%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/samba/netcmd/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/samba/netcmd/__pycache__/delegation.cpython-312.pyc

�

�I�d�g��8�ddlmZddlZddlmZddlmZddlmZddl	m
Z
ddlmZddl
mZmZddlmZdd	lmZmZmZmZGd
�de�ZGd�d
e�ZGd�de�ZGd�de�ZGd�de�ZGd�de�ZGd�de�ZGd�de�Zy)�N)�	provision)�dsdb)�SamDB)�system_session)�security)�ndr_pack�
ndr_unpack)�_get_user_realm_domain)�Command�CommandError�SuperCommand�Optionc��eZdZdZdZejejejd�Z	e
dddedd�	�gZd
gZ
d�Zdd
�Zy)�cmd_delegation_showz*Show the delegation setting of an account.z%prog <accountname> [options]��	sambaopts�credopts�versionopts�-H�--URL�%LDB URL for database or target server�URL�H��help�type�metavar�dest�accountnamec���|j}|j}d}|�|tjzs |jjd|�d��y|tjzs |jjd|�d��yd}|jD�]	}|j}	|jd|�d�tj�	�}	t|	�d
k(r|	dj}	d}
|jtj"k(s|jtj$k(r%|jjd
|�d|�d��d}
n<|jtj&k7r|jtj(k7rd}
|j*tj,z}|j*tj.z}|j*tj0z}|j*tj2z}|r|s|sd}
nL|r$|jjd|�d|�d��d}
|r$|jjd|�d|�d��d}
|j4sd}
|
r���|r|j6jd�d}|j6jd|�d����y#tj$r.}
|
j\}}|tj k7r�Yd}
~
���d}
~
wwxYw)NzISecurity Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentityzWarning: DACL not present in z!
zWarning: DACL in z lacks SELF_RELATIVE flag!
Tz<SID=�>)�scope�rFzWarning: ACE in z denies access for trustee zWarning: ACE for trustee z. has unexpected CONTAINER_INHERIT flag set in z* has unexpected INHERITED_ACE flag set in z0  Principals that may delegate to this account:
z*msDS-AllowedToActOnBehalfOfOtherIdentity: �
)�daclrr�SEC_DESC_DACL_PRESENT�errf�write�SEC_DESC_SELF_RELATIVE�aces�trustee�search�ldb�
SCOPE_BASE�len�dn�LdbError�args�ERR_NO_SUCH_OBJECT�SEC_ACE_TYPE_ACCESS_DENIED�!SEC_ACE_TYPE_ACCESS_DENIED_OBJECT�SEC_ACE_TYPE_ACCESS_ALLOWED�"SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT�flags�SEC_ACE_FLAG_INHERIT_ONLY�SEC_ACE_FLAG_OBJECT_INHERIT�SEC_ACE_FLAG_CONTAINER_INHERIT�SEC_ACE_FLAG_INHERITED_ACE�access_mask�outf)�self�sam�security_descriptorr%�	desc_type�warning_info�first�acer+�res�err�num�_�ignore�inherit_only�object_inherit�container_inherit�
inherited_aces                  �9/usr/lib/python3/dist-packages/samba/netcmd/delegation.py�show_security_descriptorz,cmd_delegation_show.show_security_descriptor8s���"�'�'��'�,�,�	�C���<�y�8�+I�+I�I��I�I�O�O�;�L�>��M�N���8�:�:�:��I�I�O�O�/��~�>4�5�
6�����9�9�>	0�C��k�k�G�	
(��j�j�5��	��!3�'*�~�~�!�7���s�8�q�=�!�!�f�i�i�G��F����H�?�?�?��x�x�8�#M�#M�M��	�	���"2�<�.�A6�6=�Y�c�!C�D����(�(�h�B�B�B����H�$O�$O�O����9�9�x�'I�'I�I�L� �Y�Y��)M�)M�M�N��	�	�H�C�C�C�
��I�I��(K�(K�K�M��N�;L���$��I�I�O�O�&?��y�IP�'3�n�C�%9�:�"�F� ��I�I�O�O�&?��y�IL�'3�n�C�%9�:�"�F��?�?������I�I�O�O�'1�3�!�E��	�	���"L�#*�)�2�!/�0�{>	0���<�<�
������Q��#�0�0�0��1��
�s�"%J�K �2#K�K Nc���|j�}|j|�}tj||j	d��}|�
|j
}	n|}	t
|	t�||��}
t||
�\}}}
|
jdtj|�ztjgd���}t|�dk(rtd|z��t|�dk(sJ�t|dj	d	�d�}|dj	d
�}|dj	dd��}|j j#d
t%|dj&�z�|j j#dt)|t*j,z�z�|j j#dt)|t*j.z�z�|r@|j j#d�|D] }|j j#d|z��"|�.	t1t2j4|�}|j7|
|�yy#t8$r|j:j#d�YywxYw)N�realm��session_info�credentials�lp�sAMAccountName=%s)�userAccountControl�msDS-AllowedToDelegateTo�(msDS-AllowedToActOnBehalfOfOtherIdentity��
expressionr"�attrsr� Unable to find account name '%s'r#rXrYrZ��idxzAccount-DN: %s
zUF_TRUSTED_FOR_DELEGATION: %s
z.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION: %s
z)  Services this account may delegate to:
zmsDS-AllowedToDelegateTo: %s
znWarning: Security Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity could not be unmarshalled!
