3 # Manipulate file NT ACLs
5 # Copyright Matthieu Patou 2010 <mat@matws.net>
6 # Copyright Giampaolo Lauria 2011 <lauria2@yahoo.com>
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 3 of the License, or
11 # (at your option) any later version.
13 # This program is distributed in the hope that it will be useful,
14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with this program. If not, see <http://www.gnu.org/licenses/>.
22 from samba.credentials import DONT_USE_KERBEROS
23 import samba.getopt as options
24 from samba.dcerpc import security
25 from samba.ntacls import setntacl, getntacl
27 from samba.ndr import ndr_unpack
29 from ldb import SCOPE_BASE
32 from samba.auth import system_session
33 from samba.netcmd import (
40 class cmd_acl_set(Command):
41 """Set ACLs on a file"""
42 synopsis = "%prog set <acl> <file> [--xattr-backend=native|tdb] [--eadb-file=file] [options]"
45 Option("--quiet", help="Be quiet", action="store_true"),
46 Option("--xattr-backend", type="choice", help="xattr backend type (native fs or tdb)",
47 choices=["native","tdb"]),
48 Option("--eadb-file", help="Name of the tdb file where attributes are stored", type="string"),
51 takes_args = ["acl","file"]
53 def run(self, acl, file, quiet=False,xattr_backend=None,eadb_file=None,
54 credopts=None, sambaopts=None, versionopts=None):
55 lp = sambaopts.get_loadparm()
56 creds = credopts.get_credentials(lp)
57 path = os.path.join(lp.get("private dir"), lp.get("secrets database") or "secrets.ldb")
58 creds = credopts.get_credentials(lp)
59 creds.set_kerberos_state(DONT_USE_KERBEROS)
61 ldb = Ldb(path, session_info=system_session(), credentials=creds,
64 raise CommandError("Unable to read domain SID from configuration files", e)
67 res = ldb.search(expression="(objectClass=*)",
68 base="flatname=%s,cn=Primary Domains" % lp.get("workgroup"),
69 scope=SCOPE_BASE, attrs=attrs)
71 domainsid = ndr_unpack(security.dom_sid, res[0]["objectSid"][0])
72 setntacl(lp, file, acl, str(domainsid), xattr_backend, eadb_file)
74 raise CommandError("Unable to read domain SID from configuration files")
77 class cmd_acl_get(Command):
78 """Set ACLs on a file"""
79 synopsis = "%prog get <file> [--as-sddl] [--xattr-backend=native|tdb] [--eadb-file=file] [options]"
82 Option("--as-sddl", help="Output ACL in the SDDL format", action="store_true"),
83 Option("--xattr-backend", type="choice", help="xattr backend type (native fs or tdb)",
84 choices=["native","tdb"]),
85 Option("--eadb-file", help="Name of the tdb file where attributes are stored", type="string"),
90 def run(self, file, as_sddl=False, xattr_backend=None, eadb_file=None,
91 credopts=None, sambaopts=None, versionopts=None):
92 lp = sambaopts.get_loadparm()
93 creds = credopts.get_credentials(lp)
94 acl = getntacl(lp, file, xattr_backend, eadb_file)
96 anysid = security.dom_sid(security.SID_NT_SELF)
97 print acl.info.as_sddl(anysid)
102 class cmd_nt_acl(SuperCommand):
103 """NT ACLs manipulation"""
106 subcommands["set"] = cmd_acl_set()
107 subcommands["get"] = cmd_acl_get()