ó E®Uc@smddlmZddljZddlmZmZddlm Z m Z ddl m Z ddl mZmZddlmZddlmZmZmZdd l mZdd lmZddlZdd lmZdd lmZmZm Z m!Z!d efd„ƒYZ"defd„ƒYZ#defd„ƒYZ$defd„ƒYZ%de fd„ƒYZ&dS(iÿÿÿÿ(tDONT_USE_KERBEROSN(tsecuritytidmap(tsetntacltgetntacl(tLdb(t ndr_unpackt ndr_print(tSamDB(tparamtpassdbtsmbd(t provision(t SCOPE_BASE(tsystem_session(tCommandt CommandErrort SuperCommandtOptiont cmd_ntacl_setc BsøeZdZdZiejd6ejd6ejd6Ze ddddd ƒe d d d dd dddgƒe dddd dƒe ddddd ƒe ddddd ƒe dddd dƒgZ ddgZ e e e ddddddd„ ZRS(sSet ACLs on a file.s%prog [options]t sambaoptstcredoptst versionoptss--quietthelpsBe quiettactiont store_trues--xattr-backendttypetchoices%xattr backend type (native fs or tdb)tchoicestnativettdbs --eadb-files0Name of the tdb file where attributes are storedtstrings --use-ntvfssLSet the ACLs directly to the TDB or xattr for use with the ntvfs file servers --use-s3fssHSet the ACLs for use with the default s3fs file server via the VFS layers --services:Name of the smb.conf service to use when applying the ACLstacltfilec  Cs2|jƒ} | jƒ} ytdtƒd| ƒ}Wn"tk rX}td|ƒ‚nX| r| rd| jdƒk}n|rŽt}nytj |j ƒ}Wntdƒ‚nXt j ƒ}|j | jƒ|jdd|jƒt| ||t|ƒ||d |d | ƒ|r.| jd ƒndS( Nt session_infotlpsUnable to open samdb:tsmbsserver servicess2Unable to read domain SID from configuration filesspassdb backends samba_dsdb:%st use_ntvfstservicesPPlease note that POSIX permissions have NOT been changed, only the stored NT ACL(t get_loggert get_loadparmRRt ExceptionRtgettFalseRtdom_sidt domain_sidts3paramt get_contexttloadt configfiletsetturlRtstrtwarning(tselfR R!R%tuse_s3fstquiett xattr_backendt eadb_fileRRRR&tloggerR#tsamdbteR-ts3conf((s6/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.pytrunAs*     +N(t__name__t __module__t__doc__tsynopsistoptionst SambaOptionstCredentialsOptionstVersionOptionsttakes_optiongroupsRt takes_optionst takes_argsR+tNoneR?(((s6/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.pyR*s$       t cmd_ntacl_getc BsõeZdZdZiejd6ejd6ejd6Ze ddddd ƒe d d d dd dddgƒe dddd dƒe ddddd ƒe ddddd ƒe dddd dƒgZ dgZ e e e ddddddd„ ZRS(sGet ACLs of a file.s%prog [options]RRRs --as-sddlRsOutput ACL in the SDDL formatRRs--xattr-backendRRs%xattr backend type (native fs or tdb)RRRs --eadb-files0Name of the tdb file where attributes are storedRs --use-ntvfssKGet the ACLs directly from the TDB or xattr used with the ntvfs file servers --use-s3fssKGet the ACLs for use via the VFS layer used by the default s3fs file servers --services9Name of the smb.conf service to use when getting the ACLsR!c  CsB|jƒ} ytdtƒd| ƒ} Wn"tk rL} td| ƒ‚nX| rs| rsd| jdƒk}n|r‚t}ntjƒ}|j | j ƒ|j dd| j ƒt | |||d|d | ƒ}|r(ytj| jƒ}Wntd ƒ‚nX|jj|j|ƒd ƒn|jjt|ƒƒdS( NR"R#sUnable to open samdb:R$sserver servicesspassdb backends samba_dsdb:%stdirect_db_accessR&s2Unable to read domain SID from configuration filess (R(RRR)RR*R+R.R/R0R1R2R3RRR,R-toutftwritetas_sddlR(R6R!R%R7RPR9R:RRRR&R#R<R=R>R R-((s6/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.pyR?xs*    ! N(R@RARBRCRDRERFRGRHRRIRJR+RKR?(((s6/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.pyRLbs$       tcmd_ntacl_sysvolresetcBs€eZdZdZiejd6ejd6ejd6Ze ddddd ƒe d dd dd ƒgZ e e d d d d „Z RS(s?Reset sysvol ACLs to defaults (including correct ACLs on GPOs).s%prog [options]RRRs --use-ntvfsRs/Set the ACLs for use with the ntvfs file serverRRs --use-s3fss6Set the ACLs for use with the default s3fs file servercCsX|jƒ}|jdƒ}|j|ƒ}|jtƒ|jƒ} |jddƒ} |jddƒ} ytdtƒd|ƒ} Wn"t k r§} t d| ƒ‚nX| rÎ| rÎd|jd ƒk}n|rÝt }nt j | jƒ}tjƒ}|j|jƒ|jd d | jƒt j t|ƒd tt jƒƒ}t j t jƒ}tj|jd ƒƒ}|j|ƒ\}}|tjkr¸|tjkr¸t d |ƒ‚n|j|ƒ\}}|tjkrþ|tjkrþt d|ƒ‚n|r| jdƒnt j!| | | ||||jdƒj"ƒ| j#ƒ|d|ƒ dS(Ns secrets.ldbtpathtnetlogontsysvolR"R#sUnable to open samdb:R$sserver servicesspassdb backends samba_dsdb:%st-sSID %s is not mapped to a UIDsSID %s is not mapped to a GIDsPPlease note that POSIX permissions have NOT been changed, only the stored NT ACLtrealmR%($R(t private_pathtget_credentialstset_kerberos_stateRR'R*RRR)RR+RR,R-R.R/R0R1R2R3R4tDOMAIN_RID_ADMINISTRATORtSID_BUILTIN_ADMINISTRATORSR tPDBt sid_to_idRt ID_TYPE_UIDt ID_TYPE_BOTHt ID_TYPE_GIDR5R t setsysvolacltlowert domain_dn(R6R%R7RRRR#RRtcredsR;RSRTR<R=R-R>tLA_sidtBA_sidt s4_passdbtLA_uidtLA_typetBA_gidtBA_type((s6/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.pyR?¨sH        N(R@RARBRCRDRERFRGRHRRIR+RKR?(((s6/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.pyRQ™s   tcmd_ntacl_sysvolcheckcBsJeZdZdZiejd6ejd6ejd6Zdddd„Z RS(sBCheck sysvol ACLs match defaults (including correct ACLs on GPOs).s%prog [options]RRRc Csò|jƒ}|jdƒ}|j|ƒ}|jtƒ|jƒ}|jddƒ}|jddƒ} ytdtƒd|ƒ} Wn"t k r§} t d| ƒ‚nXt j | j ƒ} tj| || | |jdƒjƒ| jƒ|ƒdS( Ns secrets.ldbRRRSRTR"R#sUnable to open samdb:RV(R(RWRXRYRR'R*RRR)RRR,R-R tchecksysvolaclRbRc( R6RRRR#RRRdR;RSRTR<R=R-((s6/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.pyR?æs    N( R@RARBRCRDRERFRGRHRKR?(((s6/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.pyRlÜs   t cmd_ntaclcBsHeZdZiZeƒeds" " 87C