%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/samba/netcmd/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/samba/netcmd/__pycache__/ntacl.cpython-312.pyc

�

�I�d�I��\�ddlmZddlmZddlmZmZddlm	Z	m
Z
mZddlm
Z
ddlmZmZddlmZddlmZmZdd	lmZdd
lmZddlZddlmZddlmZmZm Z m!Z!d
�Z"Gd�de�Z#Gd�de�Z$Gd�de�Z%Gd�de�Z&Gd�de�Z'Gd�de�Z(Gd�de �Z)y)�)�DONT_USE_KERBEROSN)�security�idmap)�setntacl�getntacl�
getdosinfo)�Ldb)�
ndr_unpack�	ndr_print)�SamDB)�param�passdb)�	provision)�system_session_unix)�system_session)�Command�CommandError�SuperCommand�Optionc���d}|j�}|dk(rd}tj�}|j|j�|r5	tt
�|��}|jdd|jz�	|r!tjj�}|Stj�}	|S#t$r}td|��d}~wwxYw#td��xYw)	NF�ROLE_ACTIVE_DIRECTORY_DCT��session_info�lp�Unable to open samdb:�passdb backend�
samba_dsdb:%sz2Unable to read domain SID from configuration files)�server_role�s3param�get_context�load�
configfilerr�	Exceptionr�set�urlr�dom_sid�
domain_sidr�get_domain_sid)r�is_ad_dcr�s3conf�samdb�er's       �4/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py�get_local_domain_sidr.(s����H��.�.�"�K��0�0���
�
 �
 �
"�F�
�K�K��
�
���	;��~�'7��!�E�	�
�
�#�_�u�y�y�%@�A�$��!�)�)�%�*:�*:�;�J���	 �.�.�0�J�����	;��6��:�:��	;��$��#�$�	$�s*�B;�!C�$C�;	C�C�C�
C%c
�J�eZdZdZdZejejejd�Z	e
dde
jd��e
dd	d
d��e
ddd
ddg��e
ddd��e
ddd��e
ddd��e
ddd��e
ddd��e
ddd��g	Zdd gZ
				d#d"�Zy!)$�
cmd_ntacl_setzSet ACLs on a file.z%prog <acl> <path> [options]��	sambaopts�credopts�versionoptsz-qz--quiet�
store_true��help�action�-v�	--verbose�
Be verbose�--xattr-backend�choice�%xattr backend type (native fs or tdb)�native�tdb��typer7�choices�--eadb-file�0Name of the tdb file where attributes are stored�string�r7rB�--use-ntvfs�LSet the ACLs directly to the TDB or xattr for use with the ntvfs file server�
--use-s3fs�HSet the ACLs for use with the default s3fs file server via the VFS layer�--recursive�;Set the ACLs for directories and their contents recursively�--follow-symlinks�Follow symlinks�	--servicez:Name of the smb.conf service to use when applying the ACLs�acl�pathNc�4��������
�����j�}|
j��t����s|sd�jd�v�n|rd�����
�������fd�}||��r�tj
j
|�rzt	j|�
��D]`\}}}|D](}|tj
j||���*|D](}|tj
j||���*�b�r|jd�yy)N�smb�server servicesFc�l���sNtjj|�r/�r�jj	d|z�ytd|z���r�tjj|�r�jj	d|z�n\tjj
|�r�jj	d|z�n�jj	d|z�	t�|�t��t����
�	��	S#t$r}td|�d|����d}~wwxYw)	N�ignored symlink: %s
�'symlink: %s: requires --follow-symlinks�symlink: %s
�dir: %s
�	file: %s
��	use_ntvfs�service�Could not set acl for �: )�osrR�islink�outf�writer�isdirr�strrr#)
�_pathr,rQr'�	eadb_file�follow_symlinksr�	recursive�selfr^r]�verbose�
xattr_backends
