def _ds_bind(self, server_name): binding_str = "ncacn_ip_tcp:%s[seal]" % server_name drs = drsuapi.drsuapi(binding_str, self.get_loadparm(), self.get_credentials()) (drs_handle, supported_extensions) = drs_DsBind(drs) return (drs, drs_handle)
def __init__(self, binding_string, lp, creds, samdb): self.drs = drsuapi.drsuapi(binding_string, lp, creds) (self.drs_handle, self.supported_extensions) = drs_DsBind(self.drs) self.net = Net(creds=creds, lp=lp) self.samdb = samdb self.replication_state = self.net.replicate_init( self.samdb, lp, self.drs)
def drsuapi_connect(ctx): '''make a DRSUAPI connection to the server''' binding_options = "seal" if ctx.lp.get("log level") >= 5: binding_options += ",print" binding_string = "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options) ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds) (ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drs_DsBind(ctx.drsuapi)
def _ds_bind(self, server_name, creds=None): binding_str = "ncacn_ip_tcp:%s[seal]" % server_name if creds is None: creds = self.get_credentials() drs = drsuapi.drsuapi(binding_str, self.get_loadparm(), creds) (drs_handle, supported_extensions) = drs_DsBind(drs) return (drs, drs_handle)
def drsuapi_connect(ctx): """make a DRSUAPI connection to the naming master""" binding_options = "seal" if int(ctx.lp.get("log level")) >= 4: binding_options += ",print" binding_string = "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options) ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds) (ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drs_DsBind(ctx.drsuapi)
def __init__(self, binding_string, lp, creds, samdb, invocation_id): self.drs = drsuapi.drsuapi(binding_string, lp, creds) (self.drs_handle, self.supported_extensions) = drs_DsBind(self.drs) self.net = Net(creds=creds, lp=lp) self.samdb = samdb if not isinstance(invocation_id, misc.GUID): raise RuntimeError("Must supply GUID for invocation_id") if invocation_id == misc.GUID("00000000-0000-0000-0000-000000000000"): raise RuntimeError("Must not set GUID 00000000-0000-0000-0000-000000000000 as invocation_id") self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs, invocation_id)
def drsuapi_connect(ctx): '''make a DRSUAPI connection to the server''' binding_options = "seal" if ctx.lp.get("log level") >= 5: binding_options += ",print" binding_string = "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options) try: ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds) (ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drs_DsBind(ctx.drsuapi) except Exception, e: raise CommandError("DRS connection to %s failed" % ctx.server, e)
def get_supplemental_creds_drs(self): binding_str = "ncacn_ip_tcp:%s[seal]" % os.environ["SERVER"] dn = "cn=" + USER_NAME + ",cn=users," + self.base_dn drs = drsuapi.drsuapi(binding_str, self.get_loadparm(), self.creds) (drs_handle, supported_extensions) = drs_utils.drs_DsBind(drs) req8 = drsuapi.DsGetNCChangesRequest8() null_guid = misc.GUID() req8.destination_dsa_guid = null_guid req8.source_dsa_invocation_id = null_guid req8.naming_context = drsuapi.DsReplicaObjectIdentifier() req8.naming_context.dn = unicode(dn) req8.highwatermark = drsuapi.DsReplicaHighWaterMark() req8.highwatermark.tmp_highest_usn = 0 req8.highwatermark.reserved_usn = 0 req8.highwatermark.highest_usn = 0 req8.uptodateness_vector = None req8.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC | drsuapi.DRSUAPI_DRS_PER_SYNC | drsuapi.DRSUAPI_DRS_GET_ANC | drsuapi.DRSUAPI_DRS_NEVER_SYNCED | drsuapi.DRSUAPI_DRS_WRIT_REP) req8.max_object_count = 402 req8.max_ndr_size = 402116 req8.extended_op = drsuapi.DRSUAPI_EXOP_REPL_OBJ req8.fsmo_info = 0 req8.partial_attribute_set = None req8.partial_attribute_set_ex = None req8.mapping_ctr.num_mappings = 0 req8.mapping_ctr.mappings = None (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) obj_item = ctr.first_object obj = obj_item.object sc_blob = None for i in range(0, obj.attribute_ctr.num_attributes): attr = obj.attribute_ctr.attributes[i] if attid_equal(attr.attid, drsuapi.DRSUAPI_ATTID_supplementalCredentials): net_ctx = net.Net(self.creds) net_ctx.replicate_decrypt(drs, attr, 0) sc_blob = attr.value_ctr.values[0].blob sc = ndr_unpack(drsblobs.supplementalCredentialsBlob, sc_blob) return sc
