gITSSKrSSKrSSKJr SSKJr SSKJr SSK J r SSK J r SSK JrJr SSKJr SSKJrJrJr SS KJrJr SS KJr S S KJrJrJrJ r S r!"SS\5r""SS\5r#"SS\5r$"SS\5r%"SS\5r&"SS\5r'"SS\5r(g)N) provision)system_session)system_session_unix)DONT_USE_KERBEROS)securityidmap) ndr_print)setntaclgetntacl getdosinfo)parampassdb)SamDB)Command CommandError SuperCommandOptioncSnUR5nUS:XaSn[R"5nURUR5 U(a2[ [ 5US9nURSSUR-5 U(a"[R"WR5nU$[R"5nU$![an[SU5eSnAff=f! [S5e=f) NFROLE_ACTIVE_DIRECTORY_DCT session_infolpUnable to open samdb:passdb backend samba_dsdb:%sz2Unable to read domain SID from configuration files) server_roles3param get_contextload configfilerr Exceptionrseturlrdom_sid domain_sidrget_domain_sid)ris_ad_dcrs3confsamdber&s 4/usr/lib/python3/dist-packages/samba/netcmd/ntacl.pyget_local_domain_sidr-$sH.."K00  "F KK  ;~'7!E  #_uyy%@A$ !))%*:*:;J   ..0J  ;6: : ;$#$ $s*C'C$.C$ C! CC!$ C1c\rSrSrSrSr\R\R\RS.r \ "SS\ RSS9\ "S S S SS9\ "S S SSS/S9\ "SSSS9\ "SSSS9\ "SSSS9\ "SSSS9\ "SSSS9\ "SSSS9/ rS S!/rS%S#jrS$rg")& cmd_ntacl_setBzSet ACLs on a file.z%prog [options] sambaoptscredopts versionoptsz-qz--quiet store_truehelpaction-v --verbose Be verbose--xattr-backendchoice%xattr backend type (native fs or tdb)nativetdbtyper7choices --eadb-file0Name of the tdb file where attributes are storedstringr7rB --use-ntvfsLSet the ACLs directly to the TDB or xattr for use with the ntvfs file server --use-s3fsHSet the ACLs for use with the default s3fs file server via the VFS layer --recursive;Set the ACLs for directories and their contents recursively--follow-symlinksFollow symlinks --servicez:Name of the smb.conf service to use when applying the ACLsaclpathNc |^^^^^^^ ^ ^^^TR5nU R5m[T5mT(dU(dSTRS5;mO U(aSmUUUU UU UUUUU4 SjnU"U5 T (a[R R U5(a~[R"UT S9HeunnnUH)nU"[R RUU55 M+ UH)nU"[R RUU55 M+ Mg T(aURS5 gg)Nsmbserver servicesFc > T(dX[RRU5(a4T(aTRR SU-5 g[ SU-5eT (a[RRU5(aTRR SU-5 Oa[RR U5(aTRR SU-5 OTRR SU-5 [TUT[T5[5T TT T S9 g![an[ SU<SU<35eSnAff=f) Nignored symlink: %s 'symlink: %s: requires --follow-symlinks symlink: %s dir: %s file: %s  use_ntvfsserviceCould not set acl for : ) osrRislinkoutfwriterisdirr strrr") _pathr+rQr& eadb_filefollow_symlinksr recursiveselfr^r]verbose xattr_backends r,_setntacl_path)cmd_ntacl_set.run.._setntacl_pathjs"rww~~e'<'<IIOO$;e$CD"#LPU#VWW77>>%((IIOOOe$;<WW]]5))IIOOK%$78IIOOL5$89 PZ,.&"#,!(* P"UA#NOO Ps "D00 E:E  E followlinksPPlease note that POSIX permissions have NOT been changed, only the stored NT ACL) get_logger get_loadparmr-getrarRrewalkjoinwarning)rkrQrRr]use_s3fsquietrlrmrhr3r2r4rjrir^loggerrnrootdirsfilesnamer&rs`` ` ``` ``` @@r,runcmd_ntacl_set.run]s"  # # %)"- (9!::I I P P6 t t,,%'WWT%O!dE!D"277<<d#;<" D"277<<d#;<!