a I_H@sddlZddlZddlmZddlmZddlmZddlmZm Z ddl m Z m Z m Z mZmZmZGdddeZd d Zdd d ZddZdddZdddZddZddZdS)N)LdbError)werror) ndr_unpack)miscdnsp) DNS_TYPE_NS DNS_TYPE_A DNS_TYPE_AAAADNS_TYPE_CNAME DNS_TYPE_SRV DNS_TYPE_PTRc@s eZdZdZddZddZdS)DemoteExceptionzBase element for demote errorscCs ||_dSNvalue)selfrr1/usr/lib/python3/dist-packages/samba/remove_dc.py__init__ szDemoteException.__init__cCs d|jS)NzDemoteException: r)rrrr__str__#szDemoteException.__str__N)__name__ __module__ __qualname____doc__rrrrrrr sr c Cs|}dd|fD]}t||}||dkrJtd||f|ddkrdtd||dd|z|d || |Wqtj y}z$|j \}}|tj krnWYd}~qd}~00qd D]}t||}|| dkr td|| f|ddkr,td ||f|dd|z|d || |Wqtj y} z&| j \}}|tj krnWYd} ~ qd} ~ 00qdS) Nz3CN=Enterprise,CN=Microsoft System Volumes,CN=Systemz+CN=%s,CN=Microsoft System Volumes,CN=SystemFz+Failed constructing DN %s by adding base %szCN=Xz.Failed constructing DN %s by adding child CN=XrCNzRemoving Sysvol reference: %s)zMCN=Domain System Volumes (SYSVOL share),CN=File Replication Service,CN=SystemzDCN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=SystemzAFailed constructing DN %s by adding child CN=X (soon to be CN=%s))domain_dns_nameldbDnadd_baseget_config_basednr Z add_childZ set_componentinfodeleterargsERR_NO_SUCH_OBJECTget_default_basedn) samdbloggerdc_nameZrealmsdneenumestrZe1rrrremove_sysvol_references'sR        r-Fc sjdtjdgdgd}t|dkr(dS|}z|\}Wnrty}zZ|j\}} |tj ksp|tj kr|rt |||WYd}~dSt d|| fWYd}~n d}~00 |gjdtjdgd} t| d ksJ| dd} fd d tfd d | D} fdd| D]} z |d| | \}}Wn\ty}zB|j\}} |tj krWYd}~dSt d| | fWYd}~n d}~00t|}fdd|D}t||kr$|d| t||t|f | |q$t |||dS)Nz.(&(objectClass=dnsZone)(!(dc=RootDNSServers)))search_options:0:2)basescope expressionattrscontrolsrzlookup of %s failed: %sZnamingContextsr1r3cst|dddS)N/r6r)rrZ canonical_strsplit)r))r%rrdns_name_from_dnsz/remove_dns_references..dns_name_from_dnc3s|]}t|VqdSr)str).0r))r9rr z(remove_dns_references..cs@|jtks|jtkr<D]"}|j|jkr|j|jkrdSqdSNTF)wTyperr data) dnsRecordZrec) primary_recsrra_rec_to_removes z.remove_dns_references..a_rec_to_removez(checking for DNS records to remove on %scsg|]}|s|qSrr)r;r)rCrr r=z)remove_dns_references..1updating %s keeping %d values, removing %s values)searchr SCOPE_SUBTREElenupperZ dns_lookup RuntimeErrorr"rZ"WERR_DNS_ERROR_NAME_DOES_NOT_EXISTZWERR_DNS_ERROR_RCODE_NAME_ERRORremove_hanging_dns_referencesr Z dns_replace SCOPE_BASEsetdebugr )r%r& dnsHostNameZignore_no_namezonesdnsHostNameUpperr)Ze4r+r,resZncsZa_names_to_remove_fromZa_nameZa_rec_dnZa_recsZe2Z orig_num_recsr)rCr9rBr%rremove_dns_referencesZsb    &     &rTc sfdd|D]}|d|j|j|jtjddgd}|D]~}z |d}WntyfYq@Yn0fdd|D}t|t|kr@|d |jt|t|t|f||j|q@qdS) Ncs`ttj|}|jtks*|jtks*|jtkr>|jkr\dSn|jt kr\|jj kr\dSdSr>) rrDnssrvRpcRecordr?rr r r@rJr Z nameTarget)rrA)rRrr to_removes   z0remove_hanging_dns_references..to_removez checking %sz/(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))rA)r0r1r2r3cs g|]}|sttj|qSr)rrrU)r;v)rVrrrEs z1remove_hanging_dns_references..rF) rOr)rGrrHKeyErrorrIr