bddlZddlZddlZddlZddlZddlZddlZddlZddlZddl m Z ddl m Z mZddlZddlmZddlmZddlmZddlmZmZmZddlmZddlmZmZmZdd l m!Z!dd l"m#Z#m$Z$dd l%m&Z&m'Z'm(Z(dd lm)Z)d dl*m+Z+ddl,m-Z-m.Z.ddl/m0Z0ddl1m2Z2ddl,m3Z3ddl4m5Z5ddl6Z6ddl,m7Z7m8Z8m9Z9ddl:m;Z;mm?Z?ddl@mAZAddlBZBddlCmDZDddlmEZEddlFmGZGddlHmIZIddlJmKZKdZLdZMdZNd ZOd!ZP d0d"ZQd#ZRd$ZSd%ZTGd&d'ejUjVZWGd(d)e+ZXGd*d+ejUjVZYGd,d-ejUjVZZGd.d/ejUj[Z\dS)1N)SamDBget_default_backend_store)LdbError)libsmb_samba_internal)param) backup_onlinebackup_restorebackup_offline)system_session) DCJoinContext join_cloneDCCloneAndRenameContext)dom_sid)Option CommandError)miscsecuritydrsblobs)Ldb)cmd_fsmo_seize) make_smbconf DEFAULTSITE)update_krbtgt_account_password) remove_dc)secretsdb_self_join)dbcheck) guess_namesdetermine_host_ipdetermine_host_ip6)fill_dns_data_partitionsget_dnsadmins_sidget_domainguid)tdb_copy)mdb_copy)CalledProcessError)sites)_dsdb_load_udv_v2)ndr_pack)SMB_SIGNING_REQUIREDc |}nL#t$r?}|d|dtd|d}~wwxYwt |}t |dzt |z} |tj d|zgddg}t|d krtd |ztd |d |d j d#tj$r%}|j \}} |tj krYd}~nd}~wwxYwt |dzt |zS)Nz}A SID could not be allocated for restoring the domain. Either no RID Set was found on this DC, or the RID Set was not usable.zTo initialise this DC's RID pools, obtain a RID Set from this domain's RID master, or run samba-tool dbcheck to fix the existing RID Set.zCannot create backup-show_deleted:1zshow_recycled:1)scopebaseattrscontrolsrz]Cannot create backup - this DC's RID pool is corrupt, the next SID (%s) appears to be in use.zCCannot create backup - this DC's RID pool is corrupt, the next SID z points to existing object rz1. Please run samba-tool dbcheck on the source DC.) next_free_ridrinforrget_domain_sidstrsearchldb SCOPE_BASElendnargsERR_NO_SUCH_OBJECT) samdbloggerriderrsidsid_for_restorereseenumemsgs CHH $$s- A :AA 'A.DE $EE ctj}||j|}|t tj|d||}|||S)z7Returns an SMB connection to the sysvol share on the DCsysvol)lpcreds) s3param get_contextload configfileget_smb_signingset_smb_signingr*libsmbConn)serverrLrMs3_lpsaved_signing_stateconns rHsmb_sysvol_connrZps   ! !E JJr} //11 ./// ;vxE ? ? ?D -... KctjddS)N:r,)datetimenow isoformatreplacer[rH get_timestamprcs3   " " , , . . 6 6sC @ @@r[cTd|d|d}tj||S)Nz samba-backup-r,z.tar.bz2)ospathjoin) targetdirnametime_strfilenames rHbackup_filepathrls,/3ttXXX>H 7<< 8 , ,,r[c|d|ztj|d}||d|dS)NzCreating backup file %s...w:bz2z./arcname)r4tarfileopenaddclose)r?tmpdirrltfs rHcreate_backup_tarrwsR KK,>??? ow / /BFF64F   HHJJJJJr[cttj|dd} tjd}|d|z|d|dz|d|d|d |d |d d |d  d|dt|z|r|d|z| dS#| wxYw)N backup.txtwz%Y-%b-%d %H:%M:%SzBackup created %s zUsing samba-tool version: %s z server stringzDomain z backup, using DC 'z' zBackup for