
EUc           @   s"  d  d l  Z  d  d l j Z d  d l Z d  d l m Z d  d l m Z m	 Z	 m
 Z
 m Z d  d l m Z d  d l m Z d  d l m Z d  d l m Z d  d l Z d  d l Z d  d l m Z m Z m Z d  d	 l m Z d  d
 l m Z d  d l m Z d  d l Z d  d l m Z d  d l m Z d  d l  m! Z! d   Z" d   Z# d   Z$ d   Z% d   Z& d   Z' d d d  Z) d   Z* d d d e j+ e j, Be j- Be j. Bd  Z/ d   Z0 d   Z1 d   Z2 d   Z3 d   Z4 d   Z5 d e f d     YZ6 d  e f d!     YZ7 d" e f d#     YZ8 d$ e f d%     YZ9 d& e f d'     YZ: d( e f d)     YZ; d* e f d+     YZ< d, e f d-     YZ= d. e f d/     YZ> d0 e f d1     YZ? d2 e f d3     YZ@ d4 e f d5     YZA d6 e f d7     YZB d8 e f d9     YZC d S(:   iN(   t   system_session(   t   Commandt   CommandErrort   Optiont   SuperCommand(   t   SamDB(   t   dsdb(   t   security(   t
   ndr_unpack(   t    AUTH_SESSION_INFO_DEFAULT_GROUPSt   AUTH_SESSION_INFO_AUTHENTICATEDt#   AUTH_SESSION_INFO_SIMPLE_PRIVILEGES(   t   netcmd_finddc(   t   policy(   t   smb(   t   dsacl2fsacl(   t   nbt(   t   Netc      	   C   sd   y4 t  d |  j d t   d |  j d |  j  |  _ Wn) t k
 r_ } t d |  j |   n Xd S(   s$   make a ldap connection to the servert   urlt   session_infot   credentialst   lps   LDAP connection to %s failed N(   R   R   R    t   credsR   t   samdbt	   ExceptionR   (   t   ctxt   e(    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   samdb_connect1   s    	c         C   s   | |  k r |  | d S| S(   s/   get an attribute from a ldap msg with a defaulti    (    (   t   msgt   attrnamet   default(    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   attr_default;   s    c         C   s1   t  j |   } | s d } n d j |  } | S(   s   return gpo flags stringt   NONEt    (   R   t   get_gpo_flagst   join(   t   valuet   flagst   ret(    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   gpo_flags_stringB   s
    	c         C   s1   t  j |   } | s d } n d j |  } | S(   s   return gplink options stringR    R!   (   R   t   get_gplink_optionsR#   (   R$   t   optionsR&   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   gplink_options_stringL   s
    	c         C   s   g  } |  j  d  } x | D] } | s. q n  | j  d  } t |  d k sc | d j d  rv t d |   n  | j i | d d d 6t | d	  d
 6 q W| S(   s.   parse a gPLink into an array of dn and optionst   ]t   ;i   i    s   [LDAP://s   Badly formed gPLink '%s'i   t   dni   R)   (   t   splitt   lent
   startswitht   RuntimeErrort   appendt   int(   t   gplinkR&   t   at   gt   d(    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   parse_gplinkV   s    &1c         C   s7   d } x* |  D]" } | d | d | d f 7} q W| S(   s4   Encode an array of dn and options into gPLink stringt    s   [LDAP://%s;%d]R-   R)   (    (   t   gplistR&   R6   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   encode_gplinkd   s     c         C   sd   | d k r` | d k rS y t |  |  } WqS t k
 rO } t d |   qS Xn  d | } n  | S(   sj   If URL is not specified, return URL for writable DC.
    If dc is provided, use that to construct ldap URLs   Could not find a DC for domains   ldap://N(   t   NoneR   R   R1   (   R   R   R   t   dcR   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   dc_urll   s    c         C   sF   |  j    } | j t j |  d   | j t j |  d |   | S(   s   Construct the DN for gpos   CN=Policies,CN=Systems   CN=%s(   t   get_default_basednt	   add_childt   ldbt   Dn(   R   t   gpoR-   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt
   get_gpo_dnz   s    c         C   s+  |  j    } | j t j |  d   | } d } t j } | d k	 r\ d t j |  } n  | d k	 r~ d t j |  } n  | d k	 r | } t j } n  yG |  j d | d | d | d d	 d
 d d d d g d d | g  }	 WnA t	 k
 r&}
 | d k	 rd | } n d } t
 | |
   n X|	 S(   s0   Get GPO information using gpo, displayname or dns   CN=Policies,CN=Systems"   (objectClass=groupPolicyContainer)s.   (&(objectClass=groupPolicyContainer)(name=%s))s5   (&(objectClass=groupPolicyContainer)(displayname=%s))t   baset   scopet
   expressiont   attrst   nTSecurityDescriptort   versionNumberR%   t   namet   displayNamet   gPCFileSysPatht   controlss   sd_flags:1:%ds!   Cannot get information for GPO %ss   Cannot get information for GPOsN(   R?   R@   RA   RB   t   SCOPE_ONELEVELR<   t   binary_encodet
   SCOPE_BASEt   searchR   R   (   R   RC   t   displaynameR-   t   sd_flagst   policies_dnt   base_dnt   search_exprt   search_scopeR   R   t   mesg(    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   get_gpo_info   s8    		c         C   sV   d | } y |  j  d | d d g  } Wn& t k
 rQ } t d | |   n X| S(   s    lists dn of containers for a GPOs   (&(objectClass=*)(gPLink=*%s*))RG   RH   t   gPLinks'   Could not find container(s) with GPO %s(   RR   R   R   (   R   RC   RW   R   R   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   get_gpo_containers   s    
c      	   C   s  y2 |  j  d | d t j d d d d g  d } Wn& t k
 rZ } t d | |   n Xt } t t |  |   } d | k r t | d d  } xP | D]9 } | d	 j	   | j	   k r | j
 |  t } Pq q Wn t d
   | st d |   n  t j   }	 | |	 _ | rHt |  }
 t j |
 t j d  |	 d <n$ t j | d d t j d  |	 d <y |  j |	  Wn" t k
 r} t d |   n Xd S(   s!   delete GPO link for the containerRE   RF   RG   s   (objectClass=*)RH   R[   i    s   Container '%s' does not existR-   s"   No GPO(s) linked to this containers%   GPO '%s' not linked to this containert   r0t   d0s!   Error removing GPO from containerN(   RR   RA   RQ   R   R   t   Falset   strRD   R8   t   lowert   removet   Truet   MessageR-   R;   t   MessageElementt   FLAG_MOD_REPLACEt   FLAG_MOD_DELETEt   modify(   R   t   container_dnRC   R   R   t   foundt   gpo_dnR:   R6   t   mt
   gplink_str(    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   del_gpo_link   s8    	$c         C   s   |  j  d  r- |  j  d  r- t d   n  |  d j d d  } t |  d k rY | S|  d j d d  } t |  d k r | St d |    d	 S(
   s;   Parse UNC string into a hostname, a service, and a filepaths   \\s   //s   UNC doesn't start with \\ or //i   t   /i   s   \s   Invalid UNC string: %sN(   R0   t
   ValueErrorR.   R/   (   t   unct   tmp(    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt	   parse_unc   s    c         C   s  t  j j |  s" t  j |  n  | g } | g } x | r| j   } | j   } |  j |  } x | D] } | d | d }	 t  j j | | d  }
 | d t j @r | j	 |	  | j	 |
  t  j |
  qk |  j
 |	  } t |
 d  j |  qk Wq7 Wd  S(   Ns   \RK   t   attribt   w(   t   ost   patht   isdirt   mkdirt   popt   listR#   R   t   FILE_ATTRIBUTE_DIRECTORYR2   t   loadfilet   filet   write(   t   connt	   remotedirt   localdirt   r_dirst   l_dirst   r_dirt   l_dirt   dirlistR   t   r_namet   l_namet   data(    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   copy_directory_remote_to_local   s"    			c         C   s   |  j  |  s |  j |  n  | g } | g } x | r | j   } | j   } t j |  } x | D] } t j j | |  }	 | d | }
 t j j |	  r | j |	  | j |
  |  j |
  qh t	 |	 d  j
   } |  j |
 |  qh Wq4 Wd  S(   Ns   \t   r(   t   chkpathRy   Rz   Rv   t   listdirRw   R#   Rx   R2   R~   t   readt   savefile(   R   R   R   R   R   R   R   R   R   R   R   R   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   copy_directory_local_to_remote  s"    			c         C   sc   | j  d d  j d  } d } x; | D]3 } | d | } |  j |  s( |  j |  q( q( Wd  S(   NRo   s   \R9   (   t   replaceR.   R   Ry   (   R   R   t   elemsRw   R   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   create_directory_hier  s    t   cmd_listallc           B   sw   e  Z d  Z d Z i e j d 6e j d 6e j d 6Z e	 d d d d d	 e
 d
 d d d g Z d d d d d  Z RS(   s   List all GPOs.s   %prog [options]t	   sambaoptst   versionoptst   credoptss   -Hs   --URLt   helps%   LDB URL for database or target servert   typet   metavart   URLt   destt   Hc      	   C   s=  | j    |  _ | j |  j d t |  _ t |  j |  j |  |  _ t |   t |  j	 d   } x | D] } |  j j d | d d  |  j j d | d d  |  j j d | d d  |  j j d	 | j  |  j j d
 t | d d   |  j j d t t t | d d     |  j j d  qh Wd  S(   Nt   fallback_machines   GPO          : %s
RK   i    s   display name : %s
RL   s   path         : %s
RM   s   dn           : %s
s   version      : %s
RJ   t   0s   flags        : %s
R%   s   
(   t   get_loadparmR   t   get_credentialsRc   R   R>   R   R   RZ   R   R<   t   outfR   R-   R   R'   R3   (   t   selfR   R   R   R   R   Rl   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   run2  s    
 ,N(   t   __name__t
   __module__t   __doc__t   synopsisR)   t   SambaOptionst   VersionOptionst   CredentialsOptionst   takes_optiongroupsR   R`   t   takes_optionsR<   R   (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR   "  s   

