%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python2.7/site-packages/salt/modules/
Upload File :
Create Path :
Current File : //lib/python2.7/site-packages/salt/modules/win_dacl.pyo

�
���^c@@s�dZddlmZmZmZddlZddlZddlZddlZ	ddl
mZddlm
Z
ddlmZy.ddlZ	ddlZddlZeZWnek
r�eZnXeje�ZdZdefd	��YZd
�Zd�Zd�Ze d
�Z!d�Z"e e e d�Z#d�Z$eeed�Z%ed�Z&ed�Z'e d�Z(e e e ed�Z)dS(u=
Manage DACLs on Windows

:depends:   - winreg Python module
i(tabsolute_importtunicode_literalstprint_functionN(tCommandExecutionError(tstring_types(trangeuwin_daclt
daclConstantscB@sheZdZd�Zd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zd
�ZRS(u3
    DACL constants used throughout the module
    cC@s�tjtjBdB|_idd6dd6dd6dd	6dd6dd6dd6dd6dd
6dd6dd6dd
6|_iiitjjjj	j
d6dd6d6itjjjj	jd6dd6d6tj
6iitjd6dd6d6itjd6dd6d6itjtjBd6dd6d6itjtjBtjBtjBd6dd6d6i|jd6dd6d6tj6|_iidd6dd6d6idd6dd6d6|_iiid d6tjd6d!6id"d6tjd6d#6id$d6tjtjBd6d%6id d6tjd6d&6id"d6tjd6d'6id$d6tjtjBd6d(6tj
6iid)d6tjd6d*6id)d6tjd6d+6id,d6tjtjBd6d-6id.d6tjd6d/6id0d6tjd6d16id2d6tjtjBtjBd6d36id4d6tjtjBd6d56id6d6tjtjBd6d76id)d6tjd6d86id)d6tjd6d96id,d6tjtjBd6d:6id.d6tjd6d;6id0d6tjd6d<6id2d6tjtjBtjBd6d=6id4d6tjtjBd6d>6id6d6tjtjBd6d?6tj6|_itjjjj	jt6tjjjj	jtjjjj	jBt6|_itjd*6tjd@6tj
dA6|_dS(BNi�uMACHINEuHKEY_LOCAL_MACHINEuUSERSu
HKEY_USERSuCURRENT_USERuHKEY_CURRENT_USERuCLASSES_ROOTuHKEY_CLASSES_ROOTuHKLMuHKUuHKCUuHKCRuBITSureaduTEXTuREADufull controluFULLCONTROLuwriteuWRITEuread and executeuREAD&EXECUTEumodifyuMODIFYuallowediuALLOWudeniediuDENYu
this key onlyuKEYuthis key and subkeysuKEY&SUBKEYSusubkeys onlyuSUBKEYSu
THIS KEY ONLYuTHIS KEY AND SUBKEYSuSUBKEYS ONLYuthis file/folder onlyuFILEuFOLDERu"this folder, subfolders, and filesuFOLDER&SUBFOLDERS&FILESuthis folder and subfoldersuFOLDER&SUBFOLDERSuthis folder and filesuFOLDER&FILESusubfolders and filesuSUBFOLDERS&FILESusubfolders onlyu
SUBFOLDERSu
files onlyuFILESuTHIS FILE ONLYuTHIS FOLDER ONLYu"THIS FOLDER, SUBFOLDERS, AND FILESuTHIS FOLDER AND SUBFOLDERSuTHIS FOLDER AND FILESuSUBFOLDERS AND FILESuSUBFOLDERS ONLYu
FILES ONLYu	DIRECTORYuREGISTRY(t
ntsecuritycontSTANDARD_RIGHTS_REQUIREDtSYNCHRONIZEtFILE_ALL_ACCESSthkeys_securitytsalttexttsixtmovestwinregtKEY_READtKEY_ALL_ACCESSt
win32securitytSE_REGISTRY_KEYtFILE_GENERIC_READtFILE_GENERIC_WRITEtFILE_GENERIC_EXECUTEtDELETEtSE_FILE_OBJECTtrightst
validAceTypestNO_INHERITANCEtCONTAINER_INHERIT_ACEtINHERIT_ONLY_ACEtOBJECT_INHERIT_ACEtvalidPropagationstTruetKEY_WOW64_64KEYtFalsetreflection_maskt
objectType(tself((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pyt__init__1s





