g ^SrSSKrSSKrSSKrSSKrSSKrSSKrSSKJ r SSK J r J r Jr SSKJrJr SSKJr SSKJr SSKJr SS KJr SS KJr SS KJr \R8\R:-\R<-\R>-r \ RB\ RD-\ RF-\ RH-r%"S S \&5r'Sr(Sr)SSjr*SSjr+Sr,SSjr-"SS5r."SS5r/Sr0Sr1Sr2Sr3Sr4g) zNT Acls.N)param)securityxattridmap)ndr_pack ndr_unpack)smbd)libsmb_samba_internal)get_samba_logger) NTSTATUSError)system_session_unix) safe_tarfilec\rSrSrSrSrg)XattrBackendError3zA generic xattr backend error.N)__name__ __module__ __qualname____firstlineno____doc____static_attributes__r./usr/lib/python3/dist-packages/samba/ntacls.pyrr3s(rrcUckURS5nUb![RURS54$URS5nUb![RURS54$gUS:XagUS:XaqUb[RU4$[R[R R [R RURS5S554$US:XauUb[RU4$URS 5n[R R [R RUS 55n[RU4$[S U-5e) z$return the path to the eadb, or Nonezxattr_tdb:filez posix:eadbNNnativeeadbz private dirzeadb.tdbtdbzstate directoryz xattr.tdbzInvalid xattr backend choice %s) getsamba xattr_tdb posix_eadbospathabspathjoinr)lpbackendeadbfiler"r# state_dirdb_paths rcheckset_backendr-7s4FF+,  OORVV,<%=> >VVL)  !$$bff\&:; ; H  F   $$h/ /$$bggoobggll266-CXZd6e&fg g E   OOX. .01Iggoobggll9k&JKGOOW- - AG KLLrc[RRU[R5n[ [RU5$![ a gf=fN)r! xattr_native wrap_getxattrrXATTR_DOSATTRIB_NAME_S3 Exceptionr DOSATTRIB)r(file attributes r getdosinfor7SsP&&44T5:5R5RT eooy 11 s.A AAcU(Ga [XU5upxUb"URX[R5n O.[ RRU[R5n [[RU 5n U RS:Xa U R$U RS:XaU RR$U RS:XaU RR$U RS:XaU RR$g[R"U[UUS9$![a@ [ SU-5 [ RRU[R5n GN f=f)NFail to open %sservice)r-r1rXATTR_NTACL_NAMEr3printr!r0rNTACLversioninfosdr get_nt_aclSECURITY_SECINFO_FLAGS) r(r5 session_infor)r*direct_db_accessr? backend_objdbnamer6ntacls rgetntaclrM]s> 0h G   U'55f6;6L6LN **889>9O9OQI5;; 2 ==A ::  ]]a ::== ]]a ::== ]]a ::==  t5+'.0 0' U'&01!..<aI [ASU-5 [BRDR9U[0R:[=U55 gf=f) a A wrapper for smbd set_nt_acl api. Args: lp (LoadParam): load param from conf file (str): a path to file or dir sddl (str): ntacl sddl string service (str): name of share service, e.g.: sysvol session_info (auth_session_info): session info for authentication Note: Get `session_info` with `samba.auth.user_session`, do not use the `admin_session` api. Returns: None z%s-%dr>TzDUnable to find UID for domain administrator %s, got id %d of type %drr:Nr9)r?rH)# isinstancestrrdom_sid descriptor from_sddlas_sddl sid_to_id owner_sidr ID_TYPE_UID ID_TYPE_BOTHDOMAIN_RID_ADMINSDOMAIN_RID_ADMINISTRATORr set_nt_aclrGrr$chown SECINFO_GROUP SECINFO_DACL SECINFO_SACLr-rrBrCrD wrap_setxattrr@rr3rAr!r0)r(r5sddldomsidrHr)r* use_ntvfsskip_invalid_chownpassdbr?sidrEowner_id owner_type administratoradmin_id admin_typesd2rJrKrLs rsetntaclrms$, fc " "j9I9I&J&JK J&#v& FH,, - -S dC JtX5H5H$I$IJ I$  * *4 5 D(-- . . zz# +!'