def _ds_bind(self, server_name):
binding_str = "ncacn_ip_tcp:%s[seal]" % server_name
drs = drsuapi.drsuapi(binding_str, self.get_loadparm(),
self.get_credentials())
(drs_handle, supported_extensions) = drs_DsBind(drs)
return (drs, drs_handle)
def __init__(self, binding_string, lp, creds, samdb):
self.drs = drsuapi.drsuapi(binding_string, lp, creds)
(self.drs_handle, self.supported_extensions) = drs_DsBind(self.drs)
self.net = Net(creds=creds, lp=lp)
self.samdb = samdb
self.replication_state = self.net.replicate_init(
self.samdb, lp, self.drs)
def drsuapi_connect(ctx):
'''make a DRSUAPI connection to the server'''
binding_options = "seal"
if ctx.lp.get("log level") >= 5:
binding_options += ",print"
binding_string = "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options)
ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds)
(ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drs_DsBind(ctx.drsuapi)
def _ds_bind(self, server_name, creds=None):
binding_str = "ncacn_ip_tcp:%s[seal]" % server_name
if creds is None:
creds = self.get_credentials()
drs = drsuapi.drsuapi(binding_str, self.get_loadparm(), creds)
(drs_handle, supported_extensions) = drs_DsBind(drs)
return (drs, drs_handle)
def drsuapi_connect(ctx):
"""make a DRSUAPI connection to the naming master"""
binding_options = "seal"
if int(ctx.lp.get("log level")) >= 4:
binding_options += ",print"
binding_string = "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options)
ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds)
(ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drs_DsBind(ctx.drsuapi)
def __init__(self, binding_string, lp, creds, samdb, invocation_id):
self.drs = drsuapi.drsuapi(binding_string, lp, creds)
(self.drs_handle, self.supported_extensions) = drs_DsBind(self.drs)
self.net = Net(creds=creds, lp=lp)
self.samdb = samdb
if not isinstance(invocation_id, misc.GUID):
raise RuntimeError("Must supply GUID for invocation_id")
if invocation_id == misc.GUID("00000000-0000-0000-0000-000000000000"):
raise RuntimeError("Must not set GUID 00000000-0000-0000-0000-000000000000 as invocation_id")
self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs, invocation_id)
def __init__(self, binding_string, lp, creds, samdb, invocation_id):
self.drs = drsuapi.drsuapi(binding_string, lp, creds)
(self.drs_handle, self.supported_extensions) = drs_DsBind(self.drs)
self.net = Net(creds=creds, lp=lp)
self.samdb = samdb
if not isinstance(invocation_id, misc.GUID):
raise RuntimeError("Must supply GUID for invocation_id")
if invocation_id == misc.GUID("00000000-0000-0000-0000-000000000000"):
raise RuntimeError("Must not set GUID 00000000-0000-0000-0000-000000000000 as invocation_id")
self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs, invocation_id)
def drsuapi_connect(ctx):
'''make a DRSUAPI connection to the server'''
binding_options = "seal"
if ctx.lp.get("log level") >= 5:
binding_options += ",print"
binding_string = "ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options)
try:
ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds)
(ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drs_DsBind(ctx.drsuapi)
except Exception, e:
raise CommandError("DRS connection to %s failed" % ctx.server, e)
def get_supplemental_creds_drs(self):
binding_str = "ncacn_ip_tcp:%s[seal]" % os.environ["SERVER"]
dn = "cn=" + USER_NAME + ",cn=users," + self.base_dn
drs = drsuapi.drsuapi(binding_str, self.get_loadparm(), self.creds)
(drs_handle, supported_extensions) = drs_utils.drs_DsBind(drs)
req8 = drsuapi.DsGetNCChangesRequest8()
null_guid = misc.GUID()
req8.destination_dsa_guid = null_guid
req8.source_dsa_invocation_id = null_guid
req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
req8.naming_context.dn = unicode(dn)
