dddlZddlZddlZddlZddlmZddlmZddlm Z ddl m Z ddl m Z mZmZmZmZddlmZmZmZej,dZGdd eZGd d eZGd d eZGddeZGddeZy)N)Ldb) ndr_unpack)security) SCOPE_SUBTREESCOPE_ONELEVEL SCOPE_BASEERR_NO_SUCH_OBJECTLdbError)Command CommandErrorOptionz^([^;]+);range=(\d+)-(\d+|\*)$c eZdZddddddddejej df dZdZdZd Z d Z d Z d Z d Z dZdZdZdZy)LDAPBaseFsectionSUBTcg}|}d|vr*tjj|rd|z}nd|z}|jj drdg}| |_| |_t|||||_| |_ | |_ ||_ ||_ ||_ ||_| |_||_||_||_t'|jj)|_t'|jj-|_t'|jj1|_t'|jj5|_|j9|_|j=|_tAjBdd|j*jEd d |_#|jI|_%|jM|jr|js|j jOd |j"z|j jOd d |j*zz|j jOd d|j:zz|j jOd d|j>zz|j jOd d|jFzzyyy)Nz://ztdb://%sz ldap://%szldap://zmodules:paged_searches)url credentialslpoptionsz [Dd][Cc]=r,.z * Place-holders for %s:  z${DOMAIN_DN} => %s z${DOMAIN_NETBIOS} => %s z${SERVER_NAME} => %s z${DOMAIN_NAME} => %s )(ospathisfilelower startswithoutferrfrldb search_base search_scope two_domainsquiet descriptor sort_acesviewverbosehostskip_missing_dnstrget_default_basednbase_dnget_root_basednroot_dnget_config_basedn config_dnget_schema_basedn schema_dn find_netbiosdomain_netbios find_servers server_namesresubreplace domain_namefind_domain_sid domain_sid get_sid_mapwrite)selfr+credsrtwor&r'r(r*r)basescoper r!r, ldb_options samdb_urls 6/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py__init__zLDAPBase.__init__-sa   ww~~d#&- '$. ??  ' ' 234K  9#(*, ! $"   .4886689 4883356 TXX779:TXX779:"//1 --/66+r4<<@HHcR..0    DJJ IIOO9DIIE F IIOOG&A LL')) * IIOOG&A //'00 1 IIOOG&B --'.. / IIOOG&A ,,'-- .%/ c|jj|jdt}t t j |dddS)Nz(objectClass=*))rE expressionrFr objectSid)r"searchr/rrrdom_sidrBress rIr>zLDAPBase.find_domain_sidbsAhhoo4<<V_c^df3x!||),-AAdGAJ---sA!c4 |jjd|jztdg}t dk(r t d|D]}d|vs|ddjcSy#t$r}|\}}|dvr t ||Yd}~`d}~wwxYw)NzCN=Partitions,%s nETBIOSNamerErFrU)z,Operation unavailable without authenticationrzCould not find netbios name)r"rOr3rr r rVdecode)rBrReenumestrrWs rIr6zLDAPBase.find_netbiosns ,((//'9DNN'J(5m_"NC s8q=<= = 4A!'*1133 4 ,JD$GG"4++H ,s0A// B8BBcd} |jj|t}t |dk(S#t$r#}|j\}}|t k(rYd}~yd}~wwxYw)N)rErFF)r"rOrr argsr rV)rB object_dnrRe2r]r^s rI object_existszLDAPBase.object_exists~s` ((//y /CC 3x1}  77LT4))   s!3 AAAAc |jj|y#tj$r}dt |vsJYd}~yd}~wwxYw)NzNo such object)r"deleterr r-)rBrbr\s rI delete_forcezLDAPBase.delete_forces= . HHOOI &|| .