ó E®Uc@sàdZddlZddlZddlZddlZddlmZmZm Z ddl m Z m Z ddl mZdefd„ƒYZd„Zddedd „Zddeeddd „Zd „Zed „ZdS( sNT Acls.iÿÿÿÿN(tsecuritytxattrtidmap(tndr_packt ndr_unpack(tsmbdtXattrBackendErrorcBseZdZRS(sA generic xattr backend error.(t__name__t __module__t__doc__(((s0/usr/lib/python2.7/dist-packages/samba/ntacls.pyRscCsH|d krr|jdƒ}|d k r=tj|jdƒfS|jdƒ}|d k rntj|jdƒfSd S|dkr‚d S|dkrÛ|d k r§tj|fStjtjjtjj|jdƒdƒƒfSni|dkr4|d k rtj|fStjtjjtjj|jdƒd ƒƒfSnt d |ƒ‚d S(s$return the path to the eadb, or Nonesxattr_tdb:files posix:eadbtnativeteadbs private dirseadb.tdbttdbs state dirs xattr.tdbsInvalid xattr backend choice %sN(NN(NN( tNonetgettsambat xattr_tdbt posix_eadbtostpathtabspathtjoinR(tlptbackendteadbfileRR((s0/usr/lib/python2.7/dist-packages/samba/ntacls.pytcheckset_backend s&       4   4c Cs>|r t|||ƒ\}}|dk r~y|j||tjƒ}Wq–tk rzd|GHtjj|tjƒ}q–Xntjj|tjƒ}ttj |ƒ} | j dkr¾| j S| j dkr×| j j S| j dkrð| j j S| j dkr:| j j Sn.t j|tjtjBtjBtjBd|ƒSdS(NsFail to open %siiiitservice(RR t wrap_getxattrRtXATTR_NTACL_NAMEt ExceptionRt xattr_nativeRtNTACLtversiontinfotsdRt get_nt_aclRt SECINFO_OWNERt SECINFO_GROUPt SECINFO_DACLt SECINFO_SACL( RtfileRRtdirect_db_accessRt backend_objtdbnamet attributetntacl((s0/usr/lib/python2.7/dist-packages/samba/ntacls.pytgetntacl:s,          c  CsGt|tƒs't|tjƒs't‚t|tƒrHtj|ƒ} n't|tjƒro|} t| ƒ}nt|tƒs–t|tjƒs–t‚t|tƒr½tjj|| ƒ} n*t|tjƒrç|} | j| ƒ}n| rF|rF|j| j ƒ\} } | t j krF| t j krF| j tjd|tj fƒkrtjd|tjfƒ}|j|ƒ\}}|t j ksž|t j krç| }||_ tj|tjtjBtjBtjB|d| ƒt}q@td|||fƒ‚qCtj|ddƒtj|tjtjBtjB| d| ƒqFn|rt|||ƒ\}}tjƒ}d|_| |_|dk rðy#|j||tj t!|ƒƒWqt"k rìd|GHt#j$j|tj t!|ƒƒqXqCt#j$j|tj t!|ƒƒn1tj|tjtjBtjBtjB| d| ƒdS(Ns%s-%dRsDUnable to find UID for domain administrator %s, got id %d of type %diisFail to open %s(%t isinstancetstrRtdom_sidtAssertionErrort descriptort from_sddltas_sddlt sid_to_idt owner_sidRt ID_TYPE_UIDt ID_TYPE_BOTHtDOMAIN_RID_ADMINStDOMAIN_RID_ADMINISTRATORRt set_nt_aclR$R%R&R'tTrueRRtchownRRRR R!R t wrap_setxattrRRRRR(RR(tsddltdomsidRRt use_ntvfstskip_invalid_chowntpassdbRtsidR"towner_idt owner_typet administratortadmin_idt admin_typetsd2R*R+R-((s0/usr/lib/python2.7/dist-packages/samba/ntacls.pytsetntaclWsT'' % 1 0       cCsRd}d}d}d}d}d}d}d}d } d} d} d} d} d}d}d}d}d}d}d}d}d}d }d }d }d }d }d}d}||@}||@rí||@rí||| B|B|B| B|BB}n||@r||| B|B|B|B| B|BB}n||@r7||| BB}n||@rN||B}n|S(sMTakes the access mask of a DS ACE and transform them in a File ACE mask. iiiiii i@i€iiiiiii((tldmtRIGHT_DS_CREATE_CHILDtRIGHT_DS_DELETE_CHILDtRIGHT_DS_LIST_CONTENTSt ACTRL_DS_SELFtRIGHT_DS_READ_PROPERTYtRIGHT_DS_WRITE_PROPERTYtRIGHT_DS_DELETE_TREEtRIGHT_DS_LIST_OBJECTtRIGHT_DS_CONTROL_ACCESStFILE_READ_DATAtFILE_LIST_DIRECTORYtFILE_WRITE_DATAt FILE_ADD_FILEtFILE_APPEND_DATAtFILE_ADD_SUBDIRECTORYtFILE_CREATE_PIPE_INSTANCEt FILE_READ_EAt FILE_WRITE_EAt FILE_EXECUTEt FILE_TRAVERSEtFILE_DELETE_CHILDtFILE_READ_ATTRIBUTEStFILE_WRITE_ATTRIBUTEStDELETEt READ_CONTROLt WRITE_DACt WRITE_OWNERt SYNCHRONIZEtSTANDARD_RIGHTS_ALLtfilemask((s0/usr/lib/python2.7/dist-packages/samba/ntacls.pytldapmask2filemasksT      cCs1tjj||ƒ}tjƒ}|j|_|j|_|j|_|j|_|jj}xºt dt |ƒƒD]£}||}|jtj @ rst |j ƒtjkrs|jtjBtjB|_t |j ƒtjkrô|jtjB|_nt|jƒ|_|j|ƒqsqsW|s$|S|j|ƒS(sµ This function takes an the SDDL representation of a DS ACL and return the SDDL representation of this ACL adapted for files. It's used for Policy object provision i(RR3R4R7t group_sidttypetrevisiontdacltacestrangetlent"SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECTR0ttrusteetSID_BUILTIN_PREW2KtflagstSEC_ACE_FLAG_OBJECT_INHERITtSEC_ACE_FLAG_CONTAINER_INHERITtSID_CREATOR_OWNERtSEC_ACE_FLAG_INHERIT_ONLYRlt access_masktdacl_addR5(tdssddlRER5treftfdescrRqtitace((s0/usr/lib/python2.7/dist-packages/samba/ntacls.pyt dsacl2fsaclÔs$       )(R Rtsamba.xattr_nativeRtsamba.xattr_tdbtsamba.posix_eadbt samba.dcerpcRRRt samba.ndrRRt samba.samba3RRRRR R=R.tFalseRLRlRƒ(((s0/usr/lib/python2.7/dist-packages/samba/ntacls.pyts $ F 7