  �����������r-�_setntacl_pathz)cmd_ntacl_set.run.<locals>._setntacl_pathns����"�r�w�w�~�~�e�'<���I�I�O�O�$;�e�$C�D��"�#L�PU�#V�W�W���7�7�>�>�%�(��I�I�O�O�O�e�$;�<��W�W�]�]�5�)��I�I�O�O�K�%�$7�8��I�I�O�O�L�5�$8�9�
P��� %� #� #�J�� 3� 5� -� )�*3�(/�1�1���
P�"�U�A�#N�O�O��
P�s�/$D�	D3�D.�.D3��followlinks�PPlease note that POSIX permissions have NOT been changed, only the stored NT ACL)
�
get_logger�get_loadparmr.�getrarRre�walk�join�warning)rkrQrRr]�use_s3fs�quietrlrmrhr3r2r4rjrir^�loggerrn�root�dirs�files�namer'rs`` `  ```   ```      @@r-�runzcmd_ntacl_set.runas��������"��
�
#�
#�
%��)�"�-�
�������(9�!:�:�I�
��I�	P�	P�6	�t��������t�,�%'�W�W�T��%O�
=�!��d�E�!�=�D�"�2�7�7�<�<��d�#;�<�=� �=�D�"�2�7�7�<�<��d�#;�<�=�
=���N�N�m�n��)FFFFNNNNNFFN)�__name__�
__module__�__qualname__�__doc__�synopsis�options�SambaOptions�CredentialsOptions�VersionOptions�takes_optiongroupsr�
SUPPRESS_HELP�
takes_options�
takes_argsr�r�r-r0r0Fs����-�H��)�)��.�.��-�-���	�t�Y�V�%9�%9�,�O��t�[�|�L�I�� �x�6]� �%�(�	*��}�#U�\d�e��}�#q�{G�	H��|�"l�vB�	C��}�#`�iu�v��"�):�<�P��{�!]�dl�m��M����J�7<�FJ�7;�<@�2or�r0c�j�eZdZdZdZejejejd�Z	dgZ
dd�Zy)�cmd_dosinfo_getz"Get DOS info of a file from xattr.�%prog <file> [options]r1�fileNc���|j�}tj�}|j|j�t||�}|r%|jjt|��yy)N)	rsrr r!r"rrcrdr)rkr�r3r2r4rr*�dosinfos        r-rzcmd_dosinfo_get.run�sW��
�
#�
#�
%���$�$�&�����B�M�M�"��R��&����I�I�O�O�I�g�.�/�r��NNN)r�r�r�r�r�r�r�r�r�r�r�rr�r�r-r�r��s=��,�'�H��)�)��.�.��-�-�����J�0r�r�c
���eZdZdZdZejejejd�Z	e
ddd��e
dd	d
ddg�
�e
ddd��e
ddd��e
ddd��e
ddd��gZdgZ				dd�Z
y)�
cmd_ntacl_getzGet ACLs of a file.r�r1z	--as-sddlzOutput ACL in the SDDL formatr5r6r<r=r>r?r@rArDrErFrGrHzKGet the ACLs directly from the TDB or xattr used with the ntvfs file serverrJzKGet the ACLs for use via the VFS layer used by the default s3fs file serverrPz9Name of the smb.conf service to use when getting the ACLsr�Nc	�N�|j�}t|�}|s|sd|jd�v}n|rd}t||t	�||||
��}
|r.|j
j
|
j|�dz�y|j
j
t|
��y)NrTrUF��direct_db_accessr^�
)	rsr.rtrrrcrd�as_sddlr)rkr�r]rxr�rmrhr3r2r4r^rr'rQs              r-rzcmd_ntacl_get.run�s����
#�
#�
%��)�"�-�
�������(9�!:�:�I�
��I��r��*�,�$� �(1�&�
(����I�I�O�O�C�K�K�
�3�d�:�;��I�I�O�O�I�c�N�+r�)	FFFNNNNNN)r�r�r�r�r�r�r�r�r�r�rr�r�rr�r�r-r�r��s����'�H��)�)��.�.��-�-���	�{�!@��V�� �x�6]� �%�(�	*��}�#U�\d�e��}�#p�zF�	G��|�"o�yE�	F��{�!\�ck�l��M���J�27�9=�7;��,r�r�c
��eZdZdZdZdejiZeddd��edd	d
��edd
d
��eddd��edddddg��edddd
��eddd
��edddd
��gZ	gd�Z
									d!d �Zy)"�cmd_ntacl_changedomsidzChange the domain SID for ACLsz9%prog <Orig-Domain-SID> <New-Domain-SID> <file> [options]r2rPz#Name of the smb.conf service to userFrGrHrIr5r6rJrKrDrEr<r=r>r?r@rAz-rrLrMrNrOr9r:r;)�old_domain_sid�new_domain_sidrRNc
