de\ddlZddlZddlZddlmZmZddlmZddlmZddlm Z ddlm Z ddl m Z m Z ddlmZdd lmZdd lmZdd lmZmZmZdd lmZmZdd lmZddlmZddlmZmZm Z m!Z!dZ"Gdde#Z$y)N) b64decode b64encode)dsdb)common)misc)drsuapi) ndr_unpackndr_pack)drsblobs)dsdb_Dn)security)get_wellknown_sdsget_deletedobjects_descriptor get_diff_sds)system_session admin_session) CommandError)get_fsmo_roleowner)c_RED c_DARK_YELLOW c_DARK_CYAN c_DARK_GREENcg}|D]#} |j|jd%dj |S#t$r|jt|Y\wxYw)zStringify a value list, using utf-8 if possible (which some tests want), or the python bytes representation otherwise (with leading 'b' and escapes like b''). zutf-8,)appenddecodeUnicodeDecodeErrorreprjoin)valsresultvalues 1/usr/lib/python3/dist-packages/samba/dbchecker.pydump_attr_valuesr$*sd F' ' MM%,,w/ 0' 88F " ' MM$u+ & 's <#A"!A"ceZdZdZ dKdZdej ddfdZdZdZ dLdZ dZ d Z dMd Z d Zd Zd ZdZdZdZdZdZdNdZdZdZdZdZdZdZdZdZdZdZ dMdZ!dZ"d Z#d!Z$d"Z%d#Z&d$Z'd%Z(d&Z)d'Z*d(Z+d)Z,d*Z-d+Z.d,Z/d-Z0d.Z1d/Z2d0Z3d1Z4d2Z5d3Z6d4Z7d5Z8d6Z9d7Z:d8Z;d9Zd<Z?d=Z@d>ZAd?ZBd@ZCdAZDdBZEdCZFdDZGdEZHdFZIdOdGZJdHZKdIZLdJZMy)Pdbcheckzcheck a SAM database for errorsNc ||_d|_|xs||_||_||_||_||_| |_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_t7|_d|_d|_d|_d|_ d|_!d|_"d|_#d|_$d|_%d|_&d|_'d|_(d|_)d|_*d|_+d|_,d|_-||_.| |_/| |_0d|_1d|_2||_3tijj|d|jmz|_7tijj|d|jqz|_9|ju|_;tijj|d|jmz|_<tijj||j{|_>i|_?t|j|_Ad|_Bd|_Cd|_Dd|_Ed|_Ft|_Hi|_Ii|_J d|j|jtjz} |j| thjdg} ttj| ddd}t||jd <t|_Ytd|j|_\|jj|j|thjd d g} d | dvr| dd |_]nd | dvr| dd |_]nd|_]|jjd thjd g} g|_^g|__g|_` | dd |_a|jD]u} |jjtijj|j|jdtj}|jj|wd|jjz}d|jjz}|jjthjddg|jjd|z}t|dk(r>|jjtijj|j||df|jjthjddg|jjd|z}t|dk(r>|jjtijj|j||dftijj|jd|jjmz}t|j|d}tijj|j|jj{|k(rd|_lnd|_l|jjtijj|j|jjthjdg} tijj|j| dddjd|_n|jj|jthjdg} d| dvr>tijj|j| dddjd|_ond|_od|jjqjz}|j|thjddg} d| dvrt| ddd|_rnd|_rg|_sg|_t |jjthjdd d!g"} d | dvr | dd |_sd!| dvr| dd!|_tyy#thj$r.}|j\}}|thjk7rYd}~d}~wwxYw#t$rYt$rYwxYw#t$rL|jjtijj|j|jdY.wxYw#thj$r-}|j\}}|thjk7rYd}~yd}~wwxYw)#NFrzCN=Infrastructure,zCN=Partitions,%szCN=RID Manager$,CN=System,zCN=DnsAdmins,%s objectSidbasescopeattrs DnsAdminszmsDS-hasMasterNCs hasMasterNCsnamingContextsutf8zDC=DomainDnsZones,%szDC=ForestDnsZones,%smsDS-NC-Replica-LocationsmsDS-NC-RO-Replica-Locationsz$(&(objectClass=crossRef)(ncName=%s)))r+r,r* expressionridTserverReferencerIDSetReferencesz1CN=Directory Service,CN=Windows NT,CN=Services,%sz(objectClass=nTDSService)tombstoneLifetime)r*r+r4r,z @SAMBA_DSDBcompatibleFeaturesrequiredFeatures)r+r*r,)usamdb dict_oid_name samdb_schemaverbosefixyesquietcolourremove_all_unknown_attributesremove_all_empty_attributesfix_all_normalisationfix_all_duplicatesfix_all_DN_GUIDsfix_all_binary_dn#remove_implausible_deleted_DN_links!remove_plausible_deleted_DN_links$fix_all_string_dn_component_mismatch"fix_all_GUID_dn_component_mismatch!fix_all_SID_dn_component_mismatch fix_all_SID_dn_component_missing(fix_all_old_dn_string_component_mismatchfix_all_metadatafix_time_metadatafix_undead_linked_attributesfix_all_missing_backlinksfix_all_orphaned_backlinksfix_all_missing_forward_linksdictduplicate_link_cacherecover_all_forward_links fix_rmd_flagsfix_ntsecuritydescriptor$fix_ntsecuritydescriptor_owner_groupseize_fsmo_rolemove_to_lost_and_foundfix_instancetype"fix_replmetadata_zero_invocationid fix_replmetadata_duplicate_attidfix_replmetadata_wrong_attidfix_replmetadata_unsorted_attidfix_deleted_deleted_objectsfix_dnfix_base64_userparametersfix_utf8_userparametersfix_doubled_userparametersfix_sid_rid_set_conflictquick_membership_checksreset_well_known_aclscheck_expired_tombstonesexpired_tombstonesreset_all_well_known_aclsin_transactionldbDn domain_dninfrastructure_dnget_config_basedn naming_dnget_schema_basedn schema_dnrid_dnget_dsServiceNamentds_dsaclass_schemaIDGUIDr wellknown_sdsfix_all_missing_objectclassfix_missing_deleted_objectsfix_replica_locationsfix_missing_rid_set_masterfix_changes_after_deletion_bugsetdn_set link_id_cachename_mapget_wellknown_dnget_default_basednrDS_GUID_USERS_CONTAINERsearch SCOPE_BASEr r dom_sidstrLdbErrorargsERR_NO_SUCH_OBJECTrsystem_session_inforget_domain_sidadmin_session_info write_ncsdeleted_objects_containersncs_lacking_deleted_containersdns_partitionsncsKeyError IndexErrorr!DS_GUID_DELETED_OBJECTS_CONTAINERrget_root_basednSCOPE_ONELEVELget_partitions_dnlenr is_rid_masterget_serverName server_ref_dn rid_set_dnget_linearizedintr9r;r<)selfr=r?r@rArBrCrprkrlrmrDbase_dnres dnsadmins_side5enumestrncdndomaindns_zoneforestdns_zonedomainforestfsmo_dn rid_masterntds_service_dne6s r#__init__zdbcheck.__init__;s  !)2U   -2*+0(%*""' %!&38016.49127/16.05-8=5 %!&,1)).&*/'-2*$(F!).&"(-%491$&+# %27/05-,1)/4,+0( ).&',$*/'(-%'>$%:"(@%"#).&,!$/CeooFW/W!X'9E>&1]4C&x'7'7Q 9LQ9OPM),]);DMM+ & $2#3 "/e6J6J6L"MjjT]]#..QdftPuv #a& ( V$78DN Q'!$Q!7!%jjRs~~FVEWX*,'.0+  1v./DH (( bB bZZ00 BIIfDU1V151W1WY//66r:  b0$**2O2O2QQ/$**2L2L2NN""););*EGe)f(, (D(D(F.TWe.e#g v;!     & &tzz>(JFSTI'V W""););*EGe)f(, (D(D(F.TWe.e#g v;!     & &tzz>(JFSTI'V W&&%ADJJDXDXDZ%Z[' GUC 66$**djj::< = K!%D !