)�get_loadparm�get_credentialsr�provision_paths_from_lp�get�samdbrrr
r,r-�
binary_encode�
SCOPE_SUBTREEr/r�intr>r(�strr0�boolr�UF_TRUSTED_FOR_DELEGATION�)UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATIONr	r�
descriptorrP�RuntimeErrorr')r?rrrrrrV�creds�paths�pathr@�cleanedaccountrR�domainrF�uac�allowed�allowed_from�arAs                    rO�runzcmd_delegation_show.run�sG��
�
#�
#�
%���(�(��,���1�1�"�b�f�f�W�o�F���9��;�;�D��D��D�~�'7� %�"�.��+A��AD�+F�'�����j�j�$7��*�*�>�:�%;�"�0�0� L��M��
�s�8�q�=��A�K�O�P�P��3�x�1�}��}��#�a�&�*�*�1�2�1�5�6���a�&�*�*�7�8���1�v�z�z�"L�RS�z�T���	�	���*�S��Q����^�;�<��	�	���9��s�T�%C�%C�C�D�E�	F��	�	���I��S�4�#Q�#Q�Q�R�S�	T���I�I�O�O�H�I��
F���	�	��� @�1� D�E�
F��#�
H�&0��1D�1D�l�&S�#��-�-�c�3F�G�$�� �
@��	�	���!?�@�
@�s�I�$I-�,I-�NNNN)�__name__�
__module__�__qualname__�__doc__�synopsis�options�SambaOptions�CredentialsOptions�VersionOptions�takes_optiongroupsrri�
takes_options�
takes_argsrPrx��rOrr&se��4�.�H��)�)��.�.��-�-���	�t�W�#J�QT��3�	(��M�
 ��J�P0�f0Hr�rc��eZdZdZdZejejejd�Z	e
dddedd�	�gZd
dgZ
		dd
�Zy)�cmd_delegation_for_any_servicez3Set/unset UF_TRUSTED_FOR_DELEGATION for an account.�(%prog <accountname> [(on|off)] [options]rrrrrrrr�onoffNc��d}|dk(rd}n|dk(rd}ntd|z��|j�}|j|�}	tj||jd��}
|�
|
j}n|}t|t�|	|��}t||�\}
}}dtj|
�z}tj}	|j||d	|d�
�y#t$r}t|��d}~wwxYw)NF�onT�off�0invalid argument: '%s' (choose from 'on', 'off')rRrSrWzTrusted-for-Delegation��	flags_strr��strict)rrarbrrcrdrerrr
r-rfrrk�toggle_userAccountFlags�	Exception�r?rr�rrrrr�rVrorprqr@rrrRrs�
search_filter�flagrGs                   rOrxz"cmd_delegation_for_any_service.run�s�����D�=��B�
�e�^��B��Q�TY�Y�Z�Z�
�
#�
#�
%���(�(��,���1�1�"�b�f�f�W�o�F���9��;�;�D��D��D�~�'7� %�"�.��+A��AD�+F�'����,�c�.?�.?��.O�O�
��-�-��	$��'�'�
�t�2J�+-�d�
(�
<���	$��s�#�#��	$�s�C�	C8�(C3�3C8ry�rzr{r|r}r~rr�r�r�r�rrir�r�rxr�r�rOr�r��sf��=�9�H��)�)��.�.��-�-���	�t�W�#J�QT��3�	(��M�
 ��)�J�GK��!$r�r�c��eZdZdZdZejejejd�Z	e
dddedd�	�gZd
dgZ
		dd
�Zy)�cmd_delegation_for_any_protocolzOSet/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) for an account.r�rrrrrrrrr�Nc��d}|dk(rd}n|dk(rd}ntd|z��|j�}|j|d��}	tj||jd��}
|�
|
j}n|}t|t�|	|��}t||�\}
}}d	tj|
�z}tj}	|j||d
|d��y#t$r}t|��d}~wwxYw)NFr�Tr�r�)�fallback_machinerRrSrWz&Trusted-to-Authenticate-for-Delegationr�)rrarbrrcrdrerrr