�`������
���������j�}
|	j��t����s|sd�jd�v�n|rd��s
�st	d��	tj|��	tj|���������
�����fd����fd�}�|��
r'tjj|�r||��r|
jd	�yy#t$r}t	d|�d|����d}~wwxYw#t$r}t	d|�d|����d}~wwxYw)
NrTrUFz0Must provide a share name with --service=<share>zCould not parse old sid r`c�@���	sNtjj|�r/�
r�jj	d|z�ytd|z���r�tjj|�r�jj	d|z�n\tjj
|�r�jj	d|z�n�jj	d|z�	t�
|t�������}|j��}�r�jj	d	|z���fd
�}||j�|_||j�|_|jr2|jjD]}||j�|_�|j r2|j jD]}||j�|_�|j��}�r�jj	d|z�||k(r�r�jj	d�y
	t#�
||�t�������	y#t$r}td|�d|����d}~wwxYw#t$r}td|�d|����d}~wwxYw)NrWrXrYrZr[r�zCould not get acl for r`zbefore:
%s
c�l��|j�\}}|�k(rtjd�|fz�S|S)Nz%s-%i)�splitrr&)�sid�dom�ridr�r�s   ��r-�replace_domain_sidzNcmd_ntacl_changedomsid.run.<locals>.changedom_sids.<locals>.replace_domain_sidQs:��� �Y�Y�[�
��c��.�(�#�+�+�G�~�s�6K�,K�L�L��
r�z
after:
%s
znothing to do
Tr\r_)rarRrbrcrdrrerrr#r��	owner_sid�	group_sid�sacl�aces�trustee�daclr)rgrQr,�	orig_sddlr��ace�new_sddlr'rhrirr�r�rjrkr^r]rlrms       ������������r-�changedom_sidsz2cmd_ntacl_changedomsid.run.<locals>.changedom_sids3s6���"�r�w�w�~�~�e�'<���I�I�O�O�$;�e�$C�D��"�#L�PU�#V�W�W���7�7�>�>�%�(��I�I�O�O�O�e�$;�<��W�W�]�]�5�)��I�I�O�O�K�%�$7�8��I�I�O�O�L�5�$8�9�	
P��r�$�2�4�,�(�09�'.�
0�����J�/�I���	�	����)� ;�<�
�/�s�}�}�=�C�M�.�s�}�}�=�C�M��x�x��8�8�=�=�B�C�"4�S�[�[�"A�C�K�B��x�x��8�8�=�=�B�C�"4�S�[�[�"A�C�K�B��{�{�:�.�H���	�	����� 9�:��H�$���I�I�O�O�$5�6��
P�����'�,�.�&�"�#,�!(�*��C�
P�"�U�A�#N�O�O��
P��T�
P�"�U�A�#N�O�O��
P�s0�/I�?I>�	I;�%I6�6I;�>	J�J�Jc���tj|���D]`\}}}|D](}�tjj||���*|D](}�tjj||���*�by)Nro)rarurRrv)rgr{r|r}�f�dr�ris      ��r-�recursive_changedom_sidsz<cmd_ntacl_changedomsid.run.<locals>.recursive_changedom_sidswsr���%'�W�W�U��%P�
:�!��d�E��:�A�"�2�7�7�<�<��a�#8�9�:��:�A�"�2�7�7�<�<��a�#8�9�:�	
:r�zQPlease note that POSIX permissions have NOT been changed, only the stored NT ACL.)rrrsr.rtrrr&r#rarRrerw)rk�old_domain_sid_str�new_domain_sid_strrRr]rxr^rmrhr2rjrirlrzr,r�r�r'rr�r�s`   ` ``` ```   @@@@@r-rzcmd_ntacl_changedomsid.run
s1�������"��
�
#�
#�
%��)�"�-�
�������(9�!:�:�I�
��I����B�D�
D�	8�%�-�-�.@�A�N�
	8�%�-�-�.@�A�N�
B	P�B	P�H	:�	�t��������t�,�$�T�*���N�N�>�
?���u�	8�� 2�A� 7�8�
8��	8���	8�� 2�A� 7�8�
8��	8�s0�%C,�;D�,	D�5D�D�	D-�D(�(D-)	FFNNNNFFF)r�r�r�r�r�r�r�r�rr�r�rr�r�r-r�r��s���(�J�H�	�W�)�)���
	��6��	�	��&��		!�
	��"��		!�
	��C��	�	���8��u�%�		'�
	���N��		!�
	��"��	!�	�����		!�C&�M�P>�J��������!��x?r�r�c��eZdZdZdZejejejd�Z	e
ddd��e
dd	d��gZ		dd�Zy
)
�cmd_ntacl_sysvolresetz?Reset sysvol ACLs to defaults (including correct ACLs on GPOs).r�r1rHz/Set the ACLs for use with the ntvfs file serverr5r6rJz6Set the ACLs for use with the default s3fs file serverNc��|j�}|j|�}|jt�|j	�}|jdd�}	|jdd�}