&D jjSVVDJJ 8Q8Q8S%T&)nn=Nperform a database check, returning the number of errors foundrr*r+r,controlszChecking %u objectsr)requested_attrszNOTICE: found %d expired tombstones, 'samba' will remove them daily, 'samba-tool domain tombstones expunge' would do that immediately.zChecked %u objects (%u errors)z WARNING: z/ of these errors cannot be automatically fixed.z-Please use 'samba-tool dbcheck --fix' to fix z errors)r=rreportrunfixable_errors check_deleted_objects_containersrattribute_or_class_idsraddrr check_object check_rootdsernrA)rDNr+rr,r error_countobjects r#check_databasezdbcheck.check_databasesjjRuTFXV )CH45 !t<<>> &)e# OF KKOOC N + 4,,VYY,N NK O : 4--/ /K  " "Q & KK5// 1 2 4X{T-B-BBCD E  A % KK)D$9$9#:;II J ! DHH KKG&-w0 1c  d}|jD]}||jk(r|dz }|jd|z|jd|zdsCt j |j d}|j|d} |j j|tjggd }t|dk7rn|djjd }t j |j d ttj|z}|j|| |j j'||gd |j j|tjdggd }t|dk7r|jd|zy|dd} g} d} | D]}t)|j |j+dt,j.}|j1|r/|jd|z|jjd } | j3t|| "dttj| z}n+dt,j4z}| j3|d|d}t7j8|j j;}t=||j>}tA|j+d}|j jCd|d|d|ddg t jD}t j |j t|dd!|_ t jF| tjHd|d<|jK|dgd"|zd#$r|jd%|z|jLj3||S#tj $rH}|j"\}} |tj$k(rn|jd | zYd}~yYd}~d}~wwxYw#tj $r4} | j"\}} |jd|d|d| Yd} ~ yd} ~ wwxYw)&z`This function only fixes conflicts on the Deleted Objects containers, not the attributesrr5z=ERROR: NC %s lacks a reference to a Deleted Objects containerz-Fix missing Deleted Objects container for %s?rzCN=Deleted ObjectsN)show_deleted:1extended_dn:1:1show_recycled:1reveal_internals:0rGUIDzCN=Deleted Objects\0ACNF:%sz>+=*>.W$XC3x1} FKLa&+,CG"&  '!$**ahhv.>@Z@Z[--g6KK Y\] ]^+2***K*KF*S's1v& '#.03tyyAT7U3VV &)O)OO *b9: "))$***C*C*EFJ4Z>BmmMH$X.55f=L JJ  "$\;!@+4])C EKKMEvvdjj#c!fTl*;;O;O;M)OE$ % ~~ei[BRG',. ;b@A  + + 2 22 6Gc 7J]<< !ww t3111KK ^ae ef ||#%77LT4KKaceprv wxs1B+O4P8P5-7P00P58Q? )Q::Q?c|jry|jr|jdrtd|ddz}n|jdrt d|ddz}n|jdrt d|ddz}nh|jdrt d|d dz}nE|jd rt d |ddz}n"|jd rt d |d dz}t|y) z#print a message unless quiet is setNERRORWARNINGINFONOTICENOTESKIPPING)rCrD startswithrrrrprint)rmsgs r#rzdbcheck.reports ::  ;;~~g&Gns12w. *#I.QR8'!&)CG3)!(+c!"g5'!&)CG3 +":.QR8 c rc|jsy|jr |jS|jrd}tj|||S)zconfirm a changeFTforced allow_all)rArCrBrconfirm)rrrrs r#rzdbcheck.confirms;xx ::88O 88F~~c&IFFrc|jsyt||dk(ryt||dk(rd}n |j}|jr|St j ||d}|dk(rt ||dy|dk(rt ||dy|S)z(confirm a change with support for "all" FNONEALLTr)rAgetattrrBrCrrsetattr)rrall_attrrcs r#rzdbcheck.confirm_allsxx 4 "f , 4 "e +FXXF ::M NN3v > : D(E * ; D(F +rc>|jr|jd|z |dtjzgz}|jj ||y#t $r<}|jrt|d||j|d|Yd}~yd}~wwxYw)z&delete dn with optional verbose outputz delete DN %slocal_oid:%s:0r : NFT) r@rrDSDB_CONTROL_DBCHECKr=delete Exceptionrpr)rrrrerrs r# do_deletezdbcheck.do_deletes << KK+ , #3d6O6O#O"PPH JJ  b8  4   """S#9:: KKS#. /  s4A B 2BBc|dtjzgz}|jrM|j|jj |t j|jd|z |jj|||y#t$r<}|jrt|d||j|d|Yd}~yd}~wwxYw)z-perform a modify with optional verbose outputrz controls: %r)rrrNFT) rrr@rr= write_ldifrqCHANGETYPE_MODIFYmodifyrrpr)rmrrrrs r#rzdbcheck.do_modifys/$2K2KKLL << KK --a1F1FG H KK1 2  JJ  a(X  F   """S#9:: KKS#. /  s2B C2CCc |jr5|jdt|dt|dt| ||z}|dtjzgz}|j j |||y #t$r<}|jrt|d||j|d|Yd}~yd}~wwxYw) z-perform a rename with optional verbose outputrz changeType: modrdn newrdn: z deleteOldRdn: 1 newSuperior: rrrNFT) r@rrrrr=rrrpr)rfrom_dnto_rdnto_baserrto_dnrs r# do_renamezdbcheck.do_renames << KK'lCKW ? @  W$E#3d6O6O#O"PPH JJ  gux  @   """S#9:: KKS#. /  s:A>> C2B>>Cc||jvr|j|S|jj|}|r|jj|}nd}||f|j|<||fSN)rr?get_linkId_from_lDAPDisplayName!get_backlink_from_lDAPDisplayName)rattrnamelinkIDrevnames r# get_attr_linkID_and_reverse_namez(dbcheck.get_attr_linkID_and_reverse_namest t)) )%%h/ /""BB8L ''II(SGG(.'88$wrcr|jd|d||jd|d|dds|jd|zytj}||_tj d tj |||<|j|d d gd |zd r|jd|zyy)zfix empty attributeszERROR: Empty attribute  in zRemove empty attribute  from ?rFzNot fixing empty attribute %sNr/rrz#Failed to remove empty attribute %sFrzRemoved empty attribute %s)rrrqrrrFLAG_MOD_DELETEr)rrr%rs r#err_empty_attributezdbcheck.err_empty_attributes 2FGRT UWtu KK7(B C  KKM((S-@-@(K( >>!i):;?(JUZ  \ KK4x? @ \rc`|jd|d|g}|D]}|jj|j||g}t |dk7r(|jd|z|j |dfa|d|k7sj|jd|d|dd |j ||df|j d |d |d d s|jd|zytj}||_ tdt |D]f}||\}} tj|tj||d|z<| dk7s>!i):; ?  KKM((S5I5I8T( >>!i):;r0zValues contain a duplicate: [z]/[z]!zFix duplicates for 'rArBrHrCNrrz0Failed to remove duplicate value on attribute %sFrz'Removed duplicate value on attribute %s) rr$rrqrrrrr)rrr% dup_valuesr6rs r#err_duplicate_valueszdbcheck.err_duplicate_values:s HVXYZ %j13CF3KM NRT UWkl KK3h> ?  KKM((1E1ExP( >>!i):;LxW#(  * KKAHL M *rcB|jdtjzk(S)z2see if a dsdb_Dn is the special Deleted Objects DNzB:32:%s:)prefixrr)rrs r#rzdbcheck.is_deleted_objects_dnLs~~d.T.T!TTTrc|jd|d|jj|d|jd|zds|jd|zy|j |dgd |zr|jd |zyy) z!handle object without objectclassz%ERROR: missing objectclass in object zw. If you have another working DC, please run 'samba-tool drs replicate --full-sync --local r0zIIf you cannot re-sync from another DC, do you wish to delete object '%s'?r~z1Not deleting object with missing objectclass '%s'NrFailed to remove DN %s Removed DN %s)rr= get_nc_rootrrrrs r#err_missing_objectclasszdbcheck.err_missing_objectclassPs |~@D@J@J@V@VWY@Z[ \ knp psPQ KKKbP Q  >>"yk2R7 9 KK", - 9rcv|s[|jd|d|d||jdt|z|jddsm|jdy|jd |d|d||jdt|z|jd d s|jdytj}||_tj |tj||d <|j|d dtjzgd|zr|jd|zyy)z(handle a DN pointing to a deleted objectz ERROR: target DN is deleted for in object  - z#Target GUID points at deleted DN %rzRemove DN link?rKz Not removingNz"WARNING: target DN is deleted for zRemove stale DN link?rL old_valuerrz(Failed to remove deleted DN attribute %sz"Removed deleted DN on attribute %s) rrrrqrrrr-rr DSDB_CONTROL_REPLMD_VANISH_LINKS)rrr%r8r correct_dnremove_plausiblers r#err_deleted_dnzdbcheck.err_deleted_dnZs KKRZ\^`cd e KK=JO P##$57\] N+ KKT\^`bef g KK=JO P##$;=`a N+ KKM++C1D1DhO+ >>!