IdPOddlmZmZmZddlmZddlmZddlm Z ddlm Z ddlm Z ddlZddl Z ddl mZmZmZddlZGd d eZdd Zd Zd ZdZdZGddeZGddeZy))drsuapimiscdrsblobs)Net) ndr_unpack)dsdb)werror) WERRORErrorN)DRSUAPI_ATTID_name(DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8)DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10ceZdZdZdZdZy) drsExceptionzBase element for drs errorsc||_yNvalue)selfrs 1/usr/lib/python3/dist-packages/samba/drs_utils.py__init__zdrsException.__init__%s  c d|jzS)NzdrsException: r)rs r__str__zdrsException.__str__(s$**,,rN)__name__ __module__ __qualname____doc__rrrrrr"s%-rrc d}|jdk\r|dz }||d|z }d|d|d}n d|d|d} tj|||}t|\}}|||fS#t$r} t d |d | d} ~ wwxYw) aMake a DRSUAPI connection to the server. :param server: the name of the server to connect to :param lp: a samba line parameter object :param creds: credential used for the connection :param ip: Forced target server name :return: A tuple with the drsuapi bind object, the drsuapi handle and the supported extensions. :raise drsException: if the connection fails seal z,printNz,target_hostname=z ncacn_ip_tcp:[]zDRS connection to z failed: ) log_levelr drs_DsBind Exceptionr) serverlpcredsipbinding_optionsbinding_string drsuapiBind drsuapiHandlebindSupportedExtensionses rdrsuapi_connectr1,sO ||~8# ~.vh77(Ao->a@39/JLoonb%@ 3=k3J0/ (? @@ LJKKLs%A## B,A==Bctj}||_tj}||_||_t j||_ |j|d|y#t$r}td|zd}~wwxYw)aSend DS replica sync request. :param drsuapiBind: a drsuapi Bind object :param drsuapi_handle: a drsuapi handle on the drsuapi connection :param source_dsa_guid: the guid of the source dsa for the replication :param naming_context: the DN of the naming context to replicate :param req_options: replication options for the DsReplicaSync call :raise drsException: if any error occur while sending and receiving the reply for the dsReplicaSync zDsReplicaSync failed %sN) rDsReplicaObjectIdentifierdnDsReplicaSyncRequest1naming_contextoptionsrGUIDsource_dsa_guid DsReplicaSyncr&r)r-drsuapi_handler:r7 req_optionncreq1estrs rsendDsReplicaSyncrALs  * * ,B BE  ( ( *DDDL99_5D=!!.!T: =4t;<<=sA-- B 6BB c tj}d|_tj|_|jxj tj zc_|jxj tjzc_|jxj tjzc_|jxj tjzc_|jxj tjzc_|jxj tjzc_|jxj tjzc_|jxj tjzc_|jxj tjzc_|jxj tjzc_|jxj tj zc_|jxj tj"zc_|jxj tj$zc_|jxj tj&zc_|jxj tj(zc_|jxj tj*zc_|jxj tj,zc_|jxj tj.zc_|jxj tj0zc_|jxj tj2zc_|jxj tj4zc_|jxj tj6zc_|jxj tj8zc_|jxj tj:zc_|jxj tj<zc_|jxj tj>zc_|jxj tj@zc_|jxj tjBzc_|jEtGjHtjJ|\}}||jj fS)z0make a DsBind call, returning the binding handle)&r DsBindInfoCtrlength DsBindInfo28infosupported_extensions DRSUAPI_SUPPORTED_EXTENSION_BASE-DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION%DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI&DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2+DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS%DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V14DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION'DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE'DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V24DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION%DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V28DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD'DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND)DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO-DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION&DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V011DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP+DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY&DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3,DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2(DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6)DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCSr *DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5*DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6,DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3*DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7)DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECTDsBindrr9DRSUAPI_DS_BIND_GUID)drs bind_inforGhandles rr%r%gsT%%'II))+IN NN''7+S+SS' NN''7+`+``' NN''7+X+XX' NN''7+Y+YY' NN''7+^+^^' NN''7+X+XX' NN''7+g+gg' NN''7+Z+ZZ' NN''7+Z+ZZ' NN''7+g+gg' NN''7+X+XX' NN''7+k+kk' NN''7+Z+ZZ' NN''7+\+\\' NN''7+`+``' NN''7+Y+YY' NN''7+d+dd' NN''7+^+^^' NN''7+Y+YY' NN''7+_+__' NN''7+[+[[' NN''7+\+\\' NN''7+[+[[' NN''7+]+]]' NN''7+]+]]' NN''7+_+__' NN''7+]+]]' NN''7+\+\\'ZZ '*F*F GSNT6 DII22 33rctj}d|_g}|j}|j |t j dgd}|D]}t|dd}d|vrJ|dd}t|tjjtjjzzrbd|vr/|dd}t|tjjzr|j|} |jt| |j!||_t%||_|S) z-get a list of attributes for RODC replicationr3zobjectClass=attributeSchema)lDAPDisplayName systemFlags searchFlags)basescope expressionattrsrjrrkrl)rDsPartialAttributeSetversionget_schema_basednsearchldb SCOPE_SUBTREEstrintsambarDS_FLAG_ATTR_NOT_REPLICATEDDS_FLAG_ATTR_IS_CONSTRUCTEDSEARCH_FLAG_RODC_ATTRIBUTEget_attid_from_lDAPDisplayNameappendsortattidslen num_attids) samdbpartial_attribute_setr schema_dnresrldap_display_name system_flags search_flagsattids r"drs_get_rodc_partial_attribute_setrs;#99;$%! F '')I ,,IS->->"?-  .C  ""3 4Q 78 A  !- 0 3LL!UZZ%K%K%*ZZ%K%K&LM A ]+A.LL!EJJ$I$II445FG c%j! "  KKM+1 '*6{$  rcj|j|_|j|_|j|_y)z Copies the highwater mark by value, rather than by object reference. (This avoids lingering talloc references to old GetNCChanges reply messages). N)tmp_highest_usn reserved_usn highest_usn)hwmnew_hwms rdrs_copy_highwater_markrs- "11C++C))COrcbeZdZdZdZdZedZdZdZ de jddd dd fd Z y) drs_ReplicatezDRS replication callsctj||||_t|j\|_|_t |||_||_t|tjs td|tjdk(r td|j j|j||j||_ d|_y)N)r)r(z"Must supply GUID for invocation_id$00000000-0000-0000-0000-000000000000zGMust not set GUID 00000000-0000-0000-0000-000000000000 as invocation_idr)rrfr% drs_handle supports_extrnetr isinstancerr9 RuntimeErrorreplicate_initreplication_state more_flags)rr,r(r)r invocation_ids rrzdrs_Replicate.__init__s??>2u=/9$((/C,$+Ur* -3CD D DII&LM Mhi i!%!8!8RS`!arc|j}|tjk(xr+|tzxr |jt j zdk(SNr)rr WERR_DS_DRA_RECYCLED_TARGETr rrDRSUAPI_DRS_GET_TGT)r error_codereqrs r_should_retry_with_get_tgtz(drs_Replicate._should_retry_with_get_tgtsO (( f@@@DHHD'"="==!C Ercl|tjk(xr |jtjzdk7Sr)r WERR_DS_DRA_MISSING_PARENT replica_flagsrDRSUAPI_DRS_GET_ANC)rrs r%_should_calculate_missing_anc_locallyz3drs_Replicate._should_calculate_missing_anc_locallys7v@@@G""W%@%@@QF HrcRt|_|j} |y|jjt |j j j|j|jtjdk7rt |j|jvrjtj|j|j j j}|j}t!d|d|jd|j"} )NrzObject z with GUID z) was not sent by the server in this chunk)set guids_seen first_objectaddrwobject identifierguidparent_object_guidrr9ruDnrr5parentprint next_object)rctrobject_to_checkobj_dn parent_dns r_calculate_missing_anc_locallyz,drs_Replicate._calculate_missing_anc_locallys% **& OO  O$:$:$E$E$J$J K L11="55))BCD99:$//Q O,B,B,M,M,P,PQ"MMO  {+-@@ABAAB.99O!rcZ|jj|j|||||y)5Processes a single chunk of received replication data)schema req_levelrN)rreplicate_chunkr)rlevelrrrr first_chunks r process_chunkzdrs_Replicate.process_chunks/   !7!7(.) ! NrFNTrc  |jtzr+tj} | |jz| _d} nd} tj } || _|| _tj| _ || j_ d} tj}d|_ d|_ d|_|sS|jj!