%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python2.7/site-packages/salt/utils/
Upload File :
Create Path :
Current File : //usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyc

�
���^c@@sdZddlmZmZmZddlZddlmZmZddl	Z
ddlZ
ddlm
Z
ddlmZeZy:ddlZddlZddlZddlZeZWnek
r�nXeje�ZdZd�Zed	�Zed
d�Zd�Z d
�Z!d�Z"d
d�Z#d
d�Z$d
d�Z%d
d�Z&ded
eed�Z'dd
d�Z(ed
d�Z)dd
ed�Z*d
ed�Z+d
d�Z,d
eeeed�Z-d�Z.d
eeeeeed�Z/d�Z0d
eeeed�Z1dS( u(
============
Windows DACL
============
This salt utility contains objects and functions for setting permissions to
objects in Windows. You can use the built in functions or access the objects
directly to create your own custom functionality. There are two objects, Flags
and Dacl.

If you need access only to flags, use the Flags object.

.. code-block:: python

    import salt.utils.win_dacl
    flags = salt.utils.win_dacl.Flags()
    flag_full_control = flags.ace_perms['file']['basic']['full_control']

The Dacl object inherits Flags. To use the Dacl object:

..code-block:: python

    import salt.utils.win_dacl
    dacl = salt.utils.win_dacl.Dacl(obj_type='file')
    dacl.add_ace('Administrators', 'grant', 'full_control')
    dacl.save('C:\temp')

Object types are used by setting the `obj_type` parameter to a valid Windows
object. Valid object types are as follows:

- file
- service
- printer
- registry
- registry32 (for WOW64)
- share

Each object type has its own set up permissions and 'applies to' properties as
follows. At this time only basic permissions are used for setting. Advanced
permissions are listed for displaying the permissions of an object that don't
match the basic permissions, ie. Special permissions. These should match the
permissions you see when you look at the security for an object.

**Basic Permissions**

    ================  ====  ========  =====  =======  =======
    Permissions       File  Registry  Share  Printer  Service
    ================  ====  ========  =====  =======  =======
    full_control      X     X         X               X
    modify            X
    read_execute      X
    read              X     X         X               X
    write             X     X                         X
    read_write                                        X
    change                            X
    print                                    X
    manage_printer                           X
    manage_documents                         X
    ================  ====  ========  =====  =======  =======

**Advanced Permissions**

    =======================  ====  ========  =======  =======
    Permissions              File  Registry  Printer  Service
    =======================  ====  ========  =======  =======
    list_folder              X
    read_data                X
    create_files             X
    write_data               X
    create_folders           X
    append_data              X
    read_ea                  X
    write_ea                 X
    traverse_folder          X
    execute_file             X
    delete_subfolders_files  X
    read_attributes          X
    write_attributes         X
    delete                   X     X
    read_permissions         X               X        X
    change_permissions       X               X        X
    take_ownership           X               X
    query_value                    X
    set_value                      X
    create_subkey                  X
    enum_subkeys                   X
    notify                         X
    create_link                    X
    read_control                   X
    write_dac                      X
    write_owner                    X
    manage_printer                           X
    print                                    X
    query_config                                      X
    change_config                                     X
    query_status                                      X
    enum_dependents                                   X
    start                                             X
    stop                                              X
    pause_resume                                      X
    interrogate                                       X
    user_defined                                      X
    change_owner                                      X
    =======================  ====  ========  =======  =======

Only the registry and file object types have 'applies to' properties. These
should match what you see when you look at the properties for an object.

    **File types:**

        - this_folder_only: Applies only to this object
        - this_folder_subfolders_files (default): Applies to this object
          and all sub containers and objects
        - this_folder_subfolders: Applies to this object and all sub
          containers, no files
        - this_folder_files: Applies to this object and all file
          objects, no containers
        - subfolders_files: Applies to all containers and objects
          beneath this object
        - subfolders_only: Applies to all containers beneath this object
        - files_only: Applies to all file objects beneath this object

    **Registry types:**

        - this_key_only: Applies only to this key
        - this_key_subkeys: Applies to this key and all subkeys
        - subkeys_only: Applies to all subkeys beneath this object

i(tabsolute_importtprint_functiontunicode_literalsN(tCommandExecutionErrortSaltInvocationError(trange(tsixudaclcC@s0tjjj�stdfSts,tdfStS(u4
    Only load if Win32 Libraries are installed
    uwin_dacl: Requires Windowsuwin_dacl: Requires pywin32(tsalttutilstplatformt
is_windowstFalset	HAS_WIN32t__virtualname__(((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyt__virtual__�s


cC@s1ts
dSdtfd��Y}|r-|�S|S(u_
    Helper function for instantiating a Flags object

    Args:

        instantiated (bool):
            True to return an instantiated object, False to return the object
            definition. Use False if inherited by another class. Default is
            True.