/.1V1VVXDxO Q KKt|jddk(r |j|\}}|,|jd |d |d||jd y|jj |} |jj |j } | 9|jd |d|j d|d||jdy|| k7r,|jd|d |d||jdy|jd|d |d||j|||||dy|jd|d |d||j|||||dy#tj$r0} | j\} } | tjk7rd } Yd } ~  d } ~ wwxYw)zxhandle a missing target DN (if specified, GUID form can't be found, and otherwise DN string form can't be found)z\0ADELz8WARNING: no target object found for GUID component link z in deleted object rSz`Not removing dangling one-way link on deleted object (tombstone garbage collection in progress?)rr5NzLWARNING: no target object found for GUID component for one-way forward link rRz"Not removing dangling forward linkz>!/0@FQ S KKfhG H S+|| 77LT4 KKGJJPTU Vs---  . .r8S' J   sAFH%AHHc |jd|d|d|d||jdt|zds|jd|zytj}||_tj |tj||d <tj t|tj||d <|j|d gd |d |r|jd|d |yy)z'handle an incorrect binary DN componentrcz binary component for rRrSrfrJrgNrTrhrrirjrk) rrrrqrrrr-r5r)rrr%r8rrlrs r#err_incorrect_binary_dnzdbcheck.err_incorrect_binary_dns VU]_acfgh 2S\ ACVW KK&0 1  KKM++C1D1DhO+++CL#:J:JHU+ >>!/0@FQ S KKfhG H Src |jd|d|d|||_|jdt|zds|jdyt j }||_t j |tj||d<t j t|tj||d <|j|d d tjzgd |zr|jd |zyy)z>!/.1[1[[]G8T V KK=J K Vrc |jd|d|d|d|||_|jdt|zd|zs|jd|zyt j }||_t j |tj||d <t j t|tj||d <|j|d gd |d |r|jd|d |yy)z"handle a DN string being incorrectzERROR: incorrect DN rdrRrSrfz fix_all_%s_dn_component_mismatchz Not fixing %s component mismatchNrTrhrzFailed to fix incorrect DN rjzFixed incorrect DN ) rrrrrqrrr-r5r)rrr%r8rrV mismatch_typers r# err_dn_component_target_mismatchz(dbcheck.err_dn_component_target_mismatchs S`bjlnpstu  2S\ A B] RT KK:]J K  KKM++C1D1DhO+++CL#:J:JHU+ >>!/0MZ\de g KK=RZ[ \ grcV|jd|d|d|t|jdk7r|jdytj|j |j j}|jd||jd|jzd s|jd y|jd }tj|j d }|jd ||jd|tj} || _tj|jtj|| d <ddtjzg} |j!| | d|zr|jd|zyy)z*fix missing on linked attributesz$ERROR: missing DN SID component for rRrSrz3Not fixing missing DN SID on DN+BINARY or DN+STRINGNSIDrfrPz#Not fixing missing DN SID componentrr/rhrrrz,Failed to ADD missing DN SID on attribute %sz$Fixed missing DN SID on attribute %s)rrrJrqrrr=r extended_strset_extended_componentrrrrr5r$DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SIDr) rrr%r8rtarget_sid_blobrVtarget_guid_blob guid_sid_dnrrs r##err_dn_component_missing_target_sidz+dbcheck.err_dn_component_missing_target_sidsh RZ\^`cde w~~ ! # KKM N VVDJJ (?(?(AB ))%A 2Z5L5L5N N BD KK= > %<>!XHHU W KK>(K L Wrc|jd|d|j|jd|zds|jd|zytj}|j|_tj gtj ||d<|j|dd gd |zr|jd |zyy) z!handle an unknown attribute errorzERROR: unknown attribute '' in zRemove unknown attribute %srEzNot removing %sNrTrrz%Failed to remove unknown attribute %szRemoved unknown attribute %s)rrrrqrrr-r)robjr%rs r#err_unknown_attributezdbcheck.err_unknown_attribute9s XsvvNO = HJij KK)H4 5  KKMvv++B0C0CXN+ >>!i):;AHL N KK6(C D Nrc|jd|d|d|j|jd|zds|jd|zytj}|j|_tj |tj ||d<|j|d d d d tjzgd |zr|jd|zyy)z:handle a link that should not be there on a deleted objectzERROR: linked attribute 'z' to 'z' is present on deleted object zRemove linked attribute %srTz Not removing linked attribute %sNrTrrrrz Failed to delete forward link %szFixed undead forward link %s) rrrrqrrr-rrrU)rrr%r8rs r#err_undead_linked_attributez#dbcheck.err_undead_linked_attributeFs +3S#&&B C >!/1ACW.1V1VVX>!/;= M O KK3}E F Orct|jjd}|jd|||j|jj fz|j d|zds|jd|zyt j}|j|_t jt|t j||d<|j|gdd |zr|jd |zyy) z"handle a incorrect RMD_FLAGS value RMD_FLAGSzHERROR: incorrect RMD_FLAGS value %u for attribute '%s' in %s for link %szFix incorrect RMD_FLAGS %ur[z!Not fixing incorrect RMD_FLAGS %uNrT)rrshow_deleted:0z$Failed to fix incorrect RMD_FLAGS %uzFixed incorrect RMD_FLAGS %u) rrrrrzrrqrrrr-r)rrr% revealed_dn rmd_flagsrs r#err_incorrect_rmd_flagszdbcheck.err_incorrect_rmd_flagscs ==kJK  ^bkmuwzw}w}@K@N@N@[@[@]b^^ _ Q>QS[\+ >>!X@9L N KK6)D E Nrc |dur5|j|||r"|jdd|d|d|d|d zy|jd|d|d |d ||jd |zd s|jd |zytj}||_tj |tj||d<|j|ddgd|zr|jd|zyy)z handle a orphaned backlink valueTz*WARNING: Keep orphaned backlink attribute r0r>z ' for link 'Nz$ERROR: orphaned backlink attribute 'rrr*zRemove orphaned backlink %srVz!Not removing orphaned backlink %sr"rrz"Failed to fix orphaned backlink %szFixed orphaned backlink %s) has_duplicate_linksrrrqrrrr-r) robj_dn backlink_attr backlink_valr forward_attrforward_syntaxcheck_duplicatesrs r#err_orphaned_backlinkzdbcheck.err_orphaned_backlinkqs t #(@(@LZh(i KKD)6<LL M  Yfhnp|HI J = MOkl KK;mK L  KKM'' c6I6I=Y' >>!/;>N P KK4 F G Prc>|jd|d|jd|jd|zds#|jd|d|jdytj}|j|_tj |tj ||d <|j|d tjzgd |zrN|jd |zt|jd |}||jvsJd|j|<yy)zhandle a duplicate links valuezERECHECK: 'Missing/Duplicate/Correct link' lines above for attribute 'r>r0zDCommit fixes for (missing/duplicate) forward links in attribute '%s'rZzENot fixing corrupted (missing/duplicate) forward links in attribute '' of 'Nr"rrz/Failed to fix duplicate links in attribute '%s'z'Fixed duplicate links in attribute '%s'rF) rrrrqrrrrr(DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKSrrY)rrr forward_valsrduplicate_cache_keys r#err_recover_forward_linksz!dbcheck.err_recover_forward_linkss jvx{x~x~ A fiu uxST KK$cff. /  KKMvv'' c6J6JLY' >>!.1^1^^_KlZ \ KKA\R S-0[,"G &$*C*CC CC=BD % %&9 :  \rc|jd|jz|jjdtj dg}t |dk(sJt|ddd}|jd|jd|d s"|jd |jd|y t j}|j|_t j|tjd |d <|j|gd|jd|r"|jd|jd|y y )zhandle a missing fSMORoleOwnerz*ERROR: fSMORoleOwner not found for role %sr/ dsServiceName)r+r,r5rz Seize role