FcOOddlmZmZmZddlmZddlmZddlm Z ddlm Z ddlm Z ddlZddl Z ddl mZmZmZddlZGd d eZdd Zd Zd ZdZdZGddeZGddeZdS))drsuapimiscdrsblobs)Net) ndr_unpack)dsdb)werror) WERRORErrorN)DRSUAPI_ATTID_name(DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8)DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10ceZdZdZdZdZdS) drsExceptionzBase element for drs errorsc||_dSNvalue)selfrs 1/usr/lib/python3/dist-packages/samba/drs_utils.py__init__zdrsException.__init__%s  cd|jzS)NzdrsException: r)rs r__str__zdrsException.__str__(s$*,,rN)__name__ __module__ __qualname____doc__rrrrrr"s8%%-----rrc&d}|dkr|dz }||d|z }d|d|d}n d|d|d} tj|||}t|\}}n'#t$r} t d |d | d} ~ wwxYw|||fS) aMake a DRSUAPI connection to the server. :param server: the name of the server to connect to :param lp: a samba line parameter object :param creds: credential used for the connection :param ip: Forced target server name :return: A tuple with the drsuapi bind object, the drsuapi handle and the supported extensions. :raise drsException: if the connection fails seal z,printNz,target_hostname=z ncacn_ip_tcp:[]zDRS connection to z failed: ) log_levelr drs_DsBind Exceptionr) serverlpcredsipbinding_optionsbinding_string drsuapiBind drsuapiHandlebindSupportedExtensionses rdrsuapi_connectr1,sO ||~~8# ~7v777@@@o@@@39&&///JLonb%@@ 3=k3J3J0// LLLlJKKKL (? @@s(A'' B 1BB c&tj}||_tj}||_||_t j||_ | |d|dS#t$r}td|zd}~wwxYw)aSend DS replica sync request. :param drsuapiBind: a drsuapi Bind object :param drsuapi_handle: a drsuapi handle on the drsuapi connection :param source_dsa_guid: the guid of the source dsa for the replication :param naming_context: the DN of the naming context to replicate :param req_options: replication options for the DsReplicaSync call :raise drsException: if any error occur while sending and receiving the reply for the dsReplicaSync zDsReplicaSync failed %sN) rDsReplicaObjectIdentifierdnDsReplicaSyncRequest1naming_contextoptionsrGUIDsource_dsa_guid DsReplicaSyncr&r)r-drsuapi_handler:r7 req_optionncreq1estrs rsendDsReplicaSyncrALs  * , ,B BE  ( * *DDDL9_55D=!!.!T::::: ===4t;<<<=sA// B9B  Bctj}d|_tj|_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtj zc_|jxjtj zc_|jxjtj zc_|jxjtj zc_|jxjtj zc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtjzc_|jxjtj zc_|jxjtj!zc_|"tGj$tj%|\}}||jjfS)z0make a DsBind call, returning the binding handle)&r DsBindInfoCtrlength DsBindInfo28infosupported_extensions DRSUAPI_SUPPORTED_EXTENSION_BASE-DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION%DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI&DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2+DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS%DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V14DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION'DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE'DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V24DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION%DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V28DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD'DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND)DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO-DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION&DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V011DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP+DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY&DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3,DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2(DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6)DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCSr *DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5*DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6,DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3*DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7)DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECTDsBindrr9DRSUAPI_DS_BIND_GUID)drs bind_inforGhandles rr%r%gs%''II)++IN N''7+SS'' N''7+``'' N''7+XX'' N''7+YY'' N''7+^^'' N''7+XX'' N''7+gg'' N''7+ZZ'' N''7+ZZ'' N''7+gg'' N''7+XX'' N''7+kk'' N''7+ZZ'' N''7+\\'' N''7+``'' N''7+YY'' N''7+dd'' N''7+^^'' N''7+YY'' N''7+__'' N''7+[['' N''7+\\'' N''7+[['' N''7+]]'' N''7+]]'' N''7+__'' N''7+]]'' N''7+\\''ZZ '*F G GSSNT6 DI2 33rctj}d|_g}|}||t jdgd}|D]}t|dd}d|vrB|dd}t|tj j tj j zzrcd|vr0|dd}t|tj j zr||} |t| |||_t%||_|S) z-get a list of attributes for RODC replicationr3zobjectClass=attributeSchema)lDAPDisplayName systemFlags searchFlags)basescope expressionattrsrjrrkrl)rDsPartialAttributeSetversionget_schema_basednsearchldb SCOPE_SUBTREEstrintsambarDS_FLAG_ATTR_NOT_REPLICATEDDS_FLAG_ATTR_IS_CONSTRUCTEDSEARCH_FLAG_RODC_ATTRIBUTEget_attid_from_lDAPDisplayNameappendsortattidslen num_attids) samdbpartial_attribute_setr schema_dnresrldap_display_name system_flags search_flagsattids r"drs_get_rodc_partial_attribute_setrsh#9;;$%! F ''))I ,,IS->"?---  . .C  " ""3 4Q 788 A   !- 0 3LL!!UZ%K%*Z%K&LM  A  ]+A.LL!!EJ$II 445FGG c%jj!!!! KKMMM+1 '*6{{$  rcN|j|_|j|_|j|_dS)z Copies the highwater mark by value, rather than by object reference. (This avoids lingering talloc references to old GetNCChanges reply messages). N)tmp_highest_usn reserved_usn highest_usn)hwmnew_hwms rdrs_copy_highwater_markrs( "1C+C)COOOrc`eZdZdZdZdZedZdZdZ de j ddd dd fd Z dS) drs_ReplicatezDRS replication callsctj||||_t|j\|_|_t |||_||_t|tj std|tj dkrtd|j |j||j||_ d|_dS)N)r)r(z"Must supply GUID for invocation_id$00000000-0000-0000-0000-000000000000zGMust not set GUID 00000000-0000-0000-0000-000000000000 as invocation_idr)rrfr% drs_handle supports_extrnetr isinstancerr9 RuntimeErrorreplicate_initreplication_state more_flags)rr,r(r)r invocation_ids rrzdrs_Replicate.__init__s?>2u==/9$(/C/C,$+Ur*** -33 ECDD D DI&LMM M Mhii i!%!8!8RS`!a!arct|j}|tjko!|tzo|jt jzdkSNr)rr WERR_DS_DRA_RECYCLED_TARGETr rrDRSUAPI_DRS_GET_TGT)r error_codereqrs r_should_retry_with_get_tgtz(drs_Replicate._should_retry_with_get_tgtsD ( f@@DHHD'"==!C ErcR|tjko|jtjzdkSr)r WERR_DS_DRA_MISSING_PARENT replica_flagsrDRSUAPI_DRS_GET_ANC)rrs r%_should_calculate_missing_anc_locallyz3drs_Replicate._should_calculate_missing_anc_locallys.v@@G"W%@@QF Hrct|_|j} |dS|jt |jjj|j|jtj dkrst |j|jvrXtj |j |jjj}|}t!d|d|jd|j})NTrzObject z with GUID z) was not sent by the server in this chunk)set guids_seen first_objectaddrwobject identifierguidparent_object_guidrr9ruDnrr5parentprint next_object)rctrobject_to_checkobj_dn parent_dns r_calculate_missing_anc_locallyz,drs_Replicate._calculate_missing_anc_locallys%% * :& O  O$:$E$J K K L L L1="5)BCCDD9::$/QQ O,B,M,PQQ"MMOO A AA-@AAABBB.9O! :rcP|j|j|||||dS)5Processes a single chunk of received replication data)schema req_levelrN)rreplicate_chunkr)rlevelrrrr first_chunks r process_chunkzdrs_Replicate.process_chunksB   !7(.) ! N N N N NrFNTrc  |jtzr%tj} | |jz| _d} nd} tj} || _|| _tj| _ || j _ d} tj }d|_ d|_ d|_|s4|j|t"jdg}d|dvrG|ddD]8}t't(j|}|jj|kr |jj}9tj} d| _d| _d| _g}t9j|j|j}|D]B}tj}|j|_|j|_| |C|| _!tE|| _#|| _| | _$||| _%n|tj&krd| _%n|tj'tj(ztj)ztj*ztj+z| _%|r| xj%tj,zc_%n| xj%tj-zc_%| r| xj%tj.zc_%d| _/d | _0|| _1d| _2d| _3d| _4d| j5_6d| j5_7|s|rtq|j| _3|jtrzsTd } tj:}tw|D]-}|dd krty||t{| |.