a ’{aŽã@sèddlmZddlZddlZddlZddlmZddlmZddlmZddl m Z ddl m Z ddl m Z mZdd l mZdd lmZdd l mZdd lmZmZdd lmZmZddlmZddlmZdd„ZGdd„deƒZdS)é)Úprint_functionN)Ú b64decode)Údsdb)Úcommon)Úmisc)Údrsuapi)Ú ndr_unpackÚndr_pack)Údrsblobs)Údsdb_Dn)Úsecurity)Úget_wellknown_sdsÚ get_diff_sds)Úsystem_sessionÚ admin_session)Ú CommandError)Úget_fsmo_roleownerc CsRd}|D]D}t|ƒrd|}z|t|ƒ}WqtyJ|t|ƒ}Yq0q|S)NÚú,)ÚlenÚstrÚUnicodeDecodeErrorÚrepr)ÚvalsÚresultÚvalue©rú1/usr/lib/python3/dist-packages/samba/dbchecker.pyÚdump_attr_values/s rc @s`eZdZdZd“dd„Zdejddfdd„Zdd „Zd d „Z d”d d „Z dd„Z dd„Z d•dd„Z dd„Zdd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Zd#d$„Zd–d%d&„Zd'd(„Zd)d*„Zd+d,„Zd-d.„Zd/d0„Zd1d2„Zd3d4„Zd5d6„Zd7d8„Zd9d:„Z d—d;d<„Z!d=d>„Z"d?d@„Z#dAdB„Z$dCdD„Z%dEdF„Z&dGdH„Z'dIdJ„Z(dKdL„Z)dMdN„Z*dOdP„Z+dQdR„Z,dSdT„Z-dUdV„Z.dWdX„Z/dYdZ„Z0d[d\„Z1d]d^„Z2d_d`„Z3dadb„Z4dcdd„Z5dedf„Z6dgdh„Z7didj„Z8dkdl„Z9dmdn„Z:dodp„Z;dqdr„Zdwdx„Z?dydz„Z@d{d|„ZAd}d~„ZBdd€„ZCdd‚„ZDdƒd„„ZEd…d†„ZFd‡dˆ„ZGd‰dŠ„ZHd˜d‹dŒ„ZIddŽ„ZJdd„ZKd‘d’„ZLdS)™Údbcheckzcheck a SAM database for errorsNFc  CsD||_d|_|p||_||_||_||_||_d|_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_tƒ|_d|_d|_d|_d|_d|_ d|_!d|_"d|_#d|_$d|_%d|_&d|_'d|_(d|_)d|_*d|_+d|_,d|_-||_.| |_/| |_0d|_1d|_2||_3t4 5|d| 6¡¡|_7t4 5|d| 8¡¡|_9| :¡|_;t4 5|d| 6¡¡|_i|_?t@|jƒ|_Ad|_Bd|_Cd|_Dd|_Ed|_FtGƒ|_Hi|_Ii|_JzF|jKd| 6¡t4jLdgd} tMtNjO| dddƒ} tP| ƒ|jJd <Wn@t4jQy`} z$| jR\}}|t4jSkrL‚WYd} ~ n d} ~ 00tTƒ|_UtVd| W¡ƒ|_X|jjK|j>t4jLd d gd} d | dvr²| dd |_Yn$d | dvrÐ| dd |_Ynd|_Y|jjKd t4jLd gd} g|_Zg|_[g|_\z| dd |_]Wn&t^y$Ynt_y6Yn0|j]D]h}z0|j `t4 5|j| ad¡¡tbjc¡}|jZ d|¡Wn0t^y¢|j[ dt4 5|j| ad¡¡¡Yn0q>d|j e¡}d|j f¡}|jjKt4jgddg|j h¡d|d}ti|ƒdkr|j\ dt4 5|j|¡|df¡|jjKt4jgddg|j h¡d|d}ti|ƒdkrd|j\ dt4 5|j|¡|df¡t4 5|jd|j 6¡¡}tj|j|dƒ}t4 5|j|j =¡¡|kr¬d|_knd|_k|jjKt4 5|j|j l¡¡t4jLdgd} t4 5|j| ddd ad¡¡|_m|jjK|jmt4jLdgd} d| dvrDt4 5|j| ddd ad¡¡|_nnd|_nd|j 8¡ o¡}|jK|t4jLddgd} d| dvr˜tp| dddƒ|_qnd|_qg|_rg|_szT|jjKt4jLdd d!gd"} d | dvrà| dd |_rd!| dvrü| dd!|_sWn@t4jQy>}z$|jR\}}|t4jSkr*‚WYd}~n d}~00dS)#NFrzCN=Infrastructure,zCN=Partitions,%szCN=RID Manager$,CN=System,zCN=DnsAdmins,CN=Users,%sZ objectSid©ÚbaseÚscopeÚattrsZ DnsAdminszmsDS-hasMasterNCsZ hasMasterNCsrZnamingContextsÚutf8zDC=DomainDnsZones,%szDC=ForestDnsZones,%súmsDS-NC-Replica-LocationsúmsDS-NC-RO-Replica-Locationsz$(&(objectClass=crossRef)(ncName=%s)))r"r#r!Ú expressionéZridTZserverReferenceÚrIDSetReferencesz1CN=Directory Service,CN=Windows NT,CN=Services,%sz(objectClass=nTDSService)ÚtombstoneLifetime)r!r"r'r#é´z @SAMBA_DSDBÚcompatibleFeaturesÚrequiredFeatures)r"r!r#)tÚsamdbZ dict_oid_nameÚ samdb_schemaÚverboseÚfixÚyesÚquietÚremove_all_unknown_attributesÚremove_all_empty_attributesÚfix_all_normalisationÚfix_all_duplicatesÚfix_all_DN_GUIDsÚfix_all_binary_dnÚ#remove_implausible_deleted_DN_linksÚ!remove_plausible_deleted_DN_linksZ$fix_all_string_dn_component_mismatchZ"fix_all_GUID_dn_component_mismatchZ!fix_all_SID_dn_component_mismatchÚ fix_all_SID_dn_component_missingÚ(fix_all_old_dn_string_component_mismatchÚfix_all_metadataÚfix_time_metadataÚfix_undead_linked_attributesÚfix_all_missing_backlinksÚfix_all_orphaned_backlinksÚfix_all_missing_forward_linksÚdictÚduplicate_link_cacheÚrecover_all_forward_linksÚ fix_rmd_flagsÚfix_ntsecuritydescriptorÚ$fix_ntsecuritydescriptor_owner_groupÚseize_fsmo_roleÚmove_to_lost_and_foundÚfix_instancetypeÚ"fix_replmetadata_zero_invocationidÚ fix_replmetadata_duplicate_attidÚfix_replmetadata_wrong_attidÚfix_replmetadata_unsorted_attidÚfix_deleted_deleted_objectsZfix_incorrect_deleted_objectsÚfix_dnÚfix_base64_userparametersÚfix_utf8_userparametersÚfix_doubled_userparametersÚfix_sid_rid_set_conflictÚquick_membership_checksÚreset_well_known_aclsÚcheck_expired_tombstonesÚexpired_tombstonesÚreset_all_well_known_aclsÚin_transactionÚldbÚDnÚ domain_dnÚinfrastructure_dnZget_config_basednÚ naming_dnZget_schema_basednÚ schema_dnÚrid_dnÚget_dsServiceNameÚntds_dsaÚclass_schemaIDGUIDr Ú wellknown_sdsÚfix_all_missing_objectclassÚfix_missing_deleted_objectsÚfix_replica_locationsÚfix_missing_rid_set_masterÚfix_changes_after_deletion_bugÚsetÚdn_setÚ link_id_cacheÚname_mapÚsearchÚ SCOPE_BASErr Údom_sidrÚLdbErrorÚargsÚERR_NO_SUCH_OBJECTrÚsystem_session_inforÚget_domain_sidÚadmin_session_infoÚ write_ncsÚdeleted_objects_containersÚncs_lacking_deleted_containersÚdns_partitionsZncsÚKeyErrorÚ IndexErrorÚget_wellknown_dnÚdecoderÚ!DS_GUID_DELETED_OBJECTS_CONTAINERÚappendZget_default_basednÚget_root_basednZSCOPE_ONELEVELZget_partitions_dnrrÚ is_rid_masterZget_serverNameÚ server_ref_dnÚ rid_set_dnÚget_linearizedÚintr*r,r-)Úselfr.r/r0r1r2r3r\rWrXrYÚresZ dnsadmins_sidZe5ÚenumÚestrÚncÚdnZdomaindns_zoneZforestdns_zoneZdomainZforestZfsmo_dnZ rid_masterZntds_service_dnZe6rrrÚ__init__=sF   ÿ   ÿ& ý ýÿ" ÿ$ ÿý ÿþ  zdbcheck.