def _drs_fetch_pfm(server, samdb, creds, lp): """Fetch prefixMap using DRS interface""" binding_str = "ncacn_ip_tcp:%s[print,seal]" % server drs = drsuapi.drsuapi(binding_str, lp, creds) (drs_handle, supported_extensions) = drs_DsBind(drs) print "DRS Handle: %s" % drs_handle req8 = drsuapi.DsGetNCChangesRequest8() dest_dsa = misc.GUID("9c637462-5b8c-4467-aef2-bdb1f57bc4ef") replica_flags = 0 req8.destination_dsa_guid = dest_dsa req8.source_dsa_invocation_id = misc.GUID(samdb.get_invocation_id()) req8.naming_context = drsuapi.DsReplicaObjectIdentifier() req8.naming_context.dn = unicode(samdb.get_schema_basedn()) req8.highwatermark = drsuapi.DsReplicaHighWaterMark() req8.highwatermark.tmp_highest_usn = 0 req8.highwatermark.reserved_usn = 0 req8.highwatermark.highest_usn = 0 req8.uptodateness_vector = None req8.replica_flags = replica_flags req8.max_object_count = 0 req8.max_ndr_size = 402116 req8.extended_op = 0 req8.fsmo_info = 0 req8.partial_attribute_set = None req8.partial_attribute_set_ex = None req8.mapping_ctr.num_mappings = 0 req8.mapping_ctr.mappings = None (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) pfm = ctr.mapping_ctr # check for schemaInfo element pfm_it = pfm.mappings[-1] assert pfm_it.id_prefix == 0 assert pfm_it.oid.length == 21 s = '' for x in pfm_it.oid.binary_oid: s += chr(x) pfm_schi = ndr_unpack(drsblobs.schemaInfoBlob, s) assert pfm_schi.marker == 0xFF # remove schemaInfo element pfm.num_mappings -= 1 return (pfm, pfm_schi)
def _drs_fetch_pfm(server, samdb, creds, lp): """Fetch prefixMap using DRS interface""" binding_str = "ncacn_ip_tcp:%s[print,seal]" % server drs = drsuapi.drsuapi(binding_str, lp, creds) (drs_handle, supported_extensions) = drs_DsBind(drs) print("DRS Handle: %s" % drs_handle) req8 = drsuapi.DsGetNCChangesRequest8() dest_dsa = misc.GUID("9c637462-5b8c-4467-aef2-bdb1f57bc4ef") replica_flags = 0 req8.destination_dsa_guid = dest_dsa req8.source_dsa_invocation_id = misc.GUID(samdb.get_invocation_id()) req8.naming_context = drsuapi.DsReplicaObjectIdentifier() req8.naming_context.dn = text_type(samdb.get_schema_basedn()) req8.highwatermark = drsuapi.DsReplicaHighWaterMark() req8.highwatermark.tmp_highest_usn = 0 req8.highwatermark.reserved_usn = 0 req8.highwatermark.highest_usn = 0 req8.uptodateness_vector = None req8.replica_flags = replica_flags req8.max_object_count = 0 req8.max_ndr_size = 402116 req8.extended_op = 0 req8.fsmo_info = 0 req8.partial_attribute_set = None req8.partial_attribute_set_ex = None req8.mapping_ctr.num_mappings = 0 req8.mapping_ctr.mappings = None (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) pfm = ctr.mapping_ctr # check for schemaInfo element pfm_it = pfm.mappings[-1] assert pfm_it.id_prefix == 0 assert pfm_it.oid.length == 21 s = '' for x in pfm_it.oid.binary_oid: s += chr(x) pfm_schi = ndr_unpack(drsblobs.schemaInfoBlob, s) assert pfm_schi.marker == 0xFF # remove schemaInfo element pfm.num_mappings -= 1 return (pfm, pfm_schi)
def drsuapi_connect(server, lp, creds): """Make a DRSUAPI connection to the server. :param server: the name of the server to connect to :param lp: a samba line parameter object :param creds: credential used for the connection :return: A tuple with the drsuapi bind object, the drsuapi handle and the supported extensions. :raise drsException: if the connection fails """ binding_options = "seal" if int(lp.get("log level")) >= 5: binding_options += ",print" binding_string = "ncacn_ip_tcp:%s[%s]" % (server, binding_options) try: drsuapiBind = drsuapi.drsuapi(binding_string, lp, creds) (drsuapiHandle, bindSupportedExtensions) = drs_DsBind(drsuapiBind) except Exception, e: raise drsException("DRS connection to %s failed: %s" % (server, e))
def drsuapi_connect(server, lp, creds): """Make a DRSUAPI connection to the server. :param server: the name of the server to connect to :param lp: a samba line parameter object :param creds: credential used for the connection :return: A tuple with the drsuapi bind object, the drsuapi handle and the supported extensions. :raise drsException: if the connection fails """ binding_options = "seal" if int(lp.get("log level")) >= 5: binding_options += ",print" binding_string = "ncacn_ip_tcp:{0!s}[{1!s}]".format(server, binding_options) try: drsuapiBind = drsuapi.drsuapi(binding_string, lp, creds) (drsuapiHandle, bindSupportedExtensions) = drs_DsBind(drsuapiBind) except Exception, e: raise drsException("DRS connection to {0!s} failed: {1!s}".format(server, e))