Zdns_replace_by_dn) r%r&rRrQZzoneZrecordsrecordZ orig_valuesvaluesr)rRrVrrLs,       rLcCs:|jdtjdgd}t|dks$J|ddd} |j|gdtjdd} | d} t| d d} zt|| d dd } Wntyd} Yn0zt| d d}Wntyd}Yn0|r||d g| dur|j| dgdtjd}d|dvr4t|ddd}| d|||d|dvrnt|ddd}| d||||r| d| || d gd | vrt| d d}|r|jdt | |fgtj | d}t|dkr| d|dj ||dj |dur$|r$t||||r6t||| dS)Nr. dsServiceNamer5r6r)serverReferencecnrPz(objectClass=server)r0r3r1r2r]r\utf8rP tree_delete:0zobjectclass=computer)msDS-KrbTgtLinkrIDSetReferencesr]r0r2r3r1rbzRemoving RID Set: %srazRemoving RODC KDC account: %sz5Removing computer account: %s (and any child objects)z=(&(objectclass=user)(cn=dns-%s)(servicePrincipalName=DNS/%s)))r2r3r1r0z/Removing Samba-specific DNS service account: %s)rGrrMrIr:rdecoderXr!r binary_encoderHr$r)rTr-)r%r& server_dnremove_computer_objremove_server_objremove_sysvol_objremove_dns_namesremove_dns_accountrSmy_serviceNamemsgsmsgr'Z computer_dnrPZ computer_msgsZ rid_set_dnZkrbtgt_link_dnrrroffline_remove_serversn          roc  Cs^|jdtjdgd} t| dks$Jt|| dddd} |} | |kr^td| z|j|dd gtjd } WnHty}z0|j \}}|tj krtd |nWYd}~n d}~00t| dkrtd || f| d}|j d ks |j dkrtd|ttj|d d}|rn|j|d|d}|D]"}|d|j ||j qJ|r|jdtjd|dgd}|D]P}t| }t}|j |_ t|tjd|d<|d|j | f||qz |d|||dgWn<ty@}z"|j \}}td|WYd}~n d}~00t||| ||||| ddS)Nr.r[r5r6rr_z#Refusing to demote our own DSA: %s zobjectClass=ntdsDSAZ objectGUIDrczGiven DN %s doesn't existz%s is not an ntdsda in %srz NTDS Settingsz)Given DN (%s) wasn't the NTDS Settings DNz5(&(objectclass=nTDSConnection)(fromServer=)))r0r2zRemoving nTDSConnection: %sz(fsmoRoleOwner=))r/)r0r1r2r4Z fsmoRoleOwnerrz*Seizing FSMO role on: %s (now owned by %s)z'Removing nTDSDSA: %s (and any children)r`z,Failed to remove the DCs NTDS DSA object: %srgrhrirjrk)rGrrMrIrrdparentr rr"r#rr)Z get_rdn_nameZ get_rdn_valuerrZGUIDrr r!rHr:ZMessageZMessageElementZFLAG_MOD_REPLACEZwarningZmodifyro)r%r&ntds_dnrgrhremove_connection_objseize_stale_fsmorirjrkrSrlrfrmZe5r+r,rn ntds_guidZstale_connectionsZconnZstale_fsmo_rolesZrolevalmZe6rrroffline_remove_ntds_dc!s            rxc Cs|d}ztj|d}d|}Wntyz"|j|gdt|d}WnDty}z,|j \}} t d|| | fWYd}~n d}~00t |dkr| t d|| f|dj}t|d}||Yn0z|j|gtjd d } Wn`ty`} zF| j \}} |tjkr.g} n| t d || | fWYd} ~ n d} ~ 00t | dkr|dur| t d|| ft|||d d d d d d n"t||| djd d d d d d d d |dS)N)hexz z(&(objectClass=server)(cn=%s)))r0r3r2z4Failure checking if %s is an server object in %s: %srz%s is not an AD DC in %szCN=NTDS Settingsz(objectClass=ntdsdsa)r^z/Failure checking if %s is an NTDS DSA in %s: %sTrp)rgrhrsrtrirjrk)Ztransaction_startuuidZUUID ValueErrorrGrrrerr"r rrIZtransaction_cancelr)rrrMr#rorxZtransaction_commit) r%r&r'rfrurrZ server_msgsZe3r+r,Z ntds_msgsZe7rrr remove_dcvs                    r|cCs |t||d|dSr)Zstart_transactionrxZcommit_transaction)r%rrrrr offline_remove_dc_RemoveDsServers r})F)FFFFF)FFFFFFF)rzrrZsambarZ samba.ndrrZ samba.dcerpcrrZsamba.dcerpc.dnsprrr r r r Exceptionr r-rTrLrorxr|r}rrrrs4     3 P- O UP