Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€

Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€ - Ð ÐµÐ´Ð°ÐºÑ‚Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ - /usr/lib64/python3.6/site-packages/samba/netcmd/__pycache__/delegation.cpython-36.pyc

ÐÐ°Ð·Ð°Ð´
3 �I�d�g��@��s��d�dl�jZd�dlZd�dlmZ�d�dlmZ�d�dlmZ�d�dl m Z �d�dlmZ�d�dl mZmZ�d�dlmZ�d�d lmZmZmZmZ�G�d d��de�ZG�dd ��d e�ZG�dd��de�ZG�dd��de�ZG�dd��de�ZG�dd��de�ZG�dd��de�ZG�dd��de�ZdS�)��N)� provision)�dsdb)�SamDB)�system_session)�security)�ndr_pack� ndr_unpack)�_get_user_realm_domain)�Command�CommandError�SuperCommand�Optionc��@��sT��e�Zd�ZdZdZejejejd�Z e dddeddd �gZd gZ dd��Zddd�Zd S�)�cmd_delegation_showzShow the delegation setting of an account.z%prog <accountname> [options])� sambaopts�credopts�versionoptsz-Hz--URLz%LDB URL for database or target server�URL�H)�help�type�metavar�dest�accountnamec��C��s��\|j�}\|j}d}\|d�ks$\|tj@��r<\|�jjd\|��d��d�S�\|tj@�s^\|�jjd\|��d��d�S�d}�x�\|jD��]�}\|j}y\|j d\|��d�t jd �} W�n:�t jk r��} �z\| j \}}\|t jkr��W�Y�d�d�} ~ X�nX�t\| �d kr�\| d�j}d} \|jtjk�s\|jtjk�r&\|�jjd \|��d\|��d��d} n \|jtjk�rF\|jtjk�rFd} \|jtj@�}\|jtj@�}\|jtj@�}\|jtj@�}\|�r�\|��r�\|��r�d} nH\|�r�\|�jjd\|��d\|��d��d} \|�r�\|�jjd\|��d\|��d��d} \|j�s�d} \| sl\|�r�\|�jjd��d}\|�jjd\|��d��qlW�d�S�)NzISecurity Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentityzWarning: DACL not present in z! zWarning: DACL in z lacks SELF_RELATIVE flag! Tz<SID=�>)�scope��r��FzWarning: ACE in z denies access for trustee zWarning: ACE for trustee z. has unexpected CONTAINER_INHERIT flag set in z has unexpected INHERITED_ACE flag set in z0 Principals that may delegate to this account: zmsDS-AllowedToActOnBehalfOfOtherIdentity: � )�daclr��r��SEC_DESC_DACL_PRESENT�errf�write�SEC_DESC_SELF_RELATIVE�aces�trustee�search�ldbZ SCOPE_BASE�LdbError�argsZERR_NO_SUCH_OBJECT�len�dnZSEC_ACE_TYPE_ACCESS_DENIEDZ!SEC_ACE_TYPE_ACCESS_DENIED_OBJECT�SEC_ACE_TYPE_ACCESS_ALLOWEDZ"SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT�flagsZSEC_ACE_FLAG_INHERIT_ONLYZSEC_ACE_FLAG_OBJECT_INHERITZSEC_ACE_FLAG_CONTAINER_INHERITZSEC_ACE_FLAG_INHERITED_ACE�access_mask�outf)�self�sam�security_descriptorr��Z desc_typeZwarning_info�first�acer#��res�err�num�_�ignoreZinherit_onlyZobject_inheritZcontainer_inheritZ inherited_ace��r8��"/usr/lib64/python3.6/delegation.py�show_security_descriptor8��s`�� z,cmd_delegation_show.show_security_descriptorNc��C��s��\|j��}\|j\|�}tj\|\|jd��}\|d�kr4\|j} n\|} t\| t��\|\|d�} t\|\| �\}}} \| j