b% ddlmZddlmZddlmZddlmZm Z ddl m Z m Z m Z mZmZmZmZmZmZmZmZmZmZddlZddlmZddlZddlmZddlmZmZm Z m!Z!Gd d eZ"Gd d eZ#Gd de Z$dS)N)security)SamDB) ndr_unpackndr_pack) GUID_DRS_ALLOCATE_RIDSGUID_DRS_CHANGE_DOMAIN_MASTERGUID_DRS_CHANGE_INFR_MASTERGUID_DRS_CHANGE_PDCGUID_DRS_CHANGE_RID_MASTERGUID_DRS_CHANGE_SCHEMA_MASTERGUID_DRS_GET_CHANGESGUID_DRS_GET_ALL_CHANGES GUID_DRS_GET_FILTERED_ATTRIBUTESGUID_DRS_MANAGE_TOPOLOGYGUID_DRS_MONITOR_TOPOLOGYGUID_DRS_REPL_SYNCRONIZEGUID_DRS_RO_REPL_SECRET_SYNC) SCOPE_BASE)system_session)Command CommandError SuperCommandOptionc (eZdZdZdZdZejejej dZ e ddde dd e d d gd ee dd ddgde ddde ddde dddgZ dZd$dZdZdZd Zd%d"Z d&d#ZdS)' cmd_dsacl_setz)Modify access list on a directory object.%prog [options]z+ The access control right to allow or deny  sambaoptscredopts versionopts-H--URL%LDB URL for database or target serverURLHhelptypemetavardestz--carchoice z change-ridz change-pdczchange-infrastructurez change-schemaz change-naming allocate_ridsz get-changeszget-changes-allzget-changes-filteredztopology-manageztopology-monitorz repl-synczro-repl-secret-sync)r(choicesr'z--actionallowdenyzDeny or allow access --objectdn#DN of the object whose SD to modifystringr'r(z --trusteednz!DN of the entity that gets accessz--sddlz1An ACE or group of ACEs to be added on the objectc||dt}t|dksJttj|dddS)N(objectClass=*)base expressionscoper objectSid)searchrlenrrdom_sid)selfsamdb trusteednress 4/usr/lib/python3/dist-packages/samba/netcmd/dsacl.pyfind_trustee_sidzcmd_dsacl_set.find_trustee_sidUsVll 6G!+--3xx1}}}}(*CF;,?,BCCCNc"t|tjsJtj}tj|||_tjt|tj d|d<| |dS)NnTSecurityDescriptor) isinstancer descriptorldbMessageDndnMessageElementrFLAG_MOD_REPLACEmodify)r@rA object_dndesccontrolsms rDmodify_descriptorzcmd_dsacl_set.modify_descriptor[sw$ 344555 KMMveY''$'$6$#"6&%(%( !  QrFc||tdg}t|dksJ|ddd}ttj|SNrH)r8r:attrsr;rr=rr>rrrJr@rArRrCrSs rDread_descriptorzcmd_dsacl_set.read_descriptords`ll "8!9;;3xx1}}}}1v,-a0(-t444rFc||dt}ttj|dddSNr6r7rr<r= domain_dnrrrr?r@rArCs rDget_domain_sidzcmd_dsacl_set.get_domain_sidlsNll 1 1&7zKK(*CF;,?,BCCCrFc |||}tjd|z||}t jd|}|D] }|||}t jd|}|D]}d|vr||d}||vrd| ddkr?|d| d|z|| ddz}n||z}tj|||}| ||| dS)zAdd new ace explicitly.zD:z\(.*?\)ID(rN) r\rrJ from_sddlrbrefindallas_sddlreplacefindindexrV) r@rArRnew_acerS new_ace_list desc_sddl desc_acesaces rDadd_acezcmd_dsacl_set.add_aceqs##E955%//wt?R?RSX?Y?YZZz*W__->->?? # ; ;G T%8%8%?%?@@I :y99I  ; ;CKK ) 1 1#r : :I)##~~c""a''%&;ys';';&;!>!73#;(H#;$=5'C  ##E955  @GG w   +/999c#hhhh?GG v   +/999c#hhhh?GG5>?? ? uh''' UHg... uhD11111rF)N)FNNNN)__name__ __module__ __qualname____doc__synopsiscar_helpoptions SambaOptionsCredentialsOptionsVersionOptionstakes_optiongroupsrr takes_optionsrErVr\rbrsrzrrFrDrr.s33 H@H).- tW#JS 2 2 2wX 0G 0G 0G    z7F2C. 0 0 0|"G   }#F   xQ   /M6DDD 555DDD ;;;*****@D%2%2%2%2%2%2rFrceZdZdZdZejejejdZ e ddde dd e d d d gZ dZ dZdZ ddZdS) cmd_dsacl_getz(Print access list on a directory object.rrr!r"r#r$r%r&r1r2r3r4c||tdg}t|dksJ|ddd}ttj|SrXrZr[s rDr\zcmd_dsacl_get.read_descriptors`ll -.003xx1}}}}1v,-a0(-t444rFc||dt}ttj|dddSr^r_ras rDrbzcmd_dsacl_get.get_domain_sidsNll 1 1,J@@8+CF;,?,BCCCrFc|||}|||}|jd|z|j|dzdS)Nzdescriptor for %s: rurv)r@rArRrSrps rDrzzcmd_dsacl_get.print_aclso##E955LL!4!4U!;!;<<  .:;;;  D()))))rFNc|}||}t|t||}|||dS)Nr|)rrrrrz) r@rr%rrr rrrAs rDrzcmd_dsacl_get.runsc  # # % %((,,!.*:*:"&&& uh'''''rFr)rrrrrrrrrrrrrr\rbrzrrrFrDrrs22 H).-   tW#JS 2 2 2|"G    M555DDD ***@D((((((rFrcJeZdZdZiZeed<eed<dS) cmd_dsaclzDS ACLs manipulation.setgetN)rrrr subcommandsrrrrFrDrrs;K&K&KrFr)% samba.getoptgetoptr samba.dcerpcr samba.samdbr samba.ndrrrsamba.dcerpc.securityrrr r r r r rrrrrrrKrrh samba.authr samba.netcmdrrrrrrrrrFrDrs&!!!!!!********""""""""""""""""""""""""""""""  %%%%%%F2F2F2F2F2GF2F2F2R,(,(,(,(,(G,(,(,(^))))) )))))rF