#s1v- -- .sA AA cVtj|}||S|jdS)zi Returns the real attribute name It resolved ranged results e.g. member;range=0-1499 r`)RE_RANGED_RESULTmatchgroup)rBkeyms rIget_attribute_namezLDAPBase.get_attribute_names,  " "3 ' 9JwwqzrKctj|}||S|jd}t|jd} d||dzfz}|jj |t |g}t|dk(sJt|d}|d=d} d} |D]@}tj|}||jd|k7r0|} t||} n|  |S|j| | jddk(r |St| jd |dzk(sJt| jd}) zp Returns list with all attribute values It resolved ranged results e.g. member;range=0-1499 Nr`z %s;range=%d-*rZrdn*) rirjrkintr"rOrrVdictlistextend) rBrbrlvalsrmattrhinrRfmfvalss rIget_attribute_valueszLDAPBase.get_attribute_valuess\  " "3 ' 9Kwwqz _4a.0A((//y 1#/NCs8q= =s1v,CD BE $**3/9771:%SX z  KK xx{c!  rxx{#rAv- --RXXa[!BCrKc&|jj|tdg}t|dk(sJt |d}|d=i}|j D]7\}}|j |}t|}|j|||||<9|S)z: Returns dict with all default visible attributes rrrZr`rrq) r"rOrrVruitemsrnsortedr~)rBrbrR attributesrlrxnames rIget_attributeszLDAPBase.get_attributesshhoo9JseoL3x1}}3q6l I  OIC**3/D$r8r6rdrgrnr~rrrr@rKrIrr+se%EUTYbjjszz43.jD.4 . 2h$- -4 rKrcXeZdZejej fdZdZdZdZ dZ y) Descriptorc||_||_||_||_|jj |j|_|j |_|jjr|jjyyN) r r!conrqrsddl extract_dacl dacl_listr(sort)rB connectionrqr r!s rIrJzDescriptor.__init__sj  HH009 **, 88   NN   ! rKc, d|jvr0tjd|jjd}n/tjd|jjd}tj d|S#t$rgcYSwxYw)zH Extracts the DACL as a list of ACE string (with the brackets). zS:zD:(.*?)(\(.*?\))S:rszD:(.*?)(\(.*\))z (\(.*?\)))rr:rOrkAttributeErrorfindallrQs rIrzDescriptor.extract_dacls| tyy ii 5tyyAGGJii 2DII>DDQGzz,,, I sA-B BBcd|z}tjd|}t|dk(r|S|D].} |jj|}|j ||}0|S#t $rY>wxYw)Nrz S-[-0-9]+r)r:rrVrrr<r)rBacerRsidssidrs rIfix_sidzDescriptor.fix_sid$s~Sjzz+s+ t9>J C xx'',kk#t,    s+A!! A-,A-cZd}t|jt|jk7rA|dz }|ddt|jzzz }|ddt|jzzz }d}d} d}d} d|j|z} d|j|z}t|t|zdk(r ||fSd|j|z}d|j|z}||k7r||dd |d z }d }n ||dd |d z }|d z }#t$rd}YwxYw#t$rd}YwxYw)Nr Difference in ACE count:  => %s rTrz>60z *  Fz | r`)rVr IndexErrorr) rBotherrRiflagself_ace other_aceself_ace_fixedother_ace_fixeds rIdiff_1zDescriptor.diff_13s_ t~~ #eoo"6 6 9 9C 7YT^^)<<< A  77$((--GG GC  ,w}t++ ,) (C ($**3/""3'  (J' z?Q  77%))..HH HC! ,w}t++ ,T#k"234 88   4 4C" ,w}t++ ,R4J"$4c::C M O &  % & '!!#& 's0H+H  H?H0H-,H-0I IN) rrrrrrrJrrrrrrKrIrr s),/JJSZZ" - B+;rKrcpeZdZejej fdZdZdZdZ dZ dZ dZ dZ d Zy ) LDAPObjectcV||_||_||_|jj|_|jj|_|jj |_||_|jd|jj|_ |jjdd|jjz|_ |jjD]&}|jjdd|z|_ (|jj|j|_ gd|_|j|_|xjdgz c_|r|xj|z c_g|_g|_g|_g|_g|_|jr%|xjgdz c_gd|_|j Dcgc]}|j+c}|_gd |_|j"Dcgc]}|j+c}|_gd |_|j$Dcgc]}|j+c}|_gd |_|j&Dcgc]}|j+c}|_d d g|_|j(Dcgc]}|j+c}|_t-|jDcgc]}|j+c}|_ycc}wcc}wcc}wcc}wcc}wcc}w)N ${DOMAIN_DN}CN=${DOMAIN_NETBIOS}CN=%sCN=${SERVER_NAME}) badPasswordTime badPwdCountdSCorePropagationData lastLogoff lastLogon logonCount modifiedCountzmsDS-Cached-Membershipz!msDS-Cached-Membership-Time-StampzmsDS-EnabledFeatureBLzmsDS-ExecuteScriptPasswordz msDS-NcTypezmsDS-ReplicationEpochzmsDS-RetiredReplNCSignatureszmsDS-USNLastSyncSuccesspartialAttributeDeletionListpartialAttributeSetpekList prefixMapreplPropertyMetaDatareplUpToDateVectorrepsFromrepsTo rIDNextRIDrIDPreviousAllocationPool schemaUpdate serverStatesubRefs uSNChanged uSNCreated uSNLastObjRem whenChangedmsExchServer1HighestUSN)$objectCategory objectGUIDrN whenCreatedr pwdLastSetr creationTimer priorSetTimerIDManagerReferencegPLinkipsecNFAReferencefRSPrimaryMember fSMORoleOwner masteredByipsecOwnersReferencewellKnownObjectsotherWellKnownObjectsripsecISAKMPReferenceipsecFilterReferencezmsDs-masteredBy lastSetTimeipsecNegotiationPolicyReferencergPCFileSysPathaccountExpires invocationIdoperatingSystemoperatingSystemVersionoEMInformation schemaInfo targetAddressmsExchMailboxGuidsiteFolderGUID)&distinguishedNamedefaultObjectCategorymembermemberOfsiteListnCNamehomeMDBhomeMTAinterSiteTopologyGeneratorserverReferencezmsDS-HasInstantiatedNCs hasMasterNCszmsDS-hasMasterNCszmsDS-HasDomainNCs dMDLocationmsDS-IsDomainForrIDSetReferencesserverReferenceBLmsExchHomeRoutingGroupmsExchResponsibleMTAServersiteFolderServermsExchRoutingMasterDNmsExchRoutingGroupMembersBL homeMDBBLmsExchHomePublicMDBmsExchOwningServer templateRootsaddressBookRootsmsExchPolicyRootsglobalAddressListmsExchOwningPFTreemsExchResponsibleMTAServerBLmsExchOwningPFTreeBLz$msDS-MembersOfResourcePropertyListBLzmsDS-ValueTypeReferencez"msDS-MembersOfResourcePropertyListzmsDS-ValueTypeReferenceBLzmsDS-ClaimTypeAppliesToClass)proxyAddressesmailuserPrincipalName"msExchSmtpFullyQualifiedDomainName dnsHostNamenetworkAddressdnsRootservicePrincipalName) rrCNr dNSHostNamer5rrrrr)r5r6rrYrrDC)r r!rr%r&r*summaryr<r/rqr7r9rrnon_replicated_attributesignore_attributes dn_attributesdomain_attributesservername_attributesnetbios_attributesother_attributesupperr)rBrrqr9 filter_listr r!rWs rIrJzLDAPObject.__init__s  88//XX^^ xx''  **^TXX-=-=>''//"8'DHHD[D[:[\&& HAggoo&97Q;GDG H((11$'':#* &H"&!?!? #<"==   " "k 1 "!#%'""$ "     " "'H H """D "6:5G5G!H!'')!HD &VD ":>9O9O%PAaggi%PD "*^D &>B=W=W)X!''))XD &&rD #:>:Q:Q&RQqwwy&RD #%+T$4D !8<8M8M$N1QWWY$ND !!