Idw vdZddlZddlmZmZmZddlmZmZddlm Z m Z m Z ddl m Z ddlmZGdd eZy) z5Utility methods for security descriptor manipulation.N)MessageMessageElementDn)FLAG_MOD_REPLACE SCOPE_BASE)ndr_pack ndr_unpack ndr_deepcopy)security)NT_STATUS_OBJECT_NAME_NOT_FOUNDc^eZdZdZdZd dZd dZdZ ddZd dZ d Z d d Z d d Z d d Z y)SDUtilszCSome utilities for manipulation of security descriptors on objects.cv||_tj|jj|_yN)ldbr dom_sidget_domain_sid domain_sid)selfsamdbs 0/usr/lib/python3/dist-packages/samba/sd_utils.py__init__zSDUtils.__init__"s("**488+B+B+DENct}t|tr||_nt|j||_t|t st|t jsJt|t r+t jj||j}nt|t jr|}tttd|d<|jj||y)zfModify security descriptor using either SDDL string or security.descriptor object nTSecurityDescriptorN)r isinstancerdnrstrr descriptor from_sddlrrrrmodify)r object_dnsdcontrolsmtmp_descs rmodify_sd_on_dnzSDUtils.modify_sd_on_dn&s I i $ADdhh *AD"c"jX5H5H&IJI b# **44RIH H// 0H$28H3E3C3I%K ! 8$rc|jj|tddg|}|ddd}ttj |S)Nrr$r)rsearchrr r r)rr"r$resdescs r read_sd_on_dnzSDUtils.read_sd_on_dn;sOhhooiT56K1v,-a0(--t44rc~|jj|}ttj|dddS)Nr objectSid)rr*r r r)rr"r+s rget_object_sidzSDUtils.get_object_sidAs5hhooi((**CF;,?,BCCrc|g}|g}fd}||dtjzg}j||}|jtjzst |j }|jD]2} | jtjzs! |j| 4ng|g}jj!|t"d|g|} t%| d|d} tj&j)| j*}d} g}g}g}|D]} t-| t$r|| } t-| tj.sJ| jtjzr|j1| f| |j jvr|j1| |j| | dz } |D]} d}t-| t2rd| vr| d}| d} t-| t$r|| } t-| tj.sJ| jtjzr|j1| | |j jvr|j1| |j5| || dz } | dk(r|||fS|j7|||nl|j9j*}t;}||_t?|jAd tB|||<jjE|||||fS#tj$r#} | jdtk7r| Yd} ~ d} ~ wwxYw) Nctjjd|zj}t |j j dk(sJ|j j dS)ND:r)r rr rlendaclaces)ace_sddlace_sdrs r ace_from_sddlz2SDUtils.update_aces_in_dacl..ace_from_sddlLsU((224(?DOOTFv{{''(!+ ,+;;##A& &rz sd_flags:1:%dr)rr4idxaceascii)#r SECINFO_DACLr-typeSEC_DESC_DACL_PROTECTEDr r6r7flagsSEC_ACE_FLAG_INHERITED_ACE dacl_del_acesamba NTSTATUSErrorargsr rr*rrrr rrr=appenddictdacl_addr'as_sddlrrrencoderr!)rrdel_acesadd_aces sddl_attrr$r:r# dacl_copyr=errr+old_sddl num_changes del_ignored add_ignoredinherited_ignoredadd_idxnew_sddlr%s` rupdate_aces_in_daclzSDUtils.update_aces_in_daclEs?  H  H '  )H,A,AAB##B#:B77X=== )1 $>> !Cyy8#F#FF!OOC0 !((//"j$#,+"BC3q6),Q/0H$$..xIB    C#s##C(c8<<0 10yy8>>>!((-"'',,&""3' OOC 1 K   CG#t$C<!%jG%j#s##C(c8<<0 10yy8>>>!((-bggll"""3' KKW % 1 K' * !  ->> >    R( ;zz$//2H AAD)(//'*B*:*35AiL HHOOAO 1K):::M %22!"xx{.MM&) ! !sL$$M7MMctjjd|z|j}g}d}|jj D]}|j ||d|dz }|j|||\}} } | | fS)zCPrepend an ACE (or more) to an objects security descriptor r3r)r<r=r4rNr$r rr rr6r7rHrY) rr"r7r$r9rNrWr=_aiiis rdacl_prepend_aceszSDUtils.dacl_prepend_acess$$..td{DOOL;;## C OOGC8 9 qLG **9x4<+>"R2v rc4|j||dg\}}y)z?Add an ACE (or more) to an objects security descriptor show_deleted:1r)N)r`)rr"r=r]s r dacl_add_acezSDUtils.dacl_add_aces($$Y/?.@%B!rctjjd|z|j}g}|jj D]}|j ||j|||\}}} || fS)zBAppend an ACE (or more) to an objects security descriptor r3r[r\) rr"r7r$r9rNr=r]r^r_s rdacl_append_aceszSDUtils.dacl_append_acessy$$..td{DOOL;;## !C OOC  !**9x4<+>"R2v rctjjd|z|j}g}|jj D]}|j ||j|||\}}} || fS)zBDelete an ACE (or more) to an objects security descriptor r3)rMr$r\) rr"r7r$del_sdrMr=dir]r_s rdacl_delete_aceszSDUtils.dacl_delete_acessy$$..td{DOOL;;## !C OOC  !**9x4<+>1R2v rcl|g}|j||dgz}|j|jS)z:Return object nTSecurityDescriptor in SDDL format rb)r-rKr)rr"r$r,s rget_sd_as_sddlzSDUtils.get_sd_as_sddls=  H!!)X9I8J-JK||DOO,,rr)NNNN)__name__ __module__ __qualname____doc__rr'r-r0rYr`rcrerirkrrrrsEMF%*5 D?C59a;F B  -rr)rorErrrrrr samba.ndrrr r samba.dcerpcr samba.ntstatusr objectrrprrrus2&< ++,88! x-fx-r