g"tSrSSKJrJrJrJrJr SSKrSSKJ r SSK J r J r J r SSKJr Sr"SS \5rg) z5Utility methods for security descriptor manipulation.)FLAG_MOD_REPLACE SCOPE_BASEDnMessageMessageElementN)security) ndr_deepcopyndr_pack ndr_unpack)NT_STATUS_OBJECT_NAME_NOT_FOUNDc>^SmSRU4SjU55$)a#Encode claim attribute names according to [MS-DTYP] 2.5.1 ("attr-char2") Some characters must be encoded as %hhhh, while others must not be. Of the optional ones, we encode some control characters. The byte is also encoded, which is useful for tests, but it is forbidden in either form. z !"%&()<=>|c3R># UHnUT;aUOS[U5S3v M g7f)%04xN)ord).0cescapess 0/usr/lib/python3/dist-packages/samba/sd_utils.py #escaped_claim_id..'s;&%qw&CF3<()%s$')join)claim_idrs @rescaped_claim_idrs*.G 77&%& &&ct\rSrSrSrSrSSjrSSjrSrSSjr SS jr S r SS jr SS jr SS jrSrg)SDUtils-zCSome utilities for manipulation of security descriptors on objects.cvXl[R"URR55UlgN)ldbrdom_sidget_domain_sid domain_sid)selfsamdbs r__init__SDUtils.__init__0s&"**488+B+B+DErNc"[5n[U[5(aXlO[URU5Ul[U[ 5(d![U[ R5(de[U[ 5(a*[ RRX R5nO![U[ R5(aUn[[W5[S5US'URRXC5 g)zRModify security descriptor using either SDDL string or security.descriptor object nTSecurityDescriptorN)r isinstancerdnr"strr descriptor from_sddlr%rr rmodify)r& object_dnsdcontrolsmtmp_descs rmodify_sd_on_dnSDUtils.modify_sd_on_dn4s I i $ $Ddhh *AD2s##z"h6I6I'J'JKJ b#  **44RIH H// 0 0H$28H3E3C3I%K ! $rcURRU[SS/US9nUSSSn[[R U5$)Nr+r4r)r"searchrr rr/)r&r2r4resdescs r read_sd_on_dnSDUtils.read_sd_on_dnIsOhhooiT56K1v,-a0(--t44rc~URRU5n[[RUSSS5$)Nr objectSid)r"r;r rr#)r&r2r<s rget_object_sidSDUtils.get_object_sidOs5hhooi((**CF;,?,BCCrc(^Uc/nUc/nU4SjnUcUcS[R-/nTRXS9nUR[R-(d^[ UR 5nURH9n U R[R-(dM'URU 5 M; OeUc/nTRR!U["SU/US9n [%U SUS5n [R&R)U TR*5nSn /n/n/nUHn [-U [$5(aU"U 5n [-U [R.5(deU R[R-(aUR1U 5 MvXR R;aUR1U 5 MURU 5 U S- n M UHn Sn[-U [25(aSU ;aU SnU Sn [-U [$5(aU"U 5n [-U [R.5(deU R[R-(aUR1U 5 MXR R;aUR1U 5 MUR5U U5 U S- n M U S:XaXU4$UcTR7XUS9 OiUR9TR*5n[;5nUUl[?URAS 5[BU5UU'TRREUUS9 XU4$![Ra%n U RS[:waU eSn A GMSn A ff=f) Nc>[RRSU-TR5n[ UR R 5S:XdeUR R S$)ND:r)rr/r0r%lendaclaces)ace_sddlace_sdr&s r ace_from_sddl2SDUtils.update_aces_in_dacl..ace_from_sddlZsU((224(?DOOTFv{{''(A- --;;##A& &rz sd_flags:1:%dr:rrGidxaceascii)#r SECINFO_DACLr>typeSEC_DESC_DACL_PROTECTEDr rIrJflagsSEC_ACE_FLAG_INHERITED_ACE dacl_del_acesamba NTSTATUSErrorargsr r"r;rr.r/r0r%r,rQappenddictdacl_addr7as_sddlrr-rencoderr1)r&r-del_acesadd_aces sddl_attrr4rMr3 dacl_copyrQerrr<old_sddl num_changes del_ignored add_ignoredinherited_ignoredadd_idxnew_sddlr5s` rupdate_aces_in_daclSDUtils.update_aces_in_daclSs7  H  H '  +h.C.CCD##B#:B77X=== )1 $>>Cyy8#F#FFF!OOC0*((//"j$#,+"BC3q6),Q/0H$$..xIB   C#s###C(c8<<00 00yy8>>>!((-'',,&""3' OOC 1 K CG#t$$C<!%jG%j#s###C(c8<<00 00yy8>>>!((-ggll"""3' KKW % 1 K'* ! ->> >    ( ;zz$//2H AAD)(//'*B*:*35AiL HHOOAO 1):::M %22!"xx{.MM&) ! !s&MN,N  Nc[RRSU-UR5n/nSnURR HnUR XgS.5 US- nM URXUS9upn X4$)zCPrepend an ACE (or more) to an objects security descriptor rFr)rPrQrGrbr4rr/r0r%rIrJr\rm) r&r2rJr4rLrbrkrQ_aiiis rdacl_prepend_acesSDUtils.dacl_prepend_acess$$..td{DOOL;;##C OOG8 9 qLG$,,Y6>-@ rv rc,URXS/S9u ng)z?Add an ACE (or more) to an objects security descriptor show_deleted:1r:N)ru)r&r2rQrrs r dacl_add_aceSDUtils.dacl_add_aces&%%i0@/A&C1rc[RRSU-UR5n/nURR HnUR U5 M URXUS9upxn X4$)zBAppend an ACE (or more) to an objects security descriptor rFrprq) r&r2rJr4rLrbrQrrrsrts rdacl_append_acesSDUtils.dacl_append_acesso$$..td{DOOL;;##C OOC $,,Y6>-@ rv rc[RRSU-UR5n/nURR HnUR U5 M URXUS9upxn Xy4$)zBDelete an ACE (or more) to an objects security descriptor rF)rar4rq) r&r2rJr4del_sdrarQdirrrts rdacl_delete_acesSDUtils.dacl_delete_acesso$$..td{DOOL;;##C OOC $,,Y6>-@ rv rclUc/nURXS/-5nURUR5$)z:Return object nTSecurityDescriptor in SDDL format rx)r>r_r%)r&r2r4r=s rget_sd_as_sddlSDUtils.get_sd_as_sddls;  H!!)9I8J-JK||DOO,,r)r%r"r!)NNNN)__name__ __module__ __qualname____firstlineno____doc__r(r7r>rBrmruryr|rr__static_attributes__rrrr-sEMF%*5 D?C59a;F C  -rr)rr"rrrrrrY samba.dcerpcr samba.ndrr r r samba.ntstatusr robjectrrrrrs2&<II !88: & x-fx-r