    Returns:
        object: An instance of the Flags object or its definition
    NtFlagscB@s�eZdZiiidd6dd6dd6dd6d	d
6dd6dd
6dd6dd6d
d6dd6d6idd6dd6dd6dd6dd6dd6dd 6d!d"6d#d$6d%d&6d'd(6d)d*6d+d,6dd-6dd.6dd/6dd06dd16dd26dd36dd46dd56dd66d d76d"d86d$d96d&d:6d(d;6d*d<6d,d=6d>6d?6ii
d@dA6d	dB6ddC6d@dD6dEdF6ddG6d	dH6dAd
6dBd6dCd6d6idId6dJd6dKd6dLd6dMd6dNd6d%d&6dOd(6dPd*6dQd,6ddR6ddS6ddT6ddU6ddV6ddW6d&d:6d(dX6d*dY6d,dZ6d>6d[6iidd6d\d6d	d6dd
6dd]6dd6d6id>6d^6iid_d`6dadb6dcdd6d`de6dbdf6dddg6d6i
dadh6d_d6d'd(6d)d*6d+d,6dhdf6dde6d(d;6d*d<6d,d=6d>6di6iid@dj6dkdl6d	dm6ddn6djd
6dldo6dmd6dnd6d6idpd6dqd6drd6dsd6dtd6dud6dvd 6dwd"6dxd$6dyd(6dzd*6d{d,6dd|6dd}6dd~6dd6dd�6dd�6d d�6d"d�6d$d�6d(d;6d*d<6d,d�6d>6d�6Ziid�d�6d�d6d�d6d�d�6d�d�6d�d�6d�d�6d�d�6d�d6d�d�6d�d�6dd�6dd�6d�d�6d�d�6d�d�6d?6id�d�6d�d6d�d�6d�d�6d�d6d�d�6dd�6d�d�6d[6id�d�6d�d6d�d�6d�d�6d�d6d�d�6dd�6d�d�6d�6Ziejd�6ejd�6d�ej6d�ej6Ziej	d�6ej
d�6ejd�6Ziej
d�6ejd�6Ziejd?6ejd�6ejdi6ejd[6ejd�6ejd^6ZRS(�uV
        Object containing all the flags for dealing with Windows permissions
        uFull controli�uModifyi�uRead & execute with writei�uRead & executei�uReadi�uWriteiufull_controlumodifyuread_executeureaduwriteubasicuList folder / read dataiuCreate files / write dataiuCreate folders / append dataiuRead extended attributesiuWrite extended attributesiuTraverse folder / execute filei uDelete subfolders and filesi@uRead attributesi�uWrite attributesiuDeleteiuRead permissionsiuChange permissionsiuTake ownershipiulist_folderu	read_dataucreate_filesu
write_dataucreate_foldersuappend_datauread_eauwrite_eautraverse_folderuexecute_fileudelete_subfolders_filesuread_attributesuwrite_attributesudeleteuread_permissionsuchange_permissionsutake_ownershipuadvancedufileuFull Controli?iiiuExecutei i@l��uQuery Valueu	Set Valueu
Create SubkeyuEnumerate SubkeysuNotifyuCreate LinkuRead Controlu	Write DACuWrite Owneruquery_valueu	set_valueu
create_subkeyuenum_subkeysunotifyucreate_linkuread_controlu	write_dacuwrite_owneruregistryuChangeuchangeushareuPrintiuManage this printeriuManage documentsi0uprintumanage_printerumanage_documentsiuprinteri�uRead & Writei�i�iu
read_writeuQuery Configu
Change ConfiguQuery StatusuEnumerate DependentsuStartuStopuPause/ResumeuInterrogateuUser-Defined ControluRead PermissionsuChange PermissionsuChange Owneruquery_configu
change_configuquery_statusuenum_dependentsustartustopupause_resumeuinterrogateuuser_defineduchange_owneruserviceuNot Inherited (file)iuThis folder and filesuThis folder and subfoldersu!This folder, subfolders and filesiuThis folder onlyiu
Files onlyi	uSubfolders onlyi
uSubfolders and files onlyiuInherited (file)uthis_folder_onlyuthis_folder_subfolders_filesuthis_folder_subfoldersuthis_folder_filesusubfolders_filesusubfolders_onlyu
files_onlyu
Not InheriteduThis key and subkeysu
This key onlyuSubkeys onlyu	Inheritedu
this_key_onlyuthis_key_subkeysusubkeys_onlyu
registry32ugrantudenyudaclugroupuowneru	protecteduunprotected(t__name__t
__module__t__doc__t	ace_permstace_propt
win32securitytACCESS_ALLOWED_ACE_TYPEtACCESS_DENIED_ACE_TYPEtace_typetDACL_SECURITY_INFORMATIONtGROUP_SECURITY_INFORMATIONtOWNER_SECURITY_INFORMATIONtelementt#PROTECTED_DACL_SECURITY_INFORMATIONt%UNPROTECTED_DACL_SECURITY_INFORMATIONtinheritancetSE_FILE_OBJECTt
SE_SERVICEt
SE_PRINTERtSE_REGISTRY_KEYtSE_REGISTRY_WOW64_32KEYt
SE_LMSHAREtobj_type(((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyR�s�













(Rtobject(tinstantiatedR((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytflags�s�ufilec@s=trdSndtt�f�fd��Y��||�S(uO
    Helper function for instantiating a Dacl class.

    Args:

        obj_name (str):
            The full path to the object. If None, a blank DACL will be created.
            Default is None.

        obj_type (str):
            The type of object. Default is 'File'

    Returns:
        object: An instantiated Dacl object
    NtDaclc@sqeZdZddd�Zd�Zd�Z�fd�Zd�Zd�Z	d�Z
d	d
�Zdd�ZRS(
u
        DACL Object
        ufilecS@s/|j�|jkr-tdj|���n|j�|_|dkrZtj�|_n�d|jkr{|j	|�}ny*tj
||j|j|jd�}WnStj
k
r�}d|jkr�dj|�}tj|�t|��n�nX|j�|_|jdkr+tj�|_ndS(u�
            Either load the DACL from the passed object or create an empty DACL.
            If `obj_name` is not passed, an empty DACL is created.

            Args:

                obj_name (str):
                    The full path to the object. If None, a blank DACL will be
                    created

                obj_type (Optional[str]):
                    The type of object.

            Returns:
                obj: A DACL object

            Usage:

            .. code-block:: python

                # Create an Empty DACL
                dacl = Dacl(obj_type=obj_type)

                # Load the DACL of the named object
                dacl = Dacl(obj_name, obj_type)
            uInvalid "obj_type" passed: {0}uregistryudacluThe system cannot finduSystem cannot find {0}N(tlowerR&Rtformatt	dacl_typetNoneRtACLtdacltget_reg_nametGetNamedSecurityInfoRt
pywintypesterrortstrerrortlogt	exceptionRtGetSecurityDescriptorDacl(tselftobj_nameR&tsdtexctmsg((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyt__init__�s($
cS@s�idd6dd6dd6dd6dd6dd6dd6dd6dd	6d
d6d
d
6d
d6}|jd
�}|jd�}y||j�}Wn6tk
r�tjd|�tdj|���nX|jd|�dj	|�S(uY
            Take the obj_name and convert the hive to a valid registry hive.

            Args:

                obj_name (str):
                    The full path to the registry key including the hive, eg:
                    ``HKLM\SOFTWARE\salt``. Valid options for the hive are:

                    - HKEY_LOCAL_MACHINE
                    - MACHINE
                    - HKLM
                    - HKEY_USERS
                    - USERS
                    - HKU
                    - HKEY_CURRENT_USER
                    - CURRENT_USER
                    - HKCU
                    - HKEY_CLASSES_ROOT
                    - CLASSES_ROOT
                    - HKCR

            Returns:
                str:
                    The full path to the registry key in the format expected by
                    the Windows API

            Usage:

            .. code-block:: python

                import salt.utils.win_dacl
                dacl = salt.utils.win_dacl.Dacl()
                valid_key = dacl.get_reg_name('HKLM\SOFTWARE\salt')

                # Returns: MACHINE\SOFTWARE\salt
            uMACHINEuHKEY_LOCAL_MACHINEuHKLMuUSERSu
HKEY_USERSuHKUuCURRENT_USERuHKEY_CURRENT_USERuHKCUuCLASSES_ROOTuHKEY_CLASSES_ROOTuHKCRu\iuInvalid Registry Hive: %suInvalid Registry Hive: {0}u\\(
tsplittpoptuppertKeyErrorR6R7RR,tinserttjoin(R9R:thivestregtpassed_hivet
valid_hive((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyR1s.(

c
S@s)t|�}|jdkr*td��nd}t|tj�r�y|j|jd|}Wqt	k
r�}dj
|�}tj|�t
||��qXnry1x*|D]"}	||j|jd|	O}q�WWn>t	k
r}dj
|	�}tj|�t
||��nX|j�d
kr>tdj
|���ny�|j�dkr�|jjtj|jj|ji�j|�||�nq|j�dkr�|jjtj|jj|ji�j|�||�n%tjd	|�td
j
|���Wn#tk
r$}tdj
|�fSXtS(u�
            Add an ACE to the DACL

            Args:

                principal (str):
                    The sid of the user/group to for the ACE

                access_mode (str):
                    Determines the type of ACE to add. Must be either ``grant``
                    or ``deny``.

                permissions (str, list):
                    The type of permissions to grant/deny the user. Can be one
                    of the basic permissions, or a list of advanced permissions.

                applies_to (str):
                    The objects to which these permissions will apply. Not all
                    these options apply to all object types.