$9O9O%PAaggi%P!Q)"I &Q *Y'S%O%Ps$L L LL7L!)L&cZ|js|jj|dzyyzE Log on the screen if there is no --quiet option set rNr&r rArBmsgs rIlogzLDAPObject.logs$zz IIOOCI &rKcd|z}|js|S|jj|jjjr1|dt |t |jjz dz}|S)Nrr)r%rAendswithrr/rVrBsrRs rIfix_dnzLDAPObject.fix_dn soQhJ 99;   0 0 6 6 8 97s3x#dhh&6&6"778>IC rKc@d|z}|js|S|j|jjj |jjj }|j|jjj d}|S)Nrz${DOMAIN_NAME})r%r<rr=rrArKs rIfix_domain_namezLDAPObject.fix_domain_namesxQhJkk$((..4468L8L8R8R8TUkk$((..4468HI rKc@d|z}|js|S|j|jjj |jjj }|j|jjj d}|S)Nrz${DOMAIN_NETBIOS})r%r<rr7rrArKs rIfix_domain_netbioszLDAPObject.fix_domain_netbiossxQhJkk$((11779488;R;R;X;X;Z[kk$((11779;NO rKcd|z}|jr"t|jjdkDr|S|jjD]"}|j j |d}$|S)Nrr`z${SERVER_NAME})r%rVrr9rAr<)rBrLrRrWs rIfix_server_namezLDAPObject.fix_server_name#sfQh3txx'<'<#=#AJ&& ;A))+%%a)9:C ; rKcr|jjr|j|S|j|Sr)rr'cmp_desc cmp_attrs)rBrs rI__eq__zLDAPObject.__eq__+s- 88  ==' '~~e$$rKct|j|j|j|j}t|j|j|j|j}|jj dk(r|j |}nM|jj dk(r|j|}n"td|jj |d|_ |d|_ |dS)N)r r!r collisionzUnknown --view option value: r`r) rrrqr r!r)rrr screen_output)rBrd1d2rRs rIrUzLDAPObject.cmp_desc0s $''  J  588$))$)) L 88==I %))B-C XX]]k )))B-C unique_attrsdf_value_attrs)r_rrrAr;rr+get isinstancervrr@r=splitr<rMr=rOr>rSr?rQrr9rZ)rBrrRry self_attrs other_attrsself_unique_attrsrWother_unique_attrs missing_attrstitleourstheirspqrmr{js rIrVzLDAPObject.cmp_attrs?s# 4??C4$**,CD E4D4DED4::<EF &4u7N7NN  7;dhhmmKK KC& *w{T)) *):58N8NN  7;eiinnLL LC' *w{T)) **,>> ;I .AwwyD222aggi=6P??1%D%%))!,F$%*VT*Bd|v~779 5 55JNOQ--33C8;q@OAOKQRa..44S9!<ARARAv WWY$"4"44AA123AQ3A3234Qa4A4Av 779 6 66AAQ ":;?003?A?>?@11!4@A@Av 54<'C E7Q;1a)@@4GGC7Q;4)HH4OOC##**1-SI .V $(:: :: ^$->(??$ %&$*=*==& n%.@)AA% &'4+>+>>' !byMDEDPR44====@@sGSS 2S 2S%!S*?S/ S4*S97S>T"TT N)rrrrrrrJrHrMrOrQrSrWrUrVrrKrIrrs@jjszzRB'% jrKrcbeZdZddejej fdZdZdZdZ dZ dZ y) LDAPBundleNc||_||_||_|jj|_|jj|_|jj |_|jj |_|jj|_|jj|_i|_ g|jd<g|jd<g|jd<g|jd<||_ |r||_ nI|jdvr,|j|_ |j||_ n tdd}|t!|jkr|jr|j|}|dt!|t!|jj"z dz}|j%d |jj&zd }t!|jj(d k(r0|jj(D]} |j%d | zd }||j|<|d z }|t!|jkr |jrt+t-|j|_ t/|j|_ t!|j|_y) Nr^r_known_ignored_dnabnormal_ignored_dnDOMAIN CONFIGURATIONSCHEMA DNSDOMAIN DNSFORESTz-Unknown initialization data for LDAPBundle().rrrrr`r)r r!rr%r&r*r#r$r,r9rBdn_listrAcontext get_dn_list ExceptionrVr/r<r7r9rvrrsize) rBrrzryrBr r!counterrrWs rIrJzLDAPBundle.