry|dk(rp|�tj|fStjtj
j
tj
j|jd�d��fS|dk(rt|�tj|fS|jd	�}tj
j
tj
j|d
��}tj|fStd|z��)z$return the path to the eadb, or Nonezxattr_tdb:filez
posix:eadb�NN�native�eadbzprivate dirzeadb.tdb�tdbzstate directoryz	xattr.tdbzInvalid xattr backend choice %s)	�get�samba�	xattr_tdb�
posix_eadb�os�path�abspath�joinr)�lp�backend�eadbfilerr �	state_dir�db_paths       r�checkset_backendr*7s4�����F�F�+�,�	�� ��O�O�R�V�V�,<�%=�>�>��V�V�L�)�
��!��$�$�b�f�f�\�&:�;�;��	�H�	��	�F�	����$�$�h�/�/��$�$�b�g�g�o�o�b�g�g�l�l�2�6�6�-�CX�Zd�6e�&f�g�g�	�E�	����O�O�X�.�.����0�1�I��g�g�o�o�b�g�g�l�l�9�k�&J�K�G��O�O�W�-�-�� A�G� K�L�Lrc��	tjj|tj�}t
tj|�S#t
$rYywxYw�N)r�xattr_native�
wrap_getxattrr�XATTR_DOSATTRIB_NAME_S3�	Exceptionr�	DOSATTRIB)r%�file�	attributes   r�
getdosinfor4SsP����&�&�4�4�T�5:�5R�5R�T�	�
�e�o�o�y�1�1������s�.A
�
	A�Ac���|�rt|||�\}}|�#	|j||tj�}	n.tjj|tj�}	ttj|	�}
|
jdk(r|
jS|
jdk(r|
jjS|
jdk(r|
jjS|
jdk(r|
jjSytj|t||��S#t$r@td|z�tjj|tj�}	Y��
wxYw)N�Fail to open %s������service)r*r.r�XATTR_NTACL_NAMEr0�printrr-r�NTACL�version�info�sdr	�
get_nt_acl�SECURITY_SECINFO_FLAGS)r%r2�session_infor&r'�direct_db_accessr<�backend_obj�dbnamer3�ntacls           r�getntaclrJ]sD��� 0��W�h� G���f���
U�'�5�5�f�d�6;�6L�6L�N�	��*�*�8�8��9>�9O�9O�Q�I��5�;�;�	�2���=�=�A���:�:��
�]�]�a�
��:�:�=�=� �
�]�]�a�
��:�:�=�=� �
�]�]�a�
��:�:�=�=� � ����t�5�+�'.�0�	0��'�
U��'�&�0�1�!�.�.�<�<�T�=B�=S�=S�U�	�	
U�s�!D)�)AE2�1E2c�&�t|t�st|tj�sJ�t|t�rtj|�}n't|tj�r
|}t|�}t|t�st|tj�sJ�t|t�r!tjj|�}n-t|tj�r|}|j
�}|�s||�ry|	jj�\}
}|tjk7�rG|tjk7�r3|jtjd|tjfz�k(r�tjd|tjfz�}|	j|�\}}|tjk(s|tjk(r*|}||_tj|t |||
��d}nrt#d|||fz��t%j&|dd�tj|tj(tj*ztj,z|||
��|r�t/|||�\}}t1j2�}d|_|_|�-	|j9||t0j:t=|��ytBjDj9|t0j:t=|��ytj|t |
|�	�y#t>$rItAd|z�tBjDj9|t0j:t=|��YywxYw)
a�
    A wrapper for smbd set_nt_acl api.

    Args:
        lp (LoadParam): load param from conf
        file (str): a path to file or dir
        sddl (str): ntacl sddl string
        service (str): name of share service, e.g.: sysvol
        session_info (auth_session_info): session info for authentication

    Note:
        Get `session_info` with `samba.auth.user_session`, do not use the
        `admin_session` api.