!1!1",,!? 5,, ,:ASAS3S||x//68C]C]:^0^__ ( 0 0FHDeDe;f1f g )/)9)9-)H&: 5#4#44*HZHZ:ZC$1CMOO4c$ ') !%I+,rwDFNPZv[-[\\q!$**))*))* #% 0h Gf     B))&*.0F0FQVY    , ,T53I3I-5e_ >  (" 8 B'&01""00u7M7M19%B  Bs6+M77AO  O cLSnSnSnSnSnSnSnSnS n Sn Sn Sn Sn SnSnSnSnSnSnSnSnSnS nS nS nS nS nSnSnUU-nX-(aX-(aUUU -U-U-U -U--nX-(aUUU -U-U-U-U -U--nX-(aUX--nX-(aUU-nU$)zMTakes the access mask of a DS ACE and transform them in a File ACE mask. r:r;r= @iiiiiir)ldmRIGHT_DS_CREATE_CHILDRIGHT_DS_DELETE_CHILDRIGHT_DS_LIST_CONTENTS ACTRL_DS_SELFRIGHT_DS_READ_PROPERTYRIGHT_DS_WRITE_PROPERTYRIGHT_DS_DELETE_TREERIGHT_DS_LIST_OBJECTRIGHT_DS_CONTROL_ACCESSFILE_READ_DATAFILE_LIST_DIRECTORYFILE_WRITE_DATA FILE_ADD_FILEFILE_APPEND_DATAFILE_ADD_SUBDIRECTORYFILE_CREATE_PIPE_INSTANCE FILE_READ_EA FILE_WRITE_EA FILE_EXECUTE FILE_TRAVERSEFILE_DELETE_CHILDFILE_READ_ATTRIBUTESFILE_WRITE_ATTRIBUTESDELETE READ_CONTROL WRITE_DAC WRITE_OWNER SYNCHRONIZESTANDARD_RIGHTS_ALLfilemasks rldapmask2filemaskrs_!+ * * *M * * * * * &N & &O &M & & & &L &M &L &M & & & *F *L *I *K *K *((H $3+G{-@@3 46B C- .0< => ${_</ 02? @4 57D E 5 56  "4DE "// Orc[RRX5n[R"5nURUlURUlUR UlUR UlURRn[S[U55GHnXVnUR [R[R4;dM8[UR5[R:wdMaUR [R"-[R$-Ul[UR5[R&:Xa"UR [R(-Ul[+UR,5UlUR/U5 GM U(dU$UR1U5$)z This function takes an the SDDL representation of a DS ACL and return the SDDL representation of this ACL adapted for files. It's used for Policy object provision r)rrRrSrV group_sidtyperevisiondaclacesrangelen"SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECTSEC_ACE_TYPE_ACCESS_ALLOWEDrPtrusteeSID_BUILTIN_PREW2KflagsSEC_ACE_FLAG_OBJECT_INHERITSEC_ACE_FLAG_CONTAINER_INHERITSID_CREATOR_OWNERSEC_ACE_FLAG_INHERIT_ONLYr access_maskdacl_addrT)dssddlrfrTreffdescrriaces r dsacl2fsaclr!s<    ' ' 4C  "F}}F}}F((FKllFO 88==D 1c$i g 88CC <<> >BEckkBRV^VqVqBq H$H$HH8KrKrrCI3;;8#=#==II(J(JJ /@CO OOC !  >># rcx\rSrSrSrSrSSjrSSjrSSjrSr S r S r SS jr SS jr SS jrSrSrg) SMBHelperiAzV A wrapper class for SMB connection smb_path: path with separator "\" other than "/" cXlX lgr/)smb_connrQ)selfrrQs r__init__SMBHelper.__init__Hs   rNcSU;deURRUUUS9nU(aURUR5$U$N/)sinfor)rget_aclrTrQ)rsmb_pathrTrrntacl_sds rrSMBHelper.get_aclLsP("""==((/45@)B29x -FhFrcxSU;de[U[5(d![U[R5(de[U[5(a*[RR X R 5nO![U[R5(aUnUR RUWUUS9 gr)rOrPrrRrS domain_sidrset_acl)rrrrrtmp_descs rrSMBHelper.set_aclVs("""(C((JxATAT,U,UVU h $ $**44XOH ("5"5 6 6H h$)*5  7rcNSU;deURRU[S9$)z= List file and dir base names in smb_path without recursive. r)attribs)rlistSMB_FILE_ATTRIBUTE_FLAGSrrs rrSMBHelper.listds-("""}}!!