domain workgroup (NetBIOS), realmz (DNS realm) z#Backup contains domain secrets: %s z%s ) rrrerfrgr^r_strftimewritegetlowerr6rt)rhrL backup_typerVinclude_secrets extra_infofrjs rHcreate_log_filers] RW\\)\ 2 2C88A $((**334GHH %0111 0266/3J3JJKKK {{{FFFKLLL  $$$$bffWoo&;&;&=&=&=&=? @ @ @ 6_9M9MMNNN  ) GGFZ' ( ( (   s D#E))E?ctj}tj|d|_tj|tj|||<||dS)N @SAMBA_DSDB)r8MessageDnr;MessageElement FLAG_MOD_ADDmodify)r>markervaluems rHadd_backup_markerrsN A 6% ' 'AD"5#*:FCCAfI LLOOOOOr[c$|tdtj|s.|d|ztj|dStj|std|zdS)NzTarget directory requiredzCreating targetdir %s...z%s is not a directory)rrerfexistsr4makedirsisdir)r?rhs rHcheck_targetdirrs6777 7>>) $ $@ .:;;; I W]]9 % %@2Y>???@@r[c|}d|dtjd}d|d}||t j|}t|dd}tj dd }| d |d || d |z| ||d |dS)zASets a randomly generated password for the backup DB's admin userz (objectsid=r,)z(&(objectClass=user))r0r/ expressionrsamaccountname zSetting z password in backup to: z7Run 'samba-tool user setpassword %s' after restoring DBF)force_change_at_next_loginusernameN) r5rDOMAIN_RID_ADMINISTRATORr7 domain_dnr8 SCOPE_SUBTREEr6sambagenerate_random_passwordr4 setpassword)r?r> domainsid match_admin search_exprrDr adminpasss rHset_admin_passwordrs$$&&II)2)1)J)J)JLKK/:{{ --targetdir= sambaoptscredopts--serverThe DC to backuphelptype --targetdirz%Directory to write the backup file to)rr --no-secrets store_trueF-Exclude secret values from the backup createdactiondefaultr--backend-storechoice BACKENDSTOREtdbmdb7Specify the database backend to be used (default is %s)rmetavarchoicesrNc |}|tj|}||} |t dt||tj |} | } t|| || |d| |} | j } ~ td|z| t|}t||}|}|dt"j| d}t)||| }t+|||t/j| jt| jt|t6j }t;}t=|d |t=|d |t=|d d |rt?||tA|||}tC| |d || tE|| |t/j| dS#t/j| wxYw)NServer requireddirSAMBA_INTERNAL)r?rMrLrrV dns_backendrh backend_storeldap://url credentials session_inforLz$Backing up sysvol files (via SMB)... sysvol.tar.gzrrrLflags backupDate sidForRestore backupTypeonline)# get_loggersetLevelloggingDEBUG get_loadparmget_credentialsrrtempfilemkdtempr pathsrr rIdomain_dns_namer4rerfrgrZrr5shutilrmtreerKr>r8FLG_DONT_CREATE_DBrcrrrlrrw)selfrrrVrh no_secretsrr?rLrMrurctxr remote_samnew_sidr} sysvol_tarsmb_connr>rj backup_files rHrunzcmd_domain_backup_online.runsg"" &&&  # # % %((,, >011 1 ***!i000).+ "F%B- ? ? ?fo>>J&vr599H (J 0I0I0K0K L L L M%, ' ' 'ek8H8HR # 6888E$H e\8 < < < e_g > > > e\8 < < < 2"65111*)UHEEK FB&/ J J J ffk : : : M& ! ! ! ! !FM& ! ! ! !s FI I )NNNNFN)__name__ __module__ __qualname____doc__synopsisoptions SambaOptionsCredentialsOptionstakes_optiongroupsrr6r takes_optionsrrbr[rHrrs  HH). z 2===}3; = = =~lEC E E E xu~!