t   cmd_listc           B   s   e  Z d  Z d Z d g Z i e j d 6e j d 6e j d 6Z	 e
 d d d d	 d
 e d d d d g Z d d d d d  Z RS(   s   List GPOs for an account.s   %prog <username> [options]t   usernameR   R   R   s   -Hs   --URLR   s%   LDB URL for database or target serverR   R   R   R   R   c         C   s  | j    |  _ | j |  j d t |  _ t |  j |  j |  |  _ t |   yB |  j j	 d d t
 j |  t
 j |  f  } | d j } Wn! t k
 r t d |   n Xy? |  j j	 d | d t
 j d d	 g  d } d
 | d	 k } Wn! t k
 rt d |   n Xt t B}	 |  j d  k	 rP|  j j d  rP|	 t O}	 n  t j j |  j d |  j d | d |	 }
 |
 j } g  } t } t
 j |  j t |   j   } xwt r)|  j j	 d | d t
 j d d d g  d } d | k rt | d d  } x| D]} | r3| d t j @r3qn  | d t j @rJqn  y t  j! t  j" Bt  j# B} |  j j	 d | d d t
 j d d d d d g d d | g  } | d d d } t$ t  j% |  } Wn, t k
 r|  j& j' d | d  qn Xy+ t j  j( | | t  j) t  j* Bt  j+ B Wn+ t, k
 rQ|  j& j' d | j  qn Xt- t. | d d d   } | r| t j/ @rqn  | r| t j0 @rqn  | j1 | d d d | d d d f  qWn  t- t. | d d   } | t j2 @rt3 } n  | |  j j4   k rPn  | j   } qW| r9d
 } n d } |  j& j' d | | f  x0 | D]( } |  j& j' d | d | d f  q`Wd  S(   NR   RG   s?   (&(|(samAccountName=%s)(samAccountName=%s$))(objectClass=User))i    s   Failed to find account %sRE   RF   RH   t   objectClasst   computers&   Failed to find objectClass for user %st   ldapt   lp_ctxR-   t   session_info_flagsR[   t	   gPOptionsR)   RK   RL   R%   RI   RN   s   sd_flags:1:%ds8   Failed to fetch gpo object with nTSecurityDescriptor %s
s   Failed access check on %s
t   users   GPOs for %s %s
s
       %s %s
i   (5   R   R   R   Rc   R   R>   R   R   R   RR   RA   RP   R-   R   R   RQ   R	   R
   R<   R0   R   t   sambat   autht   user_sessiont   security_tokenRB   R`   t   parentR8   R   t   GPLINK_OPT_ENFORCEt   GPLINK_OPT_DISABLER   t   SECINFO_OWNERt   SECINFO_GROUPt   SECINFO_DACLR   t
   descriptorR   R   t   access_checkt   SEC_STD_READ_CONTROLt   SEC_ADS_LISTt   SEC_ADS_READ_PROPR1   R3   R   t   GPO_FLAG_MACHINE_DISABLEt   GPO_FLAG_USER_DISABLER2   t   GPO_BLOCK_INHERITANCER_   R?   (   R   R   R   R   R   R   R   t   user_dnt   is_computerR   t   sessiont   tokent   gpost   inheritR-   t   glistR6   RT   t   gmsgt   secdesc_ndrt   secdescR%   t	   gpoptionst   msg_str(    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR   X  s    
"+!!		!	.		2		N(   R   R   R   R   t
   takes_argsR)   R   R   R   R   R   R`   R   R<   R   (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR   G  s   	

