Id9ddlZddlmZddlmZddlmZmZddl m Z m Z m Z m Z ddlmZmZmZddlmZddlmZGdd e ZGd d e ZGd d e Zy)N)system_session)DOMAIN_PASSWORD_COMPLEXDOMAIN_PASSWORD_STORE_CLEARTEXT)Command CommandErrorOption SuperCommand)NEVER_TIMESTAMPtimestamp_to_daystimestamp_to_mins)cmd_domain_passwordsettings_pso)SamDBceZdZdZdZej ejejdZ e ddde dd gZ d d Z y ) cmd_domain_passwordsettings_showz1Display current password settings for the domain.z%prog [options] sambaopts versionoptscredopts-H--URL%LDB URL for database or target serverURLHhelptypemetavardestNc|j}|j|}t|t||}|j }|j |t jgd} t| dk(sJ t| ddd} t| ddd} t| ddd} t| dd d} t| dd d}t| dd d}t| dd d}t| dd d}|jd|z|jd| tzdk7r|jdn|jd| t zdk7r|jdn|jd|jd| z|jd| z|jd| z|jd|z|jd|z|jd|z|jd|zy#t$r}td|d}~wwxYw)Nurl session_info credentialslp) pwdPropertiespwdHistoryLength minPwdLength minPwdAge maxPwdAgelockoutDurationlockoutThresholdlockOutObservationWindow)scopeattrsrr%r&r'r(r)r+r*r,z'Could not retrieve password properties!z$Password information for domain '%s'zPassword complexity: onzPassword complexity: offzStore plaintext passwords: onzStore plaintext passwords: offzPassword history length: %dzMinimum password length: %dzMinimum password age (days): %dzMaximum password age (days): %dz#Account lockout duration (mins): %dz(Account lockout threshold (attempts): %dz&Reset account lockout after (mins): %d) get_loadparmget_credentialsrr domain_dnsearchldb SCOPE_BASElenintr r Exceptionrmessagerr)selfrrrrr$credssamdbr3res pwd_props pwd_hist_lencur_min_pwd_lencur_min_pwd_agecur_max_pwd_agecur_account_lockout_thresholdcur_account_lockout_durationcur_reset_account_lockout_afteres F/usr/lib/python3/dist-packages/samba/netcmd/domain/passwordsettings.pyrunz$cmd_domain_passwordsettings_show.run5sZ  # # %((,!.*:"'B0OO% ll9CNN">?3x1}} MCF?3A67Is1v&89!<=L!#a&"8";B H.. I7 II)NNNN__name__ __module__ __qualname____doc__synopsisoptions SambaOptionsVersionOptionsCredentialsOptionstakes_optiongroupsrstr takes_optionsrIrHrr%sU; H))--.. tW#JQT3 ( M -arXrcbeZdZdZdZej ejejdZ e ddde dd e d d d d e ddgdde ddgdde dde e dde e dde e dde e dd e e d!d"e e d#d$e g Z d'd&Z y%)(cmd_domain_passwordsettings_seta Set password settings. Password complexity, password lockout policy, history length, minimum password length, the minimum and maximum password age) on a Samba AD DC server. Use against a Windows DC is possible, but group policy will override it. z%prog [options]rrrrrrrz-qz--quietzBe quiet store_true)ractionz --complexitychoice)onoffdefaultz=The password complexity (on | off | default). Default is 'on')rchoicesrz--store-plaintextzStore plaintext passwords where account have 'store passwords with reversible encryption' set (on | off | default). Default is 'off'z--history-lengthzBThe password history length ( | default). Default is 24.)rrz--min-pwd-lengthzAThe minimum password length ( | default). Default is 7.z --min-pwd-agezFThe minimum password age ( | default). Default is 1.z --max-pwd-agezGThe maximum password age ( | default). Default is 43.z--account-lockout-durationzThe length of time an account is locked out after exceeding the limit on bad password attempts ( | default). Default is 30 mins.z--account-lockout-thresholdzThe number of bad password attempts allowed before locking out the account ( | default). Default is 0 (never lock out).z--reset-account-lockout-afterzuAfter this time is elapsed, the recorded number of attempts restarts from zero ( | default). Default is 30.Nc | j}| j|}t|t||}|j }g}t j }t j|||_t|j}|j}|j}|E|dk(s|dk(r|tz}|jdn |dk(r|tz}|jd|E|dk(s|dk(r|tz}|jdn |dk(r|tz}|jd||1t j t#|t j$d |d <|j|dk(rd }n t|}|d ks|d kDr t'd t j t#|t j$d |d <|jd|j|dk(rd}n t|}|d ks|dkDr t'dt j t#|t j$d|d<|jd|y|dk(rd}n t|}|d ks|dkDr t'dt|dz }t j t#|t j$d|d<|jd||dk(rd}n t|}|d ks|dkDr t'd|d k(rt(}nt|dz }t j t#|t j$d|d<|jd| | dk(rd} n t| } | d ks| d kDr t'd!| d k(rt(}nt| d"z }t j t#|t j$d#|d#<|jd$| U| dk(rd } n t| } t j t#| t j$d%|d%<|jd&| | dk(rd} n t| } | d ks| d kDr t'd'| d k(rt(}nt| d"z }t j t#|t j$d(|d(<|jd)|s|r0t+|}t+|}|d k7r||k\rt'd*||fzt-|d k(r t'd+|j/||jd,|j1d-j3|y).Nr r^r`zPassword complexity activated!r_z Password complexity deactivated!z;Plaintext password storage for changed passwords activated!z=Plaintext password storage for changed passwords deactivated!r%rz8Password history length must be in the range of 0 to 24!r&z Password history length changed!z8Minimum password length must be in the range of 0 to 14!r'z Minimum password length changed!r/iz6Minimum password age must be in the range of 0 to 998!g8M%iBr(zMinimum password age changed!+iz6Maximum password age must be in the range of 0 to 999!r)zMaximum password age changed!iz?  &$&/Y*F%(GG  YZ E)%*I)IJ  [\  !_%@!$!3!3C N474H4H/"[Ao   %*! ">2 a<"#4"#]^^$'$6$6s<7H7:7K7KM_%aA ! KK: ;  %* !.1 Q+"2"#]^^ # 2 23{3C363G3G!YAn  KK: ;  "i' !+. Q+"3"#[\\"%[4F%G!H H  //4E0F030D0DkSAkN KK7 8  "i' !+. Q+"3"#[\\a$3!%(8J)K%L$L! //4E0F030D0DkSAkN KK7 8 # /'94+-(+./G+H('!+/G%/O"$IJJ(1,1@.256NRZ6[2\1\.##5c:X6Y696J6JL]$_A KK; < $ 0(I5,-),/0I,J)$'$6$6s;T7U7:7K7KM_%aA ! KK< = & 2*i7.0+.12M.N+*Q.2MPU2U"#]^^+a/4C1589TX`9a5b4b1,/,>,>sCd?e?B?S?SUo-qA( ) KKJ K +,,=>K+,=>KaK;$>"#nr}@KrL$LMM q6Q;XY Y Q 78 TYYt_%rX)NNNFNNNNNNNNNNrJrWrXrHrZrZes3+H))--.. tW#JQT3 (tYZ E~H6NS U";S[ \!X_b d!W^a c\cf h]dg i+ips t,X_b c.LSV W)M09=OSZ^GK d&rXrZcPeZdZdZiZeed<eed<eed<y)cmd_domain_passwordsettingsz Manage password policy settings.psoshowsetN)rKrLrMrN subcommandsr rrZrWrXrHrr6s1*K8:K:rsV2 %@DD44<=aw=a@N&gN&b;,;rX