IdddlZddlmZddlZddlmZddlZddlmZm Z m Z m Z ddl m Z ddlmZmZmZmZmZddlmZddlmZmZmZmZddlmZdd lmZGd d ej>Z Gd d eZ!Gdde!Z"Gdde!Z#Gdde!Z$Gdde!Z%Gdde!Z&Gdde!Z'Gdde!Z(GddeZ)y)N)getpass) NTSTATUSErrorntstatusstring_to_byte_arraywerror)system_session)drsblobslsanbtnetlogonsecurity)Net)Command CommandErrorOption SuperCommand)SamDB)CreateTrustedDomainRelaxceZdZdZy)LocalDCCredentialsOptionscHtjj||dy)Nzlocal-dc) special_name)optionsCredentialsOptions__init__)selfparsers ;/usr/lib/python3/dist-packages/samba/netcmd/domain/trust.pyrz"LocalDCCredentialsOptions.__init__)s""++D&z+RN__name__ __module__ __qualname__rrrrr(sSrrceZdZdZdZdZdZGddeZGddeZ Gd d eZ d Z d Z d Z dZ d#dZdZdZdZdZdZdZdZdZdZd$dZd$dZdZdZdZdZdZd Z d%d"Z!y!)&DomainTrustCommandList domain trusts.ctj|d|_d|_d|_d|_d|_d|_d|_yN) rrlocal_lp local_serverlocal_binding_string local_creds remote_serverremote_binding_string remote_credsrs rrzDomainTrustCommand.__init__0sG  $(!!%)" rc@tj|jSr))ctypesc_uint32value)rvs r_uint32zDomainTrustCommand._uint32<sq!'''rcR|y|j|jd}||k(ryy)NFrT)r7args)rruntimevalerr32s rcheck_runtime_errorz&DomainTrustCommand.check_runtime_error?s- ? W\\!_- C<rceZdZdZy)$DomainTrustCommand.LocalRuntimeErrorc|j|jd}|jd}d|j|||fz}tj||y)Nrz%LOCAL_DC[%s]: %s - ERROR(0x%08X) - %s)r7r9r+rrexception_selfrr:messager<errstrmsgs rrz-DomainTrustCommand.LocalRuntimeError.__init__JsSLLa1E\\!_F9##WeV===C  ! !.# 6rNr r$rrLocalRuntimeErrorr?I 7rrGceZdZdZy)%DomainTrustCommand.RemoteRuntimeErrorc|j|jd}|jd}d|j|||fz}tj||y)NrrAz&REMOTE_DC[%s]: %s - ERROR(0x%08X) - %s)r7r9r.rrrBs rrz.DomainTrustCommand.RemoteRuntimeError.__init__RsSLLa1E\\!_F:$$guf>>>C  ! !.# 6rNr r$rrRemoteRuntimeErrorrJQrHrrLceZdZdZy) DomainTrustCommand.LocalLdbErrorc|jd}|jd}d|j|||fz}tj||y)NrrAz!LOCAL_DC[%s]: %s - ERROR(%d) - %s)r9r+rr)rCr ldb_errorrDerrvalrErFs rrz)DomainTrustCommand.LocalLdbError.__init__ZsL^^A&F^^A&F5##Wff9>>C  ! !.# 6rNr r$rr LocalLdbErrorrNYrHrrRc|j |jS|j}|j}|B|j}|dk7rt d|z|j d}d}d}|dz }d}d} nd}d}d|z}|j |} ||_||_|d |d |d |_||_ | |_ |jS) NROLE_ACTIVE_DIRECTORY_DCzInvalid server_role %sz netbios namencalrpcz,auth_type=ncalrpc_as_systemncacn_npz ldap://%s:[]) r+ get_loadparm ipaddress server_rolergetget_credentialsr*r,local_ldap_urlr-) r sambaopts localdcoptslpr+r]local_transportlocal_binding_optionsr`r-s rsetup_local_serverz%DomainTrustCommand.setup_local_serveras    ($$ $  # # %",,  ..*K88"#;{#KLL66.1L'O$& ! !%C C !!NK(O$& !(<7N%55b9K (3BLRg$h!,&   rcltj|j|j|jSr))r lsarpcr,r*r-r1s rnew_local_lsa_connectionz+DomainTrustCommand.new_local_lsa_connections%zz$33T]]DDTDTUUrcltj|j|j|jSr))r r,r*r-r1s rnew_local_netlogon_connectionz0DomainTrustCommand.new_local_netlogon_connections'  !:!:DMM4K[K[\\rclt|jt|j|jS)N)url session_info credentialsrc)rr`rr-r*r1s rnew_local_ldap_connectionz,DomainTrustCommand.new_local_ldap_connections-,,"0"2!%!1!1 ' 'rc |r|sJ|j |jSd|z|_|jJ|j|j}|j}d} t ||j|}t jt jz} |r| t jz} |r| t jz} |j| ||} it jd t j d t jd t jd t j"d t j$dt j&dt jdt j(dt j*dt j,dt j.dt j0dt j2dt j4dt j6dt j8dt j:dt j<di} |j?| | j@d} |jBjEd| jFd| jHd | d!| jH|_d"|jd#|d$|_%||_&|jS#t$r#} td|d| jdd} ~ wt$rtd|zwxYw)%Nz__unknown__remote_server__.%srV)server)flagsdomainaddressz*Failed to find a writeable DC for domain 'z': rAz-Failed to find a writeable DC for domain '%s'PDCGCLDAPDSKDCTIMESERVCLOSESTWRITABLE GOOD_TIMESERVNDNCSELECT_SECRET_DOMAIN_6FULL_SECRET_DOMAIN_6ADS_WEB_SERVICEDS_8DS_9DS_10 HAS_DNS_NAME IS_DEFAULT_NC FOREST_ROOTT names_onlyzRemoteDC Netbios[] DNS[z ] ServerType[] z ncacn_np:rYrZ)'r.r+r_r*r\rr NBT_SERVER_LDAP NBT_SERVER_DSNBT_SERVER_WRITABLENBT_SERVER_PDCfinddcrrr9 Exception NBT_SERVER_GCNBT_SERVER_KDCNBT_SERVER_TIMESERVNBT_SERVER_CLOSESTNBT_SERVER_GOOD_TIMESERVNBT_SERVER_NDNC!NBT_SERVER_SELECT_SECRET_DOMAIN_6NBT_SERVER_FULL_SECRET_DOMAIN_6NBT_SERVER_ADS_WEB_SERVICENBT_SERVER_DS_8NBT_SERVER_DS_9NBT_SERVER_DS_10NBT_SERVER_HAS_DNS_NAMENBT_SERVER_IS_DEFAULT_NCNBT_SERVER_FOREST_ROOTgeneric_bitmap_to_string server_typeoutfwritepdc_name pdc_dns_namer/r0)rcredoptsrt require_pdcrequire_writabler0r.remote_binding_options remote_net remote_flags remote_infoerrorflag_mapserver_type_strings rsetup_remote_serverz&DomainTrustCommand.setup_remote_servers # ##    )%% %  ** !# Y\4==OJ..1B1BBL 7 77  2 22 $++,vWd+eK       t        t       # #Z    " "I   # #Z   ( (/       1 13K   / /1G   * *,=          '! "  ' '# $  ( (/  & & ' *"::8;F;R;R_c;e #,,#00*, - )55:>:L:LNd%e"(!!!I 8 & 1  78 8 YNQWWX X Ys!A7J00 K29KK2cltj|j|j|jSr))r rhr/r*r0r1s rnew_remote_lsa_connectionz,DomainTrustCommand.new_remote_lsa_connections%zz$44dmmTEVEVWWrcltj|j|j|jSr))r r/r*r0r1s rnew_remote_netlogon_connectionz1DomainTrustCommand.new_remote_netlogon_connections'  !;!;T]]DL]L]^^rctj}tj|_|j dj d||}|j |tj}||fS)Nrzutf-8)r ObjectAttributeQosInfosec_qos OpenPolicy2decodeQueryInfoPolicy2LSA_POLICY_INFO_DNS)rconn policy_access objectAttrpolicyinfos r get_lsa_infozDomainTrustCommand.get_lsa_infosb((*  [[] !!