a Wa!@sddlZddlmZmZddlmZddlmZzddl m Z ddl m Z Wne y^Yn0GdddeZGd d d eZGd d d eZdS) N) gp_ext_setter gp_inf_ext)system_session) get_string)LdbError)SamDBc@s4eZdZddZddZddZddZd d Zd S) inf_to_kdc_tdbcCsdt|jdS)N%d<intvalselfr2/usr/lib/python3/dist-packages/samba/gp_sec_ext.py mins_to_hoursszinf_to_kdc_tdb.mins_to_hourscCsdt|jdS)Nr r rrrr days_to_hours!szinf_to_kdc_tdb.days_to_hourscCs|jj|j}|jd|j||f|durj|jj|jt||jt||j|rbt|ndn$|jj |j|j t||jdS)Nz%s was changed from %s to %s) gp_dbZgpostoreget attributeloggerinfostorerstrdeleterr Zold_valrrr set_kdc_tdb$s $zinf_to_kdc_tdb.set_kdc_tdbcCs$|j|jf|j|jf|j|jfdS)N)kdc:user_ticket_lifetimekdc:service_ticket_lifetimekdc:renewal_lifetime)rexplicitrrrrrrmapper/s zinf_to_kdc_tdb.mappercCsdS)NKerberos Policyrrrrr__str__7szinf_to_kdc_tdb.__str__N)__name__ __module__ __qualname__rrrr#r%rrrrrs  rcsXeZdZdZfddZddZddZdd Zd d Zd d Z ddZ ddZ Z S) inf_to_ldbzThis class takes the .inf file parameter (essentially a GPO file mapped to a GUID), hashmaps it to the Samba parameter, which then uses an ldb object to update the parameter to Samba4. Not registry oriented whatsoever. c s`tt|||||||z"t|jt|j|jd|_Wnt t fyZt dYn0dS)N)Z session_infoZ credentialslpz/Failed to load SamDB for assigning Group Policy) superr)__init__rr*Z samdb_urlrcredsldb NameErrorr Exception)rrrr*r-keyvalue __class__rrr,As  zinf_to_ldb.__init__cCsH|j}|jd||f|jt||jt||j|dS)Nz2KDC Minimum Password age was changed from %s to %s) r.Z get_minPwdAgerrrrrrZ set_minPwdAgerrrr ch_minPwdAgeKs  zinf_to_ldb.ch_minPwdAgecCsH|j}|jd||f|jt||jt||j|dS)Nz2KDC Maximum Password age was changed from %s to %s) r.Z get_maxPwdAgerrrrrrZ set_maxPwdAgerrrr ch_maxPwdAgeRs  zinf_to_ldb.ch_maxPwdAgecCsH|j}|jd||f|jt||jt||j|dS)Nz5KDC Minimum Password length was changed from %s to %s) r.Zget_minPwdLengthrrrrrrZset_minPwdLengthrrrrch_minPwdLengthYs zinf_to_ldb.ch_minPwdLengthcCsH|j}|jd||f|jt||jt||j|dS)Nz2KDC Password Properties were changed from %s to %s) r.Zget_pwdPropertiesrrrrrrZset_pwdPropertiesrrrrch_pwdPropertiesas  zinf_to_ldb.ch_pwdPropertiescCs8d}d}d}d}|j}t|}t||||| S)Nr ri)r r r)rZsecondsZminutesZhoursZsam_addr rrrdays2rel_nttimehszinf_to_ldb.days2rel_nttimecCs.|j|jf|j|jf|j|jf|j|jfdS)zldap value : samba setter) minPwdAge maxPwdAge minPwdLength pwdProperties)r5r9r6r7r"r8rrrrr#qs     zinf_to_ldb.mappercCsdS)N System Accessrrrrrr%|szinf_to_ldb.__str__) r&r'r(__doc__r,r5r6r7r8r9r#r% __classcell__rrr3rr);s   r)c@s,eZdZdZdZddZddZddZd S) gp_sec_extzThis class does the following two things: 1) Identifies the GPO if it has a certain kind of filepath, 2) Finally parses it. rcCsdS)NzSecurity GPO extensionrrrrrr%szgp_sec_ext.__str__cCs8dtfdtfdtfdtfddtfdtfdtfd d S) Nr:r;r<r=)ZMinimumPasswordAgeZMaximumPasswordAgeZMinimumPasswordLengthZPasswordComplexityrr r!)Z MaxTicketAgeZ MaxServiceAgeZ MaxRenewAge)r>r$)r)rrrrr apply_maps0 zgp_sec_ext.apply_mapc Cs|jddkrdSd}|}|D]}|j|d|dD]}||}|sXqD|d|D]\}} d} |D]\} } | d|kr|| d} q|| rh| r| ddn| } | |j|j|j|j ||  |j |||j qhqDq$|D]}|j r|j|j tj|j |} || }|s,q|D]~}||}|sLq4||D]X\}} ||rV||\}} | dd} | |j|j|j|j || |j qVq4qdS)Nz server rolez"active directory domain controllerz0MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.infrasciiignore)r*rrBrZset_guidkeysitemsencoderr-rZcommitZ file_sys_pathnameospathjoinparseZsectionsZ update_samba)rZdeleted_gpo_listZchanged_gpo_listZinf_filerBZgpoZsectionZcurrent_sectionr1r2setter_tuprKZinf_confZattrrrprocess_group_policysX        zgp_sec_ext.process_group_policyN)r&r'r(r?countr%rBrQrrrrrAs rA)os.pathrJZ samba.gpclassrrZ samba.authrZ samba.compatrr.rZ samba.samdbr ImportErrorrr)rArrrrs    E