a I_+@sddlmZddlZddlmZddlmZddlmZddl m Z ddl m Z ddl mZmZmZmZGdd d eZGd d d eZGd d d eZGdddeZGdddeZGdddeZdS)N) provision)dsdb)SamDB)system_session)_get_user_realm_domain)Command CommandError SuperCommandOptionc@sLeZdZdZdZejejejdZ e ddde ddd gZ d gZ dd d Zd S)cmd_delegation_showz*Show the delegation setting of an account.z%prog [options] sambaoptscredopts versionopts-H--URL%LDB URL for database or target serverURLHhelptypemetavardest accountnameNcCs<|}||}t||d}|dur4|j} n|} t| t||d} t|\} } } | j dt | t j ddgd}t |dkrtd|t |d ksJt|ddd}|dd}|jd t|dj|jd t|tj@|jd t|tj@|dur8|D]}|jd |q dS)NrealmZ session_infoZ credentialslpsAMAccountName=%sZuserAccountControlmsDS-AllowedToDelegateToZ expressionZscopeattrsr Unable to find account name '%s'zAccount-DN: %s zUF_TRUSTED_FOR_DELEGATION: %s z.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION: %s zmsDS-AllowedToDelegateTo: %s ) get_loadparmget_credentialsrprovision_paths_from_lpgetsamdbrrrsearchldb binary_encode SCOPE_SUBTREElenrintZoutfwritestrdnboolrUF_TRUSTED_FOR_DELEGATION)UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION)selfrrrr rrcredspathspathsamcleanedaccountrdomainresZuacZallowedar>9/usr/lib/python3/dist-packages/samba/netcmd/delegation.pyrun6s>      zcmd_delegation_show.run)NNNN__name__ __module__ __qualname____doc__ZsynopsisoptionsZ SambaOptionsZCredentialsOptionsZVersionOptionsZtakes_optiongroupsr r0Z takes_optionsZ takes_argsr@r>r>r>r?r $s r c@sNeZdZdZdZejejejdZ e ddde ddd gZ d d gZ dd dZd S)cmd_delegation_for_any_servicez3Set/unset UF_TRUSTED_FOR_DELEGATION for an account.(%prog [(on|off)] [options]r rrrrrrronoffNc Csd}|dkrd}n|dkr d}n td||}||} t||d} |dur`| j} n|} t| t| |d} t |\} }}dt | }t j }z| j||d |dd Wn,ty}zt|WYd}~n d}~00dS) NFonToff0invalid argument: '%s' (choose from 'on', 'off')rrrzTrusted-for-DelegationZ flags_strrJstrict)rr$r%rr&r'r(rrrr*r+rr3toggle_userAccountFlags Exceptionr5rrIrrr rrJrr6r7r8r9r:rr;Z search_filterflagerrr>r>r?r@ns2   z"cmd_delegation_for_any_service.run)NNNNrAr>r>r>r?rG\s rGc@sNeZdZdZdZejejejdZ e ddde ddd gZ d d gZ dd dZd S)cmd_delegation_for_any_protocolzOSet/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) for an account.rHr rrrrrrrrINc Csd}|dkrd}n|dkr d}n td||}|j|dd} t||d} |durd| j} n|} t| t| |d} t |\} }}d t | }t j }z| j||d |dd Wn,ty}zt|WYd}~n d}~00dS) NFrJTrKrL)Zfallback_machinerrrz&Trusted-to-Authenticate-for-DelegationrM)rr$r%rr&r'r(rrrr*r+rr4rOrPrQr>r>r?r@s2  z#cmd_delegation_for_any_protocol.run)NNNNrAr>r>r>r?rTs rTc@sNeZdZdZdZejejejdZ e ddde ddd gZ d d gZ dd dZd S)cmd_delegation_add_servicez4Add a service principal as msDS-AllowedToDelegateTo.)%prog [options]r rrrrrrr principalNc Cs |}||}t||d} |dur4| j} n|} t| t||d} t|\} } }| j dt | t j dgd}t |dkrtd|t |dksJt }|dj|_t |gt jd|d<z| |Wn.ty}zt|WYd}~n d}~00dS Nrrrrr rr"r#)r$r%rr&r'r(rrrr)r*r+r,r-rMessager1MessageElementZ FLAG_MOD_ADDmodifyrPr5rrWrrr rrr6r7r8r9r:rr;r<msgrSr>r>r?r@s:    zcmd_delegation_add_service.run)NNNNrAr>r>r>r?rUs rUc@sNeZdZdZdZejejejdZ e ddde ddd gZ d d gZ dd dZd S)cmd_delegation_del_servicez7Delete a service principal as msDS-AllowedToDelegateTo.rVr rrrrrrrrWNc Cs |}||}t||d} |dur4| j} n|} t| t||d} t|\} } }| j dt | t j dgd}t |dkrtd|t |dksJt }|dj|_t |gt jd|d<z| |Wn.ty}zt|WYd}~n d}~00dSrX)r$r%rr&r'r(rrrr)r*r+r,r-rrYr1rZZFLAG_MOD_DELETEr[rPr\r>r>r?r@s:    zcmd_delegation_del_service.run)NNNNrAr>r>r>r?r^s r^c@sFeZdZdZiZeed<eed<eed<eed<e ed<dS)cmd_delegationzDelegation management.Zshowzfor-any-servicezfor-any-protocolz add-servicez del-serviceN) rBrCrDrEZ subcommandsr rGrTrUr^r>r>r>r?r_2s    r_)Z samba.getoptZgetoptrFr*ZsambarrZ samba.samdbrZ samba.authrZsamba.netcmd.commonrZ samba.netcmdrrr r r rGrTrUr^r_r>r>r>r?s      85566