__init__s3  88//XX^^ xx'' 88// HH11#xx77 ') ^$)+ %&+- '(.0 *+& "DL ]]_ _ _"==?DL++G4DLKL LDLL))d.>.>,,w'C7s3x#dhh&6&6"778>IC++g(?(??AWXC488(()Q...HA++gk3FGCH$'DLL ! qLGDLL))d.>.>C -. dll+  % rKcZ|js|jj|dzyyrDrErFs rIrHzLDAPBundle.logs$zz IIOOC$J 'rKclt|j|_t|j|_yr)rVryr}r)rBs rI update_sizezLDAPBundle.update_sizes" % dll+ rKc &d}|j|jk7r9|jd|jd|j|jsd}t|jDcgc]}|j c}}t|jDcgc]}|j c}}|j tk7r|js||z }|rNd}|jd|jjzt|D]}|jd|z||z }|rNd}|jd|jjzt|D]}|jd|z||z} |jdt| z| D]} t|j| |j|j|j|j } t|j| |j|j|j|j } | | k(r|jj$r:|jd |jd | j&d | jjd|jd | j&d | jjd|jdn|jd |jd | j&d | jjd|jd | j&d | jjd|j| j(|jdd}| j|_ | j|_ |Scc}wcc}w#t"$r"} |jd | d | Yd} ~ 9d} ~ wwxYw#t"$r"} |jd | d | Yd} ~ gd} ~ wwxYw)NTz! * DN lists have different size: z != Fz * DNs found only in %s:rz * Objects to be compared: %d)rrqr9rBr r!zLdbError for dn z: z Comparing:'z' []z OKz FAILED)r}rHr,rryrAr$rrr+rrVrr9rBr r!r r*rqrZ)rBrrRrlself_dns other_dns self_onlyrW other_only common_dnsrqobject1r\object2s rIdiffzLDAPBundle.diffs% 99 " HHTYYPUPZPZ[ \''4<<8a 89EMM:q:;    *43G3G 9,I4txx}}DE **AHHWq[)*#X-J4uyy~~EF +*AHHWq[)* )  1C OCD$ ,B $(*-1\\151A1A*.))$)) E $ (*-2]]151A1A*.))$)) E'!88##HH^,HHGJJ 8H8HIJHHGJJ 8H8HIJHH^,( GKK4D4DEF GKK4D4DEF../+,"??DL#OOEMI$ ,L A9:B R;<  R;< s>(N-N2)AN7-AO%7 O"OO"% P.P  Pc4|jdk(r|jj}n|jdk(r|jj}n|jdk(r|jj}nY|jdk(rd|jjz}n,|jdk(rd|jj z}g}|j s|_|jj|_|jdk(r t|_nA|jd k(r t|_n&|jd k(r t|_n td  |jjj|j |jd g }|D]$}|j%|d j'&|S#t$r=}|j\}}|j j#d|j zd}~wwxYw)z Query LDAP server about the DNs of certain naming self.con.ext Domain (or Default), Configuration, Schema. Parse all DNs and filter those that are 'strange' or abnormal. rtrurvrwzDC=DomainDnsZones,%srxzDC=ForestDnsZones,%srBASEONEz0Wrong 'scope' given. Choose from: SUB, ONE, BASErqrZzFailed search of base=%s N)rArr/r3r5r1r#r$rrrrr"rOr rar rArget_linearized) rBrzr#ryrRe3r]r^rWs rIr{zLDAPBundle.get_dn_list)s ==?h &((**K ]]_ /((,,K ]]_ (((,,K ]]_ +04883C3CCK ]]_ +04883C3CCK*D  --335    % -D    & ( *D    % ' .D OP P ((,,%%4+;+;4CTCT]a\b%cC  5A NN1T7113 4 5  77LT4 IIOO84;K;KK L  s)=G H8HHc tt|jd|jd<tt|jd|jd<|jdro|jd|jj z|jdj |jdDcgc]}td|zc}|jdrh|jd|jdj |jdDcgc]}td|zc}g|jd<yycc}wcc}w)Nr^r_z Attributes found only in %s:rz z" Attributes with different values:)rvrr9rHrr+joinr-)rBrWs rI print_summaryzLDAPBundle.print_summaryNs '+C ^0L,M'N ^$)-c$,,?O2P.Q)R %& << ' HH5 E F HHRWWt||N?[\!c.1"45\] ^ <<( ) HH: ; HHRWWt||L\?]