HEX
Server: Apache/2.4.52 (Ubuntu)
System: Linux spn-python 5.15.0-89-generic #99-Ubuntu SMP Mon Oct 30 20:42:41 UTC 2023 x86_64
User: arjun (1000)
PHP: 8.1.2-1ubuntu2.20
Disabled: NONE
$ pwd: /lib/python3/dist-packages/samba/__pycache__/
Upload Files
File: //lib/python3/dist-packages/samba/__pycache__/ntacls.cpython-310.pyc
o

�/a�]�@stdZddlZddlZddlZddlZddlZddlZddlZddl	m
Zddlm
Z
mZmZddlmZmZddl	mZddl	mZddlmZdd	lmZdd
lmZejejBejBejBZe
j e
j!Be
j"Be
j#BZ$Gdd�de%�Z&d
d�Z'dd�Z(				d)dd�Z)			d*dd�Z*dd�Z+d+dd�Z,Gdd�d�Z-Gdd�d�Z.dd �Z/d!d"�Z0d#d$�Z1d%d&�Z2d'd(�Z3dS),zNT Acls.�N)�param)�security�xattr�idmap)�ndr_pack�
ndr_unpack)�smbd)�libsmb_samba_internal)�get_samba_logger)�
NTSTATUSError)�system_session_unixc@seZdZdZdS)�XattrBackendErrorzA generic xattr backend error.N)�__name__�
__module__�__qualname__�__doc__�rr�./usr/lib/python3/dist-packages/samba/ntacls.pyr
2sr
cCs�|dur(|�d�}|durtj|�d�fS|�d�}|dur&tj|�d�fSdS|dkr.dS|dkrL|dur;tj|fStjtj�tj�|�d�d��fS|d	krn|durYtj|fS|�d
�}tj�tj�|d��}tj|fStd|��)
z$return the path to the eadb, or NoneNzxattr_tdb:filez
posix:eadb�NN�native�eadbzprivate dirzeadb.tdb�tdbzstate directoryz	xattr.tdbzInvalid xattr backend choice %s)	�get�samba�	xattr_tdb�
posix_eadb�os�path�abspath�joinr
)�lp�backend�eadbfilerr�	state_dir�db_pathrrr�checkset_backend6s*


"


r%cCs6z
tj�|tj�}Wn
tyYdSwttj|�S�N)r�xattr_native�
wrap_getxattrr�XATTR_DOSATTRIB_NAME_S3�	Exceptionr�	DOSATTRIB)r �file�	attributerrr�
getdosinfoRs��r.TcCs�|rct|||�\}}|dur0z
|�||tj�}	Wnty/td|�tj�|tj�}	Yn	wtj�|tj�}	ttj	|	�}
|
j
dkrF|
jS|
j
dkrO|
jjS|
j
dkrX|
jjS|
j
dkra|
jjSdSt
j|t||d�S)N�Fail to open %s������service)r%r(r�XATTR_NTACL_NAMEr*�printrr'r�NTACL�version�info�sdr�
get_nt_acl�SECURITY_SECINFO_FLAGS)r r,�session_infor!r"�direct_db_accessr5�backend_obj�dbnamer-�ntaclrrr�getntacl\s>����



��rCFc	Cs0t|t�s
t|tj�s
J�t|t�rt�|�}nt|tj�r$|}t|�}t|t�s1t|tj�s1J�t|t�r>tj�||�}n
t|tj�rK|}|�|�}|s�|r�|	�|j�\}
}|t	j
kr�|t	jkr�|jt�d|tjf�kr�t�d|tj
f�}|	�|�\}}|t	j
ks�|t	jkr�|}||_tj|t|||
d�d}n!td|||f��t�|dd�tj|tjtjBtjB|||
d�|�rt|||�\}}t��}d|_||_|dur�z|�||tjt|��WdSty�t d|�t!j"�|tjt|��YdSwt!j"�|tjt|��dStj|t||
|d	�dS)
a�
    A wrapper for smbd set_nt_acl api.

    Args:
        lp (LoadParam): load param from conf
        file (str): a path to file or dir
        sddl (str): ntacl sddl string
        service (str): name of share service, e.g.: sysvol
        session_info (auth_session_info): session info for authentication

    Note:
        Get `session_info` with `samba.auth.user_session`, do not use the
        `admin_session` api.