dt j\|��t jdddgd�}t \|�dkr�td \|��t \|�d ks�t�t\|d�jd�d��}\|d�jd�}\|d�jddd�}\|�jjdt\|d�j��\|�jjd t\|tj@��\|�jjdt\|tj@��\|�rZ\|�jjd��x\|D�]}\|�jjd\|��q@W�\|d�k �r�yttj\|�}W�n"�tk �r��\|�jjd��Y�nX�\|�j\| \|��d�S�)N�realm)�session_info�credentials�lpzsAMAccountName=%sZuserAccountControlzmsDS-AllowedToDelegateToz(msDS-AllowedToActOnBehalfOfOtherIdentity)� expressionr��attrsr��z Unable to find account name '%s'r��)�idxzAccount-DN: %s zUF_TRUSTED_FOR_DELEGATION: %s z.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION: %s z) Services this account may delegate to: zmsDS-AllowedToDelegateTo: %s znWarning: Security Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity could not be unmarshalled! )�get_loadparm�get_credentialsr��provision_paths_from_lp�get�samdbr��r��r ��r$��r%�� binary_encode� SCOPE_SUBTREEr(��r��AssertionError�intr-��r ��strr)��boolr��UF_TRUSTED_FOR_DELEGATION�)UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATIONr��r�� descriptor�RuntimeErrorr��r:��)r.��r��r��r��r��r��r>��creds�paths�pathr/��cleanedaccountr;��domainr3��ZuacZallowedZallowed_from�ar0��r8��r8��r9��run��sH�� zcmd_delegation_show.run)NNNN)�__name__� __module__�__qualname__�__doc__�synopsis�options�SambaOptions�CredentialsOptions�VersionOptions�takes_optiongroupsr ��rK�� takes_options� takes_argsr:��rW��r8��r8��r8��r9��r��&��s�� Sr��c��@��sN��e�Zd�ZdZdZejejejd�Z e dddeddd �gZd dgZ dd d�ZdS�)�cmd_delegation_for_any_servicez3Set/unset UF_TRUSTED_FOR_DELEGATION for an account.z(%prog <accountname> [(on\|off)] [options])r��r��r��z-Hz--URLz%LDB URL for database or target serverr��r��)r��r��r��r��r��onoffNc��C��s��d}\|dkrd}n\|dkr d}nt�d\|��\|j��}\|j\|�} tj\|\|jd��} \|d�kr`\| j}n\|}t\|t��\| \|d�}t \|\|�\} }}dt j\| ��}tj }y\|j\|\|d \|dd ��W�n�tk r��}�zt�\|��W�Y�d�d�}~X�nX�d�S�)NF�onT�offz0invalid argument: '%s' (choose from 'on', 'off')r;��)r<��r=��r>��zsAMAccountName=%szTrusted-for-Delegation)� flags_strrf��strict)r��rB��rC��r��rD��rE��rF��r��r��r ��r%��rG��r��rM��toggle_userAccountFlags� Exception)r.��r��re��r��r��r��r��rf��r>��rQ��rR��rS��r/��rT��r;��rU�� search_filter�flagr4��r8��r8��r9��rW��s0�� z"cmd_delegation_for_any_service.run)NNNN)rX��rY��rZ��r[��r\��r]��r^��r_��r`��ra��r ��rK��rb��rc��rW��r8��r8��r8��r9��rd��s�� rd��c��@��sN��e�Zd�ZdZdZejejejd�Z e dddeddd �gZd dgZ dd d�ZdS�)�cmd_delegation_for_any_protocolzOSet/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) for an account.z(%prog <accountname> [(on\|off)] [options])r��r��r��z-Hz--URLz%LDB