/

cC@smt|t�re|j�}y|j|SWqitk
ratdj|dj|j����qiXn|SdS(uA
        returns the bit value of the string object type
        uCInvalid object type "{0}".  It should be one of the following:  {1}u, N(t
isinstanceRtupperR%tKeyErrorRtformattjoin(R&tt((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytgetObjectTypeBit�s
"cC@sKy|j|SWn5tk
rFtdj|dj|j����nXdS(u]
        returns the necessary string value for an HKEY for the win32security module
        u=No HKEY named "{0}".  It should be one of the following:  {1}u, N(RR*RR+R,(R&ts((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytgetSecurityHkey�s
cC@sjy*t|t�r%|j||dS|SWn9tk
retdj|dj|j|����nXdS(ug
        returns a permission bit of the string permission value for the specified object type
        uBITSu8No right "{0}".  It should be one of the following:  {1}u, N(R(RRR*RR+R,(R&R-tm((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytgetPermissionBit�s
cC@sWy|j||dSWn9tk
rRtdj|dj|j|����nXdS(ui
        returns the permission textual representation of a specified permission bit/object type
        uTEXTu8No right "{0}".  It should be one of the following:  {1}u, N(RR*RR+R,(R&R-R1((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytgetPermissionText�s
cC@sOy|j|dSWn5tk
rJtdj|dj|j����nXdS(u9
        returns the acetype bit of a text value
        uBITSu;No ACE type "{0}".  It should be one of the following:  {1}u, N(RR*RR+R,(R&R-((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pyt
getAceTypeBit�s
cC@sOy|j|dSWn5tk
rJtdj|dj|j����nXdS(uE
        returns the textual representation of a acetype bit
        uTEXTu;No ACE type "{0}".  It should be one of the following:  {1}u, N(RR*RR+R,(R&R-((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytgetAceTypeText�s
cC@sWy|j||dSWn9tk
rRtdj|dj|j|����nXdS(u=
        returns the propagation bit of a text value
        uBITSuFNo propagation type of "{0}".  It should be one of the following:  {1}u, N(R R*RR+R,(R&R-tp((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytgetPropagationBit
s
cC@sWy|j||dSWn9tk
rRtdj|dj|j|����nXdS(uI
        returns the textual representation of a propagation bit
        uTEXTuFNo propagation type of "{0}".  It should be one of the following:  {1}u, N(R R*RR+R,(R&R-R6((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytgetPropagationTexts
cC@st|tjkr^|jd�}|j|jd�j��}|jd|�dj|�}ntj	j
|�}|S(u�
        processes a path/object type combo and returns:
            registry types with the correct HKEY text representation
            files/directories with environment variables expanded
        u\iu\\(RRtsplitR0tpopR)tinsertR,tostpatht
expandvars(R&R=R%tspltthive((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytprocessPath s(
t__name__t
__module__t__doc__R'R.R0R2R3R4R5R7R8RA(((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pyR(s	�								cC@sHi}d}|r�tj||tj�r�ytj|�}Wn3tk
rr}t|d<dj||�|d<qDXy(tjd|�t	|d<||d<WqDtk
r�}t|d<dj||�|d<qDXnpy:|r�tj
d|�dnd
}t	|d<||d<Wn3tk
rC}t|d<d	j||�|d<nX|S(u�
    return a state error dictionary, with 'sid' as a field if it could be returned
    if user is None, sid will also be None
    u^S-1(-\d+){1,}$uresultuPUnable to obtain the binary security identifier for {0}.  The exception was {1}.ucommentuusiduUUnable to lookup the account for the security identifier {0}.  The exception was {1}.iuIUnable to obtain the security identifier for {0}.  The exception was {1}.N(tretmatchtIRtGetBinarySidt	ExceptionR#R+tLookupAccountSidR!tLookupAccountNametNone(tusertrettsid_patterntsidte((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pyt_getUserSid0s4