t   cmd_showc           B   sq   e  Z d  Z d Z i e j d 6e j d 6e j d 6Z d g Z	 e
 d d d d	 e g Z d d d d d
  Z RS(   s   Show information for a GPO.s   %prog <gpo> [options]R   R   R   RC   s   -HR   s%   LDB URL for database or target serverR   c   
      C   s  | j    |  _ | j |  j d t |  _ t |  j |  j |  |  _ t |   y t |  j	 |  d } Wn! t
 k
 r t d |   n Xy0 | d d } t t j |  } | j   }	 Wn t
 k
 r d }	 n X|  j j d | d d  |  j j d | d	 d  |  j j d
 | d d  |  j j d | j  |  j j d t | d d   |  j j d t t t | d d     |  j j d |	  |  j j d  d  S(   NR   i    s   GPO '%s' does not existRI   s   <hidden>s   GPO          : %s
RK   s   display name : %s
RL   s   path         : %s
RM   s   dn           : %s
s   version      : %s
RJ   R   s   flags        : %s
R%   s   ACL          : %s
s   
(   R   R   R   Rc   R   R>   R   R   RZ   R   R   R   R   R   R   t   as_sddlR   R   R-   R   R'   R3   (
   R   RC   R   R   R   R   R   R   R   t   secdesc_sddl(    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR     s,    

