IdddlmZddlZddlZddlmZddlZddlm Z ddl m Z m Z m Z mZddlmZddlmZddlmZmZmZdd lmZmZdd lmZdd lmZdd lmZmZm Z m!Z!m"Z"dd l#m$Z$ddlm%Z%dZ&dZ'dZ(dZ)dZ*Gdde Z+Gdde Z,Gdde Z-Gdde Z.Gdde Z/Gdde Z0Gd d!e Z1Gd"d#eZ2y)$N)common)system_session)Command CommandErrorOption SuperCommand) attr_default)SamDB) drs_utils nttime2stringdsdb)drsuapimisc) join_clone)colour)get_partition_mapsget_utdv_edgesget_utdv_distancesget_utdv_summaryget_kcc_and_dsas) get_string)get_default_backend_storec tj|j|j|j\|_|_|_y#t$r}td|jz|d}~wwxYw)z'make a DRSUAPI connection to the serverzDRS connection to %s failedN) r drsuapi_connectserverlpcredsrdrsuapi_handlebind_supported_extensions Exceptionrctxes 2/usr/lib/python3/dist-packages/samba/netcmd/drs.pyrr4suJKTKdKdeheoeoqtqwqwy|zCzCLDHc(#*G J83::EqIIJsAA A2A--A2c td|jzt|j|j|_y#t $r}td|jz|d}~wwxYw)z$make a ldap connection to the server ldap://%surl session_info credentialsrzLDAP connection to %s failedN)r rrrrsamdbr!rr"s r% samdb_connectr-<s]KkCJJ6'5'7&)iiCFF<  K9CJJFJJKs=A A' A""A'c&|\}}|dk(ryd||fzS)z*return "was successful" or an error stringrzwas successfulzfailed, result %u (%s))werrecodeestrings r% drs_errmsgr3Fs&UG z #ug&6 66c|jd}|ddk7s|ddk7s|ddk7rtd|z|d jd d }|d jd d }||fS) z+parse a NTDS DN returning a site and server,rzCN=NTDS Settingsz CN=ServerszCN=Siteszbad NTDS DN %sr=)split RuntimeError)ntds_dnarsites r%drs_parse_ntds_dnr@Nsz cAt!!QqT\%9QqTZ=O+g566 qTZZ_Q F qTZZ_Q D &>r4classicc FeZdZdZdZej ejejdZ e ddddd e d d ddd e d dddd e ddddde ddddde e ddddgZ dgZ dZdZd Zd!d!d!d!e d"fd#Zd$Zd%Zd&Zd'Zd(Zd)Zd*Zy!)+cmd_drs_showreplzShow replication status.%prog [] [options] sambaopts versionoptscredopts--jsonz"replication details in JSON formatformat store_constjson)helpdestactionconstz --summaryz5summarize overall DRS health as seen from this serversummaryz--pull-summaryz:Have we successfully replicated from all relevant servers? pull_summaryz--notify-summarynotify_summaryzsHave we successfully notified all relevant servers of local changes, and did they say they successfully replicated?)rOrPrNrMz --classiczprint local replication detailsrA)rMrNrOrPdefaultz-vz --verbosez Be verbose store_truerMrODC?c ^t|j}|j|t|jt |j |jt|jt|jdd} |jjd|ztjg t#|j\}}|d||d <|S#tj$r3}|j\}}|tj k(rd|d<nYd}~fd}~wwxYw#t$$rY|SwxYw) z8Convert an ldb neighbour object into a python dictionaryF)NC dnDSA objectGUIDlast attempt timelast attempt messageconsecutive failures last successNTDS DN is deletedz basescopeattrsTr`N\DSA)strsource_dsa_obj_guidnaming_context_dnr last_attemptr3result_last_attemptconsecutive_sync_failures last_successsource_dsa_obj_dnr,searchldb SCOPE_BASELdbErrorargsERR_NO_SUCH_OBJECTr@r<) selfndsa_objectguiddr$errno_r?rs r%parse_neighbourz cmd_drs_showrepl.parse_neighbour|sQ223((,!.q~~!