Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€

Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€ - Ð ÐµÐ´Ð°ÐºÑ‚Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ - /usr/lib64/python3.6/site-packages/samba/gp/__pycache__/gpclass.cpython-36.opt-1.pyc

ÐÐ°Ð·Ð°Ð´
3 � �i\��@��sl��d�dl�Z�d�dlZd�dlZd�dlZd�dlZd�dlZe�jjd�d��d�dlm Z m Z �d�dlmZ�d�dl mZ�d�dlZd�dlmZ�d�dlmZmZ�d�dljjZd�dlZd�dlmZ�d�d lmZ�d�d lmZ�d�dl j!Z!d�dl"m#Z#�d�dl$m%Z%�d�d l&m'Z'�d�dlm(Z(�d�dlm)Z)�d�dlm+Z+m,Z,�d�dl-m.Z.�d�dl/m0Z0�d�dl1m2Z2�d�dl3Z3d�dlm4Z4�d�dl5m6Z6�d�dl7m8Z8�d�dl9Z9d�dl:m;Z;m<Z<m=Z=m>Z>m?Z?m@Z@�d�dl7mAZAmBZBmCZC�d�dlmDZD�d�dlEZd�dlmFZF�yd�dlGmHZH�eHdd�ZIW�n$�eJk �r��G�dd��d�ZIY�nX�G�dd ��d �ZKG�d!d"��d"�ZLG�d#d$��d$eM�ZNG�d%d&��d&eN�ZOG�d'd(��d(eN�ZPG�d)d��deN�ZQG�d+d,��d,eM�ZRG�d-d.��d.eR�ZSd/d0��ZTd1d2��ZUd3d4��ZVG�d5d6��d6�ZWd7d8��ZXd9d:��ZYd;d<��ZZd=d>��Z[d?d@��Z\dAdB��Z]dCdD��Z^dEdF��Z_dGdH��Z`dIdJ��ZadKdL��ZbdhdNdO�ZcdPdQ��ZddidSdT�ZedUdV��ZfdWdX��ZgdYdZ��Zhd[d\��Zidjd^d_�Zjdkd`da�Zkdldbdc�Zlddde��Zmdfdg��ZndS�)m��Nz bin/python)� NTSTATUSError�WERRORError)�ConfigParser)�StringIO)� get_bytes)�ABCMeta�abstractmethod)�Net)�nbt)�libsmb_samba_internal)�LoadParm)�UUID)�NamedTemporaryFile)�preg)�misc)�ndr_pack� ndr_unpack)�SMB_SIGNING_REQUIRED)�log)�blake2b)� get_string)�SamDB)�system_session)�UF_WORKSTATION_TRUST_ACCOUNT�UF_SERVER_TRUST_ACCOUNT�GPLINK_OPT_ENFORCE�GPLINK_OPT_DISABLE�GPO_INHERIT�GPO_BLOCK_INHERITANCE)� AUTH_SESSION_INFO_DEFAULT_GROUPS�AUTH_SESSION_INFO_AUTHENTICATED�#AUTH_SESSION_INFO_SIMPLE_PRIVILEGES)�security)�netlogon)�Enum�GPOSTATEzAPPLY ENFORCE UNAPPLYc��@��s��e�Zd�ZdZdZdZdS�)r%��N)�__name__� __module__�__qualname__�APPLY�ENFORCE�UNAPPLY��r/��r/��/usr/lib64/python3.6/gpclass.pyr%��=��s��c��@��sj��e�Zd�ZdZddd�Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zdd��Zdd��Z dd��ZdS�)�gp_loga[�� Log settings overwritten by gpo apply The gp_log is an xml file that stores a history of gpo changes (and the original setting value). The log is organized like so: <gp> <user name="KDC-1$"> <applylog> <guid count="0" value="{31B2F340-016D-11D2-945F-00C04FB984F9}" /> </applylog> <guid value="{31B2F340-016D-11D2-945F-00C04FB984F9}"> <gp_ext name="System Access"> <attribute name="minPwdAge">-864000000000</attribute> <attribute name="maxPwdAge">-36288000000000</attribute> <attribute name="minPwdLength">7</attribute> <attribute name="pwdProperties">1</attribute> </gp_ext> <gp_ext name="Kerberos Policy"> <attribute name="ticket_lifetime">1d</attribute> <attribute name="renew_lifetime" /> <attribute name="clockskew">300</attribute> </gp_ext> </guid> </user> </gp> Each guid value contains a list of extensions, which contain a list of attributes. The guid value represents a GPO. The attributes are the values of those settings prior to the application of the GPO. The list of guids is enclosed within a user name, which represents the user the settings were applied to. This user may be the samaccountname of the local computer, which implies that these are machine policies. The applylog keeps track of the order in which the GPOs were applied, so that they can be rolled back in reverse, returning the machine to the state prior to policy application. Nc��C��sl��t�j\|�_\|\|�_\|\|�_\|r&tj\|�\|�_ntjd�\|�_\|\|�_ \|�jj d\|��}\|dkrhtj\|�jd�}\|\|jd<�dS�)ag�� Initialize the gp_log param user - the username (or machine name) that policies are being applied to param gpostore - the GPOStorage obj which references the tdb which contains gp_logs param db_log - (optional) a string to initialize the gp_log Zgpzuser[@name="%s"]N�user�name) r%��r,��_state�gpostore�username�etree� fromstring�gpdbZElementr2��find� SubElement�attrib)�selfr2��r5��Zdb_log�user_objr/��r/��r0��__init__i��s��zgp_log.