%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/samba/gp/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/samba/gp/__pycache__/gpclass.cpython-312.pyc

�

�0�e\����ddlZddlZddlZddlZddlZddlZejjdd�ddlm	Z	m
Z
ddlmZddl
mZddlZddlmZddlmZmZddlmcmZddlZddlmZdd	lmZdd
lmZddl m!Z!ddl"m#Z#ddl$m%Z%dd
l&m'Z'ddlm(Z(ddlm)Z)ddl*m+Z+m,Z,ddl-m.Z.ddl/m0Z0ddl1m2Z2ddl3Z3ddlm4Z4ddl5m6Z6ddl7m8Z8ddl9Z9ddl:m;Z;m<Z<m=Z=m>Z>m?Z?m@Z@ddl7mAZAmBZBmCZCddlmDZDddlEZddlmFZF	ddlGmHZHeHdd�ZIGd�d �ZKGd!�d"�ZLGd#�d$eM�ZNGd%�d&eN�ZOGd'�d(eN�ZPGd)�d*eN�ZQGd+�d,eM�ZRGd-�d.eR�ZS	d/�ZTd0�ZU	d1�ZVGd2�d3�ZWd4�ZXd5�ZYd6�ZZd7�Z[d8�Z\d9�Z]d:�Z^d;�Z_d<�Z`d=�Zad>�ZbdKd?�Zcd@�ZddLdA�ZedB�ZfdC�ZgdD�ZhdE�Zi	dMdF�ZjdNdG�ZkdNdH�ZldI�ZmdJ�Zny#eJ$r
Gd�d�ZIY��wxYw)O�Nz
bin/python)�
NTSTATUSError�WERRORError)�ConfigParser)�StringIO)�	get_bytes)�ABCMeta�abstractmethod)�Net)�nbt)�libsmb_samba_internal)�LoadParm)�UUID)�NamedTemporaryFile)�preg)�misc)�ndr_pack�
ndr_unpack)�SMB_SIGNING_REQUIRED)�log)�blake2b)�
get_string)�SamDB)�system_session)�UF_WORKSTATION_TRUST_ACCOUNT�UF_SERVER_TRUST_ACCOUNT�GPLINK_OPT_ENFORCE�GPLINK_OPT_DISABLE�GPO_INHERIT�GPO_BLOCK_INHERITANCE)� AUTH_SESSION_INFO_DEFAULT_GROUPS�AUTH_SESSION_INFO_AUTHENTICATED�#AUTH_SESSION_INFO_SIMPLE_PRIVILEGES)�security)�netlogon)�Enum�GPOSTATEzAPPLY ENFORCE UNAPPLYc��eZdZdZdZdZy)r&���N)�__name__�
__module__�__qualname__�APPLY�ENFORCE�UNAPPLY���2/usr/lib/python3/dist-packages/samba/gp/gpclass.pyr&r&=s�������r2c�T�eZdZdZdd�Zd�Zd�Zd�Zd�Zd�Z	d	�Z
d
�Zd�Zd�Z
d
�Zy)�gp_loga[ Log settings overwritten by gpo apply
    The gp_log is an xml file that stores a history of gpo changes (and the
    original setting value).

    The log is organized like so:

<gp>
    <user name="KDC-1$">
        <applylog>
            <guid count="0" value="{31B2F340-016D-11D2-945F-00C04FB984F9}" />
        </applylog>
        <guid value="{31B2F340-016D-11D2-945F-00C04FB984F9}">
            <gp_ext name="System Access">
                <attribute name="minPwdAge">-864000000000</attribute>
                <attribute name="maxPwdAge">-36288000000000</attribute>
                <attribute name="minPwdLength">7</attribute>
                <attribute name="pwdProperties">1</attribute>
            </gp_ext>
            <gp_ext name="Kerberos Policy">
                <attribute name="ticket_lifetime">1d</attribute>
                <attribute name="renew_lifetime" />
                <attribute name="clockskew">300</attribute>
            </gp_ext>
        </guid>
    </user>
</gp>

    Each guid value contains a list of extensions, which contain a list of
    attributes. The guid value represents a GPO. The attributes are the values
    of those settings prior to the application of the GPO.
    The list of guids is enclosed within a user name, which represents the user
    the settings were applied to. This user may be the samaccountname of the
    local computer, which implies that these are machine policies.
    The applylog keeps track of the order in which the GPOs were applied, so
    that they can be rolled back in reverse, returning the machine to the state
    prior to policy application.
    Nc�f�tj|_||_||_|rtj|�|_ntjd�|_||_	|jjd|z�}|�0tj|jd�}||jd<yy)ag Initialize the gp_log
        param user          - the username (or machine name) that policies are
                              being applied to
        param gpostore      - the GPOStorage obj which references the tdb which
                              contains gp_logs
        param db_log        - (optional) a string to initialize the gp_log
        �gp�user[@name="%s"]N�user�name)
r&r.�_state�gpostore�username�etree�
fromstring�gpdb�Elementr9�find�
SubElement�attrib)�selfr9r<�db_log�user_objs     r3�__init__zgp_log.__init__is����n�n��� ��
���
���(�(��0�D�I��
�
�d�+�D�I���	��9�9�>�>�"4�t�";�<�����'�'��	�	�6�:�H�&*�H�O�O�F�#�r2c��|tjk(rg|jjd|jz�}|jd�}|�t|�dk(rtj|_y||_y||_y)a( Policy application state
        param value         - APPLY, ENFORCE, or UNAPPLY

