bHddlZddlZddlmZddlmZddlmZddlmZm Z ddl m Z m Z m Z mZmZmZGddeZd Zdd Zd Z dd Z ddZdZdZdS)N)LdbError)werror) ndr_unpack)miscdnsp) DNS_TYPE_NS DNS_TYPE_A DNS_TYPE_AAAADNS_TYPE_CNAME DNS_TYPE_SRV DNS_TYPE_PTRceZdZdZdZdZdS)DemoteExceptionzBase element for demote errorsc||_dSNvalue)selfrs 1/usr/lib/python3/dist-packages/samba/remove_dc.py__init__zDemoteException.__init__ s  cd|jzS)NzDemoteException: r)rs r__str__zDemoteException.__str__#s"TZ//rN)__name__ __module__ __qualname____doc__rrrrrrs8((00000rrc|}dd|zfD]}tj||}||dkr't d|d||ddkrt d|z|dd | |d |z| |#tj $r'}|j \}}|tj krnYd}~ d}~wwxYwd D]}tj||}|| dkr't d|d| |ddkrt d|d |d |dd | |d |z| |#tj $r'} | j \}}|tj krnYd} ~ d} ~ wwxYwdS)Nz3CN=Enterprise,CN=Microsoft System Volumes,CN=Systemz+CN=%s,CN=Microsoft System Volumes,CN=SystemFzFailed constructing DN z by adding base zCN=Xz.Failed constructing DN %s by adding child CN=XrCNzRemoving Sysvol reference: %s)zMCN=Domain System Volumes (SYSVOL share),CN=File Replication Service,CN=SystemzDCN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=Systemz% by adding child CN=X (soon to be CN=))domain_dns_nameldbDnadd_baseget_config_basednr add_child set_componentinfodeleterargsERR_NO_SUCH_OBJECTget_default_basedn) samdbloggerdc_namerealmsdneenumestre1s rremove_sysvol_referencesr8's  ! ! # #EC;eCE VE1   ;;u..00 1 1U : :!/%'RR)@)@)B)B)B#DEE E <<  5 ( (!"R%'#)** * D'***  KK7"< = = = LL    |   6LT4s--- VVE1   ;;u//11 2 2e ; ;!/%'RR)A)A)C)C)C#EFF F <<  5 ( (!/?Arr777#LMM M D'***  KK7"< = = = LL    |   7LT4s--- !s0 -C77D-D((D-#-HI IIFc dtjdgdg}t|dkrdS|} |\}nk#t $r^}|j\}} |tj ks|tj kr|rt|||Yd}~dStd|d| d}~wwxYw |gdtjdg } t| d ksJ| dd} fd tfd | D} fd | D]} |d| z| \}}nH#t $r;}|j\}} |tj krYd}~dStd| d| d}~wwxYwt|}fd|D}t||krN|d| t||t|z fz | |t|||dS)Nz.(&(objectClass=dnsZone)(!(dc=RootDNSServers)))search_options:0:2)basescope expressionattrscontrolsrz lookup of z failed: namingContextsr=r?ctj|dddS)N/rCr)r#r$ canonical_strsplit)r3r.s rdns_name_from_dnz/remove_dns_references..dns_name_from_dns8 veR  ..0066sA>>qAArc3HK|]}t|VdSr)str).0r3rHs r z(remove_dns_references..s5 6 6Bs2ww'' 6 6 6 6 6 6rc|jtks|jtkr(D]%}|j|jkr|j|jkrdS&dSNTF)wTyper r data) dnsRecordrec primary_recss ra_rec_to_removez.remove_dns_references..a_rec_to_removesU ?j ( (IO},L,L#  9 //CH 4N4N44urz(checking for DNS records to remove on %sc*g|]}| |Srr)rKrrTs r z)remove_dns_references..s(>>>??1+=+=>!