HEX

File: //proc/1233/root/usr/lib/python3/dist-packages/samba/__pycache__/gp_sec_ext.cpython-310.pyc
o

�/av#�@s�ddlZddlmZddlmZddlmZzddlm	Z	ddl
mZWn	ey-Ynwdd�Z
d	d
�Zdd�ZGd
d�de�ZGdd�de�ZdS)�N)�
gp_inf_ext)�system_session)�
get_string)�LdbError)�SamDBcCsdt|�dS)N�%d�<��int��val�r
�2/usr/lib/python3/dist-packages/samba/gp_sec_ext.py�
mins_to_hours�rcCsdt|�dS)Nr�r	rr
r
r�
days_to_hoursrrcCs2d}d}d}d}t|�}t|||||�S)Nrri���)r
�str)r�seconds�minutes�hours�sam_addr
r
r�days2rel_nttime"src@s@eZdZdddd�Zdd�Zdd�Zd	d
�Zdd�Zd
d�ZdS)�
gp_krb_ext�kdc:user_ticket_lifetime�kdc:service_ticket_lifetime�kdc:renewal_lifetime)�MaxTicketAge�
MaxServiceAge�MaxRenewAgecCs(|j�d�dkr
dSd}|D]4\}}|j�|�|��D]%}|t|�krA||��D]\}}|�||�|j�||�|j�	�q*qq|D]L}	|	j
r�|j�|	j�tj
�|	j
|�}
|�|
�}|saqE|��D]+}|t|�kr�|�|�D]\}}tj|}|���|�}
|�||
|��|j�	�qrqeqEdS�N�server role�"active directory domain controller�0MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf)�lp�get�gp_db�set_guid�keysr�items�set_kdc_tdb�delete�commit�
file_sys_path�name�os�path�join�parse�sectionsr�	apply_map�mapper)�self�deleted_gpo_list�changed_gpo_list�inf_file�guid�settings�section�att�value�gpor0�inf_conf�key�
value_funcr
r
r�process_group_policy.s:��

��zgp_krb_ext.process_group_policycCs�|jj�|�}|j�d|||f�|dur5|jj�|t|��|j�t|�||r0t|��dSd�dS|jj�|�|j�t|�|�dS)Nz%s was changed from %s to %s)	r&�gpostorer%�logger�info�storerrr+�r6�	attributer�old_valr
r
rr*Js
���zgp_krb_ext.set_kdc_tdbcCsdd�ttd�S)NcS�|S�Nr
rr
r
r�<lambda>W�z#gp_krb_ext.mapper.<locals>.<lambda>)rrr)rr�r6r
r
rr5Vs�zgp_krb_ext.mappercC�dS)NzKerberos Policyr
rOr
r
r�__str__\�zgp_krb_ext.__str__cC�xi}|j�d�dkr|Sd}|jr:tj�|j|�}|�|�}|s"|St|�|��vr:t|�}dd�|�	|�D�||<|S)Nr!r"r#cS�"i|]
\}}tj�|�r||�qSr
)rr4r%��.0�k�vr
r
r�
<dictcomp>k�
�z#gp_krb_ext.rsop.<locals>.<dictcomp>�
r$r%r-r/r0r1r2rr3r)�r6r?�outputr9r0r@r<r
r
r�rsop_�
zgp_krb_ext.rsopN)	�__name__�
__module__�__qualname__r4rCr*r5rQr^r
r
r
rr*s�rc@sfeZdZdZdd�Zddddd�Zd	d
�Zdd�Zd
d�Zdd�Z	dd�Z
dd�Zdd�Zdd�Z
dS)�
gp_access_extz�This class takes the .inf file parameter (essentially a GPO file mapped
    to a GUID), hashmaps it to the Samba parameter, which then uses an ldb
    object to update the parameter to Samba4. Not registry oriented whatsoever.
    c	Cs@zt|j��t�|j|jd�|_WdSttfytd��w)N)�session_info�credentialsr$z/Failed to load SamDB for assigning Group Policy)	rr$�	samdb_urlr�creds�ldb�	NameErrorr�	ExceptionrOr
r
r�load_ldbvs
��zgp_access_ext.load_ldb�	minPwdAge�	maxPwdAge�minPwdLength�
pwdProperties)�MinimumPasswordAge�MaximumPasswordAge�MinimumPasswordLength�PasswordComplexitycCsB|j�d�dkr
dS|��d}|D]<\}}|j�|�|��D]-}|t|�krM||��D]\}}|���|�\}	}
|	||�|j�	||�|j�
�q.q q|D]M}|jr�|j�|j�t
j�|j|�}|�|�}
|
smqQ|
��D],}|t|�kr�|
�|�D]\}}tj|}|���|�\}	}|	|||��|j�
�q~qqqQdSr )r$r%rkr&r'r(rr)r5r+r,r-r.r/r0r1r2r3rcr4)r6r7r8r9r:r;r<r=r>�update_samba�_r?r0r@rArBr
r
rrC�s>
��

��z"gp_access_ext.process_group_policycC�F|j��}|j�d||f�|j�t|�|t|��|j�|�dS)Nz2KDC Minimum Password age was changed from %s to %s)rh�
get_minPwdAgerErFr&rGr�
set_minPwdAgerHr
r
r�ch_minPwdAge��
�zgp_access_ext.ch_minPwdAgecCrv)Nz2KDC Maximum Password age was changed from %s to %s)rh�
get_maxPwdAgerErFr&rGr�
set_maxPwdAgerHr
r
r�ch_maxPwdAge�rzzgp_access_ext.ch_maxPwdAgecCrv)Nz5KDC Minimum Password length was changed from %s to %s)rh�get_minPwdLengthrErFr&rGr�set_minPwdLengthrHr
r
r�ch_minPwdLength�s
��zgp_access_ext.ch_minPwdLengthcCrv)Nz2KDC Password Properties were changed from %s to %s)rh�get_pwdPropertiesrErFr&rGr�set_pwdPropertiesrHr
r
r�ch_pwdProperties�rzzgp_access_ext.ch_pwdPropertiescCs.|jtf|jtf|jdd�f|jdd�fd�S)zldap value : samba settercSrKrLr
rr
r
rrM�rNz&gp_access_ext.mapper.<locals>.<lambda>cSrKrLr
rr
r
rrM�rN)rlrmrnro)ryrr}r�r�rOr
r
rr5�s
�zgp_access_ext.mappercCrP)Nz
System Accessr
rOr
r
rrQ�rRzgp_access_ext.__str__cCrS)Nr!r"r#cSrTr
)rcr4r%rUr
r
rrY�rZz&gp_access_ext.rsop.<locals>.<dictcomp>r[r\r
r
rr^�r_zgp_access_ext.rsopN)r`rarb�__doc__rkr4rCryr}r�r�r5rQr^r
r
r
rrcps 	�rc)�os.pathr/�
samba.gpclassr�
samba.authr�samba.commonrrhr�samba.samdbr�ImportErrorrrrrrcr
r
r
r�<module>s�F