예제 #1
0
파일: client.py 프로젝트: youda313/msldap
    async def set_objectacl_by_dn(
        self,
        object_dn,
        data,
        flags=SDFlagsRequest.DACL_SECURITY_INFORMATION
        | SDFlagsRequest.GROUP_SECURITY_INFORMATION
        | SDFlagsRequest.OWNER_SECURITY_INFORMATION):
        """
		Updates the security descriptor of the LDAP object
		
		:param object_dn: The object's DN
		:type object_dn: str
		:param data: The actual data as bytearray to be updated in the Security Descriptor of the specified object 
		:type data: bytes
		:param flags: Flags indicate the data type to be updated.
		:type flags: :class:`SDFlagsRequest`
		:return: A tuple of (True, None) on success or (False, Exception) on error. 
		:rtype: tuple

		"""

        req_flags = SDFlagsRequestValue({'Flags': flags})
        controls = [
            Control({
                'controlType': b'1.2.840.113556.1.4.801',
                'controlValue': req_flags.dump(),
                'criticality': True,
            })
        ]

        changes = {'nTSecurityDescriptor': [('replace', [data])]}
        return await self._con.modify(object_dn, changes, controls=controls)
예제 #2
0
파일: client.py 프로젝트: youda313/msldap
    async def get_all_objectacl(self):
        """
		Yields the security descriptor of all objects in the LDAP tree of the following types:  
		Users, Computers, GPOs, OUs, Groups

		:return: Async generator which yields (`MSADSecurityInfo`, None) tuple on success or (None, `Exception`) on error
		:rtype: Iterator[(:class:`MSADSecurityInfo`, :class:`Exception`)]

		"""

        flags_value = SDFlagsRequest.DACL_SECURITY_INFORMATION | SDFlagsRequest.GROUP_SECURITY_INFORMATION | SDFlagsRequest.OWNER_SECURITY_INFORMATION
        req_flags = SDFlagsRequestValue({'Flags': flags_value})

        ldap_filter = r'(|(objectClass=organizationalUnit)(objectCategory=groupPolicyContainer)(sAMAccountType=805306369)(objectClass=group)(sAMAccountType=805306368))'
        async for entry, err in self.pagedsearch(ldap_filter,
                                                 attributes=['dn']):
            if err is not None:
                yield None, err
                return
            ldap_filter = r'(distinguishedName=%s)' % escape_filter_chars(
                entry['objectName'])
            attributes = MSADSecurityInfo.ATTRS
            controls = [('1.2.840.113556.1.4.801', True, req_flags.dump())]

            async for entry2, err in self.pagedsearch(ldap_filter,
                                                      attributes,
                                                      controls=controls):
                if err is not None:
                    yield None, err
                    return
                yield MSADSecurityInfo.from_ldap(entry2), None
예제 #3
0
파일: client.py 프로젝트: youda313/msldap
    async def get_objectacl_by_dn(
        self,
        dn,
        flags=SDFlagsRequest.DACL_SECURITY_INFORMATION
        | SDFlagsRequest.GROUP_SECURITY_INFORMATION
        | SDFlagsRequest.OWNER_SECURITY_INFORMATION):
        """
		Returns the full or partial Security Descriptor of the object specified by it's DN.
		The flags indicate which part of the security Descriptor to be returned.
		By default the full SD info is returned.

		:param object_dn: The object's DN
		:type object_dn: str
		:param flags: Flags indicate the data type to be returned.
		:type flags: :class:`SDFlagsRequest`
		:return: nTSecurityDescriptor attribute of the object as `bytes` and an `Exception` is there was any
		:rtype: (:class:`bytes`, :class:`Exception`)