 ,N(   R   R   R   R   R)   R   R   R   R   R   R   R`   R   R<   R   (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR     s   

	t   cmd_getlinkc           B   sq   e  Z d  Z d Z i e j d 6e j d 6e j d 6Z d g Z	 e
 d d d d	 e g Z d d d d d
  Z RS(   s   List GPO Links for a container.s   %prog <container_dn> [options]R   R   R   Ri   s   -HR   s%   LDB URL for database or target serverR   c   	   	   C   s  | j    |  _ | j |  j d t |  _ t |  j |  j |  |  _ t |   y5 |  j j	 d | d t
 j d d d d g  d } Wn! t k
 r t d	 |   n X| d ru|  j j d
 |  t | d d  } x | D] } t |  j d | d } |  j j d | d d d  |  j j d | d d d  |  j j d t | d   |  j j d  q Wn |  j j d |  d  S(   NR   RE   RF   RG   s   (objectClass=*)RH   R[   i    s   Container '%s' does not exists   GPO(s) linked to DN %s
R-   s       GPO     : %s
RK   s       Name    : %s
RL   s       Options : %s
R)   s   
s   No GPO(s) linked to DN=%s
(   R   R   R   Rc   R   R>   R   R   R   RR   RA   RQ   R   R   R   R   R8   RZ   R*   (	   R   Ri   R   R   R   R   R   R:   R6   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR     s(    

  N(   R   R   R   R   R)   R   R   R   R   R   R   R`   R   R<   R   (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR     s   

