ó E®Uc@s'ddljZddlmZddlmZddlmZm Z ddl m Z m Z m Z mZmZmZmZmZmZmZmZmZmZddlZddlmZddlZddlmZddlmZmZm Z m!Z!d efd „ƒYZ"d e fd „ƒYZ#dS( iÿÿÿÿN(tsecurity(tSamDB(t ndr_unpacktndr_pack( tGUID_DRS_ALLOCATE_RIDStGUID_DRS_CHANGE_DOMAIN_MASTERtGUID_DRS_CHANGE_INFR_MASTERtGUID_DRS_CHANGE_PDCtGUID_DRS_CHANGE_RID_MASTERtGUID_DRS_CHANGE_SCHEMA_MASTERtGUID_DRS_GET_CHANGEStGUID_DRS_GET_ALL_CHANGESt GUID_DRS_GET_FILTERED_ATTRIBUTEStGUID_DRS_MANAGE_TOPOLOGYtGUID_DRS_MONITOR_TOPOLOGYtGUID_DRS_REPL_SYNCRONIZEtGUID_DRS_RO_REPL_SECRET_SYNC(t SCOPE_BASE(tsystem_session(tCommandt CommandErrort SuperCommandtOptiont cmd_dsacl_setcBsXeZdZdZdZiejd6ejd6ejd6Z e dddd d e d d d dƒe dd dddddddddddddddg deƒe dd ddd d!gdd"ƒe d#dd$d d%ƒe d&dd'd d%ƒe d(dd)d d%ƒgZ d*„Z d1d+„Zd,„Zd-„Zd.„Zd/„Zd1d1d1d1d0„ZRS(2s)Modify access list on a directory object.s%prog [options]s+ The access control right to allow or deny t sambaoptstcredoptst versionoptss-Hs--URLthelps%LDB URL for database or target serverttypetmetavartURLtdesttHs--cartchoicetchoicess change-rids change-pdcschange-infrastructures change-schemas change-namingt allocate_ridss get-changessget-changes-allsget-changes-filteredstopology-managestopology-monitors repl-syncsro-repl-secret-syncs--actiontallowtdenysDeny or allow accesss --objectdns#DN of the object whose SD to modifytstrings --trusteedns!DN of the entity that gets accesss--sddls1An ACE or group of ACEs to be added on the objectcCsR|jd|dddtƒ}t|ƒdks6t‚ttj|dddƒS(Ntbaset expressions(objectClass=*)tscopeiit objectSid(tsearchRtlentAssertionErrorRRtdom_sid(tselftsamdbt trusteedntres((s6/usr/lib/python2.7/dist-packages/samba/netcmd/dsacl.pytfind_trustee_sidVs cCslt|tjƒst‚tjƒ}tj||ƒ|_tjt |ƒtj dƒ|d<|j |ƒdS(NtnTSecurityDescriptor( t isinstanceRt descriptorR-tldbtMessagetDntdntMessageElementRtFLAG_MOD_REPLACEtmodify(R/R0t object_dntdesctcontrolstm((s6/usr/lib/python2.7/dist-packages/samba/netcmd/dsacl.pytmodify_descriptor\s  cCs[|jd|dtddgƒ}t|ƒdks9t‚|ddd}ttj|ƒS(NR'R)tattrsR4ii(R+RR,R-RRR6(R/R0R>R2R?((s6/usr/lib/python2.7/dist-packages/samba/netcmd/dsacl.pytread_descriptores  cCs@|jd|jƒdddtƒ}ttj|dddƒS(NR'R(s(objectClass=*)R)iR*(R+t domain_dnRRRR.(R/R0R2((s6/usr/lib/python2.7/dist-packages/samba/netcmd/dsacl.pytget_domain_sidmscCsý|j||ƒ}|j|j|ƒƒ}tjd|ƒ}x/|D]'}d|krC|j|dƒ}qCqCW||kr~dS|jdƒdkr¾||jdƒ |||jdƒ}n ||}tj j ||j|ƒƒ}|j |||ƒdS(sAdd new ace explicitly.s\(.*?\)tIDtNt(i( RDtas_sddlRFtretfindalltreplacetfindtindexRR6t from_sddlRB(R/R0R>tnew_aceR?t desc_sddlt desc_acestace((s6/usr/lib/python2.7/dist-packages/samba/netcmd/dsacl.pytadd_acers   + cCsV|j||ƒ}|j|j|ƒƒ}|jjd|ƒ|jj|dƒdS(Nsnew descriptor for %s: s (RDRJRFtoutftwrite(R/R0R>R?RR((s6/usr/lib/python2.7/dist-packages/samba/netcmd/dsacl.pyt print_new_acl„sc  Cs |jƒ} |j| ƒ} |dkra|dksW|dksW|dksW|dkra|jƒStd|dtƒd| d| ƒ} i td6td6td6t d6t d 6t d 6t d 6t d 6td 6td6td6td6td6} |j| |ƒ}|r|}nb|dkr0d| |t|ƒf}n9|dkrYd| |t|ƒf}ntd|ƒ‚|j| |ƒ|j| ||ƒ|j| |ƒdS(Nturlt session_infot credentialstlps change-rids change-pdcschange-infrastructures change-schemas change-namingR#s get-changessget-changes-allsget-changes-filteredstopology-managestopology-monitors repl-syncsro-repl-secret-syncR$s(OA;;CR;%s;;%s)R%s(OD;;CR;%s;;%s)sWrong argument '%s'!(t get_loadparmtget_credentialstNonetusageRRRRRR RRR R R R RRRR3tstrRRXRU(R/tcartactiontobjectdnR1tsddlR RRRR\tcredsR0tcarstsidRQ((s6/usr/lib/python2.7/dist-packages/samba/netcmd/dsacl.pytrunŠs> $      N(t__name__t __module__t__doc__tsynopsistcar_helptoptionst SambaOptionstCredentialsOptionstVersionOptionsttakes_optiongroupsRRat takes_optionsR3R_RBRDRFRURXRi(((s6/usr/lib/python2.7/dist-packages/samba/netcmd/dsacl.pyR/sL          t cmd_dsaclcBs!eZdZiZeƒedsX  " ƒ