req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
req8.highwatermark.tmp_highest_usn = 0
req8.highwatermark.reserved_usn = 0
req8.highwatermark.highest_usn = 0
req8.uptodateness_vector = None
req8.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
drsuapi.DRSUAPI_DRS_PER_SYNC |
drsuapi.DRSUAPI_DRS_GET_ANC |
drsuapi.DRSUAPI_DRS_NEVER_SYNCED |
drsuapi.DRSUAPI_DRS_WRIT_REP)
req8.max_object_count = 402
req8.max_ndr_size = 402116
req8.extended_op = drsuapi.DRSUAPI_EXOP_REPL_OBJ
req8.fsmo_info = 0
req8.partial_attribute_set = None
req8.partial_attribute_set_ex = None
req8.mapping_ctr.num_mappings = 0
req8.mapping_ctr.mappings = None
(level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
obj_item = ctr.first_object
obj = obj_item.object
sc_blob = None
for i in range(0, obj.attribute_ctr.num_attributes):
attr = obj.attribute_ctr.attributes[i]
if attid_equal(attr.attid,
drsuapi.DRSUAPI_ATTID_supplementalCredentials):
net_ctx = net.Net(self.creds)
net_ctx.replicate_decrypt(drs, attr, 0)
sc_blob = attr.value_ctr.values[0].blob
sc = ndr_unpack(drsblobs.supplementalCredentialsBlob, sc_blob)
return sc
def get_supplemental_creds_drs(self):
binding_str = "ncacn_ip_tcp:%s[seal]" % os.environ["SERVER"]
dn = "cn=" + USER_NAME + ",cn=users," + self.base_dn
drs = drsuapi.drsuapi(binding_str, self.get_loadparm(), self.creds)
(drs_handle, supported_extensions) = drs_utils.drs_DsBind(drs)
req8 = drsuapi.DsGetNCChangesRequest8()
null_guid = misc.GUID()
req8.destination_dsa_guid = null_guid
req8.source_dsa_invocation_id = null_guid
req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
req8.naming_context.dn = unicode(dn)
req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
req8.highwatermark.tmp_highest_usn = 0
req8.highwatermark.reserved_usn = 0
req8.highwatermark.highest_usn = 0
req8.uptodateness_vector = None
req8.replica_flags = (drsuapi.DRSUAPI_DRS_INIT_SYNC |
drsuapi.DRSUAPI_DRS_PER_SYNC |
drsuapi.DRSUAPI_DRS_GET_ANC |
drsuapi.DRSUAPI_DRS_NEVER_SYNCED |
drsuapi.DRSUAPI_DRS_WRIT_REP)
req8.max_object_count = 402
req8.max_ndr_size = 402116
req8.extended_op = drsuapi.DRSUAPI_EXOP_REPL_OBJ
req8.fsmo_info = 0
req8.partial_attribute_set = None
req8.partial_attribute_set_ex = None
req8.mapping_ctr.num_mappings = 0
req8.mapping_ctr.mappings = None
(level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
obj_item = ctr.first_object
obj = obj_item.object
sc_blob = None
for i in range(0, obj.attribute_ctr.num_attributes):
attr = obj.attribute_ctr.attributes[i]
if attid_equal(attr.attid,
drsuapi.DRSUAPI_ATTID_supplementalCredentials):
net_ctx = net.Net(self.creds)
net_ctx.replicate_decrypt(drs, attr, 0)
sc_blob = attr.value_ctr.values[0].blob
sc = ndr_unpack(drsblobs.supplementalCredentialsBlob, sc_blob)
return sc
def _drs_fetch_pfm(server, samdb, creds, lp):
"""Fetch prefixMap using DRS interface"""
binding_str = "ncacn_ip_tcp:%s[print,seal]" % server
drs = drsuapi.drsuapi(binding_str, lp, creds)
(drs_handle, supported_extensions) = drs_DsBind(drs)
print "DRS Handle: %s" % drs_handle
req8 = drsuapi.DsGetNCChangesRequest8()
dest_dsa = misc.GUID("9c637462-5b8c-4467-aef2-bdb1f57bc4ef")
replica_flags = 0
req8.destination_dsa_guid = dest_dsa
req8.source_dsa_invocation_id = misc.GUID(samdb.get_invocation_id())
req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
req8.naming_context.dn = unicode(samdb.get_schema_basedn())
req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
req8.highwatermark.tmp_highest_usn = 0
req8.highwatermark.reserved_usn = 0
req8.highwatermark.highest_usn = 0
req8.uptodateness_vector = None
req8.replica_flags = replica_flags
req8.max_object_count = 0
req8.max_ndr_size = 402116
req8.extended_op = 0
req8.fsmo_info = 0
req8.partial_attribute_set = None
req8.partial_attribute_set_ex = None
req8.mapping_ctr.num_mappings = 0