>>>r1updating %s keeping %d values, removing %s values)searchr# SCOPE_SUBTREElenupper dns_lookup RuntimeErrorr+r"WERR_DNS_ERROR_NAME_DOES_NOT_EXISTWERR_DNS_ERROR_RCODE_NAME_ERRORremove_hanging_dns_referencesr dns_replace SCOPE_BASEsetdebugr))r.r/ dnsHostNameignore_no_namezonesdnsHostNameUpperr3e4r5r6resncsa_names_to_remove_froma_namea_rec_dna_recse2 orig_num_recsrTrHrSs` @@@rremove_dns_referencesrsZs' LLb(9$T!#7"8  : :E 5zzQ"((** O"--k::\\  O O Ow t F= = = F: : : 5-eV.>.3555 FFFFFo;;;MNNN O k2&&& ,,r ^4D3E  G GC s88q==== a&! "CBBBBB  6 6 6 6# 6 6 6 6 6).. N LLCfL M M M!&!1!1&!9!9 Xvv N N N7LT4v@@@!/vvvtt"LMM M  N F >>>>V>>> v;;- ' ' KKKVmc&kk.IJK L L L   ff - - -!%1A5IIIIIs<A-- C7>C;CC0F GG:GGc  fd |D]}|d|jz||jtjddg}|D]} |d}n#t $rYwxYw fd|D}t |t |kre|d|jt |t |t |z fz||j|dS)NcDttj|}|jtks |jt ks|jt kr |jkrdSn4|jtkr$|jj krdSdSrN) rrDnssrvRpcRecordrOrr r rPr\r nameTarget)rrQris r to_removez0remove_hanging_dns_references..to_removest3U;; ?k ) )o//o--~##%%)999t: _ , ,~(..004DDDturz checking %sz/(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))rQ)r<r=r>r?cZg|]'}| ttj|(Sr)rrrv)rKvrxs rrWz1remove_hanging_dns_references..sI@@@))A,,@j!5q99@@@rrX) rer3rYr#rZKeyErrorr[r)dns_replace_by_dn) r.r/rirhzonerecordsrecord orig_valuesvaluesrxs ` @rrarasq     ;; ]TW,---,,DG33D+:&1]44 ; ;F $[1     @@@@*@@@F6{{c+.... O%y#f++";//#f++=??@@@ '' 6:::# ; ;;sA  A-,A-c>|dtjdg}t|dksJ|ddd} ||gdtjd} | d} t | d d} tj|| d dd } n#t$rd} YnwxYw t | d d}n#t$rd}YnwxYw|r||d g| %|| dgdtj}d|dvrNt |ddd}| d|z||d|dvrNt |ddd}| d|z|||r/| d| z|| d gd | vrt | d d}|r|dtj | d|dgtj | }t|dkrC| d|dj z||dj ||rt||||rt||| dSdS)Nr: dsServiceNamerBrCr)serverReferencecnrfz(objectClass=server)r<r?r=r>rrutf8rf tree_delete:0zobjectclass=computer)msDS-KrbTgtLinkrIDSetReferencesrr<r>r?r=rzRemoving RID Set: %srzRemoving RODC KDC account: %sz5Removing computer account: %s (and any child objects)z(&(objectclass=user)(cn=dns-z)(servicePrincipalName=DNS/z)))r>r?r=r<z/Removing Samba-specific DNS service account: %s)rYr#rcr[rJr$decoder{r*r) binary_encoderZr-r3rsr8)r.r/ server_dnremove_computer_objremove_server_objremove_sysvol_objremove_dns_namesremove_dns_accountrkmy_serviceNamemsgsmsgr0 computer_dnrf computer_msgs rid_set_dnkrbtgt_link_dns roffline_remove_serverrs ,,r ^O3D  F FC s88q====VO,Q/N < %;; q!1 1 1]1-.@A!DEEJ KK.; < < < LL $ $ $  a 0 0 0 q!12C!DQ!GHHN KK7.H I I I LL ( ( (  9 KKOR]] ^ ^ ^ LL&7 8 8 8 C  c-0344K$lll-g6666 'E!