gsi8SSKJr SSKrSSKJr SSKJr SSKJr SSK J r SSK J r SSK JrJr SSKJr SS KJrJrJrJr "S S \5r"S S \5r"SS\5r"SS\5r"SS\5r"SS\5r"SS\5r"SS\5rg)N) provision)dsdb)SamDB)system_session)security)ndr_pack ndr_unpack)_get_user_realm_domain)Command CommandError SuperCommandOptionc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S /rS rSSjrSrg )cmd_delegation_show&z*Show the delegation setting of an account.z%prog [options] sambaoptscredopts versionopts-H--URL%LDB URL for database or target serverURLHhelptypemetavardest accountnamec6URnURnSnUbU[R-(d URR SUS35 gU[R -(d URR SUS35 gSnURGH4nURnURSUS3[RS 9n [U 5S :XaU S RnS n UR[R":XdUR[R$:Xa%URR S USUS35 Sn O>UR[R&:wa UR[R(:waSn UR*[R,-nUR*[R.-nUR*[R0-nUR*[R2-nU(aU(d U(dSn OVU(a$URR SUSUS35 Sn U(a$URR SUSUS35 Sn UR4(dSn U (aGMU(aUR6R S5 S nUR6R SUS35 GM7 g![Ra.n U RupU [R :waeSn A GN&Sn A ff=f)NzISecurity Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentityzWarning: DACL not present in z! zWarning: DACL in z lacks SELF_RELATIVE flag! Tz)scoperFzWarning: ACE in z denies access for trustee zWarning: ACE for trustee z. has unexpected CONTAINER_INHERIT flag set in z* has unexpected INHERITED_ACE flag set in z0 Principals that may delegate to this account: z*msDS-AllowedToActOnBehalfOfOtherIdentity:  )daclrrSEC_DESC_DACL_PRESENTerrfwriteSEC_DESC_SELF_RELATIVEacestrusteesearchldb SCOPE_BASElendnLdbErrorargsERR_NO_SUCH_OBJECTSEC_ACE_TYPE_ACCESS_DENIED!SEC_ACE_TYPE_ACCESS_DENIED_OBJECTSEC_ACE_TYPE_ACCESS_ALLOWED"SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECTflagsSEC_ACE_FLAG_INHERIT_ONLYSEC_ACE_FLAG_OBJECT_INHERITSEC_ACE_FLAG_CONTAINER_INHERITSEC_ACE_FLAG_INHERITED_ACE access_maskoutf)selfsamsecurity_descriptorr& desc_type warning_infofirstacer,reserrnum_ignore inherit_onlyobject_inheritcontainer_inherit inherited_aces 9/usr/lib/python3/dist-packages/samba/netcmd/delegation.pyshow_security_descriptor,cmd_delegation_show.show_security_descriptor8s"''',, C  M N 8::: IIOO/ ~>45 6 99CkkG (jj5 !3'*~~!7s8q=!!fiiGFH???xx8#M#MM "2<.A66=Yc!CD((hBBBH$O$OO99x'I'IIL YY)M)MMN HCCC II(K(KKMN;L$IIOO&?yIP'3nC%9:"F IIOO&?yIL'3nC%9:"F??6IIOO%12!E "L#*)2!/0{<< #0001 s-"KL*#LLNcUR5nURU5nUc2[R"XfR S55nUR n OUn [ U [5XvS9n [UU 5upn U RS[R"U 5-[R/SQS9n[U5S:Xa[SU-5e[U5S:wa [S 5e[USR S 5S5nUSR S 5nUSR S SS 9nUR R#S[%USR&5-5 UR R#S[)U[*R,-5-5 UR R#S[)U[*R.-5-5 U(aBUR R#S5 UH!nUR R#SU-5 M# Ub.[1[2R4U5nUR7U U5 gg![8a UR:R#S5 gf=f)Nrealm session_info credentialslpsAMAccountName=%s)userAccountControlmsDS-AllowedToDelegateTo(msDS-AllowedToActOnBehalfOfOtherIdentity expressionr#attrsr Unable to find account name '%s'r$Found multiple accounts.rZr[r\idxzAccount-DN: %s zUF_TRUSTED_FOR_DELEGATION: %s z.