#**W"5",m=$$VS-D-DE~rc  |j|dddddtj}|jS#t$r|j ||cYSwxYwNr)netr_DsRGetDCNameEx2r DS_RETURN_DNS_NAMEdc_unc RuntimeErrornetr_GetDcName)rrrrrtrs rget_netlogon_dc_uncz&DomainTrustCommand.get_netlogon_dc_uncs\ 7,,V-11dD$-5-H-HJD;;  7&&vv6 6 7s03AAc P|j|dddddtj}|Sr)rr r)rrrrrs rget_netlogon_dc_infoz'DomainTrustCommand.get_netlogon_dc_infos0(()-q$d)1)D)DF rcl|jtjk(r |jS|jSr)) trust_typer LSA_TRUST_TYPE_DOWNLEVEL netbios_namedns_namerts rnetr_DomainTrust_to_namez+DomainTrustCommand.netr_DomainTrust_to_names( <<377 7>> !zzrcd}d}|D]O}|jtjzs!|}|jtjzs||j}n|jtj zr8||ury|jtjzry||j}||uryy|j tjzryy)NParentTreeRootChildShortcutForestExternal) trust_flagsr NETR_TRUST_FLAG_PRIMARYNETR_TRUST_FLAG_TREEROOT parent_indexNETR_TRUST_FLAG_IN_FORESTtrust_attributesr %LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)rarprimaryprimary_parent_tparents rnetr_DomainTrust_to_typez+DomainTrustCommand.netr_DomainTrust_to_types B~~ @ @@~~(I(II%&r%7N   ==8== =N"}}x@@@!q~~&F    I I Irc|jtjzry|jtj zry|jtj zryy)NYesNo)rr rrr "LSA_TRUST_ATTRIBUTE_NON_TRANSITIVErrs rnetr_DomainTrust_to_transitivez1DomainTrustCommand.netr_DomainTrust_to_transitivesH ==8== =   F F F   I I Irc|jtjzr|jtjzry|jtjzry|jtjzryy)NBOTHINCOMINGOUTGOINGINVALID)rr NETR_TRUST_FLAG_INBOUNDNETR_TRUST_FLAG_OUTBOUNDrs rnetr_DomainTrust_to_directionz0DomainTrustCommand.netr_DomainTrust_to_directionsV ==8;; ; ==8<< < ==8;; ; ==8<< <rcj ||}d||fz}|S#t$r|j|}d|z}Y*wxYw)Nz__unknown__%08X__ 0x%x (%s))KeyErrorr7)re_dictr6rwv32rs rgeneric_enum_to_stringz)DomainTrustCommand.generic_enum_to_string)sM *q A 1a&   *,,q/C#c)A *s 22cg}|}t|jD]}||zs ||z}|||gz }|dk7r|j|}|d|zgz }dj|}|r|Sd||fz} | S)Nrz__unknown_%08X__,r)sortedkeysr7join) rb_dictr6rscbc32rrs rrz+DomainTrustCommand.generic_bitmap_to_string3s   & AE !GA &) A   6,,q/C $s*+ +A HHQK H 1a& rctjdtjdtjdtjdi}|j ||S)N DOWNLEVELUPLEVELMITDCE)r rLSA_TRUST_TYPE_UPLEVELLSA_TRUST_TYPE_MITLSA_TRUST_TYPE_DCEr)rr6typess rtrustType_stringz#DomainTrustCommand.trustType_stringHsJ  ( (+  & &  " "E  " "E   **5!44rctjtjzdtjdtjdi}|j||S)NrINBOUNDOUTBOUND)r LSA_TRUST_DIRECTION_INBOUNDLSA_TRUST_DIRECTION_OUTBOUNDr)rr6 directionss rtrustDirection_stringz(DomainTrustCommand.trustDirection_stringQsN  + +  , , -.4  + +Y  , ,j  **:q99rc*tjdtjdtjdtjdtj dtj dtjdtjdi}|j||S) NNON_TRANSITIVE UPLEVEL_ONLYQUARANTINED_DOMAINFOREST_TRANSITIVECROSS_ORGANIZATION WITHIN_FORESTTREAT_AS_EXTERNALUSES_RC4_ENCRYPTION) r r LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY&LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAINr&LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION!LSA_TRUST_ATTRIBUTE_WITHIN_FOREST%LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL'LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTIONr)rr6 attributess rtrustAttributes_stringz)DomainTrustCommand.trustAttributes_stringZs|  2 24D  0 0.  6 68L  5 57J  6 68L  1 1?  5 57J  7 79N  ,,Z;;rcjtjdtjdtjdtjdtj dtj dtjdtjdtjd tjd i }|j||S) N DES_CBC_CRC DES_CBC_MD5 RC4_HMAC_MD5AES128_CTS_HMAC_SHA1_96AES256_CTS_HMAC_SHA1_96zAES256_CTS_HMAC_SHA1_96-SKFAST_SUPPORTEDCOMPOUND_IDENTITY_SUPPORTEDCLAIMS_SUPPORTED!RESOURCE_SID_COMPRESSION_DISABLED) r KERB_ENCTYPE_DES_CBC_CRCKERB_ENCTYPE_DES_CBC_MD5KERB_ENCTYPE_RC4_HMAC_MD5$KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96$KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96'KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SKKERB_ENCTYPE_FAST_SUPPORTED(KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTEDKERB_ENCTYPE_CLAIMS_SUPPORTED.KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLEDr)rr6enctypess rkerb_EncTypes_stringz'DomainTrustCommand.kerb_EncTypes_stringgs  - -}  - -}  . .  9 9;T  9 9;T  < <>Z  0 02B  = =?\  2 24F  C CEh  ,,Xq99rc|dk(rytjdtjdtjdi}d|j ||dzS) NrStatus[Enabled]z Disabled-NewDisabledzDisabled-Conflicting Status[%s]Tr)r LSA_TLN_DISABLED_NEWLSA_TLN_DISABLED_ADMINLSA_TLN_DISABLED_CONFLICTrre_flagsrss rentry_tln_statusz#DomainTrustCommand.entry_tln_statusvsW a<$  $ $n  & &  ) )+A  d;;E7W[;\\\rc|dk(rytjdtjdtjdtjdi}d|j ||d zS) NrrCz Disabled-SIDzDisabled-SID-Conflictingz Disabled-NBzDisabled-NB-ConflictingrETr)r LSA_SID_DISABLED_ADMINLSA_SID_DISABLED_CONFLICTLSA_NB_DISABLED_ADMINLSA_NB_DISABLED_CONFLICTrrIs rentry_dom_statusz#DomainTrustCommand.entry_dom_statussc a<$  & &  ) )+E  % %}  ( (*C   d;;E7W[;\\\rNc|d|z}nd}|jjdt|j|fzt |jD]\}}|j }d}|F|jD]7} | j |k7r| j }d| jjz}9|j} |jtjk(r@|jjd|j|dd| jd|d |jtjk(r/|jjd dd d| jd |jtjk(s1|jjd |j!