    Returns:
        None
    z%s-%dr4TzDUnable to find UID for domain administrator %s, got id %d of type %drr0Nr/)r5r>)#�
isinstance�strr�dom_sid�
descriptor�	from_sddl�as_sddl�	sid_to_id�	owner_sidr�ID_TYPE_UID�ID_TYPE_BOTH�DOMAIN_RID_ADMINS�DOMAIN_RID_ADMINISTRATORr�
set_nt_aclr=r
r�chown�
SECINFO_GROUP�SECINFO_DACL�SECINFO_SACLr%rr8r9r:�
wrap_setxattrr6rr*r7rr')r r,�sddl�domsidr>r!r"�	use_ntvfs�skip_invalid_chown�passdbr5�sidr;�owner_id�
owner_type�
administrator�admin_id�
admin_type�sd2r@rArBrrr�setntacl�s~


����	
�
���
�rbcCs�d}d}d}d}d}d}d}d}d	}	d}
d}d}d}
d}d}d}d}d}d}d}d}d}d	}d
}d}d}d
}d}d}||@}||@rT||@rT|||B|B|B|
B|BB}||@rh|||B|B|B|B|
B|BB}||@rr|||
BB}||@rz||B}|S)zMTakes the access mask of a DS ACE and transform them in a File ACE mask.
    r0r1r3��� �@��iiiiiir)�ldm�RIGHT_DS_CREATE_CHILD�RIGHT_DS_DELETE_CHILD�RIGHT_DS_LIST_CONTENTS�
ACTRL_DS_SELF�RIGHT_DS_READ_PROPERTY�RIGHT_DS_WRITE_PROPERTY�RIGHT_DS_DELETE_TREE�RIGHT_DS_LIST_OBJECT�RIGHT_DS_CONTROL_ACCESS�FILE_READ_DATA�FILE_LIST_DIRECTORY�FILE_WRITE_DATA�
FILE_ADD_FILE�FILE_APPEND_DATA�FILE_ADD_SUBDIRECTORY�FILE_CREATE_PIPE_INSTANCE�FILE_READ_EA�
FILE_WRITE_EA�FILE_EXECUTE�
FILE_TRAVERSE�FILE_DELETE_CHILD�FILE_READ_ATTRIBUTES�FILE_WRITE_ATTRIBUTES�DELETE�READ_CONTROL�	WRITE_DAC�WRITE_OWNER�SYNCHRONIZE�STANDARD_RIGHTS_ALL�filemaskrrr�ldapmask2filemask�sr���������r�cCs�tj�||�}t��}|j|_|j|_|j|_|j|_|jj}t	dt
|��D]8}||}|jtj@s^t|j
�tjkr^|jtjBtjB|_t|j
�tjkrS|jtjB|_t|j�|_|�|�q&|sc|S|�|�S)z�

    This function takes an the SDDL representation of a DS
    ACL and return the SDDL representation of this ACL adapted
    for files. It's used for Policy object provision
    r)rrGrHrK�	group_sid�type�revision�dacl�aces�range�len�"SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECTrE�trustee�SID_BUILTIN_PREW2K�flags�SEC_ACE_FLAG_OBJECT_INHERIT�SEC_ACE_FLAG_CONTAINER_INHERIT�SID_CREATOR_OWNER�SEC_ACE_FLAG_INHERIT_ONLYr��access_mask�dacl_addrI)�dssddlr[rI�ref�fdescrr��i�acerrr�dsacl2fsacl s&
�
r�c@szeZdZdZdd�Z		ddd�Z	ddd	�Zddd�Zd
d�Zdd�Z	dd�Z
ddd�Zddd�Zddd�Z
dd�ZdS)�	SMBHelperzb
    A wrapper class for SMB connection

    smb_path: path with separator "\" other than "/"
    cCs||_||_dSr&)�smb_connrF)�selfr�rFrrr�__init__Fs
zSMBHelper.__init__FNcCs2d|vsJ�|jj|||d�}|r|�|j�S|S�N�/)�sinfor�)r��get_aclrIrF)r��smb_pathrIr�r��ntacl_sdrrrr�Js�zSMBHelper.get_aclcCsjd|vsJ�t|t�st|tj�sJ�t|t�r!tj�||j�}nt|tj�r)|}|jj||||d�dSr�)rDrErrGrH�
domain_sidr��set_acl)r�r�r�r�r��tmp_descrrrr�Ts