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION: %s z) Services this account may delegate to: zmsDS-AllowedToDelegateTo: %s znWarning: Security Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity could not be unmarshalled! ) get_loadparmget_credentialsrprovision_paths_from_lpgetsamdbrrr r-r. binary_encode SCOPE_SUBTREEr0r intr?r)strr1boolrUF_TRUSTED_FOR_DELEGATION)UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATIONr r descriptorrQ RuntimeErrorr()r@r rrrrrXcredspathspathrAcleanedaccountrTdomainrGuacallowed allowed_fromarBs rPruncmd_delegation_show.runsA  # # %((, 955b&&/JE;;DDD~'7 %.+AAD+F'jj$7**>:%;"00 LM s8q=AKOP P X]9: :#a&**12156a&**781vzz"LRSzT  *SQ^;< 9sT%C%CCDE F IS4#Q#QQRS T  IIOOH I  @1 DE  # H&01D1Dl&S# --c3FG $  @ !?@ @s"I%I87I8NNNN)__name__ __module__ __qualname____firstlineno____doc__synopsisoptions SambaOptionsCredentialsOptionsVersionOptionstakes_optiongroupsrrl takes_options takes_argsrQr{__static_attributes__r}rPrr&se4.H))..-- tW#JQT3 (M  JP0d1Hrrc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S S /rSSjrSrg )cmd_delegation_for_any_servicez3Set/unset UF_TRUSTED_FOR_DELEGATION for an account.(%prog [(on|off)] [options]rrrrrrrr onoffNcUS:XaSnOUS:XaSnO[SU-5eUR5nURU5n [R"XR S55n Uc U R n OUn [U [5XS9n [UU 5upnS[R"U 5-n[RnU RUUS USS 9 g![an[U5eSnAff=f) NonToffF0invalid argument: '%s' (choose from 'on', 'off')rTrUrYzTrusted-for-Delegation flags_strrstrict)r rdrerrfrgrhrrr r.rirrntoggle_userAccountFlags Exceptionr@r rrrrrrrXrrrsrtrArurTrv search_filterflagrHs rPr{"cmd_delegation_for_any_service.runs D=B e^BQTYYZ Z  # # %((,11"ffWoF 9;;DDD~'7 %.+AAD+F',c.?.?.OO -- $  ' ' t2J+-d ( < $s# # $sC C3# C..C3r}r~rrrrrrrrrrrrrlrrr{rr}rrPrrsf=9H))..-- tW#JQT3 (M  )JGK $rrc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S S /rSSjrSrg )cmd_delegation_for_any_protocolzOSet/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) for an account.rrrrrrrrr rNcSnUS:XaSnOUS:XaSnO[SU-5eUR5nURUSS9n [R"XR S55n Uc U R n OUn [U [5XS9n [UU 5upnS [R"U 5-n[RnU RUUS USS 9 g![an[U5eSnAff=f) NFrTrr)fallback_machinerTrUrYz&Trusted-to-Authenticate-for-Delegationr)r rdrerrfrgrhrrr r.rirrorrrs rPr{#cmd_delegation_for_any_protocol.runs D=B e^BQTYYZ Z  # # %((d(C11"ffWoF 9;;DDD~'7 %.+AAD+F',c.?.?.OO == $  ' ' t2Z+-d ( < $s# # $sC C4$ C//C4r}r~rr}rrPrrsfY9H))..-- tW#JQT3 (M  )JGK!$rrc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S S /rSSjrSrg )cmd_delegation_add_servicei)zZAdd a service principal to msDS-AllowedToDelegateTo so that an account may delegate to it.)%prog [options]rrrrrrrr principalNcUR5nURU5n[R"XwR S55n Uc U R n OUn [ U [5XS9n [UU 5upnU RS[R"U 5-[RS/S9n[U5S:Xa[SU-5e[U5S:wa [S 5e[R"5nUSR Ul[R""U/[R$S5US'U R'U5 g![(an[U5eSnAff=f NrTrUrYr[r]rr`r$ra)rdrerrfrgrhrrr r-r.rirjr0r Messager1MessageElement FLAG_MOD_ADDmodifyrr@r rrrrrrXrrrsrtrArurTrvrGmsgrHs rPr{cmd_delegation_add_service.run;sT # # %((,11"ffWoF 9;;DDD~'7 %.