g QSSKrSSKJr SSKJr SSKJr SSKJr SSK J r J r J r J r Jr SrSrS S S S S SSSSSSSSSSS.r\ S\ S\ S\ S\S0r\ S\ S\ S\ S\S 0r/r"S!S"\5r"S#S$\5rg)%N) b64encode)sd_utils)security)'get_managed_service_accounts_descriptor)DS_DOMAIN_FUNCTION_2008DS_DOMAIN_FUNCTION_2008_R2DS_DOMAIN_FUNCTION_2012DS_DOMAIN_FUNCTION_2012_R2DS_DOMAIN_FUNCTION_2016KYz$5e1574f6-55df-493e-a671-aaeffca6a100z$d262aae8-41f7-48ed-9f35-56bbb677573dz$82112ba0-7e4c-4a44-89d9-d46c9612bf91z$c3c927a6-cc1d-47c0-966b-be8f9b63d991z$54afcfb9-637a-4251-9f47-4d50e7021211z$f4728883-84dd-483c-9897-274f2ebcf11ez$ff4f9d27-7157-4cb0-80a9-5d6f2b14c8ffz$83c53da7-427e-47a4-a07a-a324598b88f7z$c81fc9cc-0130-4fd1-b272-634d74818133z$e5f9e791-d96d-4fc9-93c9-d53e1dc439baz$e6d5fd00-385d-4e65-b02d-9da3493ed850z$3a6b3fbf-3168-4312-a10d-dd5b3393952dz$7f950403-0ab3-47f9-9730-5d7b0269f9bdz$434bb40d-dbc9-4fe7-81d4-d57229f7b080z$a0c238ba-9e30-4ee6-80a6-43f731e9a5cd)r LMNOPQRSTUVWXr Jrr c\rSrSrSrg)DomainUpdateExceptionrN)__name__ __module__ __qualname____firstlineno____static_attributes__r#5/usr/lib/python3/dist-packages/samba/domain_update.pyr"r"Wsr)r"c\rSrSrSrSSjrSSjrSrSSjrSr S r S r S r S r S rSrSrSrSrSrSrSrSrSrSrSrSrSrg) DomainUpdate[z2Check and update a SAM database for domain updatescXlX lX0lX@lSUlURR 5UlURR5UlURR5Ul [R"U5Ul [R"UR55UlURR!5UlUR"R%S5 URR!5UlUR,R%S5 g![&R(a [+S5ef=f![&R(a [+S5ef=f)a :param samdb: LDB database :param fix: Apply the update if the container is missing :param new_install: Apply the update as per a new install (see op 88) :param add_update_container: Add the container at the end of the change :raise DomainUpdateException: Fz(CN=Operations,CN=DomainUpdates,CN=Systemz+Failed to add domain update container childz3CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=Systemz#Failed to add revision object childN)samdbfix new_installadd_update_containercheck_update_appliedget_config_basedn config_dn domain_dnget_schema_basedn schema_dnrSDUtilsrdom_sidget_domain_sid domain_sidget_root_basedndomainupdate_container add_childldbLdbErrorr"revision_object)selfr/r0r1r2s r*__init__DomainUpdate.__init__^s2 &$8!$)!557--/557 ((/ "**5+?+?+AB&*jj&@&@&B# W  ' ' 1 12\ ] $zz99; O  * *+` a || W'(UV V W || O'(MN N Os!D8E8 E E;NcURRURS/[RS9n[ UnU(a[ UnUS- nO[ nURXe5 [Un[USSS5nU(a[X:aUUR(d[SUU4-5eURRS[UR5U4-5 ggg)z Apply all updates for a given old and new functional level :param functional_level: constant :param old_functional_level: constant :param update_revision: modify the stored version :raise DomainUpdateException: revision)baseattrsscoperzERevision is not high enough. Fix is set to False. Expected: %dGot: %dz9dn: %s changetype: modify replace: revision revision: %d N)r/searchrBr@ SCOPE_BASEfunctional_level_to_max_update MIN_UPDATEcheck_updates_rangefunctional_level_to_versionintr0r" modify_ldifstr) rCfunctional_levelold_functional_levelupdate_revisionresexpected_update min_updateexpected_version found_versions