_$e> ~dZddlZddlmZmZmZddlmZmZddlm Z m Z m Z ddl m Z ddlmZGdd eZdS) z5Utility methods for security descriptor manipulation.N)MessageMessageElementDn)FLAG_MOD_REPLACE SCOPE_BASE)ndr_pack ndr_unpack ndr_deepcopy)security)NT_STATUS_OBJECT_NAME_NOT_FOUNDcbeZdZdZdZd dZd dZdZ ddZd dZ d Z d d Z d d Z gfd Z dS)SDUtilszCSome utilities for manipulation of security descriptors on objects.ct||_tj|j|_dSN)ldbr dom_sidget_domain_sid domain_sid)selfsamdbs 0/usr/lib/python3/dist-packages/samba/sd_utils.py__init__zSDUtils.__init__"s-"*48+B+B+D+DEENc"t}t|tr||_nt|j||_t|t st|t jsJt|t r&t j||j }nt|t jr|}tt|td|d<|j ||dS)zfModify security descriptor using either SDDL string or security.descriptor object nTSecurityDescriptorN)r isinstancerdnrstrr descriptor from_sddlrrrrmodify)r object_dnsdcontrolsmtmp_descs rmodify_sd_on_dnzSDUtils.modify_sd_on_dn&s II i $ $ +ADDdh **AD"c""JjX5H&I&IJJJ b#   *44RIIHH H/ 0 0 H$28H3E3E3C3I%K%K ! 8$$$$$rc|j|tddg|}|ddd}ttj|S)Nrr$r)rsearchrr r r)rr"r$resdescs r read_sd_on_dnzSDUtils.read_sd_on_dn;sShooiT56KK1v,-a0(-t444rc|j|}ttj|dddS)Nr objectSid)rr*r r r)rr"r+s rget_object_sidzSDUtils.get_object_sidAs6hooi(((*CF;,?,BCCCrc|g}|g}fd}||dtjzg}||}|jtjzs}t |j}|jD]a} | jtj zrK | | -#tj $r"} | j dtkr| Yd} ~ Yd} ~ wwxYwbno|g}j|t"d|g|} t%| d|d} tj| j}d} g}g}g}|D]} t-| t$r || } t-| tjsJ| jtj zr|| h| |jjvr|| | | | dz } |D]} d}t-| t2rd| vr| d}| d} t-| t$r || } t-| tjsJ| jtj zr|| | |jjvr|| || || dz } | dkr|||fS||||nw|j}t;}||_t?| d tB|||<j"|||||fS) Nctjd|zj}t |jjdksJ|jjdS)ND:r)r rr rlendaclaces)ace_sddlace_sdrs r ace_from_sddlz2SDUtils.update_aces_in_dacl..ace_from_sddlLsO(224(?DOTTFv{'((!++++;#A& &rz sd_flags:1:%dr)rr4idxaceascii)#r SECINFO_DACLr-typeSEC_DESC_DACL_PROTECTEDr r6r7flagsSEC_ACE_FLAG_INHERITED_ACE dacl_del_acesamba NTSTATUSErrorargsr rr*rrrr rrr=appenddictdacl_addr'as_sddlrrrencoderr!)rrdel_acesadd_aces sddl_attrr$r:r# dacl_copyr=errr+old_sddl num_changes del_ignored add_ignoredinherited_ignoredadd_idxnew_sddlr%s` rupdate_aces_in_daclzSDUtils.update_aces_in_daclEs  H  H ' ' ' ' '  )H,AAB##B#::B7X== ! )11 $> ! !Cy8#FF!!OOC0000$2!!!"x{.MMM&) !DDDD !!(//"j$#,+"BBC3q6),Q/00H$..xIIB     C#s## )#mC((c8<00 1 1 1y8>> !((---"',&&""3''' OOC 1 KK  CG#t$$ !C<<!%jG%j#s## )#mC((c8<00 1 1 1y8>> !((---bgl""""3''' KKW % % % 1 KK !   ->> >    R( ; ; ; ;zz$/22H AAD)(//'*B*B*:*355AiL HOOAO 1 1 1K):::sBC%CCctjd|z|j}g}d}|jjD]}|||d|dz } ||||\}} } | | fS)zCPrepend an ACE (or more) to an objects security descriptor r3r)r<r=r4rNr$r rr rr6r7rHrY) rr"r7r$r9rNrWr=_aiiis rdacl_prepend_aceszSDUtils.dacl_prepend_acess$..td{DOLL;#  C OOGC88 9 9 9 qLGG**9x4<+>>"R2v rc>|||dg\}}dS)z?Add an ACE (or more) to an objects security descriptor show_deleted:1r)N)r`)rr"r=r]s r dacl_add_acezSDUtils.dacl_add_aces2$$Y/?.@%BB!!!rctjd|z|j}g}|jjD]}||||||\}}} || fS)zBAppend an ACE (or more) to an objects security descriptor r3r[r\) rr"r7r$r9rNr=r]r^r_s rdacl_append_aceszSDUtils.dacl_append_acess$..td{DOLL;# ! !C OOC **9x4<+>>"R2v rctjd|z|j}g}|jjD]}||||||\}}} || fS)zBDelete an ACE (or more) to an objects security descriptor r3)rMr$r\) rr"r7r$del_sdrMr=dir]r_s rdacl_delete_aceszSDUtils.dacl_delete_acess$..td{DOLL;# ! !C OOC **9x4<+>>1R2v rcj|||dgz}||jS)z:Return object nTSecutiryDescriptor in SDDL format rb)r-rKr)rr"r$r,s rget_sd_as_sddlzSDUtils.get_sd_as_sddls6!!)X9I8J-JKK||DO,,,rr)NNNN)__name__ __module__ __qualname____doc__rr'r-r0rYr`rcrerirkrrrrsMMFFF%%%%*5555 DDD?C59a;a;a;a;F    BBB        24------rr)rorErrrrrr samba.ndrrr r samba.dcerpcr samba.ntstatusr objectrrprrrus&<; ++++++++++,,,,,,,,8888888888!!!!!! v-v-v-v-v-fv-v-v-v-v-r