__init__cCsÐ|jj||dg|d}| dt|ƒ¡d}|| ¡7}tƒ|_|D]*}|j t |j ƒ¡||j |j |d7}qD|dur„||  ¡7}|j dkrž| d|j ¡|dkr¶|js¶| d¡| d t|ƒ|f¡|S) z>perform a database check, returning the number of errors foundr©r!r"r#ÚcontrolszChecking %u objectsr)r#Nz†NOTICE: found %d expired tombstones, 'samba' will remove them daily, 'samba-tool domain tombstones expunge' would do that immediately.z$Please use --fix to fix these errorszChecked %u objects (%u errors))r.rqÚreportrÚ check_deleted_objects_containersrmÚattribute_or_class_idsrnÚaddrrÚ check_objectÚ check_rootdserZr1)rŠZDNr"r’r#r‹Ú error_countÚobjectrrrÚcheck_databaseös$   ü zdbcheck.check_databasec Csd}|jD]î}||jkrq |d7}| d|¡| d|d¡sDq t |jd¡}| |¡d}z`|jj|tj ggd¢d }t |ƒdkr¾|dj   d ¡}t |jd t t |¡ƒ¡}| |¡Wn\tjy}z@|j\}} |tjkrên| d | ¡WYd}~dSWYd}~n d}~00|durŒz|j ||gd ¢¡WnJtjyŠ} z.| j\}} | d||| f¡WYd} ~ dSd} ~ 00|jj|tj dggd¢d }t |ƒdkrÊ| d|¡dS|dd} g} d} | D]P}t|j| d¡tjƒ}| |¡r"| d|¡|j   d ¡} |  t |ƒ¡qâ| durRdt t | ¡ƒ}n dtj}|  d||f¡d}|jjd||fddgdt ¡}t |jt |ddƒ¡|_ t | tjd¡|d<|j|dgd|ddrî| d |¡|j  |¡q |S)!z`This function only fixes conflicts on the Deleted Objects containers, not the attributesrr(z=ERROR: NC %s lacks a reference to a Deleted Objects containerz-Fix missing Deleted Objects container for %s?rizCN=Deleted ObjectsN)úshow_deleted:1úextended_dn:1:1úshow_recycled:1úreveal_internals:0r‘ÚGUIDzCN=Deleted Objects\0ACNF:%sz %s'zIIf you cannot re-sync from another DC, do you wish to delete object '%s'?rhz1Not deleting object with missing objectclass '%s'Nr¡úFailed to remove DN %sú Removed DN %s)r“r.Ú get_nc_rootr¨rÅ©rŠrrrrÚerr_missing_objectclass0s ÿzdbcheck.err_missing_objectclasscCsÖ|sF| d|||f¡| dt|ƒ¡| dd¡s†| d¡dSn@| d|||f¡| dt|ƒ¡| dd ¡s†| d¡dSt ¡}||_t |tj|¡|d <| |d d t j gd |¡rÒ| d|¡dS)z(handle a DN pointing to a deleted objectz4ERROR: target DN is deleted for %s in object %s - %sz#Target GUID points at deleted DN %rzRemove DN link?r:z Not removingNz6WARNING: target DN is deleted for %s in object %s - %szRemove stale DN link?r;Ú old_valueržr¿z(Failed to remove deleted DN attribute %sz"Removed deleted DN on attribute %s) r“rr¨r]r­rr®rÎr°rÚ DSDB_CONTROL_REPLMD_VANISH_LINKS)rŠrrËr×r³Ú correct_dnZremove_plausiblerÈrrrÚerr_deleted_dn:s(    ÿþzdbcheck.err_deleted_dnc Cs°t|ƒ d¡dkr4| d|||f¡| d¡dS| |¡\}}|d@dkr„t|ƒ d¡dkr„| |¡\}}|durœ| d|||f¡| d ¡dS|j |¡}z|j |j¡} Wn@tjyú} z&| j \} } | tj krâ‚d} WYd} ~ n d} ~ 00| dur,| d ||j||f¡| d ¡dS|| krX| d |||f¡| d ¡dS| d|||f¡|  |||||d¡dS| d|||f¡|  |||||d¡dS)zxhandle a missing target DN (if specified, GUID form can't be found, and otherwise DN string form can't be found)z\0ADELéÿÿÿÿzTWARNING: no target object found for GUID component link %s in deleted object %s - %sz`Not removing dangling one-way link on deleted object (tombstone garbage collection in progress?)rr(Nz`WARNING: no target object found for GUID component for one-way forward link %s in object %s - %sz"Not removing dangling forward linkzeWARNING: no target object found for GUID component for link %s in object to %s outside our NCs%s - %szhNot removing dangling one-way left-over link outside our NCs (we might be building a renamed/lab domain)z`WARNING: no target object found for GUID component for cross-partition link %s in object %s - %szPNot removing dangling one-way cross-partition link (we might be mid-replication)zTWARNING: no target object found for GUID component for DN value %s in object %s - %sTzNERROR: no target object found for GUID component for link %s in object %s - %sF) rÚfindr“rÍr.rãrr]rtrurvré) rŠrrËr×r³rÌÚ_Úreverse_link_nameÚnc_rootZtarget_nc_rootÚerŒrrrrÚerr_missing_target_dn_or_GUIDQs`þ "ÿý      ý  ý þ ÿþz%dbcheck.err_missing_target_dn_or_GUIDc Csp| d||||f¡ddg}z |jjt|jƒtjg|d}Wnbtjy }zH|j\} } | d|j| f¡| tj krz‚|  ||||¡WYd}~dSd}~00t |ƒdkrÒ| d|j¡|  ||||¡dS|dj|_|  d t|ƒd ¡s| d |¡dSt  ¡} || _t |tj|¡| d <t t|ƒtj|¡| d <| | dgd||f¡rl| d||f¡dS)z+handle a missing GUID extended DN componentz,ERROR: %s component for %s in object %s - %srržr‘z&unable to find object for DN %s - (%s)Nrzunable to find object for DN %súChange DN to %s?r8ú Not fixing %sræÚ new_valueú Failed to fix %s on attribute %súFixed %s on attribute %s)r“r.rqrrr]rrrtrurvrðrr¨r­r®rÎrÕr°) rŠrrËr×r³Úerrstrr’r‹Ze7rŒrrÈrrrÚerr_missing_dn_GUID_component¦s:ÿ       ÿz%dbcheck.err_missing_dn_GUID_componentcCs¤| d||||f¡| dt|ƒd¡s<| d|¡dSt ¡}||_t |tj|¡|d<t t|ƒtj|¡|d<|  |dgd ||f¡r | d ||f¡dS) z'handle an incorrect binary DN componentz3ERROR: %s binary component for %s in object %s - %srñr9ròNræróržrôrõ) r“r¨rr]r­rr®rÎrÕr°)rŠrrËr×r³rörÈrrrÚerr_incorrect_binary_dnÆs  ÿzdbcheck.err_incorrect_binary_dncCs¤| d|||f¡||_| dt|ƒd¡s<| d¡dSt ¡}||_t |tj|¡|d<t t|ƒtj|¡|d<|  |dd t j gd |¡r | d |¡dS) ú"handle a