r*check_updates_functional_level+DomainUpdate.check_updates_functional_levelsjjT%9%9'1l#.. J99IJ 78LMJ !OJ#J   =67GHCF:.q12 }?88+-DGWGTGV-VWW JJ " "$ 4   "23 $4 5 @?r)c~UH7nU[:d U[:a [S5e[USU-5"U5 M9 g)z Apply a list of updates which must be within the valid range of updates :param iterator: Iterable specifying integer update numbers to apply :raise DomainUpdateException: Update number invalid. operation_%dN)rO MAX_UPDATEr"getattr)rCiteratorops r*check_updates_iterator#DomainUpdate.check_updates_iterators= BJ"z/+,DEE D.2- .r 2 r)cUnU[:dX:d U[:a [S5eX2::a,U[;a[ USU-5"U5 US- nX2::aM+gg)z Apply a range of updates which must be within the valid range of updates :param start: integer update to begin :param end: integer update to end (inclusive) :raise DomainUpdateException: r`rarKN)rOrbr"missing_updatesrc)rCstartendres r*rP DomainUpdate.check_updates_rangesY : j0@'(@A Ai(nr1226 !GB ir)cfS[U<SUR<3nURRU[R /S9n[U5S:Xde[SU[U4-5 g![R a-nURupVU[R:waeSnAgSnAff=f) zL :param op: Integer update number :return: True if update exists else False zCN=,)rHrJrINFrKzSkip Domain Update %u: %sT) update_mapr>r/rLr@rMrAargsERR_NO_SUCH_OBJECTlenprint)rCre update_dnrXenummsgs r* update_existsDomainUpdate.update_existss #-R.$2M2MN  **##*-..*,$.C3x1}} )RB,@@A|| JSc,,,  s)A//B0#B++B0cURRS[U<S[UR5<S35 [ SU[U4-5 g)zW Add the corresponding container object for the given update :param op: Integer update zdn: CN=rnz objectClass: container zApplied Domain Update %u: %sN)r/add_ldifrorTr>rsrCres r* update_addDomainUpdate.update_addsH "~s46679 : ,JrN/CCDr)cBUR(d[SU-5eg)zc Raises an exception if not set to fix. :param op: Integer operation :raise DomainUpdateException: z3Missing operation %d. Fix is currently set to FalseN)r0r"r|s r*raise_if_not_fixDomainUpdate.raise_if_not_fixs" xx'(]`b(bc cr)cURU5(agURU5 URRSUR-SS/S9 UR (aUR U5 gg)NzVdn: CN=TPM Devices,%s objectClass: top objectClass: msTPM-InformationObjectsContainer relax:0 provision:0controls)rxrr/r{r6r2r}r|s r* operation_78DomainUpdate.operation_78su   b ! !  b!  nn'0%?  A  $ $ OOB  %r)cURU5(agURU5 SnURRURU/S9 UR (aUR U5 gg)NzY(OA;CIIO;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;PS)add_acesrxrrupdate_aces_in_daclr6r2r}rCreaces r* operation_79DomainUpdate.operation_79s`   b ! !  b!i ))$..C5)I  $ $ OOB  %r)cURU5(agURU5 SnURRURU/S9 UR (aUR U5 gg)Nz1(OA;;CR;3e0f7e18-2c7a-4c10-ba82-4d926db99a3e;;CN)rrrs r* operation_80DomainUpdate.operation_80s`   b ! !  b!A ))$..C5)I  $ $ OOB  %r)cURU5(agURU5 SnURRURU/S9 UR (aUR U5 gg)Nz7(OA;CIOI;RPWP;3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;PS)rrrs r* operation_81DomainUpdate.operation_81s`   b ! !  b!G ))$..C5)I  $ $ OOB  %r)cpURU5(agURU5 [UR5n[ U5R S5nS[ UR5-nURRSU<SU<3SS/S9 UR(aURU5 gg)Nutf8CN=Managed Service Accounts,%sdn: z changetype: add objectClass: container description: Default container for managed service accounts showInAdvancedViewOnly: FALSE nTSecurityDescriptor:: rrr) rxrrr<rdecoderTr6r/rSr2r})rCre descriptormanagedservice_descrmanaged_service_dns r* operation_75DomainUpdate.operation_75's   b ! !  