            Returns:
                bool: True if successful, otherwise False

            Usage:

            .. code-block:: python

                dacl = Dacl(obj_type=obj_type)
                dacl.add_ace(sid, access_mode, permission, applies_to)
                dacl.save(obj_name, protected)
            u+You must load the DACL before adding an ACEiubasicu!Invalid permission specified: {0}uadvancedugrantudenyuInvalid Access Mode: {0}uInvalid access mode: %suInvalid access mode: {0}u
Error: {0}N(ugrantudeny(tget_sidR0R.Rt
isinstanceRtstring_typesRR-RBR,R6R7RR+tAddAccessAllowedAceExRtACL_REVISION_DSRtgettAddAccessDeniedAceExt	ExceptionRtTrue(
R9t	principaltaccess_modetpermissionst
applies_totsidt	perm_flagR<R=tperm((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytadd_aceLsP 

$
	
	
c	@s���}��}��}��}��}xhtd|jj��D]N}|jj|�}|ddtj@dkrF|ddtjkr�|jjtj|dd|d|d�q�|ddtj	kr|jjtj|dd|d|d�q�|ddtj
krK|jjtj|dd|d|d�q�|ddtjkr�|jjtj|dd|d|d�q�qFqFWx`td|jj��D]F}|jj|�}|ddtj@tjkr�|ddtjA}|ddtjkr:|jjtj||d|d�q�|ddtj	krx|jjtj||d|d�q�|ddtj
kr�|jjtj||d|d�q�|ddtjkr�|jjtj||d|d�q�q�q�Wx^td|jj��D]D}|jj|�}|jjtj|dd|d|d�qWxetd|jj��D]K}|jj|�}|jjtj|ddtjA|d|d�quWx^td|jj��D]D}|jj|�}|jjtj|dd|d|d�q�Wxetd|jj��D]K}|jj|�}|jjtj|ddtjA|d|d�q>W|j|_dS(u\
            Put the ACEs in the ACL in the proper order. This is necessary
            because the add_ace function puts ACEs at the end of the list
            without regard for order. This will cause the following Windows
            Security dialog to appear when viewing the security for the object:

            ``The permissions on Directory are incorrectly ordered, which may
            cause some entries to be ineffective.``

            .. note:: Run this function after adding all your ACEs.

            Proper Orders is as follows:

                1. Implicit Deny
                2. Inherited Deny
                3. Implicit Deny Object
                4. Inherited Deny Object
                5. Implicit Allow
                6. Inherited Allow
                7. Implicit Allow Object
                8. Inherited Allow Object

            Usage:

            .. code-block:: python

                dacl = Dacl(obj_type=obj_type)
                dacl.add_ace(sid, access_mode, applies_to, permission)
                dacl.order_acl()
                dacl.save(obj_name, protected)
            iiiN(
RR0tGetAceCounttGetAceRt
INHERITED_ACERRORMtACCESS_DENIED_OBJECT_ACE_TYPERRLtACCESS_ALLOWED_OBJECT_ACE_TYPE(	R9tnew_daclt	deny_daclt
deny_obj_daclt
allow_dacltallow_obj_dacltitaceR(R*(s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyt	order_acl�s� 																	cS@s_t|�}|j�}i}x:|D]2}|||kr%i||||6||<q%q%W|S(u�
            Get the ACE for a specific principal.

            Args:

                principal (str):
                    The name of the user or group for which to get the ace. Can
                    also be a SID.

            Returns:
                dict: A dictionary containing the ACEs found for the principal

            Usage:

            .. code-block:: python

                dacl = Dacl(obj_type=obj_type)
                dacl.get_ace()
            (tget_namet	list_aces(R9RRtacestretR((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytget_ace,s
 c	S@s�iid6id6}x�td|jj��D]�}|jj|�}|j|�\}}}}}|||kr�i|d6|d6||||<q-ii|d6|d6|6|||<q-W|S(u
            List all Entries in the dacl.

            Returns:
                dict: A dictionary containing the ACEs for the object

            Usage:

            .. code-block:: python

                dacl = Dacl('C:\Temp')
                dacl.list_aces()
            u	Inheritedu
Not Inheritediu
applies toupermissions(RR0RZR[t_ace_to_dict(	R9RjRdRetuserta_typeta_propta_permsR((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyRhKs

c
S@s�tj|d�}yt|�}Wntk
r<|}nX|j|dd}|ddtj@dk}d}|jdkr�|dd}|r�|ddtjA}ny|j|j|}Wq�tk
r�d	}q�Xn|jdkr�dn|j}|j	|d
j
|dg�}|s�g}xd|j	|dD]Q}	t|	tj
�r^q@n|d|	@|	kr@|j|j	|d|	�q@q@W|j�n|s�dj|d�g}n|||||r�d
ndfS(uP
            Helper function for creating the ACE return dictionary
            iiiiuNAufileuregistryu
registry32uUnknown propagationubasicuadvanceduUndefined Permission: {0}u	Inheritedu
Not Inherited(ufileuregistryu
registry32(RtConvertSidToStringSidRgRRR\R-RRBRRNRJRRKtappendtsortR,(
R9ReRVRRRt	inheritedRR&RRX((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyRlqs@



	!
uallc	S@s	t|�}d}g}x�td|jj��D]�}|jj||�}|ddtj@dk}|d|kr1|r1|j|dd|j�ks�|dkr�|jj	||�|j
|j|��|d7}q�q1q1W|sdj|�g}n|S(u�
            Remove a specific ACE from the DACL.

            Args:

                principal (str):
                    The user whose ACE to remove. Can be the user name or a SID.

                ace_type (str):
                    The type of ACE to remove. If not specified, all ACEs will
                    be removed. Default is 'all'. Valid options are:

                    - 'grant'
                    - 'deny'
                    - 'all'

            Returns:
                list: List of removed aces

            Usage:

            .. code-block:: python

                dacl = Dacl(obj_name='C:\temp', obj_type='file')
                dacl.rm_ace('Users')
                dacl.save(obj_name='C:\temp')
            iiiiualluACE not found for {0}(
RIRR0RZR[RR\RR+t	DeleteAceRrRlR,(	R9RRRRVtoffsetRjRdReRt((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytrm_ace�s!cS@s�|jd}|dk	rG|r3||jdB}qG||jdB}n|jdkrh|j|�}ny0tj||j|j|dd|jd�Wn1t	j
k
r�}tdj|�|j
��nXtS(	ux
            Save the DACL

            Args:

                obj_name (str):
                    The object for which to set permissions. This can be the
                    path to a file or folder, a registry key, printer, etc. For
                    more information about how to format the name see:

                    https://msdn.microsoft.com/en-us/library/windows/desktop/aa379593(v=vs.85).aspx

                protected (Optional[bool]):
                    True will disable inheritance for the object. False will
                    enable inheritance. None will make no change. Default is
                    ``None``.

