IdZ".ddlmZddlmZddlmZddlmZddl m Z m Z ddl m Z mZmZmZmZmZmZmZmZmZmZmZmZddlZddlmZddlZddlmZdd lm Z m!Z!m"Z"m#Z#Gd d e Z$Gd d e$Z%Gdde$Z&Gdde$Z'Gdde"Z(y)N)sd_utils)security)SamDB) ndr_unpackndr_pack) GUID_DRS_ALLOCATE_RIDSGUID_DRS_CHANGE_DOMAIN_MASTERGUID_DRS_CHANGE_INFR_MASTERGUID_DRS_CHANGE_PDCGUID_DRS_CHANGE_RID_MASTERGUID_DRS_CHANGE_SCHEMA_MASTERGUID_DRS_GET_CHANGESGUID_DRS_GET_ALL_CHANGES GUID_DRS_GET_FILTERED_ATTRIBUTESGUID_DRS_MANAGE_TOPOLOGYGUID_DRS_MONITOR_TOPOLOGYGUID_DRS_REPL_SYNCRONIZEGUID_DRS_RO_REPL_SECRET_SYNC) SCOPE_BASE)system_session)Command CommandError SuperCommandOptioncdeZdZdZdZej ejejdZ ddZ y)cmd_dsacl_basezBase class for DSACL commands.z%prog [options]) sambaoptscredopts versionoptsc|j|}|jj|d|d|jj|dzy)Nzdescriptor for z:  )get_sd_as_sddloutfwrite)self sd_helper object_dnprefix desc_sddls 4/usr/lib/python3/dist-packages/samba/netcmd/dsacl.py print_aclzcmd_dsacl_base.print_acl9s<,,Y7  FIFG  D()N)) __name__ __module__ __qualname____doc__synopsisoptions SambaOptionsCredentialsOptionsVersionOptionstakes_optiongroupsr+r,r*rr.s4( H))..-- *r,rc eZdZdZdZedddedded d gd e ed d ddgd edddedddedddgZdZdZ ddZ y) cmd_dsacl_setz)Modify access list on a directory object.z+ The access control right to allow or deny -H--URL%LDB URL for database or target serverURLHhelptypemetavardestz--carchoice z change-ridz change-pdczchange-infrastructurez change-schemaz change-naming allocate_ridsz get-changeszget-changes-allzget-changes-filteredztopology-manageztopology-monitorz repl-synczro-repl-secret-sync)rBchoicesrAz--actionallowdenyzDeny or allow access --objectdn#DN of the object whose SD to modifystringrArBz --trusteednz!DN of the entity that gets access--sddlz1An ACE or group of ACEs to be added on the objectc|j|dt}t|dk(sJttj |dddS)Nz(objectClass=*))base expressionscoper objectSid)searchrlenrrdom_sid)r%samdb trusteednress r*find_trustee_sidzcmd_dsacl_set.find_trustee_sid_sNll 6G!+-3x1}}(**CF;,?,BCCr,c.|j||\}}|D];}|j|j}|jj d|z=|D];}|j|j}|jj d|z=y)zAdd new ace explicitly.%WARNING: ignored INHERITED_ACE (%s). zDWARNING: (%s) was already found in the current security descriptor. N)dacl_prepend_acesas_sddl domain_sidr#r$)r%r&r'new_aceaiiiacesddls r*add_acezcmd_dsacl_set.add_acees++Iw?2 MC;;y334D IIOODtK L M lC;;y334D IIOOcfjj k lr,Nc |j} |j| } ||||||jSt|t | | } t j | } tttttttttt t"t$t&d }|j)| |}|r|}nD|dk(rd||dt+|d}n)|dk(rd||dt+|d}nt-d |z|j/| |d |j1| |||j/| |d y) Nurl session_info credentialslprFrIz(OA;;CR;z;;)rJz(OD;;CR;zWrong argument '%s'!old r(new ) get_loadparmget_credentialsusagerrrSDUtilsr r r r r rrrrrrrrr\strrr+rg)r%caractionobjectdnrZrfr?rrrrmcredsrYr&carssidrbs r*runzcmd_dsacl_set.runos-  # # %((, !>!73#;(H#;$=5'C ##E95 G w +/9c#h?G v +/9c#h?G5>? ? y(6: Y'2 y(6:r,NNNN) r.r/r0r1car_helprrv takes_optionsr\rgr}r8r,r*r:r:?s3@H tW#JS 2wX 0G  z7F2C. 0|"G }#F xQ /M6D l@D&;r,r:cLeZdZdZedddeddedd d gZ dd Zy ) cmd_dsacl_getz(Print access list on a directory object.r;r<r=r>r?r@rKrLrMrNNc|j}|j|}t|t||}t j |} |j | |y)Nri)rrrsrrrrur+) r%ryr?rrrrmrzrYr&s r*r}zcmd_dsacl_get.runsT  # # %((,!.*:"&$$U+  y(+r,r~)r.r/r0r1rrvrr}r8r,r*rrs@2 tW#JS 2|"G  M@D,r,rcdeZdZdZedddeddedd d ed d d gZddZdZy)cmd_dsacl_deletez2Delete an access list entry on a directory object.r;r<r=r>r?r@rKrLrMrNrOz5An ACE or group of ACEs to be deleted from the objectNc<|j}|j|}|||jSt|t ||} t j | } |j| |d|j| |||j| |dy)Nrirorprq) rrrsrtrrrrur+ delete_ace) r%ryrfr?rrrrmrzrYr&s r*r}zcmd_dsacl_delete.runs  # # %((, <8+::< !.*:"'B0$$U+  y(6:  8T2 y(6:r,c.|j||\}}|D];}|j|j}|jj d|z=|D];}|j|j}|jj d|z=y)zDelete ace explicitly.r^z@WARNING: (%s) was not found in the current security descriptor. N)dacl_delete_acesr`rar#r$)r%r&r' delete_acesdirdrerfs r*rzcmd_dsacl_delete.delete_aces**9kB2 MC;;y334D IIOODtK L M hC;;y334D IIOO_bff g hr,r~) r.r/r0r1rrvrr}rr8r,r*rrsO< tW#JS 2|"G xU   M ;hr,rcPeZdZdZiZeed<eed<eed<y) cmd_dsaclzDS ACLs manipulation.setgetdeleteN)r.r/r0r1 subcommandsr:rrr8r,r*rrs/K&K&K,.Kr,r)) samba.getoptgetoptr3sambar samba.dcerpcr samba.samdbr samba.ndrrrsamba.dcerpc.securityrr r r r r rrrrrrrldbrre samba.authr samba.netcmdrrrrrr:rrrr8r,r*rs&!*""""  %*W*"V;NV;r,N,*#h~#hL/ /r,