		t   cmd_setlinkc           B   s   e  Z d  Z d Z i e j d 6e j d 6e j d 6Z d d g Z	 e
 d d d	 d
 e e
 d d d d e d d d d e
 d d d d e d d d d g Z d e e d d d d  Z RS(   s(   Add or update a GPO link to a container.s$   %prog <container_dn> <gpo> [options]R   R   R   Ri   RC   s   -HR   s%   LDB URL for database or target serverR   s	   --disableR   t   disabledR   t   actiont
   store_trues   Disable policys	   --enforcet   enforceds   Enforce policyc	      	   C   s  | j    |  _ | j |  j d t |  _ t |  j |  j |  |  _ t |   d }	 | rk |	 t j	 O}	 n  | r |	 t j
 O}	 n  y t |  j d | d }
 Wn! t k
 r t d |   n Xt t |  j |   } y5 |  j j d | d t j d d d	 d
 g  d }
 Wn! t k
 r2t d |   n Xt } d
 |
 k rt |
 d
 d  } t } t } x> | D]6 } | d j   | j   k rl|	 | d <t } PqlqlW| rt d |   q| j d i | d 6|	 d 6 n! g  } | j i | d 6|	 d 6 t |  } t j   } t j |  j |  | _ | rVt j | t j d
  | d <n t j | t j d
  | d <y |  j j  |  Wn" t k
 r} t d |   n X|  j! j" d  t#   j$ | | | | |  d  S(   NR   i    RC   s   GPO '%s' does not existRE   RF   RG   s   (objectClass=*)RH   R[   s   Container '%s' does not existR-   R)   s)   GPO '%s' already linked to this containert	   new_values   Error adding GPO Links   Added/Updated GPO link
(%   R   R   R   Rc   R   R>   R   R   R   R   R   RZ   R   R   R   R`   RD   RR   RA   RQ   R_   R8   Ra   t   insertR2   R;   Rd   RB   R-   Re   Rf   t   FLAG_MOD_ADDRh   R   R   R   R   (   R   Ri   RC   R   R   R   R   R   R   t   gplink_optionsR   Rk   t   existing_gplinkR:   Rj   R6   Rm   Rl   R   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR   .  s^    

!N(   R   R   R   R   R)   R   R   R   R   R   R   R`   R_   R   R<   R   (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR     s   

	t   cmd_dellinkc           B   st   e  Z d  Z d Z i e j d 6e j d 6e j d 6Z d d g Z	 e
 d d d	 d
 e g Z d d d d d  Z RS(   s!   Delete GPO link from a container.s$   %prog <container_dn> <gpo> [options]R   R   R   t	   containerRC   s   -HR   s%   LDB URL for database or target serverR   c         C   s   | j    |  _ | j |  j d t |  _ t |  j |  j |  |  _ t |   y t |  j	 d | d Wn! t
 k
 r t d |   n Xt j |  j	 |  } t |  j	 | |  |  j j d  t   j | | | | |  d  S(   NR   RC   i    s   GPO '%s' does not exists   Deleted GPO link.
(   R   R   R   Rc   R   R>   R   R   RZ   R   R   R   RA   RB   Rn   R   R   R   R   (   R   R   RC   R   R   R   R   Ri   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR     s    
N(   R   R   R   R   R)   R   R   R   R   R   R   R`   R   R<   R   (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR   s  s   

	t   cmd_listcontainersc           B   sq   e  Z d  Z d Z i e j d 6e j d 6e j d 6Z d g Z	 e
 d d d d	 e g Z d d d d d
  Z RS(   s%   List all linked containers for a GPO.s   %prog <gpo> [options]R   R   R   RC   s   -HR   s%   LDB URL for database or target serverR   c         C   s   | j    |  _ | j |  j d t |  _ t |  j |  j |  |  _ t |   t |  j	 |  } t
 |  r |  j j d |  x= | D] } |  j j d | d  q Wn |  j j d |  d  S(   NR   s   Container(s) using GPO %s
s       DN: %s
R-   s   No Containers using GPO %s
(   R   R   R   Rc   R   R>   R   R   R\   R   R/   R   R   (   R   RC   R   R   R   R   R   Rl   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR     s    
N(   R   R   R   R   R)   R   R   R   R   R   R   R`   R   R<   R   (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR     s   

		t   cmd_getinheritancec           B   sq   e  Z d  Z d Z i e j d 6e j d 6e j d 6Z d g Z	 e
 d d d d	 e g Z d d d d d
  Z RS(   s%   Get inheritance flag for a container.s   %prog <container_dn> [options]R   R   R   Ri   s   -HR   s%   LDB URL for database or target serverR   c      	   C   s  | j    |  _ | j |  j d t |  _ t |  j |  j |  |  _ t |   y5 |  j j	 d | d t
 j d d d d g  d } Wn! t k
 r t d	 |   n Xd } d | k r t | d d  } n  | t j k r |  j j d
  n |  j j d  d  S(   NR   RE   RF   RG   s   (objectClass=*)RH   R   i    s   Container '%s' does not exists$   Container has GPO_BLOCK_INHERITANCE
s   Container has GPO_INHERIT
(   R   R   R   Rc   R   R>   R   R   R   RR   RA   RQ   R   R   R3   R   R   R   R   (   R   Ri   R   R   R   R   R   t   inheritance(    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR     s     
N(   R   R   R   R   R)   R   R   R   R   R   R   R`   R   R<   R   (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR     s   