+AAD+F'jj$7**>:%;"00 :;= s8q=AKOP P X]9: :kkmQ*-*<*:%;"00 :;= s8q=AKOP P X]9: :kkmQ*-*<*# UHoRT:Hv M g7f)N)r,).0rF princ_sids rP 3cmd_delegation_add_principal.run..s84C{{i'4szACE for principal 'zl' already present in Security Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account ''.01RRefused to update attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account ':': a conflicting attribute update occurred simultaneously.)4rdrerrfrgrhrrr r-r.rirjr0r rdom_sidSID_BUILTIN_ADMINISTRATORSrp SD_REVISIONrevisionr'r*r owner_sidr rqr&aclSECURITY_ACL_REVISION_ADSnum_acesschema_format_valuedecoder+anyrFr7r9SEC_ADS_GENERIC_ALLr>r,appendrrr1rrrrr2r3ERR_NO_SUCH_ATTRIBUTE)r@r rrrrrrXrrrsrtrArurJ account_resdatar security_descr& cleanedprinc princ_resr+rFnew_datarrHrIrs @rPr{ cmd_delegation_add_principal.runs3 # # %((,11"ffWoF 9;;DDD~'7 %. 6kG1jj*   n -.##=> !@ { q !>{m1MN N   "9: :1~!! 6A"? < (()L)LMI$//1M%-%9%9M ""*"@"@"*"A"A#BM &/M #D 5 *8+>+> E !%%D <<<>D$>>DMDM4IC aJJ*="00>+?%(%6%6&1]4  y>Q !@ 1MN N ^q 9: :$$  # #!   ! 4 66-@3$455 5P|| (XXFCc///"#}%/011 #3'' (s$O3!P3P Q&$=Q!!Q&r}r~rr}rrPrrsff:H))..-- tW#JS 2M  -JKO|(rrc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S S /rSSjrSrg )cmd_delegation_del_principali*zkDelete a principal from msDS-AllowedToActOnBehalfOfOtherIdentity that may no longer delegate to an account.rrrrrrrrr rNc .UR5nURU5n[R"XwR S55n Uc U R n OUn [ U [5XS9n [X5un n U RS[R"U 5-[RS/S9n[U5S:Xa[SU-5e[U5S:wa [S 5eUSR SSS 9nUc[S US 35e[[ R"U5nUR&nUc[SUS35e[X+5un n U RS[R"U5-[RS/S9n[U5S:Xa[SUS35e[U5S:wa [S 5e[ R("U R+SUSR SSS 95R-S55nUR.nUVs/sHnUR0U:wdMUPM nn[U5[U5:Xa[SUSUS35e[U5UlUUlUUl[5U5n[R6"5nUSR8Ul[R:"U[R<S5US'[R:"U[R>S5US'U RAU5 g![$a [S US35ef=fs snf![RBaBnURDunn U[RF:Xa[SUS35e[U5eSnAff=f)NrTrUrYr\r]rr`r$rarbz@Attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'z' not present!rrzkDACL not present on Security Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'z'!rrrrrz"Unable to find ACE for principal 'z\' in Security Descriptor of attribute msDS-AllowedToActOnBehalfOfOtherIdentity for account 'rrrrr)$rdrerrfrgrhrrr r-r.rirjr0r r rrprqr&rrrr+r,rrrr1rrrrr2r3r)r@r rrrrrrXrrrsrtrArurJrrrr&rrrold_acesrFr+rrrHrIs rPr{ cmd_delegation_del_principal.run<s # # %((,11"ffWoF 9;;DDD~'7 %. 6kG1jj*   n -.##=> !@ { q AKOP P   "9: :1~!! 6A"? <"++6-~ GH H 1&x':':DAM!! <"+,7-r ;< <4IC aJJ*="00>+?%(%6%6&1]4  y>Q !@ 1MN N ^q 9: :$$  # #!   ! 4 66L6>N=NNr}r~rr}rrPrr*sfu:H))..-- tW#JS 2M  -JKOm(rrc\rSrSrSr0r\"5\S'\"5\S'\"5\S'\ "5\S'\ "5\S'\ "5\S'\ "5\S 'S r g ) cmd_delegationizDelegation management.showzfor-any-servicezfor-any-protocolz add-servicez del-servicez add-principalz del-principalr}N)rrrrr subcommandsrrrrrrrrr}rrPrrsg K-/K%C%EK!"&E&GK"#!;!=K !;!=K #?#AK #?#AK rr) samba.getoptgetoptrr.sambarr samba.samdbr samba.authr samba.dcerpcr samba.ndrrr samba.netcmd.commonr samba.netcmdr r r rrrrrrrrrr}rrPrs* %!*6UH'UHp2$W2$j3$g3$l5$5$p5$5$pN(7N(b(7(D B\ Br