python - python - win32security 通过跨域访问为 NAS 中的文件夹添加 ACL

问题描述

我正在研究一个用例来创建一个文件夹并添加安全组。我正在使用下面的代码。当我手动执行此操作以访问共享路径时，我们输入凭据并创建一个文件夹发布，一旦我单击安全选项卡，它会再次提示输入凭据并填充相同的安全组。这是因为从预期的不同域访问共享位置。现在，当我尝试使用以下代码通过 python 执行此操作时，我能够创建文件夹，但它无法添加安全组，因为脚本是从不同域中的服务器运行的。

错误（1332，LookupAccountName'没有完成帐户名和安全 ID 之间的映射。）

所以基本上我们如何在访问安全选项卡时设置权限，并设置相同的权限。

请帮忙。

class Create(Resource):
    def post(self):
        # Get JSON arguments from Payload shared NAS path, directorname  groupname with read access and right access
        parentdir = request.json.get("path")
        dirname = request.json.get("name")
        readGroup = request.json.get("readGroup")
        # Access the NAS path through NAS credentails
        class Impersonate:
 
            def __init__(self,user,password):
                #Update domain to access the shared NAS
                self.domain_name = "domain"
                self.user = user
                self.password = password
                logging.debug("Credentials Received: {} ".format(self.user))
            def logon(self):
                self.handle=win32security.LogonUser(self.user,self.domain_name,self.password,win32con.LOGON32_LOGON_INTERACTIVE,win32con.LOGON32_PROVIDER_DEFAULT)
                win32security.ImpersonateLoggedOnUser(self.handle)
                    
            def logoff(self):
                win32security.RevertToSelf() #terminates impersonation
                self.handle.Close() #guarantees cleanup
                    
        if __name__ == "__main__":
            #update username and password of the NAS path below within quotes
            a=Impersonate('user','Password')
            try:
                a.logon() #Logon to NAS path with supplied credentails.
                try:
                    logging.debug("Sucessfully connectd to NAS  path {} ".format(parentdir))
                    # makedirs create directory recursively
                    os.makedirs(path)
                    try:
                        groupr, domain, type = win32security.LookupAccountName ("", readGroup)
                        sd = win32security.GetFileSecurity(path, win32security.DACL_SECURITY_INFORMATION)
                        dacl = sd.GetSecurityDescriptorDacl()
                        dacl.AddAccessAllowedAce(win32security.ACL_REVISION,win32con.GENERIC_READ, groupr)
                        #os.makedirs(path)
                    except OSError as e:
                        if e.errno == errno.EEXIST:
                            print(e)
                            resp = Response('{} fileshare creation created, adding security group {} with read permessions  failed. Error:{}'.format(dirname, groupr, e))
                            print (resp)
                            resp.status_code = 201
                            return resp
 
                except OSError as error:
                    print(error)
                    resp = Response('{} fileshare creation failed. Error is {} '.format(dirname, error))
                    print (resp)
                    resp.status_code = 300
                    return resp
                    #return ("Fileshare creation failed: {} ".format(dirname))
                            
            except Exception as error1:
                print(error1)
                logging.error("Failed to connect to NAS path{}, Error: {} ".format(parentdir, error1))
                resp = Response('Could not connect to UNC Shared path. Error{}'.format(error1))
                print (resp)
                resp.status_code = 201
                return resp
                a.logoff() 

标签： pythonwinapiaclpywin32pywin