#<#<#>#>? @ @ @ MIM,0="="="="="="r[rc eZdZdZdZeddeeddeedd eed d d d edd ddeddegZej ej dZ dZ dZ dZdZdZdZ ddZdS)cmd_domain_backup_restoreaRestore the domain's DB from a backup-file. This restores a previously backed up copy of the domain's DB on a new DC. Note that the restored DB will not contain the original DC that the backup was taken from (or any other DCs in the original domain). Only the new DC (specified by --newservername) will be present in the restored DB. Samba can then be started against the restored DB. Any existing DCs for the domain should be shutdown before the new DC is started. Other DCs can then be joined to the new DC to recover the network. Note that this command should be run as the root user - it will fail otherwise.zQ%prog --backup-file= --targetdir= --newservername=z --backup-filezPath to backup filerrzPath to write toz--newservernamezName for new serverz --host-ipstring IPADDRESSzset IPv4 ipaddress)rrrz --host-ip6 IP6ADDRESSzset IPv6 ipaddressz--sitezSite to add the new server inrcft|}|j} |} |j} | } |j} t|}t|| }t|| }t|||}t|||}||td|d| z|dt|||| | | | | |||||ddS)zi Registers the new realm's DNS objects when a renamed domain backup is restored. Nz+Please specify a host-ip for the new serverzDNS realm was renamed to %sz*Populating DNS partitions for new realm...F)add_root)rdomaindnget_root_basednget_linearized dnsdomainr netbiosnamerr5r"r#rr rr4r!)rr?r>rLntdsguidhost_iphost_ip6sitenamesrforestdnr dnsforesthostnamer dnsadmins_sid domainguids rHregister_dns_zonez+cmd_domain_backup_restore.register_dns_zoneTsF B>((**99;;O))++  $**,,E002233 )%:: #E844 $FB88%fb(;; ?x/LMM M 1I=>>> @AAA ! 4!)9i!((J!. @ @ @ @ @ @r[c|t|dddd}t|ddddg}t|dd|d gz }d }d |g}||| |d S)z3Fixes attributes that reference the old/removed DCsTFquietfixyesin_transaction(fix_all_old_dn_string_component_mismatchALLlastKnownParentinterSiteTopologyGenerator!remove_plausible_deleted_DN_linkszmsDS-NC-Replica-Locationssearch_options:1:2r.)r2r1Ntransaction_startrsetattrcheck_databasetransaction_commit)rr>chkr1cross_ncs_ctrlr2s rHfix_old_dc_referencesz/cmd_domain_backup_restore.fix_old_dc_referencesus !!!e4Tu%)+++ ?GGG"$@A 8%@@@ -..-$n5 HE:::   """""r[clt}d|}||tj|}t |dkrP|d|tj ||||S)z5Creates the default site, if it doesn't already existz(&(cn={0})(objectclass=site))r/rrzCreating default site '{0}') rformatr7get_config_basednr8rr:r4r' create_site)rr>r?sitenamerrDs rHcreate_default_sitez-cmd_domain_backup_restore.create_default_sites5<%> I I Ir[c`gd}|tj|dtj|}tj}tj|d|_|D]/}||dvr#tjgtj|||<0||dS)z-Remove DB markers added by the backup process)r backupRenamerrrr0r/r1rN) r7r8rr9rr;rFLAG_MOD_DELETEr)rr>markersrDrattrs rHremove_backup_markersz/cmd_domain_backup_restore.remove_backup_markerssPOOllum < rDrs rHget_backup_typez)cmd_domain_backup_restore.get_backup_typesllum < partitionsncutdv utdv_blob new_valuers rHsave_uptodate_vectorsz/cmd_domain_backup_restore.save_uptodate_vectorss  B$UB//D!799I !I $(IM !"