		t   cmd_setinheritancec           B   st   e  Z d  Z d Z i e j d 6e j d 6e j d 6Z d d g Z	 e
 d d d	 d
 e g Z d d d d d  Z RS(   s$   Set inheritance flag on a container.s.   %prog <container_dn> <block|inherit> [options]R   R   R   Ri   t   inherit_states   -HR   s%   LDB URL for database or target serverR   c      	   C   s  | j    d k r t j } n. | j    d k r< t j } n t d |   | j   |  _ | j |  j d t |  _	 t
 |  j |  j	 |  |  _ t |   y5 |  j j d | d t j d d d	 d
 g  d } Wn! t k
 r t d |   n Xt j   }	 t j |  j |  |	 _ d
 | k rIt j t |  t j d
  |	 d <n" t j t |  t j d
  |	 d <y |  j j |	  Wn& t k
 r}
 t d | |
   n Xd  S(   Nt   blockR   s   Unknown inheritance state (%s)R   RE   RF   RG   s   (objectClass=*)RH   R   i    s   Container '%s' does not existR   s"   Error setting inheritance state %s(   Ra   R   R   t   GPO_INHERITR   R   R   R   Rc   R   R>   R   R   R   RR   RA   RQ   R   Rd   RB   R-   Re   R`   Rf   R   Rh   (   R   Ri   R   R   R   R   R   R   R   Rl   R   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR     s0    
%"N(   R   R   R   R   R)   R   R   R   R   R   R   R`   R   R<   R   (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR     s   

	t	   cmd_fetchc           B   s   e  Z d  Z d Z i e j d 6e j d 6e j d 6Z d g Z	 e
 d d d d	 e e
 d
 d d d	 e g Z d d d d d d  Z RS(   s   Download a GPO.s   %prog <gpo> [options]R   R   R   RC   s   -HR   s%   LDB URL for database or target serverR   s   --tmpdirs,   Temporary directory for copying policy filesc         C   sp  | j    |  _ | j |  j d t |  _ | rU | j d  rU | d } | |  _ n3 t |  j |  j  } t |  j |  j d | |  _ t	 |   y t
 |  j |  d } Wn! t k
 r t d |   n X| d d }	 y t |	  \ }
 } } Wn! t k
 rt d |	   n Xy( t j | | d	 |  j d
 |  j } Wn! t k
 rft d |   n X| d  k r|d } n  t j j |  st d |   n  t j j | d  } t j j |  st j |  n  t j j | |  } t j j |  rt d |   n  y! t j |  t | | |  Wn" t k
 rW} t d |   n X|  j j d |  d  S(   NR   s   ldap://i   R=   i    s   GPO '%s' does not existRM   s   Invalid GPO path (%s)R   R   s"   Error connecting to '%s' using SMBs   /tmps'   Temoprary directory '%s' does not existR   s8   GPO directory '%s' already exists, refusing to overwrites   Error copying GPO from DCs   GPO copied to %s
(   R   R   R   Rc   R   R0   R   R   R>   R   RZ   R   R   R   Rs   Rp   R   t   SMBR<   Rv   Rw   Rx   R#   Ry   R   R   R   (   R   RC   R   t   tmpdirR   R   R   t   dc_hostnameR   Rq   t   dom_namet   servicet	   sharepathR   R   t   gpodirR   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR   2  sJ    

(	N(   R   R   R   R   R)   R   R   R   R   R   R   R`   R   R<   R   (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR      s   