	t
t�|��}|s|sd|jd�v}n|rd}tj|j�}
tj�}|j|j �|j#d	d
|j$z�tjt'|
�dzt'tj(�z�}tjtj*�}t-j.|jd	��}|j1|�\}}|t2j4k7r!|t2j6k7rtd|z��|j1|�\}}|t2j8k7r!|t2j6k7rtd
|z��|r|j;d�	t=j>||	|
|||
|jd�jA�|jC�||��
y#t$r}td|��d}~wwxYw#tD$r8}|jFs�td|jF�d|jH��|��d}~wwxYw)NrR�netlogon�sysvolrrrTrUFrr�-zSID %s is not mapped to a UIDzSID %s is not mapped to a GIDrq�realm)r]�Could not access r`)%rs�get_credentials�set_kerberos_staterrrrtrrr#rrr&r'rr r!r"r$r%rf�DOMAIN_RID_ADMINISTRATOR�SID_BUILTIN_ADMINISTRATORSr�PDB�	sid_to_idr�ID_TYPE_UID�ID_TYPE_BOTH�ID_TYPE_GIDrwr�setsysvolacl�lower�	domain_dn�OSError�filename�strerror)rkr]rxr3r2r4r�credsrzr�r�r+r,r'r*�LA_sid�BA_sid�	s4_passdb�LA_uid�LA_type�BA_gid�BA_types                      r-rzcmd_ntacl_sysvolreset.run�s{��
�
#�
#�
%���(�(��,��
� � �!2�3����"���6�6�&�*�-�������)��	;��~�'7��!�E�
������(9�!:�:�I�
��I��%�%�e�&6�&6�7�
��$�$�&�����B�M�M�"��
�
�#�_�u�y�y�%@�A��!�!�#�j�/�$'�#(�*-�h�.O�.O�*P�#Q�R���!�!�(�"E�"E�F���J�J�v�z�z�*:�;�<�	�
&�/�/��7�����u�(�(�(�W��8J�8J�-J��>��G�H�H�%�/�/��7�����u�(�(�(�W��8J�8J�-J��>��G�H�H���N�N�m�n�	R��"�"�5�(�F�#)�6�:�#%�6�6�'�?�#8�#8�#:�E�O�O�<M�#%��
<��G�	;��6��:�:��	;��N�	R��:�:���!2�1�:�:�,�b�����M�q�Q�Q��	R�s1�,I;�0A
J�;	J�J�J�	K�!3K�K)FFNNN)
r�r�r�r�r�r�r�r�r�r�rr�rr�r�r-r�r��sb��I�'�H��)�)��.�.��-�-���	�}�#T�]i�j��|�"Z�co�p��M�
-2�7;�6Rr�r�c�d�eZdZdZdZejejejd�Z	dd�Z
y)�cmd_ntacl_sysvolcheckzBCheck sysvol ACLs match defaults (including correct ACLs on GPOs).r�r1Nc	��|j�}|j|�}|jt�|j	�}|jdd�}|jdd�}	t
t�|��}	tj|	j�}	tj|	||||jd�j�|	j!�|�y#t$r}
td|
��d}
~
wwxYw#t"$r8}
|
j$s�td|
j$�d|
j&��|
��d}
~
wwxYw)	NrRr�r�rrr�r�r`)rsr�r�rrrrtrrr#rrr&r'r�checksysvolaclr�r�r�r�r�)rkr3r2r4rr�rzr�r�r+r,r's            r-rzcmd_ntacl_sysvolcheck.run�s$��
�
#�
#�
%���(�(��,��
� � �!2�3����"���6�6�&�*�-�������)��	;��~�'7�B�?�E��%�%�e�&6�&6�7�
�	R��$�$�U�H�f�%/�%'�V�V�G�_�%:�%:�%<�e�o�o�>O�%'�
)��
�	;��6��:�:��	;���	R��:�:���!2�1�:�:�,�b�����M�q�Q�Q��	R�s1�,C(�!AD�(	D�1C=�=D�	E�3E�Er�)r�r�r�r�r�r�r�r�r�r�rr�r�r-r�r��s5��L�'�H��)�)��.�.��-�-���Rr�r�c��eZdZdZiZe�ed<e�ed<e�ed<e�ed<e	�ed<e
�ed<y)	�	cmd_ntaclzNT ACLs manipulation.r$rt�changedomsid�sysvolreset�sysvolcheckrN)r�r�r�r��subcommandsr0r�r�r�r�r�r�r�r-r�r��sV����K�&��K���&��K���"8�":�K���!6�!8�K�
��!6�!8�K�
�� /� 1�K��r�r�)*�samba.credentialsr�samba.getopt�getoptr��samba.dcerpcrr�samba.ntaclsrrr�sambar	�	samba.ndrr
r�samba.samdbr�samba.samba3r
rrr�samba.auth_utilrra�
samba.authr�samba.netcmdrrrrr.r0r�r�r�r�r�r�r�r�r-�<module>r�s���&0��(�7�7��+��1��/�	�%����<Mo�G�Mo�`0�g�0�,,,�G�,,�^j?�W�j?�ZER�G�ER�P!R�G�!R�H	2��	2r�

Zerion Mini Shell 1.0