(4L!MMrc:[U[R-5$)zM Check whether the attrib value is a directory. attrib is from list method. )boollibsmbFILE_ATTRIBUTE_DIRECTORY)rattribs ris_dirSMBHelper.is_dirks FV<<<==rc$U(aUS-U-$U$)z Join path with '\' \r)rrootnames rr'SMBHelper.joinss&*td{T!3t3rcHSU;deURRU5$)Nr)rloadfilers rrSMBHelper.loadfileys%("""}}%%h//rcPUR5Hup4URX#5n[U[5(aLURR U5(dURR U5 URXES9 MwURRXT5 M g)z! Create files as defined in tree rN) itemsr'rOdictrchkpathmkdir create_treesavefile)rtreerrcontentfullnames rrSMBHelper.create_tree}s{"ZZ\MDyy0H'4((}},,X66MM''1   < &&x9*rc0nURU5HXnUSnURX5nURUS5(aURUS9X$'MEUR U5X$'MZ U$)a1 Get the tree structure via smb conn self.smb_conn.list example: [ { 'attrib': 16, 'mtime': 1528848309, 'name': 'dir1', 'short_name': 'dir1', 'size': 0L }, { 'attrib': 32, 'mtime': 1528848309, 'name': 'file0.txt', 'short_name': 'file0.txt', 'size': 10L } ] rrr)rr'rget_treer)rrritemrrs rrSMBHelper.get_treeso,IIh'D**!]]H]= !]]84 ( rc40nURU5HnUSnURX5nURUS5(a URUR US95 MRUR U5nUR UR5X%'M U$)z. Get ntacl for each file and dir via smb conn rrr)rr'rupdate get_ntaclsrrTrQ)rrntaclsrrrrs rrSMBHelper.get_ntaclssIIh'D** dooxo@A<<1#+#3#3DLL#A ( rcUR5HYnUSnURUS5(aURRU5 M>URR U5 M[ g)Nrr)rrrdeltreeunlink)rrrs r delete_treeSMBHelper.delete_treesRIIKD** %%d+ $$T*  r)rQr)FNNr))rrrrrrrrrrr'rrrrrrrrrrrAsN ).(,G)- 7N>4 0 :@ +rrc*\rSrSrSrSSjrSrSrg) NtaclsHelpericXlX0l[R"5UlURR U5 SURR S5;Ulg)Nsmbzserver services)r?rQs3param get_contextr(loadr rc)rr? smb_conf_pathrQs rrNtaclsHelper.__init__sH  %%'  ]#$''++.?"@@rNcUc URn[URXUURS9nU(aUR UR 5$U$)N)rIr?)rcrMr(r?rTrQ)rr%rHrTrIrs rrMNtaclsHelper.getntaclsM  ##~~  GGT-LL" 29x -FhFrc X[URXURUURS9$)N)rc)rmr(rQrc)rr%rrHs rrmNtaclsHelper.setntacls&|"&..2 2r)rQr(r?rc)FN)rrrrrrMrmrrrrrrsA G2rrcx[US-S5nURU5 SSS5 g!,(df  g=f)N.NTACLw)openwrite)dstntacl_sddl_strfs r_create_ntacl_filers* cHnc "a  # " "s+ 9cUS-n[RRU5(dg[US5nUR 5sSSS5 $!,(df  g=f)Nrr)r$r%existsrread)src ntacl_filers r_read_ntacl_filersBxJ 77>>* % % j# !vvx   s A Ac [5n[U[5(a[R"U5n[ X5nSn[ R"5nU/nU/nU(GaUR5n UR5n URU S9Hn URXS5n [RRXS5n URU S5(a9URU 5 URU 5 [R"U 5 O7UR!U 5n[#U S5nUR%U5 SSS5 UR'U SS9n[)U U5 M U(aGM[2R""USS9n[R4"U5H3n[RRUU5nUR7UUS9 M5 SSS5 [8R:"U5 g!,(df  N=f![*aIn UR-S U <S U R.S <35 UR1S U -S -5 Sn A GMSn A ff=f!,(df  N=f)aE Backup all files and dirs with ntacl for the serive behind smb_conn. 1. Create a temp dir as container dir 2. Backup all files with dir structure into container dir 3. Generate file.NTACL files for each file and dir in container dir 4. Create a tar file from container dir(without top level folder) 5. Delete container dir rrrrwbNTrTzFailed to get the ntacl for z: r:z!The permissions for %s may not bez restored correctlyw:gzrmodearcname)r rOrPrrQrtempfilemkdtemppoprr'r$r%rappendrrrrrrr errorargswarningtarfilelistdiraddshutilrmtree)rdest_tarfile_pathrQlogger smb_helper remotedirlocaldirr_dirsl_dirsr_dirl_direr_namel_namedatarrtarrr%s r backup_onliner1s F'3""7+8-JI!H[FZF   %0A__UfI6FWW\\%63F  8-- f% f% !