�zSMBHelper.set_acl�cCsd|vsJ�|jj|td�S)zM
        List file and dir base names in smb_path without recursive.
        r�)�attribs)r��list�SMB_FILE_ATTRIBUTE_FLAGS�r�r�rrrr�bszSMBHelper.listcCst|tj@�S)ze
        Check whether the attrib value is a directory.

        attrib is from list method.
        )�bool�libsmb�FILE_ATTRIBUTE_DIRECTORY)r��attribrrr�is_diriszSMBHelper.is_dircCs|r|d|S|S)z$
        Join path with '\'
        �\r)r��root�namerrrrqszSMBHelper.joincCsd|vsJ�|j�|�S)Nr�)r��loadfiler�rrrr�wszSMBHelper.loadfilecCsb|��D]*\}}|�||�}t|t�r'|j�|�s|j�|�|j||d�q|j�||�qdS)z1
        Create files as defined in tree
        �r�N)	�itemsrrD�dictr��chkpath�mkdir�create_tree�savefile)r��treer�r��content�fullnamerrrr�{s
�zSMBHelper.create_treecCsZi}|�|�D]#}|d}|�||�}|�|d�r#|j|d�||<q|�|�||<q|S)a�
        Get the tree structure via smb conn

        self.smb_conn.list example:

        [
          {
            'attrib': 16,
            'mtime': 1528848309,
            'name': 'dir1',
            'short_name': 'dir1',
            'size': 0L
          }, {
            'attrib': 32,
            'mtime': 1528848309,
            'name': 'file0.txt',
            'short_name': 'file0.txt',
            'size': 10L
          }
        ]
        r�r�r�)r�rr��get_treer�)r�r�r��itemr�r�rrrr��szSMBHelper.get_treecCshi}|�|�D]*}|d}|�||�}|�|d�r$|�|j|d��q|�|�}|�|j�||<q|S)z>
        Get ntacl for each file and dir via smb conn
        r�r�r�)r�rr��update�
get_ntaclsr�rIrF)r�r��ntaclsr�r�r�r�rrrr��s
zSMBHelper.get_ntaclscCsB|��D]}|d}|�|d�r|j�|�q|j�|�qdS)Nr�r�)r�r�r��deltree�unlink)r�r�r�rrr�delete_tree�s�zSMBHelper.delete_tree)FNNr)r�)rrrrr�r�r�r�r�rr�r�r�r�r�rrrrr�?s 
�
�



 r�c@s&eZdZdd�Zd	dd�Zdd�ZdS)
�NtaclsHelpercCs8||_||_t��|_|j�|�d|j�d�v|_dS)N�smbzserver services)r5rF�s3param�get_contextr �loadrrX)r�r5�
smb_conf_pathrFrrrr��s

zNtaclsHelper.__init__FNcCs8|dur|j}t|j||||jd�}|r|�|j�S|S)N)r?r5)rXrCr r5rIrF)r�rr>rIr?r�rrrrC�s�zNtaclsHelper.getntaclcCst|j|||j||jd�S)N)rX)rbr rFrX)r�rr�r>rrrrb�s�zNtaclsHelper.setntacl)FN)rrrr�rCrbrrrrr��s

r�cCs>t|dd��}|�|�Wd�dS1swYdS)N�.NTACL�w)�open�write)�dst�ntacl_sddl_str�frrr�_create_ntacl_file�s"�r�cCsN|d}tj�|�sdSt|d��}|��Wd�S1s wYdS)Nr��r)rr�existsr��read)�src�
ntacl_filer�rrr�_read_ntacl_file�s$�r�cCs�t�}t|t�r
t�|�}t||�}d}t��}|g}|g}|r�|��}	|��}
|j	|	d�D]~}|�
|	|d�}tj�
|
|d�}
|�
|d�rX|�|�|�|
�t�|
�n|�|�}t|
d��
}|�|�Wd�n1srwYz|j|dd�}t|
|�Wq.ty�}z|�d	||jd
f�|�d|d�WYd}~q.d}~ww|s tj|d
d��}t�|�D]}tj�
||�}|j||d�q�Wd�n1s�wYt�|�dS)aa
    Backup all files and dirs with ntacl for the serive behind smb_conn.