z) onto current DC by adding fSMORoleOwner=r^zNot Seizing role N fSMORoleOwnerr"zFailed to seize role z Seized role ) rrr=rrqrrrrrrr5r)rrr serviceNamers r#err_no_fsmoRoleOwnerzdbcheck.err_no_fsmoRoleOwners @CFFKLjj&)nn_>!Rbebhbhjuv x KKWZW]W]_jk l xrc |jd|jz|jd|jzds|jd|jzyd}|jj  |jj |j}|jj |tj}tj|jt|j}|jt|dz |j|j||dd gd |jd ||zr|jd |jd ||ztj}|j|_tj t|jj#tj$d |d <|j'|gd||zzr|jd||zzd}|r|jj+y|jj)y#|jj)xYw)zhandle a missing parentz%ERROR: parent object not found for %sz!Move object %s into LostAndFound?r_z&Not moving object %s into LostAndFoundNFr5rrFailed to rename object z into lostAndFound at zRenamed object lastKnownParentz:Failed to set lastKnownParent on lostAndFound object at %sz0Set lastKnownParent on lostAndFound object at %sT)rrrr=transaction_startrNrrDS_GUID_LOSTANDFOUND_CONTAINERrqrrrremove_base_componentsrr rrparentrrtransaction_canceltransaction_commit)rrkeep_transactionr^lost_and_foundnew_dnrs r#err_missing_parentzdbcheck.err_missing_parents ;svvFG Csvv NPhi KK@CFFK L   $$& jj,,SVV4G!ZZ88$BeBefNVVDJJCFF 4F  ) )#f+/ :~~cfffn?OQZ>[VYV\V\^dgu^uvx 366SY\jSjklKKMvv'*'9'9#cffmmo:NPSPdPdfw'x#$>>!R"^bhkyby"z|KK RV\_mVm no'+$  JJ ) ) + JJ ) ) +  JJ ) ) + s :FI I&c Ztj|jt|}|j t |dz |j }d} ||k7r | |d|dz } | d|zz } |jd|jd| d|d |jd |jd |d d s"|jd|jd |y|j|j|||d|jd|r"|jd|jd|yy)zhandle a wrong dnr5r/= zname=%rzERROR: wrong dn[z] z new_dn[]zRename rr,rfz Not renaming Nrz into zRenamed ) rqrrr=rrrrrrrr ) rrrrdn_attrrdn_valname_valrnew_rdn new_parent attributess r# err_wrong_dnzdbcheck.err_wrong_dns&&S[1&&s7|a'78]]_  h  h8 8Ji8,,  366:vVWcfff ExP KK3666B C  >>#&&':xBE&&&Q S KK? @ Src6|jd|d|j|fz|jd|d||jfzds%|jd|d||jfzytj}|j|_tj t |tjd|d<|j|dtjzgd |j|fzr!|jd |j|fzyy) zhandle a wrong instanceTypez0ERROR: wrong instanceType %s on %s, should be %d instanceTypez(Change instanceType from %s to %d on %s?r`z-Not changing instanceType from %s to %d on %sNr"rzGFailed to correct missing instanceType on %s by setting instanceType=%dz7Corrected instancetype on %s by setting instanceType=%d) rrrrqrrrrrr&DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA)rrcalculated_instancetypers r#err_wrong_instancetypezdbcheck.err_wrong_instancetypes@ F#nJ]_b_e_eg~I A JcR`Nacz|}C}CND!DFXY KKG3~K^`wy|yyKAA B  KKMvv'',C(DcFZFZ\jk' >>!.1\1\\]cgjgmgmpGgHH I KKQUXU[U[]tTuu v Irc|jd|jd|jj|jdy)N0ERROR: incorrect userParameters value on object z. If you have another working DC that does not give this warning, please run 'samba-tool drs replicate --full-sync --local r0rrr=rN)rrr%r"s r#err_short_userParametersz dbcheck.err_short_userParameterssi gjgmgmosoyoyoEoEFIFLFLoMN Orc|jd|d|jd|jd|jzds|jd|jzytj}|j|_tj t ||dtjd |d <|j|gd |jzr|jd |jzyy) z6handle a userParameters that is wrongly base64 encodedz(ERROR: wrongly formatted userParameters  on z, should not be base64-encodedz2Convert userParameters from base64 encoding on %s?rgz6Not changing userParameters from base64 encoding on %sNruserParametersr"zOFailed to correct base64-encoded userParameters on %s by converting from base64zGCorrected base64-encoded userParameters on %s by converting from base64) rrrrqrrrrrrrr%r"rs r#err_base64_userParametersz!dbcheck.err_base64_userParameterss hmorououvw TX[X^X^ _a|} KKPTWTZTZ[ \  KKMvv'' #h-2B(CSEYEY[kl' >>!Rkorououv x KKaehekekl m xrc|jd|jz|jd|jzds|jd|jzytj}|j|_tj ||dj djdtjd |d <|j|gd |jzr|jd |jzyy) z5handle a userParameters that is wrongly utf-8 encodedzPERROR: wrongly formatted userParameters on %s, should not be pseudo-UTF8 encodedz0Convert userParameters from UTF8 encoding on %s?rhz4Not changing userParameters from UTF8 encoding on %sNrr1 utf-16-lerr"zQFailed to correct psudo-UTF8 encoded userParameters on %s by converting from UTF8zICorrected psudo-UTF8 encoded userParameters on %s by converting from UTF8 rrrrqrrrencoderrrs r#err_utf8_userParameterszdbcheck.err_utf8_userParameterss 8;>66C D RVYV\V\ ]_xy KKNRURXRXY Z  KKMvv''H a(8(?(?(G(N(N{([(+(<(<>NP' >>!Rmqtqwqwx z KKcgjgmgmn o zrc|jd|jz|jd|jzds|jd|jzytj}|j|_tj ||dj djdtjd |d <|j|gd |jzr|jd |jzyy) z:handle a userParameters that has been utf-16 encoded twicezQERROR: wrongly formatted userParameters on %s, should not be double UTF16 encodedz:Convert userParameters from doubled UTF-16 encoding on %s?riz>Not changing userParameters from doubled UTF-16 encoding on %sNrrr1rr"zJFailed to correct doubled-UTF16 encoded userParameters on %s by convertingzBCorrected doubled-UTF16 encoded userParameters on %s by convertingrrs r#err_doubled_userParametersz"dbcheck.err_doubled_userParameterss gknkqkqrs \`c`f`f gjFG KKX\_\b\bc d  KKMvv''H a(8(?(? (L(S(STZ([(+(<(<>NP'  >>!Rfjmjpjpq s KK\`c`f`fg h src|jd|jd|jj|jdy)z?Fix a truncated userParameters due to a pre 4.1 replication bugrz (odd length). If you have another working DC that does not give this warning, please run 'samba-tool drs replicate --full-sync --local r0Nr)rrr%s r#err_odd_userParameterszdbcheck.err_odd_userParameters+si twtztz|@|F|F|R|RSVSYSY|Z[ \rcH|jj|tj|ggd}|jj |}|d|D]L}t |j|jd|}|jjd}||k(sJ|cSy)z#return a revealed link in an object)rrrrrr1rN) r=rrqrr?