9hSSKrSSKrSSKrSSKrSSKrSSKr\R RSS5 SSKJ r SSK J r SSK J r SSKrSSKJr SSKJrJr SSKJs Jr SSKrSSKJr SS KJr SS KJr SSKJ r SS K!J"r" SS K#J$r$ SS KJ%r% SSK&J'r' SSK(J)r) SSK*J+r+ SSK,J-r- SSK.r.SSKJ/r/ SSK0J1r1 SSK2J3r3 SSK4r4SSK5J6r6J7r7J8r8J9r9J:r: SSK2J;r;Jr> SSK?rSS KJr SSK@J@r@ SSKAJBrB \B"SS5rC"SS5rE"SS 5rF"S!S"\G5rH"S#S$\H5rI"S%S&\H5rJ"S'S(\H5rK"S)S*\G5rL"S+S,\L5rM"S-S.\L5rNS/rOS0rP"S1S25rQS3rRS4rSS5rTS6rUS7rVS8rWS9rXS:rYS;rZS<r[S=r\SKS>jr]S?r^SLS@jr_SAr`SBraSCrbSDrcSMSEjrdSNSFjreSNSGjrfSHrgSIrhSNSJjrig!\Da "SS5rCNf=f)ONz bin/python) WERRORError) ConfigParser)StringIO) get_bytes)ABCMetaabstractmethod)Net)nbt)libsmb_samba_internal)UUID)NamedTemporaryFile)preg) ndr_unpack)SMB_SIGNING_REQUIREDlog)blake2b) get_string)SamDB)system_session)UF_WORKSTATION_TRUST_ACCOUNTUF_SERVER_TRUST_ACCOUNTGPLINK_OPT_ENFORCEGPLINK_OPT_DISABLEGPO_BLOCK_INHERITANCE) AUTH_SESSION_INFO_DEFAULT_GROUPSAUTH_SESSION_INFO_AUTHENTICATED#AUTH_SESSION_INFO_SIMPLE_PRIVILEGES)security)datetime)EnumGPOSTATEzAPPLY ENFORCE UNAPPLYc \rSrSrSrSrSrSrg)r"<N)__name__ __module__ __qualname____firstlineno__APPLYENFORCEUNAPPLY__static_attributes__r(2/usr/lib/python3/dist-packages/samba/gp/gpclass.pyr"r"<sr1c^\rSrSrSrSSjrSrSrSrSr S r S r S r S r S rSrSrg)gp_logBaZLog settings overwritten by gpo apply The gp_log is an xml file that stores a history of gpo changes (and the original setting value). The log is organized like so: -864000000000 -36288000000000 7 1 1d 300 Each guid value contains a list of extensions, which contain a list of attributes. The guid value represents a GPO. The attributes are the values of those settings prior to the application of the GPO. The list of guids is enclosed within a user name, which represents the user the settings were applied to. This user may be the samaccountname of the local computer, which implies that these are machine policies. The applylog keeps track of the order in which the GPOs were applied, so that they can be rolled back in reverse, returning the machine to the state prior to policy application. Ncp[RUlX lXlU(a[ R "U5UlO[ R"S5UlXl URRSU-5nUc0[ R"URS5nXRS'gg)a6Initialize the gp_log param user - the username (or machine name) that policies are being applied to param gpostore - the GPOStorage obj which references the tdb which contains gp_logs param db_log - (optional) a string to initialize the gp_log gpuser[@name="%s"]Nusername) r"r-_stategpostoreusernameetree fromstringgpdbElementr9find SubElementattrib)selfr9r<db_loguser_objs r2__init__gp_log.