__init__c��C��sV��\|t�jkrL\|�jjd\|�j��}\|jd�}\|dks:t\|�dkrDt�j\|�_qR\|\|�_n\|\|�_dS�)a(�� Policy application state param value - APPLY, ENFORCE, or UNAPPLY The behavior of the gp_log depends on whether we are applying policy, enforcing policy, or unapplying policy. During an apply, old settings are recorded in the log. During an enforce, settings are being applied but the gp_log does not change. During an unapply, additions to the log should be ignored (since function calls to apply settings are actually reverting policy), but removals from the log are allowed. zuser[@name="%s"]�applylogNr��)r%��r-��r9��r:��r2��lenr,��r4��)r=��valuer>�� apply_logr/��r/��r0��state~��s�� zgp_log.statec��C��s��\|�j�S�)zCheck the GPOSTATE )r4��)r=��r/��r/��r0�� get_state��s��zgp_log.get_statec��C��s��\|\|�_�\|�jjd\|�j��}\|jd\|��}\|dkrDtj\|d�}\|\|jd<�\|�jtj kr�\|jd�}\|dkrntj\|d�}\|jd\|��}\|dkr�tj\|d�}dt \|�d��\|jd <�\|\|jd<�dS�) z� Log to a different GPO guid param guid - guid value of the GPO from which we're applying policy zuser[@name="%s"]zguid[@value="%s"]N�guidrB��r@��z%dr&��count)rF��r9��r:��r2��r7��r;��r<��r4��r%��r,��rA��)r=��rF��r>��objrC��prev�itemr/��r/��r0��set_guid��s�� zgp_log.set_guidc��C��s��\|�j�tjks\|�j�tjkrdS�\|�jjd\|�j��}\|jd\|�j��}\|jd\|��}\|dkrjtj \|d�}\|\|j d<�\|jd\|��}\|dkr�tj \|d�}\|\|j d<�\|\|_dS�) a�� Store an attribute in the gp_log param gp_ext_name - Name of the extension applying policy param attribute - The attribute being modified param old_val - The value of the attribute prior to policy application Nzuser[@name="%s"]zguid[@value="%s"]zgp_ext[@name="%s"]�gp_extr3��zattribute[@name="%s"]� attribute)r4��r%��r.��r-��r9��r:��r2��rF��r7��r;��r<��text)r=��gp_ext_namerM��old_valr>��guid_obj�ext�attrr/��r/��r0��store��s�� zgp_log.storec��C��sX��\|�j�jd\|�j��}\|jd\|�j��}\|jd\|��}\|dk rT\|jd\|��}\|dk rT\|jS�dS�)a-�� Retrieve a stored attribute from the gp_log param gp_ext_name - Name of the extension which applied policy param attribute - The attribute being retrieved return - The value of the attribute prior to policy application zuser[@name="%s"]zguid[@value="%s"]zgp_ext[@name="%s"]Nzattribute[@name="%s"])r9��r:��r2��rF��rN��)r=��rO��rM��r>��rQ��rR��rS��r/��r/��r0��retrieve��s��zgp_log.retrievec��C��sT��\|�j�jd\|�j��}\|jd\|�j��}\|jd\|��}\|dk rP\|jd�}dd��\|D��S�i�S�)a�� Retrieve all stored attributes for this user, GPO guid, and CSE param gp_ext_name - Name of the extension which applied policy return - The values of the attributes prior to policy application zuser[@name="%s"]zguid[@value="%s"]zgp_ext[@name="%s"]NrM��c��S��s��i�\|�]}\|j�\|jd��qS�)r3��)rN��r<��)�.0rS��r/��r/��r0�� <dictcomp>��s��z'gp_log.retrieve_all.<locals>.<dictcomp>)r9��r:��r2��rF��findall)r=��rO��r>��rQ��rR��attrsr/��r/��r0��retrieve_all��s�� zgp_log.retrieve_allc��C��sl��g�}\|�j�jd\|�j��}\|dk rh\|jd�}\|dk rh\|jd�}dd��\|D��}\|jdd��\|jd d ��\|D��\|S�)z� Return a list of applied ext guids return - List of guids for gpos that have applied settings to the system. zuser[@name="%s"]Nr@��zguid[@count]c��S��s ��g�\|�]}\|j�d��\|j�d�f�qS�)rG��rB��)�get)rV��gr/��r/��r0�� <listcomp>��s��z,gp_log.get_applied_guids.<locals>.<listcomp>T)�reversec��s��s��\|�]\}}\|V��qd�S�)Nr/��)rV��rG��rF��r/��r/��r0�� <genexpr>��s��z+gp_log.get_applied_guids.<locals>.