%d))IM  ++I A6%$$AD&)&89<9M9M'O'OA" # LLOOOO!  r[Nc |rtj|std|tdtj|rFtj|r2tjddkrtd|stdtj} | tj | tj tj|}tj|}t#j|} | || tj|dd} t-j| | d z|} | r-| d | zt-j| | t4j} | | tj|d }tj|d }t=|t?| t@j! }|"|}|>|#|| }| d$||%dt@j&dg}d|ddD}|dkr|'|||(| }tS| || |||}||_*||_+t4j,j-t4j,j.z|_/| dta| ||j1|j2|| d|%tAj3|dt@j&dg}|ddd}| dti|z |5tmti|no#tn$ra}|j8\}}|t@j9krg} |%tAj3|d|zt@j&dgdd g!}n2#tn$r%}|j8\}}|t@j:krYd}~nd}~wwxYwtw|d"kr|<d|ddd}|=d#}| >d$|z| >d%| >d&| >d'|ztd(|dj?d)|d*|d+d}~wwxYwtAj@}tAj3|d,|_?ti|jA} tAjBd-| zt@jCd.|d.<|D||d/kr |E| || |jA|||tj|d0}!t|!t?| t@j!1}"t|"|j1|j2|jH|jI|jJ|jK|jLtjN2 |O}#t5jP|Q}$d3|#fd4|$fg}%|%D]$\}&}'|'|vr|R|&|dddd56%d7D]}&|S|&|d56d8}(|%|Tt@jU|(9}|D]A}ti|d:d})|)|krt|| |)B|D]}*tAj@}+tAj3||*|+_?tAjBgt@jCd;|+d;<tAjBgt@jCd<|+d<<|D|+t|t|tj|d=},| d>d?}-tj|-stjX|-t|,|-|| tjZ|,| d@|[||\|| dA|z| dBdS)CNzBackup file not found.z!Please specify a target directorySAMBA_SELFTEST1zTarget directory is not emptyzServer name requiredetczsmb.confz.origz&Using %s as restored domain's smb.confprivatesam.ldbrzAdding new DC to site '{0}'namingContextsr+c,g|]}t|Srb)r6).0rs rH z1cmd_domain_backup_restore.run..s<< dsServiceNamer1z secrets.ldb)rrLr)domainr}rrr machinepasskey_version_numbersecure_channel_type domaindns forestdnsT)force)r@pdcnaminginfrastructureschemaz*(&(objectClass=Server)(serverReference=*))r#cnrepsFromrepsTorrfrKz4Fixing up any remaining references to the old DCs...z'Backup file successfully restored to %szEPlease check the smb.conf settings are correct before starting samba.)]rerfrrlistdirenvironrr getLoggerrr addHandler StreamHandlersysstdoutupperabspathrqrr extractallrtrgrcopyfileget_loadparm_pathr4rrLoadParmrPrr r8rr2r(r$r7r9rArr nc_list full_nc_listdsdbUF_SERVER_TRUST_ACCOUNTUF_TRUSTED_FOR_DELEGATIONuserAccountControlr domain_namer}rr6join_add_objectsrrr<ERR_CONSTRAINT_VIOLATIONr=r:schema_format_valuedecodeerrorr;r ntds_guidrr;rr rrrmynamedomsid acct_passrWr SEC_CHAN_BDCrdn_from_dns_nameforest_dns_nameseize_dns_role seize_roler%rrrrr remover!r/).rrrrrh newservernamerrrr?rvsmbconf cli_smbconfrL private_dir samdb_pathr>rrDncsrMrrBrErFrGdup_resdup_edup_enum_ objectguidrr| secrets_path secrets_ldbr forest_dn dns_rolesroler;rr`r=msgrdest_sysvol_dirs. rHrzcmd_domain_backup_restore.runs  9{ ; ; 9788 8  BCC C GNN9 % % @"*Y*?*? @ JNN+ , , 3 3>?? ? 7566 6"$$ &&&'/ ;;<<<&++-- GOOI.. \+ & & i     ',,y%<<7!2333 1133  2 KK@;N O O O OK 1 1 1 [ ! ! # # gll9i88 W\\+y99 *>3C3C2444**511 <++E6::D KK5<qz,7OPQ7RTTJ#**733J LL+.99 : : : LLR S S S LL3 4 4 4 LLG   , !