|dd| j"jd| j$jd| j&d|d y)Nz TDO[%s]rVzNamespaces[%d]%s: z Collision[%s]TLN: 32 DNS[*.rZ zTLN_EX: 29rzDOM: z DNS[z ] Netbios[] SID[)rrlenentries enumeratersindexnamestringforest_trust_datatyper LSA_FOREST_TRUST_TOP_LEVEL_NAMErK"LSA_FOREST_TRUST_TOP_LEVEL_NAME_EXLSA_FOREST_TRUST_DOMAIN_INFOrQdns_domain_namenetbios_domain_name domain_sid) rftitln collisions tln_stringierscollision_stringrds rwrite_forest_trust_infoz*DomainTrustCommand.write_forest_trust_infos ?#c)JJ -CKK(*166 7ckk* ADAqGGE! %#++JAww!| GGE'7166=='I$ J ##Avv<<<  $ 5 5e < !*:!<=3AAA  "AHH!./3;;;  $ 5 5e < ! 1 1 8 8 ! 5 5 < < ! .> !@A+ A4 r)TT)F)NN)"r!r"r#__doc__rr7r=rrGrLrRrfrirkrprrrrrrrrrrrrrrr+rArKrQror$rrr&r&-s !(7L77\77 7!>V]')--1@"DX_ 7  8  *5: < : ] ]#rr&cTeZdZdZdZej ejedZ gZ ddZ y)cmd_domain_trust_listr'z%prog [options]ra versionoptsrbNc |j||} |j} |j |t j t jzt jz}|j}|D]} | jt jzr!|j j#d|j%|| zddd|j'| zddd |j)| zd dd |j+| zd y#t$r}|j||dd}~wwxYw#t$rF}|j|tjrtd|z|j||dd}~wwxYw) N!failed to connect netlogon serverz:LOCAL_DC[%s]: netr_DsrEnumerateDomainTrusts not supported.z$netr_DsrEnumerateDomainTrusts failedzType[%s]14 zTransitive[%s]15z Direction[%s]19zName[%s]rV)rfrkrrGnetr_DsrEnumerateDomainTrustsr rrrr=rWERR_RPC_S_PROCNUM_OUT_OF_RANGErarrayrrrrrrrr) rrartrbr+local_netlogonrlocal_netlogon_trustsrrs rrunzcmd_domain_trust_list.runs..y+F  [!??AN ^<<\=E=_=_=E=^=^>_=E=]=]>^_ " " ' ' LA}}x??? IIOO&)F)Fq!)LL,t/R/RST/UU+d.P.PQR.SS&)F)Fq)II K L L 3 [((u6YZ Z [ ^''v/U/UV"#_#/$122((u6\] ]  ^s0D AD0 D-D((D-0 E?9AE::E?NNN) r!r"r#rpsynopsisr SambaOptionsVersionOptionsrtakes_optiongroups takes_optionsrr$rrrrrrs5 H))--0 MrrrcZeZdZdZdZej ejedZ gZ dgZ ddZ y)cmd_domain_trust_showShow trusted domain details.%prog NAME [options]rsrtNc  |j|| |j} tj }|j ||\}} |jjd| jjd| jjd| jdt j} || _ |j|| tj} | j } | j"} |j|| tj.} d}| j8tj:zr!|j=|| tj>}|jjd |jjd | jJjz| jJj| jLjk7r2|jjd| jLjz|jjd| jz|jjd|jO| jPz|jjd|jS| jTz|jjd|jW| j8ztYjZ| j"j\}tYj^| j"j\}|jjd||fz|jjd|ja|j6z| j8tj:zr'|jc|| jLjy#t$r}|j||dd}~wwxYw#t$r}|j||dd}~wwxYw#t$$rF}|j'|t(j*rt-d|z|j||dd}~wwxYw#t$$r}|j'|t(j0rd}|j'|t(j2rd}||j||d t j4}d |_Yd}~d}~wwxYw#t$r}|j'|t(j@rd}|j'|t(jBrd}||j||d t jD}d |_#g|_$Yd}~d}~wwxYw)Nfailed to connect lsa server#failed to query LSA_POLICY_INFO_DNSLocalDomain Netbios[rrXr4trusted domain object does not exist for domain [%s]z.QueryTrustedDomainInfoByName(FULL_INFO) failed?QueryTrustedDomainInfoByName(SUPPORTED_ENCRYPTION_TYPES) failedrz&lsaRQueryForestTrustInformation failedzTrustedDomain: zNetbiosName: %s zDnsName: %s zSID: %s zType: %s zDirection: %s zAttributes: %s zPosixOffset: 0x%08X (%d) zkerb_EncTypes: %s rh)2rfrirrGr !LSA_POLICY_VIEW_LOCAL_INFORMATIONrrrr]r^ dns_domainsidStringQueryTrustedDomainInfoByName!LSA_TRUSTED_DOMAIN_INFO_FULL_INFOinfo_ex posix_offsetrr=rNT_STATUS_OBJECT_NAME_NOT_FOUNDr-LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPESNT_STATUS_INVALID_PARAMETERNT_STATUS_INVALID_INFO_CLASS TrustDomainInfoSupportedEncTypes enc_typesrrlsaRQueryForestTrustInformationrc"NT_STATUS_RPC_PROCNUM_OUT_OF_RANGENT_STATUS_NOT_FOUNDForestTrustInformationcountrZr domain_namerrrtrust_directionr+r3r4r5c_int32rAro)rrtrartrb local_lsarlocal_policy_access local_policylocal_lsa_info lsaStringlocal_tdo_fulllocal_tdo_infolocal_tdo_posixlocal_tdo_enctypeslocal_tdo_forestposix_offset_u32posix_offset_i32s rrzcmd_domain_trust_show.runs  ;7 V557I ]"%"G"G -1->->yJ]-^ *\> &++22&1188&**, - JJL !  h66|7@7:7\7\^ ,33N,99O -66|7@7:7h7hj " *# ..1Z1ZZ==l>G>A>^>^`! ,- .1L1L1S1SST  & & - -1K1K1R1R R IIOO2^5O5O5V5VV W .1C1CCD .1F1F~G`G`1aab .1K1KNLjLj1kkl .1L1L^MlMl1mmn!???+G+GHNN!>>/*F*FGMM 7;KM]:^^_ .1J1JK]KgKg1hhi  * *S-V-V V  ( ()9-;-G-G-N-N ) P g V((u6TU U V  ]((u6[\ \ ]" h''x/W/WX"#Y\b#bcc((u6fg g  h -''x/S/ST''x/T/TU ,,T5-npp"%!E!E!G +,  ( ( -( *''x/Z/Z[''x/K/KL ,,T5:bcc"99; %&  "')  $ $ *szO%O$=9P7!QAS% O! OO!$ P-PP QAQQ S"#A4SS"% U4.A;U//U4r) r!r"r#rprrrrrrr takes_argsrr$rrrrs?&%H))--0 MJXrrc eZdZdZdZej ejedZ e ddddd e d dd d d e d dddd gZ dgZ ddZ y)cmd_domain_trust_modifyrrrsz--use-aes-keys store_truez!The trust uses AES kerberos keys. use_aes_keysNactionhelpdestdefault --no-aes-keysz:The trust does not have any support for AES kerberos keys.disable_aes_keysz--raw-kerb-enctypesstorezThe raw kerberos enctype bits kerb_enctypesrtc  d}d} || dz } || dz } || dz } | dkDr td| dk(r|dz }|dk(r td|j|| |j} t j } | t jz} |j| | \} }|jjd|jjd|jjd |jd | dk(rt j}||_ | j!| |t j"}|jjd |j3|j0zt j.}|t5|d |_n^|9t6j8|_|xj0t6j:zc_n#|t6j<|_n td|j0|j0k7r[ | j?