    Returns:
        None
    z%s-%dr;TzDUnable to find UID for domain administrator %s, got id %d of type %drr7Nr6)r<rE)#�
isinstance�strr�dom_sid�
descriptor�	from_sddl�as_sddl�	sid_to_id�	owner_sidr�ID_TYPE_UID�ID_TYPE_BOTH�DOMAIN_RID_ADMINS�DOMAIN_RID_ADMINISTRATORr	�
set_nt_aclrDrr!�chown�
SECINFO_GROUP�SECINFO_DACL�SECINFO_SACLr*rr?r@rA�
wrap_setxattrr=rr0r>rr-)r%r2�sddl�domsidrEr&r'�	use_ntvfs�skip_invalid_chown�passdbr<�sidrB�owner_id�
owner_type�
administrator�admin_id�
admin_type�sd2rGrHrIs                      r�setntaclrj�s��,�f�c�"�j���9I�9I�&J�K�J��&�#�����v�&��	�F�H�,�,�	-����S����d�C� �J�t�X�5H�5H�$I�J�I��$���
�
 �
 �
*�
*�4��
5��	�D�(�-�-�	.�
���z�z�#����+�!'�!1�!1�"�,�,�!?���:�
�5�,�,�
,�:��AS�AS�3S��|�|�x�/�/��6�8�C]�C]�:^�0^�_�_� (� 0� 0��F�H�De�De�;f�1f� g�
�)/�)9�)9�-�)H�&��:� �5�#4�#4�4�*��HZ�HZ�:Z��C�$1�C�M��O�O��4�c�$� '�)�!%�I�+�,r�wD�FN�PZ�v[�-[�\�\�����q�!�$������*�*��)�)�*��)�)�*�� �#�%�� 0��W�h� G���f����
����
���
���
B��)�)�&�*.��0F�0F��QV��Y�
���,�,�T�5�3I�3I�-5�e�_�
>�	
����(�"��,�	8���
B��'�&�0�1��"�"�0�0��u�7M�7M�19�%��B�	
B�s�:+L>�>AN�Nc�&�d}d}d}d}d}d}d}d}d	}	d}
d}d}d}
d}d}d}d}d}d}d}d}d}d	}d
}d}d}d
}d}d}||z}||zr||zr|||z|z|z|
z|zz}||zr|||z|z|z|z|
z|zz}||zr|||
zz}||zr||z}|S)zMTakes the access mask of a DS ACE and transform them in a File ACE mask.
    r7r8r:��� �@��iiiiiir)�ldm�RIGHT_DS_CREATE_CHILD�RIGHT_DS_DELETE_CHILD�RIGHT_DS_LIST_CONTENTS�
ACTRL_DS_SELF�RIGHT_DS_READ_PROPERTY�RIGHT_DS_WRITE_PROPERTY�RIGHT_DS_DELETE_TREE�RIGHT_DS_LIST_OBJECT�RIGHT_DS_CONTROL_ACCESS�FILE_READ_DATA�FILE_LIST_DIRECTORY�FILE_WRITE_DATA�
FILE_ADD_FILE�FILE_APPEND_DATA�FILE_ADD_SUBDIRECTORY�FILE_CREATE_PIPE_INSTANCE�FILE_READ_EA�
FILE_WRITE_EA�FILE_EXECUTE�
FILE_TRAVERSE�FILE_DELETE_CHILD�FILE_READ_ATTRIBUTES�FILE_WRITE_ATTRIBUTES�DELETE�READ_CONTROL�	WRITE_DAC�WRITE_OWNER�SYNCHRONIZE�STANDARD_RIGHTS_ALL�filemasks                               r�ldapmask2filemaskr��sp��!+�� *�� *�� *�M� *�� *�� *�� *�� *�� &�N� &�� &�O� &�M� &�� &�� &�� &�L� &�M� &�L� &�M� &�� &�� &�� *�F� *�L� *�I� *�K� *�K� *���(�(�H��$�$�3�1G�+G��{�-@�@�3� 4�6B� C�-� .�0<� =�>���
$�$��{�_�<�/� 0�2?� @�4� 5�7D� E� 5� 5�6��
�
"�"��4�}�D�E��
�
"�"��/�/���Orc�~�tjj||�}tj�}|j|_|j|_|j
|_|j|_|jj}tdt|��D�]}||}|j
tjtjfvs�6t|j�tjk7s�]|j tj"ztj$z|_t|j�tj&k(r"|j tj(z|_t+|j,�|_|j/|���|s|S|j1|�S)z�

    This function takes an the SDDL representation of a DS
    ACL and return the SDDL representation of this ACL adapted
    for files. It's used for Policy object provision
    r)rrOrPrS�	group_sid�type�revision�dacl�aces�range�len�"SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT�SEC_ACE_TYPE_ACCESS_ALLOWEDrM�trustee�SID_BUILTIN_PREW2K�flags�SEC_ACE_FLAG_OBJECT_INHERIT�SEC_ACE_FLAG_CONTAINER_INHERIT�SID_CREATOR_OWNER�SEC_ACE_FLAG_INHERIT_ONLYr��access_mask�dacl_addrQ)�dssddlrcrQ�ref�fdescrr��i�aces        r�dsacl2fsaclr�!sE���
�
�
'�
'���
4�C�
�
 �
 �
"�F��}�}�F���}�}�F���(�(�F�K��l�l�F�O��8�8�=�=�D�
�1�c�$�i�
 �
!���1�g���8�8��C�C� �<�<�>�>�BE�c�k�k�BR�V^�Vq�Vq�Bq��	�	�H�$H�$H�H�8�Kr�Kr�r�C�I��3�;�;��8�#=�#=�=��I�I��(J�(J�J��	�/����@�C�O��O�O�C� �
!���
��>�>�#��rc�d�eZdZdZd�Z		dd�Z	dd�Zdd�Zd�Zd�Z	d	�Z
dd
�Zdd�Zdd�Z
d
�Zy)�	SMBHelperzb
    A wrapper class for SMB connection

    smb_path: path with separator "\" other than "/"
    c� �||_||_yr,)�smb_connrN)�selfr�rNs   r�__init__zSMBHelper.__init__Hs�� ��
���rNc��d|vsJ�|jj|||��}|r|j|j�S|S�N�/)�sinfor�)r��get_aclrQrN)r��smb_pathrQr�r��ntacl_sds      rr�zSMBHelper.get_aclLsP���(�"�"�"��=�=�(�(��/4�5@�)�B��29�x������-�F�h�Frc�T�d|vsJ�t|t�st|tj�sJ�t|t�r+tjj	||j
�}nt|tj�r|}|jj|||��yr�)rLrMrrOrP�
domain_sidr��set_acl)r�r�r�r�r��tmp_descs      rr�zSMBHelper.set_aclVs����(�"�"�"��(�C�(�J�x��AT�AT�,U�V�U��h��$��*�*�4�4�X�t���O�H�
��(�"5�"5�
6��H��
�
���h��$)�*5�	�	7rc�P�d|vsJ�|jj|t��S)zM
        List file and dir base names in smb_path without recursive.
        r�)�attribs)r��list�SMB_FILE_ATTRIBUTE_FLAGS�r�r�s  rr�zSMBHelper.listds-���(�"�"�"��}�}�!�!�(�4L�!�M�Mrc�:�t|tjz�S)ze
        Check whether the attrib value is a directory.

        attrib is from list method.