|} d}d}d } |j>?|j@| | \}}|jA"|jBdkrtd |jBz |D|||| | |n#t$r}|F|jGd| r0td| xjtjIzc_d }Yd}~|J|jGd| r$td|K||d}~wwxYwd}||jBz } ||jLz }n#t$rYnwxYw|jNdkrnt| j|jPc||fS)zreplicate a single DN NrrepsFrom)rmrnrpr3ii"_Tz6DsGetNCChanges: NULL first_object with object_count=%uz1Missing target object - retrying with DRS_GET_TGTz;Missing parent object - calculating missing objects locallyF)Qrr rDsGetNCChangesRequest10rDsGetNCChangesRequest8destination_dsa_guidsource_dsa_invocation_idr4r7r5DsReplicaHighWaterMarkrrrrrtru SCOPE_BASErrrepsFromToBlobr highwatermarkDsReplicaCursorCtrExrr reserved1 reserved2r_dsdb_load_udv_v2get_default_basednDsReplicaCursorr~cursorsrcountuptodateness_vectorrDRSUAPI_EXOP_REPL_SECRETDRSUAPI_DRS_INIT_SYNCDRSUAPI_DRS_PER_SYNCrDRSUAPI_DRS_NEVER_SYNCED$DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP%DRSUAPI_DRS_SPECIAL_SECRET_PROCESSINGDRSUAPI_DRS_WRIT_REPDRSUAPI_DRS_SYNC_FORCEDmax_object_count max_ndr_size extended_op fsmo_inforpartial_attribute_set_ex mapping_ctr num_mappingsmappingsrr DsGetNCChangesRequest5dirsetattrgetattrrfDsGetNCChangesrr object_countrrr rargsrrrrlinked_attributes_countAttributeError more_datarnew_highwatermark)rr5rrrexoprodcr full_sync sync_forcedrrrudvrrreps_from_packed reps_from_obj cursors_v1 cursors_v2 cursor_v2 cursor_v1req5a num_objects num_linksrrrr0s r replicatezdrs_Replicate.replicatesK  H H 3133C(4?:CNIII022C#7 '?$$>@@ ",.. (*##3>+5,$88CSV##(+Az(:>>$$.x/FHX$Y$YM$(AE]]]+/=.00CCKCMCMJ/ 04 0M0M0O0OQQJ' - - #355 5>5W 2(1(= %!!),,,,$CKJCI"%  $ -C   W5 5 5 !C  !(!>!(!=">!(!<"=")!A"B")!M "NC   B!!BD!!!!!W%AA!!  A   !@ @  "! $(!'+$'($#'  W$ W(J4:(V(VC % #KK I133DYY 6 6Q43;;D!WS!__555C   ' N8224?IsSSLUC'C,<,A,A"#[_b_o#pqqq ""5#vy#{SSSS   2216!9cBBMNNNNNg&AANN#'KHHHH==afQi>ACC=WXXX77<<<# & K 3+ +K S88 !    }!! $C$5s7L M M MO' NRY''s2<O Q>!A Q92AQ99Q> R R&%R&) rrrrrr staticmethodrrrrDRSUAPI_EXOP_NONErrrrrrs    E E EHH\H:::6NNNW%>U $%TUK(K(K(K(K(K(rrc>eZdZdZfdZdZdZdZfdZxZ S)drs_ReplicateRenamerz,Uses DRS replication to rename the entire DBctt||||||||_||_t j|_dSr)superr r old_base_dn new_base_dnrrr) rr,r(r)rrrr __class__s rrzdrs_ReplicateRenamer.__init__sT "D))22>2u38- I I I&& "5rcHtjd|jz|j|S)z/Uses string substitution to replace the base DNz%s$)resubrr)rdn_strs r rename_dnzdrs_ReplicateRenamer.rename_dns!ved..0@&IIIrc|jjD]t}|jtkrbt j|j|jj}| }| d|j j d_ udS)z3Updates the 'name' attribute for the base DN objectz utf-16-lerN) attribute_ctr attributesrr rurrrr5 get_rdn_valueencode value_ctrvaluesblob)rbase_objattrbase_dnnew_names rupdate_name_attrz%drs_ReplicateRenamer.update_name_attrs|*5 M MDz///&X-@-CDD"002208 0L0L%a(-  M Mrc|jj}||jj|j_td|d|jj|jj|jkr||dSdS)z1Renames the first/top-level object in a partitionzRenaming partition z --> N)rr5rrrr#)r first_objold_dns rrename_top_level_objectz,drs_ReplicateRenamer.rename_top_level_objects%("&..1E1H"I"I  090D0G0GI J J J   "d&6 6 6  ! !) , , , , , 7 6rc|jr)||jj|j_|r*|jdkr||jjtt| ||||||dS)rrN) r7rr5rr'rrrr r)rrrrrrrrs rrz"drs_ReplicateRenamer.process_chunks   J$(NN33E3H$I$IC  !  B3+q00  ( ()9)@ A A A "D))77sF8A38C E E E E Er) rrrrrrr#r'r __classcell__)rs@rr r s66 6 6 6 6 6JJJMMM - - -EEEEEEEEErr r) samba.dcerpcrrr samba.netr samba.ndrrryrr r rusamba.dcerpc.drsuapir r r rr&rr1rAr%rrrrr rrrr.s(1000000000  MMMMMMMMMM -----9---AAAA@===6#4#4#4L#!#!#!L***Q(Q(Q(Q(Q(FQ(Q(Q(l8E8E8E8E8E=8E8E8E8E8Er