def drsuapi_connect(server, lp, creds): """Make a DRSUAPI connection to the server. :param server: the name of the server to connect to :param lp: a samba line parameter object :param creds: credential used for the connection :return: A tuple with the drsuapi bind object, the drsuapi handle and the supported extensions. :raise drsException: if the connection fails """ binding_options = "seal" if lp.log_level() >= 9: binding_options += ",print" binding_string = "ncacn_ip_tcp:%s[%s]" % (server, binding_options) try: drsuapiBind = drsuapi.drsuapi(binding_string, lp, creds) (drsuapiHandle, bindSupportedExtensions) = drs_DsBind(drsuapiBind) except Exception as e: raise drsException("DRS connection to %s failed: %s" % (server, e)) return (drsuapiBind, drsuapiHandle, bindSupportedExtensions)
def run(self, DEST_DC, SOURCE_DC, NC, add_ref=False, sync_forced=False, sync_all=False, full_sync=False, local=False, local_online=False, async_op=False, single_object=False, sambaopts=None, credopts=None, versionopts=None): self.server = DEST_DC self.lp = sambaopts.get_loadparm() self.creds = credopts.get_credentials(self.lp, fallback_machine=True) if local: self.drs_local_replicate(SOURCE_DC, NC, full_sync=full_sync, single_object=single_object, sync_forced=sync_forced) return if local_online: server_bind = drsuapi.drsuapi("irpc:dreplsrv", lp_ctx=self.lp) server_bind_handle = misc.policy_handle() else: drsuapi_connect(self) server_bind = self.drsuapi server_bind_handle = self.drsuapi_handle if not async_op: # Give the sync replication 5 minutes time server_bind.request_timeout = 5 * 60 samdb_connect(self) # we need to find the NTDS GUID of the source DC msg = self.samdb.search(base=self.samdb.get_config_basedn(), expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" % ( ldb.binary_encode(SOURCE_DC), ldb.binary_encode(SOURCE_DC)), attrs=[]) if len(msg) == 0: raise CommandError("Failed to find source DC %s" % SOURCE_DC) server_dn = msg[0]['dn'] msg = self.samdb.search(base=server_dn, scope=ldb.SCOPE_ONELEVEL, expression="(|(objectCategory=nTDSDSA)(objectCategory=nTDSDSARO))", attrs=['objectGUID', 'options']) if len(msg) == 0: raise CommandError("Failed to find source NTDS DN %s" % SOURCE_DC) source_dsa_guid = msg[0]['objectGUID'][0] dsa_options = int(attr_default(msg, 'options', 0)) req_options = 0 if not (dsa_options & dsdb.DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPL): req_options |= drsuapi.DRSUAPI_DRS_WRIT_REP if add_ref: req_options |= drsuapi.DRSUAPI_DRS_ADD_REF if sync_forced: req_options |= drsuapi.DRSUAPI_DRS_SYNC_FORCED if sync_all: req_options |= drsuapi.DRSUAPI_DRS_SYNC_ALL if full_sync: req_options |= drsuapi.DRSUAPI_DRS_FULL_SYNC_NOW if async_op: req_options |= drsuapi.DRSUAPI_DRS_ASYNC_OP try: drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options) except drs_utils.drsException as estr: raise CommandError("DsReplicaSync failed", estr) if async_op: self.message("Replicate from %s to %s was started." % (SOURCE_DC, DEST_DC)) else: self.message("Replicate from %s to %s was successful." % (SOURCE_DC, DEST_DC))
def _ds_bind(self, server_name): binding_str = "ncacn_ip_tcp:%s[print,seal]" % server_name drs = drsuapi.drsuapi(binding_str, self.get_loadparm(), self.get_credentials()) (drs_handle, supported_extensions) = drs_DsBind(drs) return (drs, drs_handle)
store_utdv = ndr_unpack(drsblobs.replUpToDateVectorBlob, store_utdv_blob) assert store_dn == dn #print "%s" % ndr_print(store_hwm) #print "%s" % ndr_print(store_utdv) except Exception: store_dn = dn store_hwm = drsuapi.DsReplicaHighWaterMark() store_hwm.tmp_highest_usn = 0 store_hwm.reserved_usn = 0 store_hwm.highest_usn = 0 store_utdv = None binding_str = "ncacn_ip_tcp:%s[spnego,seal]" % server drs_conn = drsuapi.drsuapi(binding_str, lp, creds) bind_info = drsuapi.DsBindInfoCtr() bind_info.length = 28 bind_info.info = drsuapi.DsBindInfo28() bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
def __init__(self, binding_string, lp, creds, samdb): self.drs = drsuapi.drsuapi(binding_string, lp, creds) (self.drs_handle, self.supported_extensions) = drs_DsBind(self.drs) self.net = Net(creds=creds, lp=lp) self.samdb = samdb self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs)
store_utdv_blob) assert store_dn == dn #print "%s" % ndr_print(store_hwm) #print "%s" % ndr_print(store_utdv) except Exception: store_dn = dn store_hwm = drsuapi.DsReplicaHighWaterMark() store_hwm.tmp_highest_usn = 0 store_hwm.reserved_usn = 0 store_hwm.highest_usn = 0 store_utdv = None binding_str = "ncacn_ip_tcp:%s[spnego,seal]" % server drs_conn = drsuapi.drsuapi(binding_str, lp, creds) bind_info = drsuapi.DsBindInfoCtr() bind_info.length = 28 bind_info.info = drsuapi.DsBindInfo28() bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2