( sssJJJ  @AA AG) AV KMMveZ(( &&  / i0G030D0?AA/  Q ( " "  " "65"cm#*Hd < < <w||K?? ,^5E5E" # 6888 K"%)s}(+ cj(+ /2/E040A  C C C COO%% *5+@+@+B+BCC !9-!9-/ ! O OHD"Syy##D%tT#NNNI 5 5D OOD%tO 4 4 4 4C ll52244CBGK_'_'_'_'_'_'r[rc eZdZdZdZejejdZe dde e dde e d d d d e dd d d e dddddgde zgZ ddgZ dZdZdZdZ ddZdS) cmd_domain_backup_renameaCopy a running DC's DB to backup file, renaming the domain in the process. Where is the new domain's NetBIOS name, and is the new domain's realm in DNS form. This is similar to 'samba-tool backup online' in that it clones the DB of a running DC. However, this option also renames all the domain entries in the DB. Renaming the domain makes it possible to restore and start a new Samba DC without it interfering with the existing Samba domain. In other words, you could use this option to clone your production samba domain and restore it to a separate pre-production environment that won't overlap or interfere with the existing production Samba domain. Note that: - it's recommended to run 'samba-tool dbcheck' before taking a backup-file and fix any errors it reports. - all the domain's secrets are included in the backup file. - although the DB contents can be untarred and examined manually, you need to run 'samba-tool domain backup restore' before you can start a Samba DC from the backup file. - GPO and sysvol information will still refer to the old realm and will need to be updated manually. - if you specify 'keep-dns-realm', then the DNS records will need updating in order to work (they will still refer to the old DC's IP instead of the new DC's address). - we recommend that you only use this option if you know what you're doing. zR%prog --server= --targetdir=rrrrrz"Directory to write the backup filez--keep-dns-realmrFz6Retain the DNS entries for the old realm in the backuprrrrrrrrrrnew_domain_name new_dns_realmc|}||tjdgd}|}|D]}|dD]} t | } |j} || vrtjd|z|| } | d| d| tj } | | _tj | tj d| d<| | |rS| d| d| tj | tjd| d<| | d S) z?Updates dnsRoot for the partition objects to reflect the renamednsRootz$(&(objectClass=crossRef)(dnsRoot=*))r0r/r1rz%s$zAdding z dnsRoot to z Removing z dnsRoot from N)get_partitions_dnr7r8SCOPE_ONELEVELrr6r;resubr4rrrrr,) rr?r> old_realmdelete_old_dns partitions_dnrD new_realmres_msgdns_rootr; new_dns_rootrs rHupdate_dns_rootz(cmd_domain_backup_rename.update_dns_roots//11 ll S5G"+&LNN))++  ( (G#I. ( (x==Z((#%6%)*;Y*2$4$4LKKK\\\22 NOOO AAD#l696F6?