DN string being incorrectzPNOTE: old (due to rename or delete) DN string component for %s in object %s - %srñr=zNot fixing old string componentNræróržúlocal_oid:%s:1z+Failed to fix old DN string on attribute %sz#Fixed old DN string on attribute %s) r“rr¨rr]r­r®rÎrÕr°rÚ%DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME)rŠrrËr×r³rèrÈrrrÚerr_dn_string_component_oldÖs"ÿ ÿþz#dbcheck.err_dn_string_component_oldcCs®| d||||f¡||_| dt|ƒd|¡sF| d|¡dSt ¡}||_t |tj|¡|d<t t|ƒtj|¡|d<|  |dgd ||f¡rª| d ||f¡dS) rùz9ERROR: incorrect DN %s component for %s in object %s - %srñz fix_all_%s_dn_component_mismatchz Not fixing %s component mismatchNræróržz-Failed to fix incorrect DN %s on attribute %sz%Fixed incorrect DN %s on attribute %s) r“rr¨rr]r­r®rÎrÕr°)rŠrrËr×r³rèZ mismatch_typerÈrrrÚ err_dn_component_target_mismatchèsÿ  ÿz(dbcheck.err_dn_component_target_mismatchc Csú| d|||f¡t|jƒdkr0| d¡dSt |j|j ¡¡}| d|¡|  d| ¡d¡sr| d¡dS|  d ¡}t |jd ¡}| d |¡| d|¡t  ¡} || _t  | ¡tj |¡| d <d d tjg} | | | d|¡rö| d|¡dS)rùz8ERROR: missing DN SID component for %s in object %s - %srz3Not fixing missing DN SID on DN+BINARY or DN+STRINGNÚSIDrñr<z#Not fixing missing DN SID componentr rróržrúz,Failed to ADD missing DN SID on attribute %sz$Fixed missing DN SID on attribute %s)r“rràr]r^r.rÚ extended_strÚset_extended_componentr¨r©r­r®rÕrZ$DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SIDr°) rŠrrËr×r³Ztarget_sid_blobrèZtarget_guid_blobZ guid_sid_dnrÈr’rrrÚ#err_dn_component_missing_target_sidùs2  ÿ    þÿz+dbcheck.err_dn_component_missing_target_sidcCs‚| d||jf¡| d|d¡s6| d|¡dSt ¡}|j|_t gtj|¡|d<| |ddgd |¡r~| d |¡dS) z!handle an unknown attribute errorz#ERROR: unknown attribute '%s' in %szRemove unknown attribute %sr4zNot removing %sNrær¡ržz%Failed to remove unknown attribute %szRemoved unknown attribute %s)r“rr¨r]r­r®rÎr°)rŠÚobjrËrÈrrrÚerr_unknown_attributes ÿzdbcheck.err_unknown_attributecCsŽ| d|||jf¡| d|d¡s8| d|¡dSt ¡}|j|_t |tj|¡|d<| |ddd d tj gd |¡rŠ| d |¡dS) z:handle a link that should not be there on a deleted objectzDERROR: linked attribute '%s' to '%s' is present on deleted object %szRemove linked attribute %sr@z Not removing linked attribute %sNræržrœrŸr¿z Failed to delete forward link %szFixed undead forward link %s) r“rr¨r]r­r®rÎr°rrç)rŠrrËr×rÈrrrÚerr_undead_linked_attribute&s ÿ ÿþz#dbcheck.err_undead_linked_attributecCs„| d||||jf¡| d|d¡s:| d|¡dSt ¡}||_t |tj|¡|d<| |ddgd |¡r€| d |¡dS) zhandle a missing backlink valuez>ERROR: missing backlink attribute '%s' in %s for link %s in %szFix missing backlink %srAzNot fixing missing backlink %sNróržr¡z!Failed to fix missing backlink %szFixed missing backlink %s)r“rr¨r]r­r®rÕr°)rŠrrËr×Z backlink_nameÚ target_dnrÈrrrÚerr_missing_backlink6s ÿzdbcheck.err_missing_backlinkcCs t|j d¡ƒ}| d|||j|j ¡f¡| d|d¡sP| d|¡dSt ¡}|j|_t t |ƒtj |¡|d<|  |gd¢d |¡rœ| d |¡dS) z"handle a incorrect RMD_FLAGS valueÚ RMD_FLAGSzHERROR: incorrect RMD_FLAGS value %u for attribute '%s' in %s for link %szFix incorrect RMD_FLAGS %urGz!Not fixing incorrect RMD_FLAGS %uNræ)ržrŸúshow_deleted:0z$Failed to fix incorrect RMD_FLAGS %uzFixed incorrect RMD_FLAGS %u) r‰rr©r“rÿr¨r]r­r®rrÎr°)rŠrrËZ revealed_dnÚ rmd_flagsrÈrrrÚerr_incorrect_rmd_flagsCs ÿzdbcheck.err_incorrect_rmd_flagsc Cs¶|dur4| |||¡r4| dd||||f¡dS| d||||f¡| d|d¡sl| d|¡dSt ¡}||_t |tj|¡|d <| |d d gd |¡r²| d |¡dS)z handle a orphaned backlink valueTz*WARNING: Keep orphaned backlink attribute z"'%s' in '%s' for link '%s' in '%s'Nz?ERROR: orphaned backlink attribute '%s' in %s for link %s in %szRemove orphaned backlink %srBz!Not removing orphaned backlink %srržr¡z"Failed to fix orphaned backlink %szFixed orphaned backlink %s) Úhas_duplicate_linksr“r¨r]r­rr®rÎr°) rŠZobj_dnÚ backlink_attrZ backlink_valrÚ forward_attrÚforward_syntaxÚcheck_duplicatesrÈrrrÚerr_orphaned_backlinkQs$ÿÿ ÿzdbcheck.err_orphaned_backlinkcCs¶| d||jf¡| d|d¡s<| d||jf¡dSt ¡}|j|_t |tj|¡|d<| |dtj gd|¡r²| d |¡d t |jƒ|f}||j vs¨J‚d |j |<dS) zhandle a duplicate links valuezPRECHECK: 'Missing/Duplicate/Correct link' lines above for attribute '%s' in '%s'zDCommit fixes for (missing/duplicate) forward links in attribute '%s'rFzPNot fixing corrupted (missing/duplicate) forward links in attribute '%s' of '%s'Nrrúz/Failed to fix duplicate links in attribute '%s'z'Fixed duplicate links in attribute '%s'r£F) r“rr¨r]r­r®r¯r°rZ(DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKSrrE)rŠrr Z forward_valsrÈÚduplicate_cache_keyrrrÚerr_recover_forward_linkses ÿÿz!dbcheck.err_recover_forward_linkscCsÌ| d|j¡|jjdtjdgd}t|ƒdks6J‚t|dddƒ}| d|j|fd¡sx| d |j|f¡d St  ¡}|j|_t  |tj d ¡|d <|  |gd |j|f¡rÈ| d|j|f¡d S)zhandle a missing fSMORoleOwnerz*ERROR: fSMORoleOwner not found for role %srÚ dsServiceName)r"r#r(rz8Seize role %s onto current