        The behavior of the gp_log depends on whether we are applying policy,
        enforcing policy, or unapplying policy. During an apply, old settings
        are recorded in the log. During an enforce, settings are being applied
        but the gp_log does not change. During an unapply, additions to the log
        should be ignored (since function calls to apply settings are actually
        reverting policy), but removals from the log are allowed.
        r8�applylogNr)r&r/r@rBr9�lenr.r;)rE�valuerG�	apply_logs    r3�statezgp_log.state~sf���H�$�$�$��y�y�~�~�&8�4�9�9�&D�E�H� �
�
�j�1�I�� �C�	�N�a�$7�&�n�n���#����D�Kr2c��|jS)zCheck the GPOSTATE
        )r;�rEs r3�	get_statezgp_log.get_state�s���{�{�r2c��||_|jjd|jz�}|jd|z�}|�%t	j
|d�}||jd<|jtjk(r�|jd�}|�t	j
|d�}|jd|z�}|�Dt	j
|d�}dt|�dz
z|jd	<||jd<yyy)
z� Log to a different GPO guid
        param guid          - guid value of the GPO from which we're applying
                              policy
        r8�guid[@value="%s"]N�guidrLrJz%dr(�count)rTr@rBr9r>rCrDr;r&r.rK)rErTrG�objrM�prev�items       r3�set_guidzgp_log.set_guid�s���
��	��9�9�>�>�"4�t�y�y�"@�A���m�m�/�$�6�7���;��"�"�8�V�4�C�"&�C�J�J�w���;�;�(�.�.�(� �
�
�j�1�I�� �!�,�,�X�z�B�	��>�>�"5��"<�=�D��|��'�'�	�6�:��'+�s�9�~��/A�'B����G�$�'+����G�$��)r2c��|jtjk(s|jtjk(ry|jjd|jz�}|jd|jz�}|�Jd��|jd|z�}|�%tj|d�}||jd<|jd|z�}|�-tj|d	�}||jd<||_yy)
a Store an attribute in the gp_log
        param gp_ext_name   - Name of the extension applying policy
        param attribute     - The attribute being modified
        param old_val       - The value of the attribute prior to policy
                              application
        Nr8rS�gpo guid was not set�gp_ext[@name="%s"]�gp_extr:�attribute[@name="%s"]�	attribute)r;r&r0r/r@rBr9rTr>rCrD�text)rE�gp_ext_namer_�old_valrG�guid_obj�ext�attrs        r3�storezgp_log.store�s����;�;�(�*�*�*�d�k�k�X�=M�=M�.M���9�9�>�>�"4�t�y�y�"@�A���=�=�!4�t�y�y�!@�A���#�;�%;�;�#��m�m�0�;�>�?���;��"�"�8�X�6�C�!,�C�J�J�v���x�x�/�)�;�<���<��#�#�C��5�D�"+�D�K�K����D�I�r2c��|jjd|jz�}|jd|jz�}|�Jd��|jd|z�}|�"|jd|z�}|�|jSy)a- Retrieve a stored attribute from the gp_log
        param gp_ext_name   - Name of the extension which applied policy
        param attribute     - The attribute being retrieved
        return              - The value of the attribute prior to policy
                              application
        r8rSNr[r\r^)r@rBr9rTr`�rErar_rGrcrdres       r3�retrievezgp_log.retrieve�s����9�9�>�>�"4�t�y�y�"@�A���=�=�!4�t�y�y�!@�A���#�;�%;�;�#��m�m�0�;�>�?���?��8�8�3�i�?�@�D����y�y� �r2c�L�|jjd|jz�}|jd|jz�}|�Jd��|jd|z�}|�9|j	d�}|D�cic]}|j
d|j��c}SiScc}w)a Retrieve all stored attributes for this user, GPO guid, and CSE
        param gp_ext_name   - Name of the extension which applied policy
        return              - The values of the attributes prior to policy
                              application
        r8rSr[r\r_r:)r@rBr9rT�findallrDr`)rErarGrcrd�attrsres       r3�retrieve_allzgp_log.retrieve_all�s����9�9�>�>�"4�t�y�y�"@�A���=�=�!4�t�y�y�!@�A���#�;�%;�;�#��m�m�0�;�>�?���?��K�K��,�E�?D�E�t�D�K�K��'����2�E�E��	��Fs�;!B!c�b�g}|jjd|jz�}|�}|jd�}|�j|jd�}|D�cgc]$}|j	d�|j	d�f��&}}|jd��|j
d�|D��|Scc}w)	z� Return a list of applied ext guids
        return              - List of guids for gpos that have applied settings
                              to the system.
        r8rJzguid[@count]rUrLT)�reversec3�&K�|]	\}}|���y�w�Nr1)�.0rUrTs   r3�	<genexpr>z+gp_log.get_applied_guids.<locals>.<genexpr>�s����D�k�e�T�T�D�s�)r@rBr9rk�get�sort�extend)rE�guidsrGrM�	guid_objs�g�guids_by_counts       r3�get_applied_guidszgp_log.get_applied_guids�s���
���9�9�>�>�"4�t�y�y�"@�A���� �
�
�j�1�I��$�%�-�-�n�=�	�+4�"6�&'�$%�5�5��>�1�5�5��>�"B�"6��"6��#�#�D�#�1����D�^�D�D����	"6s�)B,c�z�g}|jjd|jz�}|D]�}|jd|z�}|jd�}i}|D]J}i}	|jd�}
|
D]}|j|	|j
d<� |	||j
d<�L|j
||f���|S)ai Return a list of applied ext guids
        return              - List of tuples containing the guid of a gpo, then
                              a dictionary of policies and their values prior
                              policy application. These are sorted so that the
                              most recently applied settings are removed first.
        r8rSr]r_r:)r@rBr9rkr`rD�append)rErw�retrGrT�
guid_settings�exts�settingsrd�	attr_dictrlres            r3�get_applied_settingszgp_log.get_applied_settings�s������9�9�>�>�"4�t�y�y�"@�A���
	)�D�$�M�M�*=��*D�E�M� �(�(��2�D��H��
9���	����K�0��!�?�D�59�Y�Y�I�d�k�k�&�1�2�?�/8�����F�+�,�
9�
�J�J��h�'�(�
	)��
r2c�`�|jjd|jz�}|jd|jz�}|�Jd��|jd|z�}|�I|jd|z�}|�2|j	|�t|�dk(r|j	|�yyyy)z� Remove an attribute from the gp_log
        param gp_ext_name   - name of extension from which to remove the
                              attribute
        param attribute     - attribute to remove
        r8rSNr[r\r^r)r@rBr9rT�removerKrhs       r3�deletez
gp_log.deletes����9�9�>�>�"4�t�y�y�"@�A���=�=�!4�t�y�y�!@�A���#�;�%;�;�#��m�m�0�;�>�?���?��8�8�3�i�?�@�D����
�
�4� ��s�8�q�=��O�O�C�(�!� �r2c��|jj|jtj|j
d��y)z Write gp_log changes to disk zutf-8N)r<rfr=r>�tostringr@rPs r3�commitz
gp_log.commits)���
�
���D�M�M�5�>�>�$�)�)�W�+M�Nr2rq)r+r,r-�__doc__rHrNrQrYrfrirmr{r�r�r�r1r2r3r5r5Cs@��$�J+�* �,�
,�* �,�"
��"�,)�"Or2r5c�H�eZdZd�Zd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zd
�Zy)�
GPOStoragec��tjj|�rtj|�|_ytj|dtjtjtjz�|_y)Nr)
�os�path�isfile�tdb�openr�Tdb�DEFAULT�O_CREAT�O_RDWR)rE�log_files  r3rHzGPOStorage.__init__"sI��
�7�7�>�>�(�#��x�x��)�D�H��w�w�x��C�K�K����b�i�i�9O�P�D�Hr2c�8�|jj�yrq)r�transaction_startrPs r3�startzGPOStorage.start(s�����"�"�$r2c�|�	t|jjt|���S#t$rYywxYwrq)�intrrtr�	TypeError�rE�keys  r3�get_intzGPOStorage.get_int+s5��	��t�x�x�|�|�I�c�N�3�4�4���	��	�s�,/�	;�;c�J�|jjt|��Srq)rrtrr�s  r3rtzGPOStorage.get1s���x�x�|�|�I�c�N�+�+r2c	�`�t|||jjt|���Srq)r5rrtr)rEr9s  r3�	get_gplogzGPOStorage.get_gplog4s"���d�D�$�(�(�,�,�y���"?�@�@r2c�`�|jjt|�t|��yrq)rrfr)rEr��vals   r3rfzGPOStorage.store7s�������y��~�y��~�6r2c�8�|jj�yrq)r�transaction_cancelrPs r3�cancelzGPOStorage.cancel:������#�#�%r2c�L�|jjt|��yrq)rr�rr�s  r3r�zGPOStorage.delete=s�������	�#��'r2c�8�|jj�yrq)r�transaction_commitrPs r3r�zGPOStorage.commit@r�r2c�8�|jj�yrq)r�closerPs r3�__del__zGPOStorage.__del__Cs�������r2N)
r+r,r-rHr�r�rtr�rfr�r�r�r�r1r2r3r�r�!s6��Q�%��,�A�7�&�(�&�r2r�c�\�eZdZeZd�Zed��Zed��Zd�Z	ed��Z
ed��Zy)r]c�Z�||_||_||_|j|�|_yrq)�lp�credsr=r��gp_db)rEr�r�r=rfs     r3rHzgp_ext.__init__Js'�������
� ��
��_�_�X�.��
r2c��yrqr1)rE�deleted_gpo_list�changed_gpo_lists   r3�process_group_policyzgp_ext.process_group_policyP���r2c��yrqr1)rE�policys  r3�readzgp_ext.readTr�r2c��|jjd�}tjj	|t|�j
��}tjj|�r|j|�Sy)N�	gpo_cache)	r��
cache_pathr�r��join�check_safe_path�upper�existsr�)rE�afile�
local_path�	data_files    r3�parsezgp_ext.parseXsZ���W�W�'�'��4�
��G�G�L�L��_�U�-C�-I�-I�-K�L�	�
�7�7�>�>�)�$��9�9�Y�'�'�r2c��yrqr1rPs r3�__str__zgp_ext.__str___r�r2c��iSrqr1)rE�gpos  r3�rsopzgp_ext.rsopcs���	r2N)r+r,r-r�
__metaclass__rHr	r�r�r�r�r�r1r2r3r]r]Gsa���M�/��
��
��
��
���
��
����r2r]c��eZdZd�Zy)�
gp_inf_extc�,�t|d�j�}td��}t|_	|jt
|j���|S#t$r-|jt
|jd���Y|SwxYw)N�rb��
interpolation�utf-16)	r�r�r�str�optionxform�readfpr�decode�UnicodeDecodeError)rEr�r��inf_confs    r3r�zgp_inf_ext.readis|���i��&�+�+�-���d�3��"���	?��O�O�H�V�]�]�_�5�6����"�	?��O�O�H�V�]�]�8�%<�=�>���	?�s�(A�2B�BN�r+r,r-r�r1r2r3r�r�hs��r2r�c��eZdZd�Zy)�
gp_pol_extc�j�t|d�j�}ttj|�S)Nr�)r�r�rr�file�rEr��raws   r3r�zgp_pol_ext.readus(���9�d�#�(�(�*���$�)�)�S�)�)r2Nr�r1r2r3r�r�ts��*r2r�c��eZdZd�Zy)�
gp_xml_extc���t|d�j�}	tj|j	��S#t
$r'tj|j	d��cYSwxYw)Nr�r�)r�r�r>r?r�r�r�s   r3r�zgp_xml_ext.read{s\���9�d�#�(�(�*��	:��#�#�C�J�J�L�1�1��!�	:��#�#�C�J�J�x�$8�9�9�	:�s�"?�-A/�.A/Nr�r1r2r3r�r�zs��:r2r�c�f�eZdZdZeZd�Zd�Zd�Zd�Z	d�Z
d�Zd�Ze
d	��Ze
d
��Zd
d�Zy)�
gp_applierz�Group Policy Applier/Unapplier/Modifier
    The applier defines functions for monitoring policy application,
    removal, and modification. It must be a multi-derived class paired
    with a subclass of gp_ext.
    c��|jj|�|jjt|�||�|jj	�y)aLAdd an attribute and value to the Group Policy cache
        guid        - The GPO guid which applies this policy
        attribute   - The attribute name of the policy being applied
        value       - The value of the policy being applied