$A$AAiLLLOOO&( XXXEGR%IJJJ'*'9(:=:M:C(E(E)  Q- ( ( (r[ct|}tjt|}|}||tjdgd|z}|d|ztj}|dj |_ tj |tj d|d<| |d|d|} |d|dj d | | |dj | d g d S) z>Renames the domain parition object and updates its nETBIOSName nETBIOSNamez ncName=%srz+Changing backup domain's NetBIOS name to %srzCN=,z Renaming z --> zrelax:0r2N)get_default_basednr8 binary_encoder6rr7rr4rr;rr;rr1) rr?r>new_netbios_namebase_dnnc_namerrDrnew_dns rHrename_domain_partitionz0cmd_domain_backup_rename.rename_domain_partitions8 **,,#CLL11//11 ll S5G"/&1G&;==  A$% & & & KMM1vy-.>.1.B.;==-  Q 0//? CFIIIvv>??? SVY) =====r[cV|}d|d|}|d|z||dg|}d|d|}|d|z||dgdS)NzDC=z#,CN=MicrosoftDNS,DC=DomainDnsZones,zDeleting old DNS zone %sz tree_delete:1z DC=_msdcs.z#,CN=MicrosoftDNS,DC=ForestDnsZones,)rr4deleterr)rr?r>rbasednr;rs rHdelete_old_dns_zonesz-cmd_domain_backup_rename.delete_old_dns_zones+s))++=FYY O .3444 R/*+++((**99;;DMIIDLHN .3444 R/*+++++r[c|t|dddd}t|ddd}d|g}|||d S) z@Fixes attributes (i.e. objectCategory) that still use the old DNTFrrrrr.rNr)rr>rr r2s rHfix_old_dn_attributesz.cmd_domain_backup_rename.fix_old_dn_attributes8s !!!e4Tu%)+++ ?GGG-$n5 H---   """""r[Nc V|} | tj|} || } |t dt| || } |}| }tj |}| d|z| d|z| d|ztj|}| }t|||| | | |d|||  }|j}||kr#t#j|t d|j}||kr#t#j|t d ||`|j}t/d |z| t1| }t3|| }t4j|d }t;|| | }t=|||| |j!t/|j"t1| tFj$ }tK}tM|d|tM|d|tM|d|tM|dd|'| ||| |(| ||| r|)| ||| d|*||rtW| |tY|||}t[|| d||d|d|dt]| ||t#j|dS)Nrz"New realm for backed up domain: %sz$New base DN for backed up domain: %szNew domain NetBIOS name: %srr)r?rMrLrrrVrhrz+Cannot use the current domain NetBIOS name.z(Cannot use the current domain DNS realm.rrrrrrr*rr1z$Fixing DN attributes after rename...zOriginal domain r|z (DNS realm))/rrrINFOrrrrrrjrrr4rrrrvrrr}do_join local_samdbrrr rIrerfrgrZrr5rPrr>r8rrcrrrrrrrlrrw)rrrrrrVrhkeep_dns_realmrrr?rLrMr new_base_dnrurr old_domainrrrrrrr>rjrs rHrzcmd_domain_backup_rename.runFs"" %%%  # # % %((,, >011 1 ***++%++-- )//11,];;  8=HIII :[HIII 1OCDDD!i000).%k?&3F,1b6E2B-3v4A CCC_  ( ( M& ! ! !LMM MI  % % M& ! ! !IJJ J  O y61u(6(8(8RAAA %j&99 W\\&/:: "62u55h J,E,E,G,GHHH  %+N4D4D2444!??%x888%':::%;;;%x888 VUI~FFF $$VUODDD  @  % %feY ? ? ? :;;; ""5)))  . vu - - -&iII Hfoo#YYY0 1 1 1 &&+666 fr[)NNNNFFN)rrrrrrrrrrr6rr takes_argsrrrrrrbr[rHrrse8+H). z 2===}#G   !,L N N N~lEC E E E xu~!#<#<#>#>? @ @ @ M$_5J#(#(#(N>>>4 , , , # # #=AGL,0ggggggr[rcpeZdZdZdZdejiZedde gZ dZ dZ d Z d Zd Zd ZddZd S)cmd_domain_backup_offlineaBackup the local domain directories safely into a tar file. Takes a backup copy of the current domain from the local files on disk, with proper locking of the DB to ensure consistency. If the domain were to undergo a catastrophic failure, then the backup file can be used to recover the domain. An offline backup differs to an online backup