__init__hsnn   ((0DI d+DI 99>>"4t";<  '' 6:H&*OOF # r1cU[R:XahURRSUR-5nURS5nUb[ U5S:Xa[R UlgXlgXlg)aPolicy application state param value - APPLY, ENFORCE, or UNAPPLY The behavior of the gp_log depends on whether we are applying policy, enforcing policy, or unapplying policy. During an apply, old settings are recorded in the log. During an enforce, settings are being applied but the gp_log does not change. During an unapply, additions to the log should be ignored (since function calls to apply settings are actually reverting policy), but removals from the log are allowed. r8applylogNr)r"r.r@rBr9lenr-r;)rEvaluerG apply_logs r2state gp_log.state}sb H$$ $yy~~&8499&DEH j1I C Na$7&nn # Kr1cUR$)zCheck the GPOSTATE )r;rEs r2 get_stategp_log.get_states{{r1c"XlURRSUR-5nURSU-5nUc%[R "US5nXR S'UR[R:XaURS5nUc[R "US5nURSU-5nUcD[R "US5nS[U5S- -UR S 'XR S'ggg) zLog to a different GPO guid param guid - guid value of the GPO from which we're applying policy r8guid[@value="%s"]NguidrMrKz%dr%count) rWr@rBr9r>rCrDr;r"r-rL)rErWrGobjrNprevitems r2set_guidgp_log.set_guids  99>>"4tyy"@Amm/$67 ;""8V4C"&JJw  ;;(.. ( j1I !,,XzB >>"5"<=D|'' 6:'+s9~/A'B G$'+ G$ )r1cUR[R:XdUR[R:XagURR SUR -5nUR SUR-5nUcS5eUR SU-5nUc%[R"US5nXRS'UR SU-5nUc,[R"US 5nX'RS'X7l gg) zStore an attribute in the gp_log param gp_ext_name - Name of the extension applying policy param attribute - The attribute being modified param old_val - The value of the attribute prior to policy application Nr8rVgpo guid was not setgp_ext[@name="%s"]gp_extr:attribute[@name="%s"] attribute) r;r"r/r.r@rBr9rWr>rCrDtext)rE gp_ext_namercold_valrGguid_objextattrs r2store gp_log.stores ;;(** *dkkX=M=M.M99>>"4tyy"@A==!4tyy!@A#;%;;#mm0;>? ;""8X6C!,JJv xx/);< <##C5D"+KK I r1cURRSUR-5nURSUR-5nUcS5eURSU-5nUb#URSU-5nUb UR$g)aRetrieve a stored attribute from the gp_log param gp_ext_name - Name of the extension which applied policy param attribute - The attribute being retrieved return - The value of the attribute prior to policy application r8rVNr_r`rb)r@rBr9rWrdrErercrGrgrhris r2retrievegp_log.retrieves99>>"4tyy"@A==!4tyy!@A#;%;;#mm0;>? ?883i?@Dyy r1cTURRSUR-5nURSUR-5nUcS5eURSU-5nUb;UR S5nUVs0sHofR SUR _M sn$0$s snf)zRetrieve all stored attributes for this user, GPO guid, and CSE param gp_ext_name - Name of the extension which applied policy return - The values of the attributes prior to policy application r8rVr_r`rcr:)r@rBr9rWfindallrDrd)rErerGrgrhattrsris r2 retrieve_allgp_log.retrieve_alls 99>>"4tyy"@A==!4tyy!@A#;%;;#mm0;>? ?KK ,E?DEutKK'2uE E Fs=#B%cf/nURRSUR-5nUb~URS5nUbjURS5nUVs/sH%nUR S5UR S54PM' nnUR SS9 UR SU55 U$s snf) zReturn a list of applied ext guids return - List of guids for gpos that have applied settings to the system. r8rKz guid[@count]rXrMT)reversec3*# UH upUv M g7fNr().0rXrWs r2 +gp_log.get_applied_guids..sD^keT^s)r@rBr9rqgetsortextend)rEguidsrGrN guid_objsgguids_by_counts r2get_applied_guidsgp_log.get_applied_guidss 99>>"4tyy"@A   j1I$%--n= +4"6+4a$%55>155>"B+4"6##D#1 D^DD "6s,B.c/nURRSUR-5nUHnURSU-5nURS5n0nUHKn0n URS5n U Hn U RXR S'M XUR S'MM UR XG45 M U$)a@Return a list of applied ext guids return - List of tuples containing the guid of a gpo, then a dictionary of policies and their values prior policy application. These are sorted so that the most recently