1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source4/scripting/python/samba/netcmd/ntacl.py

110 lines
3.7 KiB
Python
Raw Normal View History

#!/usr/bin/env python
#
# Manipulate file NT ACLs
#
# Copyright Matthieu Patou 2010 <mat@matws.net>
# Copyright Giampaolo Lauria 2011 <lauria2@yahoo.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from samba.credentials import DONT_USE_KERBEROS
import samba.getopt as options
from samba.dcerpc import security
from samba.ntacls import setntacl, getntacl
from samba import Ldb
from samba.ndr import ndr_unpack
from ldb import SCOPE_BASE
import os
from samba.auth import system_session
from samba.netcmd import (
Command,
CommandError,
2010-03-01 06:39:53 +03:00
SuperCommand,
Option,
)
class cmd_ntacl_set(Command):
"""Set ACLs on a file"""
synopsis = "%prog <acl> <file> [options]"
takes_options = [
Option("--quiet", help="Be quiet", action="store_true"),
Option("--xattr-backend", type="choice", help="xattr backend type (native fs or tdb)",
choices=["native","tdb"]),
Option("--eadb-file", help="Name of the tdb file where attributes are stored", type="string"),
2010-03-01 06:39:53 +03:00
]
takes_args = ["acl","file"]
def run(self, acl, file, quiet=False,xattr_backend=None,eadb_file=None,
credopts=None, sambaopts=None, versionopts=None):
2010-03-01 06:39:53 +03:00
lp = sambaopts.get_loadparm()
path = os.path.join(lp.get("private dir"), lp.get("secrets database") or "secrets.ldb")
creds = credopts.get_credentials(lp)
creds.set_kerberos_state(DONT_USE_KERBEROS)
try:
2010-04-08 23:01:17 +04:00
ldb = Ldb(path, session_info=system_session(), credentials=creds,
lp=lp)
except Exception, e:
raise CommandError("Unable to read domain SID from configuration files", e)
2010-03-01 06:39:53 +03:00
attrs = ["objectSid"]
res = ldb.search(expression="(objectClass=*)",
base="flatname=%s,cn=Primary Domains" % lp.get("workgroup"),
scope=SCOPE_BASE, attrs=attrs)
if len(res) !=0:
domainsid = ndr_unpack(security.dom_sid, res[0]["objectSid"][0])
setntacl(lp, file, acl, str(domainsid), xattr_backend, eadb_file)
else:
raise CommandError("Unable to read domain SID from configuration files")
class cmd_ntacl_get(Command):
"""Set ACLs on a file"""
synopsis = "%prog <file> [options]"
takes_options = [
Option("--as-sddl", help="Output ACL in the SDDL format", action="store_true"),
Option("--xattr-backend", type="choice", help="xattr backend type (native fs or tdb)",
choices=["native","tdb"]),
Option("--eadb-file", help="Name of the tdb file where attributes are stored", type="string"),
]
takes_args = ["file"]
2010-03-01 06:39:53 +03:00
def run(self, file, as_sddl=False, xattr_backend=None, eadb_file=None,
credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
2010-03-01 06:39:53 +03:00
acl = getntacl(lp, file, xattr_backend, eadb_file)
if as_sddl:
2010-03-01 06:39:53 +03:00
anysid = security.dom_sid(security.SID_NT_SELF)
self.outf.write(acl.info.as_sddl(anysid)+"\n")
else:
acl.dump()
class cmd_ntacl(SuperCommand):
"""NT ACLs manipulation"""
subcommands = {}
subcommands["set"] = cmd_ntacl_set()
subcommands["get"] = cmd_ntacl_get()