in the following ways: - a backup can be created even if the DC isn't currently running. - includes non-replicated attributes that an online backup wouldn't store. - takes a copy of the raw database files, which has the risk that any hidden problems in the DB are preserved in the backup.z%prog [options]rrzOutput directory (required)rz .bak-offlinec||jz} t||dnm#t$r`} tj|nC#t $r6}t |dr|jtjkr Yd}~Yd}~dS|d}~wwxYw|d}~wwxYwtj |s$d}t| |dS)NT)readonlyerrnoz1tdbbackup said backup succeeded but {0} not found) backup_extr$r&rrr ExceptionhasattrrEINVALrerfrrr$)rrf backup_pathcopy_errrEss rHoffline_tdb_copyz*cmd_domain_backup_offline.offline_tdb_copysT_,   T; 6 6 6 6 6!       1g&&17el+B+BFFFFFFFFF N w~~k** 6CAqxx 4455 5 6 6s; B ?B A? %A:.B8A::A??BB c6t|||jzdSN)r%r)rrfs rHoffline_mdb_copyz*cmd_domain_backup_offline.offline_mdb_copystdo-.....r[cdtj|d}t|dz|tj}|d|z|||dz||dz| dS)Nsecrets.ldbrLrStarting transaction on .tdb) rerfrgrr8rr4rrtransaction_cancel)rrrLr?r secrets_objs rHbackup_secretsz(cmd_domain_backup_offline.backup_secretssw||K;; ,/B # 6888  .=>>>%%''' lV3444 lV3444&&(((((r[cFtj|d}d}|dtj|g}||dvo$t |d|ddk}d} d} |r1|d|j} | } n3|d|z|j } | |d |z| ||d z} tj | D]} tj| | } | d r$|d | z| | [| d r.|d| z| | |d| ztj| | |jzt#||} |r~ n|| S)NrG backendStorez @PARTITIONr+rrz1MDB backend detected. Using mdb backup function.rz backing up z.drz" backing up locked/related file rz$ tdbbackup of locked/related file z copying locked/related file )rerfrgr7r8r9r6r4rsearch_iteratorrrrcendswithrrmrrIr)rrr>rLr? sam_ldb_path store_labelrD mdb_backend res_iterator copy_function sam_ldb_dsam_filerBs rHbackup_smb_dbsz(cmd_domain_backup_offline.backup_smb_dbss:w||K;; % ll CN"-00!SV+TCF;4G4J0K0Ku0T    & KKK L L L 1M!0022LL KK2\A B B B 1M  # # % % % $|3444 l+++ 4'  9-- F FHw||Ix88H  (( F @8KLLL h''''""6** F BXMNNN%%h//// =HIII(T_*DEEEE!%00  '  $ $ & & & r[cF|j|jtj|jd}fd|D}|d\}}t|dkrt|d\}}|t|dz }|S)N)rFstaterEcHg|]\}}|||fSrb) startswith)rKrprfs rHrMz:cmd_domain_backup_offline.get_arc_path..1sA---FQ++-!Q---r[rrc,t|dS)Nr)r:)rs rHz8cmd_domain_backup_offline.get_arc_path..8sQqTr[)key) r state_dirrerfdirnameritemsr:max)rrf conf_paths backup_dirs matching_dirsarc_pathfs_paths ` rH get_arc_pathz&cmd_domain_backup_offline.get_arc_path-s","8 * 4 gooj.@AACC ----k.?.?.A.A--- )!,' }   ! ! #M7J7J K K K HgDW''r[Nc Ttj}|tj|tjt j|}tj || d}|j r$tj|j s<|d|j t'dt)|||j|jtj|jg}|dd|g}t7}|D]} tj| D]f\} } } | |jr"| dsd| vr<| tj|j dru| D]} tj| | } tj!|d }n(#tD$r|#|d Y^wxYw|j$|j%f|vrs| |j&rtj'|| dr|(||)|j$|j%fhtU|j tW|tXj- }|.|j|||/|j|||}|0}tcj2|}d}tg|j |j&ztW|d gtXj-}ti}tk|d|tk|d|tk|ddd}|D]}tj||j&zs|dr|d|ztg||tXj-}|6|d|7||8|dr-|d|z|7| tsj:|d}tj|d}twj<|d}|dd}tj||}t{|j||j||)||tj'|t}||ddd tj|d!