"

cC@s&tjjj�rtrtStdfS(u'
    Only works on Windows systems
    u5Module win_dacl: module only works on Windows systems(Rtutilstplatformt
is_windowstHAS_WINDOWS_MODULESt__virtualname__R#(((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pyt__virtual__UscC@s@y"tj||tj�j�}Wntk
r;d}nX|S(u!
    Gets the DACL of a path
    N(RtGetNamedSecurityInfotDACL_SECURITY_INFORMATIONtGetSecurityDescriptorDaclRIRL(R=R%tdacl((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pyt	_get_dacl^s

c
C@s�i|d6gd6}t|�}|r�|r�t�}|j|�}|j||�}t||�}|r�xktd|j��D]Q}|j|�}	|ds�|	d|dkr�|djt	|	|��q�q�Wq�n|S(u~
    Get the ACL of an object. Will filter by user if one is provided.

    Args:
        path: The path to the object
        objectType: The type of object (FILE, DIRECTORY, REGISTRY)
        user: A user name to filter by

    Returns (dict): A dictionary containing the ACL

    CLI Example:

    .. code-block:: bash

        salt 'minion-id' win_dacl.get c:	emp directory
    uPathuACLsiusidi(
RRRR.RAR]RtGetAceCounttGetAcetappendt_ace_to_text(
R=R%RMRNtsidRettdct
objectTypeBitttdacltcounterttAce((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytgetks

	'cC@slidd6id6dd6}|rT|rT|rT|rT|rT|j�dkrTd}nt�}|j|�}|j||�}|j�}|j�j�}|j�j�}|j�j�}t|�}	|	ds�|	S|j||�}
|j|�}|j	||�}t
||�}
|
r>g}y�|dkrW|
jtj
||
|	d�n,|dkr�|
jtj
||
|	d�ntj||tjdd|
d�|jd	j||j|�|j||�|j||���t|d<Wn1tk
r#}d
j|�|d<t|d<|SX|rQ||dd<qQqhdj|�|d<nd
|d<t|d<|S(u�
    add an ace to an object

    path:  path to the object (i.e. c:\\temp\\file, HKEY_LOCAL_MACHINE\\SOFTWARE\\KEY, etc)
    user: user to add
    permission:  permissions for the user
    acetype:  either allow/deny for each user/permission (ALLOW, DENY)
    propagation: how the ACE applies to children for Registry Keys and Directories(KEY, KEY&SUBKEYS, SUBKEYS)

    CLI Example:

    .. code-block:: bash

        allow domain\fakeuser full control on HKLM\\SOFTWARE\\somekey, propagate to this key and subkeys
            salt 'myminion' win_dacl.add_ace 'HKEY_LOCAL_MACHINE\\SOFTWARE\\somekey' 'Registry' 'domain\fakeuser' 'FULLCONTROL' 'ALLOW' 'KEY&SUBKEYS'
    uresultuchangesuucommentuFILEiusidiu{0} {1} {2} on {3}u?An error occurred attempting to add the ace.  The error was {0}u
Added ACEsu Unable to obtain the DACL of {0}u1An empty value was specified for a required item.N(RLR)RR.RAtstripRRR2R4R7R]tAddAccessAllowedAceExRtACL_REVISIONtAddAccessDeniedAceExtSetNamedSecurityInfoRZR`R+R5R3R8R!RIR#(R=R%RMt
permissiontacetypetpropagationRNRcRdRbt
permissionbitt
acetypebittpropagationbitR\t	acesAddedRQ((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytadd_ace�s^

		
  


c
C@sidd6id6dd6}|r|rt�}|rQ|j�dkrQd}n|j|�}|j||�}|j�}|r�|j�j�nd}|r�|j�j�nd}|r�|j�j�nd}t||||||t�dr�t|�}	|	ds|	S|r,|j	||�nd}
|rG|j
|�nd}|re|j||�nd}t||�}
d}g}x�||
j
�krv|
j|�}|ddtj@tjkri|d	|	d
kri|s�|dd|krf|s|dd|@|krc|
s-|d|
kr`|
j|�|d}|jt||��q`qcqfqin|d}q�W|r�y>tj||tjdd|
d�||dd<t|d<Wq�tk
r�}t|d<dj|�|d<|SXq�qd
|d<n|S(u
    remove an ace to an object

    path:  path to the object (i.e. c:\\temp\\file, HKEY_LOCAL_MACHINE\\SOFTWARE\\KEY, etc)
    user: user to remove
    permission:  permissions for the user
    acetypes:  either allow/deny for each user/permission (ALLOW, DENY)
    propagation: how the ACE applies to children for Registry Keys and Directories(KEY, KEY&SUBKEYS, SUBKEYS)

    If any of the optional parameters are omitted (or set to None) they act as wildcards.