applied settings are removed first. r8rVrarcr:)r@rBr9rqrdrDappend) rErretrGrW guid_settingsextssettingsrh attr_dictrrris r2get_applied_settingsgp_log.get_applied_settingss99>>"4tyy"@AD$MM*=*DEM ((2DH  K0!D59YYIkk&12"/8F+,  JJ' ( r1chURRSUR-5nURSUR-5nUcS5eURSU-5nUbKURSU-5nUb3UR U5 [ U5S:XaUR U5 gggg)zRemove an attribute from the gp_log param gp_ext_name - name of extension from which to remove the attribute param attribute - attribute to remove r8rVNr_r`rbr)r@rBr9rWremoverLrms r2delete gp_log.delete s 99>>"4tyy"@A==!4tyy!@A#;%;;#mm0;>? ?883i?@D 4 s8q=OOC(!  r1cURRUR[R"UR S55 g)zWrite gp_log changes to disk utf-8N)r<rjr=r>tostringr@rRs r2commit gp_log.commits) DMM5>>$))W+MNr1)r;r@r<rWr9r=rx)r)r*r+r,__doc__rHrOrSr\rjrnrsrrrrr0r(r1r2r4r4Bs@$J+* , ,* ," ",)"Or1r4cP\rSrSrSrSrSrSrSrSr Sr S r S r S r S rg ) GPOStoragei c[RRU5(a[R"U5Ulg[R "US[R[R[R-5Ulg)Nr) ospathisfiletdbopenrTdbDEFAULTO_CREATO_RDWR)rElog_files r2rHGPOStorage.__init__!sL 77>>( # #xx)DHwwxCKKbii9OPDHr1c8URR5 grx)rtransaction_startrRs r2startGPOStorage.start's ""$r1c~[URR[U555$![a gf=frx)intrr|r TypeErrorrEkeys r2get_intGPOStorage.get_int*s5 txx||IcN34 4  s ,/ <<cJURR[U55$rx)rr|rrs r2r|GPOStorage.get0sxx||IcN++r1c ^[XURR[U555$rx)r4rr|r)rEr9s r2 get_gplogGPOStorage.get_gplog3s d$((,,y"?@@r1c`URR[U5[U55 grx)rrjr)rErvals r2rjGPOStorage.store6s y~y~6r1c8URR5 grx)rtransaction_cancelrRs r2cancelGPOStorage.cancel9 ##%r1cLURR[U55 grx)rrrrs r2rGPOStorage.delete<s  #'r1c8URR5 grx)rtransaction_commitrRs r2rGPOStorage.commit?rr1c8URR5 grx)rcloserRs r2__del__GPOStorage.__del__Bs r1rN)r)r*r+r,rHrrr|rrjrrrrr0r(r1r2rr s6Q % ,A7&(&r1rcd\rSrSr\rSr\S5r\S5r Sr \S5r \S5r Sr g ) raiFcTXlX lX0lURU5Ulgrx)lpcredsr=rgp_db)rErrr=rjs r2rHgp_ext.__init__Is!  __X. r1cgrxr()rEdeleted_gpo_listchanged_gpo_lists r2process_group_policygp_ext.process_group_policyO r1cgrxr()rEpolicys r2read gp_ext.readSrr1cURRS5n[RR U[ U5R 55n[RRU5(aURU5$g)N gpo_cache) r cache_pathrrjoincheck_safe_pathupperexistsr)rEafile local_path data_files r2parse gp_ext.parseWs]WW'' 4 GGLL_U-C-I-I-KL 77>>) $ $99Y' 'r1cgrxr(rRs r2__str__gp_ext.__str__^rr1c0$rxr()rEgpos r2rsop gp_ext.rsopbs r1)rrrr=N)r)r*r+r,r __metaclass__rHrrrrrrr0r(r1r2raraFsaM/       r1rac\rSrSrSrSrg) gp_inf_extigc`[US5nUR5nSSS5 [SS9n[UlUR [ WR555 U$!,(df  NM=f![a- UR [ WRS555 U$f=f)Nrb interpolationutf-16) rrrstr optionxform read_filerdecodeUnicodeDecodeError)rErfrinf_confs r2rgp_inf_ext.readhs )T "aVVXF#d3" B   x 8 9# " " B   x h(?@ A BsA%(A6% A363B-,B-r(Nr)r*r+r,rr0r(r1r2rrgs r1rc\rSrSrSrSrg) gp_pol_extitc[US5nUR5nSSS5 [[RW5$!,(df  N(=f)Nr)rrrrfilerErrraws r2rgp_pol_ext.readus8 )T "a&&(C#$))S))# "s A Ar(Nrr(r1r2rrts*r1rc\rSrSrSrSrg) gp_xml_exti{c"[US5nUR5nSSS5 [R"WR 55$!,(df  N3=f![ a( [R"WR S55s$f=f)Nrr)rrr>r?rrrs r2rgp_xml_ext.read|sm )T "a&&(C# :##CJJL1 1# "" :##CJJx$89 9 :sA #A A/B Br(Nrr(r1r2rr{s:r1rcp\rSrSrSr\rSrSrSr Sr Sr Sr S r \S 5r\S 5rSS jrSrg ) gp_applierizGroup Policy Applier/Unapplier/Modifier The applier defines functions for monitoring policy application, removal, and modification. It must be a multi-derived class paired with a subclass of gp_ext. cURRU5 URR[U5X#5 URR 5 g)a$Add an attribute and value to the Group Policy cache guid - The GPO guid which applies this policy attribute - The attribute name of the policy being applied value - The value of the policy being applied Normally called by the subclass apply() function after applying policy. N)rr\rjrrrErWrcrMs r2cache_add_attributegp_applier.cache_add_attributes> D! TI5 r1cURRU5 URR[U5U5 URR 5 g)zRemove an attribute from the Group Policy cache guid - The GPO guid which applies this policy attribute - The attribute name of the policy being unapplied Normally called by the subclass unapply() function when removing old policy. N)rr\rrrrErWrcs r2cache_remove_attribute!gp_applier.cache_remove_attributes> D! #d)Y/ r1cURRU5 URR[U5U5$)zRetrieve the value stored in the cache for the given attribute guid - The GPO guid which applies this policy attribute - The attribute name of the policy )rr\rnrr s r2cache_get_attribute_value$gp_applier.cache_get_attribute_values1 D!zz""3t9i88r1cURRU5 URR[U55$)zxRetrieve all attribute/values currently stored for this gpo+policy guid - The GPO guid which applies this policy )rr\rsr)rErWs r2cache_get_all_attribute_values)gp_applier.cache_get_all_attribute_valuess/ D!zz&&s4y11r1c6URR5$)zCReturn the current apply state return - APPLY|ENFORCE|UNAPPLY )rrSrRs r2cache_get_apply_state gp_applier.cache_get_apply_stateszz##%%r1cSR/UQVs/sHn[U5PM sn5n[[U5U-5R5$s snf)aGenerate an attribute name from arbitrary data name - A name to ensure uniqueness args - Any arbitrary set of args, str or bytes return - A blake2b digest of the data, the attribute The importance here is the digest of the data makes the attribute reproducible and uniquely identifies it. Hashing the name with the data ensures we don't falsely identify a match which is the same text in a different file. Using this attribute generator is optional. r1rrr hexdigest)rEr:argsargdatas r2generate_attributegp_applier.generate_attributesKxx7T7;7C37;<yt+,6688F <4 224@E  T5;F;!::4@H$,NN$4 K!O (;IMi&;LL%B6B%5r1r()NN)r)r*r+r,rrrr rrrrrr"rr%r)r2r0r(r1r2rrs_ M  92& 9)      Cr1rc$\rSrSrSrSrSrSrg)gp_misc_applieriz:Group Policy Miscellaneous Applier/Unapplier/Modifier c [R"S5nUR5H+up4[R"X#5n[ U5UlM- [ [R "US55$)Nrr)r>rAr.rCrrdr)rEr0rkvrs r2generate_valuegp_misc_applier.generate_value sU}}V$LLNDA""4+C!!}CH#%..w788r1c0n[R"U5nUR 5n[ U5 UHnUR X%R'M U$![Ra SU0s$[a 0s$f=f)Nrf)r>r? ParseErrorriternextrdtag)rErMvalsritrr[s r2 parse_valuegp_misc_applier.parse_values} ##E*D iik S D!YYDN  &u% % I sAB2 B?Br(N)r)r*r+r,rr9rBr0r(r1r2r5r5s9 r1r5c<\rSrSrSrSrSrS SjrSS.SjrS r g ) gp_file_applieri!z}Group Policy File Applier/Unapplier/Modifier Subclass of abstract class gp_applier for monitoring policy applied via a file. cLU/nURU5 URU5$rx)r~r)rE value_hashfilesseprs r2__generate_value gp_file_applier.