else:
m.dn = Dn(self.ldb, object_dn)
- assert(isinstance(sd, str) or isinstance(sd, security.descriptor))
+ assert (isinstance(sd, str) or isinstance(sd, security.descriptor))
if isinstance(sd, str):
tmp_desc = security.descriptor.from_sddl(sd, self.domain_sid)
elif isinstance(sd, security.descriptor):
def update_aces_in_dacl(self, dn, del_aces=None, add_aces=None,
sddl_attr=None, controls=None):
if del_aces is None:
- del_aces=[]
+ del_aces = []
if add_aces is None:
- add_aces=[]
+ add_aces = []
def ace_from_sddl(ace_sddl):
ace_sd = security.descriptor.from_sddl("D:" + ace_sddl, self.domain_sid)
- assert(len(ace_sd.dacl.aces)==1)
+ assert (len(ace_sd.dacl.aces) == 1)
return ace_sd.dacl.aces[0]
if sddl_attr is None:
if controls is None:
- controls=["sd_flags:1:%d" % security.SECINFO_DACL]
+ controls = ["sd_flags:1:%d" % security.SECINFO_DACL]
sd = self.read_sd_on_dn(dn, controls=controls)
if not sd.type & security.SEC_DESC_DACL_PROTECTED:
# if the DACL is not protected remove all
pass
else:
if controls is None:
- controls=[]
+ controls = []
res = self.ldb.search(dn, SCOPE_BASE, None,
[sddl_attr], controls=controls)
old_sddl = str(res[0][sddl_attr][0])
for ace in del_aces:
if isinstance(ace, str):
ace = ace_from_sddl(ace)
- assert(isinstance(ace, security.ace))
+ assert (isinstance(ace, security.ace))
if ace.flags & security.SEC_ACE_FLAG_INHERITED_ACE:
inherited_ignored.append(ace)
ace = ace["ace"]
if isinstance(ace, str):
ace = ace_from_sddl(ace)
- assert(isinstance(ace, security.ace))
+ assert (isinstance(ace, security.ace))
if ace.flags & security.SEC_ACE_FLAG_INHERITED_ACE:
inherited_ignored.append(ace)
for ace in ace_sd.dacl.aces:
add_aces.append({"idx": add_idx, "ace": ace})
add_idx += 1
- _,ai,ii = self.update_aces_in_dacl(object_dn, add_aces=add_aces,
- controls=controls)
+ _, ai, ii = self.update_aces_in_dacl(object_dn, add_aces=add_aces,
+ controls=controls)
return ai, ii
def dacl_add_ace(self, object_dn, ace):
"""Add an ACE (or more) to an objects security descriptor
"""
- _,_ = self.dacl_prepend_aces(object_dn, ace,
- controls=["show_deleted:1"])
+ _, _ = self.dacl_prepend_aces(object_dn, ace,
+ controls=["show_deleted:1"])
def dacl_append_aces(self, object_dn, aces, controls=None):
"""Append an ACE (or more) to an objects security descriptor
add_aces = []
for ace in ace_sd.dacl.aces:
add_aces.append(ace)
- _,ai,ii = self.update_aces_in_dacl(object_dn, add_aces=add_aces,
- controls=controls)
+ _, ai, ii = self.update_aces_in_dacl(object_dn, add_aces=add_aces,
+ controls=controls)
return ai, ii
def dacl_delete_aces(self, object_dn, aces, controls=None):
del_aces = []
for ace in del_sd.dacl.aces:
del_aces.append(ace)
- di,_,ii = self.update_aces_in_dacl(object_dn, del_aces=del_aces,
- controls=controls)
+ di, _, ii = self.update_aces_in_dacl(object_dn, del_aces=del_aces,
+ controls=controls)
return di, ii
def get_sd_as_sddl(self, object_dn, controls=None):