URL for database or target serverr��r��)r��r��r��r��r��re��Nc��C��s��d}\|dkrd}n\|dkr d}nt�d\|��\|j��}\|j\|dd�} tj\|\|jd��} \|d�krd\| j}n\|}t\|t��\| \|d�}t \|\|�\} }}d t j\| ��}tj }y\|j\|\|d \|dd��W�n�tk r��}�zt�\|��W�Y�d�d�}~X�nX�d�S�)NFrf��Trg��z0invalid argument: '%s' (choose from 'on', 'off'))Zfallback_machiner;��)r<��r=��r>��zsAMAccountName=%sz&Trusted-to-Authenticate-for-Delegation)rh��rf��ri��)r��rB��rC��r��rD��rE��rF��r��r��r ��r%��rG��r��rN��rj��rk��)r.��r��re��r��r��r��r��rf��r>��rQ��rR��rS��r/��rT��r;��rU��rl��rm��r4��r8��r8��r9��rW��s0�� z#cmd_delegation_for_any_protocol.run)NNNN)rX��rY��rZ��r[��r\��r]��r^��r_��r`��ra��r ��rK��rb��rc��rW��r8��r8��r8��r9��rn��s�� rn��c��@��sN��e�Zd�ZdZdZejejejd�Z e dddeddd �gZd dgZ dd d�ZdS�)�cmd_delegation_add_servicezZAdd a service principal to msDS-AllowedToDelegateTo so that an account may delegate to it.z)%prog <accountname> <principal> [options])r��r��r��z-Hz--URLz%LDB URL for database or target serverr��r��)r��r��r��r��r�� principalNc��C��s ��\|j��}\|j\|�}tj\|\|jd��} \|d�kr4\| j} n\|} t\| t��\|\|d�}t\|\|�\}} }\|j dt j\|��t jdgd�}t \|�dkr�td\|��t \|�dks�t�t j��}\|d�j\|_t j\|gt jd�\|d<�y\|j\|��W�n,�tk �r�}�zt\|��W�Y�d�d�}~X�nX�d�S�) Nr;��)r<��r=��r>��zsAMAccountName=%szmsDS-AllowedToDelegateTo)r?��r��r@��r��z Unable to find account name '%s'r��)rB��rC��r��rD��rE��rF��r��r��r ��r$��r%��rG��rH��r(��r��rI��Messager)��MessageElement�FLAG_MOD_ADD�modifyrk��)r.��r��rp��r��r��r��r��r>��rQ��rR��rS��r/��rT��r;��rU��r3��msgr4��r8��r8��r9��rW��<��s4�� zcmd_delegation_add_service.run)NNNN)rX��rY��rZ��r[��r\��r]��r^��r_��r`��ra��r ��rK��rb��rc��rW��r8��r8��r8��r9��ro����s�� ro��c��@��sN��e�Zd�ZdZdZejejejd�Z e dddeddd �gZd dgZ dd d�ZdS�)�cmd_delegation_del_serviceziDelete a service principal from msDS-AllowedToDelegateTo so that an account may no longer delegate to it.z)%prog <accountname> <principal> [options])r��r��r��z-Hz--URLz%LDB URL for database or target serverr��r��)r��r��r��r��r��rp��Nc��C��s ��\|j��}\|j\|�}tj\|\|jd��} \|d�kr4\| j} n\|} t\| t��\|\|d�}t\|\|�\}} }\|j dt j\|��t jdgd�}t \|�dkr�td\|��t \|�dks�t�t j��}\|d�j\|_t j\|gt jd�\|d<�y\|j\|��W�n,�tk �r�}�zt\|��W�Y�d�d�}~X�nX�d�S�) Nr;��)r<��r=��r>��zsAMAccountName=%szmsDS-AllowedToDelegateTo)r?��r��r@��r��z Unable to find account name '%s'r��)rB��rC��r��rD��rE��rF��r��r��r ��r$��r%��rG��rH��r(��r��rI��rq��r)��rr��FLAG_MOD_DELETErt��rk��)r.