DC by adding fSMORoleOwner=%srJz>Not Seizing role %s onto current DC by adding fSMORoleOwner=%sNÚ fSMORoleOwnerrzBFailed to seize role %s onto current DC by adding fSMORoleOwner=%sz9Seized role %s onto current DC by adding fSMORoleOwner=%s) r“rr.rqr]rrrrr¨r­r®rÕr°)rŠrr‹Z serviceNamerÈrrrÚerr_no_fsmoRoleOwnerxs ÿ ÿzdbcheck.err_no_fsmoRoleOwnerc Csb| d|j¡| d|jd¡s6| d|j¡dSd}|j ¡zä|j |j¡}|j |tj¡}t   |jt |jƒ¡}|  t |ƒd¡| |j||dd gd |j||f¡r&| d |j||f¡t  ¡}|j|_t  t |j ¡ƒt jd ¡|d <| |gd ||¡r&| d||¡d}Wn|j ¡‚Yn0|rT|j ¡n |j ¡dS)zhandle a missing parentz%ERROR: parent object not found for %sz!Move object %s into LostAndFound?rKz&Not moving object %s into LostAndFoundNFr(rr¡z2Failed to rename object %s into lostAndFound at %sz)Renamed object %s into lostAndFound at %sZlastKnownParentz:Failed to set lastKnownParent on lostAndFound object at %sz0Set lastKnownParent on lostAndFound object at %sT)r“rr¨r.Útransaction_startrãr€rZDS_GUID_LOSTANDFOUND_CONTAINERr]r^rÚremove_base_componentsrrÉr­r®Úparentr¯r°Útransaction_cancelÚtransaction_commit)rŠrZkeep_transactionrîZlost_and_foundÚnew_dnrÈrrrÚerr_missing_parent‰s: ÿ ÿ  zdbcheck.err_missing_parentc CsÎt |jt|ƒ¡}| t|ƒd¡| ¡}d} ||krH| d||f7} | d|7} | d|j| |f¡|  d|j|fd¡s˜| d|j|f¡d S|  |j|||d |j|f¡rÊ| d |j|f¡d S) zhandle a wrong dnr(rz%s=%r zname=%rz!ERROR: wrong dn[%s] %s new_dn[%s]zRename %s to %s?rRzNot renaming %s to %sNz"Failed to rename object %s into %szRenamed %s into %s) r]r^r.rrrrr“rr¨rÉ) rŠrrÚrdn_attrZrdn_valÚname_valr’Znew_rdnZ new_parentZ attributesrrrÚ err_wrong_dn¬s  ÿzdbcheck.err_wrong_dncCs´| d|d|j|f¡| d|d||jfd¡sT| d|d||jf¡dSt ¡}|j|_t t|ƒtjd¡|d<| |dt j gd |j|f¡r°| d |j|f¡dS) zhandle a wrong instanceTypez0ERROR: wrong instanceType %s on %s, should be %dÚ instanceTypez(Change instanceType from %s to %d on %s?rLz-Not changing instanceType from %s to %d on %sNrr¿zGFailed to correct missing instanceType on %s by setting instanceType=%dz7Corrected instancetype on %s by setting instanceType=%d) r“rr¨r]r­r®rr¯r°rÚ&DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA)rŠrÚcalculated_instancetyperÈrrrÚerr_wrong_instancetypeÁs ÿzdbcheck.err_wrong_instancetypecCs"| d|j|j |j¡f¡dS)NzÌERROR: incorrect userParameters value on object %s. If you have another working DC that does not give this warning, please run 'samba-tool drs replicate --full-sync --local %s'©r“rr.rã)rŠrrËrrrrÚerr_short_userParametersÏsz dbcheck.err_short_userParameterscCs’| d||jf¡| d|jd¡s:| d|j¡dSt ¡}|j|_t t||dƒtjd¡|d<| |gd |j¡rŽ| d |j¡dS) úhandle a wrong userParameterszNERROR: wrongly formatted userParameters %s on %s, should not be base64-encodedz2Convert userParameters from base64 encoding on %s?rSz6Not changing userParameters from base64 encoding on %sNrÚuserParametersrzOFailed to correct base64-encoded userParameters on %s by converting from base64zGCorrected base64-encoded userParameters on %s by converting from base64) r“rr¨r]r­r®rr¯r°©rŠrrËrrÈrrrÚerr_base64_userParametersÓs ÿz!dbcheck.err_base64_userParameterscCs–| d|j¡| d|jd¡s6| d|j¡dSt ¡}|j|_t ||d d¡ d¡tjd ¡|d <|  |gd |j¡r’| d |j¡dS) r&zOERROR: wrongly formatted userParameters on %s, should not be psudo-UTF8 encodedz0Convert userParameters from UTF8 encoding on %s?rTz4Not changing userParameters from UTF8 encoding on %sNrr$ú utf-16-ler'rzQFailed to correct psudo-UTF8 encoded userParameters on %s by converting from UTF8zICorrected psudo-UTF8 encoded userParameters on %s by converting from UTF8© r“rr¨r]r­r®rÚencoder¯r°r(rrrÚerr_utf8_userParametersásÿÿzdbcheck.err_utf8_userParameterscCs–| d|j¡| d|jd¡s6| d|j¡dSt ¡}|j|_t ||d d¡ d¡tjd ¡|d <|  |gd |j¡r’| d |j¡dS) r&zQERROR: wrongly formatted userParameters on %s, should not be double UTF16 encodedz:Convert userParameters from doubled UTF-16 encoding on %s?rUz>Not changing userParameters from doubled UTF-16 encoding on %sNrr*r$r'rzJFailed to correct doubled-UTF16 encoded userParameters on %s by convertingzBCorrected doubled-UTF16 encoded userParameters on %s by convertingr+r(rrrÚerr_doubled_userParametersðs ÿÿz"dbcheck.err_doubled_userParameterscCs"| d|j|j |j¡f¡dS)NzÙERROR: incorrect userParameters value on object %s (odd length). If you have another working DC that does not give this warning, please run 'samba-tool drs replicate --full-sync --local %s'r$)rŠrrËrrrÚerr_odd_userParameters szdbcheck.err_odd_userParametersc Csn|jj|tj|ggd¢d}|j |¡}|d|D]4}t|j| d¡|ƒ}|j  d¡}||kr4|Sq4dS)z#return a revealed link in an object)rr¢rŸr‘rr$r N) r.rqr]rrr/Ú#get_syntax_oid_from_lDAPDisplayNamer rrr©) rŠrrËr±r‹Ú syntax_oidr×r³Zguid2rrrÚfind_revealed_linksÿ   zdbcheck.find_revealed_linkcCsd}tƒ}tƒ}|d@r"|||fS|dur4|||fSdt|jƒ|f} | |jvrZd|j| <||D]} t|j|  d¡|ƒ} | j d¡} | dur’qbtt  | ¡ƒ} | | j }||vr¼| ||<qb|d7}||vrðtƒ||<d||d<t ƒ||d <t ||j d ¡ƒ}t | j d ¡ƒ}||krB||||d<||d   | ¡qb||krx| ||d<||d   ||¡| ||<qbt ||j d ¡ƒ}t | j d ¡ƒ}||krÊ||||d<||d   | ¡qb| ||d<||d   ||¡| ||<qb|dkr d |j| <|||fS) ú1check a linked values for duplicate forward linksrr(Nr£Fr$r ÚkeeprÂÚ RMD_VERSIONÚ RMD_LOCAL_USNT)rDrrrEr r.rr©rr ràrÜr‰rƒ)rŠrr rÚforward_linkIDr r™Úduplicate_dictÚ unique_dictrr×r³r±ÚguidstrÚkeystrZv1Zv2Zu1Zu2rrrÚcheck_duplicate_linkss`                zdbcheck.check_duplicate_linksc CsÚd}dt|ƒ|f}||jvr(|j|S| |¡\}}|g}ddg} z|jjt|ƒtj|| d} Wn>tjy } z$| j\} } | tj krŠ‚WYd} ~ dSd} ~ 00| d}|  |||||¡\}}}||jvrÖ|j|SdS)r3rr£rrŸr‘NF) rrErÍr.rqr]rrrtrurvr<)rŠrr rr™rr7r r#r’r‹Ze8rŒrrr8r9rrrr [s,  ÿ   ÿ  zdbcheck.has_duplicate_linksc Csg}d}|dur||fS|tjkr8| d|¡||fSd|jvrT| d¡||fSzH|dd}tttj|ƒƒ} d|| f} |jj | tj dggd¢d } Wn2tj yÎ} z| j \} }‚WYd} ~ n d} ~ 00| D]<}t |j|j ¡|ƒ}|j d ¡}tt |¡ƒ}||vrqÔttj|d dƒ}|jjD]&}|j}|j}|jtjkr0qXq0t d ¡}d }|}|}d}|}|}|}d}|j dt|ƒ¡|j dt|ƒ¡|j dt|ƒ¡|j dt|ƒ¡|j dt|ƒ¡|j dt|ƒ¡|j dt|ƒ¡|d 7}| |¡qÔ||fS)zMFind all backlinks linking to obj_guid_str not already in forward_unique_dictrNz5Not checking for missing forward links for syntax: %sZ sortedLinkszQNot checking for missing forward links because the db has the sortedLinks featureÚ objectGUIDz(%s=))rúsearch_options:1:2zpaged_results:1:1000)r'r"r#r’r ÚreplPropertyMetadataz$ffffffff-4700-4700-4700-000000b13228r(Z RMD_ADDTIMEZRMD_CHANGETIMErZ RMD_INVOCIDZRMD_ORIGINATING_USNr6r5)r]Ú SYNTAX_DNr“r,rrrr r.rqÚ SCOPE_SUBTREErtrur rrÿr©r ÚreplPropertyMetaDataBlobÚctrÚarrayÚ local_usnÚoriginating_change_timeÚattidrZDRSUAPI_ATTID_objectClassrr rƒ) rŠrr rr Zforward_unique_dictÚmissing_forward_linksr™Úobj_guidZ obj_guid_strÚfilterr‹Ze9rŒrÚrrr±r:Úreplr²rEÚtZoriginating_invocidÚoriginating_usnZ rmd_addtimeZrmd_changetimer Z rmd_invocidZrmd_originating_usnZ rmd_local_usnZ rmd_versionrrrÚ)find_missing_forward_links_from_backlinks|sp ÿ    þ      ÿ   z1dbcheck.find_missing_forward_links_from_backlinksc5 Cs d}|dd}| |¡\}}|dur4|j |¡}nd}|dv} | rP|jrPi} n| |||||¡\}} } t| ƒdkrª| ||||| ¡\} } || 7}dd„|  ¡Dƒ}| dkrÄ| d||j f¡n| d||j f¡| D]R}| d |¡|  d |d ¡s$|j |j ||j   ¡|j ||d d qÜ||g7}qÜ|   ¡D]>}| |}|dD]}| d|¡qL| d|d¡q8dd„t|ƒDƒ}| |||¡t |d|¡||<||D]f}t|j| d¡|ƒ}|j  d¡}|dur|d7}| |j |||d¡q²tt |¡ƒ}ddg}t|ƒ ¡dkrH|j |jkrHd}| d¡nd }|dur`| |¡z"|jjd|tj|gd¢d}Wndtjyæ}zH|j \}}|tj!kr®‚|| "|j |||¡7}WYd}~q²WYd}~n d}~00|rTdt#|dddƒ|_$d t#|dddƒ|_%t|ƒt|ƒkrT|d7}| &|j |||d!¡q²d|vott|ddƒ '¡d"k}d|dvožt|dddƒ '¡d"k}|rÖ|j |j(vrÖ|rÖ| )|||¡|d7}q²nÞ|r´| *|¡s´|r´|d7}|j  d#¡} | r”d|dvr”t+t,j-|dd$dƒ}!d }"|!j.j/D]2}#|#j0t1j2kr:|#j3}$|$t#| ƒkr:d}"qnq:|"r”| 4|j ||||dj d¡q²| 4|j ||||dj d ¡q²|j  d%¡}%d}&|%durÖt#|%ƒ}&|&d@s,|dur,t|dj ƒt|j ƒkr,|d7}| 5|j ||||dj d&¡q²|dj  d¡|j  d¡krr|d7}| 5|j ||||dj d¡q²|dj  d'¡}'|j  d'¡}(|(durÂ|'durÂ|d7}| 6|j ||||'¡q²|(|'krô|d7}| 5|j ||||dj d'¡q²|durP|dkr²t|dj ƒt|j ƒkr²|j$|j  7¡})| 8|j ||)||dj ¡q²| rb|jrbq²d}*||dvrè|d|D]f}+t|j|+ d¡ƒ},|,j  d¡}-|,j  d%¡}.d}/|.durÄt#|.ƒ}/|/d@rÒq€|-|kr€|*d7}*q€|*dkrb|t9j:ks |t9j:krb|d@sbd}0||D]2}1t|j|1 d¡ƒj  d¡}2|2|kr |0d7}0q |*|0krbq²d}3||D]f}+t|j|+ d¡ƒ},|,j  d¡}-|,j  d%¡}.d}/|.dur²t#|.ƒ}/|/d@rÀqn|-|krn|3d7}3qn|*|3kräq²|3|*}4|d@rN|*dkr$|d7}|  |j |||j ||¡q²| d(||3t|j ƒ||*t|j ƒf¡q²|rXJ‚| d)||3t|j ƒ||*t|j ƒf¡|4dkr²|d7}|4dkrê|*dks®|4dkrÆ| d*t|j ƒ¡q²| ;|||j   ¡||j ¡|4d8}4n*|  |dj ||j   ¡|j ||¡|4d7}4q~q²|S)+z$check a DN attribute for correctnessrr=N)ÚmemberZmemberOfcSsg|]}|‘qSrr©Ú.0rrrrÚ þóz$dbcheck.check_dn..zKERROR: Missing and duplicate forward link values for attribute '%s' in '%s'z?ERROR: Duplicate forward link values for attribute '%s' in '%s'zMissing link '%s'z7Schedule readding missing forward link for attribute %srCF)rrÂzDuplicate link '%s'zCorrect link '%s'r4cSsg|] }t|ƒ‘qSr©rrQrrrrSrTr$r r(z missing GUIDÚ isDeletedÚreplPropertyMetaDatazmsds-hasinstantiatedncsTr ú )rržrŸr‘z B:8:%08X:z%08Xz(incorrect instanceType part of Binary DNÚTRUEr6r?rÚstringrþzHWARNING: Link (back) mismatch for '%s' (%d) on '%s' to '%s' (%d) on '%s'zIERROR: Link (forward) mismatch for '%s' (%d) on '%s' to '%s' (%d) on '%s'z5ERROR: Can't fix missing multi-valued backlinks on %s)ržr‘)r¡r¤ržú'Failed to fix metadata for attribute %szFixed metadata for attribute %sN)rrrr r]r^r.rqrrr­rr®r¯r°r“)rŠrÚattrÚguid_strrr‹r¶ÚnmsgrrrÚ fix_metadata6sÿÿ ÿzdbcheck.fix_metadatacCs€|jtj@rdSd}|jtjkr&d}n4|jtjkr8d}n"|jtjkrJd}n|jtjkrZd}|sbdS|jjtj @stdSt |jj ƒS)NFT) Úflagsr ZSEC_ACE_FLAG_INHERIT_ONLYÚtypeZ"SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECTZ!SEC_ACE_TYPE_ACCESS_DENIED_OBJECTZ SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECTZ SEC_ACE_TYPE_SYSTEM_ALARM_OBJECTršZ%SEC_ACE_INHERITED_OBJECT_TYPE_PRESENTrZinherited_type)rŠÚaceZcheckrrrÚ ace_get_effective_inherited_typeFs      