	t
   cmd_createc           B   s   e  Z d  Z d Z i e j d 6e j d 6e j d 6Z d g Z	 e
 d d d d	 e e
 d
 d d d	 e g Z d d d d d d  Z RS(   s   Create an empty GPO.s   %prog <displayname> [options]R   R   R   RS   s   -HR   s%   LDB URL for database or target serverR   s   --tmpdirs,   Temporary directory for copying policy filesc   "      C   s7  | j    |  _ | j |  j d t |  _ t d |  j d |  j  } | r | j d  r | d } | |  _ t j	 t j
 Bt j B}	 | j d | d |	  }
 nb t j	 t j
 Bt j B}	 | j d |  j j d	  d |	  }
 |
 j } t |  j |  j d
 | |  _ t |   t |  j d | } | j d k rBt d |   n  t t j    } d | j   } |
 j } d | | | f } | d  k rd } n  t j j |  st d |   n  t j j | d  } t j j |  st j |  n  t j j | |  } t j j |  r+t d |   n  yt t j |  t j t j j | d   t j t j j | d   d } t  t j j | d  d  j! |  Wn" t" k
 r} t d |   n Xt# |  \ } } } y( t$ j% | | d |  j d |  j } Wn& t" k
 r)} t d | |   n X|  j j&   yt' |  j |  } t( j)   } | | _* t( j+ d t( j, d  | d <|  j j- |  t( j)   } t( j. |  j d t |   | _* t( j+ d t( j, d  | d <|  j j- |  t( j)   } t( j. |  j d  t |   | _* t( j+ d t( j, d  | d <|  j j- |  t/ j0 t/ j1 Bt/ j2 B} t |  j d! | d" | d } | d# d } t3 t/ j4 |  j5   } t/ j6 |  j j7    } t8 | |  } t/ j4 j9 | |  } t: | |  t/ j0 t/ j1 Bt/ j2 Bt/ j; B}  | j< | | |   t= | | |  t( j)   } | | _* t( j+ | t( j> d$  | d% <t( j+ | t( j> d&  | d' <t( j+ d( t( j> d)  | d* <t( j+ d+ t( j> d,  | d- <t( j+ d( t( j> d  | d. <d/ g }! |  j j? | d0 |! Wn! t" k
 r|  j j@     n X|  j jA   |  jB j! d1 | | f  d  S(2   NR   R   R   s   ldap://i   t   addressR%   t   domaint   realmR=   RS   i    s%   A GPO already existing with name '%s's   {%s}s   \\%s\sysvol\%s\Policies\%ss   /tmps'   Temporary directory '%s' does not existR   s8   GPO directory '%s' already exists, refusing to overwritet   Machinet   Users   [General]
Version=0
s   GPT.INIRu   s   Error Creating GPO filess"   Error connecting to '%s' using SMBt   groupPolicyContainerR   t   a01s
   CN=User,%sR   s   CN=Machine,%sRC   RT   RI   RL   t   a02RM   t   a03R   RJ   t   a05t   2t   gpcFunctionalityVersiont   a07t   a04s   permissive_modify:0RN   s   GPO '%s' created as %s
(C   R   R   R   Rc   R   R   R0   R   R   t   NBT_SERVER_LDAPt   NBT_SERVER_DSt   NBT_SERVER_WRITABLEt   finddct   gett   pdc_dns_nameR>   R   RZ   R   t   countR   R`   t   uuidt   uuid4t   uppert
   dns_domainR<   Rv   Rw   Rx   R#   Ry   R~   R   R   Rs   R   R   t   transaction_startRD   RA   Rd   R-   Re   R   t   addRB   R   R   R   R   R   R   R   t   dom_sidt   get_domain_sidR   t	   from_sddlR   t   SECINFO_PROTECTED_DACLt   set_aclR   Rf   Rh   t   transaction_cancelt   transaction_commitR   ("   R   RS   R   R   R   R   R   t   netR   R%   t	   cldap_retR   t   guidRC   R   t   unc_pathR   R   t   gpt_contentsR   R   R   R   R   Rk   Rl   t   ds_sd_flagst	   ds_sd_ndrt   ds_sdt
   domain_sidt   sddlt   fs_sdt   sioRN   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR   {  s    
	

$	
		)(	""

		N(   R   R   R   R   R)   R   R   R   R   R   R   R`   R   R<   R   (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR   i  s   