#get_syntax_oid_from_lDAPDisplayNamer rrr) rrr%rr syntax_oidr8rguid2s r#find_revealed_linkzdbcheck.find_revealed_link/sjjRs~~hZ)b d&&JJ8T q6(# Cdjj#**V*>C>#C99C>c&g}d}|||fS|tjk7r|jd|z||fSd|jvr|jd||fS |dd}t t t j|} d|d| d } |jj| tjdggd  } | D] }t|j|jj|}|jj!d }t t j|}||vrqt t"j$|d d}|j&j(D]9}|j*}|j,}|j.t0j2k(s9nt jd}d}}|}d}|}|}}d}|jj5dt ||jj5dt ||jj5dt ||jj5dt7||jj5dt ||jj5dt ||jj5dt ||dz }|j9|#||fS#tj$r} | j\} }d} ~ wwxYw)zMFind all backlinks linking to obj_guid_str not already in forward_unique_dictrNz5Not checking for missing forward links for syntax: %s sortedLinkszQNot checking for missing forward links because the db has the sortedLinks feature objectGUID(z=))rsearch_options:1:2zpaged_results:1:1000)r4r+r,rrreplPropertyMetadataz$ffffffff-4700-4700-4700-000000b13228r5 RMD_ADDTIMERMD_CHANGETIMEr RMD_INVOCIDRMD_ORIGINATING_USNrr)rq SYNTAX_DNrr;rr rrr=r SCOPE_SUBTREErrr rrzrr replPropertyMetaDataBlobctrarray local_usnoriginating_change_timeattidrDRSUAPI_ATTID_objectClassr{r r) rrrrrforward_unique_dictmissing_forward_linksrobj_guid obj_guid_strfilterre9rrrrrrreplrrtoriginating_invocidoriginating_usn rmd_addtimermd_changetimer rmd_invocidrmd_originating_usn rmd_local_usn rmd_versions r#)find_missing_forward_links_from_backlinksz1dbcheck.find_missing_forward_links_from_backlinkss !#  );7 7 S]] * KKO&' ();7 7 D33 3 KK6 7);7 7 <(+Hz$))X>?L)6 EF**##v*-*;*;L>.F$GC> 4A ADD,=,=,?PI<<66v>D$))D/*G--(h??!"89!<>DXX^^ KK --77g???  #')),R"S OKNI-K"1 %MK LL / / s;?O P LL / /0@#nBU V LL / / S^ L LL / / x ?T U LL / /0EsK^G_ ` LL / /]AS T LL / / s;?O P 1 K ! ( ( 3}> 4@&{33I|| 77LT4  sA$K((L;L  Lc d}|dd}|j|\}}||jj|}nd}|dv} | r|jri} n|j |||||\}} } t | dk7r|j |||| \} } || z }| jDcgc]}|}}| dk7r#|jd|d|jdn"|jd|d|jd| D]v}|jd |z|jd |zd sE|j|j||jj|j||d q||gz }x| jD]<}| |}|dD]}|jd|z|jd|dz>t|Dcgc] }t|}}|j!|||t#j$|d|||<||D]}t'|j(|j+d|}|jj-d}|%|dz }|j/|j|||dltt1j2|}ddg}t|j5dk(r-|j|j6k(rd}|j9dnd }||j9| |j(j;d|zt"j<|gd}|rudtG|dddz|_$dtG|dddz|_%t|t|k7r&|dz }|jM|j|||d d|vxr"t|ddjOd!k(}d|dvxr%t|dddjOd!k(} |r4|j|jPvr|r|jS||||dz }"| r|jU|s|r|dz }|jj-d"}!|!rd|dvrtWtXjZ|dd#d}"d }#|"j\j^D]>}$|$j`tbjdk(s!|$jf}%|%tG|!k\s$rO}|j@\}}|t"jBk7r||jE|j|||z }Yd}~ $d}~wwxYw)*z$check a DN attribute for correctnessrrN)membermemberOfz@ERROR: Missing and duplicate forward link values for attribute 'r>r0z4ERROR: Duplicate forward link values for attribute 'zMissing link '%s'z8Schedule re-adding missing forward link for attribute %srWF)rrzDuplicate link '%s'zCorrect link '%s'rr1rr5z missing GUID isDeletedreplPropertyMetaDatazmsds-hasinstantiatedncsTr )rrrrz B:8:%08X:z%08Xz(incorrect instanceType part of Binary DNTRUErrrstringryzHWARNING: Link (back) mismatch for '%s' (%d) on '%s' to '%s' (%d) on '%s'zIERROR: Link (forward) mismatch for '%s' (%d) on '%s' to '%s' (%d) on '%s'z5ERROR: Can't fix missing multi-valued backlinks on %s)>s?G?P?JL 7 !#6 . .K*5*<*<*>?BR?M?"a' $cff./ aiknkqkqrs* % 1Q78''(bem(m(GI..qtt5F/2vv/B/B/Dcff/7@E/G!$  %)--/ ?"6*H+  ?'-]&;<CGQRS>T:U:[:[:]ag:g cffD,K,KKPV 00hDq "4+E+Eg+NSYq #JJ==oN -Q7)(*K*K*-a&1G*H*K M%* !%*A ww'*I*II./kk #.#i.#@26J$)*& //03Wc!fiiO$##CFFHc7CFIIuU zz88EHI#M q=%6%Bs1vyy>S_41$K99#&&(CQX:=a&))XO1vyy//77::;\;\]c;ddq 55cffhW69!fiiIQ99%@Jzz88?HJ$:q 8839@*N:%q 55cffhW69!fiiH!(Q;3s1vyy>S_#D %^^gjj.G.G.IIF44SVVXv5">K CF*Q 12 )A"4::qxx/?@D!WW;;FCF!WW;;KHF"#K)&)&k "Q )#q(  )a!;!;;?QUYUoUo?o!A:() !$X3A%,TZZ&9I%J%M%M%d%dek%lF%~ - 2 3 '-7$N] (tzz188F+;<77?77 D %"%f+K?T>"a'N (n,'+5Jz!#1$K..svvx/2GJJ/@/AC f$nc#&&k-{C OjMMN( (( KKc .#cff+);GJJgII J /q >"Q*q. %CEH_%UV--c8.1ff.A.A.C.?.5jj:!OJ..s1vyy:K/2vv/B/B/Dcff/7E!OJ#/uk $ZY@4=D<< !ww t3111tAA#&&BJBEBI KK  s%+ kk 2k$$m7Ammc`|jjD]}|j|k(s|cSyr")rrr)rrrrs r#find_repl_attidzdbcheck.find_repl_attid-s/ Aww% rcxttj|}|j||}| |jSy)zRead metadata properties and return the originating time for a given attributeId. :return: the originating time or 0 if not found r)r r rr;r)rr8rrrs r#get_originating_timezdbcheck.get_originating_time4s<(;;SA  u - =,, ,rc&t}t}g}|j|j}ttj |}|j jD]}|jj|j} |j| j|j|j|jj| |} | |jk7s|j|j|||fS)zgRead metadata properties and list attributes in it. raises KeyError if the attid is unknown. is_schema_nc)r is_child_ofrxr r rrrr?get_lDAPDisplayName_by_attidrrrrget_attid_from_lDAPDisplayName) rrr8set_att wrong_attids list_attid in_schema_ncrratt correct_attids r#process_metadatazdbcheck.process_metadataAs%u  ~~dnn5 (;;SA *A##@@IC KK $   agg & --LLSZfMhM'  ) *\22rctttj|dd}t j |j d|z}|j j|tj|gddg}|d}t j}||_ t j||tj|||<|j|gdd|zr|jd |zy y ) zre-write replPropertyMetaData elements for a single attribute for a object. This is used to fix missing replPropertyMetaData elementsrrrrrr)rrr'Failed to fix metadata for attribute %szFixed metadata for attribute %sN)rr rrrqrrr=rrrrrrrr)rrattrguid_strrrrnmsgs r# fix_metadatazdbcheck.fix_metadataWsz$))S->q-ABC VVDJJ h 6 7jjRs~~dV*>*;*= >!f{{}''D 33G3GNT >>$ MCdJ L KK9D@ A Lrc|jtjzryd}|jtjk(rd}n_|jtj k(rd}n?|jtj k(rd}n|jtjk(rd}|sy|jjtjzsyt|jjS)NFT) flagsr SEC_ACE_FLAG_INHERIT_ONLYtype"SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT!SEC_ACE_TYPE_ACCESS_DENIED_OBJECT SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT SEC_ACE_TYPE_SYSTEM_ALARM_OBJECTr%SEC_ACE_INHERITED_OBJECT_TYPE_PRESENTrinherited_type)racechecks r# ace_get_effective_inherited_typez(dbcheck.ace_get_effective_inherited_typegs 99x99 9 88xBB BE XXCC CE XXBB BE XXBB BEzz("P"PP3::,,--rc||jvr|j|Sd|z}|jj|j|dg}t t t j|ddd}||j|<|S)Nz0(&(ldapDisplayName=%s)(objectClass=classSchema)) schemaIDGUID)r*r4r,r)r|r=rrxrr rr)rclsfltrrs r#lookup_class_schemaIDGUIDz!dbcheck.lookup_class_schemaIDGUID}s $)) )**3/ /@3FjjT^^+.'5&6 8  499c!f^& !  &:  m$R(C ;**##3>>+6 *F.?-@$BCAA$)Vc!K.2C.D.J.J.LPV.VJDz!M"2&C  * *3 / # #b> !Dz+   s"I55 JJcd}t|}tjtjz}|j d|d|dds|j d|d|dyt j}||_t j|t j|||<|j|d |zgd |zr|j d |d |d yy)z/re-write the SD due to incorrect inherited ACEsrdFix rr,r\ Not fixing  N sd_flags:1:%dFailed to fix attribute %sFixed attribute 'r' ) r r SECINFO_DACL SECINFO_SACLrrrqrrrrr)rrrr sd_brokenrprqsd_flagsrOs r# err_wrong_sdzdbcheck.err_wrong_sds("((8+@+@@7B ?A[\ KK7B? @ {{}**633G3GQW >>$8!; <6@ B KKGRH I Brc0d}t|}tjtjz}|j|tj z}|j |tjz}|jd|d|d|ds|jd|d|dytj}||_ tj|tj|||<|j|d |zgd |zr|jd |d |d yy)zare-write the SD due to not matching the default (optional mode for fixing an incorrect provision)rdNzReset rz back to provision default? rozNot resetting rzr{zFailed to reset attribute %sr}rr~)r r rrrg SECINFO_OWNERrh SECINFO_GROUPrrrqrrrrr)rrrrdiffrprqrrs r#err_wrong_default_sdzdbcheck.err_wrong_default_sds("((8+@+@@ << # .. .H << # .. .HSZ\^`d ehCD KKgrB C  KKM''0D0DgN' >>!o8987B D KKGRH I DrcBd}t|}tjtjz}|j d|d|dds|j d|d|dyt j}||_t j|t j|||<|jj|j|j|d |zgd |zr|j d |d |d |jj|jy)z/re-write the SD due to a missing owner or grouprdzFix missing owner or group in rr,r]z"Not fixing missing owner or group rzNr{rLr}rr~)r r rrrrrqrrrrr=set_session_inforrr)rrrrrprqrrOs r#err_missing_sd_ownerzdbcheck.err_missing_sd_owners("))H,B,BBWVX Y\BC KK'SUV W {{}**633G3GQW  ##D$;$;< >>$8!; <CgM O KKGRH I ##D$<$<=rc |jry||jvryttj|}|j |t j}tj|j}tj}|jdz}||z }||kry||z} |dz } | dkrA|jd|z|jdtj| |dzfzn=|jd|z|jdtj| | fz|jd |j|j |j"|j$|j&tjtj|jfz|xj(d z c_y ) NFQz`SKIPPING additional checks on object %s which very recently became an expired tombstone (normal)zbINFO: it is expected this will be expunged by the next daily task some time after %s, %d hours agoiz+SKIPPING: object %s is an expired tombstonezTINFO: it was expected this object would have been expunged soon after%s, %d days agozHisDeleted: attid=0x%08x version=%d invocation=%s usn=%s (local=%s) at %sr5T)rmrr r rr;rrsamba nttime2unixrtimer9rctimerversionoriginating_invocation_idrrrn) rrrepl_valrr delete_time current_timetombstone_deltar expunge_time delta_dayss r#is_expired_tombstonezdbcheck.is_expired_tombstone8s  ( ( 00 0(;;XF((w/N/NO '' (I(IJ yy{ 00LA{* O #"_4 l+ ? KK?ACD E KK' ::l3Uw5GHI J KKEJ K KK* ::l3Z@A B ^OO%%77--''JJu001R1RST bVV W 1$rc.ttj|}|j|tj }t j|j}|jdz}g}|jjD]}|jtj k(r!|j|jkr;|j|jkrUt j|j}||z } | |kr|j|||fS)Nr)r r rr;rrrrrr9rrrrr) rrrrrrfoundr change_timers r#find_changes_after_deletionz#dbcheck.find_changes_after_deletionns(;;XF((w/N/NO '' (I(IJ 00LA Aww'999{{i111((I,M,MM++A,E,EFK+-E' LLO) ,ircj|\}}t|dk(ryfd}jd|z|||D] }|| y)NrFc jj|j}j d||j|j |j |j|jtjtj|jfzy#t$rd|jz}YwxYw)NzA%s: attid=0x%08x version=%d invocation=%s usn=%s (local=%s) at %s)r?rBrrrrrrrrrrrr)rattnamers r# report_attidz8dbcheck.has_changes_after_deletion..report_attids 8++HHQ KK[!))33))  5#4#4Q5N5N#OP _RR S 8-7 8s%B&&CCz,ERROR: object %s, has changes after deletionT)rrr)rrrrrrrs` r#has_changes_after_deletionz"dbcheck.has_changes_after_deletionsc;;HEy u:? S BRGHY A O rcX|j|\}}|j|j}|j}|jj ||}g}|D]} | j |k(r| j tjk(r1| j tjk(rO |jj| j } |j| t|dkDr5|jddj|z|jdy|j!d|d|j"d d s|jdy|j%|d gd |zr|jd |zyy#t$rd| j z} YwxYw)Nr?rrzUnexpeted attributes: %srz%Not fixing changes after deletion bugzDelete broken tombstone object z deleted z days ago?rrrLrM)rrArx get_rdn_namer?rCrrDRSUAPI_ATTID_nameDRSUAPI_ATTID_lastKnownParentrBrrrrrrr9r) rrrrrrGr rdn_attid unexpectedrrs r#err_changes_after_deletionz"dbcheck.err_changes_after_deletions;;HEy~~dnn5 ??$%%DDXBNEP   'Aww)#ww'444ww'??? 8++HHQ   g & ' z?Q  KK2SXXj5II J KK? @  "D$:$:!<=]_ KK? @  >>"yk2R7 9 KK", - 9 8-7 8s1%FF)(F)c ttj|}|j}d}|jD]}|j t jdk7r&d}|jd||j|jtjtj|j|j j#fz|S)NF$00000000-0000-0000-0000-000000000000Ta ERROR: on replPropertyMetaData of %s, the instanceType on attribute 0x%08x, version %d changed at %s is 00000000-0000-0000-0000-000000000000, but should be non-zero. Proposed fix is to set to our invocationID (%s).)r r rrrrrrrrrrrrrrr=get_invocation_id)rrrepl_meta_datarrrrs r#"has_replmetadata_zero_invocationidz*dbcheck.has_replmetadata_zero_invocationids(;;(*hh |||<|jA|dtBjDzddgd|zr|jd|d|dyycc} w) NFc|jSr"rrs r#z:dbcheck.err_replmetadata_incorrect_attid..!s qwwr)keyz %s: 0x%08xz(ERROR: duplicate attributeID values for r*rrzzLFix %s on %s by removing the duplicate value 0x%08x for %s (keeping 0x%08x)?rbz5Not fixing duplicate value 0x%08x for %s in %s on %s Trr?z'ERROR: incorrect attributeID values in zEFix %s on %s by replacing incorrect value 0x%08x for %s (new 0x%08x)?rczANot fixing incorrect value 0x%08x with 0x%08x for %s in %s on %s c|jSr"rrs r#rz:dbcheck.err_replmetadata_incorrect_attid..Xs rz&ERROR: unsorted attributeID values in rxz by sorting the attribute list?rdryrrz#local_oid:1.3.6.1.4.1.7165.4.3.25:0r|r}rr~)#r r rrrArxrrrreversedrrr?rBrrrrrrrrrrrCcountr rqrrrrrrr)rrrMrrErrArD remove_attidhash_attrGrrrHnew_listrIrrOs r# err_replmetadata_incorrect_attidz(dbcheck.err_replmetadata_incorrect_attids(;;(*%u ~~dnn5 hh399Q<->? #))$ %A ,"agg. /##@@ICyy{g% Z]_ceghi''(v+/QWWc8C=CVCV*W)X(JLKK X#$77Cr":!;<  );;#!8!88 -.IIHSM)<=?>Y>YHSM;454E4EHSM1./kkHSM+HSM KK $? %D #yyH!AGG<,GAHH   ! ,77l*++HHQC$($5$5$T$TUXgs$T$tMKKW[]_ `a++,s/3R#xPS}GZGZ.[-\]{} $h'(ww sD"&M%NOC+AG ,$Xa[6GH  KKdTVW X##'+R%12SU tR@AM  D>{{}''#2F2FMT >>$!1D4_4_!