__generate_value's#| Exx~r1cUcS/4$URU5nSUS;aSU4$US[U5S:aUSS4$/4$)zIParse a value return - A unique HASH, followed by the file list N/rr%)splitrL)rErMrIrs r2 __parse_valuegp_file_applier.__parse_value,s^ =8O{{3 $q'>: 7D A DH= =2= =r1:c[U5[:waURX45upSUH?n[RR U5(dM)[R "U5 MA URX5 grx)r,r-_gp_file_applier__parse_valuerrrunlinkr)rErWrcrHrI_rs r2r%gp_file_applier.unapply:sX ;$ ))%5HADww~~d## $ ##D4r1)rIcURX5nURXu5upX:wd`UR5[R:Xd>[ U V s/sH"n [ RRU 5PM$ sn 5(dURXU 5 OgU"U6n URX;U5n URXU 5 gs sn f)a applier_func MUST return a list of files created by the applier. This applier is for policies which only apply to a single file (with a couple small exceptions). This applier will remove any policy applied by this GPO which doesn't match the new policy. N) rrSrr"r.allrrrr% _gp_file_applier__generate_valuer ) rErWrcrGr(rIrrf old_val_hash old_val_filesrrH new_values r2r)gp_file_applier.applyCs00A&*&8&8&F#  &**,0@0@@MBMq*MBCC LL- 8 d#))*SA    )<Cs)Cr(N)rQ) r)r*r+r,rrYrSr%r)r0r(r1r2rErE!s'  >5KN==r1rEc[XS9nURURS5[R[R -S9nUR $)N)rrrealm)domainflags)r finddcr|r NBT_SERVER_LDAP NBT_SERVER_DS pdc_dns_name)rrnet cldap_rets r2get_dc_hostnamerh`sJ E !C "&&/#:M:M:=:K:K;L NI  ! !!r1ch[R"5n/SQnURS5(aURS5n[R [R -[R-nURU[RSUSU-/S9nURS:wa%[R"[R S5eXlS UR$S R'5;a#[)UR$S S S 5UlS UR$S R'5;a#[)UR$S S S 5UlS UR$S R'5;a(UR$S S S R/5UlS UR$S R'5;a(UR$S S S R/5UlSUR$S R'5;a(UR$S SS R/5UlSUR$S R'5;a#[7UR$S SS 5UlSUR$S R'5;a#[7UR$S SS 5UlSUR$S R'5;a-UR=[?UR$S SS 55 U$![a [R"S5 ef=f)N) cn displayNameragPCFileSysPathgPCFunctionalityVersiongPCMachineExtensionNamesgPCUserExtensionNames gPCWQLFilterr:nTSecurityDescriptor versionNumberzLDAP://(objectclass=*)z sd_flags:1:%d)controlsz4Failed to fetch gpo object with nTSecurityDescriptorr%zget_gpo: search failedrrrrarlrkr:rnrorq) rGROUP_POLICY_OBJECT startswithlstripr SECINFO_OWNER SECINFO_GROUP SECINFO_DACLsearchldb SCOPE_BASE ExceptionrerrorrXLdbErrorERR_NO_SUCH_OBJECTds_pathmsgskeysrversionoptionsr file_sys_path display_namer:rmachine_extensionsuser_extensions set_sec_descbytes)samdbgpo_dnrrrsd_flagsress r2get_gporjs !A E##y)&&&&'%%&Hll63>>3De%4x%?$@B  yyA~ll31135 5I#((1+**,, O4Q78 #((1+""$$ G,Q/0 388A;++--((1+&67:AAC ((**!]3A6==? !!!##!V$Q'..0!SXXa[%5%5%77"388A;/I#J1#MN#((1+"2"2"44 ,C DQ GH!!1!1!33 uSXXa[)?@CDE H1  HI s 4%L"L1c&\rSrSrSrSrSrSrg)GP_LINKicb/Ul/UlURU5 [U5Ulgrx) link_names link_optsgpo_parse_gplinkrgp_opts)rEgPLink gPOptionss r2rHGP_LINK.__init__s) f%9~ r1cUR5RS5HnU(aSU;aM[R"S5 UR S5nURS5up4[R"SR U55 [R"SR U55 UR RU5 URR[U55 M g)N];z!gpo_parse_gplink: processing link[zgpo_parse_gplink: link: {}zgpo_parse_gplink: opt: {}) rrNrdebugrwformatrrrr)rErp link_namelink_opts r2rGP_LINK.gpo_parse_gplinks&&s+A1  II9 : A"#''#, I II299)D E II188B C OO " "9 - NN ! !