a Wa6K@sddlmZmZmZddlmZddlmZddlm Z ddlm Z ddlm Z ddlZddl Z ddl mZmZmZddlZGd d d eZd d Zd dZddZddZddZddZGdddeZGdddeZdS))drsuapimiscdrsblobs)Net) ndr_unpack)dsdb)werror) WERRORErrorN)DRSUAPI_ATTID_name(DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8)DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10c@s eZdZdZddZddZdS) drsExceptionzBase element for drs errorscCs ||_dSNvalue)selfrr1/usr/lib/python3/dist-packages/samba/drs_utils.py__init__%szdrsException.__init__cCs d|jS)NzdrsException: r)rrrr__str__(szdrsException.__str__N)__name__ __module__ __qualname____doc__rrrrrrr "sr c Csd}|dkr|d7}d||f}zt|||}t|\}}Wn4tyv}ztd||fWYd}~n d}~00|||fS)amMake a DRSUAPI connection to the server. :param server: the name of the server to connect to :param lp: a samba line parameter object :param creds: credential used for the connection :return: A tuple with the drsuapi bind object, the drsuapi handle and the supported extensions. :raise drsException: if the connection fails Zseal z,printzncacn_ip_tcp:%s[%s]zDRS connection to %s failed: %sN)Z log_levelr drs_DsBind Exceptionr ) ZserverlpcredsZbinding_optionsbinding_string drsuapiBindZ drsuapiHandleZbindSupportedExtensionserrrdrsuapi_connect,s   &r"c Csvt}||_t}||_||_t||_z| |d|Wn0t yp}zt d|WYd}~n d}~00dS)aSend DS replica sync request. :param drsuapiBind: a drsuapi Bind object :param drsuapi_handle: a drsuapi handle on the drsuapi connection :param source_dsa_guid: the guid of the source dsa for the replication :param naming_context: the DN of the naming context to replicate :param req_options: replication options for the DsReplicaSync call :raise drsException: if any error occur while sending and receiving the reply for the dsReplicaSync zDsReplicaSync failed %sN) rDsReplicaObjectIdentifierdnZDsReplicaSyncRequest1naming_contextZoptionsrGUIDsource_dsa_guidZ DsReplicaSyncrr )r drsuapi_handler(r&Z req_optionZncreq1estrrrrsendDsReplicaSyncDs  r,c Csjz4t}t||_t||_d|_||d|Wn0tyd}ztd|WYd}~n d}~00dS)aSend RemoveDSServer request. :param drsuapiBind: a drsuapi Bind object :param drsuapi_handle: a drsuapi handle on the drsuapi connection :param server_dsa_dn: a DN object of the server's dsa that we want to demote :param domain: a DN object of the server's domain :raise drsException: if any error occur while sending and receiving the reply for the DsRemoveDSServer r#zDsRemoveDSServer failed %sN) rZDsRemoveDSServerRequest1strZ server_dnZ domain_dnZcommitZDsRemoveDSServerrr )r r)Z server_dsa_dnZdomainr*r+rrrsendRemoveDsServer_s   r.cCs4t}d|_t|_|jjtjO_|jjtjO_|jjtjO_|jjtj O_|jjtj O_|jjtj O_|jjtj O_|jjtj O_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtjO_|jjtj O_|jjtj!O_|"t#$tj%|\}}||jjfS)z0make a DsBind call, returning the binding handle)&rZ DsBindInfoCtrZlengthZ DsBindInfo28infoZsupported_extensionsZ DRSUAPI_SUPPORTED_EXTENSION_BASEZ-DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATIONZ%DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPIZ&DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2Z+DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESSZ%DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1Z4DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATIONZ'DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTEZ'DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2Z4DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATIONZ%DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2Z8DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MODZ'DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BINDZ)DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFOZ-DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTIONZ&DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01Z1DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIPZ+DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORYZ&DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3Z,DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2Z(DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6Z)DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCSr Z*DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5Z*DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6Z,DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3Z*DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7Z)DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECTZDsBindrr'ZDRSUAPI_DS_BIND_GUID)drsZ bind_infor0ZhandlerrrrvsB rc Cst}d|_g}|}|j|tjdgdd}|D]}t|dd}d|vrx|dd}t|t j j t j j B@rxq6d|vr|dd}t|t j j @rq6||} |t| q6|||_t||_|S) z-get a list of