    CLI Example:

    .. code-block:: bash

        remove allow domain\fakeuser full control on HKLM\\SOFTWARE\\somekey propagated to this key and subkeys
            salt 'myminion' win_dacl.rm_ace 'Registry' 'HKEY_LOCAL_MACHINE\\SOFTWARE\\somekey' 'domain\fakeuser' 'FULLCONTROL' 'ALLOW' 'KEY&SUBKEYS'
    uresultuchangesuucommentuFILEuExistsiiiusiduRemoved ACEsu'Error removing ACE.  The error was {0}.u,The specified ACE was not found on the path.N(RLRR)R.RARit	check_aceR!RRR2R4R7R]R^R_Rt
INHERITED_ACEt	DeleteAceR`RaRmRZRIR#R+(R=R%RMRnRoRpRNRcRdRbRqRrRsR\RftacesRemovedRgRQ((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytrm_ace�s^

		"


%

c	C@s�t�}|j|�}yTtjd|d�}|drXdj|d|d�}ndj|d�}Wn$tk
r�tj|d�}nX|d}|dd}|dd}d}x=|jD]2}|j|d|kr�|j|d}Pq�q�WxI|j|D]:}|j||d|kr
|j||d}Pq
q
W|tj	@tj	krwd	}|tj	A}nxI|j
|D]:}|j
||d|kr�|j
||d}Pq�q�Wd
j|||||�S(uG
    helper function to convert an ace to a textual representation
    uiiu{1}\{0}iu{0}uBITSuTEXTu[Inherited]u{0} {1} {2} on {3} {4}(RR.RRJR+RItConvertSidToStringSidRRRwR (	taceR%RctuserSidttPermttAceTypettPropst
tInheritedtx((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pyRas<	


c
C@sditd6dd6id6}|r`y	tj||tj�}|j�}|r8|r�d}g}	xs||j�kr�|j|�}
|
ddtj@tjkr�|j|�|	j	t
|
|��qc|d}qcW|	r�|	|dd<q�nd|dd	<tj||tjtjBdd|d�d
|dd<n�|s�d}g}xs||j�kr�|j|�}
|
ddtj@tjkr�|j|�|j	t
|
|��qM|d}qMW|r�||dd<q�nd|dd
<tj||tjtjBdd|d�d|dd<t|d<Wq`tk
r\}t|d<dj|�|d<q`Xn|S(ut
    helper function to set the inheritance
    Args:

        path (str): The path to the object

        objectType (str): The type of object

        inheritance (bool): True enables inheritance, False disables

        copy (bool): Copy inherited ACEs to the DACL before disabling
        inheritance

        clear (bool): Remove non-inherited ACEs from the DACL
    uresultuucommentuchangesiiuRemoved ACEsuLeft in the DACLuNon-Inherited ACEsuEnableduInheritanceuCopied to the DACLuPreviously Inherited ACEsuDisabledu<Error attempting to set the inheritance.  The error was {0}.N(R#RRYRZR[R^R_RwRxR`RaRmt%UNPROTECTED_DACL_SECURITY_INFORMATIONRLt#PROTECTED_DACL_SECURITY_INFORMATIONR!RIR+(
R=R%tinheritancetcopytclearRNtsdReRftremovedAcesRgtinheritedAcesRemovedRQ((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pyt_set_dacl_inheritanceEs^






cC@s@t�}|j|�}|j||�}t||td|�S(u�
    enable/disable inheritance on an object

    Args:
        path: The path to the object
        objectType: The type of object (FILE, DIRECTORY, REGISTRY)
        clear: True will remove non-Inherited ACEs from the ACL