req8.mapping_ctr.mappings = None
(level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
pfm = ctr.mapping_ctr
# check for schemaInfo element
pfm_it = pfm.mappings[-1]
assert pfm_it.id_prefix == 0
assert pfm_it.oid.length == 21
s = ''
for x in pfm_it.oid.binary_oid:
s += chr(x)
pfm_schi = ndr_unpack(drsblobs.schemaInfoBlob, s)
assert pfm_schi.marker == 0xFF
# remove schemaInfo element
pfm.num_mappings -= 1
return (pfm, pfm_schi)
def _drs_fetch_pfm(server, samdb, creds, lp):
"""Fetch prefixMap using DRS interface"""
binding_str = "ncacn_ip_tcp:%s[print,seal]" % server
drs = drsuapi.drsuapi(binding_str, lp, creds)
(drs_handle, supported_extensions) = drs_DsBind(drs)
print("DRS Handle: %s" % drs_handle)
req8 = drsuapi.DsGetNCChangesRequest8()
dest_dsa = misc.GUID("9c637462-5b8c-4467-aef2-bdb1f57bc4ef")
replica_flags = 0
req8.destination_dsa_guid = dest_dsa
req8.source_dsa_invocation_id = misc.GUID(samdb.get_invocation_id())
req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
req8.naming_context.dn = text_type(samdb.get_schema_basedn())
req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
req8.highwatermark.tmp_highest_usn = 0
req8.highwatermark.reserved_usn = 0
req8.highwatermark.highest_usn = 0
req8.uptodateness_vector = None
req8.replica_flags = replica_flags
req8.max_object_count = 0
req8.max_ndr_size = 402116
req8.extended_op = 0
req8.fsmo_info = 0
req8.partial_attribute_set = None
req8.partial_attribute_set_ex = None
req8.mapping_ctr.num_mappings = 0
req8.mapping_ctr.mappings = None
(level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
pfm = ctr.mapping_ctr
# check for schemaInfo element
pfm_it = pfm.mappings[-1]
assert pfm_it.id_prefix == 0
assert pfm_it.oid.length == 21
s = ''
for x in pfm_it.oid.binary_oid:
s += chr(x)
pfm_schi = ndr_unpack(drsblobs.schemaInfoBlob, s)
assert pfm_schi.marker == 0xFF
# remove schemaInfo element
pfm.num_mappings -= 1
return (pfm, pfm_schi)
def drsuapi_connect(server, lp, creds):
"""Make a DRSUAPI connection to the server.
:param server: the name of the server to connect to
:param lp: a samba line parameter object
:param creds: credential used for the connection
:return: A tuple with the drsuapi bind object, the drsuapi handle
and the supported extensions.
:raise drsException: if the connection fails
"""
binding_options = "seal"
if int(lp.get("log level")) >= 5:
binding_options += ",print"
binding_string = "ncacn_ip_tcp:%s[%s]" % (server, binding_options)
try:
drsuapiBind = drsuapi.drsuapi(binding_string, lp, creds)
(drsuapiHandle, bindSupportedExtensions) = drs_DsBind(drsuapiBind)
except Exception, e:
raise drsException("DRS connection to %s failed: %s" % (server, e))
def drsuapi_connect(server, lp, creds):
"""Make a DRSUAPI connection to the server.
:param server: the name of the server to connect to
:param lp: a samba line parameter object
:param creds: credential used for the connection
:return: A tuple with the drsuapi bind object, the drsuapi handle
and the supported extensions.
:raise drsException: if the connection fails
"""
binding_options = "seal"
if int(lp.get("log level")) >= 5:
binding_options += ",print"
binding_string = "ncacn_ip_tcp:{0!s}[{1!s}]".format(server, binding_options)
try:
drsuapiBind = drsuapi.drsuapi(binding_string, lp, creds)
(drsuapiHandle, bindSupportedExtensions) = drs_DsBind(drsuapiBind)
except Exception, e:
raise drsException("DRS connection to {0!s} failed: {1!s}".format(server, e))
def drsuapi_connect(server, lp, creds):
"""Make a DRSUAPI connection to the server.
:param server: the name of the server to connect to
:param lp: a samba line parameter object
:param creds: credential used for the connection
:return: A tuple with the drsuapi bind object, the drsuapi handle
and the supported extensions.