attributes for RODC replicationr#zobjectClass=attributeSchema)lDAPDisplayName systemFlags searchFlags)basescopeZ expressionattrsr2rr3r4)rZDsPartialAttributeSetversionZget_schema_basednsearchldbZ SCOPE_SUBTREEr-intsambarZDS_FLAG_ATTR_NOT_REPLICATEDZDS_FLAG_ATTR_IS_CONSTRUCTEDZSEARCH_FLAG_RODC_ATTRIBUTEZget_attid_from_lDAPDisplayNameappendsortattidslenZ num_attids) samdbpartial_attribute_setr?Z schema_dnresrZldap_display_nameZ system_flagsZ search_flagsattidrrr"drs_get_rodc_partial_attribute_sets4      rFcCs|j|_|j|_|j|_dS)z Copies the highwater mark by value, rather than by object reference. (This avoids lingering talloc references to old GetNCChanges reply messages). N)tmp_highest_usn reserved_usn highest_usn)hwmZnew_hwmrrrdrs_copy_highwater_marksrKc@sBeZdZdZddZddZddZdejdd d dd fd d Z d S) drs_ReplicatezDRS replication callscCst||||_t|j\|_|_t||d|_||_t|t j sJt d|t dkr`t d|j |j||j||_ d|_dS)N)rrz"Must supply GUID for invocation_idz$00000000-0000-0000-0000-000000000000zGMust not set GUID 00000000-0000-0000-0000-000000000000 as invocation_idr)rr1r drs_handle supports_extrnetrA isinstancerr' RuntimeErrorZreplicate_initreplication_state more_flags)rrrrrA invocation_idrrrrs zdrs_Replicate.__init__cCs&|j}|dko$|t@o$|jtj@dkS)Ni!r)rNr rSrDRSUAPI_DRS_GET_TGT)rZ error_codereqrNrrr_should_retry_with_get_tgts z(drs_Replicate._should_retry_with_get_tgtcCs|jj|j|||||ddS)5Processes a single chunk of received replication data)schema req_levelrVN)rOZreplicate_chunkrRrlevelctrrYrZrV first_chunkrrr process_chunkszdrs_Replicate.process_chunkFNTrc  Cs|jt@r$t} | |jB| _d} n d} t} || _|| _t| _ || j _ d} t }d|_ d|_ d|_|s4|jj|tjdgd}d|dvr|ddD]$}ttj|}|jj|kr|jj}qt} d| _d| _d| _g}t|j|j}|D]&}t}|j|_|j|_| |q|| _!t"|| _#|| _| | _$|durR|| _%n\|tj&krfd| _%nHtj'tj(Btj)Btj*Btj+B| _%|r| j%tj,O_%n| j%tj-O_%| r| j%tj.O_%d| _/d | _0|| _1d| _2d| _3d| _4d| j5_6d| j5_7|s|rt8|j| _3|jt9@s\d } t:}t;|D]&}|dd kr0t<||t=| |q0|} d}d}d }|j>?|j@| | \}}|jAdur|jBdkrtCd |jBz|D|||| | |WnjtEy&}zP|F|jGd| rtHd| jtjIO_d }WYd}~qhn|WYd}~n d}~00d}||jB7}z||jJ7}WntKyXYn0|jLdkrjq|tM| j|jNqh||fS)zreplicate a single DN NrZrepsFrom)r5r6r7r#ii"_Tz6DsGetNCChanges: NULL first_object with object_count=%uz1Missing target object - retrying with DRS_GET_TGTF)OrNr rZDsGetNCChangesRequest10rSZDsGetNCChangesRequest8destination_dsa_guidsource_dsa_invocation_idr$r&r%ZDsReplicaHighWaterMarkrGrHrIrAr9r:Z SCOPE_BASErrZrepsFromToBlobr]Z highwatermarkZDsReplicaCursorCtrExr8Z reserved1Z reserved2rZ_dsdb_load_udv_v2Zget_default_basednZDsReplicaCursorr=Zcursorsr@countZuptodateness_vector replica_flagsZDRSUAPI_EXOP_REPL_SECRETZDRSUAPI_DRS_INIT_SYNCZDRSUAPI_DRS_PER_SYNCZDRSUAPI_DRS_GET_ANCZDRSUAPI_DRS_NEVER_SYNCEDZ$DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIPZ%DRSUAPI_DRS_SPECIAL_SECRET_PROCESSINGZDRSUAPI_DRS_WRIT_REPZDRSUAPI_DRS_SYNC_FORCEDZmax_object_countZ max_ndr_sizeZ extended_opZ fsmo_inforBZpartial_attribute_set_exZ mapping_ctrZ num_mappingsZmappingsrFr ZDsGetNCChangesRequest5dirsetattrgetattrr1ZDsGetNCChangesrM first_object object_countrQr_r rWargsprintrUZlinked_attributes_countAttributeErrorZ more_datarKZnew_highwatermark)rr%rerdrYZexopZrodcrgZ full_syncZ sync_forcedrSrVrZZudvrJrCZreps_from_packedZ reps_from_objZ cursors_v1Z cursors_v2Z cursor_v2Z cursor_v1Zreq5aZ num_objectsZ num_linksr^r\r]r!rrr replicates                  zdrs_Replicate.replicate) rrrrrrWr_rZDRSUAPI_EXOP_NONErqrrrrrLs rLcsDeZdZdZfddZddZddZdd Zfd d ZZ S) drs_ReplicateRenamerz,Uses DRS replication to rename the entire DBcs0tt||||||||_||_tj|_dSr)superrrr old_base_dn new_base_dnrrUrS)rrrrrArTrtru __class__rrr}s zdrs_ReplicateRenamer.__init__cCstd|j|j|S)z/Uses string substitution to replace the base DNz%s$)resubrtru)rZdn_strrrr rename_dnszdrs_ReplicateRenamer.rename_dncCsJ|jjD]<}|jtkrt|j|jj}| }| d|j j d_ qdS)z3Updates the 'name' attribute for the base DN objectz utf-16-lerN)Z attribute_ctrZ attributesrEr r:ZDnrA identifierr%Z get_rdn_valueencodeZ value_ctrvaluesZblob)rZbase_objattrZbase_dnnew_namerrrupdate_name_attrs   z%drs_ReplicateRenamer.update_name_attrcCsJ|jj}||jj|j_td||jjf|jj|jkrF||dS)z1Renames the first/top-level object in a partitionzRenaming partition %s --> %sN)r{r%rzrnrur)rZ first_objZold_dnrrrrename_top_level_objectsz,drs_ReplicateRenamer.rename_top_level_objectcsR|jr||jj|j_|r4|jdkr4||jjtt| ||||||dS)rXrN) r&rzr%rlrrkobjectrsrrr_r[rvrrr_sz"drs_ReplicateRenamer.process_chunk) rrrrrrzrrr_ __classcell__rrrvrrrzs   rr)Z samba.dcerpcrrrZ samba.netrZ samba.ndrrr<rrr r:Zsamba.dcerpc.drsuapir r r rxrr r"r,r.rrFrKrrLrrrrrrs&      && /