| |t j"|}|jjd|j3|j0zy|jjdy#t$r} |j || dd} ~ wwxYw#t$r} |j || dd} ~ wwxYw#t$$r} |j'| t(j*rd} |j'| t(j,rd} | |j || d t j.}d|_Yd} ~ d} ~ wwxYw#t$$r} | |j || dYd} ~ yd} ~ wwxYw)NrrAzL--no-aes-keys, --use-aes-keys and --raw-kerb-enctypes are mutually exclusivez/modification arguments are required, try --helpzfailed to connect to lsa serverrrrrXrrzOld kerb_EncTypes: %s )basez&Internal error should be checked abovezNew kerb_EncTypes: %s z=SetTrustedDomainInfoByName(SUPPORTED_ENCRYPTION_TYPES) failedzNo kerb_EncTypes update needed ) rrfrirrGr rLSA_POLICY_TRUST_ADMINrrrr]r^rrrrrrr=rrrrrrAintr r9r:r8SetTrustedDomainInfoByName)rrtrartrbrrrnum_modifications enctype_argsrrrrrrrrs rrzcmd_domain_trust_modify.runhs  $ A L  # A L  ' A L ! mn n 1   "   !PQ Q  ;7 Y557I ]"%"G"G  3#=#= = -1->->yJ]-^ *\> &++22&1188&**, - 1  I%I  1::<;D;>;l;ln#" IIOO69R9RSeSoSo9pp q<<>I(&)-a&@ #)&.&S&S ###x'T'TT#!-'/&H&H #"#KLL""&8&B&BB v!<<\=F=@=n=n=FH' IIOO$>AZAZ[d[n[nAo$op   BCG Y((u6WX X Y ]((u6[\ \ ]"! 1++E83W3WX E++E83X3XY E$00u1rtt&)%I%I%K"/0",, 1H%v("44T55tvv) vsbJ(8J,!KAM J)J$$J), K 5KK  MA4MM N$M>>N)NNNNNNr!r"r#rprrrrrrrrrrr$rrrrLs&%H))--0  7"  |P&  $W3#  MJHLDHZrrcreZdZdZdZej ejeje dZ e dddddgd d d e d dd gdddd e dddddgddd e ddddde dddgdd d!d" e d#dd$d%de d&dd'd(de d)d*d+d,d-e d.d*d/d0d-g Z d1gZ d3d2Zy")4cmd_domain_trust_createz Create a domain or forest trust.%prog DOMAIN [options]rartrrbz--typechoiceTYPEexternalforestz.The type of the trust: 'external' or 'forest'.rr`metavarchoicesrrrz --direction DIRECTION)incomingoutgoingbothz6The trust direction: 'incoming', 'outgoing' or 'both'.rrz--create-locationLOCATIONlocalz=Where to create the trusted domain object: 'local' or 'both'.create_locationz--cross-organisationrz=The related domains does not belong to the same organisation.cross_organisationFrz --quarantinedzyes|no)yesnoNzSpecial SID filtering rules are applied to the trust. With --type=external the default is yes. With --type=forest the default is no.quarantined_argNz--not-transitivez#The forest trust is not transitive.not_transitivez--treat-as-externalz'The treat the forest trust as external.treat_as_externalr store_falsez)The trust does not use AES kerberos keys.rTz--skip-validationzSkip validation of the trust.validatertc X&tj}d}| |dk(r d}n| dk(rd}|dk7r| r td| r tdtj}| r9tj |_|xj tjzc_ntj|_tj}|tjz}|tjz}tj}tj|_d|_|d k(rG|xjtj zc_|xjtj"zc_nQ|d k(r$|xjtj zc_n(|d k(r#|xjtj"zc_d|_| r#|xj$tj&zc_|r#|xj$tj(zc_|dk(r#|xj$tj*zc_| r#|xj$tj,zc_| r#|xj$tj.zc_fd }d}d}tj}|d k(r|jtj zr"|d}t1|j3d}|jtj"zr"|d}t1|j3d}d}nd}|jtj zr|d}|jtj"zr|d}|tjz}|tjz}tj}tj|_d|_|d k(rG|xjtj zc_|xjtj"zc_nQ|d k(r$|xjtj"zc_n(|d k(r#|xjtj zc_d|_| r#|xj$tj&zc_|r#|xj$tj(zc_|dk(r#|xj$tj*zc_| r#|xj$tj,zc_| r#|xj$tj.zc_j5||} j7} j=||\}} j>jAd| jBjDd| jFjDd| jHd jK||}! jO}" j=|"|\}#}$j>jAd|$jBjDd|$jFjDd|$jHd|$jFjD|jP_"|$jBjD|jR_"|$jH|_$|r[| jFjD|jP_"| jBjD|jR_"| jH|_$ |jPjD|_"|jU||tjVtd|jDz#t8$r}j;|dd}~wwxYw#t8$r}j;|dd}~wwxYw#t8$r}jM|dd}~wwxYw#t8$r}jM|dd}~wwxYw#t8$r}jM|dd}~wwxYw#tX$rJ}j[|t\j^s j;|d|jDzYd}~nd}~wwxYw |jRjD|_"|jU||tjVtd|jDz#tX$rJ}j[|t\j^s j;|d|jDzYd}~nd}~wwxYw|rV |jPjD|_"|"jU|#|tjVtd|jDz#tX$rJ}j[|t\j^s jM|d|jDzYd}~nd}~wwxYw |jRjD|_"|"jU|#|tjVtd|jDz#tX$rJ}j[|t\j^s jM|d|jDzYd}~nd}~wwxYw ja}%n$#t8$r}j;|dd}~wwxYw jc|%|}&n$#t8$r}j;|dd}~wwxYw|ro je}'n$#t8$r}jM|dd}~wwxYw jg|'|!|}(n$#t8$r}jM|dd}~wwxYwd})tijj}*|)||*}+|)||*},d}-d}. |rj>jAd d!d"d#}/tm|"|#|tjn|,|+}.j>jAd$|rAj>jAd%d!d&d#}/|"jq|.tjr|j>jAd'd d"d#}/tm|||tjn|+|,}-j>jAd(|rAj>jAd)d d&d#}/|jq|-tjr|n#t8$r}j>jAd*/d+d,|/d-d.|.r.j>jAd/|"ju|.d}.|-r.j>jAd0|ju|-d}-|/d-d!k(rjM|d1|/d+zj;|d1|/d+zd}~wwxYw|rU|j$tj*zrj>jAd2 |%jw|&jx|$jFjDtzj|}0n$#t8$r}j;|d3d}~wwxYw |j||$jFtj|0d}1n$#t8$r}j;|d4d}~wwxYwj|0|$jFjD|15|rj>jAd6 'jw(| jFjDtzj|}2n$#t8$r}jM|d3d}~wwxYw |"j|#| jFtj|2d}3n$#t8$r}jM|d4d}~wwxYwj|2| jFjD|35|jtj"zrj>jAd7 |%j|&jxtzjd8|$jFjD}4n$#t8$r}j;|d9d}~wwxYwj|4jd}5j|4jd}6|4jtzjzr1d:|4jd;|4jd<d=|4jd<d>}7n0d:|4jd;|4jd<d=|4jd<d?}7|5tjk7s|6tjk7r t|7j>jAd@|7z|r|jtj"zrj>jAdA 'j(tzjd8| jFjD}8n$#t8$r}jM|d9d}~wwxYwj|8jd}9j|8jd}:|8jtzjzr1dB|8jd;|8jd<d=|8jd<d>};n0dB|8jd;|8jd<d=|8jd<d?};|9tjk7s|:tjk7r t|;j>jAd@|;z|.$ |"j|.n#t8$rYnwxYwd}.|-$ |j|-n#t8$rYnwxYwd}-j>jAdCy)DNFrTrrz'--not-transitive requires --type=forestz*--treat-as-external requires --type=forestrrrrcd} ||dk7r|Std|z}td|z}||k(sd}jjdH)NrVzNew %s Password: zRetype %s Password: zSorry, passwords do not match. )rrr)r]passwordpasswordverifyrs r get_passwordz1cmd_domain_trust_create.run..get_password7s_H'HN#O"#6#=>!()?