HEX

File: //usr/lib/python3/dist-packages/samba/__pycache__/sd_utils.cpython-310.pyc
o

�\e> �@spdZddlZddlmZmZmZddlmZmZddlm	Z	m
Z
mZddlm
Z
ddlmZGdd	�d	e�ZdS)
z5Utility methods for security descriptor manipulation.�N)�Message�MessageElement�Dn)�FLAG_MOD_REPLACE�
SCOPE_BASE)�ndr_pack�
ndr_unpack�ndr_deepcopy)�security)�NT_STATUS_OBJECT_NAME_NOT_FOUNDc@steZdZdZdd�Zddd�Zddd�Zd	d
�Z		ddd�Zdd
d�Z	dd�Z
ddd�Zddd�Zgfdd�Z
dS)�SDUtilszCSome utilities for manipulation of security descriptors on objects.cCs||_t�|j���|_dS�N)�ldbr
�dom_sid�get_domain_sid�
domain_sid)�self�samdb�r�0/usr/lib/python3/dist-packages/samba/sd_utils.py�__init__"szSDUtils.__init__NcCs�t�}t|t�r||_nt|j|�|_t|t�s t|tj�s J�t|t�r.tj�||j	�}nt|tj�r6|}t
t|�td�|d<|j�
||�dS)zfModify security descriptor using either SDDL string
            or security.descriptor object
        �nTSecurityDescriptorN)r�
isinstancer�dnr�strr
�
descriptor�	from_sddlrrrr�modify)r�	object_dn�sd�controls�m�tmp_descrrr�modify_sd_on_dn&s

�zSDUtils.modify_sd_on_dncCs4|jj|tddg|d�}|ddd}ttj|�S)Nr�r r)r�searchrrr
r)rrr �res�descrrr�
read_sd_on_dn;s
�zSDUtils.read_sd_on_dncCs$|j�|�}ttj|ddd�S)Nr�	objectSid)rr%rr
r)rrr&rrr�get_object_sidAszSDUtils.get_object_sidcs�|durg}|durg}�fdd�}|durc|dur dtjg}�j||d�}|jtj@sbt|j�}|jD],}	|	jtj	@raz|�
|	�Wq5tjy`}
z|
j
dtkrV|
�WYd}
~
q5d}
~
wwq5n$|durig}�jj|td|g|d�}t|d|d�}tj�|�j�}d}
g}g}g}|D]4}	t|	t�r�||	�}	t|	tj�s�J�|	jtj	@r�|�|	�q�|	|jjvr�|�|	�q�|�
|	�|
d7}
q�|D]I}	d}t|	t�r�d|	vr�|	d}|	d	}	t|	t�r�||	�}	t|	tj�s�J�|	jtj	@r�|�|	�q�|	|jjv�r|�|	�q�|�|	|�|
d7}
q�|
dk�r|||fS|du�r*�j|||d�n|��j�}t�}||_t|� d
�t!|�||<�jj"||d�|||fS)Ncs4tj�d|�j�}t|jj�dksJ�|jjdS)N�D:�r)r
rrr�len�dacl�aces)�ace_sddl�ace_sd�rrr�
ace_from_sddlLsz2SDUtils.update_aces_in_dacl.<locals>.ace_from_sddlz
sd_flags:1:%dr$rr,����idx�ace�ascii)#r
�SECINFO_DACLr(�type�SEC_DESC_DACL_PROTECTEDr	r.r/�flags�SEC_ACE_FLAG_INHERITED_ACE�dacl_del_ace�samba�
NTSTATUSError�argsrrr%rrrrrrr6�append�dict�dacl_addr#�as_sddlrrr�encoderr)rr�del_aces�add_aces�	sddl_attrr r3r�	dacl_copyr6�errr&�old_sddl�num_changes�del_ignored�add_ignored�inherited_ignored�add_idx�new_sddlr!rr2r�update_aces_in_daclEs�

����
�













�
zSDUtils.update_aces_in_daclcCs`tj�d||j�}g}d}|jjD]}|�||d��|d7}q|j|||d�\}}	}
|	|
fS)zCPrepend an ACE (or more) to an objects security descriptor
        r+r)r5r6r,�rGr �r
rrrr.r/rArR)rrr/r r1rGrPr6�_�ai�iirrr�dacl_prepend_aces�s
�zSDUtils.dacl_prepend_acescCs|j||dgd�\}}dS)z?Add an ACE (or more) to an objects security descriptor
        �show_deleted:1r$N)rX)rrr6rUrrr�dacl_add_ace�s�zSDUtils.dacl_add_acec
CsNtj�d||j�}g}|jjD]}|�|�q|j|||d�\}}}	||	fS)zBAppend an ACE (or more) to an objects security descriptor
        r+rSrT)
rrr/r r1rGr6rUrVrWrrr�dacl_append_aces���zSDUtils.dacl_append_acesc
CsNtj�d||j�}g}|jjD]}|�|�q|j|||d�\}}}	||	fS)zBDelete an ACE (or more) to an objects security descriptor
        r+)rFr rT)
rrr/r �del_sdrFr6�dirUrWrrr�dacl_delete_aces�r\zSDUtils.dacl_delete_acescCs|�||dg�}|�|j�S)z:Return object nTSecutiryDescriptor in SDDL format
        rY)r(rDr)rrr r'rrr�get_sd_as_sddl�szSDUtils.get_sd_as_sddlr
)NNNN)�__name__�
__module__�__qualname__�__doc__rr#r(r*rRrXrZr[r_r`rrrrrs


�
c

r)rdr>rrrrrr�	samba.ndrrrr	�samba.dcerpcr
�samba.ntstatusr�objectrrrrr�<module>s