z(dbcheck.ace_get_effective_inherited_typecCs\||jvr|j|Sd|}|jj|j|dgd}tttj|dddƒƒ}||j|<|S)Nz0(&(ldapDisplayName=%s)(objectClass=classSchema))Z schemaIDGUID)r!r'r#r)rfr.rqrbrrrr )rŠÚclsZfltr‹rMrrrÚlookup_class_schemaIDGUID\s   þ z!dbcheck.lookup_class_schemaIDGUIDc Csdd}||}ttj|dƒ}d|vo:t|ddƒ ¡dk}|rH|dfSt ¡}|j|_|j|_|j|_|j|_d}d} g} |j durŽ|j j } t dt | ƒƒD]R} | | } | j tj@sÀ| | ¡qœ| | ¡} | durÔqœ| durê| | krœd}qœ| } qœg} |jdur|jj } t dt | ƒƒD]b} | | } | j tj@s>| | ¡q| | ¡} | durVq| durr| | krd}q| } q|rˆ||fS| durš|dfSd}z|dd}Wn&tyÔ}z WYd}~n d}~00|dur@|jj|tjddgd gd }|d}d|vo$t|ddƒ ¡dk}|r4|dfS|dd}| |¡} | | kr\||fS|dfS) NÚnTSecurityDescriptorrrVrYFTÚ objectClassrêržr‘)rr Ú descriptorrr^Ú owner_sidÚ group_sidrwZrevisionZsaclÚacesrÔrrvZSEC_ACE_FLAG_INHERITED_ACEZsacl_addryZdaclZdacl_addr~r.rqr]rrr{)rŠrrÚsd_attrÚsd_valÚsdraZsd_cleanZbrokenZlast_inherited_typerrÙrxrMrzrïr‹r²rrrÚ process_sdisˆ              þ"   zdbcheck.process_sdcCs’d}t|ƒ}tjtjB}| d||fd¡sB| d||f¡dSt ¡}||_t  |tj |¡||<|  |d|gd|¡rŽ| d||f¡dS) z/re-write the SD due to incorrect inherited ACEsr|z Fix %s on %s?rHúNot fixing %s on %s Nú sd_flags:1:%dúFailed to fix attribute %súFixed attribute '%s' of '%s' ) r r Ú SECINFO_DACLÚ SECINFO_SACLr¨r“r]r­rr®r¯r°)rŠrr„Ú sd_brokenr‚rƒÚsd_flagsrtrrrÚ err_wrong_sdÒs ÿzdbcheck.err_wrong_sdc Cs¼d}t|ƒ}tjtjB}|jdur,|tjO}|jdur@|tjO}| d|||fd¡sl|  d||f¡dSt   ¡}||_ t   |t j|¡||<| |d|gd|¡r¸|  d||f¡dS) zare-write the SD due to not matching the default (optional mode for fixing an incorrect provision)r|Nz,Reset %s on %s back to provision default? %sr[zNot resetting %s on %s r‡zFailed to reset attribute %sr‰)r r rŠr‹rÚ SECINFO_OWNERr€Ú SECINFO_GROUPr¨r“r]r­rr®r¯r°) rŠrr„Zsd_oldÚdiffr‚rƒrrÈrrrÚerr_wrong_default_sdãs"     ÿzdbcheck.err_wrong_default_sdcCs®d}t|ƒ}tjtjB}| d||fd¡sB| d||f¡dSt ¡}||_t  |tj |¡||<|j   |j ¡| |d|gd|¡rœ| d||f¡|j   |j¡dS) z/re-write the SD due to a missing owner or groupr|z'Fix missing owner or group in %s on %s?rIz+Not fixing missing owner or group %s on %s Nr‡rqr‰)r r rrr¨r“r]r­rr®r¯r.Zset_session_inforyr°rw)rŠrr„r‚rƒrrtrrrÚerr_missing_sd_ownerøs  ÿzdbcheck.err_missing_sd_ownerc Cs|jr dS||jvrdSttj|ƒ}| |tj¡}t  |j ¡}t   ¡}|j d}||}||krddS||} |d} | dkr¨|  d|¡|  dt  | ¡|df¡n&|  d|¡|  dt  | ¡| f¡|  d |j|j|j|j|jt  t  |j ¡¡f¡|jd 7_d S) NFé€Qéz`SKIPPING additional checks on object %s which very recently became an expired tombstone (normal)zbINFO: it is expected this will be expunged by the next daily task some time after %s, %d hours agoiz+SKIPPING: object %s is an expired tombstonezTINFO: it was expected this object would have been expunged soon after%s, %d days agozHisDeleted: attid=0x%08x version=%d invocation=%s usn=%s (local=%s) at %sr(T)rYr{rr rBrerr_ÚsambaÚ nttime2unixrFÚtimer*r“ÚctimerGÚversionÚoriginating_invocation_idrNrErZ) rŠrÚrepl_valrLrVÚ delete_timeZ current_timeÚtombstone_deltar´Z expunge_timeZ delta_daysrrrÚis_expired_tombstonesF    þý ýúzdbcheck.is_expired_tombstonec Csœttj|ƒ}| |tj¡}t |j¡}|j d}g}|j j D]V}|j tjkrNq<|j |j kr\q<|j|jkrjqzA%s: attid=0x%08x version=%d invocation=%s usn=%s (local=%s) at %s)r/rirGr~r“ršr›rNrEr˜r™r–r—rF)r²Úattname©rŠrrÚ report_attidts  ûz8dbcheck.has_changes_after_deletion..report_attidz,ERROR: object %s, has changes after deletionT)r¡rr“)rŠrrœr rVr¥r²rr¤rÚhas_changes_after_deletionos   z"dbcheck.has_changes_after_deletionc Cs| |¡\}}| |j¡}| ¡}|jj||d}g}|D]f} | j|krJq:| jtjkrXq:| jtj krfq:z|j  | j¡} Wnt y”d| j} Yn0|  | ¡q:t |ƒdkrÐ| dd |¡¡| d¡dS| d||jfd¡sô| d¡dS| |d gd |¡r| d |¡dS) Nrgr¢rzUnexpeted attributes: %srz%Not fixing changes after deletion bugz6Delete broken tombstone object %s deleted %s days ago?rlr¡rárâ)r¡rhrbÚ get_rdn_namer/rjrGrZDRSUAPI_ATTID_nameZDRSUAPI_ATTID_lastKnownParentrir~rƒrr“rÞr¨r*rÅ) rŠrrœr rVrmrZ rdn_attidZ unexpectedr²r£rrrÚerr_changes_after_deletionˆsD ÿ       ÿÿ  ÿz"dbcheck.err_changes_after_deletionc Cslttj|ƒ}|j}d}|jD]J}|jt d¡kr2qd}| d||j |j t   t  |j¡¡|j ¡f¡q|S)NFú$00000000-0000-0000-0000-000000000000Ta ERROR: on replPropertyMetaData of %s, the instanceType on attribute 0x%08x, version %d changed at %s is 00000000-0000-0000-0000-000000000000, but should be non-zero. Proposed fix is to set to our invocationID (%s).)rr rBrCrDr›rr r“rGršr˜r™r–r—rFr.Úget_invocation_id)rŠrÚrepl_meta_datarLrCr r²rrrÚ"has_replmetadata_zero_invocationid¬s ÿ  þýz*dbcheck.has_replmetadata_zero_invocationidc Cs,ttj|ƒ}|j}t tt ¡ƒ¡}d}|jD]X}|j t   d¡krDq.d}|j   tj¡} |jd|_||_t   |j  ¡¡|_ | |_| |_q.