    Returns (dict): A dictionary containing the results

    CLI Example:

    .. code-block:: bash

        salt 'minion-id' win_dacl.enable_inheritance c:	emp directory
    N(RR.RAR�R!RL(R=R%R�Rc((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytenable_inheritance�s	cC@s@t�}|j|�}|j||�}t||t|d�S(u�
    Disable inheritance on an object

    Args:
        path: The path to the object
        objectType: The type of object (FILE, DIRECTORY, REGISTRY)
        copy: True will copy the Inherited ACEs to the DACL before disabling inheritance

    Returns (dict): A dictionary containing the results

    CLI Example:

    .. code-block:: bash

        salt 'minion-id' win_dacl.disable_inheritance c:	emp directory
    N(RR.RAR�R#RL(R=R%R�Rc((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytdisable_inheritance�s	cC@s8itd6td6dd6}t|�}t�}|j|�}|j||�}y(tj||tj�}|j�}Wn1t	k
r�}t|d<dj
|�|d<|SXxztd|j��D]c}	|j
|	�}
|
ddtj@tjkr�|ds|
d	|dkr&t|d<Pq&q�q�Wt|d<|S(
u�
    Check a specified path to verify if inheritance is enabled

    Args:
        path: path of the registry key or file system object to check
        objectType: The type of object (FILE, DIRECTORY, REGISTRY)
        user: if provided, will consider only the ACEs for that user

    Returns (bool): 'Inheritance' of True/False

    CLI Example:

    .. code-block:: bash

        salt 'minion-id' win_dacl.check_inheritance c:	emp directory <username>
    uresultuInheritanceuucommentuAError obtaining the Security Descriptor or DACL of the path: {0}.iiusidi(R#RRRR.RARRYRZR[RIR+RR^R_RwR!(R=R%RMRNRbRcR�tdaclsRQRfR|((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pytcheck_inheritance�s,

	


cC@sitd6td6dd6}t�}|j|�}	|j||	�}|rW|j�nd
}|ro|j�nd
}|r�|j�nd
}|r�|j|	|�nd
}
|r�|j|�nd
}|r�|j|	|�nd
}t	|�}
|
ds�|
St
||	�}t|d<|rx�td|j
��D]�}|j|�}|d|
dkr3|sw|dd|kr�|s�|dd|@|kr�|
s�t|d<|S|r�|d|
kr�t|d<|Sq�|d|
@|
kr�t|d<|Sq�q�q3q3Wn
d	|d<|S(uP
    Checks a path to verify the ACE (access control entry) specified exists

    Args:
        path:  path to the file/reg key
        objectType: The type of object (FILE, DIRECTORY, REGISTRY)
        user:  user that the ACL is for
        permission:  permission to test for (READ, FULLCONTROL, etc)
        acetype:  the type of ACE (ALLOW or DENY)
        propagation:  the propagation type of the ACE (FILES, FOLDERS, KEY, KEY&SUBKEYS, SUBKEYS, etc)
        exactPermissionMatch:  the ACL must match exactly, IE if READ is specified, the user must have READ exactly and not FULLCONTROL (which also has the READ permission obviously)

    Returns (dict): 'Exists' true if the ACE exists, false if it does not

    CLI Example:

    .. code-block:: bash

        salt 'minion-id' win_dacl.check_ace c:	emp directory <username> fullcontrol
    uresultuExistsuucommentiiusidiuNo DACL found for object.N(R#RR.RAR)RLR2R4R7RRR]R!RR^R_(R=R%RMRnRoRptexactPermissionMatchRNRcRdRqRrRsRbR�RfR|((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pyRv�sF

	





(*RDt
__future__RRRR<tloggingREtsalt.utils.platformRtsalt.exceptionsRtsalt.ext.sixRtsalt.ext.six.movesRtsalt.ext.six.moves.winregRRR!RVtImportErrorR#t	getLoggerRBtlogRWtobjectRRRRXR]RLRhRuRzRaR�R�R�R�Rv(((s9/usr/lib/python2.7/site-packages/salt/modules/win_dacl.pyt<module>s>


�		%			
#	HI	&H/

Zerion Mini Shell 1.0