&P  NNm n ) FFFFNNNNNFFN)__name__ __module__ __qualname____firstlineno____doc__synopsisoptions SambaOptionsCredentialsOptionsVersionOptionstakes_optiongroupsroptparse SUPPRESS_HELP takes_options takes_argsr__static_attributes__rrr,r/r/Bs-H))..-- tYX%;%;LQt[|LI x6] %( *}#U\de}#q{G H|"lvB C}#`iuv"):<P{!]dlm MJ7 [options]r1fileNcUR5n[R"5nURUR5 [ XQ5nU(a%UR R[U55 gg)N) rtrrr r!r rcrdr )rkrr3r2r4rr)dosinfos r,rcmd_dosinfo_get.runsU  # # %$$& BMM"R&  IIOOIg. / rrNNN)rrrrrrrrrrrrrrrrr,rrs=,'H))..-- J0rrc \rSrSrSrSr\R\R\RS.r \ "SSSS9\ "S S S S S /S9\ "SSSS9\ "SSSS9\ "SSSS9\ "SSSS9/r S/r SSjrSrg) cmd_ntacl_getzGet ACLs of a file.rr1z --as-sddlzOutput ACL in the SDDL formatr5r6r<r=r>r?r@rArDrErFrGrHzKGet the ACLs directly from the TDB or xattr used with the ntvfs file serverrJzKGet the ACLs for use via the VFS layer used by the default s3fs file serverrPz9Name of the smb.conf service to use when getting the ACLsrNc rUR5n [U 5n U(dU(dSU RS5;nO U(aSn[U U[ 5UUUU S9n U(a.UR R U RU 5S-5 gUR R [U 55 g)NrTrUFdirect_db_accessr^ ) rtr-rur rrcrdas_sddlr )rkrr]ryrrmrhr3r2r4r^rr&rQs r,rcmd_ntacl_get.runs # # %)"- (9!::I Ir*,$ (1& (  IIOOCKK 3d: ; IIOOIcN +rr) FFFNNNNNN)rrrrrrrrrrrrrrrrrrr,rrs'H))..-- {!@V x6] %( *}#U\de}#pzF G|"oyE F{!\cklMJ279=7;,rrc\rSrSrSrSrS\R0r\ "SSSS9\ "S S S S 9\ "S SS S 9\ "SSSS9\ "SSSSS/S9\ "SSSS S 9\ "SSS S 9\ "SSSS S 9/r /SQr S#S!jr S"r g )$cmd_ntacl_changedomsidzChange the domain SID for ACLsz9%prog [options]r2rPz#Name of the smb.conf service to userFrGrHrIr5r6rJrKrDrEr<r=r>r?r@rAz-rrLrMrNrOr9r:r;)old_domain_sidnew_domain_sidrRNc ^^^^^^ ^ ^ ^^^^^TR5n U R5m[T5mT(dU(dSTRS5;mO U(aSmT(dT(d [ S5e[ R "U5m[ R "U5mUUU UUUU UUUU U4 SjmUU 4SjnT"U5 T (a,[RRU5(aU"U5 T(aU RS 5 gg![an[ SU<SU<35eSnAff=f![an[ SU<SU<35eSnAff=f) NrTrUFz0Must provide a share name with --service=zCould not parse old sid r`c > T (dX[RRU5(a4T (aTRR SU-5 g[ SU-5eT(a[RRU5(aTRR SU-5 Oa[RR U5(aTRR SU-5 OTRR SU-5 [T U[5TTTTS9nURT5nT(aTRR S U-5 U U 4S jnU"UR5Ul U"UR5Ul UR(a4URRHnU"UR5UlM UR (a4UR RHnU"UR5UlM URT5nT(aTRR S U-5 X6:Xa#T(aTRR S 5 g [#T UUT [5TTTTS9 g![an[ SU<SU<35eSnAff=f![an[ SU<SU<35eSnAff=f)NrWrXrYrZr[rzCould not get acl for r`z before: %s cn>UR5upUT:Xa[R"STU4-5$U$)Nz%s-%i)splitrr%)siddomridrrs r,replace_domain_sidNcmd_ntacl_changedomsid.run..changedom_sids..replace_domain_sidMs8 YY[ .