File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/__pycache__/win_dacl.cpython-310.pyc
o
�N�g�~ � @ s� d Z ddlZddlZddlZddlmZmZ dZzddl Z ddl
Z
ddlZddlZdZW n e
y5 Y nw e�e�ZdZdd� Zd5d d
�Zd6dd�Zd
d� Zdd� Zdd� Zd7dd�Zd7dd�Zd7dd�Zd7dd�Z d8dd�Zd9dd �Zd6d!d"�Z d:d#d$�Z d:d%d&�Z d;d'd(�Z!d7d)d*�Z" d<d+d,�Z#d=d-d.�Z$ d>d/d0�Z%d1d2� Z& d?d3d4�Z'dS )@a
============
Windows DACL
============
This salt utility contains objects and functions for setting permissions to
objects in Windows. You can use the built in functions or access the objects
directly to create your own custom functionality. There are two objects, Flags
and Dacl.
If you need access only to flags, use the Flags object.
.. code-block:: python
import salt.utils.win_dacl
flags = salt.utils.win_dacl.Flags()
flag_full_control = flags.ace_perms['file']['basic']['full_control']
The Dacl object inherits Flags. To use the Dacl object:
.. code-block:: python
import salt.utils.win_dacl
dacl = salt.utils.win_dacl.Dacl(obj_type='file')
dacl.add_ace('Administrators', 'grant', 'full_control')
dacl.save('C:\temp')
Object types are used by setting the `obj_type` parameter to a valid Windows
object. Valid object types are as follows:
- file
- service
- printer
- registry
- registry32 (for WOW64)
- share
Each object type has its own set up permissions and 'applies to' properties as
follows. At this time only basic permissions are used for setting. Advanced
permissions are listed for displaying the permissions of an object that don't
match the basic permissions, ie. Special permissions. These should match the
permissions you see when you look at the security for an object.
**Basic Permissions**
================ ==== ======== ===== ======= =======
Permissions File Registry Share Printer Service
================ ==== ======== ===== ======= =======
full_control X X X X
modify X
read_execute X
read X X X X
write X X X
read_write X
change X
print X
manage_printer X
manage_documents X
================ ==== ======== ===== ======= =======
**Advanced Permissions**
======================= ==== ======== ======= =======
Permissions File Registry Printer Service
======================= ==== ======== ======= =======
*** folder permissions
list_folder X
create_files X
create_folders X
traverse_folder X
delete_subfolders_files X
*** file permissions
read_data X
write_data X
append_data X
execute_file X
*** common permissions
read_ea X
write_ea X
read_attributes X
write_attributes X
delete X X
read_permissions X X X
change_permissions X X X
take_ownership X X
query_value X
set_value X
create_subkey X
enum_subkeys X
notify X
create_link X
read_control X
write_dac X
write_owner X
manage_printer X
print X
query_config X
change_config X
query_status X
enum_dependents X
start X
stop X
pause_resume X
interrogate X
user_defined X
change_owner X
======================= ==== ======== ======= =======
Only the registry and file object types have 'applies to' properties. These
should match what you see when you look at the properties for an object.
**File types:**
- this_folder_only: Applies only to this object
- this_folder_subfolders_files (default): Applies to this object
and all sub containers and objects
- this_folder_subfolders: Applies to this object and all sub
containers, no files
- this_folder_files: Applies to this object and all file
objects, no containers
- subfolders_files: Applies to all containers and objects
beneath this object
- subfolders_only: Applies to all containers beneath this object
- files_only: Applies to all file objects beneath this object
.. note::
'applies to' properties can only be modified on directories. Files
will always be ``this_folder_only``.
**Registry types:**
- this_key_only: Applies only to this key
- this_key_subkeys: Applies to this key and all subkeys
- subkeys_only: Applies to all subkeys beneath this object
� N)�CommandExecutionError�SaltInvocationErrorFT�daclc C s t jj�� sdS tsdS tS )z4
Only load if Win32 Libraries are installed
)Fzwin_dacl: Requires Windows)Fzwin_dacl: Requires pywin32)�salt�utils�platformZ
is_windows� HAS_WIN32�__virtualname__� r
r
�G/opt/saltstack/salt/lib/python3.10/site-packages/salt/utils/win_dacl.py�__virtual__� s
r c C s$ t sdS G dd� d�}| r|� S |S )a_
Helper function for instantiating a Flags object
Args:
instantiated (bool):
True to return an instantiated object, False to return the object
definition. Use False if inherited by another class. Default is
True.
Returns:
object: An instance of the Flags object or its definition
Nc @ s� e Zd ZdZdddddddd d
ddd
�i dd�dd�dd�dd�dd�dd�dd�dd�dd�d d!�d"d#�d$d%�d&d'�d(d�d)d�d*d�d+d�dddddddddd d"d$d&d,�
�d-�d.ddd.d/ddd0d1d2d3�
i dd4�dd5�dd6�dd7�dd8�dd9�d d!�d"d:�d$d;�d&d<�d=d�d>d�d?d�d@d�dAd�dBd�dCd �d"d$d&dD��d-�ddEddd d
dF�i d-�dGdHdIdJdKdLdM�dHdGd#d%d'dNdd"d$d&dO�
d-�d.dPdddQdRdSdTdU�i ddV�ddW�ddX�ddY�ddZ�dd[�dd\�dd]�dd^�d"d_�d$d`�d&da�dbd�dcd�ddd�ded�dfd�ddddd"d$d&dg��d-�dh�Zdidjdkdldmdndodpdddqdrdsdtdu�dvdwdxdpddsdy�dvdwdxdpddsdy�dz�Zd{ejd|ejejd{ejd|iZ ej
ejejd}�Z
ejejd~�Zejejejejejejd�Zd�S )�zflags.<locals>.FlagszV
Object containing all the flags for dealing with Windows permissions
zFull controlZModifyzRead & execute with writezRead & executeZReadZWrite� � � � � )r
r i� r r r �full_control�modifyZread_execute�read�write� zList folder / read data� zCreate files / write data� zCreate folders / append data� zRead extended attributes� zWrite extended attributes� zTraverse folder / execute file�@ zDelete subfolders and files� zRead attributes� zWrite attributesi ZDelete� zRead permissions� zChange permissions� zTake ownershipZlist_folderZcreate_filesZcreate_foldersZtraverse_folder)
Zdelete_subfolders_filesZ read_dataZ
write_dataZappend_dataZexecute_fileZread_eaZwrite_eaZread_attributesZwrite_attributes�delete�read_permissions�change_permissions�take_ownership)�basic�advancedzFull ControlZExecute�? � � )
r( r) r* i i i @l �� r r r zQuery Valuez Set Valuez
Create SubkeyzEnumerate SubkeysZNotifyzCreate LinkzRead Controlz Write DACzWrite OwnerZquery_valueZ set_valueZ
create_subkeyZenum_subkeys�notifyZcreate_linkr"