b!>.  0  @  $ $ OOB  %r)cVURU5(agURU5 S[UR5-nSnUS- nUS- nUS- nUS- nUS- nUS- nS U<S U<S 3nURR U5 UR (aURU5 gg) N CN=Keys,%szO:DAzD:z&(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)z&(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)z&(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)z&(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DD)z&(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;ED) dn: z objectClass: container description: Default container for key credential objects ShowInAdvancedViewOnly: TRUE nTSecurityDescriptor: r)rxrrTr6r/r{r2r})rCrekeys_dnsddlldifs r* operation_82DomainUpdate.operation_82rs   b ! !  b!T^^!44   88 88 88 88 88  D!  $ $ OOB  %r)cURU5(agURU5 S[UR5-nS/nUS/- nURR X#S9 UR (aURU5 gg)Nrz&(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;KA)&(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EK)r)rxrrTr6rrr2r})rCreracess r* operation_83DomainUpdate.operation_83s|   b ! !  b!T^^!449: 9:: ))')A  $ $ OOB  %r)c<URU5(agURU5 S[UR5-nS[UR5<SU<S3nURR U5 UR (aURU5 gg)Nrrzl changetype: modify add: otherWellKnownObjects otherWellKnownObjects: B:32:683A24E2E8164BD3AF86AC3C2CF3F981:rr)rCrerrs r* operation_84DomainUpdate.operation_84s|   b ! !  b!T^^!44 4>>G % t$  $ $ OOB  %r)c URU5(agURU5 S/nUS[UR5-/- nURR UR US9 UR(aURU5 gg)Nz5(OA;CI;RPWP;5b47d60f-6090-40b2-9f37-2a4de88f3063;;KA)z9(OA;CI;RPWP;5b47d60f-6090-40b2-9f37-2a4de88f3063;;%s-527)r rxrrTr<rrr6r2r}rCrers r* operation_85DomainUpdate.operation_85s   b ! !  b!HI LT__%&' ' ))$..4)H  $ $ OOB  %r)cURU5(agURU5 S/nUS/- nURRURUS9 UR (aUR U5 gg)NzY(OA;CIIO;SW;9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;PS)zY(OA;CIIO;SW;9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;CO)rrrs r* operation_86DomainUpdate.operation_86so   b ! !  b!lm lmm ))$..4)H  $ $ OOB  %r)cURU5(agURU5 S[UR5-/nS/nURR UR UUS9 UR(aURU5 gg)Nz*(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;%s-527)rdel_acesrrrCrerrs r* operation_87DomainUpdate.operation_87s   b ! !  b!A()*<= ))$..3;3; * =  $ $ OOB  %r)c"URU5(agURU5 UR(aSnOSnSURSUS3nURR U5 UR (aURU5 gg)NTRUEFALSErzr changetype: modify add: msDS-ExpirePasswordsOnSmartCardOnlyAccounts msDS-ExpirePasswordsOnSmartCardOnlyAccounts: r)rxrr1r6r/rSr2r})rCre expire_valuers r* operation_88DomainUpdate.operation_88s   b ! !  b!   !L"L ^^./;^<  t$  $ $ OOB  %r)cURU5(agURU5 S/nS/nURRURUUS9 UR (aUR U5 gg)Nrz5(OA;CI;RPWP;5b47d60f-6090-40b2-9f37-2a4de88f3063;;EK)rrrs r* operation_89DomainUpdate.operation_89:su   b ! !  b! ==KL ))$..3;3; * =  $ $ OOB  %r)) r2r3r5r6r<r>r0r1rBr/r8r)FFT)NF)rr)r$r%r&r'__doc__rDr]rfrPrxr}rrrrrrrrrrrrrrrrr(r#r)r*r,r,[s<"'"&*"OJ=A7<"5H 3"(Ed        " , &  D H  * >  .  , > H r)r,)r@base64rsambar samba.dcerpcrsamba.descriptorr samba.dsdbrrr r r rOrbrorNrQri Exceptionr"objectr,r#r)r*rs& !   /...... / /......5 >RRR "QQR  I o 6o r)