            Returns:
                bool: True if successful, Otherwise raises an exception

            Usage:

            .. code-block:: python

                dacl = Dacl(obj_type='file')
                dacl.save('C:\Temp', True)
            udaclu	protecteduunprotecteduregistryu
registry32uFailed to set permissions: {0}N(uregistryu
registry32(RR.RR-R1RtSetNamedSecurityInfoR&R0R3R4RR,R5RQ(R9R:t	protectedtsec_infoR<((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytsave�s$

N(
RRRR.R>R1RYRfRkRhRlRwR{((R*(s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyR*�s6	H	U�		&	>2(RR)R(R:R&((R*s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyR0�s"��McC@s�|dkrd}nytjjj|�}Wntk
rG|}nXytj|�}WnOtj	k
r�t
jd|�tdj|���nt
k
r�t�nX|S(u�
    Converts a username to a sid, or verifies a sid. Required for working with
    the DACL.

    Args:

        principal(str):
            The principal to lookup the sid. Can be a sid or a username.

    Returns:
        PySID Object: A sid

    Usage:

    .. code-block:: python

        # Get a user's sid
        salt.utils.win_dacl.get_sid('jsnuffy')

        # Verify that the sid is valid
        salt.utils.win_dacl.get_sid('S-1-5-32-544')
    uNULL SIDuInvalid user/group or sid: %suInvalid user/group or sid: {0}N(R.RRt
win_functionstget_sid_from_nameRRtConvertStringSidToSidR3R4R6R7R,t	TypeError(RRRV((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyRIs	



cC@s�|dkrd}nytj|�SWntk
rEt|�}nXytj|�SWn9tjk
r�tjd|�t	dj
|���nXdS(u�
    Converts a PySID object to a string SID.

    Args:

        principal(str):
            The principal to lookup the sid. Must be a PySID object.

    Returns:
        str: A string sid

    Usage:

    .. code-block:: python

        # Get a PySID object
        py_sid = salt.utils.win_dacl.get_sid('jsnuffy')

        # Get the string version of the SID
        salt.utils.win_dacl.get_sid_string(py_sid)
    uNULL SIDuInvalid principal %suInvalid principal {0}N(R.RRqRRIR3R4R6R7RR,(RR((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytget_sid_stringFs	
cC@s<t|tj�r|}nv|dkr0d}nytj|�}WnKtjk
r�ytjd|�d}Wq�tjk
r�|}q�XnXytjd|�dSWn�tjt	fk
r7}dj
|�}t|�tjkrtj
|j�jd�}dj
||�}ntj|�t||��nXdS(ua
    Gets the name from the specified principal.

    Args:

        principal (str):
            Find the Normalized name based on this. Can be a PySID object, a SID
            string, or a user name in any capitalization.

            .. note::
                Searching based on the user name can be slow on hosts connected
                to large Active Directory domains.

    Returns:
        str: The name that corresponds to the passed principal

    Usage:

    .. code-block:: python

        salt.utils.win_dacl.get_name('S-1-5-32-544')
        salt.utils.win_dacl.get_name('adminisTrators')
    uS-1-0-0iuError resolving "{0}"u
u{0}: {1}N(RJR3tSIDTypeR.RR~R4tLookupAccountNametLookupAccountSidRR,ttypetwin32apit
FormatMessagetwinerrortrstripR6R7R(RRtsid_objR<tmessaget	win_error((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyRgms(		
cC@syt�j|j�}Wn&tk
rBtdj|���nX|d	krdt�j|�}ny(tj	||tj
�}|j�}Wn~tk
r�d}nht
jk
r}|jdks�|jdkr�d}q
tjd|�tdj|�|j��nXt|�S(
u�
    Gets the owner of the passed object

    Args:

        obj_name (str):
            The path for which to obtain owner information. The format of this
            parameter is different depending on the ``obj_type``

        obj_type (str):
            The type of object to query. This value changes the format of the
            ``obj_name`` parameter as follows:

            - file: indicates a file or directory
                - a relative path, such as ``FileName.txt`` or ``..\FileName``
                - an absolute path, such as ``C:\DirName\FileName.txt``
                - A UNC name, such as ``\\ServerName\ShareName\FileName.txt``
            - service: indicates the name of a Windows service
            - printer: indicates the name of a printer
            - registry: indicates a registry key
                - Uses the following literal strings to denote the hive:
                    - HKEY_LOCAL_MACHINE
                    - MACHINE
                    - HKLM
                    - HKEY_USERS
                    - USERS
                    - HKU
                    - HKEY_CURRENT_USER
                    - CURRENT_USER
                    - HKCU
                    - HKEY_CLASSES_ROOT
                    - CLASSES_ROOT
                    - HKCR
                - Should be in the format of ``HIVE\Path\To\Key``. For example,
                    ``HKLM\SOFTWARE\Windows``
            - registry32: indicates a registry key under WOW64. Formatting is
                the same as it is for ``registry``
            - share: indicates a network share

    Returns:
        str: The owner (group or user)

    Usage:

    .. code-block:: python

        salt.utils.win_dacl.get_owner('c:\\file')
    uInvalid "obj_type" passed: {0}uregistryu
registry32uS-1-0-0ii2uFailed to get the owner: %suFailed to get owner: {0}(uregistryu
registry32(R)R&R+RBRR,R0R1RR2RtGetSecurityDescriptorOwnertMemoryErrorR3R4R�R6R7RR5Rg(R:R&t
obj_type_flagtsecurity_descriptort	owner_sidR<((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyt	get_owner�s(6

		cC@s6yt�j|j�}Wn&tk
rBtdj|���nXd|j�krzt�j|�}tj	d|�ny(t
j||t
j�}|j
�}Wn~tk
r�d}nhtjk
r"}|jdks�|jdkr�d}q#tjd|�tdj|�|j��nXtt
j|��S(	u�
    Gets the primary group of the passed object

    Args:

        obj_name (str):
            The path for which to obtain primary group information

        obj_type (str):
            The type of object to query. This value changes the format of the
            ``obj_name`` parameter as follows:

            - file: indicates a file or directory
                - a relative path, such as ``FileName.txt`` or ``..\FileName``
                - an absolute path, such as ``C:\DirName\FileName.txt``
                - A UNC name, such as ``\\ServerName\ShareName\FileName.txt``
            - service: indicates the name of a Windows service
            - printer: indicates the name of a printer
            - registry: indicates a registry key
                - Uses the following literal strings to denote the hive:
                    - HKEY_LOCAL_MACHINE
                    - MACHINE
                    - HKLM
                    - HKEY_USERS
                    - USERS
                    - HKU
                    - HKEY_CURRENT_USER
                    - CURRENT_USER
                    - HKCU
                    - HKEY_CLASSES_ROOT
                    - CLASSES_ROOT
                    - HKCR
                - Should be in the format of ``HIVE\Path\To\Key``. For example,
                    ``HKLM\SOFTWARE\Windows``
            - registry32: indicates a registry key under WOW64. Formatting is
                the same as it is for ``registry``
            - share: indicates a network share

    Returns:
        str: The primary group for the object

    Usage:

    .. code-block:: python

        salt.utils.win_dacl.get_primary_group('c:\\file')
    uInvalid "obj_type" passed: {0}uregistryuName converted to: %suS-1-0-0ii2u#Failed to get the primary group: %su Failed to get primary group: {0}(R)R&R+RBRR,R0R1R6tdebugRR2RtGetSecurityDescriptorGroupR�R3R4R�R7RR5RgRq(R:R&R�R�tprimary_group_gidR<((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytget_primary_group�s,6

		c
C@st|�}t�}|j�|jkrBtdj|���nd|j�krit�j|�}nt�}t	j
dd�}|j|tj
f�t	j
dd�}|j|tj
f�tj�}t	j|t	jtjB�}t	j|d|�y7t	j||j|j�|jd|d
d
d
�WnDtjk
rz}	tjd||	�td	j|�|	j��nXtS(ue
    Set the owner of an object. This can be a file, folder, registry key,
    printer, service, etc...

    Args:

        obj_name (str):
            The object for which to set owner. This can be the path to a file or
            folder, a registry key, printer, etc. For more information about how
            to format the name see:

            https://msdn.microsoft.com/en-us/library/windows/desktop/aa379593(v=vs.85).aspx

        principal (str):
            The name of the user or group to make owner of the object. Can also
            pass a SID.

        obj_type (Optional[str]):
            The type of object for which to set the owner. Default is ``file``

    Returns:
        bool: True if successful, raises an error otherwise

    Usage:

    .. code-block:: python

        salt.utils.win_dacl.set_owner('C:\MyDirectory', 'jsnuffy', 'file')
    uInvalid "obj_type" passed: {0}uregistryuuSeTakeOwnershipPrivilegeuSeRestorePrivilegeiuowneruFailed to make %s the owner: %suFailed to set owner: {0}N(RIR)R+R&RR,R0R1tsetRtLookupPrivilegeValuetaddtwin32contSE_PRIVILEGE_ENABLEDR�tGetCurrentProcesstOpenProcessTokentTOKEN_ALL_ACCESStTOKEN_ADJUST_PRIVILEGEStAdjustTokenPrivilegesRxRR.R3R4R6R7RR5RQ(
R:RRR&RVt	obj_flagst	new_privstluidtp_handlett_handleR<((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyt	set_ownerPs:		
c
C@s�|dkrd}nt|�}t�}|j�|jkrWtdj|���nd|j�kr~t�j|�}nt	�}t
jdd�}|j|t
jf�t
jdd�}|j|t
jf�tj�}t
j|t
jt
jB�}t
j|d|�y7t
j||j|j�|jdd|dd�WnDtjk
r�}	tjd	||	�td
j|�|	j��nXtS(us
    Set the primary group of an object. This can be a file, folder, registry
    key, printer, service, etc...

    Args:

        obj_name (str):
            The object for which to set primary group. This can be the path to a
            file or folder, a registry key, printer, etc. For more information
            about how to format the name see:

            https://msdn.microsoft.com/en-us/library/windows/desktop/aa379593(v=vs.85).aspx

        principal (str):
            The name of the group to make primary for the object. Can also pass
            a SID.

        obj_type (Optional[str]):
            The type of object for which to set the primary group.

    Returns:
        bool: True if successful, raises an error otherwise

    Usage:

    .. code-block:: python

        salt.utils.win_dacl.set_primary_group('C:\MyDirectory', 'Administrators', 'file')
    uNoneuInvalid "obj_type" passed: {0}uregistryuuSeTakeOwnershipPrivilegeuSeRestorePrivilegeiugroupu'Failed to make %s the primary group: %su Failed to set primary group: {0}N(R.RIR)R+R&RR,R0R1R�RR�R�R�R�R�R�R�R�R�R�RxRR3R4R6R7RR5RQ(
R:RRR&tgidR�R�R�R�R�R<((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytset_primary_group�s< 			
ugrantc	C@s�|dkrEd|j�kr'd}qE|j�dkrEd}qEn|r]td|�}nt||�}|j||�|j||||�|j�|j||�tS(uO
    Set the permissions of an object. This can be a file, folder, registry key,
    printer, service, etc...

    Args:

        obj_name (str):
            The object for which to set permissions. This can be the path to a
            file or folder, a registry key, printer, etc. For more information
            about how to format the name see:

            https://msdn.microsoft.com/en-us/library/windows/desktop/aa379593(v=vs.85).aspx

        principal (str):
            The name of the user or group for which to set permissions. Can also
            pass a SID.

        permissions (str, list):
            The type of permissions to grant/deny the user. Can be one of the
            basic permissions, or a list of advanced permissions.

        access_mode (Optional[str]):
            Whether to grant or deny user the access. Valid options are:

            - grant (default): Grants the user access
            - deny: Denies the user access

        applies_to (Optional[str]):
            The objects to which these permissions will apply. Not all these
            options apply to all object types. Defaults to
            'this_folder_subfolders_files'

        obj_type (Optional[str]):
            The type of object for which to set permissions. Default is 'file'

        reset_perms (Optional[bool]):
            True will overwrite the permissions on the specified object. False
            will append the permissions. Default is False

        protected (Optional[bool]):
            True will disable inheritance for the object. False will enable
            inheritance. None will make no change. Default is None.

    Returns:
        bool: True if successful, raises an error otherwise

    Usage:

    .. code-block:: python

        salt.utils.win_dacl.set_permissions(
            'C:\Temp', 'jsnuffy', 'full_control', 'grant')
    uregistryuthis_key_subkeysufileuthis_folder_subfolders_filesR&N(R.R+R0RwRYRfR{RQ(	R:RRRTRSRUR&treset_permsRytobj_dacl((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytset_permissions�s>	
uallcC@s0t||�}|j||�|j|�tS(u�
    Remove a user's ACE from an object. This can be a file, folder, registry
    key, printer, service, etc...

