%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/samba/netcmd/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/samba/netcmd/__pycache__/computer.cpython-312.pyc

�

�I�d�d���ddlmZddlZddlZddlZddlZddlZddlZddlm	Z	ddl
mZmZm
Z
ddlmZmZddlmZmZmZddlmZddlmZddlmZdd	lmZdd
lmZmZddl m!Z!dd
lm"Z"m#Z#m$Z$m%Z%m&Z&ddl'm(Z(m)Z)m*Z*m+Z+d!d�Z,d�Z-d�Z.d�Z/Gd�de(�Z0Gd�de(�Z1Gd�de(�Z2Gd�de(�Z3Gd�de(�Z4Gd�de(�Z5Gd�d e*�Z6y)"�N)�sd_utils)�	dnsserver�dnsp�security)�ARecord�
AAAARecord)�
ndr_unpack�ndr_pack�	ndr_print)�remove_dns_references)�system_session)�SamDB)�	get_bytes)�
check_call�CalledProcessError�)�common)�credentials�dsdb�Ldb�werror�WERRORError)�Command�CommandError�SuperCommand�Optionc��|s tjtjg}|D]}	tj||�yy#tj$rY�3wxYw)z Check ip string is valid addressTF)�socket�AF_INET�AF_INET6�	inet_pton�error)�	ip_string�address_families�address_familys   �7/usr/lib/python3/dist-packages/samba/netcmd/computer.py�_is_valid_ipr'8s^���"�N�N�F�O�O�<��*���	����^�Y�7������|�|�	��	�s�A�A�Ac�:�t|tjg��S)z%Check ip string is valid ipv4 address�r$)r'rr�r#s r&�_is_valid_ipv4r+Gs���	�V�^�^�4D�E�E�c�:�t|tjg��S)z%Check ip string is valid ipv6 addressr))r'rr r*s r&�_is_valid_ipv6r.Ls���	�V�_�_�4E�F�Fr,c��|jd�}tj}tjtjz}|j�}	d}
t
j|�}	|j|d||	|dtj|dd�
\}}
|
r�
jD]�}|j D]p}|j"tj$k(s|j"tj&k(s�>tj(�}||_	|j+|d||	|d|��r��|D]�}t-|�r&|j/d|�d|	�d|���t1|�}nKt3|�r&|j/d	|�d|	�d
|���t5|�}nt7dj9|���tj(�}||_|j+|d||	||d���t;|�dkDrzt=j>|d|jA�z�}|jC|�d|	��|�
�\}}|jE||dtFjHtFjJzzg��yy#t$r-}|jdtjk(rd}
Yd}~��d}~wwxYw#t$r,}|jdtjk7r�Yd}~��d}~wwxYw)z3Add DNS A or AAAA records while creating computer. �$TrNFzAdding DNS AAAA record �.z for IPv6 IP: zAdding DNS A record z for IPv4 IP: zInvalid IP: {}zDC=DomainDnsZones,%s)�
dns_partitionz
sd_flags:1:%d)�controls)&�rstripr�DNS_CLIENT_VERSION_LONGHORN�DNS_RPC_VIEW_AUTHORITY_DATA�DNS_RPC_VIEW_NO_CHILDREN�domain_dns_namer�SDUtils�DnssrvEnumRecords2r�DNS_TYPE_ALLr�argsr�"WERR_DNS_ERROR_NAME_DOES_NOT_EXIST�rec�records�wType�
DNS_TYPE_A�
DNS_TYPE_AAAA�DNS_RPC_RECORD_BUF�DnssrvUpdateRecord2r.�inforr+r�
ValueError�format�len�ldb�Dn�get_default_basedn�
dns_lookup�modify_sd_on_dnr�
SECINFO_OWNER�
SECINFO_GROUP)�samdb�name�dns_conn�change_owner_sd�server�ip_address_list�logger�client_version�select_flags�zone�
name_found�	sd_helper�buflen�res�er>�record�del_rec_buf�
ip_address�add_rec_buf�domaindns_zone_dn�dns_a_dn�ldap_records                       r&�add_dns_recordsrfQs����;�;�s��D��:�:�N��8�8�9�;]�;]�]�L�� � �"�D��J�� � ��'�I���1�1��
�����������
���� ��7�7�	"�C��+�+�
"���<�<�4�?�?�2�f�l�l�d�FX�FX�6X�"+�">�">�"@�K�&,�K�O�"� �4�4�*��"� � � �'��

"�	"�(&�
�
��*�%��K�K��d�J�(�
)��Z�(�C�
�J�
'��K�K��d�J�(�
)��*�%�C��-�4�4�Z�@�A�A� �2�2�4������$�$��
������	
�!
�4	�O��q� ��F�F��"�U�%=�%=�%?�?�
��
!&� 0� 0��T�"�+�!1�!
���+�	�!�!���%��)?�)?�(�BX�BX�)X�Y�Z�	"�	
�	!��g���6�6�!�9��A�A�A��J�����*'�"��6�6�!�9��(Q�(Q�Q�!�R��"�s0�++I&�
J�&	J�/"J�J�	K�(!K�Kc��eZdZdZdZedddedd��ed	d
e��edd
e��eddd��edddd��edddd��gZdgZe	je	je	jd�Z
			dd�Zy)�cmd_computer_adda+Add a new computer.

This command adds a new computer account to the Active Directory domain.
The computername specified on the command is the sAMaccountName without the
trailing $ (dollar sign).

Computer accounts may represent physical entities, such as workstations. Computer
accounts are also referred to as security principals and are assigned a
security identifier (SID).

Example1:
samba-tool computer add Computer1 -H ldap://samba.samdom.example.com \
    -Uadministrator%passw1rd

Example1 shows how to add a new computer to the domain against a remote LDAP
server. The -H parameter is used to specify the remote target server. The -U
option is used to pass the userid and password authorized to issue the command
remotely.

Example2:
sudo samba-tool computer add Computer2

Example2 shows how to add a new computer to the domain against the local
server. sudo is used so a user may run the command as root.

Example3:
samba-tool computer add Computer3 --computerou='OU=OrgUnit'

Example3 shows how to add a new computer in the OrgUnit organizational unit.

�%prog <computername> [options]�-H�--URL�%LDB URL for database or target server�URL�H��help�type�metavar�destz--computerouz�DN of alternative location (with or without domainDN counterpart) to default CN=Computers in which new computer object will be created. E.g. 'OU=<OU name>'�rprqz
--descriptionzComputers's descriptionz--prepare-oldjoinz5Prepare enabled machine account for oldjoin mechanism�
store_true)rp�actionz--ip-addressrUziIPv4 address for the computer's A record, or IPv6 address for AAAA record, can be provided multiple times�append)rsrprvz--service-principal-name�service_principal_name_listzAComputer's Service Principal Name, can be provided multiple times�computername��	sambaopts�credopts�versionoptsNc
�l�|	�g}	|
�g}
|	D]'}t|�r�tdj|���|j�}|j	|�}
	t|t
�|
|��}|j|||||	|
��|	�rotjdd|�}|jd�rtd|z��djtj|��}|j|j�tj|d	d
g��}|dd	d}t!t"j$|dd
d�}t'j&d
j|j)��||
�}t#j*�}||_t#j$dj|j/�|��|_t3|||||j)�|	|j5��|j8j;d|z�y#t6$r}td|z|��d}~wwxYw)NzInvalid IP address {}��url�session_infor�lp)�
computerou�description�prepare_oldjoinrUrxz\$$�r0zIllegal computername "%s"z-(&(sAMAccountName={}$)(objectclass=computer))�primaryGroupID�	objectSid��base�scope�
expression�attrsrzncacn_ip_tcp:{}[sign]z{}-{}zFailed to add computer '%s': z!Computer '%s' added successfully
)r'rrG�get_loadparm�get_credentialsrr
�newcomputer�re�sub�countrI�
binary_encode�search�	domain_dn�
SCOPE_SUBTREEr	r�dom_sidr�
host_dns_name�
descriptor�	owner_sid�get_domain_sid�	group_sidrf�
get_logger�	Exception�outf�write)�selfryr|r{r}rnr�r�r�rUrxrar��credsrP�hostname�filters�recs�group�ownerrRrSr^s                       r&�runzcmd_computer_add.run�sF���"� �O�&�.�*,�'�*�	O�J��
�+�"�#:�#A�#A�*�#M�N�N�	O��
#�
#�
%���(�(��,��.	0��a�n�.>�&+��4�E����l�z�*5�.=�.=�:U�	
�
 ���6�6�&�"�l�;���>�>�#�&�&�'B�\�'Q�R�R�I�P�P��%�%�h�/�1���|�|����*��+�+�&�+�[�9�	$�;���Q�� 0�1�!�4��"�8�#3�#3�T�!�W�[�5I�!�5L�M��$�.�.�+�2�2�5�3F�3F�3H�I�����#+�"5�"5�"7��,1��)�,4�,<�,<��N�N�5�#7�#7�#9�5�A�-��)� ��8�X�#�U�%8�%8�%:�#�T�_�_�%6�8�	
�	�	���<�|�K�L��	�	0��>�+� ,�-.�0�
0��	0�s�F H�	H3�H.�.H3)	NNNNNNFNN��__name__�
__module__�__qualname__�__doc__�synopsisr�str�
takes_options�
takes_args�options�SambaOptions�CredentialsOptions�VersionOptions�takes_optiongroupsr��r,r&rhrh�s����>0�H�	�t�W�#J���S�	2��~�L��		�
	��%>�S�I��"�K�"�	$�	�~�%���	 �	�)�1�&��		 �%�M�2!�!�J��)�)��.�.��-�-���LP�GL�>B�BMr,rhc��eZdZdZdZedddedd��gZd	gZe	je	je	jd
�Z
		d
d�Zy)�cmd_computer_deleteafDelete a computer.