        Normally called by the subclass apply() function after applying policy.
        N)r�rYrfr�r��rErTr_rLs    r3�cache_add_attributezgp_applier.cache_add_attribute�s@��	
�
�
���D�!��
�
����T��I�u�5��
�
���r2c��|jj|�|jjt|�|�|jj	�y)aRemove an attribute from the Group Policy cache
        guid        - The GPO guid which applies this policy
        attribute   - The attribute name of the policy being unapplied

        Normally called by the subclass unapply() function when removing old
        policy.
        N)r�rYr�r�r��rErTr_s   r3�cache_remove_attributez!gp_applier.cache_remove_attribute�s>��	
�
�
���D�!��
�
���#�d�)�Y�/��
�
���r2c��|jj|�|jjt|�|�S)z�Retrieve the value stored in the cache for the given attribute
        guid        - The GPO guid which applies this policy
        attribute   - The attribute name of the policy
        )r�rYrir�r�s   r3�cache_get_attribute_valuez$gp_applier.cache_get_attribute_value�s1��
	
�
�
���D�!��z�z�"�"�3�t�9�i�8�8r2c��|jj|�|jjt|��S)z�Retrieve all attribute/values currently stored for this gpo+policy
        guid        - The GPO guid which applies this policy
        )r�rYrmr�)rErTs  r3�cache_get_all_attribute_valuesz)gp_applier.cache_get_all_attribute_values�s/��	
�
�
���D�!��z�z�&�&�s�4�y�1�1r2c�6�|jj�S)zSReturn the current apply state
        return      - APPLY|ENFORCE|UNAPPLY
        )r�rQrPs r3�cache_get_apply_statez gp_applier.cache_get_apply_state�s���z�z�#�#�%�%r2c��djg|�D�cgc]
}t|���c}�}tt|�|z�j�Scc}w)a"Generate an attribute name from arbitrary data
        name            - A name to ensure uniqueness
        args            - Any arbitrary set of args, str or bytes
        return          - A blake2b digest of the data, the attribute