    Args:

        obj_name (str):
            The object from which to remove the ace. This can be the
            path to a file or folder, a registry key, printer, etc. For more
            information about how to format the name see:

            https://msdn.microsoft.com/en-us/library/windows/desktop/aa379593(v=vs.85).aspx

        principal (str):
            The name of the user or group for which to set permissions. Can also
            pass a SID.

        ace_type (Optional[str]):
            The type of ace to remove. There are two types of ACEs, 'grant' and
            'deny'. 'all' will remove all ACEs for the user. Default is 'all'

        obj_type (Optional[str]):
            The type of object for which to set permissions. Default is 'file'

    Returns:
        bool: True if successful, raises an error otherwise

    Usage:

    .. code-block:: python

        # Remove jsnuffy's grant ACE from C:\Temp
        salt.utils.win_dacl.rm_permissions('C:\\Temp', 'jsnuffy', 'grant')

        # Remove all ACEs for jsnuffy from C:\Temp
        salt.utils.win_dacl.rm_permissions('C:\\Temp', 'jsnuffy')
    (R0RwR{RQ(R:RRRR&R�((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytrm_permissionsCs)
cC@s2t||�}|dkr%|j�S|j|�S(uv
    Get the permissions for the passed object

    Args:

        obj_name (str):
            The name of or path to the object.

        principal (Optional[str]):
            The name of the user or group for which to get permissions. Can also
            pass a SID. If None, all ACEs defined on the object will be
            returned. Default is None

        obj_type (Optional[str]):
            The type of object for which to get permissions.

    Returns:
        dict: A dictionary representing the object permissions

    Usage:

    .. code-block:: python

        salt.utils.win_dacl.get_permissions('C:\Temp')
    N(R0R.RhRk(R:RRR&R�((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytget_permissionsts
cC@sV|j�d
kr*tdj|���n|j�}t||�}|j�}t|�}|j|dj|j�|j|dj|j�t��}|s�tdj|���nd}	xjt	d|jj
��D]P}
|jj|
�}|d|kr�|j|dd|kr�|d	}	q�q�W|	s8tS|rH|	|kS|	|@|kS(u�
    Check if the object has a permission

    Args:

        obj_name (str):
            The name of or path to the object.

        principal (str):
            The name of the user or group for which to get permissions. Can also
            pass a SID.

        permission (str):
            The permission to verify. Valid options depend on the obj_type.

        access_mode (Optional[str]):
            The access mode to check. Is the user granted or denied the
            permission. Default is 'grant'. Valid options are:

            - grant
            - deny

        obj_type (Optional[str]):
            The type of object for which to check permissions. Default is 'file'

        exact (Optional[bool]):
            True for an exact match, otherwise check to see if the permission is
            included in the ACE. Default is True

    Returns:
        bool: True if the object has the permission, otherwise False

    Usage:

    .. code-block:: python

        # Does Joe have read permissions to C:\Temp
        salt.utils.win_dacl.has_permission(
            'C:\\Temp', 'joe', 'read', 'grant', False)

        # Does Joe have Full Control of C:\Temp
        salt.utils.win_dacl.has_permission(
            'C:\\Temp', 'joe', 'full_control', 'grant')
    ugrantudenyu!Invalid "access_mode" passed: {0}ubasicuadvancedu Invalid "permission" passed: {0}iii(ugrantudenyN(
R+RR,R0RIRRNRR.RRZR[R(R:RRt
permissionRSR&texactR�RVtchk_flagtcur_flagRdRe((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pythas_permission�s.3	&+
cC@s\|dkr$tdj|���n|r<td|�}nt||�}|j||�S(u�
    Enable or disable an objects inheritance.

    Args:

        obj_name (str):
            The name of the object

        enabled (bool):
            True to enable inheritance, False to disable

        obj_type (Optional[str]):
            The type of object. Only three objects allow inheritance. Valid
            objects are:

            - file (default): This is a file or directory
            - registry
            - registry32 (for WOW64)

        clear (Optional[bool]):
            True to clear existing ACEs, False to keep existing ACEs.
            Default is False

    Returns:
        bool: True if successful, otherwise an Error

    Usage:

    .. code-block:: python

        salt.utils.win_dacl.set_inheritance('C:\Temp', False)
    ufileuregistryu
registry32u-obj_type called with incorrect parameter: {0}R&(ufileuregistryu
registry32(RR,R0R{(R:tenabledR&tclearR�((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytset_inheritance�s!cC@sstd|d|�}tj}xNtd|jj��D]4}|jj|�}|dd|@|kr7tSq7WtS(u�
    Get an object's inheritance.

    Args:

        obj_name (str):
            The name of the object

        obj_type (Optional[str]):
            The type of object. Only three object types allow inheritance. Valid
            objects are:

            - file (default): This is a file or directory
            - registry
            - registry32 (for WOW64)

            The following should return False as there is no inheritance:

            - service
            - printer
            - share

    Returns:
        bool: True if enabled, otherwise False

    Usage:

    .. code-block:: python

        salt.utils.win_dacl.get_inheritance('HKLM\SOFTWARE\salt', 'registry')
    R:R&ii(R0RR\RRZR[RQR(R:R&R�RtRdRe((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytget_inheritances 	cC@sqtd|�}d|j�krb|j|�}tjd|�|j|�}tjd|�nyt�j|j�}Wn&tk
r�tdj	|���nXd}	|r�|	t
jO}	n|r�|	t
jO}	n|r�|	t
j
O}	n|r|	t
jO}	n|	std��nt�}
t
jdd	�}|
j|tjf�t
jdd
�}|
j|tjf�t
jdd�}|
j|tjf�tj�}t
j|t
jtjB�}
t
j|
d|
�t
j|||	�}|j�}|j�}|j�}|j�}y#t
j|||	||||�Wn.t j!k
rl}t"dj	|j#���nXt$S(
u�
    Copy the security descriptor of the Source to the Target. You can specify a
    specific portion of the security descriptor to copy using one of the
    `copy_*` parameters.

    .. note::
        At least one `copy_*` parameter must be ``True``

    .. note::
        The user account running this command must have the following
        privileges:

        - SeTakeOwnershipPrivilege
        - SeRestorePrivilege
        - SeSecurityPrivilege

    Args:

        source (str):
            The full path to the source. This is where the security info will be
            copied from

        target (str):
            The full path to the target. This is where the security info will be
            applied

        obj_type (str): file
            The type of object to query. This value changes the format of the
            ``obj_name`` parameter as follows:
            - file: indicates a file or directory
                - a relative path, such as ``FileName.txt`` or ``..\FileName``
                - an absolute path, such as ``C:\DirName\FileName.txt``
                - A UNC name, such as ``\\ServerName\ShareName\FileName.txt``
            - service: indicates the name of a Windows service
            - printer: indicates the name of a printer
            - registry: indicates a registry key
                - Uses the following literal strings to denote the hive:
                    - HKEY_LOCAL_MACHINE
                    - MACHINE
                    - HKLM
                    - HKEY_USERS
                    - USERS
                    - HKU
                    - HKEY_CURRENT_USER
                    - CURRENT_USER
                    - HKCU
                    - HKEY_CLASSES_ROOT
                    - CLASSES_ROOT
                    - HKCR
                - Should be in the format of ``HIVE\Path\To\Key``. For example,
                    ``HKLM\SOFTWARE\Windows``
            - registry32: indicates a registry key under WOW64. Formatting is
                the same as it is for ``registry``
            - share: indicates a network share

        copy_owner (bool): True
            ``True`` copies owner information. Default is ``True``

        copy_group (bool): True
            ``True`` copies group information. Default is ``True``

        copy_dacl (bool): True
            ``True`` copies the DACL. Default is ``True``

        copy_sacl (bool): True
            ``True`` copies the SACL. Default is ``True``

    Returns:
        bool: ``True`` if successful

    Raises:
        SaltInvocationError: When parameters are invalid
        CommandExecutionError: On failure to set security