^!c.1"45^_ `-/DLL) * *]_s ;E "E ) rrrrrrrJrHrrr{rrrKrIroros648djjszz%&N(,GR#J 0rKroceZdZdZdZej ejejdZ gdZ e ddddd d e d d ddd d e ddddd d e dddd d e dddd d e dddddgde d d!d"d#$e d%d&d"d'$e d(d)d*gd+d,e d-d.d"d/$e d0d1dd d2 g Z d5d4Z y3)6 cmd_ldapcmpzCompare two ldap databases.zO%prog (domain|configuration|schema|dnsdomain|dnsforest) [options]) sambaopts versionoptscredopts)URL1URL2z context1?z context2?z context3?z context4?z context5?z-wz--tworD store_trueFz"Hosts are in two different domains)destactiondefaulthelpz-qz--quietr&z1Do not print anything but relay on just exit codez-vz --verboser*z*Print all DN pairs that have been comparedz--sdr'z,Compare nTSecurityDescriptor attributes onlyz --sort-acesr(z=Sort ACEs before comparison of nTSecurityDescriptor attributez--viewr)rrYzUDisplay mode for nTSecurityDescriptor results. Possible values: section or collision.)rrchoicesrz--baserErz:Pass search base that will build DN list for the first DC.)rrrz--base2base2znPass search base that will build DN list for the second DC. Used when --two or when compare two different DNs.z--scoperFr)rrrz>Pass search scope that builds DN list. Options: SUB, ONE, BASEz--filterfilterz>List of comma separated attributes to ignore in the comparisonz--skip-missing-dnr,zCSkip report and failure due to missing DNs in one server or anotherNc|j}|jdxs|jd}|r|j|d}nd}|j|d}|j r|}n"|j d|j d|r|js tdg}| |r|rdg}nSgd }nN|||||fD]D}||jd vrtd |z|j|jF| r | r td |s|s|r |s td t||||| | | | | |||j|j| }t|jdkDsJt||||| | | | | |||j|j| }t|jdkDsJ|j!d}d}|D]Z} | s|jj#d| zt%|| ||j|j}!t%|| ||j|j}"|!j'|"r"| r|jj#d| z| s|jj#d| z| st|!j(dt|"j(dk(sJg|"j(d<|jj#d|jj#d|!j+|"j+d}]|dk7rtd|zy)NldapT)fallback_machineF)guessrz3You must supply at least one username/password pairrtrszIncorrect argument: %sz-You cannot set --verbose and --quiet togetherzTU U  %:[(HhG +9wwy$cc&'?!'CDD *  + uNO OD]^ ^eRuy 'dU!YYTYYY4<< 1$$$fbuy 'de!YYTYYY4<< 1$$$ll3'  G  AG KLD'{!%#?@C ScHdDeeee79 #34  6  6((*((*1 2 Q;3f<= = rK)NNNNNFFFFFrrrrrNNNF)rrr__doc__synopsisr SambaOptionsVersionOptionsCredentialsOptionsDoubletakes_optiongroups takes_argsr takes_optionsrrrKrIrr\s=%`H))--44 cJ tW5u8 :tYW\5G It[yu@ BvLuB D};|US Uxfi)[AYk mxfbP RywE Fyw?UT Vz"T V"):rKr)rr:rsamba samba.getoptgetoptrr samba.ndrr samba.dcerpcrr"rrrr r samba.netcmdr r r compileriobjectrrrrorrrKrIrs0  !WW 2::?@_v_Dr;r;jggT m0m0`|>'|>rK