|t"j$dg}d|dvrW|ddD]L}t't(j*|}|j,j|k(s7|j,j.}Ntj0} d| _d| _d| _g}t9j:|j|jj=}|D]I}tj>}|j|_|j|_|jA|K|| _!tE|| _#|| _| | _$||| _%n|tjLk(rd| _%ntjNtjPztjRztjTztjVz| _%|r$| xjJtjXzc_%n#| xjJtjZzc_%| r#| xjJtj\zc_%d| _/d | _0|| _1d| _2d| _3d| _4d| jj_6d| jj_7|s|rtq|j| _3|jtrzsHd } tjt}tw|D]"}|dd k7s ty||t{| |$|} d}d}d } |j|j|j| | \}}|j'|jdk7rtd |jz |j|||| | |d}||jz } ||jz }|jdk(r ||fSt| j.|j#t$r}|j|jd| r6td| xjtjzc_d }Yd}~)|j|jd| rtd|j||d}~wwxYw#t$rYwxYw)zreplicate a single DN NrrepsFrom)rmrnrpr3ii"_Tz6DsGetNCChanges: NULL first_object with object_count=%uz1Missing target object - retrying with DRS_GET_TGTz;Missing parent object - calculating missing objects locallyF)Qrr rDsGetNCChangesRequest10rDsGetNCChangesRequest8destination_dsa_guidsource_dsa_invocation_idr4r7r5DsReplicaHighWaterMarkrrrrrtru SCOPE_BASErrrepsFromToBlobr highwatermarkDsReplicaCursorCtrExrr reserved1 reserved2r_dsdb_load_udv_v2get_default_basednDsReplicaCursorr~cursorsrcountuptodateness_vectorrDRSUAPI_EXOP_REPL_SECRETDRSUAPI_DRS_INIT_SYNCDRSUAPI_DRS_PER_SYNCrDRSUAPI_DRS_NEVER_SYNCED$DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP%DRSUAPI_DRS_SPECIAL_SECRET_PROCESSINGDRSUAPI_DRS_WRIT_REPDRSUAPI_DRS_SYNC_FORCEDmax_object_count max_ndr_size extended_op fsmo_inforpartial_attribute_set_ex mapping_ctr num_mappingsmappingsrr DsGetNCChangesRequest5dirsetattrgetattrrfDsGetNCChangesrr object_countrrr rargsrrrrlinked_attributes_countAttributeError more_datarnew_highwatermark)rr5rrrexoprodcr full_sync sync_forcedrrrudvrrreps_from_packed reps_from_obj cursors_v1 cursors_v2 cursor_v2 cursor_v1req5a num_objects num_linksrrrr0s r replicatezdrs_Replicate.replicates   H H113C(4??:CNII002C#7 '?$$>>@ ",,.**##3>>+5,$8CSV#(+Az(:>$$.x/F/FHX$YM$((AAE]]+//==> ..0CCKCMCMJ// 04 0M0M0OQJ' - #335 5>5W5W 2(1(=(= %!!),  - %CKJCI"%  $ -C  W55 5 !C !(!>!>!(!=!=">!(!ACWX77<# 2"  s12RU T>'AT9<=T99T> U  U ) rrrrrr staticmethodrrrrDRSUAPI_EXOP_NONErrrrrrsP  EHH:6NW%>%>U $%TUK(rrc>eZdZdZfdZdZdZdZfdZxZ S)drs_ReplicateRenamerz,Uses DRS replication to rename the entire DBcztt| |||||||_||_t j |_yr)superr r old_base_dn new_base_dnrrr) rr,r(r)rrrr __class__s rrzdrs_ReplicateRenamer.__init__s> "D2>2u38- I&& "55rc^tjd|jz|j|S)z/Uses string substitution to replace the base DNz%s$)resubrr)rdn_strs r rename_dnzdrs_ReplicateRenamer.rename_dns&vved...0@0@&IIrcD|jjD]}|jtk(st j |j |jj}|j}|jd|jjd_ y)z3Updates the 'name' attribute for the base DN objectz utf-16-lerN) attribute_ctr attributesrr rurrrr5 get_rdn_valueencode value_ctrvaluesblob)rbase_objattrbase_dnnew_names rupdate_name_attrz%drs_ReplicateRenamer.update_name_attrsz**55 MDzz//&&X-@-@-C-CD"00208 0L%%a(-  MrcL|jj}|j|jj|j_td|d|jj|jj|jk(r|j |yy)z1Renames the first/top-level object in a partitionzRenaming partition z --> N)rr5rrrr#)r first_objold_dns rrename_top_level_objectz,drs_ReplicateRenamer.rename_top_level_objects%%(("&..1E1E1H1H"I  090D0D0G0GI J    " "d&6&6 6  ! !) , 7rc"|jr4|j|jj|j_|r4|jdk7r%|j |j j tt|'||||||y)rrN) r7rr5rr'rrrr r)rrrrrrrrs rrz"drs_ReplicateRenamer.process_chunks~   $(NN33E3E3H3H$IC   ! 3++q0  ( ()9)9)@)@ A "D7sF8A38C Er) rrrrrrr#r'r __classcell__)rs@rr r s(6 6JM -EErr r) samba.dcerpcrrr samba.netr samba.ndrrryrr r rusamba.dcerpc.drsuapir r r rr&rr1rAr%rrrrr rrrr.sy(10  MM -9-A@=6#4L#!L*Q(FQ(l8E=8Er