|r(t|ƒ} t ¡} || _| d|||j  ¡fd¡sÖ| d||f¡dSt ¡} || _t | tj|¡| |<| | dtjd gd |¡r(| d ||f¡dS) NFr©Tr(zZFix %s on %s by setting originating_invocation_id on some elements to our invocationID %s?rMz6Not fixing zero originating_invocation_id in %s on %s r¿ú#local_oid:1.3.6.1.4.1.7165.4.3.14:0rˆr‰)rr rBrCr–Z unix2nttimer‰r˜rDr›rr r.Zsequence_numberr]ZSEQ_NEXTršrFrªrNrEr r­rr¨r“r®r¯r°rr!) rŠrrrr«rLrCZnowr r²ÚseqÚreplBlobr¶rtrrrÚ"err_replmetadata_zero_invocationidÀsHÿ  ÿÿÿþz*dbcheck.err_replmetadata_zero_invocationidc Csbttj|ƒ}|j}|jD]D}z|j |j¡}WqtyZ|  d|j||f¡YdS0qdS)NzIERROR: attributeID 0X%0X is not known in our schema, not fixing %s on %s ) rr rBrCrDr/rirGr~r“)rŠrrrr«rLrCr²rnrrrÚerr_replmetadata_unknown_attidåsÿ  z&dbcheck.err_replmetadata_unknown_attidc sættj|ƒ}d}tƒ}tƒ‰i}| |j¡} |j} t| jdd…dd„d| _t | jƒD]ú} t d|| j fƒ|j   | j ¡} |  ¡|vr<| d| ||f¡| d||| j | || j fd¡sÞ| d | j | ||f¡dSd }ˆ | j ¡| j|| jkrX| j|| _| j|| _| j|| _| j|| _| j|| _qX| || <| |  ¡¡qX‡fd d „| jDƒ} t|ƒd kr2| D]} | j |vrz|j   | j ¡} |j j| | d}| d||f¡| d||| j | || j fd¡sþ| d| j || ||f¡dSd }|| _ qz|r2t| dd…dd„d| dd…<|sv| d||f¡| d||fd¡sv| d||f¡dSt| ƒ| _| | _t|ƒ}t ¡}||_t |tj|¡||<|  |dt!j"ddgd|¡râ| d||f¡dS)NFcSs|jSrÊ©rG©r²rrrÚrTz:dbcheck.err_replmetadata_incorrect_attid..)Úkeyz %s: 0x%08xz7ERROR: duplicate attributeID values for %s in %s on %s zLFix %s on %s by removing the duplicate value 0x%08x for %s (keeping 0x%08x)?rNz5Not fixing duplicate value 0x%08x for %s in %s on %s Tcsg|]}|jˆvr|‘qSrr²)rRr²©Z remove_attidrrrS&rTz.rrgz0ERROR: incorrect attributeID values in %s on %s zEFix %s on %s by replacing incorrect value 0x%08x for %s (new 0x%08x)?rOzANot fixing incorrect value 0x%08x with 0x%08x for %s in %s on %s cSs|jSrÊr²r³rrrr´7rTz/ERROR: unsorted attributeID values in %s on %s z+Fix %s on %s by sorting the attribute list?rPr†r¿r­z#local_oid:1.3.6.1.4.1.7165.4.3.25:0rˆr‰)#rr rBrmrhrbrCr\rDÚreversedrµrGr/rir]r“r¨r–rEršrFr›rNrrjÚcountr r]r­rr®r¯r°rr!)rŠrrrr«rlrLr1rkZhash_attrmrCr²rnZnew_listror¯rtrr¶rÚ err_replmetadata_incorrect_attidñsšÿ ÿþ ÿ       ÿÿÿ  ÿÿ þýz(dbcheck.err_replmetadata_incorrect_attidcCsˆd}d|vr | d|j¡d}d|vs@t|ddƒ ¡dkrT| d|j¡d}d |vrp| d |j¡d}d |vst|d dƒ ¡dkr¤| d |j¡d}d |vrÀ| d|j¡d}d|vrôt|ddƒ ¡dkrô| d|j¡d}d|vsERROR: description not present on Deleted Objects container %sTÚshowInAdvancedViewOnlyrÚFALSEzIERROR: showInAdvancedViewOnly not present on Deleted Objects container %sÚobjectCategoryzAERROR: objectCategory not present on Deleted Objects container %sÚisCriticalSystemObjectzIERROR: isCriticalSystemObject not present on Deleted Objects container %sÚ isRecycledz9ERROR: isRecycled present on Deleted Objects container %srVz8ERROR: isDeleted not set on Deleted Objects container %sr}r•Útopr(Ú containerzBERROR: objectClass incorrectly set on Deleted Objects container %sÚ systemFlagsú -1946157056zBERROR: systemFlags incorrectly set on Deleted Objects container %s)r“rrr^r)rŠrZfaultyrrrÚis_deleted_deleted_objectsPs<   ÿþ z"dbcheck.is_deleted_deleted_objectscCs2t ¡}|j|_}d|vr0t dtjd¡|d<d|vrLt dtjd¡|d<d|vrnt d|jtjd¡|d<d|vrŠt dtjd¡|d<d|vr¦t dtjd¡|d<t dtjd ¡|d <t d tjd ¡|d <t d d gtjd¡|d<| d|d¡s | d|¡dS|  |dgd|¡r.| d|¡dS)NrºzContainer for deleted objectsr»rYr½zCN=Container,%sr¾r¿rVrÃrÂrÀrÁr}zAFix Deleted Objects container %s by restoring default attributes?rQú.Not fixing missing/incorrect attributes on %s r¡z+Failed to fix Deleted Objects container %sz%Fixed Deleted Objects container '%s' ) r]r­rr®r¯rbrÎr¨r“r°)rŠrrtrrrrÚerr_deleted_deleted_objectsns4 ÿÿ ÿz#dbcheck.err_deleted_deleted_objectscCs¤t ¡}||_|j ¡}|j ¡r:| d||jf¡dS| d|jd¡s`| d|j¡dSt |tj |¡||<|  |gd||jf¡r | d||jf¡dS)NzNot fixing %s %s for the RODCz-Add yourself to the replica locations for %s?rjrÅzFailed to add %s for %szFixed %s for %s) r]r­rr.rdÚam_rodcr“r¨r®rÕr°)rŠrZ cross_refrrrtÚtargetrrrÚerr_replica_locationsŠs   ÿÿzdbcheck.err_replica_locationscCsL||jjkrdS||jkrdS||jkr,dS||jkr:dS||jkrHdSdS)NTF)r.r_r`rarbrcrärrrÚ is_fsmo_roleœs     zdbcheck.is_fsmo_rolec Csºd}|j |¡}||krŠ|tjO}z |jj| ¡tjgdgdWn<tjy~}z"|j \}}|tj krj‚WYd}~nd}~00|tj O}|j dur¶t |ƒdd„|j Dƒvr¶|tjO}|S)Nrržr‘cSsg|] }t|ƒ‘qSrrU)rRÚxrrrrS·rTz2dbcheck.calculate_instancetype..)r.rãrZINSTANCE_TYPE_IS_NC_HEADrqrr]rrrtrurvZINSTANCE_TYPE_NC_ABOVErzrZINSTANCE_TYPE_WRITE)rŠrÚ instancetyperîZe4rŒrrrrÚcalculate_instancetypeªs      " zdbcheck.calculate_instancetypecCsJ|jD]:\}}||krt |j ¡¡}ttj|||jdƒSqt‚dS)N)rp) rgr rsr.rxrr~rpr~)rŠrZsd_dnZ descriptor_fnZ domain_sidrrrÚget_wellknown_sd¼sÿÿ zdbcheck.get_wellknown_sdc> Cs€|jr| d|¡|dur$dg}nt|ƒ}dttj|ƒvrF| d¡dttj|ƒvr`| d¡t| ¡ƒ ¡ttj|ƒvr†| d¡dttj|ƒvr¸| | ¡¡| d¡| d¡d }d|vrÊd }n4|D].}| |¡\}}|d krêqÎ|d @rôqÎd }qþqÎ|r| d ¡| d¡zTd }|t j O}|t j O}|t j O}|t j O}|jj|tjdddd|dg|d}WnrtjyÞ} zV| j\} } | tjkrÈ|jrº| d|¡WYd} ~ d SWYd} ~ d S‚WYd} ~ n d} ~ 00t|ƒd kr| d|¡d S|d } d } tƒ}tƒ}d }|j | j¡}z|j |tjj¡}WntyXd}Yn0d}d}d}d }d }d}| D]r}t|ƒ ¡dkr¦t| |d ƒdkr¦d }t|ƒ ¡dkrÈt| |d ƒ}t|ƒ ¡dkrv| |d }qv|r.|r.|  ||¡r| d 7} | !||¡| S| "||¡r.