        )�bool�libsmb�FILE_ATTRIBUTE_DIRECTORY)r��attribs  r�is_dirzSMBHelper.is_dirks���F�V�<�<�<�=�=rc��|r|dz|zS|S)z$
        Join path with '\'
        �\r)r��root�names   rr$zSMBHelper.joinss��&*�t�d�{�T�!�3�t�3rc�D�d|vsJ�|jj|�S)Nr�)r��loadfiler�s  rr�zSMBHelper.loadfileys%���(�"�"�"��}�}�%�%�h�/�/rc�D�|j�D]�\}}|j||�}t|t�rJ|jj|�s|jj
|�|j||���r|jj||���y)z1
        Create files as defined in tree
        �r�N)	�itemsr$rL�dictr��chkpath�mkdir�create_tree�savefile)r��treer�r��content�fullnames      rr�zSMBHelper.create_tree}s���"�Z�Z�\�	:�M�D�'��y�y��4�0�H��'�4�(��}�}�,�,�X�6��M�M�'�'��1�� � ��8� �<��
�
�&�&�x��9�	:rc���i}|j|�D]W}|d}|j||�}|j|d�r|j|��||<�D|j	|�||<�Y|S)a�
        Get the tree structure via smb conn

        self.smb_conn.list example:

        [
          {
            'attrib': 16,
            'mtime': 1528848309,
            'name': 'dir1',
            'short_name': 'dir1',
            'size': 0L
          }, {
            'attrib': 32,
            'mtime': 1528848309,
            'name': 'file0.txt',
            'short_name': 'file0.txt',
            'size': 10L
          }
        ]
        r�r�r�)r�r$r��get_treer�)r�r�r��itemr�r�s      rr�zSMBHelper.get_tree�sw��,���I�I�h�'�	5�D���<�D��y�y��4�0�H��{�{�4��>�*�!�]�]�H�]�=��T�
�!�]�]�8�4��T�
�
	5��rc�.�i}|j|�D]~}|d}|j||�}|j|d�r"|j|j	|����P|j|�}|j
|j�||<��|S)z>
        Get ntacl for each file and dir via smb conn
        r�r�r�)r�r$r��update�
get_ntaclsr�rQrN)r�r��ntaclsr�r�r�r�s       rr�zSMBHelper.get_ntacls�s������I�I�h�'�	B�D���<�D��y�y��4�0�H��{�{�4��>�*��
�
�d�o�o�x�o�@�A��<�<��1��#+�#3�#3�D�L�L�#A��x� �	B��
rc���|j�D]R}|d}|j|d�r|jj|��8|jj	|��Ty)Nr�r�)r�r�r��deltree�unlink)r�r�r�s   r�delete_treezSMBHelper.delete_tree�sT���I�I�K�	+�D���<�D��{�{�4��>�*��
�
�%�%�d�+��
�
�$�$�T�*�	+r)FNNr)�)rrrrr�r�r�r�r�r$r�r�r�r�r�rrrr�r�AsN����).�(,�G�)-�7�N�>�4�0�:��@
�+rr�c� �eZdZd�Zdd�Zd�Zy)�NtaclsHelperc���||_||_tj�|_|jj|�d|jj
d�v|_y)N�smbzserver services)r<rN�s3param�get_contextr%�loadrr`)r�r<�
smb_conf_pathrNs    rr�zNtaclsHelper.__init__�sL���������%�%�'��������]�#��$�'�'�+�+�.?�"@�@��rNc��|�|j}t|j||||j��}|r|j	|j
�S|S)N)rFr<)r`rJr%r<rQrN)r�r"rErQrFr�s      rrJzNtaclsHelper.getntacl�sO���#�#�~�~����G�G�T�<�-��L�L�"��
29�x������-�F�h�Frc�`�t|j|||j||j��S)N)r`)rjr%rNr`)r�r"r�rEs    rrjzNtaclsHelper.setntacl�s(�������x����|�"&�.�.�2�	2r)FN)rrrr�rJrjrrrr�r��s��A�	G�2rr�c�n�t|dzd�5}|j|�ddd�y#1swYyxYw)N�.NTACL�w)�open�write)�dst�ntacl_sddl_str�fs   r�_create_ntacl_filer��s3��	
�c�H�n�c�	"� �a�	����� � � �s�+�4c��|dz}tjj|�syt|d�5}|j	�cddd�S#1swYyxYw)Nr��r)r!r"�existsr��read)�src�
ntacl_filer�s   r�_read_ntacl_filer��sH���x��J�
�7�7�>�>�*�%��	
�j�#�	��!��v�v�x����s�A�Ac	��t�}t|t�rtj|�}t||�}d}t
j�}|g}|g}|�r|j�}	|j�}
|j|	��D]�}|j|	|d�}tjj|
|d�}
|j|d�r8|j|�|j|
�tj|
�n7|j!|�}t#|
d�5}|j%|�ddd�	|j'|d��}t)|
|���|r��t3j"|d��5}tj4|�D]5}tjj||�}|j7||���7	ddd�t9j:|�y#1swY��xYw#t*$rF}|j-d	|�d
|j.d���|j1d|zd
z�Yd}~���d}~wwxYw#1swY�}xYw)aa
    Backup all files and dirs with ntacl for the serive behind smb_conn.