��r��rp��r��r��r��r��r>��rQ��rR��rS��r/��rT��r;��rU��r3��ru��r4��r8��r8��r9��rW��s��s4�� zcmd_delegation_del_service.run)NNNN)rX��rY��rZ��r[��r\��r]��r^��r_��r`��ra��r ��rK��rb��rc��rW��r8��r8��r8��r9��rv��a��s�� rv��c��@��sN��e�Zd�ZdZdZejejejd�Z e dddeddd �gZd dgZ dd d�ZdS�)�cmd_delegation_add_principalz\Add a principal to msDS-AllowedToActOnBehalfOfOtherIdentity that may delegate to an account.z)%prog <accountname> <principal> [options])r��r��r��z-Hz--URLz%LDB URL for database or target serverr��r��)r��r��r��r��r��rp��Nc��s ��\|j��}\|j\|�}tj\|\|jd��} \|d�kr4\| j} n\|} t\| t��\|\|d�}t\|\|�\}} } \|j dt j\|��t jdgd�}t \|�dkr�td\|��d��t \|�d ks�t�\|d�jddd �}\|d�kr�tjtj�}tj��}tj\|_tjtjB�\|_\|\|_d�}n>yttj\|�}W�n&�tk �r��td\|��d��Y�nX�\|j}\|d�k�rRtj��}tj\|_d\|_t\|\|�\}} } \|j dt j\|��t jd gd�}t \|�dk�r�td\|��d��t \|�d k�s�t�tj\|j d\|d�jddd ��j!d��\|j"}t#��fdd�\|D��r td\|��d\|��d��tj$��}tj%\|_d\|_&tj'\|_(��\|_)\|j\|��\|\|_"\|�jd 7��_\|\|_t+\|�}t j,��}\|d�j-\|_-\|d�k �r�t j.\|t j/d�\|d<�t j.\|t j0d�\|d<�y\|j1\|��W�nV�t j2k �r�}�z6\|j3\}} \|t j4k�r�td\|��d��nt\|��W�Y�d�d�}~X�nX�d�S�)Nr;��)r<��r=��r>��zsAMAccountName=%sz(msDS-AllowedToActOnBehalfOfOtherIdentity)r?��r��r@��r��zUnable to find account name '�'r��)rA��zWSecurity Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'z' could not be unmarshalled!� objectSidzUnable to find principal name '� objectSIDzutf-8c��3��s��\|�]}\|j��kV��qd�S�)N)r#��)�.0r2��)� princ_sidr8��r9�� <genexpr>��s��z3cmd_delegation_add_principal.run.<locals>.<genexpr>zACE for principal 'zl' already present in Security Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'z'.�0�1zRRefused to update attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'z:': a conflicting attribute update occurred simultaneously.)5rB��rC��r��rD��rE��rF��r��r��r ��r$��r%��rG��rH��r(��r��rI��r��dom_sidZSID_BUILTIN_ADMINISTRATORSrO��ZSD_REVISIONZrevisionr��r!��r�� owner_sidr��rP��r��ZaclZSECURITY_ACL_REVISION_ADS�num_aces�schema_format_value�decoder"��anyr2��r*��r+��ZSEC_ADS_GENERIC_ALLr,��r#��appendr��rq��r)��rr��rw��rs��rt��r&��r'��ERR_NO_SUCH_ATTRIBUTE)r.��r��rp��r��r��r��r��r>��rQ��rR��rS��r/��rT��r6��account_res�datar�� security_descr��cleanedprinc� princ_resr"��r2��new_dataru��r4��r5��r8��)r}��r9��rW��s�� z cmd_delegation_add_principal.run)NNNN)rX��rY��rZ��r[��r\��r]��r^��r_��r`��ra��r ��rK��rb��rc��rW��r8��r8��r8��r9��rx��s�� rx��c��@��sN��e�Zd�ZdZdZejejejd�Z e dddeddd �gZd dgZ dd d�ZdS�)�cmd_delegation_del_principalzkDelete a principal from msDS-AllowedToActOnBehalfOfOtherIdentity that may no longer delegate