#h- 0,r1c[UR5[UR5:wa [S5e[UR5$)NzLink names and opts mismatch)rLrr RuntimeErrorrRs r2 num_linksGP_LINK.num_linkss7 t 3t~~#6 6=> >4??##r1)rrrN)r)r*r+r,rHrrr0r(r1r2rrs& 1$r1rcSS/nURUR5[RSR U5U5nUR S:wa4[R "[RSR U55e[URSSS5nURSSn[R"SR XQ55 XE4$)NdnuserAccountControlz(sAMAccountName={})r%z"Failed to find samAccountName '{}'rz!Found dn {} for samaccountname {}) r{get_default_basednr| SCOPE_SUBTREErrXrrrrrinfo)rsamaccountnamerrruacrs r2find_samaccountrs ' (E ,,u//133D3D,33NCU LC yyA~ll311 0 7 7 G   chhqk./2 3C !T BHH 0 7 7 KL 7Nr1cURU[RSSS/5nURS:wa%[R"[R S5eSUR S;a4[R"[RSRU55eUR SSSnSnSUR S;aUR SSSnO[R"S5 [X45$) Nrsrrr%zget_gpo_link: no resultrz2get_gpo_link: no 'gPLink' attribute found for '{}'z,get_gpo_link: no 'gPOptions' attribute found) r{r|r}rXrrrERR_NO_SUCH_ATTRIBUTErrrr)rlink_dnrrrs r2 get_gpo_linkrs ,,w(8[*A CC yyA~ll3113LMMsxx{"ll344 @ G G P  XXa[ "1 %FIchhqk!HHQK ,Q/  @A 6 %%r1c[UR5S- SS5GHnURU[-S:gn URU[-(a[ R "S5 MPU(a5U (d[ R "S5 Mv[ R "S5 [XRU5n [[RU R55n [RRX[R[R -[R"-5 [)U5U lXZlU (aUR/SU 5 OUR/SU 5 [ R "SXRU4-5 GM g![$a/n [ R "SU R&-5 Sn A GMSn A ff=f![0R2an U R4up[ R "S URU-5 U [0R6:Xa-[ R "S URU-5 Sn A GMRSn A gSn A ff=f) Nr%rzskipping disabled GPOzNskipping nonenforced GPO link because GPOPTIONS_BLOCK_INHERITANCE has been setzNadding enforced GPO link although the GPOPTIONS_BLOCK_INHERITANCE has been setz/skipping GPO "%s" as object has no access to itz7add_gplink_to_gpo_list: added GPLINK #%d %s to GPO listzfailed to get gpo: %szskipping empty gpo: %s)rangerrrrrrrrrr descriptorget_sec_desc_bufsamba access_checkSEC_STD_READ_CONTROL SEC_ADS_LISTSEC_ADS_READ_PROPr~rrlink link_typeinsertr|rrr)rgpo_listforced_gpo_listrgp_linkronly_add_forced_gpostokeni is_forcednew_gposec_desceenumestrs r2add_gplink_to_gpo_listrs  7$$&q("b 1&&q),>>1D   Q "4 4 II- .   )* )* Be%7%7%:;G %h&9&9&-&>&>&@B++H,4,I,I,4,A,A-B,4,F,F-GHwGC ;9: ~~fAAjj%%e29K&MG ))S3J-J'(>(>?&& I  y>S!9!9!;!B!B!DE E   ' ' *d 2 0 AIMN&u8 'u'0''*~~';D ??%::+/($$& - 2 I  y>S!9!9!;!B!B!DE E   ' ' *d 2 0 AIMN&u8 'u'0''*'9'9';D ??%::+/($$& - 2 )%bRG D CgMN&ug6 'u'.'*'7'7';D OOAs..~/=/2/@/@BC  ##M<<  vv t $ 4<<  vv t $ .<<  vv t $ ||    sl'$K21$L9' O5%NO2L6%L11L69M= %M88M=O%N?9O?OOOOc <UR5n[RRX5n[R"USS9 URU5GH nUS[R-(a.[X[RRX&S55 MMUSR5n[SUS9n[RRX&S5RSS5n URURU 55 UR!5 [R""UR$[RRXG55 GM g![ a*nUR [ R:waeSnAGNPSnAff=f) Ni)moderDr:F)rdirrMr)rrrrmakedirsOSErrorerrnoEEXISTr-libsmbFILE_ATTRIBUTE_DIRECTORY cache_gpo_dirr replacewriteloadfilerrenamer:) conncachesub_dir loc_sub_dir local_dirrfdata local_namerfnames r2rrs--/K U0I IE*7# ?V<< < $rww||G6]'K Lv,,.J"%Y?AGGLL-8@@dKE GGDMM%( ) GGI IIaffbggll9A B$  77ell "  #sE'' F1FFc*[R"SU5nSUR5;a;[R"SUR55nXRS5S-SnSU;a[R R "U6$[U5e)Nz/|\\sysvolr%z..)rerNlowerindexrrrr )rdirsldirss r2rrst 88Hd #D4::<4::<0KK)A-./ 4ww||T"" $-r1c4UR5nUR[5 [R"USXS9nURU5 UR S5nUH5nUR (dM[XV[UR 55 M7 g)Nr)rrr) get_smb_signingset_smb_signingrr Connrrrr)rrrgpossaved_signing_staterrgpo_objs r2check_refresh_gpo_listr)sz//1 ./ ;;{H AD -.