    1. Create a temp dir as container dir
    2. Backup all files with dir structure into container dir
    3. Generate file.NTACL files for each file and dir in container dir
    4. Create a tar file from container dir(without top level folder)
    5. Delete container dir
    r�r�r�r��wbNT�rQzFailed to get the ntacl for z: r7z!The permissions for %s may not bez restored correctly�w:gz�r��mode��arcname)rrLrMrrNr��tempfile�mkdtemp�popr�r$r!r"r��appendr�r�r�r�r�r�r�error�args�warning�tarfile�listdir�add�shutil�rmtree)r��dest_tarfile_pathrN�logger�
smb_helper�	remotedir�localdir�r_dirs�l_dirs�r_dir�l_dir�e�r_name�l_name�datar�r��tarr�r"s                    r�
backup_onliner �s���
�F��'�3���"�"�7�+���8�W�-�J��I����!�H��[�F��Z�F�
��
�
����
�
������%��0�	6�A��_�_�U�A�f�I�6�F��W�W�\�\�%��6��3�F�� � ��8��-��
�
�f�%��
�
�f�%����� �!�*�*�6�2���&�$�'�"�1��G�G�D�M�"�
6�!+�!3�!3�F�D�!3�!I��"�6�>�:�!	6�	�6
���,�6�	:�(�c��J�J�x�(�	(�D��7�7�<�<��$�/�D��G�G�D�$�G�'�	(�(�
�M�M�(��%"�"��!�
6����$�a�f�f�Q�i�1�2����B�V�K�4� 5�6�6��
6��(�(�s1�1G5�H�AI�5G>	�	I�
;I�I�Ic	�B�|jd�jdd�d}tj�}t	�}t|||�}t
j|�D�]�\}}	}
tjj||��}tjj||�}|	D]y}
tjj||
�}tjj||
�}tj|||�|j||d��}t||��{|
D]�}tjj||�}tjj||�}tj|||�|j||d��}t||�t!|d�5}|j#�}t!|d�5}|j%|�d	d	d	�d	d	d	������t'j |d
��5}t
j(|�D]5}tjj||�}|j+||���7	d	d	d	�t-j.|�y	#1swY��xYw#1swY��dxYw#1swY�8xYw)
z<
    Backup files and ntacls to a tarfile for a service
    r�r7�����startTr�rbr�Nrrr)�rstrip�rsplitrrr
r�r!�walkr"�relpathr$r	r�rJr��create_filer�r�r�r
rrrr)�src_service_pathrr�rNr<�tempdirrE�
ntacls_helper�dirpath�dirnames�	filenames�rel_dirpath�dst_dirpath�dirnamer�r�r��filename�src_filer�dst_filerr�r"s                        r�backup_offliner7*s;���%�%�c�*�1�1�#�q�9�"�=�G���� �G�&�(�L� ��-��A�M�(*���0@�(A�)�$���9��g�g�o�o�g�5E�o�F���g�g�l�l�7�K�8�� �	4�G��'�'�,�,�w��0�C��'�'�,�,�{�G�4�C��J�J�s�L�'�2�*�3�3�C��t�3�T�N��s�N�3�
	4�"�	)�H��'�'�,�,�w��1�C��'�'�,�,�{�H�5�C����S�,��8�*�3�3�C��t�3�T�N��s�N�3��c�4��
)�H��}�}����#�t�_�)���N�N�4�(�)�
)�
)�	)�)�<
���,�6�	:�(�c��J�J�w�'�	(�D��7�7�<�<���.�D��G�G�D�$�G�'�	(�(�
�M�M�'��)�)��
)�
)��(�(�s1�4J�I<	�#J�AJ�<J
�J�J�Jc	��t�}|jd�jdd�d}tj�}|j�}t
j|�}t|||�}	t�}
tj|�5}|j|��ddd�tj|�D�]@\}}
}tjj!||��}tjj#tjj%||��}|
D]�}|j'd�r�tjj%||�}tjj%||�}tjj)|�st+j,||
|�t/|�}|r|	j1|||
���|j3d|zd	z���|D�]}|j'd�r�tjj%||�}tjj%||�}tjj5|�st+j6||
|�t/|�}|r|	j1|||
�n|j3d
|zd	z�t|d�5}|j9�}t|d�5}|j;|�ddd�ddd�����Ct=j>|�y#1swY��yxYw#1swY�:xYw#1swY��NxYw)
z>
    Restore files and ntacls from a tarfile to a service
    r�r7r")r"Nr#r�z)Failed to restore ntacl for directory %s.z) Please check the permissions are correctz$Failed to restore ntacl for file %s.r%r�) rr&r'rr�get_domain_sidrrNr�r
r
r��
extractallr!r(r"r)�normpathr$�endswith�isdirr	r�r�rjr�isfiler*r�r�rr)�src_tarfile_path�dst_service_path�
samdb_connr�rr<r,�dom_sid_strrNr-rEr�r.r/r0r1r2r3r�r�r�r4r5rr6s                         r�backup_restorerCZs����
�F��%�%�c�*�1�1�#�q�9�"�=�G���� �G��+�+�-�K����{�+�G� ��-��A�M�&�(�L�	���&�	'�#�1�	���'��"�#�)+����(8�(-�$���9��g�g�o�o�g�W�o�=���g�g�&�&��G�G�L�L�)�;�7�9�� �	G�G��#�#�H�-��g�g�l�l�7�G�4���g�g�l�l�;��8���w�w�}�}�S�)��J�J�s�L�'�:�!1�#�!6��!�!�*�*�3���M��N�N�C�c�I�E�F�G�	G� "�	-�H��$�$�X�.��g�g�l�l�7�H�5���g�g�l�l�;��9���w�w�~�~�c�*��$�$�S�,��@�!1�#�!6��!�!�*�*�3���M��N�N�#I�C�#O�#N�$O�P��#�t�_�-��#�=�=�?�D��c�4��-�H� ���t�,�-�-�-�!	-�+(-�T�M�M�'��]#�#��V-�-��-�-�s0�L�L7� L+	�2L7�L(�+L4
�0L7�7M)NNTN)NNTFNN)T)5rr!rr�samba.xattr_nativer�samba.xattr_tdb�samba.posix_eadb�samba.samba3rr��samba.dcerpcrrr�	samba.ndrrrr	r
r��samba.loggerrr�samba.auth_utilr
rr
�FILE_ATTRIBUTE_SYSTEMr��FILE_ATTRIBUTE_ARCHIVE�FILE_ATTRIBUTE_HIDDENr��
SECINFO_OWNERrZr[r\rDr0rr*r4rJrjr�r�r�r�r�r�r r7rCrrr�<module>rPs+��$�
��
����)�/�/�*��8�)��/�)�"�7�7�!�:�:�;�!�8�8�9�"�7�7�8��"�/�/�!�/�/�0�!�.�.�/�"�.�.�/��
)�	�)�M�82���"��
#0�N%)�05�"&�d8�N4�n�@~+�~+�B2�2�: �
�9�x-�`<r

Zerion Mini Shell 1.0