    Usage:

    .. code-block:: python

        salt.utils.win_dacl.copy_security(
            source='C:\\temp\\source_file.txt',
            target='C:\\temp\\target_file.txt',
            obj_type='file')

        salt.utils.win_dacl.copy_security(
            source='HKLM\\SOFTWARE\\salt\\test_source',
            target='HKLM\\SOFTWARE\\salt\\test_target',
            obj_type='registry',
            copy_owner=False)
    R&uregistryuSource converted to: %suTarget converted to: %suInvalid "obj_type" passed: {0}iuCOne of copy_owner, copy_group, copy_dacl, or copy_sacl must be TrueuuSeTakeOwnershipPrivilegeuSeRestorePrivilegeuSeSecurityPrivilegeu Failed to set security info: {0}(%R0R+R1R6tinfoR)R&RBRR,RRRRtSACL_SECURITY_INFORMATIONR�R�R�R�R�R�R�R�R�R�R�R2R�R�R8tGetSecurityDescriptorSaclRxR3R4RR5RQ(tsourcettargetR&t
copy_ownert
copy_groupt	copy_daclt	copy_saclR�R�tsecurity_flagsR�R�R�R�tsectsd_sidtsd_gidtsd_dacltsd_saclR<((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyt
copy_securityIsb`
	cC@s�|j�}i}xq|D]i}d}ytd|�}	Wn7tk
rq|djdj|j�|��qnXd||kr�||d}
t�jd|
}t�jd|}nd}
|	|dkr||kr�i||<n||d|||<|
r�|
||d<q�qt	||dt
j�r�td	|d|	d
||dd|d|d
t
�s||kr�i||<n||d|||<qn~x{||dD]k}td	|d|	d
|d|d|d
t
�s�||krig|6||<n|||j|�q�q�W|
r||d|	kr�|d|	|d|ks||krki||<n|
||d<qq�qqW|r�d|dkr�i|dd<nx�|D]�}td|�}	tdtkr#||ddkri|dd|<n||||dd||<q�d}
d||kr"|	|dkr�||d|	kr�x�t�j|D]�}
t�j||
|d|	|dkrn|
}xGt�j|D]2}tjjj�j|||kr�|}
q�q�WqnqnWn|
s0|j�dkrd}
qd}
q0n||d}
g}|||kr�x�|d|	|dD]�}x�t�j|dD]s}
t�j|d|
|krx|
}xFt�j|dD]-}t�j|d||kr�|}q�q�WqxqxWq]W|s�x�|d|	|dD]�}x�t�j|dD]z}
t�j|d|
|kr+|
}xMt�j|dD]4}t�j|d||krj|j|�qjqjWq+q+WqWq�n|||}yvtd	|d|	d|d|d|
d|�||ddkri|dd|<n||||dd||<Wq�tk
r�}t
|d<|djdj|||||j��q�Xq�Wn|S(u�
    Helper function used by ``check_perms`` for checking and setting Grant and
    Deny permissions.

    Args:

        obj_name (str):
            The name or full path to the object

        obj_type (Optional[str]):
            The type of object for which to check permissions. Default is 'file'

        new_perms (dict):
            A dictionary containing the user/group and the basic permissions to
            check/grant, ie: ``{'user': {'perms': 'basic_permission'}}``.

        cur_perms (dict):
            A dictionary containing the user/group permissions as they currently
            exists on the target object.

        access_mode (str):
            The access mode to set. Either ``grant`` or ``deny``

        ret (dict):
            A dictionary to append changes to and return. If not passed, will
            create a new dictionary to return.

    Returns:
        dict: A dictionary of return data as expected by the state system
    uRRucommentu0{0} Perms: User "{1}" missing from Target Systemu
applies_toufileu
Not InheritedupermsR:R�RSR&R�u
applies touchangesutesturegistryu
registry32uthis_key_subkeysuthis_folder_subfolders_filesupermissionsubasicuadvancedRTRUuresultu<Failed to change {0} permissions for "{1}" to {2}
Error: {3}N(uregistryu
registry32(R+RgRRrR,t
capitalizeR)RR.RJRRKR�Rt__opts__RQRRtwin_daclRR�R5(R:R&t	new_permst	cur_permsRSRjtchangesRmtapplies_to_textt	user_nameRUtat_flagRXtflagtflag1tpermsRWR<((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyt_check_perms�s�



	
	

!*#	%"

%c
C@s�|j�t�jkr0tdj|���n|j�}|smi|d6id6gd6td6}d}n|d}g|d<|rWtd|�}td|d	|�}	||	krWtd
tkr�||dd<qTyAt	d|d|d	|�t
jdj|��||dd<WqTtk
rPt
|d<|djd
j|��qTXqWn|d#k	r'|td|d	|�ks'td
tkr�||dd<q$yGtd|d|d	|�t
jd|r�dnd�||dd<Wq$tk
r t
|d<|djdj||��q$Xq'nt
jdj|��td|d	|�}
|d#k	r�td|d	|d|d|
ddd|�}n|d#k	r�td|d	|d|d|
ddd|�}n|rt
jdj|��td|d	|�}
x|
dD]}|d#k	r|j�td�|D��krd|
d|krtd
tkr�d|dkri|dd<n|ddji|
d||6�q
d|dkr�i|dd<ntd|d|ddd	|�|ddji|
d||6�qn|d#k	r|j�td �|D��krd|
d|krtd
tkr�d|dkr�i|dd<n|ddji|
d||6�qd|dkr�i|dd<ntd|d|ddd	|�|ddji|
d||6�qqqWnt|tj�rM|rm|djd!|�qmn |rm|j|d�|d<nd"j|d�|d<td
r�|dr�d#|d<n|S($u/
    Check owner and permissions for the passed directory. This function checks
    the permissions and sets them, returning the changes made.