_!F!F!H7= ? KKD"E F  ?IIs )P+=P+cd}d|vr |jd|jzd}d|vs"t|ddjdk(r |jd|jzd}d |vr |jd |jzd}d |vs"t|d djdk(r |jd |jzd}d |vr |jd|jzd}d|vrBt|ddjdk(r |jd|jzd}d|vs9t |ddk7s(t|dddk7st|dddk7r |jd|jzd}d|vst|dddk7r |jd|jzd}|S)NF descriptionz>ERROR: description not present on Deleted Objects container %sTshowInAdvancedViewOnlyrFALSEzIERROR: showInAdvancedViewOnly not present on Deleted Objects container %sobjectCategoryzAERROR: objectCategory not present on Deleted Objects container %sisCriticalSystemObjectzIERROR: isCriticalSystemObject not present on Deleted Objects container %s isRecycledz9ERROR: isRecycled present on Deleted Objects container %srz8ERROR: isDeleted not set on Deleted Objects container %srertopr5 containerzBERROR: objectClass incorrectly set on Deleted Objects container %s systemFlags -1946157056zBERROR: systemFlags incorrectly set on Deleted Objects container %s)rrrrr)rrfaultys r#is_deleted_deleted_objectsz"dbcheck.is_deleted_deleted_objectsqs  # KKX[^[a[aa bF #3 .#c:R6STU6V2W2]2]2_cj2j KKcfiflfll mF 3 & KK[^a^d^dd eF #3 .#c:R6STU6V2W2]2]2_cj2j KKcfiflfll mF 3  KKSVYV\V\\ ]F # #c+&6q&9":"@"@"Bg"M KKRUXU[U[[ \F  #C ,>(?1(D(+C ,>q,A(Be(K(+C ,>q,A(Bk(Q KK\_b_e_ee fF  #s3}+=a+@'A]'R KK\_b_e_ee fF rctj}|jx|_}d|vr(tjdtjd|d<d|vr(tjdtjd|d<d|vr5tjd|j ztjd|d<d|vr(tjdtjd|d<d|vr(tjdtj d|d<tjdtjd |d <tjd tjd |d <tjd d gtjd|d<|jd|zds|jd|zy|j|dgd|zr|jd|zyy)NrzContainer for deleted objectsrrrzCN=Container,%srrrrrrrrezAFix Deleted Objects container %s by restoring default attributes?re.Not fixing missing/incorrect attributes on %s rz+Failed to fix Deleted Objects container %sz%Fixed Deleted Objects container '%s' ) rqrrrrrxr-rrr)rrrOrs r#err_deleted_deleted_objectsz#dbcheck.err_deleted_deleted_objectss{{}vv"  #"%"4"45TVYVjVjly"zD  #3 .-0-?-?H\H\^v-wD) * 3 &%(%7%78IDNN8Z\_\p\psC&DD! " #3 .-0-?-?H\H\^v-wD) * 3 !$!3!3FC>$ G"L N KK@BG H Nrc>tj}||_|jj }|jj r#|j d|d|jdy|jd|jzds|j d|jzytj|tj|||<|j|gd|d|jr"|j d |d|jyy) Nryrz for the RODCz-Add yourself to the replica locations for %s?rrzFailed to add  for rk) rqrrr=rzam_rodcrrrr5r)rr cross_refrMrOtargets r#err_replica_locationszdbcheck.err_replica_locationss{{}--/ ::    KK4H I  O#&66!+,CE KKISVVT U ''0@0@$GT >>$svv$N O KKT366: ; Prc||jjk(ry||jk(ry||jk(ry||jk(ry||j k(ryy)NTF)r=rsrtrvrxryrOs r# is_fsmo_rolezdbcheck.is_fsmo_rolesX %% % '' '      rc:d}|jj|}||k(rc|tjz} |jj |j t jgdg|tjz}|jAt||jDcgc] }t|c}vr|tjz}|S#t j$r-}|j\}}|t jk7rYd}~d}~wwxYwcc}w)Nrrr)r=rNrINSTANCE_TYPE_IS_NC_HEADrrrqrINSTANCE_TYPE_NC_ABOVErrrrrINSTANCE_TYPE_WRITE)rr instancetyper^e4rrxs r#calculate_instancetypezdbcheck.calculate_instancetypes **((, = D99 9L < !!ryy{#..PR^o]p!q  ; ;; >> %#g,4>>:Za3q6:Z*Z D44 4L<< !ww t31112  ;[sz/dbcheck.find_checkable_attrs..s0Qqwwy0sc|jvr1j|j|jyyr")rrr)ar,lc_attrss r#add_attrz.dbcheck.find_checkable_attrs..add_attrs3wwy( Q QWWY')rrdistinguishednamenamerrFTrr5rr)rDrrrrrr() rrrrrneed_replPropertyMetaDatar&r\r,rs @@r#find_checkable_attrszdbcheck.find_checkable_attrss  "EE)E0%00 ( H  8 + OO  # # % 1 LL LL X oo'!#%    %*! (?(, %  AA!D Q;A:,0)  % + ,hrc (|jr|jd|z|j||\}} d}|tjz}|tj z}|tj z}|tjz}|jj|tjdddd|zdg|}t!|d k7r|jd |zy |d} d} t#} t#} d }|jj%| j&} |jj)|t*j,j.}d }d }d }d }d}d }| D]k}|j3dk(rt5| |ddk7rd}|j3dk(rt7| |d}|j3dk(sd| |d}m|rA|r?|j9||r| d z } |j;||| S|j=||r| S| D]}|dk(s|dk(r|j3dk(rd}|j3dk(rnt!| |d k7rL|xj>d z c_|jdt!| ||t5| j&fznt5| |d}|j3t5| j&jAj3k(rp|}t!| |d k7rL|xj>d z c_|jdt!| ||t5| j&fznt5| |d}|j3dk(r|jC|| |dr| d z } |jE||| |d |jG|| |d\} }}t!| t!|kst!|dkDstK||k7r | d z } |jM||| |d|n>|ddk7r6|xj>d z c_|jd|dt5|dP|j3dk(r|jO|| \}}||jQ|||| d z } |jR |jT|jW||| d z } ||k(s |jXr |j[|}t]tj^| |d}d }|jXsd}ta||tjb|jje|}|dk7r|jg|||| d z } rt|j3dk(r|jji|jj|| |} tK| tK| |k7s| d| |dk7s| d| |dk7r$|jm||to| || d z }  |j3dk(r | |d}!|!d k(r| d z } |jq| || |K|!d d!d"k(rU|!d d#d$k(r| d z } |js| || |z|!d dk7r=|!d%dk7r5|!d&dk7r-|!d'dk7r%|!d(dk7r| d z } |ju| || |t!|!d)zdk7r| d z } |jw| ||!d dk(r=|!d)dk(r5|!d%dk(r-|!d*dk7r%|!d&dk(r| d z } |jy| || |.|j3d+k(s|j3d,k(rv| |d|jzvrA|xj>d z c_|jd-|d.| j&d/| |dd0n!|jzj}| |d| |D]}"|"d1k(s |j||| d z } ! |jjj|}#|j|\}%}&|jjj|}'|'t,jzs4|'t,jzs!|%s| j}|j3|#t,jt,jt,jtjfvr| |j| ||#z } nt#}(| |D]n}"|(j}|"|jji|jj||"g} t!| d k7s | d|"k7sS|j||| || d z } nt!| |t!|(k7r'|j||| |to|(| d z } ng|j3d2k(s|j|})t!| d3d k7st7| d3d|)k7s| d z } |j| |)|sd4|vsd|vr| d z } |j|d4|vsd|vr|<|xj>d z c_|jd5t5| j&z|X|xj>d z c_|jd6| j&jAdt5| j&d7|Gd }*dd8g}+|r6|t*j,jzs|}*|+d9t,jzgz }+|*| j&j}* tj|jd:|*z},|,jd| j&jA|| j&|k(r | j&},|,| j&k7r| d z } |j| |,||||+nX| j&j|k7r;|xj>d z c_|jd;|d<|d=| j&d7 d}.|rO| j&|k(rd@}/dA}0|j||/}1|1|0k7r|jdBt5|zdCrgtj}2||2_tjdDtjdE|2dE<| d z } |jj|2dFgGn|jdHt5|z| j| D]o}3|.r|jdI|zd }.| d z } |jdJ|3z|jdK|3zdLs|jdM|3z^|j| |3q|j|r"dN| vrd4|vsdO|vr|j| | d z } ||jjk7rat5|j|jvr<|jj|jtjddgP}||jvr+d4|vr'|j| r|j| | d z } |jD]\}5}$||5k(s dS| vsdT}6|jjrdU}6|6|$vr#|j| |$j&|6| d z } Vd }7|$|6D]+}8t5|8|jjk(s*d}7-|7r|j| |$j&|6| d z } ||jk(rd4|vsdV|vrdW| vr| d z } |jrb|jdXdYr~|jj |jj|jjn.|jjs|jdZ|z||jk(rd[d\g}9|jj|jtj|9]}|9D]a}:|:|dvr t7|d|:d};|;d^z }d z c_cd[|dvr)|jda|z|xj>d z c_ |jj\}>}<|jje}?