$)F!G>1#HIIOO$FGrrzIncoming Trust utf-16-lezOutgoing Trustcntj|dz|dz}t|jdS)Nr)samba generate_random_machine_passwordrencode)lengthpws rrandom_trust_secretz8cmd_domain_trust_create.run..random_trust_secretYs1;;FaKSTU+BIIk,BCCrrrrrrXrfailed to locate remote serverRemoteDomain Netbios[zTrustedDomain %s already exist'z2QueryTrustedDomainInfoByName(%s, FULL_INFO) failedrvfailed to get netlogon dc infoc|tj}d|_|Stj}t ||_||_tj}tj||_ tj|_ ||_tj}d|_|g|_tj}d|_||_|S)NrrA)r trustAuthInOutBlobr AuthInfoClearrYsizerAuthenticationInformationr unix2nttimeLastUpdateTimer TRUST_AUTH_TYPE_CLEARAuthTypeAuthInfoAuthenticationInformationArrayr}current)secret update_timeblobclearrr}s rgenerate_AuthInOutBlobz;cmd_domain_trust_create.run..generate_AuthInOutBlobs~224  **,EVEJ#EN557D"'"3"3K"@D 55DM!DM;;=EEK&EK..0DDJ DLKrzCreating remote TDO. remoteCreateTrustedDomainEx2)locationr]zRemote TDO created. z2Setting supported encryption types on remote TDO. SetInformationTrustedDomainzCreating local TDO. zLocal TDO created z1Setting supported encryption types on local TDO. zError: r]z failed r zly - cleaning up zDeleting remote TDO. zDeleting local TDO. z%sz(Setup local forest trust information... *netr_DsRGetForestTrustInformation() failed&lsaRSetForestTrustInformation() failedrhriz)Setup remote forest trust information... zValidating outgoing trust... r!NETLOGON_CONTROL_TC_VERIFY failedLocalValidation: DC[ ] CONNECTION[rA] TRUST[] VERIFY_STATUS_RETURNEDrZOK: %s zValidating incoming trust... RemoteValidation: DC[z Success. )Mr rrrr r9rr:r8rrLSA_POLICY_CREATE_SECRETTrustDomainInfoInfoExrrrrrrr&r%rrr(rrrfrirrGrrrr]r^rrrrLrrrrrrr=rrrkrrrrcurrent_unix_timerLSA_TRUSTED_DOMAIN_ALL_ACCESSr r DeleteObject!netr_DsRGetForestTrustInformationrr DS_GFTI_UPDATE_TDOlsaRSetForestTrustInformationrcronetr_LogonControl2ExNETLOGON_CONTROL_TC_VERIFYr7pdc_connection_statustc_connection_statusrsNETLOGON_VERIFY_STATUS_RETURNEDtrusted_dc_namer WERR_SUCCESSClose)$> > C$@$@ @ # 9 9 ; +.+E+E  (01  -&(!11S5T5TT1!11S5U5UU1 J.!11S5U5UU1 J.!11S5T5TT112  .!!22c6`6``2!22c6`6``2X%!22c6_6__2!22c6\6\\2 !22c6_6__2..y+F  V557I ]-1->->yJ]-^ *\> &++22&1188&**, -  Y 44XvFM W779J ^/3/@/@Ma/b ,]O ',,33'2299'++- . />.H.H.O.O$$+/>/C/C/J/J%%,.22 3A3L3L3S3S  ) ) 04B4G4G4N4N  * * 1$2$6$6  ! D/;;BBI   2 2<3<363X3X Z@9CSCSST T_ V((u6TU U V  ]((u6[\ \ ] Y))$7WX X Y  W))$7UV V W  ^))$7\] ] ^. D++E83[3[\,,T5-a1:1A1A.CDD] D D/<<CCI   2 2<3<363X3X Z@9CSCSST T D++E83[3[\,,T5-a1:1A1A.CDD] D  I#4#@#@#G#G  77 8A8;8]8]_##DyGWGW#WXX  I//x7_7_`11$2f6?6F6F3HIIa I I#4#A#A#H#H  77 8A8;8]8]_##DyGWGW#WXX  I//x7_7_`11$2f6?6F6F3HIIa I  [!??AN [((u6YZ Z [ X"&";";NL"Y  X((u6VW W X  `"&"E"E"G `--dE;^__ ` ])-)A)A/BOQW*Y& ]--dE;[\\ ] 4--/ . L . L  0 C   89/7AY"Z$;l;l;DF IIOO3 4+2jkkl h"?? @O@Z@Z@C@`@`@Q@A C+ $h00u>fggh,,->1@1K1K1R1R8N-P%IIOO$PQ q ,MMNdN\NgNgNnNnNVNiNik+(q"55dECoppq m'DD]ESE^E^EHEeEeEWEF H0 (m"55dECkllm001C5C5N5N5U5Uabbc&*\\2D2Z2Z[\2]%^"$(LL1C1X1XYZ1[$\!%++h.V.VV'9'I'I'9'N'Nq'Q'9'O'OPQ'R(T$W(:'I'I'9'N'Nq'Q'9'O'OPQ'R(T$ &)<)<<@QU[UhUh@h&'788IIOOJ1A$AB $44s7W7WWIIOO$DEh+@@AWAIAdAdABAOAZAZAaAac, (h"55dECfggh+/,,7J7`7`ab7c*d')-6I6^6^_`6a)b&*0083[3[[+>+N+N+>+S+STU+V+>+T+TUV+W-Y)\,?+N+N+>+S+STU+V+>+T+TUV+W-Y) +f.A.AAEW[a[n[nEn*+<==  5F(FG  (   !23   $   '  01  #   %s'(]9]'&^ 9^/ _/A_7 ]$ ]]$' ^0^^ ^,^''^,/ _8_  _ _4_//_47 a Aaa Ab"" c5+Ac00c5$> > C$@$@ @   ;7 V557I ]-1->->yJ]-^ *\> &++22&1188&**, -  JJL  Y%I &CCLDMsOrOrtN + ]((6: [!;;=  b373D3DZQe3f0 IIOO+0077+66==+//1 2 ""n&8&88##**n.I.I.P.PP))00N4N4N4U4UU"#1#>#>#E#E#1#=#=#D#D#1#5#5$788 E#1#<#<#C#C  ;;M6M6MO!  " "#3 4#   & A#2#>#>#E#E  66}7@7?7N7NP"  ( h''(9:$(!  67 ] V((u6TU U V  ]((u6[\ \ ]$ Y''x/W/WX"#IF#RSS))$7WX X Y  ]--dE;[\\ ]   [--dE;YZZ [   b--dE;`aa b,! E//x7_7_`11$?a2;2B2B@DEEa E*  @,,T5:W-6-=-=;?@@ @  A--dE;X.7.>.><@AA A  h )@)@uNe)f fgg hsQQ9"(RS/!T2T7zr1d|j@d|j:dd|j8dd}n0d|j@d|j:dd|j8dd}|tBjDk7s|tBjDk7r t)||jjd|z |j@jGdd}|j,jd|}|j1|t2jHd |}|j7|j:d }d|j@d|j:dd}|tBjDk7r t)||jjd|z|dk7r: |jK||d} |jO} |j1|t2j4d | jj}|j7|j8d }|j7|j:d }|j<t2j>zr1d|j@d|j:dd|j8dd}n0d|j@d|j:dd|j8dd}|tBjDk7s|tBjDk7r t)||jjd|z |j@jGdd}| jjd|}|j1|t2jHd |}|j7|j:d }d|j@d|j:dd}|tBjDk7r t)||jjd|zy#t$r} |j || dd} ~ wwxYw#t$r} |j || dd} ~ wwxYw#t $rF} |j#| t$j&rt)d|z|j || dd} ~ wwxYw#t$r} |j || d d} ~ wwxYw#t$r} |j || d d} ~ wwxYw#t$r} |j || dd} ~ wwxYw#t$r} |jM|| dd} ~ wwxYw#t$r} |jM|| d d} ~ wwxYw#t$r} |jM|| d d} ~ wwxYw#t$r} |jM|| dd} ~ wwxYw)NrrrrrXrr,QueryTrustedDomainInfoByName(INFO_EX) failedLocalTDO Netbios[rvrrrrrrArrrZr\rVz"NETLOGON_CONTROL_REDISCOVER failedzLocalRediscover: DC[rF)rrrzRemoteRediscover: DC[)(r rrfrirrGrrrr]r^rrrrrIrr=rrrrrrkrr rr7rr rsr!r"rr#replaceNETLOGON_CONTROL_REDISCOVERrrLr) rrtrartrrbrPrr+rrrrrrr~r<r=r>r?rrdomain_and_serverlocal_trust_rediscoverlocal_rediscoverr.r1r@rArBrCremote_trust_rediscoverremote_rediscovers rrzcmd_domain_trust_validate.runxs "CC..y+F  V557I ]-1->->yJ]-^ *\> &++22&1188&**, - f I%I 66|7@7:7Z7Z\  &33::&2299&**, -  [!??AN [33L4<4W4W454B4N4N4U4UW "\\*<*R*RST*UV LL);)P)PQR)ST  # #h&N&N N1AA1FFqI1GGJ L  O 2AA1FFqI1GGJ L  !4!4 48IVM`M`8`/0 0 IIOOJ)99 : \'77??bIF,:,F,F,M,Mv V 33L4<4X4X454EG #!LL)?)T)TUV)WX5EE5JJ1MO  3 3 3/0 0 IIOOJ)99 :  ' ] $ 8 86W\ 8 ]  `"&"E"E"G `#889A9\9\9:9G9R9R9Y9Y[$#',,/B/X/XYZ/["\ !