<genexpr>)r9��r:��r2��rX��sort�extend)r=��guidsr>��rC��Z guid_objsZguids_by_countr/��r/��r0��get_applied_guids��s�� zgp_log.get_applied_guidsc��C��s��g�}\|�j�jd\|�j��}x~\|D�]v}\|jd\|��}\|jd�}i�}xF\|D�]>}i�} \|jd�} x\| D�]}\|j\| \|jd�<�qZW�\| \|\|jd�<�qBW�\|j\|\|f��qW�\|S�)ai�� Return a list of applied ext guids return - List of tuples containing the guid of a gpo, then a dictionary of policies and their values prior policy application. These are sorted so that the most recently applied settings are removed first. zuser[@name="%s"]zguid[@value="%s"]rL��rM��r3��)r9��r:��r2��rX��rN��r<��append)r=��rb��retr>��rF��Z guid_settingsZexts�settingsrR��Z attr_dictrY��rS��r/��r/��r0��get_applied_settings��s�� zgp_log.get_applied_settingsc��C��sr��\|�j�jd\|�j��}\|jd\|�j��}\|jd\|��}\|dk rn\|jd\|��}\|dk rn\|j\|��t\|�dkrn\|j\|��dS�)z� Remove an attribute from the gp_log param gp_ext_name - name of extension from which to remove the attribute param attribute - attribute to remove zuser[@name="%s"]zguid[@value="%s"]zgp_ext[@name="%s"]Nzattribute[@name="%s"]r��)r9��r:��r2��rF��removerA��)r=��rO��rM��r>��rQ��rR��rS��r/��r/��r0��delete��s�� z gp_log.deletec��C��s��\|�j�j\|�jtj\|�jd��dS�)z Write gp_log changes to disk zutf-8N)r5��rT��r6��r7��Ztostringr9��)r=��r/��r/��r0��commit��s��z gp_log.commit)N)r)��r��r+��__doc__r?��rD��rE��rK��rT��rU��rZ��rc��rg��ri��rj��r/��r/��r/��r0��r1��C��s��% r1��c��@��s\��e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd d��Z dd��Z dd��Zdd��ZdS�)� GPOStoragec��C��s:��t�jj\|�rtj\|�\|�_ntj\|dtjt�jt�j B��\|�_d�S�)Nr��) �os�path�isfile�tdb�openr��ZTdbZDEFAULT�O_CREAT�O_RDWR)r=��Zlog_filer/��r/��r0��r?��"��s��zGPOStorage.__init__c��C��s��\|�j�j��d�S�)N)r��Ztransaction_start)r=��r/��r/��r0��start(��s��zGPOStorage.startc��C��s.��yt�\|�jjt\|��S��tk r(��d�S�X�d�S�)N)�intr��r[��r�� TypeError)r=��keyr/��r/��r0��get_int+��s��zGPOStorage.get_intc��C��s��\|�j�jt\|��S�)N)r��r[��r��)r=��rw��r/��r/��r0��r[��1��s��zGPOStorage.getc��C��s��t�\|\|�\|�jjt\|��S�)N)r1��r��r[��r��)r=��r2��r/��r/��r0�� get_gplog4��s��zGPOStorage.get_gplogc��C��s��\|�j�jt\|�t\|��d�S�)N)r��rT��r��)r=��rw��valr/��r/��r0��rT��7��s��zGPOStorage.storec��C��s��\|�j�j��d�S�)N)r��Ztransaction_cancel)r=��r/��r/��r0��cancel:��s��zGPOStorage.cancelc��C��s��\|�j�jt\|��d�S�)N)r��ri��r��)r=��rw��r/��r/��r0��ri��=��s��zGPOStorage.deletec��C��s��\|�j�j��d�S�)N)r��Ztransaction_commit)r=��r/��r/��r0��rj��@��s��zGPOStorage.commitc��C��s��\|�j�j��d�S�)N)r��close)r=��r/��r/��r0��__del__C��s��zGPOStorage.__del__N) r)��r��r+��r?��rt��rx��r[��ry��rT��r{��ri��rj��r}��r/��r/��r/��r0��rl��!��s��rl��c��@��sP��e�Zd�ZeZdd��Zedd��Zedd��Zdd��Z ed d ��Z edd��Zd S�)rL��c��C��s"��\|\|�_�\|\|�_\|\|�_\|j\|�\|�_d�S�)N)�lp�credsr6��ry��gp_db)r=��r~��r��r6��rT��r/��r/��r0��r?��J��s��zgp_ext.__init__c��C��s��d�S�)Nr/��)r=��Zdeleted_gpo_listZchanged_gpo_listr/��r/��r0��process_group_policyP��s��zgp_ext.process_group_policyc��C��s��d�S�)Nr/��)r=��policyr/��r/��r0��readT��s��zgp_ext.readc��C��s<��\|�j�jd�}tjj\|t\|�j��}tjj\|�r8\|�j\|�S�d�S�)N� gpo_cache) r~�� cache_pathrm��rn��join�check_safe_path�upper�existsr��)r=��ZafileZ local_path� data_filer/��r/��r0��parseX��s �� zgp_ext.parsec��C��s��d�S�)Nr/��)r=��r/��r/��r0��__str___��s��zgp_ext.__str__c��C��s��i�S�)Nr/��)r=��gpor/��r/��r0��rsopc��s��zgp_ext.rsopN)r)��r��r+��r�� __metaclass__r?��r��r��r��r��r��r��r/��r/��r/��r0��rL��G��s��rL��c��@��s��e�Zd�Zdd��ZdS�)� gp_inf_extc��C��sb��t�\|d�j��}td�d�}t\|_y\|jt\|j��W�n(�tk r\��\|jt\|jd��Y�nX�\|S�)N�rb)� interpolationzutf-16) rq��r��r��strZoptionxformZreadfpr��decode�UnicodeDecodeError)r=��r��r��Zinf_confr/��r/��r0��r��i��s�� zgp_inf_ext.readN)r)��r��r+��r��r/��r/��r/��r0��r��h��s��r��c��@��s��e�Zd�Zdd��ZdS�)� gp_pol_extc��C��s��t�\|d�j��}ttj\|�S�)Nr��)rq��r��r��r��file)r=��r��rawr/��r/��r0��r��u��s��zgp_pol_ext.readN)r)��r��r+��r��r/��r/��r/��r0��r��t��s��r��c��@��s��e�Zd�Zdd��ZdS�)� gp_xml_extc��C��sB��t�\|d�j��}ytj\|j��S��tk r<��tj\|jd��S�X�d�S�)Nr��zutf-16)rq��r��r7��r8��r��r��)r=��r��r��r/��r/��r0��r��{��s ��zgp_xml_ext.readN)r)��r��r+��r��r/��r/��r/��r0��r��z��s��r��c��@��sn��e�Zd�ZdZeZdd��Zdd��Zdd��Zdd ��Z d d��Z dd ��Zdd��Ze dd��Ze dd��Zddd�ZdS�)� gp_applierz�Group Policy Applier/Unapplier/Modifier The applier defines functions for monitoring policy application, removal, and modification. It must be a multi-derived class paired with a subclass of gp_ext. c��C��s.