>$.q/D/D$E$%$?$?)!..91../   JJ  ;#?$'NN$&  ( .q/B/BCNT6#'0AeH|| JUA..."&,     s*/C2"DD))DD D,+D,c~|jd|dzd|vr|jd|dzn|jd|dz|jd|dz|jd |d d |d |jd |dz|jd|dz|jdy)z&print one set of neighbour informationz%srYrfz %s via RPCz NTDS DN: %sr_z DSA object GUID: %srZz Last attempt @ r[ r\z %u consecutive failure(s).r]z Last success @ %sr^N)message)rurxs r%print_neighbourz cmd_drs_showrepl.print_neighbours TAgJ&' A: LL!E(2 3 LL1Y<7 8 .3C1DDE 15H3I345K3LN O 5-./ 0 ,q/@@A Rr4c,tj}||_ |jj|jd|\}}|jDcgc]}|j|}}|S#t $r}t d|z|d}~wwxYwcc}w)Nrz"DsReplicaGetInfo of type %u failed) rDsReplicaGetInfoRequest1 info_typeDsReplicaGetInforr!rarrayr{)rurreq1infor$rvrepss r%get_neighbourszcmd_drs_showrepl.get_neighbourss//1" T $ = =##Q!. Y 267Ja7O"))#.  / , ,!*- 1|$-.!3s>7Ja7O$++C0  1 - LL&EF G V\\*IJK).C((-. V\\*GHI+.C((-. V^^L12r4c$|jdS)NrQrrus r%rzcmd_drs_showrepl.summary_outputs**955r4c$|jdS)NrSrrs r%rz&cmd_drs_showrepl.notify_summary_outputs**+;<::r4c t|t||jj}t |\}} |jj |t jgd}tt|dddt|jjd|dddt|jjd|dddd}|jj |d }|jtj }|jtj"} g} |D]3} t%| d dj'd \} } }t%| d t%| d dtt| ddtt| d dj)dk(d}| j+| |jj |t jdg}t%|ddd|d<g|d<| j7dgD]A}t%|j9d}|dj+|dt|dfC6||| | ||dS#t$r}td|zd}~wwxYw#t j,$r1}|j.\}}|t j0k(rd|d<Yd}~d}~wt2t4f$rYwxYw)N)options objectGUID invocationIdrazFailed to search NTDS DN %srrrrz(objectClass=nTDSConnection))rb expression fromServerr6nameenabledConnectionTRUE)r remote DNrenabled dnsHostNamedns nameTr` replicates NCzmS-DS-ReplicatesNCReason:r:r7)dsarrNTDSConnectionsr?r)rr-r,get_dsServiceNamer@rorprqr!rintr rschema_format_valuerr!DRSUAPI_DS_REPLICA_INFO_NEIGHBORSDRSUAPI_DS_REPLICA_INFO_REPSTOrg partitionupperrrrrsrtKeyError IndexErrorrr;)rur=r?rntdsr$ dsa_detailsconnrepsfromrepsto conn_detailscc_rdnsep c_server_dnrx c_server_resryrzrr>s r%rz$cmd_drs_showrepl.get_local_repl_datasd**..0*73v H::$$'Ox$yD <QA>?$TZZ%C%Cd1gl3A6&89&tzz'E'Ed1gn5a8(:;  zz  g:X Y&&w'P'PQ$$W%K%KL  =A&)!L/!*<&=&G&G&L #E3 AfI <!34|Ay!<=&|A7J)/(1227%'VD A    " #zz00k7:~~8E 1 H !$LOM$B1$E F* "$Ao UU5r: =FLL%/"))1Q4QqT*;< =1 =: +   Y H!"#O"49JBLL!7"!<=LL!5!>?$9"4A.7 LLa899 HI) Jr4)__name__ __module__ __qualname____doc__synopsisr SambaOptionsVersionOptionsCredentialsOptionstakes_optiongroupsrDEFAULT_SHOWREPL_FORMAT takes_options takes_argsr{rrrrrrrrrrr/r4r%rCrC[s"'H))--.. xB]& B{#5]) E (D]. J !