}|)|tj?|tj'||d"|D]}|@||}tj||j&zr_|d#|z|j&zd$z|)||j&z|%tj'||j&z|ds|dr|d&|z|d'|z|)||%|AtjB|tj|d(|tjC||d)dS)*Nr}zNo database found at {0}zCPlease check you are root, and are running this command on an AD DCzrunning backup on dirs: {0} z.sockz.sock/dnsF)follow_symlinksz does not exist!rzmodules:)rrrLrrrrrrNrz!Starting transaction on solo db: rz% running tdbbackup on the same filerz#running tdbbackup on lone tdb file INCOMPLETEsambabackupfile)rprefixzsamba-backup.tar.bz2rnz&running offline ntacl backup of sysvolr localhostTryzbuilding backup tarz adding backup z to tar and deleting fileroz skipping z adding misc file zsamba-backup-{0}.tar.bz2zBackup succeeded.)Drrerrrfrgrhrirr provisionprovision_paths_from_lprr>rerfrr{r$rrrrrrr4rgsetwalkrrKr binddns_dirstatFileNotFoundErrorwarningst_inost_devrrappendrsrr r8rrrr5rrrrcrrrrrrrqrrr rbasenamerrtr1rmdir)rrrhr?rLrr all_files all_stats backup_dir working_dirr filenamesrk full_pathrr>rB dom_sid_strrrjrfldb_obj temp_tar_dir temp_tar_nametar sysvol_tar_fnr backup_fnrs rHrzcmd_domain_backup_offline.run=s"$$ &&&'/ ;;<<< # # % %77BFF7OOLL  Gu{ ; ; G LL3::5;GG H H H FGG G  *** (%/wu}557  188+9N9NOOPPP EE %% 8% 8J/1wz/B/B$ 8$ 8+a))%,77''00H 4K4K))"',,u7H%*P*PQQ )88H " [( C CI !GIuEEE,!!!)'E'E'EFFF !!(+y88  ((99! ),,,  ((11! $$Y///MM18QX"6777758$ 8R%+N4D4D2444 E-r6:::!!%"3UBGG**,, ";//  do5#1#3#3)l#2HJJJ!??%x888%#666%y999 0 0D7>>$"899 0==(( 0KK Cd JKKK!$2S5KLLLG--///KK GHHH))$///..0000]]6**0KK E LMMM))$/// 'I/JLLL  \3IJJ l='22 <===' W\\, >> u|ZHHH  M*** * b)[$GGGGLL|<<   27++I66777 ) )*** 0 0D((u55Hw~~dT_455 0 /(:T_L78999t.AAA $01111v&& 0$--*?*? 0 NX56666 2X=>>>h////  -',,y9@@JJLL M M M  '(((((sI(("J J )NN)rrrrrrrrrr6rrrrrrrrrbr[rHrrs @ @!HW) }1   M  J666&/// )))888v ])])])])])])r[rc`eZdZdZeeeedZdS)cmd_domain_backupz)Create or restore a backup of the domain.)rNrr1restoreN) rrrrrrrr subcommandsrbr[rHrrsP337799557755777799;;KKKr[rr)]r^rerhrqrrrrr samba.getoptgetoptr samba.samdbrrr8r samba.samba3rrTrrN samba.ntaclsrr r samba.authr samba.joinr r rsamba.dcerpc.securityr samba.netcmdrr samba.dcerpcrrrrfsmorsamba.provisionrrsamba.upgradehelpersrsamba.remove_dcrrsamba.dbcheckerrrrrr samba.provision.sambadnsr!r"r#samba.tdb_utilr$samba.mdb_utilr%r subprocessr&r' samba.dsdbr( samba.ndrr)samba.credentialsr*rIrZrcrlrwrrrrnetcmdCommandrrrr SuperCommandrrbr[rHr9si$   88888888 888888))))))FFFFFFFFFF%%%%%%IIIIIIIIII))))))--------1111111111!!!!!!55555555??????%%%%%%//////###### NNNNNNNNNN6666666666$########### ))))))((((((222222 -%-%-%`   AAA---  $,@@@))),_"_"_"_"_"u|3_"_"_"DA'A'A'A'A'A'A'A'H wwwwwu|3wwwtj)j)j)j)j) 4j)j)j)Z ;;;;; 1;;;;;r[