		"""

        req_flags = SDFlagsRequestValue({'Flags': flags})

        ldap_filter = r'(distinguishedName=%s)' % escape_filter_chars(dn)
        attributes = ['nTSecurityDescriptor']
        controls = [('1.2.840.113556.1.4.801', True, req_flags.dump())]

        async for entry, err in self.pagedsearch(ldap_filter,
                                                 attributes,
                                                 controls=controls):
            if err is not None:
                return None, err
            return entry['attributes'].get('nTSecurityDescriptor'), None
        return None, None
예제 #4
0
파일: client.py 프로젝트: youda313/msldap
    async def get_objectacl_by_dn_p(
        self,
        dn,
        flags=SDFlagsRequest.DACL_SECURITY_INFORMATION
        | SDFlagsRequest.GROUP_SECURITY_INFORMATION
        | SDFlagsRequest.OWNER_SECURITY_INFORMATION):
        """
		Returns the full or partial Security Descriptor of the object specified by it's DN.
		The flags indicate which part of the security Descriptor to be returned.
		By default the full SD info is returned.

		:param object_dn: The object's DN
		:type object_dn: str
		:param flags: Flags indicate the data type to be returned.
		:type flags: :class:`SDFlagsRequest`
		:return: 
		:rtype: :class:`MSADSecurityInfo`

		"""

        req_flags = SDFlagsRequestValue({'Flags': flags})

        ldap_filter = r'(distinguishedName=%s)' % escape_filter_chars(dn)
        attributes = MSADSecurityInfo.ATTRS
        controls = [('1.2.840.113556.1.4.801', True, req_flags.dump())]

        async for entry, err in self.pagedsearch(ldap_filter,
                                                 attributes,
                                                 controls=controls):
            if err is not None:
                yield None, err
                return
            yield MSADSecurityInfo.from_ldap(entry), None
예제 #5
0
 def get_objectacl_by_dn(self, dn):
     """
     Returns all ACL info for all AD objects
     """
     
     flags_value = SDFlagsRequest.DACL_SECURITY_INFORMATION|SDFlagsRequest.GROUP_SECURITY_INFORMATION|SDFlagsRequest.OWNER_SECURITY_INFORMATION
     req_flags = SDFlagsRequestValue({'Flags' : flags_value})
     
     ldap_filter = r'(distinguishedName=%s)' % escape_filter_chars(dn)
     attributes = MSADSecurityInfo.ATTRS
     controls = [('1.2.840.113556.1.4.801', True, req_flags.dump())]
     
     for entry in self.pagedsearch(ldap_filter, attributes, controls = controls):
         yield MSADSecurityInfo.from_ldap(entry)
예제 #6
0
 def get_all_objectacl(self):
     """
     Returns all ACL info for all AD objects
     """
     
     flags_value = SDFlagsRequest.DACL_SECURITY_INFORMATION|SDFlagsRequest.GROUP_SECURITY_INFORMATION|SDFlagsRequest.OWNER_SECURITY_INFORMATION
     req_flags = SDFlagsRequestValue({'Flags' : flags_value})
     
     ldap_filter = r'(objectClass=*)'
     attributes = MSADSecurityInfo.ATTRS
     controls = [('1.2.840.113556.1.4.801', True, req_flags.dump())]
     
     for entry in self.pagedsearch(ldap_filter, attributes, controls = controls):
         yield MSADSecurityInfo.from_ldap(entry)
예제 #7
0
파일: client.py 프로젝트: mmg1/msldap
    async def get_all_objectacl(self):
        """
		bbbbbb
		"""

        flags_value = SDFlagsRequest.DACL_SECURITY_INFORMATION | SDFlagsRequest.GROUP_SECURITY_INFORMATION | SDFlagsRequest.OWNER_SECURITY_INFORMATION
        req_flags = SDFlagsRequestValue({'Flags': flags_value})

        ldap_filter = r'(|(objectClass=organizationalUnit)(objectCategory=groupPolicyContainer)(sAMAccountType=805306369)(objectClass=group)(sAMAccountType=805306368))'
        async for entry in self.pagedsearch(ldap_filter, attributes=['dn']):
            ldap_filter = r'(distinguishedName=%s)' % escape_filter_chars(
                entry['objectName'])
            attributes = MSADSecurityInfo.ATTRS
            controls = [('1.2.840.113556.1.4.801', True, req_flags.dump())]

            async for entry2 in self.pagedsearch(ldap_filter,
                                                 attributes,
                                                 controls=controls):
                yield MSADSecurityInfo.from_ldap(entry2)