��\|�j�j\|��\|�j�jt\|��\|\|��\|�j�j��dS�)aL��Add an attribute and value to the Group Policy cache guid - The GPO guid which applies this policy attribute - The attribute name of the policy being applied value - The value of the policy being applied Normally called by the subclass apply() function after applying policy. N)r��rK��rT��r��rj��)r=��rF��rM��rB��r/��r/��r0��cache_add_attribute��s��zgp_applier.cache_add_attributec��C��s,��\|�j�j\|��\|�j�jt\|��\|��\|�j�j��dS�)a��Remove an attribute from the Group Policy cache guid - The GPO guid which applies this policy attribute - The attribute name of the policy being unapplied Normally called by the subclass unapply() function when removing old policy. N)r��rK��ri��r��rj��)r=��rF��rM��r/��r/��r0��cache_remove_attribute��s��z!gp_applier.cache_remove_attributec��C��s��\|�j�j\|��\|�j�jt\|��\|�S�)z�Retrieve the value stored in the cache for the given attribute guid - The GPO guid which applies this policy attribute - The attribute name of the policy )r��rK��rU��r��)r=��rF��rM��r/��r/��r0��cache_get_attribute_value��s��z$gp_applier.cache_get_attribute_valuec��C��s��\|�j�j\|��\|�j�jt\|��S�)z�Retrieve all attribute/values currently stored for this gpo+policy guid - The GPO guid which applies this policy )r��rK��rZ��r��)r=��rF��r/��r/��r0��cache_get_all_attribute_values��s��z)gp_applier.cache_get_all_attribute_valuesc��C��s ��\|�j�j��S�)zSReturn the current apply state return - APPLY\|ENFORCE\|UNAPPLY )r��rE��)r=��r/��r/��r0��cache_get_apply_state��s��z gp_applier.cache_get_apply_statec��G��s��dj�dd��\|�D��}tt\|�\|��j��S�)a"��Generate an attribute name from arbitrary data name - A name to ensure uniqueness args - Any arbitrary set of args, str or bytes return - A blake2b digest of the data, the attribute The importance here is the digest of the data makes the attribute reproducible and uniquely identifies it. Hashing the name with the data ensures we don't falsely identify a match which is the same text in a different file. Using this attribute generator is optional. ��c��S��s��g�\|�]}t�\|��qS�r/��)r��)rV��argr/��r/��r0��r]��s��z1gp_applier.generate_attribute.<locals>.<listcomp>)r��r��r�� hexdigest)r=��r3��args�datar/��r/��r0��generate_attribute��s��zgp_applier.generate_attributec��G��s"��dj�dd��\|�D��}t\|�j��S�)z�Generate a unique value which identifies value changes args - Any arbitrary set of args, str or bytes return - A blake2b digest of the data, the value represented r��c��S��s��g�\|�]}t�\|��qS�r/��)r��)rV��r��r/��r/��r0��r]��s��z2gp_applier.generate_value_hash.<locals>.<listcomp>)r��r��r��)r=��r��r��r/��r/��r0��generate_value_hash��s��zgp_applier.generate_value_hashc��C��s��dS�)z�Group Policy Unapply guid - The GPO guid which applies this policy attribute - The attribute name of the policy being unapplied value - The value of the policy being unapplied Nr/��)r=��rF��rM��rB��r/��r/��r0��unapply��s��zgp_applier.unapplyc��G��s��dS�)a��Group Policy Apply guid - The GPO guid which applies this policy attribute - The attribute name of the policy being applied applier_func - An applier function which takes variable args args - The variable arguments