%.A.V.VWX.Y!Z "((8+S+SS#6#F#F#6#K#KA#N#6#L#LQ#O%Q!T$7#F#F#6#K#KA#N#6#L#LQ#O%Q! #f&9&99=OSYSfSf=f"#455  -> >? a,<<DDT2N0>0I0I0P0PRX$Y!#889A9]9]9:9JL("&.E.Z.Z[\.]!^ $;#J#J#:#O#OPQ#R!T "V%8%88"#455  -> >?e V((u6TU U V  ]((u6[\ \ ] f''x/W/WX"#Y\b#bcc((u6de e  f [((u6YZ Z [ [((u6YZ Z [< \((u6Z[ [ \   ]--dE;[\\ ]   `--dE;^__ `  `--dE;^__ `<  a--dE;_`` asVV?"YY Y:"Y55Y:= ZZZ! [*Z==[ [&[!![&) \ 2\\  \.\))\.rMrDr$rrrOrObsp"'H))--..0  $8Z(U'  MJW["ZrrOceZdZdZdZej ejedZ e dddgddd d e d d ddde dddddge dddddge dddddge ddddd ge d!dd"d#d$ge d%dd"d&d'ge d(dd)d*d+ge d,dd)d-d.ge d/ddd0d1ge d2ddd3d4ge d5ddd6d7ge d8ddd9d:ggZ d;gZ d=d<Z y )>cmd_domain_trust_namespaceszManage forest trust namespaces.z%prog [DOMAIN] [options]rsz --refreshrz check|store)checkrNzLList and maybe store refreshed forest trust information: 'check' or 'store'.refreshNrz --enable-allrzATry to update disabled entries, not allowed with --refresh=check. enable_allFrz --enable-tlnappend DNSDOMAINz?Enable a top level name entry. Can be specified multiple times. enable_tln)rrrrrz --disable-tlnz@Disable a top level name entry. Can be specified multiple times. disable_tlnz --add-tln-exzAAdd a top level exclusion entry. Can be specified multiple times. add_tln_exz--delete-tln-exzDDelete a top level exclusion entry. Can be specified multiple times. delete_tln_exz --enable-nb NETBIOSDOMAINzIEnable a netbios name in a domain entry. Can be specified multiple times. enable_nbz --disable-nbzJDisable a netbios name in a domain entry. Can be specified multiple times. disable_nbz --enable-sid DOMAINSIDz@Enable a SID in a domain entry. Can be specified multiple times.enable_sid_strz --disable-sidzADisable a SID in a domain entry. Can be specified multiple times.disable_sid_strz--add-upn-suffixzVAdd a new uPNSuffixes attribute for the local forest. Can be specified multiple times.add_upnz--delete-upn-suffixz^Delete an existing uPNSuffixes attribute of the local forest. Can be specified multiple times. delete_upnz--add-spn-suffixz[Add a new msDS-SPNSuffixes attribute for the local forest. Can be specified multiple times.add_spnz--delete-spn-suffixzcDelete an existing msDS-SPNSuffixes attribute of the local forest. Can be specified multiple times. delete_spnzdomain?c <|g}|g}| g} | g} | g} | g} | g} |g}|g}|g}|g}|g}d}|;|dk(rtd|z|r tdt|dkDr tdt|dkDr tdt| dkDr tdt| dkDr td t| dkDr td t|dkDr td t| dkDr td t| dkDr td t|dkDr(|D]!}|jdstd|zd}t|dkDr(|D]!}|jdstd|zd}|D]8}|D]1}|j|jk7r%td|z:t|dkDr(|D]!}|jdstd|zd}t|dkDr(|D]!}|jdstd|zd}|D]8}|D]1}|j|jk7r%td|z:ndt|dkDr tdt|dkDr tdt|dkDr tdt|dkDr td||dk(rd}|r|dk7rtd|zt|dkDr tdt|dkDr tdt| dkDr tdt| dkDr tdt| dkDr tdt|dkDr td t| dkDr td!t| dkDr^td"|rMd}t|dkDr td#t| dkDr td$t| dkDr td%t|dkDrd}t|dkDrd}|D]8}|D]1}|j|jk7r%td&|z:t| dkDr(| D]!}|jdstd'|zd}t| dkDr(| D]!}|jdstd(|zd}| D]8}| D]1}|j|jk7r%td)|z:t| dkDrd}t|dkDrd}| D]8}|D]1}|j |j k7r%td*|z:g}| D])} t j |}|j|+g}| D])} t j |}|j|+t|dkDrd}t|dkDrd}|D]}|D]}||k7r td-|ztj}|r|tjz}|j||} |j} |j#||\} }!|j$j'd0|!j(j*d1|!j,j*d2|!j.d3|: |j1}" |j3|"|}#|#j4|#j6k7r&td6|#j4d7|#j6d8 |"j9|#j:dd}$|j$j'd;|jG|$|!j,j*< |jI}%d>tK|%jMz}&d?d@g}' |%jO|&tPjRdA|'B}(|(d})g}*d?|)vr|*jY|)d?g}+d@|)vr|+jY|)d@|j$j'dDt|*z|*D]%},|j$j'dEdFdGdH|,d3'|j$j'dIt|+z|+D]%},|j$j'dEdFdGdH|,d3'|syd}-g}.|.jY|*d}/g}0|0jY|+|D]T}1|.D]:},tK|,j|1jk(s.tdJ|1z|.j|1d}-V|D]h}1d}2t[|.D]3\}3},tK|,j|1jk7r1|3}2n|2tdK|1z|.j]|2d}-j|D]T}4|0D]:},tK|,j|4jk(s.tdL|4z|0j|4d}/V|D]h}4d}2t[|0D]3\}3},tK|,j|4jk7r1|3}2n|2tdM|4z|0j]|2d}/j|j$j'dNt|.z|.D]%},|j$j'dEdFdGdH|,d3'|j$j'dOt|0z|0D]%},|j$j'dEdFdGdH|,d3'tQj^}5|)j`|5_0|-r(tQjb|.tPjdd?|5d?<|/r(tQjb|0tPjdd@|5d@< |%jg|5 |"j9|#j:dd}6|j$j'dQ|jG|6|!j,j*<y tjh}7||7_|jk| |7tjl}8|j$j'dT|8jtj*d1|8j4j*d2|8j.d3|8jvtjxzstdU|z|~ |j1}" |j3|"|}#dV}9|dk(rtzj|}:|rd}9nd}: |"j9|#j:|8j4j*|:}; |j| |8j4tj|;|9}<|j$j'dX|jG|;|8j4j*||>jY|=jtj}?t|>|?_D|>|?_B|r|?jD][}@|@jtjk7r!@jdk(r1d@_H|@xjtjzc_G]|?jD]}@|@jtjk7r!@jdk(r1d@_H|@xjtjzc_G|@xjtjzc_G|D]}Ad}2t[|?jD]\\}3}@|@jtjk7r$@jj*jAjk7rZ|3}2n|2td\Az|?j|2jtjzstd]Azd|?j|2_H|?j|2xjtjzc_G |D]6}Ad}2t[|?jD]\\}3}@|@jtjk7r$@jj*jAjk7rZ|3}2n|2td^Az|?j|2jtjzrtd_Azd|?j|2_H|?j|2xjtjzc_G|?j|2xjtjzc_G9| D]}Bd}2t[|?jD]\\}3}@|@jtjk7r$@jj*jBjk7rZ|3}2n|2td`BzdaBjz}Cd}2t[|?jD]r\}3}@|@jtjk7r$da@jj*jz}DC|Dk(rtdbBzCjDsp|3}2n|2tdcBztj}@tj|@_Ed|@_Gd|@_HB|@j_g}>|>jY|?j|>j|2dVz|@t|>|?