(#++G~s6K,KLL rz after: %s znothing to do Tr\r_)rarRrbrcrdrrer rr"r owner_sid group_sidsaclacestrusteedaclr )rgrQr+ orig_sddlracenew_sddlr&rhrirrrrjrkr^r]rlrms r,changedom_sids2cmd_ntacl_changedomsid.run..changedom_sids/s/"rww~~e'<'<IIOO$;e$CD"#LPU#VWW77>>%((IIOOOe$;<WW]]5))IIOOK%$78IIOOL5$89 Pr$24,(09'. 0 J/I ) ;<  /s}}=CM.s}}=CMxx88==C"4S[["ACK)xx88==C"4S[["ACK){{:.H  9:$IIOO$56 P',.&"#,!(*C P"UA#NOO PT P"UA#NOO Ps0 J8J7 J4J//J47 KKKc>[R"UTS9HbupnUH(nT"[RRX55 M* UH(nT"[RRX55 M* Md g)Nrp)rarvrRrw)rgr|r}r~fdrris r,recursive_changedom_sids.recursive_changedom_sidsss^%'WWU%P!EA"277<<#89A"277<<#89 &QrzQPlease note that POSIX permissions have NOT been changed, only the stored NT ACL.) rsrtr-rurrr%r"rarRrerx)rkold_domain_sid_strnew_domain_sid_strrRr]ryr^rmrhr2rjrirlr{r+rrr&rrrs` ` ``` ``` @@@@@r,rcmd_ntacl_changedomsid.run s;"  # # %)"- (9!::I IBD D 8%--.@AN  8%--.@AN B PB PB PH : t t,, $T *  NN> ? u 8 2A 78 8 8  8 2A 78 8 8s0?DD> D;#D66D;> E EE r) FFNNNNFFF)rrrrrrrrrrrrrrrrr,rrs(JH W))  6   &  !  "  !  C   8u%  '   N  !  " !     !C&MP>J !x?rrc\rSrSrSrSr\R\R\RS.r \ "SSSS9\ "S S SS9/r SS jr S rg )cmd_ntacl_sysvolresetiz?Reset sysvol ACLs to defaults (including correct ACLs on GPOs).rr1rHz/Set the ACLs for use with the ntvfs file serverr5r6rJz6Set the ACLs for use with the default s3fs file serverNc UR5nURU5nUR[5 UR 5nUR SS5n [ [5US9n U(dU(dSUR S5;nO U(aSn[R"U R5n [R"5n U RUR 5 U R#SS U R$-5 [R"['U 5S -['[R(5-5n[R"[R*5n[,R."U R S55nUR1U5unnU[2R4:wa"U[2R6:wa[S U-5eUR1U5unnU[2R8:wa"U[2R6:wa[S U-5eU(aUR;S 5 [<R>"XUUU UR S5RA5U RC5XaS9 g![an [SU 5eSn A ff=f![Da=n U RF(de[SU RFSU RH3U 5eSn A ff=f)NrRsysvolrrrTrUFrr-zSID %s is not mapped to a UIDzSID %s is not mapped to a GIDrrrealm)r]Could not access r`)%rtget_credentialsset_kerberos_staterrsrurrr"rrr%r&rrr r!r#r$rfDOMAIN_RID_ADMINISTRATORSID_BUILTIN_ADMINISTRATORSrPDB sid_to_idr ID_TYPE_UID ID_TYPE_BOTH ID_TYPE_GIDrxr setsysvolacllower domain_dnOSErrorfilenamestrerror)rkr]ryr3r2r4rcredsr{rr*r+r&r)LA_sidBA_sid s4_passdbLA_uidLA_typeBA_gidBA_types r,rcmd_ntacl_sysvolreset.runse  # # %((,   !23") ;~'7!E (9!::I I%%e&6&67 $$& BMM" #_uyy%@A!!#j/$'#(*-h.O.O*P#QR!!("E"EFJJvzz*:;< &//7 u(( (W8J8J-J>GH H%//7 u(( (W8J8J-J>GH H  NNm n R  " "5#)6:#%66'?#8#8#:EOOO%' )  ;6: : ; R::!21::,b MqQ Q Rs1CAC4 C1 C,,C14 D;>8D66D;rr) rrrrrrrrrrrrrrrr,rrs5L'H))..-- Rrrc\rSrSrSr0r\"5\S'\"5\S'\"5\S'\ "5\S'\ "5\S'\ "5\S'S r g ) cmd_ntaclizNT ACLs manipulation.r#ru changedomsid sysvolreset sysvolcheckr rN) rrrrr subcommandsr/rrrrrrrrr,rrsVK&K&K"8":K!6!8K !6!8K  / 1K rr))rra samba.getoptgetoptrsambar samba.authrsamba.auth_utilrsamba.credentialsr samba.dcerpcrr samba.ndrr samba.ntaclsr r r samba.samba3r rr samba.samdbrrrrrr-r/rrrrrrrrr,rs& %//(77199