to an account.z)%prog <accountname> <principal> [options])r��r��r��z-Hz--URLz%LDB URL for database or target serverr��r��)r��r��r��r��r��rp��Nc��s��\|j��}\|j\|�}tj\|\|jd��} \|d�kr4\| j} n\|} t\| t��\|\|d�}t\|\|�\}} } \|j dt j\|��t jdgd�}t \|�dkr�td\|��t \|�dks�t�\|d�jddd �}\|d�kr�td \|��d��yttj\|�}W�n$�tk r��td\|��d ��Y�nX�\|j}\|d�k�r td\|��d��t\|\|�\}} } \|j dt j\|��t jdgd�}t \|�dk�rltd\|��d��t \|�dk�s~t�tj\|jd\|d�jddd ��jd��\|j}��fdd�\|D��}t \|�t \|�k�r�td\|��d\|��d��t \|�\|_\|\|_\|\|_t\|�}t j��}\|d�j\|_t j\|t jd�\|d<�t j\|t jd�\|d<�y\|j \|��W�nV�t j!k �r��}�z6\|j"\}} \|t j#k�r�td\|��d��nt\|��W�Y�d�d�}~X�nX�d�S�)Nr;��)r<��r=��r>��zsAMAccountName=%sz(msDS-AllowedToActOnBehalfOfOtherIdentity)r?��r��r@��r��z Unable to find account name '%s'r��)rA��z@Attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'z' not present!zWSecurity Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'z' could not be unmarshalled!zkDACL not present on Security Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'z'!rz��zUnable to find principal name 'ry��r{��zutf-8c��s��g�\|�]}\|j��kr\|�qS�r8��)r#��)r\|��r2��)r}��r8��r9�� <listcomp>}��s��z4cmd_delegation_del_principal.run.<locals>.<listcomp>z"Unable to find ACE for principal 'z\' in Security Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'z'.r��r��zRRefused to update attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'z:': a conflicting attribute update occurred simultaneously.)$rB��rC��r��rD��rE��rF��r��r��r ��r$��r%��rG��rH��r(��r��rI��r��r��rO��rP��r��r��r��r��r"��r��r��rq��r)��rr��rw��rs��rt��r&��r'��r��)r.��r��rp��r��r��r��r��r>��rQ��rR��rS��r/��rT��r6��r��r��r��r��r��r��Zold_acesr"��r��ru��r4��r5��r8��)r}��r9��rW��9��s�� z cmd_delegation_del_principal.run)NNNN)rX��rY��rZ��r[��r\��r]��r^��r_��r`��ra��r ��rK��rb��rc��rW��r8��r8��r8��r9��r��'��s�� r��c��@��sZ��e�Zd�ZdZi�Ze��ed<�e��ed<�e��ed<�e��ed<�e ��ed<�e ��ed<�e��ed<�d S�) �cmd_delegationzDelegation management.Zshowzfor-any-servicezfor-any-protocolzadd-servicezdel-servicez add-principalz del-principalN)rX��rY��rZ��r[��Zsubcommandsr��rd��rn��ro��rv��rx��r��r8��r8��r8��r9��r��s�� r��)Zsamba.getoptZgetoptr]��r%��Zsambar��r��Zsamba.samdbr��Z samba.authr��Zsamba.dcerpcr��Z samba.ndrr��r��Zsamba.netcmd.commonr ��Zsamba.netcmdr ��r��r��r ��r��rd��rn��ro��rv��rx��r��r��r8��r8��r8��r9��<module>��s(�� 6677��

| ver. 1.1 | | . | PHP 8.3.30 | Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ ÑÑ‚Ñ€Ð°Ð½Ð¸Ñ†Ñ‹: 0 | proxy | phpinfo | ÐÐ°ÑÑ‚Ñ€Ð¾Ð¹ÐºÐ°