-%H# % {!B]). 0 t[|LI#M(J>  Tt*!.- #3J6=;= ~6Jr4rCcneZdZdZdZej ejejdZ dgZ ddZ y) cmd_drs_kccz)Trigger knowledge consistency center run.rDrErWNc|j|_|tj|j}||_|j |jd|_t|tj} |jj|jd||jd|zy#t$r}td|d}~wwxYw)NTrrzDsExecuteKCC failedz#Consistency check on %s successful.)rrrrrrrrr DsExecuteKCC1 DsExecuteKCCrr!rr)rurrFrHrGrr$s r%rzcmd_drs_kcc.runs((* :&&tww/B --dgg-M $$& 9 LL % %d&9&91d C :R?@ 94a8 8 9s'B<< C CCNNNN rrrrrrrrrrrrr/r4r%rrysD3'H))--.. J%)'+Ar4rc $eZdZdZdZej ejejdZ gdZ e ddde d d de d d de d dde ddde ddde ddde dddgZ ddZ ddZy)cmd_drs_replicatez+Replicate a naming context between two DCs.z/%prog [options]rE)DEST_DC SOURCE_DCNCz --add-refz&use ADD_REF to add to repsTo on sourcerUrVz --sync-forcedz,use SYNC_FORCED to force inbound replicationz --sync-allz&use SYNC_ALL to replicate from all DCsz --full-synczresync all objectsz--localzIpull changes directly into the local database (destination DC is ignored)z--local-onlinez_pull changes into the local database (destination DC is ignored) as a normal online replicationz --async-opz use ASYNC_OP for the replicationz--single-objectz\Replicate only the object specified, instead of the whole Naming Context (only with --local)c ||_t|ttd|j|j d|_td|jzt|j|j |_|j jdtjdg}|ddd|_ |j j|jtjd g}tj|jjd |dd d|_tj|jj!}tj|j j!}|j} t"j$} |rt"j&} d }|jj)t+j,d |jz|j |j|j |} |j j/} | j1||| | || | \} }|jj7|r-|j9d| |||j j:fzy|j9d| |||j j:fzy#t2$r}t5d |z|d}~wwxYw)z+replicate from a source DC to the local SAMNr)r*r)r+rflagsr'r(r~ dsServiceNamerarTzncacn_ip_tcp:%s[seal])rodc full_syncexop sync_forcedzError replicating DN %szMFull Replication of all %d objects and %d links from %s to %s was successful.zPIncremental replication of %d objects and %d links from %s to %s was successful.)rrr rrr local_samdbr,rorprqr=rGUIDr ntds_guidget_invocation_idrDRSUAPI_EXOP_NONEDRSUAPI_EXOP_REPL_OBJtransaction_startr drs_Replicateam_rodc replicater!rtransaction_commitrr))rurrr single_objectrressource_dsa_invocation_iddest_dsa_invocation_iddestination_dsa_guidrreplr num_objects num_linksr$s r%drs_local_replicatez%cmd_drs_replicate.drs_local_replicates   !n.>D-1ZZDGG'(*{T[[8(6(8'+zzdgg? %%2S^^-<,=&?1vo.q1 %%4<'L'+ww'+zz43C3C'=?'') B'+~~b6N6J;?@I;?BM (6(O $[) %%'  LL9%y)**..00 1 LL9%y)**..00 1 B82=qA A Bs5K K#KK#Nc ||_| j|_| j|jd|_|r|j |||| |y| r6t j d|j}tj}n#t||j }|j}| sd|_ t||jj|jjdt!j"|dt!j"|d g }t%|d k(rt'd |z|d d }|jj|t j(dddg}t%|d k(rt'd|z|d dd }t+t-|dd }d }|t.j0zs|t j2z}|r|t j4z}|r|t j6z}|r|t j8z}|r|t j:z}| r|t j<z} t?j@|||||| r|jEd|d|dy|jEd|d|dy#t>jB$r}t'd|d}~wwxYw)NTr)rrrz irpc:dreplsrv)lp_ctxi,z!