| S| D]*}|dks2|dkrPq2t|ƒ ¡dkrfd }t|ƒ ¡dkrÆt| |ƒd kr¶| d 7} | dt| |ƒ|t| jƒf¡nt| |d ƒ}t|ƒ ¡t| j ¡ƒ ¡kr8|}t| |ƒd kr(| d 7} | dt| |ƒ|t| jƒf¡nt| |d ƒ}t|ƒ ¡dkrR| #|| |d ¡r~| d 7} | $||| |d ¡z| %|| |d ¡\}}}Wn4tyÐ| d 7} | &||| |¡Yq2Yn0t|ƒt|ƒkst|ƒd kst'|ƒ|kr"| d 7} | (||| |d |¡n,|d d kr2| d 7} | d|t|ƒf¡q2t|ƒ ¡dkrP| )|| ¡\}}|dur˜| *|||¡| d 7} q2|j+dus°|j,durÈ| -||¡| d 7} q2|j.r2z| /|¡}WntyøYq2Yn0t0t j1| |d ƒ}t2||t  3|j 4¡¡ƒ} | d kr2| 5|||| ¡| d 7} q2q2t|ƒ ¡dkrÜ|j 6|j7|| |¡}!t'|!ƒt'| |ƒksº|!d | |d ksº|!d!| |d!kr2| 8||t| |ƒ¡| d 7} q2t|ƒ ¡d"krèt| |d ƒd kr<| |d d d#kr<| d 7} | 9| || |¡q2n¬| |d dd$…d%kr^q2nŠ| |d dd&…d'krš| d 7} | :| || |¡q2nN| |d d d kr(| |d d(d kr(| |d d)d kr(| |d d*d kr(| |d d+d kr(| d 7} | ;| || |¡q2nÀt| |d ƒd,d kr\| d 7} | <| |¡q2nŒ| |d d d krè| |d d,d krè| |d d(d krè| |d d-d krè| |d d)d krè| d 7} | =| || |¡q2| ¡d.k s| ¡d/k rT| |d |j>v r@| d 7} | d0|| j| |d f¡n|j> ?| |d ¡| |D](}"|"d1k r\| @||¡| d 7} q\ q\z|j7 A|¡}#WnHtB yÞ}$z.| C| |¡| d 7} WYd}$~$q2WYd}$~$n d}$~$00| |¡\}}%|j7 D|¡}&|&tjE@ s*|&tjF@ s*| s*| ?t|ƒ ¡¡|#tjGtjHtjItjJfv rX| | K| ||#¡7} n¬tƒ}'| |D]`}"|' ?|"¡|j 6|j7||"g¡}!t|!ƒd k s¤|!d |"k rf| L||| |¡| d 7}  qÈ qft| |ƒt|'ƒk r| M||| |t|'ƒ¡| d 7}  q`t|ƒ ¡d2kr2| N|¡}(t| d3ƒd k sHt| d3d ƒ|(kr2| d 7} | O| |(¡q2| s”d|v s‚dttj|ƒv r”| d 7} | P|¡d|v s°dttj|ƒv r|du rÖ| d 7} | d4t| jƒ¡|du r| d 7} | d5| j ¡t| jƒf¡|du rìd})dd6g}*| rD|tjjQ@ s4|})|*d7tjRg7}*|)du rX| j S¡})t T|jd8|)¡}+|+ Ud | j ¡|¡| j|k r| j}+|+| jk rº| d 7} | V| |+||||*¡n2| j W¡|k rì| d 7} | d9||t| jƒf¡d },| rö| j|k r†d:}-d;}.| X||-¡}/|/|.k r†| Ydtj\d¡|0d<| d 7} |jj]|0d?gd@n| dAt|ƒ¡| ^|¡D]d}1|, r¬| dB|¡d },| d 7} | dC|1¡| YdD|1dE¡ sæ| dF|1¡ q| _| |1¡ q| `|¡r:dG| vr:d|vs(dHttj|ƒvr:| a| ¡| d 7} zD||j b¡kr|t| S¡ƒ|jcvr||jj| S¡tjddgdI}Wnvtjyô}2zZ|2j\} } | tjkrÞ|rÊ| dJ| j¡| dK¡n| d| ¡| d 7} n‚WYd}2~2n d}2~200||jevr*d|vr*| f| ¡r*| g| ¡| d 7} |jhD]¢\}3}$||3kr0dL| vr0dM}4|j i¡r`dN}4|4|$vr†| j| |$j|4¡| d 7} q0d }5|$|4D]}6t|6ƒ|j k¡kr’d }5q’|5s0| j| |$j|4¡| d 7} q0||jlkrtd|vsôdO|vrtdO| vrt| d 7} |jmrZ| YdPdQ¡rt|j n¡z|j o¡Wn|j p¡‚Yn0|j q¡n|j i¡st| dR|¡||jrkr||jj|jrtjgdS¢dT}dU|d vrÂ| dV|¡| d 7} nºt|d dUd ƒ}7dW|7@d#?}8dX|7@}9|8|9kr| dY|9|8|9|8f¡| d 7} dZ|d vr6t|d dZd ƒ}:nd }:|:d krJ|9}:n|:d 7}:|:|8kr|d[|j 4¡|:f};z|jjd\|;tjgdT}WnDtjyÎ}<z(|z4Not fixing missing replPropertyMetaData element '%s'rZ fsmoroleowner)r!r"r’z'WARNING: parent object not found for %szFNot moving to LostAndFound (tombstone garbage collection in progress?)ZrepsFromr%r&r)z,Allocate the missing RID set for RID master?rkz^No RID Set found for this server: %s, and we are not the RID Master (so can not self-allocate))ÚrIDAllocationPoolZrIDPreviousAllocationPoolZ rIDUsedPoolÚ rIDNextRIDr rÚz No rIDAllocationPool found in %slüÿlÿÿzInvalid RID set %d-%s, %d > %d!rÛz%s-%dzz6SID %s for %s conflicts with our current RID set in %szGFix conflict between SID %s and RID pool in %s by allocating a new RID?rV)tr0r“rÜÚmaprr]rƒr§rÍr rrrŠr‹r.rqr]rrrtrurvr\rrmrãrr€r–rr‚r~r‰r¦r¨rŸr¬r°rpr±r\r¹r…rŽrr€r“rXrÎrr~rrsrxr’rÓr/rÝr%r)r-r/r.r•r–rÏr0rÃrZ$get_systemFlags_from_lDAPDisplayNameZDS_FLAG_ATTR_NOT_REPLICATEDZDS_FLAG_ATTR_IS_CONSTRUCTEDr«ZDSDB_SYNTAX_OR_NAMEZDSDB_SYNTAX_STRING_DNr@rdrÚrßrÍr#råZ#SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETErûrr^Z set_componentrZ get_rdn_valuerfr¨r­r®r¯rÇÚ differencerurÊrr„rnrr{rÄrÆr}rÇrÉrdr†r…rZcreate_own_rid_setrrr‡Z allocate_rid)>rŠrr#Zneed_replPropertyMetaDataÚarÌrìrr‹Ze10rŒrrr™Zset_attrs_from_mdZset_attrs_seenZgot_objectclassZnc_dnZdeleted_objects_dnZobject_rdn_attrZobject_rdn_valrrVrÂZrepl_meta_data_valrËZlist_attid_from_mdrlr„rŒZ well_known_sdZ current_sdr‘rØr×r1r¶ríÚflagrÖr"Z parent_dnr’Z expected_dnZshow_dnZisDeletedAttIdZexpectedTimeDoZ originatingrtrnZe11Zdns_partÚlocationr ZlocZ next_poolZhighZlowZ next_free_ridZsidrïZ allocated_ridrrrr—Æs            ûø   ÿ    ÿ ÿÿ   ÿ þ ÿ    ÿ  ÿþ,n nÿ    $  ÿþ ÿ    ("         ÿ    & $ÿ              ÿ     ÿ     ÿ    ÿþ       zdbcheck.check_objectcCsBt |jd¡}|jr"| d|¡|jj|tjd}t|ƒdkrR| d|¡dS|d}d}d|vrx| d¡|dSt|ddƒ  d ¡s>| d ¡|d7}|  d ¡s°|S|jjt |j|dd  d ¡¡tjd gd}tt t j|dd dƒƒ}t ¡}||_t d|tjd¡|d<|j|gdddr>| d¡|S)z!check the @ROOTDSE special objectz@ROOTDSErÏ)r!r"r(z"Object %s disappeared during checkrrz(ERROR: dsServiceName missing in @ROOTDSEzt ¡}t |jd¡|_t dtjd¡|d<|j|gdddS)zOreset @MODULES to that needed for current sam.ldb (to read a very old database)z@MODULESZ samba_dsdbz@LISTzreset @MODULES on databaseFr¦)r]r­r^r.rr®r¯r°rârrrÚ reset_modulesÿ szdbcheck.reset_modules) NFFFFFFFF)FF)T)F)T)N)MÚ__name__Ú __module__Ú __qualname__Ú__doc__rr]rAr›r”r“rºr¨rÅr°rÉrÍrÏrÚrÝrßr¬rårérðr÷rørürýrrrrr rrrrrr#r%r)r-r.r/r2r<r rOrdrerfrpruryr{r…rŽr’r“rŸr¡r¦r¨r¬r°r±r¹rÄrÆrÉrÊrÍrÎr—r˜rãrärrrrr:s®ü :ÿ d    U    þ # A!f,  i6"$% _ $ r) Z __future__rr]r–r˜Úbase64rrrZ samba.dcerpcrrZ samba.ndrrr r Z samba.samdbr r Zsamba.descriptorr rZ samba.authrrZ samba.netcmdrZsamba.netcmd.fsmorrršrrrrrÚs$