{+J$$ d8M8M(NOr1cUR5n[UVs/sHo3RPM sn5nUVs/sH oUU;dM UPM nnURU5$s snfs snfrx)rsetr:r)rr& applied_gposr current_guidsrW deleted_gposs r2get_deleted_gpos_listr/s]**,L.A./M%1O\T5ND\LO  % %l 33/OsA  A%A%cUR[RRSU55n[ [ R "U5S5$)Nrr%)rrrrrrgpo_get_sysvol_gpt_version)rrgpt_paths r2 gpo_versionr3s<}}RWW\\+t<=H s--h7: ;;r1c vURU5n[X5n[XX5n [Xy5n [ XX5 U(a"U n UR[R5 O/n U Hn U R(dMU Rn [U R5R5n[X5nXRU 5:wdMf[ R "SU -5 U R#U 5 M UR[R$5 UR'5 UH=nU"XXB5nUS:XaUR)X5 M&[+UUR(X5 M? U Hen U R(dMU Rn [U R5R5n[X5nUR=U SU-5 Mg UR?5 g! [ R "SU-5 g=f![,an[ R "S[/U5-5 [0R2"5u nn[4R6"U5Sunn n[ R "SUU[9U5R:[/U54-5 SnAGMSnAff=f)Nz0Failed downloading gpt cache from '%s' using SMBzGPO %s has changedComputerzFailed to apply extension %srz %s:%d: %s: %sz%i) rrhrr/r)rrrOr"r.rr:rrr3rrrr-rrdrop_privilegesr~rsysexc_info traceback extract_tbr,r)rjr)rrrj gp_extensionsr=targetforcerrr&del_gpos changed_gposr(rWrrrhrrUtbfilename line_numbers r2apply_gprCs@ OOH %E!%,K  B 9D$U1H{<    H$$% G((<*>r*B2*F 'Hk1a IIo;)-a)9)93q6)CC D   s* G07 HH0H  J8BJ33J8c"URU5nUR[R5 UR UR 55nUR 5 UH>nU"XXB5nUS:XaURU/5 M'[XHRU/5 M@ UR5 g![aOn [R"S[U5-5 [R"S[U 5-5 Sn A MSn A ff=f)Nr5zFailed to unapply extension %sz Message was: )rrOr"r/rrrrr6r~rrrr) rrrjr;r=r<rr>rhrs r2 unapply_gprE&s OOH %E KK  !))%*A*A*CDH KKM b1C#((26*B*B (".  LLN   II7#c(B C IIoA. /  s&!B5 B55 D?AD  Dc  [U5[:XaRUR5VVs/sH!up#SU-SU<S[X1S-5<3-PM# nnnSSR U5-$[U5[ :Xa;UVs/sHnSU-S[X1S-5--PM nnSSR U5-$[ U[R5(aSUS--[U5-$SUS--[U5-$s snnfs snf)N z[ z ] = r& z[ %s ]) r,dictr. __rsop_valsrr- isinstancenumbersNumberrr)r@levelr7r8rs r2rJrJ;s DzT JJL*(DA5yA{1Ag/FGG( *diin$$ dt GKLt!s5y8k!1W&===tLdiin$$ dGNN + +a=3t9, ,a=:d#33 3*Ms (C;=!Dc ([X5n[XaX5n[X`X5 [S5 [SU-5 [R "SS9SnUGHn U R R5S:XaM$[SU R -5 [SU-5 UGHVn U "XXB5n [R"S [[U 555n [U 5S:aU S RS 5S n OU RRS 5S n [S U -5 [S S[US- 5--5 U R!U 5R#5Hpup[SU -5 [SS[US- 5--5 [[%U5R'S55 [SS[US- 5--5 Mr [S S[US- 5--5 GMY [SSU--5 GM g)NzResultant Set of Policyz %s Policy )x2)fallbackrrzGPO: %s=z '([\w\.]+)'r.z CSE: %sz -r&z Policy Type: %sz rHz%s )rhrr)printshutilget_terminal_sizerstriprrqrr,rLrNr*rrr.rJrw)rrrjr;r=r<rr& term_widthr(rh cse_name_mcse_namesectionrs r2rrIs!%,K  B 9D;E8 #$ -& !))9=a@J    % % '> 9  i'.../ c*n Cb1CNCS NCJ:"%b>//4R8>>//4R8 +( ) $#c*Q,//0 1%(XXg%6%<%<%>!+g56fC 1 $5 567k(+22489fC 1 $5 567 &? $#c*Q,//0 1! fJ'()r1cSSKJn UR5nUbURU5 OUR 5 UR S5n[ SS9nURU5 X$4$)Nr)param gpext.confr) samba.samba3r_ get_contextload load_default state_pathrr)smb_confs3paramrext_confparsers r2parse_gpext_confrjhs[-    B  }}\*H  -F KK :r1cURS5n[SS[RR U5S9nUR U5 [R "URU5 SSS5 g!,(df  g=f)Nr`zw+F)rrr)rer rrdirnamerrr:)rrirhrs r2atomic_write_confrmusV}}\*H e9R SWX Q !