This command deletes a computer account from the Active Directory domain. The
computername specified on the command is the sAMAccountName without the
trailing $ (dollar sign).

Once the account is deleted, all permissions and memberships associated with
that account are deleted. If a new computer account is added with the same name
as a previously deleted account name, the new computer does not have the
previous permissions. The new account computer will be assigned a new security
identifier (SID) and permissions and memberships will have to be added.

The command may be run from the root userid or another authorized
userid. The -H or --URL= option can be used to execute the command against
a remote server.

Example1:
samba-tool computer delete Computer1 -H ldap://samba.samdom.example.com \
    -Uadministrator%passw1rd

Example1 shows how to delete a computer in the domain against a remote LDAP
server. The -H parameter is used to specify the remote target server. The
--computername= and --password= options are used to pass the computername and
password of a computer that exists on the remote server and is authorized to
issue the command on that server.

Example2:
sudo samba-tool computer delete Computer2

Example2 shows how to delete a computer in the domain against the local server.
sudo is used so a computer may run the command as root.

rirjrkrlrmrnroryrzNc�<�|j�}|j|d��}t|t�||��}|}	|j	d�sd|z}	dtj|	�tjfz}
	|j|j�t
j|
ddg�	�}|d
j}t|d
dd
�}
d|d
vrt|d
dd
�}nd}|
tj"z}|st!d|z��	|j%|�|rt'||j)�|d�
�|j,j/d|z�y#t$rt!d|z��wxYw#t*$r}t!d|	z|��d}~wwxYw)NT��fallback_machinerr0�%s$�)(&(sAMAccountName=%s)(sAMAccountType=%u))�userAccountControl�dNSHostNamer�r�Unable to find computer "%s"zNFailed to remove computer "%s": Computer is not a workstation - removal denied)�ignore_no_namezFailed to remove computer "%s"zDeleted computer %s
)r�r�rr
�endswithrIr�r�ATYPE_WORKSTATION_TRUSTr�r�r��dn�intr��
IndexErrorr�UF_WORKSTATION_TRUST_ACCOUNT�deleterr�r�r�r�)r�ryr|r{r}rnr�r�rP�samaccountname�filterr]�computer_dn�computer_ac�computer_dns_host_name�computer_is_workstationr^s                 r&r�zcmd_computer_delete.rungs���
�
#�
#�
%���(�(��d�(�C���!�.�*:�"'�B�0��&���$�$�S�)�"�\�1�N�=��$�$�^�4��/�/�1�1��	N��,�,�E�O�O�$5�%(�%6�%6�*0�&:�M�%J��L�C��a�&�)�)�K��c�!�f�%9�:�1�=�>�K���A��&�),�S��V�M�-B�1�-E�)F�&�)-�&�

�$�;�;�;�	 �&�� P�!-� .�/�
/�	2��L�L��%�%�%��4�?�?�,�.D�#'�)�	
�	�	���/�,�>�?��%�	N��=��L�M�M�	N���	2��?�-� .�/0�2�
2��	2�s%�<A4E#�0E>�#E;�>	F�F�F�NNNNr�r�r,r&r�r�7si�� �B0�H�	�t�W�#J���S�	2��M�
!�!�J��)�)��.�.��-�-���:>� $�,@r,r�c��eZdZdZdZedddedd��ed	d
e��gZdgZe	je	je	jd
�Z
		dd�Zy)�cmd_computer_editayModify Computer AD object.

    This command will allow editing of a computer account in the Active
    Directory domain. You will then be able to add or change attributes and
    their values.

    The computername specified on the command is the sAMaccountName with or
    without the trailing $ (dollar sign).

    The command may be run from the root userid or another authorized userid.

    The -H or --URL= option can be used to execute the command against a remote
    server.

    Example1:
    samba-tool computer edit Computer1 -H ldap://samba.samdom.example.com \
        -U administrator --password=passw1rd

    Example1 shows how to edit a computers attributes in the domain against a
    remote LDAP server.

    The -H parameter is used to specify the remote target server.

    Example2:
    samba-tool computer edit Computer2

    Example2 shows how to edit a computers attributes in the domain against a
    local LDAP server.

    Example3:
    samba-tool computer edit Computer3 --editor=nano

    Example3 shows how to edit a computers attributes in the domain against a
    local LDAP server using the 'nano' editor.
    rirjrkrlrmrnroz--editorzQEditor to use instead of the system default, or 'vi' if no system default is set.rtryrzNc�^�|j�}|j|d��}t|t�||��}	|}
|j	d�sd|z}
dt
jtj|
�fz}|	j�}	|	j||tj��}
|
dj}t|
�d
k7rtd|t|
�fz��|
d}t!j"|	|�}|�#t$j&j)d�}|�d
}t+j,d��5}|j/t1|��|j3�	t5||j6g�t;|j6�5}|j=�}ddd�ddd�|	j?�}tA|�d
}|	jC||�}t|�dk(r|jDj/d�y	|	jG|�|jDj/d|z�y#t$rtd	|z��wxYw#t8$r}t9d|��d}~wwxYw#1swY��xYw#1swY��xYw#tH$r}td|z|��d}~wwxYw)NTr�rr0r��)(&(sAMAccountType=%d)(sAMAccountName=%s))�r�r�r�rr�rz'Invalid number of results: for "%s": %d�EDITOR�viz.tmp)�suffixzERROR: zNothing to do
z Failed to modify computer '%s': z$Modified computer '%s' successfully
)%r�r�rr
r�rr�rIr�r�r�r�r�r�rrHr�get_ldif_for_editor�os�environ�get�tempfile�NamedTemporaryFiler�r�flushrrQr�open�read�
parse_ldif�next�msg_diffr��modifyr�)r�ryr|r{r}rn�editorr�r�rPr�r��domaindnr]r��msg�result_ldif�t_filer^�edited_file�edited_message�msgs_edited�
msg_edited�res_msg_diffs                        r&r�zcmd_computer_edit.run�s���
�
#�
#�
%���(�(��d�(�C���!�.�*:�"'�B�0��&���$�$�S�)�"�\�1�N�=��/�/��$�$�^�4�6�6���?�?�$��	P��,�,�H�*0�%(�%6�%6��8�C��a�&�)�)�K��s�8�q�=��H�!-��C��9� :�;�
;��!�f���0�0���<���>��Z�Z�^�^�H�-�F��~���
�
(�
(��
7�	4�6��L�L��;�/�0��L�L�N�
7��F�F�K�K�0�1��f�k�k�"�
4�k�!,�!1�!1�!3��
4�	4��&�&�~�6���+�&�q�)�
��~�~�c�:�6���|���!��I�I�O�O�-�.��	0��L�L��&�
	