r-rfrrlr�r�r�s                   rOrxz#cmd_delegation_for_any_protocol.runs�����D�=��B�
�e�^��B��Q�TY�Y�Z�Z�
�
#�
#�
%���(�(��d�(�C���1�1�"�b�f�f�W�o�F���9��;�;�D��D��D�~�'7� %�"�.��+A��AD�+F�'����,�c�.?�.?��.O�O�
��=�=��	$��'�'�
�t�2Z�+-�d�
(�
<���	$��s�#�#��	$�s�
C!�!	C:�*C5�5C:ryr�r�r�rOr�r��sf��Y�9�H��)�)��.�.��-�-���	�t�W�#J�QT��3�	(��M�
 ��)�J�GK��!$r�r�c��eZdZdZdZejejejd�Z	e
dddedd�	�gZd
dgZ
		dd
�Zy)�cmd_delegation_add_servicezZAdd a service principal to msDS-AllowedToDelegateTo so that an account may delegate to it.�)%prog <accountname> <principal> [options]rrrrrrrr�	principalNc���|j�}|j|�}tj||j	d��}	|�
|	j
}
n|}
t
|
t�||��}t||�\}}
}|jdtj|�ztjdg��}t|�dk(rtd|z��t|�dk(sJ�tj�}|dj |_tj"|gtj$d�|d<	|j'|�y#t($r}t|��d}~wwxYw�	NrRrSrWrYr[rr^r#)rarbrrcrdrerrr
r,r-rfrgr/r�Messager0�MessageElement�FLAG_MOD_ADD�modifyr��r?rr�rrrrrVrorprqr@rrrRrsrF�msgrGs                  rOrxzcmd_delegation_add_service.run<sS���
#�
#�
%���(�(��,���1�1�"�b�f�f�W�o�F���9��;�;�D��D��D�~�'7� %�"�.��+A��AD�+F�'�����j�j�$7��*�*�>�:�%;�"�0�0� :�;��=���s�8�q�=��A�K�O�P�P��3�x�1�}��}��k�k�m���Q������*-�*<�*<�i�[�=@�=M�=M�=W�+Y��&�'�	$��J�J�s�O���	$��s�#�#��	$���6E�	E!�E�E!ryr�r�r�rOr�r�*sf��d�:�H��)�)��.�.��-�-���	�t�W�#J�QT��3�	(��M�
 ��-�J�KO��"$r�r�c��eZdZdZdZejejejd�Z	e
dddedd�	�gZd
dgZ
		dd
�Zy)�cmd_delegation_del_serviceziDelete a service principal from msDS-AllowedToDelegateTo so that an account may no longer delegate to it.r�rrrrrrrrr�Nc���|j�}|j|�}tj||j	d��}	|�
|	j
}
n|}
t
|
t�||��}t||�\}}
}|jdtj|�ztjdg��}t|�dk(rtd|z��t|�dk(sJ�tj�}|dj |_tj"|gtj$d�|d<	|j'|�y#t($r}t|��d}~wwxYwr�)rarbrrcrdrerrr
r,r-rfrgr/rr�r0r��FLAG_MOD_DELETEr�r�r�s                  rOrxzcmd_delegation_del_service.runssS���
#�
#�
%���(�(��,���1�1�"�b�f�f�W�o�F���9��;�;�D��D��D�~�'7� %�"�.��+A��AD�+F�'�����j�j�$7��*�*�>�:�%;�"�0�0� :�;��=���s�8�q�=��A�K�O�P�P��3�x�1�}��}��k�k�m���Q������*-�*<�*<�i�[�=@�=P�=P�=W�+Y��&�'�	$��J�J�s�O���	$��s�#�#��	$�r�ryr�r�r�rOr�r�asf��s�:�H��)�)��.�.��-�-���	�t�W�#J�QT��3�	(��M�
 ��-�J�KO��"$r�r�c��eZdZdZdZejejejd�Z	e
dddedd�	�gZd
dgZ
		dd
�Zy)�cmd_delegation_add_principalz\Add a principal to msDS-AllowedToActOnBehalfOfOtherIdentity that may delegate to an account.r�rrrrrrrrr�Nc	���|j�}|j|�}tj||j	d��}	|�
|	j
}
n|}
t
|
t�||��}t||�\}}
}
|jdtj|�ztjdg��}t|�dk(rtd|�d���t|�d	k(sJ�|dj	dd�
�}|�|tj tj"�}tj$�}tj&|_tj*tj,z|_||_d}n'	t3tj$|�}|j6}|�0tj8�}tj:|_d|_t||�\}}
}
|jdtj|�ztjd
g��}t|�dk(rtd|�d���t|�d	k(sJ�tj |j?d|dj	dd�
��jAd���|jB}tE�fd�|D��rtd|�d|�d���tjF�}tjH|_d|_%tjL|_'�|_(|jS|�||_!|xj<d	z
c_||_tU|�}tjV�}|djX|_,|�(tjZ|tj\d�|d<tjZ|tj^d�|d<	|ja|�y#t4$rtd|�d���wxYw#tjb$rA}|jd\}}
|tjfk(rtd|�d���t|��d}~wwxYw)NrRrSrWrZr[rzUnable to find account name '�'r#r_�WSecurity Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account '�' could not be unmarshalled!�	objectSid�Unable to find principal name '�	objectSID�utf-8c3�<�K�|]}|j�k(���y�w)N)r+)�.0rE�	princ_sids  �rO�	<genexpr>z3cmd_delegation_add_principal.run.<locals>.<genexpr>�s�����8�C�s�{�{�i�'�8�s�zACE for principal 'zl' already present in Security Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account '�'.�0�1�RRefused to update attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account '�:': a conflicting attribute update occurred simultaneously.)4rarbrrcrdrerrr
r,r-rfrgr/rr�dom_sid�SID_BUILTIN_ADMINISTRATORSrm�SD_REVISION�revisionr&r)r�	owner_sidr	rnr%�acl�SECURITY_ACL_REVISION_ADS�num_aces�schema_format_value�decoder*�anyrEr6r8�SEC_ADS_GENERIC_ALLr=r+�appendrr�r0r�r�r�r�r1r2�ERR_NO_SUCH_ATTRIBUTE)r?rr�rrrrrVrorprqr@rrrI�account_res�datar��
security_descr%�cleanedprinc�	princ_resr*rE�new_datar�rGrHr�s                           @rOrxz cmd_delegation_add_principal.run�s,����
#�
#�
%���(�(��,���1�1�"�b�f�f�W�o�F���9��;�;�D��D��D�~�'7� %�"�.�� 6�k�3�G����1��j�j�*����n�-�.��#�#�=�>�	!�@��
�{��q� ��!>�{�m�1�M�N�N��;��1�$�%�$��1�~�!�!�6�A�"�?���<� �(�(��)L�)L�M�I�$�/�/�1�M�%-�%9�%9�M�"�"*�"@�"@�"*�"A�"A�#B�M��&/�M�#��D�
5� *�8�+>�+>�� E�
�!�%�%�D��<��<�<�>�D�$�>�>�D�M��D�M�4�I�s�C���a���J�J�*=�"�0�0��>�+?�%(�%6�%6�&1�]��4�	��y�>�Q���!@���1�M�N�N��9�~��"�#�"��$�$��#�#���!�� � ��!� �4�
6�6<�f�W�o�G�	�
�y�y���8�4�8�8��%�i�[�1� �=��$�%�
%��l�l�n���7�7�����	�"�6�6���������C����	��
�
���
�!�
���M�*��
�k�k�m���Q��"�"������)�)��c�)�)�:�<�C��H��%�%��c�&�&�6�8��C��	(��J�J�s�O��M �
5�"�&3�3>�-�@3�$4�5�5�
5��N�|�|�		(��X�X�F�C���c�/�/�/�"��#�}�%/�0�1�1�#�3�'�'��		(�s$�;O�	O7�O4�7Q�
<Q�Qryr�r�r�rOr�r��sf��f�:�H��)�)��.�.��-�-���	�t�W�#J���S�	2��M�
 ��-�J�KO��z(r�r�c��eZdZdZdZejejejd�Z	e
dddedd�	�gZd
dgZ
		dd