#3+< % 8 8 : :<< s88q== KKICPQFIU V V V LLQ # # ##3eV[9999 8888899s$4C CCC:: D D c |dtjdg} t| dksJtj|| dddd} |} | |krtd| z ||dd gtj } n?#t$r2}|j \}}|tj krtd |zd}~wwxYwt| dkr&t|d | | d}|j d ks|j dkrtd|ztt j|d d}|rh||d|z}|D]9}|d|j z||j :|r|dtjd|zdg}|D]}t-| }tj}|j |_ tj|tjd|d<|d|j d| d|| |d|z||dgn.#t$r!}|j \}}td|zd}~wwxYwt9||| ||||| dS)Nr:rrBrCrrz#Refusing to demote our own DSA: %s zobjectClass=ntdsDSA objectGUIDrzGiven DN %s doesn't existz is not an ntdsda in r z NTDS Settingsz)Given DN (%s) wasn't the NTDS Settings DNz5(&(objectclass=nTDSConnection)(fromServer=)))r<r>zRemoving nTDSConnection: %sz(fsmoRoleOwner=))r;)r<r=r>r@ fsmoRoleOwnerrzSeizing FSMO role on: z (now owned by r!z'Removing nTDSDSA: %s (and any children)rz,Failed to remove the DCs NTDS DSA object: %srrrrr)rYr#rcr[r$rparentrrr+r,r"r3 get_rdn_name get_rdn_valuerrGUIDr&r)r*rZrJMessageMessageElementFLAG_MOD_REPLACEwarningmodifyr)r.r/ntds_dnrrremove_connection_objseize_stale_fsmorrrrkrrre5r5r6r ntds_guidstale_connectionsconnstale_fsmo_rolesrolevalme6s roffline_remove_ntds_dcr!s ,,r ^O3D  F FC s88q====VE3q6/#:1#=#D#DV#L#LMMN  I  CnTUUU||5J#/.HH w t 3) ) )!"="GHH H   D Q!(%*?*?*A*A*ACDD D q'C %% /11I%&'' '49c,&7&:;;I ""LLe.E.E.G.G5CEN5O)PP& " "D KK5? @ @ @ LL ! ! ! ! <| td|d | d| Yd} ~ nd} ~ wwxYwt| dkrT|:| t|d | t'|||dddddn$t)||| djddddddd |dS)N)hexz z(&(objectClass=server)(cn=%s)))r<r?r>zFailure checking if z is an server object in z: rz is not an AD DC in zCN=NTDS Settingsz(objectClass=ntdsdsa)rz is an NTDS DSA in Tr)rrrrrrr)transaction_startuuidUUID ValueErrorrYr&r#rrr+rr"r[transaction_cancelr3r$r%rcr,rrtransaction_commit) r.r/r0rrr server_msgse3r5r6 ntds_msgse7s r remove_dcrvsL  I$I'***  ) $$$ N,,E,C,C,E,E-/32),):7)C)C3D'EEKK  N N N7LT4!/%,WWe.C.C.E.E.E.Ett#MNN N N    ! !  $ $ & & &!%,WWe.C.C.E.E.E#GHH HN% & 233#####)$. :LLgRs~,C!EE :::w t 3) ) )II  $ $ & & &!/%//1111449:: : IIII: I!    $ $ & & &!%,WWe.C.C.E.E.E#GHH H eV'260404/315  7 7 7 7 7 uf(|37155904150426 8 8 8 8 sM4 E ?B?E  C 4B>>CBE  E #E55 G$?AGG$cx|t||d|dSr)start_transactionrcommit_transaction)r.rs r offline_remove_dc_RemoveDsServerrs> 5'4000 r)F)FFFFF)FFFFFFF)rr#rsambar samba.ndrr samba.dcerpcrrsamba.dcerpc.dnsprr r r r r Exceptionrr8rsrarrrrrrrrs&  ########////////////////00000i000000fMJMJMJMJ`(;(;(;Z/4,1,1+0-2 I9I9I9I9^05-216,1-2,1.3RARARARAjKKK\r