|>|fz}@ |jjdc@ztjg]}||jdd@de|dj&df|| d z } |jdg|@dh|didjr^|jj |jj}A|A|>k\rAd z}>n& |jjn | S|>d z }>|>|d z c_|jd>|*d?Yd }-~-d }-~-wwxYw#tj$rw}4|4j\}} |tjk(rI|r0|jdQ| j&z|jdRn|j| | d z } nYd }4~4gd }4~4wwxYw#|jjxYw#tj$r0}-|-j\}} |tjk7rd }Yd }-~-d }-~-wwxYw#|jjxYw#tj$rC}BBj\}} |jdk| z|xj>d z c_Yd }B~B| Sd }B~BwwxYw)lzcheck one objectChecking object %srrrrr{r)r*r+rr,z)ERROR: Object %s disappeared during checkNr5z,ERROR: Object %s failed to load during checkF isdeletedrT systemflagsreplpropertymetadatardistinguishedName objectclassrz1ERROR: Not fixing num_values(%d) for '%s' on '%s'z4ERROR: Not fixing incorrect initial attributeID in 'z' on 'z', it should be objectClassntsecuritydescriptor)ignoreAdditionalACEsr/rZuserparameters s sIAAgACAAIAAgACAAIAAgrr rr attributeid governsidzError: rrz. already exists as an attributeId or governsIdrrrrz(ERROR: Not fixing missing 'name' on '%s'zERROR: Not fixing missing 'r0rrrz RDN=RDN,%szERROR: Not fixing rz on 'z#ERROR: could not handle parent DN 'z': skipping RDN checksi0l)x1cB&z-Fix isDeleted originating_change_time on '%s'rSrrrrz4Not fixing isDeleted originating_change_time on '%s'z On object %sz7ERROR: Attribute %s not present in replication metadataz-Fix missing replPropertyMetaData element '%s'rRz4Not fixing missing replPropertyMetaData element '%s'r fsmoroleowner)r*r+rz'WARNING: parent object not found for %szFNot moving to LostAndFound (tombstone garbage collection in progress?)repsFromr2r3ridsetreferencesr8z,Allocate the missing RID set for RID master?rz^No RID Set found for this server: %s, and we are not the RID Master (so can not self-allocate)rIDAllocationPoolrIDPreviousAllocationPoolr) lz!Invalid RID pool %d-%d, %d >= %d!z No rIDAllocationPool found in %sz%s-%dzzSID rz' conflicts with our current RID set in zFix conflict between SID z and RID pool in z by allocating a new RID?rjzCouldn't get available RIDs: %s)vr@rrr rrrrr=rrqrrrrrprrrNrrrrrrrrrrrrrrrrrJrrrrvrrgrhrrlrr rfrrrrr3r?rErDrrrrrrrr.rrrr($get_systemFlags_from_lDAPDisplayNameDS_FLAG_ATTR_NOT_REPLICATEDDS_FLAG_ATTR_IS_CONSTRUCTEDrDSDB_SYNTAX_OR_NAMEDSDB_SYNTAX_STRING_DNrr9r<rHrrrP#SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETErsrrr set_componentr get_rdn_value ValueErrorr=rrrrr differencerPrrrrrrrrrrrrzrrrcreate_own_rid_setrrrfree_rid_bounds allocate_rid)Crrr search_attrsrrre10rrrrset_attrs_from_mdset_attrs_seengot_objectclassnc_dndeleted_objects_dnobject_rdn_attrobject_rdn_valrrrrepl_meta_data_valr%list_attid_from_mdrErrr well_known_sd current_sdrrr9 userparamsr8rrr&r]flagr6r parent_dnr expected_dnr`show_dnisDeletedAttIdexpectedTimeDo originatingrOrHe11dns_partlocationrloc pool_attrs pool_attrpoolhighlow next_free_ridrsid allocated_ridrsC r#rzdbcheck.check_object s << KK,r1 2"&!:!:2!O h H .. .H .. .H -- -H -- -H**##3>>(9(9(8(7((B(< .&+7$8C" s8q= KKFK L!f E &&svv. &!%!J,1(55/3,' z(0(8(89R9R9T(U=QSDrz11"mTJ#q(  ~~=0!ZZAA$BSBSU]_bck_lm *%H )>> ms8}Q'77 nH b(9977Hd3x=FYZ1$K~~#33 ]1- %1$K11#xXO_7_(??1$K223#h-P!mq( mq( mq( mq( mq( 1$K00hH N_q(A-1$K//X> mq( mq( mq( mq( mq( 1$K33C3x=Q~~=0HNN4D 4Sx=#t'B'BB))Q.)KK#+SVVS]15E!GH//33CM!4DE8} #:,,R:1$K   !..RRS[\ )-(M(Mh(W %F%$$II(SD4;;;t???""8>>#34d88$:R:R"88#--IIt}}S(JGG x=CJJsO!%!E!EdFWFWYadgch!iJ:!+z!}/C33B#h-P#q( s8}%V4--b(CM4PV<X1$K~~>1*.*E*Eb*I's>*+q0CN8KA8N4OSj4j1$K//5LMkU NnC8O}7P 1 K  ( ( , 8Ov1%%*% F#cff+VW&%%*% H[H[H]_bcfcici_jkl  I)95H#ejj&T&TT 2I-0Z0ZZ[[ FFMMO  N!ffTZZ1KL ))!SVV-@-@-BHM66//"%&&K#&&(1$K%%c;*Hh@VV))+~=))Q.)KK_ESEHVV!MN vv++!'"5"778JN[ .0''(WZ]^`Za(acvw"{{}"$,/,>,>vsG[G[]h,i[)#q(  ))$-)I $Z]`ac]d$de%001BC ,KK 34#Gq  UX[[\''(WZ](]_qrKK VY\ \]!!#s+ ,   R c)sh/U]B]))#.q  TZZ//11c"))+6Fdkk6Yjj''RYY[2CEU1V(X 00 0SH_..s3005q #22 %OXsX~*"36::%%'=H3&..sCFFHE1$Kx=%C3x4::#?#?#AA $%..sCFFHE1$K' %* ## #h"4"@%S0 1$K))++-:,HJ!JJ88:& $ = = ? !JJ99;!ZZ//1 %9;=%>?6  -/JKJ**##*4$6C( / CF*3q6),Q/0rz 4'19KK C!$dC 6!78))Q.) /##a&0 >CD%%*%7 +&*jj&@&@&B# t"ZZ668 #t+!Z$??C#"jj//Z#5E69nn680: 7:CFIIr%KL#q( ++03B-8-G H !JJ88:&&*48JJ4K4K4MM'4 'E8E8I (- '+). !JJ99;!&* Y$t+\{_|| 88LT4s---&&KK Kb PQ  * &"&  &B 1$K77Hc(mTH$! !P **39q  B 3%%*% A)M2233 3v|| 88LT4s---KK ISVV TUKK!NO++C01$K |& $ = = ? %R<<#'(vv t3#9#99!" #<& $ = = ? %_<< + XX d =DE%%*%%ho +s+BAG% 4AI 6AI-AJ AJ5#AK)A>AL 7ANB;APC?/AN6F'AO<G%AI G8AAIIAIIAI I AIIAII$AJJAJJ AJJAJJ AKJ#AKKAKK ALK*ALLALL ANLA,ANNANNAN3N6AO9O %AO4O4AO9O<APPAQ2P/8AQ-Q-AQ2ctj|jd}|jr|j d|z|jj |tj }t|dk7r|j d|zy|d}d}d|vr|j d|dzSt|ddjd s!|j d |dz }|jd s|S|jj tj|j|ddjd tj d g}tttj|dd d}tj}||_tj"d|ztj$d|d<|j'|gddr|j d|S)z!check the @ROOTDSE special objectz@ROOTDSEr)r*r+r5z"Object %s disappeared during checkrrz(ERROR: dsServiceName missing in @ROOTDSEz s8q= KKtj}tj|jd|_tj dtj d|d<tj dtjd|d<|j|gddS) zre-index the whole databasez @ATTRIBUTESr force_reindexrrzre-indexed databaseFr) rqrrrr=rrr5r-rrrs r#reindex_databasezdbcheck.reindex_databaseh sw KKMvvdjj-0((1A1A?S%((1D1DoV( ~~a%:U~KKrctj}tj|jd|_tj dtj d|d<|j|gddS)zOreset @MODULES to that needed for current sam.ldb (to read a very old database)z@MODULES samba_dsdbz@LISTzreset @MODULES on databaseFr)rqrrrr=rrrrrCs r# reset_moduleszdbcheck.reset_modulesr sY KKMvvdjj*-'' c6J6JGT' ~~a%AE~RRr) NFFFFFFFFF)FF)T)Fr")N__name__ __module__ __qualname____doc__rrqrrrrrrrrr r(r.r<rErHrrPrXrarnrprtrwrrrrrrrrrrrrrrrrrrrrr9r;r=rJrPr]rbrvrrrrrrrrrrrrrrrrrrrrrDrGrr#r&r&8s)DI8=).',*/ yv!%C,=,=!%NiV(G*  &  A>>>*N$U.I.SjI@I L$]"M@ EE G F 04H(C&m"!,FA* wO np i4\ ?:BBd4LhT  3,B ., gRJ"J*>>4l  D2".H(#KJ ]G~<I8<$ $/bhXHLSrr&)%rqrrbase64rrrr samba.dcerpcrr samba.ndrr r r samba.samdbr r samba.descriptorrrr samba.authrr samba.netcmdrsamba.netcmd.fsmor samba.colourrrrrr$rr&rLrr#rVs[( ' *!! 5%0HH ,Sf,Sr