�Zy)�cmd_delegation_del_principalzkDelete a principal from msDS-AllowedToActOnBehalfOfOtherIdentity that may no longer delegate to an account.r�rrrrrrrrr�Nc	��|j�}|j|�}tj||j	d��}	|�
|	j
}
n|}
t
|
t�||��}t||�\}}
}
|jdtj|�ztjdg��}t|�dk(rtd|z��t|�dk(sJ�|dj	dd�	�}|�td
|�d���	tt j"|�}|j&}|�td|�d���t||�\}}
}
|jdtj|�ztjdg��}t|�dk(rtd|�d���t|�dk(sJ�t!j(|j+d|dj	dd�	��j-d��}|j.}|D�cgc]}|j0|k7s�|��}}t|�t|�k(rtd|�d|�d���t|�|_||_||_t5|�}tj6�}|dj8|_tj:|tj<d�|d<tj:|tj>d�|d<	|jA|�y#t$$rtd|�d
���wxYwcc}w#tjB$rA}|jD\}}
|tjFk(rtd|�d���t|��d}~wwxYw)NrRrSrWrZr[rr^r#r_z@Attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'z' not present!r�r�zkDACL not present on Security Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'z'!r�r�r�r�r�z"Unable to find ACE for principal 'z\' in Security Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'r�r�r�r�r�)$rarbrrcrdrerrr
r,r-rfrgr/rr	rrmrnr%r�r�r�r*r+r�rr�r0r�r�r�r�r1r2r�)r?rr�rrrrrVrorprqr@rrrIr�r�r�r%r�r�r��old_acesrEr*r�r�rGrHs                            rOrxz cmd_delegation_del_principal.run9s����
#�
#�
%���(�(��,���1�1�"�b�f�f�W�o�F���9��;�;�D��D��D�~�'7� %�"�.�� 6�k�3�G����1��j�j�*����n�-�.��#�#�=�>�	!�@��
�{��q� ��A�K�O�P�P��;��1�$�%�$��1�~�!�!�6�A�"�?���<��"+�+6�-�~� G�H�
H�	1�&�x�':�':�D�A�M��!�!���<��"+�,7�-�r� ;�<�
<�4�I�s�C���a���J�J�*=�"�0�0��>�+?�%(�%6�%6�&1�]��4�	��y�>�Q���!@���1�M�N�N��9�~��"�#�"��$�$��#�#���!�� � ��!� �4�
6�6<�f�W�o�G�	�
�9�9�� (�D��3�;�;�)�+C��D��D��t�9��H�
�%��"#�#,�+�.+�,7�-�r�	 ;�<�
<��D�	��
���	�!�
���M�*��
�k�k�m���Q��"�"����%�%��#�%�%�6�8��C���%�%��c�&�&�6�8��C��	(��J�J�s�O��}�	1��"+�+6�-�8/� 0�1�
1�	1��BE��<�|�|�		(��X�X�F�C���c�/�/�/�"��#�}�%/�0�1�1�#�3�'�'��		(�s0�L	�L%�&L%�7L*�	L"�*M>�=<M9�9M>ryr�r�r�rOr�r�'sf��u�:�H��)�)��.�.��-�-���	�t�W�#J���S�	2��M�
 ��-�J�KO��k(r�r�c��eZdZdZiZe�ed<e�ed<e�ed<e�ed<e	�ed<e
�ed<e�ed<y	)
�cmd_delegationzDelegation management.�showzfor-any-servicezfor-any-protocolzadd-servicezdel-servicez
add-principalz
del-principalN)rzr{r|r}�subcommandsrr�r�r�r�r�r�r�r�rOr�r��sg�� ��K�-�/�K���%C�%E�K�!�"�&E�&G�K�"�#�!;�!=�K�
��!;�!=�K�
��#?�#A�K�� �#?�#A�K�� r�r�)�samba.getopt�getoptrr-�sambarr�samba.samdbr�
samba.authr�samba.dcerpcr�	samba.ndrrr	�samba.netcmd.commonr
�samba.netcmdrrr
rrr�r�r�r�r�r�r�r�r�rO�<module>r�s���*�
����%�!�*�6���UH�'�UH�p3$�W�3$�l3$�g�3$�l4$��4$�n4$��4$�nL(�7�L(�^}(�7�}(�@
B�\�
Br�

Zerion Mini Shell 1.0