    1. Create a temp dir as container dir
    2. Backup all files with dir structure into container dir
    3. Generate file.NTACL files for each file and dir in contianer dir
    4. Create a tar file from container dir(without top level folder)
    5. Delete contianer dir
    r�r�r�r��wbNT�rIz"Failed to get the ntacl for %s: %sr0z!The permissions for %s may not bez restored correctly�w:gz�r��mode��arcname)r
rDrErrFr��tempfile�mkdtemp�popr�rrrr��appendr�r�r�r�r�r�r�error�args�warning�tarfile�listdir�add�shutil�rmtree)r��dest_tarfile_pathrF�logger�
smb_helper�	remotedir�localdir�r_dirs�l_dirs�r_dir�l_dir�e�r_name�l_name�datar�r��tarr�rrrr�
backup_online�sT





��
������rcCs�|�d��dd�d}t��}t�}t|||�}t�|�D]�\}}	}
tjj	||d�}tj�
||�}|	D]$}
tj�
||
�}tj�
||
�}t�|||�|j
||dd�}t||�q3|
D]W}tj�
||�}tj�
||�}t�|||�|j
||dd�}t||�t|d��&}|��}t|d��
}|�|�Wd	�n1s�wYWd	�n1s�wYqZqtj|d
d��}t�|�D]}tj�
||�}|j||d�q�Wd	�n1s�wYt�|�d	S)
z<
    Backup files and ntacls to a tarfile for a service
    r�r0�����startTr��rbr�Nr�r�r�)�rstrip�rsplitr�r�rr�r�walkr�relpathrrr�rCr��create_filer�r�r�r�r�r�r�r�)�src_service_pathr�r�rFr5�tempdirr>�
ntacls_helper�dirpath�dirnames�	filenames�rel_dirpath�dst_dirpath�dirnamer�r�r��filename�src_filer�dst_filerr�rrrr�backup_offline(sF
�������rcCs"t�}|�d��dd�d}t��}|��}t�|�}t|||�}	t	�}
t
�|��}|j|d�Wd�n1s:wYt
�|�D]�\}}
}t
jj||d�}t
j�t
j�||��}|
D]9}|�d�s�t
j�||�}t
j�||�}t
j�|�s�t�||
|�t|�}|r�|	�|||
�q^|�d|d	�q^|D]n}|�d��st
j�||�}t
j�||�}t
j�|�s�t�||
|�t|�}|r�|	�|||
�n	|�d
|d	�t|d��&}|��}t|d��
}|�|�Wd�n1s�wYWd�n	1�swYq�qDt�|�dS)
z>
    Restore files and ntacls from a tarfile to a service
    r�r0r)rNrr�z)Failed to restore ntacl for directory %s.z) Please check the permissions are correctz$Failed to restore ntacl for file %s.rr�) r
rrr�r��get_domain_sidrrFr�rr�r��
extractallrr	rr
�normpathr�endswith�isdirrr�r�rbr��isfilerr�r�r�r�)�src_tarfile_path�dst_service_path�
samdb_connr�r�r5r
�dom_sid_strrFrr>r�rrrrrrr�r�r�rrrrrrr�backup_restoreXsh
��
���
������r#)NNTN)NNTFNN)T)4rrr�r�r��samba.xattr_nativer�samba.xattr_tdb�samba.posix_eadb�samba.samba3rr��samba.dcerpcrrr�	samba.ndrrrrr	r��samba.loggerr
r�samba.auth_utilr�FILE_ATTRIBUTE_SYSTEMr��FILE_ATTRIBUTE_ARCHIVE�FILE_ATTRIBUTE_HIDDENr��
SECINFO_OWNERrRrSrTr=r*r
r%r.rCrbr�r�r�r�r�r�rrr#rrrr�<module>sh������

�'
�g
7
<0
@ Telegram