	t   cmd_delc           B   sq   e  Z d  Z d Z i e j d 6e j d 6e j d 6Z d g Z	 e
 d d d d	 e g Z d d d d d
  Z RS(   s   Delete a GPO.s   %prog <gpo> [options]R   R   R   RC   s   -HR   s%   LDB URL for database or target serverR   c         C   s  | j    |  _ | j |  j d t |  _ | rU | j d  rU | d } | |  _ n3 t |  j |  j  } t |  j |  j d | |  _ t	 |   y+ t
 |  j d | d } | d d } Wn! t k
 r t d |   n Xt |  \ }	 }
 } y( t j | |
 d	 |  j d
 |  j } Wn& t k
 rF} t d | |   n X|  j j   y t |  j |  } t |  r|  j j d |  x@ | D]5 } t |  j | d |  |  j j d | d  qWn  t |  j |  } |  j j t j |  j d t |    |  j j t j |  j d t |    |  j j |  | j |  Wn! t k
 rq|  j j     n X|  j j   |  j j d |  d  S(   NR   s   ldap://i   R=   RC   i    RM   s   GPO '%s' does not existR   R   s"   Error connecting to '%s' using SMBs   GPO %s is linked to containers
R-   s       Removed link from %s.
s
   CN=User,%ss   CN=Machine,%ss   GPO %s deleted.
(   R   R   R   Rc   R   R0   R   R   R>   R   RZ   R   R   R   Rs   R   R   R  R\   R/   R   R   Rn   RD   t   deleteRA   RB   R`   t   deltreeR  R  (   R   RC   R   R   R   R   R   R   R  R   R   R   R   R   Rl   Rk   (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR     sH    

())N(   R   R   R   R   R)   R   R   R   R   R   R   R`   R   R<   R   (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR%    s   

		t   cmd_aclcheckc           B   sw   e  Z d  Z d Z i e j d 6e j d 6e j d 6Z e	 d d d d d	 e
 d
 d d d g Z d d d d d  Z RS(   s.   Check all GPOs have matching LDAP and DS ACLs.s   %prog [options]R   R   R   s   -Hs   --URLR   s%   LDB URL for database or target serverR   R   R   R   R   c      	   C   s  | j    |  _ | j |  j d t |  _ t |  j |  j |  |  _ | rp | j d  rp | d } | |  _ n3 t |  j |  j  } t |  j |  j d | |  _ t	 |   t
 |  j d   } xU| D]M} | d d } y t |  \ }	 }
 } Wn! t k
 rt d |   n Xy( t j | |
 d |  j d	 |  j } Wn! t k
 rbt d
 |   n X| j | t j t j Bt j Bt j  } | d d } t t j |  j   } t j |  j j    } t | |  } | j |  | k r t d | j |  | | f   q q Wd  S(   NR   s   ldap://i   R=   RM   i    s   Invalid GPO path (%s)R   R   s"   Error connecting to '%s' using SMBRI   s-   Invalid GPO ACL %s on path (%s), should be %s(   R   R   R   Rc   R   R>   R   R0   R   R   RZ   R   R<   Rs   Rp   R   R   R   R   t   get_aclR   R   R   R   t   SEC_FLAG_MAXIMUM_ALLOWEDR   R   R   R  R  R   (   R   R   R   R   R   R   R   Rl   Rq   R   R   R   R   R#  R  R   R!  t   expected_fs_sddl(    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR   [  s6    

()N(   R   R   R   R   R)   R   R   R   R   R   R`   R   R<   R   (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR(  K  s   

t   cmd_gpoc           B   s   e  Z d  Z i  Z e   e d <e   e d <e   e d <e   e d <e   e d <e	   e d <e
   e d <e   e d <e   e d	 <e   e d
 <e   e d <e   e d <e   e d <RS(   s%   Group Policy Object (GPO) management.t   listallR{   t   showt   getlinkt   setlinkt   dellinkt   listcontainerst   getinheritancet   setinheritancet   fetcht   createt   delt   aclcheck(   R   R   R   t   subcommandsR   R   R   R   R   R   R   R   R   R   R   R%  R(  (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyR,    s   (D   Rv   t   samba.getoptt   getoptR)   RA   t
   samba.authR    t   samba.netcmdR   R   R   R   t   samba.samdbR   R   R   t   samba.dcerpcR   t	   samba.ndrR   t   samba.securityR	   R
   R   t   samba.netcmd.commonR   R   R   R  t   samba.ntaclsR   R   t	   samba.netR   R   R   R'   R*   R8   R;   R<   R>   RD   R   R   R   t   SECINFO_SACLRZ   R\   Rn   Rs   R   R   R   R   R   R   R   R   R   R   R   R   R   R   R%  R(  R,  (    (    (    s4   /usr/lib/python2.7/dist-packages/samba/netcmd/gpo.pyt   <module>   s`   "	
		
	
					$(		&					%s0/Z'$,6IL>