**62&$'1GGDM( 6!+!3!3FD!3!I"6>:!1 &6 ,6 :cJJx(D77<<$/D GGD$G ') ;  MM(%('! 6 $affQi12BVK4 566 6 ; :s1=HHAI+ H  I(=I##I(+ I9c LURS5RSS5Sn[R"5n[ 5n[ XBU5n[ R"U5GHupn [ RRXS9n [ RRX[5n U Htn [ RRX5n[ RRX5n[R"XU5 URXSS9n[UU5 Mv U Hn[ RRUU5n[ RRU U5n[R"XU5 URXSS9n[UU5 [!US5nUR#5n[!US5nUR%U5 S S S 5 S S S 5 M GM [&R "US S 9n[ R("U5H3n[ RRUU5nUR+UUS 9 M5 S S S 5 [,R."U5 g !,(df  N=f!,(df  GMm=f!,(df  NI=f) z4 Backup files and ntacls to a tarfile for a service rr:startTrrbrNrrr)rstriprsplitrrr rr$walkr%relpathr'r rrMr create_filerr rrrr r!r")src_service_pathr#rrQr?tempdirrH ntacls_helperdirpathdirnames filenames rel_dirpath dst_dirpathdirnamer rrfilenamesrc_filer/dst_filer0rr%s rbackup_offlinerH*s%%c*11#q9"=G G&(L AM(*0@(A$9ggoogoF ggll78  G'',,w0C'',,{4C JJs' 2*33Ct3TN sN 3  "H'',,w1C'',,{H5C   S 8*33Ct3TN sN 3c4H}}#t_NN4(%!")B< ,6 :cJJw'D77<<.D GGD$G '( ;  MM'%_! ; :s1'JI1 JAJ1 I? ;J J  J#c [5nURS5RSS5Sn[R"5nUR 5n[ R"U5n[XSU5n [5n [R"U5n U RUS9 SSS5 [R"U5GH`upn[RR!XS9n[RR#[RR%X55nU HnUR'S5(aM[RR%U U5n[RR%UU5n[RR)U5(d[*R,"UX5 [/U5nU(aU R1UUU 5 MUR3SU-S -5 M UGHnUR'S5(aM[RR%U U5n[RR%UU5n[RR5U5(d[*R6"UX5 [/U5nU(aU R1UUU 5 OUR3S U-S -5 [US 5nUR95n[US 5nUR;U5 SSS5 SSS5 GM" GMc [<R>"U5 g!,(df  GN=f!,(df  NI=f!,(df  GMs=f) z6 Restore files and ntacls from a tarfile to a service rr:r3)r%Nr4rz)Failed to restore ntacl for directory %s.z) Please check the permissions are correctz$Failed to restore ntacl for file %s.r6r) r r7r8rrget_domain_sidrrQrr rr extractallr$r9r%r:normpathr'endswithisdirr rrrmrisfiler;r rr!r")src_tarfile_pathdst_service_path samdb_connrr$r?r= dom_sid_strrQr>rHrr?r@rArBrCrDr rrrErFr/rGs rbackup_restorerTZs F%%c*11#q9"=G G++-K{+G AM&(L & '1 ' " ()+(8$9ggoogo= gg&& GGLL) 79  G##H--ggll7G4ggll;8ww}}S))JJsL:!1#!6!!**3 MNNCcIEFG "H$$X..ggll7H5ggll;9ww~~c**$$S,@!1#!6!!**3 MNN#IC#O#N$OP#t_#==?Dc4H t,)%_!"+)9T MM'] ( 'V)%_s0M M#=M M# M M M## M3 )NNTN)NNTFNN)T)5rr$rr!samba.xattr_nativer!samba.xattr_tdbsamba.posix_eadb samba.samba3rr samba.dcerpcrrr samba.ndrrrr r r samba.loggerr r samba.auth_utilr rrFILE_ATTRIBUTE_SYSTEMrFILE_ATTRIBUTE_ARCHIVEFILE_ATTRIBUTE_HIDDENr SECINFO_OWNERr]r^r_rGr3rr-r7rMrmrrrrrrr1rHrTrrrras+$  )//*8)/)"77!::;!889"778 "//!//0!../"../ ) )M82" #0N%)05"&d8N4n@~+~+B22: 9x-`<r