:raise drsException: if the connection fails
"""
binding_options = "seal"
if lp.log_level() >= 9:
binding_options += ",print"
binding_string = "ncacn_ip_tcp:%s[%s]" % (server, binding_options)
try:
drsuapiBind = drsuapi.drsuapi(binding_string, lp, creds)
(drsuapiHandle, bindSupportedExtensions) = drs_DsBind(drsuapiBind)
except Exception as e:
raise drsException("DRS connection to %s failed: %s" % (server, e))
return (drsuapiBind, drsuapiHandle, bindSupportedExtensions)
def run(self, DEST_DC, SOURCE_DC, NC,
add_ref=False, sync_forced=False, sync_all=False, full_sync=False,
local=False, local_online=False, async_op=False, single_object=False,
sambaopts=None, credopts=None, versionopts=None):
self.server = DEST_DC
self.lp = sambaopts.get_loadparm()
self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
if local:
self.drs_local_replicate(SOURCE_DC, NC, full_sync=full_sync,
single_object=single_object,
sync_forced=sync_forced)
return
if local_online:
server_bind = drsuapi.drsuapi("irpc:dreplsrv", lp_ctx=self.lp)
server_bind_handle = misc.policy_handle()
else:
drsuapi_connect(self)
server_bind = self.drsuapi
server_bind_handle = self.drsuapi_handle
if not async_op:
# Give the sync replication 5 minutes time
server_bind.request_timeout = 5 * 60
samdb_connect(self)
# we need to find the NTDS GUID of the source DC
msg = self.samdb.search(base=self.samdb.get_config_basedn(),
expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" % (
ldb.binary_encode(SOURCE_DC),
ldb.binary_encode(SOURCE_DC)),
attrs=[])
if len(msg) == 0:
raise CommandError("Failed to find source DC %s" % SOURCE_DC)
server_dn = msg[0]['dn']
msg = self.samdb.search(base=server_dn, scope=ldb.SCOPE_ONELEVEL,
expression="(|(objectCategory=nTDSDSA)(objectCategory=nTDSDSARO))",
attrs=['objectGUID', 'options'])
if len(msg) == 0:
raise CommandError("Failed to find source NTDS DN %s" % SOURCE_DC)
source_dsa_guid = msg[0]['objectGUID'][0]
dsa_options = int(attr_default(msg, 'options', 0))
req_options = 0
if not (dsa_options & dsdb.DS_NTDSDSA_OPT_DISABLE_OUTBOUND_REPL):
req_options |= drsuapi.DRSUAPI_DRS_WRIT_REP
if add_ref:
req_options |= drsuapi.DRSUAPI_DRS_ADD_REF
if sync_forced:
req_options |= drsuapi.DRSUAPI_DRS_SYNC_FORCED
if sync_all:
req_options |= drsuapi.DRSUAPI_DRS_SYNC_ALL
if full_sync:
req_options |= drsuapi.DRSUAPI_DRS_FULL_SYNC_NOW
if async_op:
req_options |= drsuapi.DRSUAPI_DRS_ASYNC_OP
try:
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)
except drs_utils.drsException as estr:
raise CommandError("DsReplicaSync failed", estr)
if async_op:
self.message("Replicate from %s to %s was started." % (SOURCE_DC, DEST_DC))
else:
self.message("Replicate from %s to %s was successful." % (SOURCE_DC, DEST_DC))
def _ds_bind(self, server_name):
binding_str = "ncacn_ip_tcp:%s[print,seal]" % server_name
drs = drsuapi.drsuapi(binding_str, self.get_loadparm(), self.get_credentials())
(drs_handle, supported_extensions) = drs_DsBind(drs)
return (drs, drs_handle)
store_utdv = ndr_unpack(drsblobs.replUpToDateVectorBlob, store_utdv_blob)
assert store_dn == dn
#print "%s" % ndr_print(store_hwm)
#print "%s" % ndr_print(store_utdv)
except Exception:
store_dn = dn
store_hwm = drsuapi.DsReplicaHighWaterMark()
store_hwm.tmp_highest_usn = 0
store_hwm.reserved_usn = 0
store_hwm.highest_usn = 0
store_utdv = None
binding_str = "ncacn_ip_tcp:%s[spnego,seal]" % server
drs_conn = drsuapi.drsuapi(binding_str, lp, creds)
bind_info = drsuapi.DsBindInfoCtr()
bind_info.length = 28
bind_info.info = drsuapi.DsBindInfo28()
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
def __init__(self, binding_string, lp, creds, samdb):
self.drs = drsuapi.drsuapi(binding_string, lp, creds)
(self.drs_handle, self.supported_extensions) = drs_DsBind(self.drs)
self.net = Net(creds=creds, lp=lp)
self.samdb = samdb
self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs)
store_utdv_blob)
assert store_dn == dn
#print "%s" % ndr_print(store_hwm)
#print "%s" % ndr_print(store_utdv)
except Exception:
store_dn = dn
store_hwm = drsuapi.DsReplicaHighWaterMark()
store_hwm.tmp_highest_usn = 0
store_hwm.reserved_usn = 0
store_hwm.highest_usn = 0
store_utdv = None
binding_str = "ncacn_ip_tcp:%s[spnego,seal]" % server
drs_conn = drsuapi.drsuapi(binding_str, lp, creds)
bind_info = drsuapi.DsBindInfoCtr()
bind_info.length = 28
bind_info.info = drsuapi.DsBindInfo28()
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