�	�	���?�,�N�O��O�	P��=��N�O�O�	P��(&�
7�(��A�6�6��
7��
4�
4��	4�	4��(�	0��A�+� ,�-.�0�
0��	0�sl�1H?�:+J�&I�=J�I7�#J�J�?I�	I4�#I/�/I4�4J�7J	�<J�J�	J,�J'�'J,�NNNNNr�r�r,r&r�r��s~��"�F0�H�	�t�W�#J���S�	2��z�!7�=@�	B��M�!�!�J��)�)��.�.��-�-���LP��=Pr,r�c	��eZdZdZdZedddedd��ed	d
de��ed
dddd��gZejejejd�Z						dd�Z
y)�cmd_computer_listzList all computers.z%prog [options]rjrkrlrmrnroz-bz	--base-dnzSpecify base DN to usertz	--full-dn�full_dnFruz)Display DN instead of the sAMAccountName.)rs�defaultrvrprzNc��|j�}|j|d��}t|t�||��}	dtj
z}
|	j
�}|r|	j|�}|	j|tj|
dg��}t|�dk(ry|D]a}
|r.|jjd|
jd	�z��3|jjd|
jdd�
�z��cy)NTr�rz(sAMAccountType=%u)r�)r�r�r�rz%s
r�)�idx)r�r�rr
rr�r��normalize_dn_in_domainr�rIr�rHr�r�r�)r�r{r|r}rn�base_dnr�r�r�rPr��	search_dnr]r�s              r&r�zcmd_computer_list.run s����
#�
#�
%���(�(��d�(�C���!�.�*:�"'�B�0��'�$�*F�*F�G���O�O�%�	���4�4�W�=�I��l�l�9�!$�!2�!2�&,�"2�!3��5��
��H��M���	G�C���	�	��������� 6�7���I�I�O�O�F�S�W�W�-=�1�W�%E�E�F�	Gr,)NNNNNF)r�r�r�r�r�rr�r�r�r�r�r�r�r�r�r,r&r�r�	s���� �H�	�t�W�#J���S�	2��t�[�,��	�	�{���"�?�	A�
�M��)�)��.�.��-�-���������
Gr,r�c��eZdZdZdZedddedd��ed	d
ed��gZd
gZe	je	je	jd�Z
		dd�Zy)�cmd_computer_showa�Display a computer AD object.

This command displays a computer account and it's attributes in the Active
Directory domain.
The computername specified on the command is the sAMAccountName.

The command may be run from the root userid or another authorized
userid.

The -H or --URL= option can be used to execute the command against a remote
server.

Example1:
samba-tool computer show Computer1 -H ldap://samba.samdom.example.com \
    -U administrator

Example1 shows how display a computers attributes in the domain against a
remote LDAP server.

The -H parameter is used to specify the remote target server.

Example2:
samba-tool computer show Computer2

Example2 shows how to display a computers attributes in the domain against a
local LDAP server.

Example3:
samba-tool computer show Computer2 --attributes=objectSid,operatingSystem