_D|>|?_B| D]}Bd}2t[|?jD]\\}3}@|@jtjk7r$@jj*jBjk7rZ|3}2n|2tddBzg}>|>jY|?j|>j]|2t|>|?_D|>|?_B| D]}Ed}2t[|?jD]f\}3}@|@jtjk7r$@jjj*j Ej k7rd|3}2n|2tdeEz|?j|2jtjzstdfEzd|?j|2_H|?j|2xjtjzc_G|D]@}Ed}2t[|?jD]f\}3}@|@jtjk7r$@jjj*j Ej k7rd|3}2n|2tdgEz|?j|2jtjzrtdhEzd|?j|2_H|?j|2xjtjzc_G|?j|2xjtjzc_GCD]}d}2t[|?jD]@\}3}@|@jtjk7r$@jj|k7r>|3}2n|2tdi|z|?j|2jtjzstdjEzd|?j|2_H|?j|2xjtjzc_GD]}d}2t[|?jD]@\}3}@|@jtjk7r$@jj|k7r>|3}2n|2tdk|z|?j|2jtjzrtdlEzd|?j|2_H|?j|2xjtjzc_G|?j|2xjtjzc_G |j| |8j4tj|?d}F|j$j'dm|jG|?|8j4j*FY tjh}7|8j4j*|7_|j| |7tj}6|j$j'dQ|jG|6|8j4j*<y#ttf$rtd+|zwxYw#ttf$rtd,|zwxYw#t$r}|j!||d.d}~wwxYw#t$r}|j!||d/d}~wwxYw#t$r}|j!||d4d}~wwxYw#t$r}|j!||d5d}~wwxYw#t$r}|j=|t>j@rtd9|z|j=|t>jBrtd9|z|j=|t>jDrtd9|z|j!||d:d}~wwxYw#t$r}|j!||d=d}~wwxYw#tPjT$r}|jW||dCd}~wwxYw#tPjT$r}|jW||dPd}~wwxYw#t$r}|j!||d:d}~wwxYw#tn$rF}|j=|tpjrrtdR|z|j!||dSd}~wwxYw#t$r}|j!||d4d}~wwxYw#t$r}|j!||d5d}~wwxYw#t$r}|j!||d:d}~wwxYw#t$r}|j!||dWd}~wwxYw#t$r}|j!||dZd}~wwxYw#t$r}|j!||dZd}~wwxYw#t$r}|j!||dWd}~wwxYw#t$r}|j!||dZd}~wwxYw)nNFrz'--refresh=%s not allowed without DOMAINz'--enable-all not allowed without DOMAINrz'--enable-tln not allowed without DOMAINz(--disable-tln not allowed without DOMAINz'--add-tln-ex not allowed without DOMAINz*--delete-tln-ex not allowed without DOMAINz&--enable-nb not allowed without DOMAINz'--disable-nb not allowed without DOMAINz'--enable-sid not allowed without DOMAINz(--disable-sid not allowed without DOMAINz*.zEvalue[%s] specified for --add-upn-suffix should not include with '*.'TzHvalue[%s] specified for --delete-upn-suffix should not include with '*.'z@value[%s] specified for --add-upn-suffix and --delete-upn-suffixzEvalue[%s] specified for --add-spn-suffix should not include with '*.'zHvalue[%s] specified for --delete-spn-suffix should not include with '*.'z@value[%s] specified for --add-spn-suffix and --delete-spn-suffixz1--add-upn-suffix not allowed together with DOMAINz4--delete-upn-suffix not allowed together with DOMAINz1--add-spn-suffix not allowed together with DOMAINz4--delete-spn-suffix not allowed together with DOMAINz3--enable-all not allowed together with --refresh=%sz0--enable-tln not allowed together with --refreshz1--disable-tln not allowed together with --refreshz0--add-tln-ex not allowed together with --refreshz3--delete-tln-ex not allowed together with --refreshz/--enable-nb not allowed together with --refreshz0--disable-nb not allowed together with --refreshz0--enable-sid not allowed together with --refreshz1--disable-sid not allowed together with --refreshz3--enable-tln not allowed together with --enable-allz2--enable-nb not allowed together with --enable-allz3--enable-sid not allowed together with --enable-allz6value[%s] specified for --enable-tln and --disable-tlnzAvalue[%s] specified for --add-tln-ex should not include with '*.'zDvalue[%s] specified for --delete-tln-ex should not include with '*.'z8value[%s] specified for --add-tln-ex and --delete-tln-exz4value[%s] specified for --enable-nb and --disable-nbz7value[%s] specified for --enable-sid is not a valid SIDz8value[%s] specified for --disable-sid is not a valid SIDz6value[%s] specified for --enable-sid and --disable-sidrrrrrXrrvrzThe local domain [z] is not the forest root [rZz@LOCAL_DC[%s]: netr_DsRGetForestTrustInformation() not supported.r z Own forest trust information... rzfailed to connect to SamDBzCN=Partitions,%s uPNSuffixeszmsDS-SPNSuffixesz(objectClass=crossRefContainer))rscope expressionattrszfailed to search partition dnz#Stored uPNSuffixes attributes[%d]: rSrVrTrUz(Stored msDS-SPNSuffixes attributes[%d]: zBEntry already present for value[%s] specified for --add-upn-suffixz?Entry not found for value[%s] specified for --delete-upn-suffixzBEntry already present for value[%s] specified for --add-spn-suffixz?Entry not found for value[%s] specified for --delete-spn-suffixz#Update uPNSuffixes attributes[%d]: z(Update msDS-SPNSuffixes attributes[%d]: zfailed to update partition dnz#Stored forest trust information... rrRrSzItrusted domain object for domain [%s] is not marked as FOREST_TRANSITIVE.rAr z"Fresh forest trust information... r z(lsaRQueryForestTrustInformation() failedz"Local forest trust information... z8Entry not found for value[%s] specified for --enable-tlnzGEntry found for value[%s] specified for --enable-tln is already enabledz9Entry not found for value[%s] specified for --disable-tlnzIEntry found for value[%s] specified for --disable-tln is already disabledz>Entry already present for value[%s] specified for --add-tln-exz.