to pass to applier_func The applier_func function MUST return the value of the policy being applied. It's important that implementations of `apply` check for and first unapply any changed policy. See for example calls to `cache_get_all_attribute_values()` which searches for all policies applied by this GPO for this Client Side Extension (CSE). Nr/��)r=��rF��rM��applier_funcr��r/��r/��r0��apply��s��zgp_applier.applyNc��K��s��\|dkrg�}\|dkrg�}t�\|�tkrL\|�j\|\|�}\|dk r�\|�j\|\|\|f\|��nZ\|�j\|�}xN\|j��D�]B\}}t\|�dkr\|\|\|ks�t\|�dkr`\|\|kr`\|�j\|\|\|f\|��q`W�dS�)al��Cleanup old removed attributes keep - A list of attributes to keep remove - A single attribute to remove, or a list of attributes to remove kwargs - Additional keyword args required by the subclass unapply function This is only necessary for CSEs which provide multiple attributes. Nr��)�type�listr��r��r��itemsrA��)r=��rF��Zkeeprh��kwargsrB��Zold_valsrM��r/��r/��r0��clean��s�� zgp_applier.clean)NN)r)��r��r+��rk��r��r��r��r��r��r��r��r��r��r��r��r��r��r/��r/��r/��r0��r��s�� r��c��@��s8��e�Zd�ZdZdd��Zdd��Zd dd�Zdd �d d�ZdS�)�gp_file_applierz�Group Policy File Applier/Unapplier/Modifier Subclass of abstract class gp_applier for monitoring policy applied via a file. c��C��s��\|g}\|j�\|��\|j\|�S�)N)ra��r��)r=�� value_hash�files�sepr��r/��r/��r0��Z__generate_value ��s�� z gp_file_applier.__generate_valuec��C��sV��\|dkrdg�fS�\|j�\|�}d\|d�kr.d\|fS�\|d�t\|�dkrL\|dd��ng�fS�dS�)zYParse a value return - A unique HASH, followed by the file list N�/r��r&��)�splitrA��)r=��rB��r��r��r/��r/��r0��Z __parse_value��s�� zgp_file_applier.__parse_value�:c��C��sP��t�\|�tkr\|�j\|\|�\}}x"\|D�]}tjj\|�r"tj\|��q"W�\|�j\|\|��d�S�)N)r��r��_gp_file_applier__parse_valuerm��rn��r��unlinkr��)r=��rF��rM��r��r��_r��r/��r/��r0��r��s�� zgp_file_applier.unapply)r��c��G��s��\|�j�\|\|�}\|�j\|\|�\}} \|\|ksF\|�j��tjksFtdd��\| D��rV\|�j\|\|\| ��ndS�\|\|��} \|�j\|\| \|�}\|�j\|\|\|��dS�)a(�� applier_func MUST return a list of files created by the applier. This applier is for policies which only apply to a single file (with a couple small exceptions). This applier will remove any policy applied by this GPO which doesn't match the new policy. c��S��s��g�\|�]}t�jj\|��qS�r/��)rm��rn��r��)rV��fr/��r/��r0��r]��4��s��z)gp_file_applier.apply.<locals>.<listcomp>N) r��r��r��r%��r-��allr�� _gp_file_applier__generate_valuer��)r=��rF��rM��r��r��r��r��rP��Zold_val_hashZ old_val_filesr��Z new_valuer/��r/��r0��r��&��s�� zgp_file_applier.applyN)r��)r)��r��r+��rk��r��r��r��r��r/��r/��r/��r0��r��s �� r��c��C��s.��t�\|�\|d�}\|j\|jd�tjtjB�d�}\|jS�)N)r��r~��realm)�domain�flags)r ��finddcr[��r ��NBT_SERVER_LDAP� NBT_SERVER_DSZpdc_dns_name)r��r~��net� cldap_retr/��r/��r0��get_dc_hostnameC��s��r��c��C��s.��t�\|�\|d�}\|j\|jd�tjtjB�d�}\|jS�)N)r��r~��r��)r��r��)r ��r��r[��r ��r��r��Zpdc_name)r��r~��r��r��r/��r/��r0��get_dc_netbios_hostnameI��s��r��c�� C��s��t�j��}ddddddddd d dg}\|jd�r6\|jd�}tjtjB�tjB�}y \|�j\|t j d \|d\|�gd�}W�n �tk r��tj d��Y�nX�\|jdkr�t jt jd��\|\|_d\|jd�j��kr�t\|jd�d�d��\|_d\|jd�j��kr�t\|jd�d�d��\|_d\|jd�j��k�r(\|jd�d�d�j��\|_d\|jd�j��k�rT\|jd�d�d�j��\|_d \|jd�j��k�r�\|jd�d �d�j��\|_d\|jd�j��k�r�t\|jd�d�d��\|_d\|jd�j��k�r�t\|jd�d�d��\|_d \|jd�j��k�r\|jt\|jd�d �d��\|S�)NZcnZdisplayNamer��ZgPCFileSysPathZgPCFunctionalityVersionZgPCMachineExtensionNamesZgPCUserExtensionNamesZgPCWQLFilterr3��ZnTSecurityDescriptorZ versionNumberzLDAP://z(objectclass=)z sd_flags:1:%d)Zcontrolsz4Failed to fetch gpo object with nTSecurityDescriptorr&��zget_gpo: search failedr��) r��GROUP_POLICY_OBJECT� startswith�lstripr"��Z SECINFO_OWNERZ SECINFO_GROUPZSECINFO_DACL�search�ldb� SCOPE_BASE� Exceptionr��errorrG��LdbError�ERR_NO_SUCH_OBJECTZds_path�msgs�keysru��versionZoptionsr�� file_sys_path�display_namer3��r��Zmachine_extensionsZuser_extensionsZset_sec_desc�bytes)�samdbZgpo_dnr\��rY��Zsd_flags�resr/��r/��r0��get_gpoS��sV�� r��c��@��s$��e�Zd�Zdd��Zdd��Zdd��ZdS�)�GP_LINKc��C��s$��g�\|�_�g�\|�_\|�j\|��t\|�\|�_d�S�)N)� link_names� link_opts�gpo_parse_gplinkru��gp_opts)r=��gPLink� gPOptionsr/��r/��r0��r?