(&(objectCategory=server)(|(name=z)(dNSHostName=z))))rbrrdrzFailed to find source DC %sdnz5(|(objectCategory=nTDSDSA)(objectCategory=nTDSDSARO))rr)rbrcrrdz Failed to find source NTDS DN %szDsReplicaSync failedzReplicate from z to z was started.z was successful.)#rrrrrrrr policy_handlerrrequest_timeoutr-r,roget_config_basednrp binary_encodelenrSCOPE_ONELEVELrr r$DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPLDRSUAPI_DRS_WRIT_REPDRSUAPI_DRS_ADD_REFDRSUAPI_DRS_SYNC_FORCEDDRSUAPI_DRS_SYNC_ALLDRSUAPI_DRS_FULL_SYNC_NOWDRSUAPI_DRS_ASYNC_OPr sendDsReplicaSync drsExceptionr)rurrradd_refrsync_allrlocal local_onlineasync_oprrFrHrG server_bindserver_bind_handlemsg server_dnsource_dsa_guid dsa_options req_optionsestrs r%rzcmd_drs_replicate.runs  ((*--dgg-M   $ $Yi3@1< % >  !///$''JK!%!3!3!5  D !,,K!%!4!4 *0K 'djjTZZ%A%A%C   i (   i (,*')  * s8q=!E!E 3sCD  E &)<)<<= % (<(<<= dii!5!5 6 LL*TYY-E-EE F 7r4rrr/r4r%r;r;@sE,'H))--.. J%)'+QGr4r;ceZdZdZdZej ejejdZ dgZ e dddd gZ d d d d dZ ddZy)cmd_drs_optionszJQuery or change 'options' for NTDS Settings object of a Domain Controller.rDrErWz --dsa-optionzDSA option to enable/disablergza{+|-}IS_GC | {+|-}DISABLE_INBOUND_REPL | {+|-}DISABLE_OUTBOUND_REPL | {+|-}DISABLE_NTDSCONN_XLATE)rMtypemetavarrr7r8)IS_GCDISABLE_INBOUND_REPLDISABLE_OUTBOUND_REPLDISABLE_NTDSCONN_XLATENc|j|_|tj|j}||_|j |jd|_t||jj}|jj|tjdg}t|ddd}|jD cgc]} |j| |zs| } } |jddj!| z|rG|ddd vrt#d |z|dd} | |jj%vrt#d |z|ddd k(r||j| z}n||j| z}tj&} tj(|j|| _tj,t/|tj0d| d<|jj3| |jD cgc]} |j| |zs| } } |jd dj!| zyycc} wcc} w) NTrrrarzCurrent DSA options: z, r)+-zUnknown option %srzNew DSA options: )rrrrrrrr-r,rrorprqr option_maprjoinrkeysMessageDnrMessageElementrgFLAG_MOD_REPLACEmodify) rur dsa_optionrFrHrGr=rdsa_optsxcur_optsflagms r%rzcmd_drs_options.runs((* :&&tww/B --dgg-M d**..0jjWCNN9+Vs1vi(+, $P!$//!2Dx2OAPP ,tyy/BBC "1~Z/"#6#CDDab>D4??//11"#6#CDD"1~$DOOD11T__T222 A66$**g.AD--c(mS=Q=QS\]AiL JJ  a #'??Tadooa6H86STHT LL,tyy/BB C#  Q(UsI ,I I%5I%)NNNNN)rrrrrrrrrrrrrrrr/r4r%rrswT'H))--.. J ~$Bz |M &*4+5,68J '+7;%Dr4rc eZdZdZdZej ejejdZ e dde e dde e d d d d e ddd e dddddgde ze ddddgZ dgZ ddZy) cmd_drs_clone_dc_databasez9Replicate an initial clone of domain, but DO NOT JOIN it.z%prog [options]rEz--serverz DC to join)rMrz --targetdirz#where to store provision (required)z-qz--quietzBe quietrUrVz--include-secretszAlso replicate secret valuesz--backend-storechoice BACKENDSTOREtdbmdbz7Specify the database backend to be used (default is %s))rrchoicesrMz--backend-store-sizebytesSIZEzeSpecify the size of the backend database, currentlyonly supported by lmdb backends (default is 8 Gb).)rrrMdomainNc |j} |j| } |j||}| tdt ||| | |d|| | |  y)N)rquietz$--targetdir option must be specifiedSAMBA_INTERNAL) loggerrrrr dns_backend targetdirinclude_secrets backend_storebackend_store_size)rr get_loggerrr)rurrFrHrGrrrrrrrrrrs r%rzcmd_drs_clone_dc_database.runsg # # %((,>  EF F&u .>&!.&8  :r4) NNNNNFFFNN)rrrrrrrrrrrrgrrrrr/r4r%rrsC,H))--.. z 37}#HsStYZ E")GP\] xu~&(A(CD E %GVI J MJ37598=37:r4rc eZdZdZdZej ejejdZ e ddddd e d d d e ddde ddde ddde dddgZ dZ dZ ddZy)cmd_drs_uptodatenesszShow uptodateness statusz%prog [options]rEz-Hz--URLURLHz%LDB URL for database or target server)rrNrMz-pz --partitionzrestrict to this partition)rMrIrUzPrint data in json format)rOrMz --maximumz#Print maximum out-of-date-ness onlyz--medianz"Print median out-of-date-ness onlyz--fullz Print full out-of-date-ness datac0tj|dS)Nr7r)rLdumps)rupartitions_summariess r%format_as_jsonz#cmd_drs_uptodateness.format_as_json(szz.q99r4cg}|jD]T\}}|jDcgc] \}}|d|}}}|dddj|}|j|Vdj|Scc}}w)Nr15r}r )itemsrr) rurlines part_namerQkvrlines r%format_as_textz#cmd_drs_uptodateness.format_as_text+s|"6"<"<">  Iw3:==?C41aA&CEC!*DIIe,<=D LL  yyDsA;Nc f|j} |j| d} t|| | \}}|j}t |\}}|r||vr ||}||i}nt d|zg}|r|j d|r|j di}i}|jD]7\}}t|||| | }t||}t||}|||<|||<9|r|j|}n%|r|j|}n|j|}t||jy)NTrzunknown partition %smaximummedian)filters)file)rrrr,rrrrrrrrrprintr)rurrrLrrfullrFrHrGrrrr local_kccdsasr,short_partitionsrzpart_dnrpartitions_distancesrr utdv_edges distancesrQoutputs r%rzcmd_drs_uptodateness.run3sY  # # %((d(C*1b%8 407! ,,*95$-w#7 "#9I#EFF  NN9 %  NN8 $!!"2"8"8": 6 Iw' 4"eLJ*:tF,,-AB,,-AB f499%r4) NNFFFFNNNFF)rrrrrrrrrrrrrrrr/r4r%rrs" H))--.. tWe#; =t]0 2x / 1{<9 ;z,8 :x 6 8 M: %):?7;!&*&r4rceZdZdZiZeed<eed<eed<eed<e ed<e ed<e ed<y ) cmd_drsz0Directory Replication Services (DRS) management.bindkccrshowreplrzclone-dc-database uptodatenessN) rrrr subcommandsr;rrrCrrrr/r4r%rr`sd:K&.K$K02K .0K ,.K '@'BK#$"6"8Kr4r)3 samba.getoptgetoptrrploggingr~rrL samba.authr samba.netcmdrrrr samba.netcmd.commonr samba.samdbr sambar r r samba.dcerpcrr samba.joinrrsamba.uptodatenessrrrrr samba.commonrrrr-r3r@rrCrrr;rrrrr/r4r%rs,  % -00&!$1JK7$[Jw[J|A'ABc[c[L^G7^GB<Dg<D~+:+:\O&7O&d 9l 9r4