Example3 shows how to display a computers objectSid and operatingSystem
attribute.
rirjrkrlrmrnroz--attributesz:Comma separated list of attributes, which will be printed.�computer_attrs)rprqrsryrzNc�N�|j�}|j|d��}t|t�||��}	d}
|r|j	d�}
|}|jd�sd|z}dtjtj|�fz}|	j�}
	|	j|
|tj|
��}|d	j}|D]3}t!j"|	|�}|j$j'|��5y#t$rtd
|z��wxYw)NTr�r�,r0r�r�)r�r�r�r�rr�)r�r�rr
�splitr�rr�rIr�r�r�r�r�r�rrr�r�r�)r�ryr|r{r}rnr�r�r�rPr�r�r�r�r]r�r��
computer_ldifs                  r&r�zcmd_computer_show.runvs9���
#�
#�
%���(�(��d�(�C���!�.�*:�"'�B�0�����"�(�(��-�E�%���$�$�S�)�"�\�1�N�=��/�/��$�$�^�4�6�6���?�?�$��	/��,�,�H��%(�%6�%6�e��E�C��a�&�)�)�K�
�	+�C�"�6�6�u�c�B�M��I�I�O�O�M�*�	+��	�	/��=�-� .�/�
/�	/�s�!2D�D$r�r�r�r,r&r�r�Bs�� �B0�H�	�t�W�#J���S�	2��~�.��.�	0��M�!�!�J��)�)��.�.��-�-���LP�#'� +r,r�c��eZdZdZdZedddedd��gZd	d
gZe	je	je	jd�Z
		dd
�Zy)�cmd_computer_movez4Move a computer to an organizational unit/container.z*%prog <computername> <new_ou_dn> [options]rjrkrlrmrnrory�	new_ou_dnrzNc��|j�}|j|d��}t|t�||��}	t	j
|	|	j
��}
|}|jd�sd|z}dt	j|�tjfz}	|	j|
|tj��}
|
dj}t	j
|	|�}|j!|
�s|j#|
�t	j
|	t%|��}|j't)|�d
z
�|j#|�	|	j+||�|j.j1d|�d
|�d��y#t$rtd	|z��wxYw#t,$r}td|z|��d}~wwxYw)NTr�rr0r�r�r�rr�rzFailed to move computer "%s"zMoved computer "z" to "z"
)r�r�rr
rIrJr�r�r�rr�r�r�r�r�r�is_child_of�add_baser��remove_base_componentsrH�renamer�r�r�)r�ryrr|r{r}rnr�r�rPr�r�r�r]r��full_new_ou_dn�new_computer_dnr^s                  r&r�zcmd_computer_move.run�s���
�
#�
#�
%���(�(��d�(�C���!�.�*:�"'�B�0���F�F�5�%�/�/�"3�4�	�%���$�$�S�)�"�\�1�N�=��$�$�^�4��/�/�1�1��	P��,�,�I�*0�%(�%6�%6��8�C��a�&�)�)�K�����y�1���)�)�)�4��#�#�I�.��&�&���K�(8�9���.�.�s�;�/?��/B�C�� � ��0�	Q��L�L��o�6�	
�	�	���%�y�2�	3���	P��=��N�O�O�	P���	Q��=��L�a�P�P��	Q�s$� 1F�F'�F$�'	G�0F?�?Gr�r�r�r,r&rr�sg��>�;�H�	�t�W�#J���S�	2��M�
!�+�.�J��)�)��.�.��-�-���EI� $�"3r,rc��eZdZdZiZe�ed<e�ed<e�ed<e�ed<e�ed<e	�ed<e
�ed<y	)
�cmd_computerzComputer management.�add�creater��edit�list�show�moveN)r�r�r�r��subcommandsrhr�r�r�r�rr�r,r&r
r
�se����K�)�+�K���,�.�K���/�1�K���+�-�K���+�-�K���+�-�K���+�-�K��r,r
)N)7�samba.getopt�getoptr�rIr�sambar�r�r�r�samba.dcerpcrrr�samba.dnsserverrr�	samba.ndrr	r
r�samba.remove_dcr�
samba.authr
�samba.samdbr�samba.commonr�
subprocessrrr�rrrrrr�samba.netcmdrrrrr'r+r.rfrhr�r�r�r�rr
r�r,r&�<module>r!s���.�
�
��	�	���2�2�/�5�5�1�%��"�5�������F�
G�
[
�|EM�w�EM�P\@�'�\@�~qP��qP�f6G��6G�rT+��T+�n33��33�l
.�<�
.r,

Zerion Mini Shell 1.0