diff options
Diffstat (limited to '')
-rwxr-xr-x | source4/scripting/devel/getncchanges | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/source4/scripting/devel/getncchanges b/source4/scripting/devel/getncchanges new file mode 100755 index 0000000..a1a4d14 --- /dev/null +++ b/source4/scripting/devel/getncchanges @@ -0,0 +1,143 @@ +#!/usr/bin/env python3 + +# script to call a DRS GetNCChanges from the command line +# this is useful for plugfest testing +import sys +from optparse import OptionParser + +sys.path.insert(0, "bin/python") + +import samba, ldb +import samba.getopt as options +from samba.dcerpc import drsuapi, misc +from samba.samdb import SamDB +from samba.auth import system_session +from samba.ndr import ndr_unpack +from samba.drs_utils import drs_get_rodc_partial_attribute_set, drs_DsBind + + +########### main code ########### +if __name__ == "__main__": + parser = OptionParser("getncchanges [options] server") + sambaopts = options.SambaOptions(parser) + parser.add_option_group(sambaopts) + credopts = options.CredentialsOptionsDouble(parser) + parser.add_option_group(credopts) + + parser.add_option("", "--dn", dest="dn", help="DN to replicate",) + parser.add_option("", "--exop", dest="exop", help="extended operation",) + parser.add_option("", "--pas", dest="use_pas", action='store_true', default=False, + help="send partial attribute set (for RODC)") + parser.add_option("", "--nb-iter", type='int', help="Number of getncchange iterations") + parser.add_option("", "--dest-dsa", type='str', help="destination DSA GUID") + parser.add_option("", "--rodc", action='store_true', default=False, + help='use RODC replica flags') + parser.add_option("", "--partial-rw", action='store_true', default=False, + help='use RW partial replica flags, not be confused with --pas') + parser.add_option("", "--replica-flags", type='int', + default=drsuapi.DRSUAPI_DRS_INIT_SYNC | + drsuapi.DRSUAPI_DRS_PER_SYNC | + drsuapi.DRSUAPI_DRS_WRIT_REP | + drsuapi.DRSUAPI_DRS_GET_ANC | + drsuapi.DRSUAPI_DRS_NEVER_SYNCED, + help='replica flags') + + (opts, args) = parser.parse_args() + if opts.rodc: + opts.replica_flags = drsuapi.DRSUAPI_DRS_INIT_SYNC |\ + drsuapi.DRSUAPI_DRS_PER_SYNC |\ + drsuapi.DRSUAPI_DRS_GET_ANC |\ + drsuapi.DRSUAPI_DRS_NEVER_SYNCED |\ + drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING |\ + drsuapi.DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP + + if opts.partial_rw: + opts.replica_flags = drsuapi.DRSUAPI_DRS_INIT_SYNC |\ + drsuapi.DRSUAPI_DRS_PER_SYNC |\ + drsuapi.DRSUAPI_DRS_GET_ANC |\ + drsuapi.DRSUAPI_DRS_NEVER_SYNCED + + lp = sambaopts.get_loadparm() + creds = credopts.get_credentials(lp) + + if len(args) != 1: + parser.error("You must supply a server") + + if creds.is_anonymous(): + parser.error("You must supply credentials") + + if opts.partial_rw and opts.rodc: + parser.error("Can't specify --partial-rw and --rodc") + + server = args[0] + + binding_str = "ncacn_ip_tcp:%s[seal,print]" % server + + drs = drsuapi.drsuapi(binding_str, lp, creds) + drs_handle, supported_extensions = drs_DsBind(drs) + print("DRS Handle: %s" % drs_handle) + + req8 = drsuapi.DsGetNCChangesRequest8() + + samdb = SamDB(url="ldap://%s" % server, + session_info=system_session(), + credentials=creds, lp=lp) + + if opts.use_pas: + local_samdb = SamDB(url=None, session_info=system_session(), + credentials=creds, lp=lp) + + if opts.dn is None: + opts.dn = str(samdb.get_default_basedn()) + + if opts.exop is None: + exop = drsuapi.DRSUAPI_EXOP_NONE + else: + exop = int(opts.exop) + + dest_dsa = opts.dest_dsa + if not dest_dsa: + print("no dest_dsa specified trying to figure out from ldap") + msgs = samdb.search(controls=["search_options:1:2"], + expression='(objectclass=ntdsdsa)') + if len(msgs) == 1: + dest_dsa = str(ndr_unpack(misc.GUID, msgs[0]["invocationId"][0])) + print("Found this dsa: %s" % dest_dsa) + else: + # TODO fixme + pass + if not dest_dsa: + print("Unable to find the dest_dsa automatically please specify it") + import sys + sys.exit(1) + + null_guid = misc.GUID() + req8.destination_dsa_guid = misc.GUID(dest_dsa) + req8.source_dsa_invocation_id = misc.GUID(samdb.get_invocation_id()) + req8.naming_context = drsuapi.DsReplicaObjectIdentifier() + req8.naming_context.dn = opts.dn.decode("utf-8") + req8.highwatermark = drsuapi.DsReplicaHighWaterMark() + req8.highwatermark.tmp_highest_usn = 0 + req8.highwatermark.reserved_usn = 0 + req8.highwatermark.highest_usn = 0 + req8.uptodateness_vector = None + req8.replica_flags = opts.replica_flags + req8.max_object_count = 402 + req8.max_ndr_size = 402116 + req8.extended_op = exop + req8.fsmo_info = 0 + if opts.use_pas: + req8.partial_attribute_set = drs_get_rodc_partial_attribute_set(local_samdb) + else: + req8.partial_attribute_set = None + req8.partial_attribute_set_ex = None + req8.mapping_ctr.num_mappings = 0 + req8.mapping_ctr.mappings = None + + nb_iter = 0 + while True: + (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) + nb_iter += 1 + if ctr.more_data == 0 or opts.nb_iter == nb_iter: + break + req8.highwatermark = ctr.new_highwatermark |