&&(# T S Ss 3A66 Bc~USS:wdUSS:wd[U5S:wag[USS9 g ![a gf=f) Nr{r}&F)rT)rLr ValueError)rWs r2 check_guidrt|sL Aw#~bSCIO T1  s / <<c[RRU5(dg[U5(dg[ U5upgXR 5;aUR U5 URUSU5 URUSU5 URUSU(aSOS5 URUSU(aSOS5 [Xg5 g) NFDllNameProcessGroupPolicyNoMachinePolicy01 NoUserPolicyT) rrrrtrjsections add_sectionr+rm)rWr:rrfmachiner9rris r2register_gp_extensionrs 77>>$   d  !(+JB ??$$4  JJtY% JJt)40 JJt&wC@ JJt^DSc:b! r1cJ[U5up0nUR5Hn0X4'URUS5X4S'URUS5X4S'[URUS55(+X4S'[URUS55(+X4S'M U$)Nrvrwrx MachinePolicyr{ UserPolicy)rjr|r|r)rfrUriresultsrWs r2list_gp_extensionsrs *IAG! #)::dI#> i JJt1 2  *+FJJt%678 8  o&*-fjj~.N*O&O l#" Nr1c[U5(dg[U5up#XR5;aURU5 [ X#5 g)NFT)rtrjr|remove_sectionrm)rWrfrris r2unregister_gp_extensionrsB d  !(+JB   d#b! r1c\[R"U5 [R"U5 g)z Set current process privileges N)rsetegidseteuid)r=uidgids r2set_privilegesrs JJsOJJsOr1c\[R"5nUS:Xd [S5e[R"U5R n[R"U5R n[XU5 SnSnU"U6n[SUS5 U(aUeU$![a nUnSnAN)SnAff=f)z? Run supplied function with privileges for specified username. rz)Not enough permissions to drop privilegesNroot)rgetuidr~pwdgetpwnampw_uidpw_gidr) r=funcr current_uiduser_uiduser_gidoutexcrs r2r6r6s))+K ! CDD||H%,,H||H%,,H8x0 C CDk 6;*  J s8B B+B&&B+c[R"5n[R"5nUR[R R S55n0S[R RS5_SS_SS_SS_SS_SS_S S_S S_S URS 5_S S_SS_SURS5_S[U5_S[R RS5_SURS5_SS_SS_0S[R R U[U5R55_SS_SS_SS_SS_SS_SS_SURS 5_S!URS"5_S#URS5_S$S_S%U_S&S_S'S_S(S_S)S_S*S_ESSSSSSSSSSS+S,[[R"U55SSS-.EnUR5H3upS.U-n X;dMU c[S/U-5eUR!X5nM5 U$)0Nr AppDataDirz ~/.configBinaryComputerSid BinaryUserSidCommonAppdataDirCommonDesktopDirCommonFavoritesDirCommonProgramsDirCommonStartUpDir ComputerNamez netbios nameCurrentProccessIdCurrentThreadIdDateTimez%Y-%m-%d %H:%M:%S UTC DateTimeEx DesktopDirz ~/Desktop DomainNamer_ FavoritesDirGphPathGptPathGroupPolicyVersionLastDriveMapped LastError LastErrorTextLdapComputerSid LdapUserSid LocalTimez%H:%M:%S LocalTimeExz %H:%M:%S.%f LogonDomain LogonServer LogonUser LogonUserSid MacAddress NetPlacesDir OsVersionProgramFilesDirrMz/tmp) ProgramsDirRecentDocumentsDir ResultCode ResultTextReversedComputerSidReversedUserSid SendToDir StartMenuDir StartUpDir SystemDir SystemDriveTempDir TimeStamp TraceFile WindowsDirz%%%s%%z"Expansion variable %s is undefined)r utcnownowrrrr expanduserr|strftimerrr timestampr. NameErrorr) rdr2rr=utc_dtdtr variablesexp_varr exp_var_fmts r2expand_pref_variablesrs __ F Brww||K89J2, 2 2; ?2%t2!42%d2%d 2 ' 2 &t 2%d2!"&&"82&t2$T2foo.EF2F 2 2 2; ?2w2!$2 T!2"RWW\\**9(*C*I*I*KM#2&''2($T)2*t+2,"4-2.$T/20 122r{{:6324 ]!;526 728 92:x;2<!$=2>?2@!$A2BtC2D$TE2F"&(, $ $)-%)#"& $#!$#"8#5#5b#9:# $c2If") (  { Dw NOO<< 1D * Kr1)F)rr)NTTrx)jr7rrWr rrrrrr configparserriorr9 samba.commonrabcrrxml.etree.ElementTreer> ElementTreer samba.netr samba.dcerpcr rar r  samba.gporuuidr tempfiler r samba.ndrrsamba.credentialsrsamba.gp.util.loggingrhashlibrrLr samba.samdbr samba.authrr| samba.dsdbrrrrrrrrrsamba.securityr rr!r" ImportErrorr4robjectrarrrrr5rErhrrrrrrrrrrr)r/r3rCrErJrrjrmrtrrrrr6rr(r1r2rs$  < %"'%% 8' 2%#% LL}}!J 78H[O[O|##LVB  **::~C~CBj69=j9=x,"20 d$$4 &"2Bh(Xu$pC( P4 <3l* 4)> $=A*  @@K%s1G GG