%sz:TLN entry present for value[%s] specified for --add-tln-exz>No TLN parent present for value[%s] specified for --add-tln-exz;Entry not found for value[%s] specified for --delete-tln-exz7Entry not found for value[%s] specified for --enable-nbzFEntry found for value[%s] specified for --enable-nb is already enabledz7Entry not found for value[%s] specified for --delete-nbzHEntry found for value[%s] specified for --disable-nb is already disabledz8Entry not found for value[%s] specified for --enable-sidzGEntry found for value[%s] specified for --enable-sid is already enabledz8Entry not found for value[%s] specified for --delete-sidzIEntry found for value[%s] specified for --disable-sid is already disabledz$Updated forest trust information... )VrrY startswithlowerupperr dom_sid ValueError TypeErrorrar rrrfrirrGrrrr]r^rrrkrr forest_namerrr=rr|WERR_INVALID_FUNCTIONWERR_NERR_ACFNOTLOADEDrorpstrget_config_basednsearchldb SCOPE_BASELdbErrorrRextendr[popMessagednMessageElementFLAG_MOD_REPLACEmodifyrrrIrrrrrrr rrrcrrZrrr`rarstimeLSA_TLN_DISABLED_MASKLSA_NB_DISABLED_MASKLSA_SID_DISABLED_MASKr_rGrbendswithForestTrustRecordinsertrerOrfrM)Grrtrarbrtr_r`rcrdrerfrkrlrhrirmrnrorprequire_updatenrrnrl enable_sidrr disable_sidrr+rrrrr~r0own_forest_info local_samdblocal_partitions_dnrumsgs stored_msgstored_upn_valsstored_spn_valsr6 replace_upnupdate_upn_vals replace_spnupdate_spn_valsupnidxrkspn update_msgstored_forest_inforrlsa_update_checknetlogon_update_tdofresh_forest_infofresh_forest_collisionr8rZupdate_forest_inforrhtln_extln_dotr_dotnbupdate_forest_collisionsG rrzcmd_domain_trust_namespaces.run^s  J  K  J  M  !N  " O  I  J ?G  J ?G  J >'!"#Lw#VWW"#LMM:""#LMM;!#"#MNN:""#LMM=!A%"#OPP9~!"#KLL:""#LMM>"Q&"#LMM?#a'"#MNN7|a tA<<- &'nqr'rsst"&:"#wA<<- &'qtu'uvvw"& o#oAwwyAGGI- &'ilm'mnno o 7|a tA<<- &'nqr'rsst"&:"#wA<<- &'qtu'uvvw"& o#oAwwyAGGI- &'ilm'mnno o 7|a"#VWW:""#YZZ7|a"#VWW:""#YZZ  '!!%g0"#X[b#bcc:""#UVV;!#"#VWW:""#UVV=!A%"#XYY9~!"#TUU:""#UVV>"Q&"#UVV?#a'"#VWW!%z?Q&&'\]]y>A%&'[\\~&*&'\]]:"!%;!#!% e$eAwwyAGGI- &'_bc'cdde e :"#pA<<- &'jmn'noop"&=!A%&sA<<- &'mpq'qrrs"& g&gAwwyAGGI- &'ade'effg g 9~!!%:"!% c#cAwwyAGGI- &']`a'abbc c J# 'f"**1-C!!#&  ' K$ (g"**1-C""3'  ( :"!%;!#!% e$eAAv &'_bc'cdde e "CC  3#=#= = ..y+F  V557I ]-1->->yJ]-^ *\> &++22&1188&**, - > _!%!C!C!E \&*&?&?P\&]##..2E2Q2QQ"#6#B#B#6#B#B$DEE h"0"R"RSfSmSmSWYZ#\" IIOO? @  ( (-;-F-F-M-M ) O X"<<> #5s;;X;X;Z7["[ "$67E W"))/B035V05*7"!W !O *&&z-'@A O!Z/&&z2D'EF IIOOBSEYY Z$ D B BC D IIOOG#oJ^^ _$ D B BC D"K O  " "? 3K O  " "? 3 #(EA1v||~4*,>@C,DEEE  &&s+"  #" #%o6DAq1v||~4 C  ;&'hkn'noo##C("  # #(EA1v||~4*,>@C,DEEE  &&s+"  #" #%o6DAq1v||~4 C  ;&'hkn'noo##C("  # IIOOBSEYY Z$ D B BC D IIOOG#oJ^^ _$ D B BC DJ&MMJM,/,>,>?B?S?S?L-N =)141C1CODGDXDXDV2X -. W"":. h%3%U%UViVpVpVZ\]&_" IIOOB C  ( ();-;-F-F-M-M ) O  f I%I 66|7@7:7Z7Z\  &33::&2299&**, - ..1Z1ZZjmsst t   _!%!C!C!E \&*&?&?P\&]# ! '!&.&A&A#'($&'# h #DDEXE_E_ESE_E_EfEfEXZ" d;;L $$%6)7)C)C)J)J % L (001 779#&w< %," '// 666S@@@77a<C5555  6(// 666S===77a<C4444C5555 6 PCC!"4"<"<= 166S@@@&&--335D  {"#]`c#cdd%--c2883;T;TT"#lor#rss34  & &s + 0  & &s + 1 1c6O6O5O O 1 P  PCC!"4"<"<= 166S@@@&&--335D  {"#^ad#dee!))#.44s7Q7QQ"#nqt#tuu34  & &s + 0  & &s + 1 1c6O6O5O O 1  & &s + 1 1S5O5O O 1 P"!& 1FC!"4"<"<= 166SCCC&&--335G  "#cfl#lmmflln,GC!"4"<"<= 166S@@@ 3 3 : : @ @ BBe#&'cfl'lmm''. {"#cfl#lmm%%'A;;AFAGAF)/A   &G NN-55 6 NN37A &'*7|  $)0  &M& 1P$ 1FC!"4"<"<= 166SCCC&&--335G  {"#`ci#ijjG NN-55 6 KK '*7|  $)0  &! 1$ OBC!"4"<"<= 166S===&&::AAGGIRXXZW  {"#\_a#abb%--c2883;S;SS"#knp#pqq34  & &s + 0  & &s + 1 1c6N6N5N N 1 O  OBC!"4"<"<= 166S===&&::AAGGIRXXZW  {"#\_a#abb!))#.44s7P7PP"#mpr#rss34  & &s + 0  & &s + 1 1c6N6N5N N 1  & &s + 1 1S5N5N N 1 O" PCC!"4"<"<= 166S===&&11S8  {"#]`c#cdd%--c2883;T;TT"#loq#qrr34  & &s + 0  & &s + 1 1c6O6O5O O 1 P  PCC!"4"<"<= 166S===&&11S8  {"#]`c#cdd!))#.44s7Q7QQ"#nqs#stt34  & &s + 0  & &s + 1 1c6O6O5O O 1  & &s + 1 1S5O5O O 1 P" `&/&M&MlN\NhNhNQNnNnN`bc'e # ?@ $$%7)7)C)C)J)J0G % I b I-99@@I !*!J!J? $$%7)7)C)C)J)J % L{#I.f&'`cd'deef#I.g&'ade'effg( V((u6TU U V  ]((u6[\ \ ]  _,,T5:]^^ _   \,,T5:Z[[ \ h++E63Y3YZ&'i'3(566++E63O3OP&'i'3(566++E63P3PQ&'i'3(566,,T5:fgg h*  X,,T5:VWW X<< W((u6UVV Wz<< W((u6UVV W   h,,T5:fgg h f''x/W/WX"#Y\b#bcc((u6de e  f"  _,,T5:]^^ _   \,,T5:Z[[ \(  h,,T5:fgg h  d,,T5:bcc d $j00u>hiij( b((u6`a a bF `((u6^_ _ ` b((u6`a a bsS6Ai1&AjAj3AkAk;Al+Am Ao1<(ApAq!Aq1rs2 GG%??DD6S : :S CCL ,.,^h.hTv0vpC0CLU0Upp 2pf@ "4@ F >| >r