2010-06-24 08:33:58 +04:00
#!/usr/bin/env python
2009-10-24 15:34:31 +04:00
#
# Manipulate file NT ACLs
#
# Copyright Matthieu Patou 2010 <mat@matws.net>
2011-07-15 20:07:03 +04:00
# Copyright Giampaolo Lauria 2011 <lauria2@yahoo.com>
2009-10-24 15:34:31 +04:00
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from samba . credentials import DONT_USE_KERBEROS
import samba . getopt as options
from samba . dcerpc import security
from samba . ntacls import setntacl , getntacl
from samba import Ldb
from samba . ndr import ndr_unpack
from ldb import SCOPE_BASE
import os
from samba . auth import system_session
from samba . netcmd import (
Command ,
CommandError ,
2010-03-01 06:39:53 +03:00
SuperCommand ,
2009-10-24 15:34:31 +04:00
Option ,
)
2011-08-31 01:19:59 +04:00
class cmd_ntacl_set ( Command ) :
2009-10-24 15:34:31 +04:00
""" Set ACLs on a file """
2011-10-14 01:47:45 +04:00
2011-10-14 01:27:22 +04:00
synopsis = " % prog <acl> <file> [options] "
2009-10-24 15:34:31 +04:00
takes_options = [
Option ( " --quiet " , help = " Be quiet " , action = " store_true " ) ,
Option ( " --xattr-backend " , type = " choice " , help = " xattr backend type (native fs or tdb) " ,
choices = [ " native " , " tdb " ] ) ,
Option ( " --eadb-file " , help = " Name of the tdb file where attributes are stored " , type = " string " ) ,
2010-03-01 06:39:53 +03:00
]
2009-10-24 15:34:31 +04:00
takes_args = [ " acl " , " file " ]
def run ( self , acl , file , quiet = False , xattr_backend = None , eadb_file = None ,
credopts = None , sambaopts = None , versionopts = None ) :
2010-03-01 06:39:53 +03:00
lp = sambaopts . get_loadparm ( )
path = os . path . join ( lp . get ( " private dir " ) , lp . get ( " secrets database " ) or " secrets.ldb " )
creds = credopts . get_credentials ( lp )
creds . set_kerberos_state ( DONT_USE_KERBEROS )
try :
2010-04-08 23:01:17 +04:00
ldb = Ldb ( path , session_info = system_session ( ) , credentials = creds ,
lp = lp )
2010-11-29 06:15:57 +03:00
except Exception , e :
raise CommandError ( " Unable to read domain SID from configuration files " , e )
2010-03-01 06:39:53 +03:00
attrs = [ " objectSid " ]
res = ldb . search ( expression = " (objectClass=*) " ,
base = " flatname= %s ,cn=Primary Domains " % lp . get ( " workgroup " ) ,
scope = SCOPE_BASE , attrs = attrs )
if len ( res ) != 0 :
domainsid = ndr_unpack ( security . dom_sid , res [ 0 ] [ " objectSid " ] [ 0 ] )
setntacl ( lp , file , acl , str ( domainsid ) , xattr_backend , eadb_file )
else :
raise CommandError ( " Unable to read domain SID from configuration files " )
2009-10-24 15:34:31 +04:00
2011-08-31 01:19:59 +04:00
class cmd_ntacl_get ( Command ) :
2009-10-24 15:34:31 +04:00
""" Set ACLs on a file """
2011-10-14 01:27:22 +04:00
synopsis = " % prog <file> [options] "
2009-10-24 15:34:31 +04:00
takes_options = [
Option ( " --as-sddl " , help = " Output ACL in the SDDL format " , action = " store_true " ) ,
Option ( " --xattr-backend " , type = " choice " , help = " xattr backend type (native fs or tdb) " ,
choices = [ " native " , " tdb " ] ) ,
Option ( " --eadb-file " , help = " Name of the tdb file where attributes are stored " , type = " string " ) ,
]
takes_args = [ " file " ]
2010-03-01 06:39:53 +03:00
def run ( self , file , as_sddl = False , xattr_backend = None , eadb_file = None ,
2009-10-24 15:34:31 +04:00
credopts = None , sambaopts = None , versionopts = None ) :
lp = sambaopts . get_loadparm ( )
2010-03-01 06:39:53 +03:00
acl = getntacl ( lp , file , xattr_backend , eadb_file )
2009-10-24 15:34:31 +04:00
if as_sddl :
2010-03-01 06:39:53 +03:00
anysid = security . dom_sid ( security . SID_NT_SELF )
2011-10-13 02:36:44 +04:00
self . outf . write ( acl . info . as_sddl ( anysid ) + " \n " )
2009-10-24 15:34:31 +04:00
else :
acl . dump ( )
2011-08-31 01:19:59 +04:00
class cmd_ntacl ( SuperCommand ) :
2009-10-24 15:34:31 +04:00
""" NT ACLs manipulation """
subcommands = { }
2011-08-31 01:19:59 +04:00
subcommands [ " set " ] = cmd_ntacl_set ( )
subcommands [ " get " ] = cmd_ntacl_get ( )
2009-10-24 15:34:31 +04:00