    .. versionadded:: 2019.2.0

    Args:

        obj_name (str):
            The name or full path to the object

        obj_type (Optional[str]):
            The type of object for which to check permissions. Default is 'file'

        ret (dict):
            A dictionary to append changes to and return. If not passed, will
            create a new dictionary to return.

        owner (str):
            The owner to set for the directory.

        grant_perms (dict):
            A dictionary containing the user/group and the basic permissions to
            check/grant, ie: ``{'user': {'perms': 'basic_permission'}}``.
            Default is ``None``.

        deny_perms (dict):
            A dictionary containing the user/group and permissions to
            check/deny. Default is ``None``.

        inheritance (bool):
            ``True`` will enable inheritance from the parent object. ``False``
            will disable inheritance. Default is ``True``.

        reset (bool):
            ``True`` will clear the DACL and set only the permissions defined
             in ``grant_perms`` and ``deny_perms``. ``False`` append permissions
             to the existing DACL. Default is ``False``. This does NOT affect
            inherited permissions.

    Returns:
        dict: A dictionary of changes that have been made

    Usage:

    .. code-block:: bash

        # You have to use __utils__ in order for __opts__ to be available

        # To see changes to ``C:\Temp`` if the 'Users' group is given 'read & execute' permissions.
        __utils__['dacl.check_perms'](obj_name='C:\Temp',
                                      obj_type='file',
                                      owner='Administrators',
                                      grant_perms={
                                          'Users': {
                                              'perms': 'read_execute'
                                          }
                                      })

        # Specify advanced attributes with a list
        __utils__['dacl.check_perms'](obj_name='C:\Temp',
                                      obj_type='file',
                                      owner='Administrators',
                                      grant_perms={
                                          'jsnuffy': {
                                              'perms': [
                                                  'read_attributes',
                                                  'read_ea'
                                              ],
                                              'applies_to': 'files_only'
                                          }
                                      })
    uInvalid "obj_type" passed: {0}unameuchangesucommenturesultuRRR:R&utestuowneruOwner set to {0}uFailed to change owner to "{0}"uinheritanceR�u%s inheritanceuEnablingu	Disablingu*Failed to set inheritance for "{0}" to {1}u#Getting current permissions for {0}R�R�RSudenyRjugrantuResetting permissions for {0}u
Not Inheritedcs@s|]}|j�VqdS(N(R+(t.0tk((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pys	<genexpr>A	suremove_permsRcs@s|]}|j�VqdS(N(R+(R�R�((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pys	<genexpr>T	siu
N(R+R)R&RR,RQRgR�R�R�R6R�RRRrR.R�R�R�R�R�tupdateR�RJRRKRCtextendRD(R:R&Rjtownertgrant_permst
deny_permsRtresettorig_commentt
current_ownerR�R�((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pytcheck_perms�s�R

	







""#
cC@s�|j�}i}x�|D]�}yt|�}Wn-tk
r^tjd|j�|�qnXd}|dkr{d||krj||dkr4d|d|kr4x�t�j|D]w}	t�j||	|d|ddkr�|	}
x>t�j|D])}t�j|||
kr�|}q�q�Wq�q�Wn|sx|dkrOd	}qgd|krgd
}qgqxq{||d}n|j	d|d|d
||dd|�r||||<qqW|S(Nu.%s Perms: User "%s" missing from Target Systemufileuregistryu
registry32u
applies_tou
Not Inheritedudenyu
applies touthis_folder_subfolders_filesuthis_key_subkeysRRRSRTupermsRU(ufileuregistryu
registry32(
R+RgRR6R�R�R.R)RRY(R�R&R�R�RSRjRmR�RUR�R�R�((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyt
_set_permsw	s@

	*		c	C@s�i}|r$td|�}i}n't|d|�}td|d|�}|d	k	r�td|d|d|d|dd�|d<n|d	k	r�td|d|d|d|dd�|d<n|j�|j||�r�|SiS(
u�

    Set permissions for the given path

    .. versionadded:: 2019.2.0

    Args:

        obj_name (str):
            The name or full path to the object

        obj_type (Optional[str]):
            The type of object for which to check permissions. Default is 'file'

        grant_perms (dict):
            A dictionary containing the user/group and the basic permissions to
            grant, ie: ``{'user': {'perms': 'basic_permission'}}``. You can also
            set the ``applies_to`` setting here. The default for ``applise_to``
            is ``this_folder_subfolders_files``. Specify another ``applies_to``
            setting like this:

            .. code-block:: yaml

                {'user': {'perms': 'full_control', 'applies_to': 'this_folder'}}

            To set advanced permissions use a list for the ``perms`` parameter,
            ie:

            .. code-block:: yaml

                {'user': {'perms': ['read_attributes', 'read_ea'], 'applies_to': 'this_folder'}}

            To see a list of available attributes and applies to settings see
            the documentation for salt.utils.win_dacl.

            A value of ``None`` will make no changes to the ``grant`` portion of
            the DACL. Default is ``None``.

        deny_perms (dict):
            A dictionary containing the user/group and permissions to deny along
            with the ``applies_to`` setting. Use the same format used for the
            ``grant_perms`` parameter. Remember, deny permissions supersede
            grant permissions.

            A value of ``None`` will make no changes to the ``deny`` portion of
            the DACL. Default is ``None``.

        inheritance (bool):
            If ``True`` the object will inherit permissions from the parent, if
            ``False``, inheritance will be disabled. Inheritance setting will
            not apply to parent directories if they must be created. Default is
            ``False``.

        reset (bool):
            If ``True`` the existing DCL will be cleared and replaced with the
            settings defined in this function. If ``False``, new entries will be
            appended to the existing DACL. Default is ``False``.

    Returns:
        bool: True if successful

    Raises:
        CommandExecutionError: If unsuccessful

    Usage:

    .. code-block:: bash

        import salt.utils.win_dacl

        # To grant the 'Users' group 'read & execute' permissions.
        salt.utils.win_dacl.set_perms(obj_name='C:\Temp',
                                      obj_type='file',
                                      grant_perms={
                                          'Users': {
                                              'perms': 'read_execute'
                                          }
                                      })

        # Specify advanced attributes with a list
        salt.utils.win_dacl.set_perms(obj_name='C:\Temp',
                                      obj_type='file',
                                      grant_perms={
                                          'jsnuffy': {
                                              'perms': [
                                                  'read_attributes',
                                                  'read_ea'
                                              ],
                                              'applies_to': 'this_folder_only'
                                          }
                                      }"
    R&R:R�R�R�RSudenyugrantN(R0R�R.R�RfR{(	R:R&R�R�RR�RjR�R�((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyt	set_perms�	s,a	
(2Rt
__future__RRRtloggingtsalt.exceptionsRRtsalt.utils.platformRtsalt.utils.win_functionstsalt.ext.six.movesRtsalt.extRRRRR�R�R3RQtImportErrort	getLoggerRR6R
RR)R.R0RIR�RgR�R�R�R�R�R�R�R�R�R�R�R�R�R�R�(((s7/usr/lib/python2.7/site-packages/salt/utils/win_dacl.pyt<module>�s~

	
�
��d	.	'	9TVMTP.%V--�	��	.

Zerion Mini Shell 1.0