��s�� zGP_LINK.__init__c��C��s��xz\|j��jd�D�]h}\|sqtjd��\|jd�}\|jd�\}}tjdj\|��tjdj\|��\|�jj\|��\|�jjt \|��qW�d�S�)N�]z!gpo_parse_gplink: processing link�[�;zgpo_parse_gplink: link: {}zgpo_parse_gplink: opt: {}) r��r��r��debugr��formatr��rd��r��ru��)r=��r��pZ link_nameZlink_optr/��r/��r0��r��s�� zGP_LINK.gpo_parse_gplinkc��C��s&��t�\|�j�t�\|�j�krtd��t�\|�j�S�)NzLink names and opts mismatch)rA��r��r��RuntimeError)r=��r/��r/��r0�� num_links��s��zGP_LINK.num_linksN)r)��r��r+��r?��r��r��r/��r/��r/��r0��r��s��r��c��C��s��ddg}\|�j�\|�j��tjdj\|�\|�}\|jdkrBtjtjdj\|��t\|j d�d�d��}\|j d�d�}t jdj\|\|��\|\|fS�)N�dnZuserAccountControlz(sAMAccountName={})r&��z"Failed to find samAccountName '{}'r��z!Found dn {} for samaccountname {})r��get_default_basednr�� SCOPE_SUBTREEr��rG��r��r��ru��r��r��info)r��ZsamaccountnamerY��r��uacr��r/��r/��r0��find_samaccount��s�� r��c��C��s��\|�j�\|tjdddg�}\|jdkr.tjtjd��d\|jd�krPtjtjdj\|��\|jd�d�d�}d}d\|jd�kr�\|jd�d�d�}n t j d��t\|\|�S�) Nz(objectclass=)r��r��r&��zget_gpo_link: no resultr��z2get_gpo_link: no 'gPLink' attribute found for '{}'z,get_gpo_link: no 'gPOptions' attribute found)r��r��r��rG��r��r��r��ZERR_NO_SUCH_ATTRIBUTEr��r��r��r��)r��link_dnr��r��r��r/��r/��r0��get_gpo_link��s�� r��c��C��s��x�t�\|j��d�d d�D��]x}\|j\|�t@�dk} \|j\|�t@�rJtjd��q\|rj\| s`tjd��qn tjd��yt\|�\|j\|��} W�n`�t j k r��}�zB\|j\}} tjd\|j\|��\|t jkr�tjd\|j\|��wd�S�d�}~X�qX�y2t tj\| j��}tjj\|\|tjtjB�tjB��W�n6�tk �rH�}�ztjd\| j��wW�Y�d�d�}~X�nX�t\|�\| _\|\| _\| �rn\|jd\| ��n\|jd\| ��tjd \|\|j\|�f��qW�d�S�)Nr&��r��zskipping disabled GPOzNskipping nonenforced GPO link because GPOPTIONS_BLOCK_INHERITANCE has been setzNadding enforced GPO link although the GPOPTIONS_BLOCK_INHERITANCE has been setzfailed to get gpo: %szskipping empty gpo: %sz/skipping GPO "%s" as object has no access to itz7add_gplink_to_gpo_list: added GPLINK #%d %s to GPO list��r��)�ranger��r��r��r��r��r��r��r��r��r��r��r��r��r"��Z descriptorZget_sec_desc_buf�sambaZaccess_checkZSEC_STD_READ_CONTROLZSEC_ADS_LISTZSEC_ADS_READ_PROPr��r��r��link� link_type�insert)r��gpo_list�forced_gpo_listr��gp_linkr��Zonly_add_forced_gpos�token�iZ is_forcedZnew_gpo�e�enum�estrZsec_descr/��r/��r0��add_gplink_to_gpo_list��sH�� r��c��C��s<��\|�j�}\|j\|j��\|\|�_�\|��j\|jO��_\|��j\|jO��_\|�S�)N)�sidsra��Zrights_maskZprivilege_mask)Ztoken_1Ztoken_2r��r/��r/��r0��merge_nt_token��s��r��c��C��s��\|�j��}y(tjd\|�\|\|�}\|j\|�}dj\|\|�S��tk r��t\|\|�}\|�j\|tjd\|�dg�} \| j dkrztj tjd��\| jd�d�} \| j ��j ��}\|S�X�d�S�)Nzncacn_np:%s[seal]zCN={},CN=Sites,{}z(cn=%s)r��r&��zsite_dn_for_machine: no resultr��)Zget_config_basednr#��Znetr_DsRGetSiteNamer��r��r��r��r��r��rG��r��r��r��parent)r��dc_hostnamer~��r��ZhostnameZconfig_context�cZ site_nameZnb_hostnamer��r��site_dnr/��r/��r0��site_dn_for_machine��s�� r��c��C��s��g�}g�}d\|��}t�\|t��\|\|d�}t\|\|jd�d��\}} d} ttB�}\|jd�rX\|tO�}tj j \|\|\| \|d�}d} \|t@�s�\|t@�r�d} t \|jt��j�}n\|j}\| j��}x�t\|�t\|j��j��kr�P�\|jd �d k�rPytjd\|��t\|\|�}W�n:�tjk �r&�}�z\|j\}}tj\|��W�Y�dd}~X�nX�t\|\|\|\|\|tj\| \|��\|jt@��rPd} \|j��}q�W�\| j��}x�t\|�t\|j��j��k�r�P�\|jd �d k�rytjd\|��t\|\|�}W�n:�tjk �r��}�z\|j\}}tj\|��W�Y�dd}~X�nX�t\|\|\|\|\|tj\| \|��\|jt@��rd} \|j��}�qfW�\| �r�y�t\|\|�\|\|\|�}ytjd\|��t\|\|�}W�n:�tjk �r��}�z\|j\}}tj\|��W�Y�dd}~X�nX�t\|\|\|\|\|tj \| \|��W�n�tjk �r��Y�nX�\|j!d tj"ddtj#��\|\|�S�)a3��Get the full list of GROUP_POLICY_OBJECTs for a given username. Push GPOs to gpo_list so that the traversal order of the list matches the order of application: (L)ocal (S)ite (D)omain (O)rganizational(U)nit For different domains and OUs: parent-to-child. Within same level of domains and OUs: Link order. Since GPOs are pushed to the front of gpo_list, GPOs have to be pushed in the opposite order of application (OUs first, local last, child-to-parent). Forced GPOs are appended in the end since they override all others. zldap://)�urlZsession_infoZcredentialsr~��\r&��FZldap)Zlp_ctxr��session_info_flagsTr��ZOUz%get_gpo_list: query OU: [%s] for GPOsNZDCz%get_gpo_list: query DC: [%s] for GPOsz'get_gpo_list: query SITE: [%s] for GPOszLocal Policyr��)$r��r��r��r��r��r ��r��r!��r��ZauthZuser_sessionr��r��r��Zsecurity_tokenr��r��r��Zget_component_namer��r��r��r��r��r��r��r��Z GP_LINK_OUr��r��ZGP_LINK_DOMAINr��ZGP_LINK_SITEr��r��Z GP_LINK_LOCAL)r��r��r~��r6��r��r��r��r��r��r��Zadd_only_forced_gposr��ZsessionZgpo_list_machiner��Z parent_dnr��r��r��r��r��r/��r/��r0��get_gpo_list ��s�� r ��c�� C��s��\|j��}tjj\|\|�}ytj\|dd��W�n0�tk rX�}�z\|jtjkrH��W�Y�d�d�}~X�nX�x�\|�j\|�D�]�}\|d�t j @�r�t\|�\|tjj\|\|d��qf\|d�j��}td\|d�}tjj\|\|d��j dd�} \|j\|�j\| ��\|j��tj\|jtjj\|\|��qfW�d�S�) Ni��)�moder<��r3��F)ri��dirr��r��)r��rm��rn��r��makedirs�OSError�errnoZEEXISTr��libsmb�FILE_ATTRIBUTE_DIRECTORY� cache_gpo_dirr��replace�writeZloadfiler\|��renamer3��) �conn�cacheZsub_dirZloc_sub_dirZ local_dirr��ZfdataZ local_namer��Zfnamer/��r/��r0��r��s ��r��c��C��s^��t�jd\|��}d\|�j��kr>t�jd\|�j��}\|\|jd�d�d��}d\|krRtjj\|��S�t\|��d�S�)Nz/\|\\�sysvolr&��z..)�rer��lower�indexrm��rn��r��r ��)rn��dirsZldirsr/��r/��r0��r��s��r��c��C��sd��\|j��}\|jt��tj\|�d\|\|d�}\|j\|��\|jd�}x&\|D�]}\|jsJq>t\|\|t\|j��q>W�d�S�)Nr��)r~��r��r��) Zget_smb_signingZset_smb_signingr��r��ZConnr��r��r��r��)r��r~��r��gposZsaved_signing_stater��r��gpo_objr/��r/��r0��check_refresh_gpo_list��s�� r��c��s6��\|�j��}tdd��\|D��fdd�\|D��}\|�j\|�S�)Nc��S��s��g�\|�] }\|j��qS�r/��)r3��)rV��r��r/��r/��r0��r]��s��z)get_deleted_gpos_list.<locals>.<listcomp>c��s��g�\|�]}\|��kr\|�qS�r/��r/��)rV��rF��)� current_guidsr/��r0��r]��s��)rc��setrg��)r��r��Zapplied_gposZdeleted_gposr/��)r��r0��get_deleted_gpos_list��s��r!��c��C��s&��\|�j�tjjd\|��}ttj\|�d��S�)Nr��r&��)r��rm��rn��r��ru��r��Zgpo_get_sysvol_gpt_version)r~��rn��Zgpt_pathr/��r/��r0��gpo_version��s��r"��Fc��C��s��\|j�\|�}t\|\|��}t\|\|\|�\|�} t\|\| �} yt\|\|�\|\| ��W�n��tjd\|��d�S�\|rn\| }\|jtj ��njg�}xX\| D�]P}\|j s�qx\|j} t\|j �j ��}t\|�\|�}\|\|j\| �krxtjd\| ��\|j\|��qxW�\|jtj��\|j��x�\|D�]�}y:\|\|�\|\|\|�}\|dk�r\|j\| \|��nt\|\|j\| \|��W�q��tk �r��}�z^tjdt\|��tj��\}}}tj\|�d�\}}}}tjd\|\|t\|�jt\|�f��w�W�Y�d�d�}~X�q�X�q�W�xH\| D�]@}\|j �s��q�\|j} t\|j �j ��}t\|�\|�}\|j\| d\|��q�W�\|j��d�S�) Nz0Failed downloading gpt cache from '%s' using SMBzGPO %s has changed�ComputerzFailed to apply extension %sr&��z %s:%d: %s: %sz%ir��) ry��r��r ��r!��r��r��r��rD��r%��r-��r��r3��r��r��r"��rx��r��rd��r,��rt��r��drop_privilegesr��r��sys�exc_info� traceback� extract_tbr��r)��rT��rj��)r~��r��rT�� gp_extensionsr6��target�forcer��r��r��del_gposZchanged_gposr��rF��rn��r��rR��r��r��tb�filenameZline_numberr/��r/��r0��apply_gp��s^�� r/��c�� C��s��\|j�\|�}\|jtj��\|j\|j��}\|j��x�\|D�]�}y8\|\|�\|\|\|�}\|dkr\\|j\|g��nt\|\|j\|g��W�q2�t k r��} �z,t jdt\|��t jdt\| ��w2W�Y�d�d�} ~ X�q2X�q2W�\|j ��d�S�)Nr#��zFailed to unapply extension %sz Message was: )ry��rD��r%��r.