        The importance here is the digest of the data makes the attribute
        reproducible and uniquely identifies it. Hashing the name with
        the data ensures we don't falsely identify a match which is the same
        text in a different file. Using this attribute generator is optional.
        r2�r�rr�	hexdigest)rEr:�args�arg�datas     r3�generate_attributezgp_applier.generate_attribute�sG���x�x�7�T�7�;�C��3��;�<���y���t�+�,�6�6�8�8��<s�Ac��djg|�D�cgc]
}t|���c}�}t|�j�Scc}w)z�Generate a unique value which identifies value changes
        args            - Any arbitrary set of args, str or bytes
        return          - A blake2b digest of the data, the value represented
        r2r�)rEr�r�r�s    r3�generate_value_hashzgp_applier.generate_value_hash�s=��
�x�x�7�T�7�;�C��3��;�<���t�}�&�&�(�(��<s�Ac��y)z�Group Policy Unapply
        guid            - The GPO guid which applies this policy
        attribute       - The attribute name of the policy being unapplied
        value           - The value of the policy being unapplied
        Nr1r�s    r3�unapplyzgp_applier.unapply�s��	
r2c��y)a�Group Policy Apply
        guid            - The GPO guid which applies this policy
        attribute       - The attribute name of the policy being applied
        applier_func    - An applier function which takes variable args
        args            - The variable arguments to pass to applier_func

        The applier_func function MUST return the value of the policy being
        applied. It's important that implementations of `apply` check for and
        first unapply any changed policy. See for example calls to
        `cache_get_all_attribute_values()` which searches for all policies
        applied by this GPO for this Client Side Extension (CSE).
        Nr1)rErTr_�applier_funcr�s     r3�applyzgp_applier.apply�s��	
r2Nc�V�|�g}|�g}t|�tk7r+|j||�}|�|j|||fi|��yy|j	|�}|j�D]@\}}t
|�dkDr||vst
|�dkDs�'||vs�,|j|||fi|���By)alCleanup old removed attributes
        keep    - A list of attributes to keep
        remove  - A single attribute to remove, or a list of attributes to
                  remove
        kwargs  - Additional keyword args required by the subclass unapply
                  function

        This is only necessary for CSEs which provide multiple attributes.
        Nr)�type�listr�r�r��itemsrK)rErT�keepr��kwargsrL�old_valsr_s        r3�cleanzgp_applier.clean�s����<��D��>��F���<�4���2�2�4��@�E�� �����T�6�5�;�F�;�!��:�:�4�@�H�$,�N�N�$4�
C� �	�5���K�!�O�	�V�(;���I��M�i�t�&;� �D�L�L��y�%�B�6�B�
Cr2)NN)r+r,r-r�rr�r�r�r�r�r�r�r�r	r�rrr1r2r3r�r��s_���
�M�
�
�9�2�&�9�)��
��
��

��

�Cr2r�c�0�eZdZdZd�Zd�Zd	d�Zdd�d�Zy)
�gp_file_applierz�Group Policy File Applier/Unapplier/Modifier
    Subclass of abstract class gp_applier for monitoring policy applied
    via a file.
    c�L�|g}|j|�|j|�Srq)rvr�)rE�
value_hash�files�sepr�s     r3�__generate_valuez gp_file_applier.__generate_value
s#���|�����E���x�x��~�r2c�|�|�dgfS|j|�}d|dvrd|fS|dt|�dkDr|ddfSgfS)zYParse a value
        return          - A unique HASH, followed by the file list
        N�/rr()�splitrK)rErLrr�s    r3�
__parse_valuezgp_file_applier.__parse_values^���=���8�O��{�{�3����$�q�'�>���:����7��D�	�A�
�D���H�=�=�2�=�=r2�:c���t|�tk7r|j||�\}}|D]7}tjj|�s�#tj|��9|j||�yrq)rr�_gp_file_applier__parse_valuer�r�r��unlinkr�)rErTr_r
r�_r�s       r3r�zgp_file_applier.unapplys`����;�$���)�)�%��5�H�A�u��	 �D��w�w�~�~�d�#��	�	�$��	 �	
�#�#�D�)�4r2)rc��|j||�}|j||�\}}	||k7sW|j�tjk(s6t|	D�
cgc]!}
tjj|
���#c}
�s|j|||	�ny||�}|j|||�}|j|||�ycc}
w)a(
        applier_func MUST return a list of files created by the applier.

        This applier is for policies which only apply to a single file (with
        a couple small exceptions). This applier will remove any policy applied
        by this GPO which doesn't match the new policy.
        N)r�rr�r&r/�allr�r�r�r�� _gp_file_applier__generate_valuer�)
rErTr_rr�rr�rb�old_val_hash�
old_val_files�fr
�	new_values
             r3rzgp_file_applier.apply&s����0�0��y�A��&*�&8�&8��#�&F�#��m��J�&��*�*�,��0@�0@�@��M�B�q�������*�B�C��L�L��y�-�8�
��d�#���)�)�*�e�S�A�	�� � ��y�)�<��Cs�&CN)r)r+r,r-r�rrr�rr1r2r3r
r
s"���
�
>�5�KN�=r2r
c��t||��}|j|jd�tjtj
z��}|jS�N)r�r��realm)�domain�flags)r
�finddcrtr�NBT_SERVER_LDAP�
NBT_SERVER_DS�pdc_dns_name�r�r��net�	cldap_rets    r3�get_dc_hostnamer,CsL��

�E�b�
!�C��
�
�"�&�&��/�#�:M�:M�:=�:K�:K�;L�
�N�I��!�!�!r2c��t||��}|j|jd�tjtj
z��}|jSr!)r
r%rtrr&r'�pdc_namer)s    r3�get_dc_netbios_hostnamer/IsL��

�E�b�
!�C��
�
�"�&�&��/�#�:M�:M�:=�:K�:K�;L�
�N�I����r2c�<�tj�}gd�}|jd�r|jd�}tj
tjztjz}	|j|tjd|d|zg��}|jdk7r$tjtj d��||_d	|j$d
j'�vr#t)|j$d
d	d
�|_d|j$d
j'�vr#t)|j$d
dd
�|_d|j$d
j'�vr(|j$d
dd
j/�|_d
|j$d
j'�vr(|j$d
d
d
j/�|_d|j$d
j'�vr(|j$d
dd
j/�|_d|j$d
j'�vr#t7|j$d
dd
�|_d|j$d
j'�vr#t7|j$d
dd
�|_d|j$d
j'�vr-|j=t?|j$d
dd
��|S#t$rtjd��wxYw)N)�cn�displayNamer$�gPCFileSysPath�gPCFunctionalityVersion�gPCMachineExtensionNames�gPCUserExtensionNames�gPCWQLFilterr:�nTSecurityDescriptor�
versionNumberzLDAP://�(objectclass=*)z
sd_flags:1:%d)�controlsz4Failed to fetch gpo object with nTSecurityDescriptorr(zget_gpo: search failedr9rr$r3r2r:r5r6r8) r��GROUP_POLICY_OBJECT�
startswith�lstripr#�
SECINFO_OWNER�
SECINFO_GROUP�SECINFO_DACL�search�ldb�
SCOPE_BASE�	Exceptionr�errorrU�LdbError�ERR_NO_SUCH_OBJECT�ds_path�msgs�keysr��version�optionsr��
file_sys_path�display_namer:r��machine_extensions�user_extensions�set_sec_desc�bytes)�samdb�gpo_dnryrl�sd_flags�ress      r3�get_gporXSs������!�A�
�E�����#����y�)���&�&��&�&�'��%�%�&�H���l�l�6�3�>�>�3D�e�%4�x�%?�$@��B��
�y�y�A�~��l�l�3�1�1�3�5�	5��A�I��#�(�(�1�+�*�*�,�,�������O�4�Q�7�8��	��#�(�(�1�+�"�"�$�$�������G�,�Q�/�0��	��3�8�8�A�;�+�+�-�-��(�(�1�+�&6�7��:�A�A�C���������(�(�*�*����!��]�3�A�6�=�=�?���
����!��!�!�#�#����!��V�$�Q�'�.�.�0���!�S�X�X�a�[�%5�%5�%7�7�"�3�8�8�A�;�/I�#J�1�#M�N����#�(�(�1�+�"2�"2�"4�4�������,C� D�Q� G�H�������!��!1�!1�!3�3�	���u�S�X�X�a�[�)?�@��C�D�E��H��1���	�	�H�I�
��s�.(K;�; Lc��eZdZd�Zd�Zd�Zy)�GP_LINKc�b�g|_g|_|j|�t|�|_yrq)�
link_names�	link_opts�gpo_parse_gplinkr��gp_opts)rE�gPLink�	gPOptionss   r3rHzGP_LINK.__init__�s)�����������f�%��9�~��r2c���|j�jd�D]�}|s�tjd�|j	d�}|jd�\}}tjdj|��tjdj|��|jj|�|jjt|����y)N�]z!gpo_parse_gplink: processing link�[�;zgpo_parse_gplink: link: {}zgpo_parse_gplink: opt: {})
r�rr�debugr>�formatr\r}r]r�)rEr`�p�	link_name�link_opts     r3r^zGP_LINK.gpo_parse_gplink�s�������&�&�s�+�		1�A����I�I�9�:�����
�A�"#�'�'�#�,��I�x��I�I�2�9�9�)�D�E��I�I�1�8�8��B�C��O�O�"�"�9�-��N�N�!�!�#�h�-�0�		1r2c��t|j�t|j�k7rtd��t|j�S)NzLink names and opts mismatch)rKr\r]�RuntimeErrorrPs r3�	num_linkszGP_LINK.num_links�s7���t����3�t�~�~�#6�6��=�>�>��4�?�?�#�#r2N)r+r,r-rHr^rmr1r2r3rZrZ�s��&�
1�$r2rZc��ddg}|j|j�tjdj	|�|�}|j
dk7r3tjtjdj	|���t|jddd�}|jdd}tjdj	||��||fS)N�dn�userAccountControlz(sAMAccountName={})r(z"Failed to find samAccountName '{}'rz!Found dn {} for samaccountname {})rB�get_default_basednrC�
SCOPE_SUBTREErgrUrGrHr�rJr�info)rT�samaccountnamerlrW�uacros      r3�find_samaccountrv�s���
�'�(�E�
�,�,�u�/�/�1�3�3D�3D�,�3�3�N�C�U�L�C�
�y�y�A�~��l�l�3�1�1�0�7�7��G�
�	
��c�h�h�q�k�.�/��2�
3�C�	���!��T�	�B��H�H�
0�
7�
7��N�
K�L���7�Nr2c��|j|tjdddg�}|jdk7r$tjtj
d��d|jdvr3tjtjdj|���|jddd}d}d|jdvr|jddd}ntjd�t||�S)	Nr:r`rar(zget_gpo_link: no resultrz2get_gpo_link: no 'gPLink' attribute found for '{}'z,get_gpo_link: no 'gPOptions' attribute found)rBrCrDrUrGrHrJ�ERR_NO_SUCH_ATTRIBUTErgrrfrZ)rT�link_dnrWr`ras     r3�get_gpo_linkrz�s���
�,�,�w����(�8�[�*A�C�C�
�y�y�A�~��l�l�3�1�1�3L�M�M��s�x�x��{�"��l�l�3�4�4�@�G�G��P�
�	
��X�X�a�[��
"�1�
%�F��I��c�h�h�q�k�!��H�H�Q�K��,�Q�/�	��	�	�@�A��6�9�%�%r2c��t|j�dz
dd�D�]p}|j|tzdk7}	|j|tzrtjd��I|r-|	stjd��ctjd�	t||j|�}
	ttj|
j��}tjj||tjtj ztj"z�t)|�|
_||
_|	r|j/d|
�n|j/d|
�tjd||j|fz���sy#t$$r-}tjd|
j&z�Yd}~���d}~wwxYw#t0j2$r}}|j4\}
}tjd	|j|z�|
t0j6k(r+tjd
|j|z�Yd}~��3Yd}~yd}~wwxYw)Nr(���rzskipping disabled GPOzNskipping nonenforced GPO link because GPOPTIONS_BLOCK_INHERITANCE has been setzNadding enforced GPO link although the GPOPTIONS_BLOCK_INHERITANCE has been setz/skipping GPO "%s" as object has no access to itz7add_gplink_to_gpo_list: added GPLINK #%d %s to GPO listzfailed to get gpo: %szskipping empty gpo: %s)�rangermr]rrrrfrXr\rr#�
descriptor�get_sec_desc_buf�samba�access_check�SEC_STD_READ_CONTROL�SEC_ADS_LIST�SEC_ADS_READ_PROPrErOr��link�	link_type�insertrCrGr�rH)rT�gpo_list�forced_gpo_listry�gp_linkr��only_add_forced_gpos�token�i�	is_forced�new_gpo�sec_desc�e�enum�estrs               r3�add_gplink_to_gpo_listr��s��
�7�$�$�&�q�(�"�b�
1�0B���&�&�q�)�,>�>�1�D�	����Q��"4�4��I�I�-�.�����	�	�)�*���	�	�)�*�	B��e�W�%7�%7��%:�;�G�

�%�h�&9�&9�&-�&>�&>�&@�B�����+�+�H�e�,4�,I�,I�,4�,A�,A�-B�,4�,F�,F�-G�H��w�<�G�L� )�G����&�&�q�'�2�����7�+��I�I�$�'(�'�*<�*<�Q�*?�&@�A�
B�_0B��D�
��	�	�0�29�2F�2F�G�H���
���|�|�	��6�6�L�T�4��I�I�-��0B�0B�1�0E�E�F��s�-�-�-��	�	�2�W�5G�5G��5J�J�K����
	�s2�G
�2A9F�	G
�"G�G
�
I� A,I�Ic���|j}|j|j�||_|xj|jzc_|xj|jzc_|Srq)�sidsrv�rights_mask�privilege_mask)�token_1�token_2r�s   r3�merge_nt_tokenr��sU���<�<�D��K�K������G�L����7�.�.�.�����g�4�4�4���Nr2c���|j�}	tjd|z||�}|j|�}dj||�S#t$r�t||�}|j
|tjd|zdg�}	|	jdk7r$tjtjd��|	jdd}
|
j�j�}|cYSwxYw)Nzncacn_np:%s[seal]zCN={},CN=Sites,{}z(cn=%s)ror(zsite_dn_for_machine: no resultr)�get_config_basednr$�netr_DsRGetSiteNamergrr/rBrCrrrUrGrHrJ�parent)rT�dc_hostnamer�r��hostname�config_context�c�	site_name�nb_hostnamerWro�site_dns            r3�site_dn_for_machiner��s����,�,�.�N�����1�K�?��U�K���)�)�(�3�	�"�)�)�)�^�D�D���
�-�e�R�8���l�l�>�3�+<�+<�$�{�2�T�F�<���9�9��>��,�,�s�5�5�?�A�
A�
�X�X�a�[��
���)�)�+�$�$�&����
�s�<A�B C2�1C2c
��g}g}d|z}t|t�||��}t||jd�d�\}}	d}
tt
z}|j
d�r	|tz}tjj|||	|��}d}
|tzs	|tzr+d}
t|jt�j�}n|j}|	j�}	t!|�t!|j#�j��k(rn�|j%d	�d
k(r[	t'j(d|z�t+||�}t-|||||t.j0|
|�|j2t4zrd}
	|j�}��|	j�}	t!|�t!|j#�j��k(rn�|j%d	�d
k(r[	t'j(d|z�t+||�}t-|||||t.j<|
|�|j2t4zrd}
	|j�}��|
rU	t?|||||�}	t'j(d|z�t+||�}t-|||||t.j@|
|�|jCd	t/jDddt.jF��||zS#t6j8$r/}|j:\}}t'j(|�Yd}~���d}~wwxYw#t6j8$r/}|j:\}}t'j(|�Yd}~��$d}~wwxYw#t6j8$r/}|j:\}}t'j(|�Yd}~��d}~wwxYw#t6j8$rY��wxYw)a3Get the full list of GROUP_POLICY_OBJECTs for a given username.
    Push GPOs to gpo_list so that the traversal order of the list matches
    the order of application:
    (L)ocal (S)ite (D)omain (O)rganizational(U)nit
    For different domains and OUs: parent-to-child.
    Within same level of domains and OUs: Link order.
    Since GPOs are pushed to the front of gpo_list, GPOs have to be
    pushed in the opposite order of application (OUs first, local last,
    child-to-parent).
    Forced GPOs are appended in the end since they override all others.
    zldap://)�url�session_info�credentialsr��\r|F�ldap)�lp_ctxro�session_info_flagsTr�OUz%get_gpo_list: query OU: [%s] for GPOsN�DCz%get_gpo_list: query DC: [%s] for GPOsz'get_gpo_list: query SITE: [%s] for GPOs�Local Policy)$rrrvrr r!r=r"r��auth�user_sessionrrr��security_tokenr�r�rq�get_component_namerrfrzr�r��
GP_LINK_OUr_rrCrGr��GP_LINK_DOMAINr��GP_LINK_SITEr�r<�
GP_LINK_LOCAL)r�r�r�r=r�r�r�rTruro�add_only_forced_gposr��session�gpo_list_machiner��	parent_dnr�r�r�r�r�s                     r3�get_gpo_listr�
s����H��O�
�k�
!�C��c�-�/�#��
,�E��e�X�^�^�D�%9�"�%=�>�G�C�� ��;�9�:��
�~�~�f���A�A���j�j�%�%�e�B�2�9K�&�M�G���
�
)�)�S�3J�-J����w�5�5�-�/�>�>�@���&�&���	�	��I�
��y�>�S��!9�!9�!;�!B�!B�!D�E�E���'�'��*�d�2�
0��	�	�A�I�M�N�&�u�i�8��
'�u�h��'0�'�'*�~�~�';�U�D��?�?�%:�:�+/�(��$�$�&�	�-�2�	�	��I�
��y�>�S��!9�!9�!;�!B�!B�!D�E�E���'�'��*�d�2�
0��	�	�A�I�M�N�&�u�i�8��
'�u�h��'0�'�'*�'9�'9�';�U�D��?�?�%:�:�+/�(��$�$�&�	�-�2�	�)�%��b�%��R�G�

D��	�	�C�g�M�N�&�u�g�6��
'�u�h��'.��'*�'7�'7�';�U�D�
�O�O�A�s�.�.�~�/=�/2�/@�/@�B�C��O�#�#��M�<�<�
 � �v�v���t��	�	�$����
 ��4�<�<�
 � �v�v���t��	�	�$����
 ��.�<�<�
 � �v�v���t��	�	�$����
 ���|�|�	�
�		�sl�3$K4�8$L9�&O�6$M>� O�4L6�$L1�1L6�9M;�$M6�6M;�>O�$N;�5O�;O�O�O�Oc
�:�|j�}tjj||�}	tj|d��|j|�D�]	}|dtjzr/t||tjj||d���I|dj�}td|��}tjj||d�jdd�}	|j|j|	��|j!�tj"|j$tjj||����y#t
$r)}|jtjk7r�Yd}~��Ld}~wwxYw)	Ni�)�moderDr:F)r��dirrr�)r�r�r�r��makedirs�OSError�errno�EEXISTr�libsmb�FILE_ATTRIBUTE_DIRECTORY�
cache_gpo_dirr�replace�write�loadfiler��renamer:)
�conn�cache�sub_dir�loc_sub_dir�	local_dirr��fdata�
local_namer�fnames
          r3r�r��s-���-�-�/�K������U�K�0�I��
���I�E�*����7�#�	C����?�V�<�<�<��$��r�w�w�|�|�G�U�6�]�'K�L��v��,�,�.�J�"�%�Y�?�A��G�G�L�L��%��-�8�@�@��d�K�E�
�G�G�D�M�M�%�(�)�
�G�G�I��I�I�a�f�f�b�g�g�l�l�9�j�A�B�	C�����7�7�e�l�l�"��#���s�E(�(	F�1F�Fc��tjd|�}d|j�vr;tjd|j��}||jd�dzd}d|vrt	j
j|�St|��)Nz/|\\�sysvolr(z..)�rer�lower�indexr�r�r�r�)r��dirs�ldirss   r3r�r��sv��
�8�8�H�d�#�D��4�:�:�<������4�:�:�<�0���E�K�K��)�A�-�.�/���4���w�w�|�|�T�"�"�
�$�-�r2c�,�|j�}|jt�tj|d||��}|j|�|jd�}|D]/}|js�t||t|j���1y)Nr�)r�r�r�)	�get_smb_signing�set_smb_signingrr��Connr�rNr�r�)r�r�r��gpos�saved_signing_stater�r��gpo_objs        r3�check_refresh_gpo_listr��s����/�/�1��	���.�/��;�;�{�H��5�A�D�	���-�.����{�+�J��P���$�$���d�J���8M�8M�(N�O�Pr2c���|j�}t|D�cgc]}|j��c}�}|D�cgc]	}||vs�|��}}|j|�Scc}wcc}wrq)r{�setr:r�)r�r��applied_gposrh�
current_guidsrT�deleted_gposs       r3�get_deleted_gpos_listr��s\���*�*�,�L���.�A����.�/�M�%1�O�T�T��5N�D�O�L�O��%�%�l�3�3��/��Os�A�	A�Ac��|jtjjd|��}t	tj|�d�S)Nr�r()r�r�r�r�r�r��gpo_get_sysvol_gpt_version)r�r��gpt_paths   r3�gpo_versionr��s<���}�}�R�W�W�\�\�+�t�<�=�H��s�-�-�h�7��:�;�;r2c�J�|j|�}t||�}t||||�}	t||	�}
	t	||||	�|r"|	}|jtj�n�g}|	D]�}|js�|j}
t|j�j�}t||�}||j|
�k7s�`tj d|
z�|j#|���|jtj$�|j'�|D]>}	|||||�}|dk(r|j)|
|�nt+||j(|
|��@|	D]_}|js�|j}
t|j�j�}t||�}|j=|
d|z��a|j?�y#tjd|z�YyxYw#t,$r�}tjdt/|�z�t1j2�\}}}t5j6|�d\}}}}tjd||t9|�j:t/|�fz�Yd}~��rd}~wwxYw)Nz0Failed downloading gpt cache from '%s' using SMBzGPO %s has changed�ComputerzFailed to apply extension  %sr|z
%s:%d: %s: %sz%i) r�r,r�r�r�rrFrNr&r/rNr:r�r�r�r�rsr}r.r�r��drop_privilegesrEr��sys�exc_info�	traceback�
extract_tbrr+rfr�)r�r�rf�
gp_extensionsr=�target�forcer�r�r��del_gpos�changed_gposr�rTr�rLrdr�r�tb�filename�line_numbers                      r3�apply_gpr��sj���O�O�H�%�E�!�%��,�K���U�B��9�D�$�U�D�1�H���{�B��t�<�
���
���H�$�$�%����	-�G��(�(���<�<�D�"�7�#8�#8�9�?�?�A�D�!�"�d�+�G��%�-�-��-�-����-��4�5��#�#�G�,�	-�	���H�N�N�#�	�K�K�M����
	��b�%��5�1�C���#��(�(��<�@���#�*B�*B� (�,�8��
��*���$�$���|�|���w�4�4�5�;�;�=���b�$�'��
���D�$��.�)�
*�
�L�L�N��Y��	�	�F�� �	!���6�	��I�I�5��C��@�A��|�|�~�H�A�q�"�*3�*>�*>�r�*B�2�*F�'�H�k�1�a��I�I�o��;�)-�a��)9�)9�3�q�6�)C�C�
D���
	�s$�G!�/;H�!G=�	J"�	BJ�J"c��|j|�}|jtj�|j	|j��}|j
�|D]>}	|||||�}|dk(r|j|g�nt||j|g��@|j�y#t$rL}	tjdt|�z�tjdt|	�z�Yd}	~	��d}	~	wwxYw)Nr�zFailed to unapply extension  %sz
Message was: )r�rNr&r0r�r{r�r�r�rErrFr�r�)
r�r�rfr�r=r�r�r�rdr�s
          r3�
unapply_gpr�s����O�O�H�%�E�	�K�K�� � �!��)�)�%�*A�*A�*C�D�H�	�K�K�M����
	��b�%��5�1�C���#��(�(��2�6���#�*B�*B� (�"�.��
�
�L�L�N��	�	��I�I�7�#�c�(�B�C��I�I�o��A��.�/���	�s�&;B4�4	D	�=AD�D	c
���t|�tk(rO|j�D��cgc] \}}d|zd|�dt||dz���z��"}}}ddj	|�zSt|�t
k(r9|D�cgc]}d|zdt||dz�zz��}}ddj	|�zSt
|tj�rd|dzzt|�zSd|dzzt|�zScc}}wcc}w)N� z[ z ] = r)�
z[ %s ])r�dictr�__rsop_valsr�r�
isinstance�numbers�Numberr�r)�vals�level�k�vr~s     r3rrs����D�z�T�� �J�J�L�*��A�q��5�y�A�{�1�e�A�g�/F�G�G�*��*��d�i�i��n�$�$�	
�d��t�	�GK�L�!�s�5�y�8�k�!�U�1�W�&=�=�=�L��L��d�i�i��n�$�$��d�G�N�N�+���a��=�3�t�9�,�,���a��=�:�d�#3�3�3��*��Ms�%C/�8C5c�(�t||�}t||||�}t||||�td�td|z�t	j
d��d}|D�]�}	|	jj�dk(r�"td|	jz�td|z�|D�]T}
|
||||�}
tjd	tt|
���}t|�dkDr|d
jd�d
}n|
jjd�d
}td|z�td
dt|dz�zz�|
j!|	�j#�D]p\}
}td|
z�tddt|dz�zz�tt%|�j'd��tddt|dz�zz��rtd
dt|dz�zz���Wtdd|zz����y)NzResultant Set of Policyz
%s Policy
)�x�2)�fallbackrr�zGPO: %s�=z'([\w\.]+)'r|�.z	  CSE: %sz  �-r)z    Policy Type: %sz    rz%s
)r,r�r��print�shutil�get_terminal_sizerO�stripr�rkr�rrKrr,r�r�rrr>)r�r�rfr�r=r�r�r��
term_widthr�rd�
cse_name_m�cse_name�sectionr�s               r3r�r�s���!�%��,�K���U�B��9�D��;��E�4�8�	�
#�$�	�-�&�
 �!��)�)�9�=�a�@�J��)�����%�%�'�>�9��
�i�'�.�.�.�/�
�c�*�n�� �	2�C��b�%��5�1�C����N�C��S�	�N�C�J��:���"�%�b�>�/�/��4�R�8���>�>�/�/��4�R�8���+��(�)��$�#�c�*�Q�,�/�/�0�1�%(�X�X�g�%6�%<�%<�%>�
8�!����+�g�5�6��f��C�
�1��$5� 5�6�7��k�(�+�2�2�4�8�9��f��C�
�1��$5� 5�6�7�	
8�

�$�#�c�*�Q�,�/�/�0�1�	2�	�f��J��'�(�))r2c���ddlm}|j�}|�|j|�n|j	�|jd�}t
d��}|j|�||fS)Nr)�param�
gpext.confr�)�samba.samba3r�get_context�load�load_default�
state_pathrr�)�smb_conf�s3paramr��ext_conf�parsers     r3�parse_gpext_confr(4s]��-�	�	�	�	�B���
�����
�����}�}�\�*�H�
��
-�F�
�K�K���
�v�:�r2c��|jd�}tddtjj	|���5}|j|�tj|j|�ddd�y#1swYyxYw)Nrzw+F)r�r�r�)r#rr�r��dirnamer�r�r:)r�r'r&rs    r3�atomic_write_confr+As^���}�}�\�*�H�	��e�������9R�	S�$�WX����Q��
�	�	�!�&�&�(�#�$�$�$�s�2A8�8Bc�|�|ddk7s|ddk7st|�dk7ry	t|d��y	#t$rYywxYw)
Nr�{r|�}�&F�)rLT)rKr�
ValueError)rTs r3�
check_guidr2HsL���A�w�#�~��b��S��C��I��O����T�1��������s�
/�	;�;c�~�tjj|�syt|�syt	|�\}}||j�vr|j
|�|j|d|�|j|d|�|j|d|rdnd�|j|d|rdnd�t||�y)	NF�DllName�ProcessGroupPolicy�NoMachinePolicy�0�1�NoUserPolicyT)	r�r�r�r2r(�sections�add_sectionr�r+)rTr:r�r$�machiner9r�r's        r3�register_gp_extensionr=Ss����7�7�>�>�$����d���!�(�+�J�B���6�?�?�$�$����4� �
�J�J�t�Y��%�
�J�J�t�)�4�0�
�J�J�t�&�w��C�@�
�J�J�t�^�D�S�c�:��b�&�!�r2c�B�t|�\}}i}|j�D]{}i||<|j|d�||d<|j|d�||d<t|j|d��||d<t|j|d��||d<�}|S)Nr4r5r6�
MachinePolicyr9�
UserPolicy)r(r:rtr�)r$rr'�resultsrTs     r3�list_gp_extensionsrBhs��� ��*�I�A�v��G����!�P�����
�#)�:�:�d�I�#>���
�i� ��J�J�t�1�2�	��
�*�+��F�J�J�t�%6�7�8�8�	��
�o�&�*-�f�j�j��~�.N�*O�&O���
�l�#�P��Nr2c��t|�syt|�\}}||j�vr|j|�t	||�y)NFT)r2r(r:�remove_sectionr+)rTr$r�r's    r3�unregister_gp_extensionrEvsE���d���!�(�+�J�B���v��� � ����d�#��b�&�!�r2c�X�tj|�tj|�y)z(
    Set current process privileges
    N)r��setegid�seteuid)r=�uid�gids   r3�set_privilegesrK�s��
�J�J�s�O��J�J�s�Or2c�J�tj�}|dk(std��tj|�j
}tj|�j}t|||�d}d}	||�}td|d�|r|�|S#t$r}|}Yd}~�#d}~wwxYw)zG
    Run supplied function with privileges for specified username.
    rz)Not enough permissions to drop privilegesN�root)r��getuidrE�pwd�getpwnam�pw_uid�pw_gidrK)	r=�funcr��current_uid�user_uid�user_gid�out�excr�s	         r3r�r��s����)�)�+�K��!���C�D�D��|�|�H�%�,�,�H��|�|�H�%�,�,�H��8�X�x�0��C�
�C���D�k��
�6�;��*�
��	��J��������s�5B
�
	B"�B�B")F)r0)NTTrq)or�r�rr�r�rOr�r�r�rr�configparserr�iorr��samba.commonr�abcrr	�xml.etree.ElementTreer>�ElementTreer��	samba.netr
�samba.dcerpcrrrr��	samba.gpor��samba.paramr
�uuidr�tempfilerrr�	samba.ndrrr�samba.credentialsr�samba.gp.util.loggingr�hashlibrrr�samba.samdbr�
samba.authrrC�
samba.dsdbrrrrrrr r!r"r#�samba.securityr$r�r%r&�ImportErrorr5r��objectr]r�r�r�r�r
r,r/rXrZrvrzr�r�r�r�r�r�r�r�r�r�rrr�r(r+r2r=rBrErKr�r1r2r3�<module>ros���$���
�
�������<� �,�%���"�'�%�%�	���8�� ��'���*�2�%���#��%�
�Y�Y�}�}�!��!����J� 7�8�H�[O�[O�|#�#�L�V��B	��	�*��*�:��:�~C��~C�B9=�j�9=�x,�"��2�0
�d$�$�0�&�"2B�h��&v$�rC�(�P�4�<�3�l�*4�)�>
�$��=A��*�
����a"�����s�=G�G�G

Zerion Mini Shell 1.0