��rg��rc��rt��r��r$��r��r��r��r��rj��) r~��r��rT��r)��r6��r��r��r,��rR��r��r/��r/��r0�� unapply_gp��s �� r0��c��s��t�\|��tkr0��fdd�\|�j��D��}ddj\|��S�t�\|��tkr\��fdd�\|�D��}ddj\|��S�t\|�tj�r\|d��d��t\|��S�d��d��t \|��S�d�S�)Nc�� s.��g�\|�]&\}}d��d\|t�\|��d��f��qS�)� z[ %s ] = %sr'��)�__rsop_vals)rV��k�v)�levelr/��r0��r]�� s��z__rsop_vals.<locals>.<listcomp>� c��s&��g�\|�]}d��dt�\|��d��qS�)r2��z[ %s ]r'��)r3��)rV��r5��)r6��r/��r0��r]�� s��r2��r'��) r��dictr��r��r�� isinstance�numbers�Numberr��r��)�valsr6��re��r/��)r6��r0��r3��s�� r3��c�� C��s��t�\|\|��}t\|\|\|�\|�}t\|\|�\|\|��td��td\|��tjdd�d�}�xT\|D��]J} \| jj��dkrhqRtd\| j��td \|��x\|D��]�} \| \|�\|\|\|�} tj d t t\| ��}t\|�dkr�\|d�j d�d�}n\| jj d�d�}td \|��tddt\|d��xj\| j\| �j��D�]X\} }td\| ��tddt\|d��tt\|�jd��tddt\|d��qW�tddt\|d��q�W�tdd \|��qRW�d�S�)NzResultant Set of Policyz %s Policy �x��2��)Zfallbackr��zLocal PolicyzGPO: %s�=z'([\w\.]+)'r&��.z CSE: %sz �-r'��z Policy Type: %sz r7��z%s )r=��r>��r��r��r��)r��r ��r��print�shutil�get_terminal_sizer��stripr��rX��r��r��rA��r��r��ru��r��r��r3��r��)r~��r��rT��r)��r6��r��r��r��Z term_widthr��rR��Z cse_name_mZcse_nameZsectionrf��r/��r/��r0��r��s4�� r��c��C��sV��ddl�m}�\|j��}\|�d�k r(\|j\|��n\|j��\|jd�}td�d�}\|j\|��\|\|fS�)Nr��)�paramz gpext.conf)r��)�samba.samba3rF��Zget_context�loadZload_default� state_pathr��r��)�smb_confZs3paramr~��ext_conf�parserr/��r/��r0��parse_gpext_conf4��s�� rM��c�� C��sH��\|�j�d�}tddtjj\|�d��}\|j\|��tj\|j\|��W�d�Q�R�X�d�S�)Nz gpext.confzw+F)r ��ri��r��)rI��r��rm��rn��dirnamer��r��r3��)r~��rL��rK��r��r/��r/��r0��atomic_write_confA��s�� rO��c��C��sR��\|�d�dks$\|�d �dks$t�\|��dkr(dS�yt\|�dd��W�n�tk rL��dS�X�d S�)Nr��{r&��}�&��Fr1��)r��Tr��)rA��r �� ValueError)rF��r/��r/��r0�� check_guidH��s��$rT��Tc��C��s��t�jj\|�sdS�t\|��sdS�t\|�\}}\|�\|j��kr>\|j\|��\|j\|�d\|��\|j\|�d\|��\|j\|�d\|rjdnd��\|j\|�d\|r�dnd��t\|\|��dS�) NF�DllName�ProcessGroupPolicy�NoMachinePolicy�0�1�NoUserPolicyT) rm��rn��r��rT��rM��sectionsZadd_sectionr ��rO��)rF��r3��rn��rJ��machiner2��r~��rL��r/��r/��r0��register_gp_extensionS��s�� r]��c��C��s��t�\|��\}}i�}xt\|j��D�]h}i�\|\|<�\|j\|d�\|\|�d<�\|j\|d�\|\|�d<�t\|j\|d��\|\|�d<�t\|j\|d��\|\|�d<�qW�\|S�)NrU��rV��rW��Z MachinePolicyrZ��Z UserPolicy)rM��r[��r[��ru��)rJ��r��rL��resultsrF��r/��r/��r0��list_gp_extensionsh��s��r_��c��C��s<��t�\|��sdS�t\|�\}}\|�\|j��kr.\|j\|��t\|\|��dS�)NFT)rT��rM��r[��Zremove_sectionrO��)rF��rJ��r~��rL��r/��r/��r0��unregister_gp_extensionv��s�� r`��c��C��s��t�j\|��t�j\|��dS�)z( Set current process privileges N)rm��setegid�seteuid)r6��Zuid�gidr/��r/��r0��set_privileges��s�� rd��c�� G��s��t�j��}\|dkstd��tj\|��j}tj\|��j}t\|�\|\|��d}d}y\|\|��}W�n&�tk rv�}�z \|}W�Y�dd}~X�nX�td\|d��\|r�\|�\|S�)zG Run supplied function with privileges for specified username. r��z)Not enough permissions to drop privilegesN�root)rm��getuidr��pwd�getpwnamZpw_uidZpw_gidrd��) r6��funcr��Zcurrent_uidZuser_uidZuser_gid�out�excr��r/��r/��r0��r$��s ��r$��)F)r1��)NTT)N)N)or%��rm��rC��r��rp��rg��rn��r��r��r��r��Zconfigparserr��ior��r'��Zsamba.commonr��abcr��r��Zxml.etree.ElementTreer7��ZElementTreer��Z samba.netr ��Zsamba.dcerpcr ��rG��r��r��Z samba.gpor��Zsamba.paramr��Zuuidr ��Ztempfiler��r��r��Z samba.ndrr��r��Zsamba.credentialsr��Zsamba.gp.util.loggingr��Zhashlibr��r:��r��Zsamba.samdbr��Z samba.authr��r��Z samba.dsdbr��r��r��r��r��r��r��r ��r!��r"��Zsamba.securityr#��r��r$��r%��ImportErrorr1��rl��objectrL��r��r��r��r��r��r��r��r��r��r��r��r��r��r��r ��r��r��r��r!��r"��r/��r0��r3��r��rM��rO��rT��r]��r_��r`��rd��r$��r/��r/��r/��r0��<module>��s�� _&! �? 2 4y 6

| ver. 1.1 | | . | PHP 8.3.30 | Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ ÑÑ‚Ñ€Ð°Ð½Ð¸Ñ†Ñ‹: 0 | proxy | phpinfo | ÐÐ°ÑÑ‚Ñ€Ð¾Ð¹ÐºÐ°