2010-08-23 06:47:51 +04:00
#!/usr/bin/env python
# script to call a DRS GetNCChanges from the command line
# this is useful for plugfest testing
import sys
from optparse import OptionParser
sys.path.insert(0, "bin/python")
2010-09-30 02:50:04 +04:00
import samba, ldb
2010-08-23 06:47:51 +04:00
import samba.getopt as options
from samba.dcerpc import drsuapi, misc
from samba.samdb import SamDB
from samba.auth import system_session
2012-10-24 09:12:08 +04:00
from samba.ndr import ndr_unpack
getncchanges script: use library code, not copied functions.
These functions were duplicates. To be exact, the diff -ub between what
getncchanges had, and what drs_uitls now has is this:
|@@ -1,4 +1,5 @@
|-def do_DsBind(drs):
|+def drs_DsBind(drs):
| '''make a DsBind call, returning the binding handle'''
| bind_info = drsuapi.DsBindInfoCtr()
| bind_info.length = 28
|@@ -32,7 +33,8 @@
| bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
| bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
| (info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info)
|- return handle
|+
|+ return (handle, info.info.supported_extensions)
|
|
| def drs_get_rodc_partial_attribute_set(samdb):
|@@ -43,7 +45,7 @@
| attids = []
|
| # the exact list of attids we send is quite critical. Note that
|- # we do ask for the secret attributes, but set set SPECIAL_SECRET_PROCESSING
|+ # we do ask for the secret attributes, but set SPECIAL_SECRET_PROCESSING
| # to zero them out
| schema_dn = samdb.get_schema_basedn()
| res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
|@@ -71,3 +73,4 @@
| partial_attribute_set.attids = attids
| partial_attribute_set.num_attids = len(attids)
| return partial_attribute_set
while the drs_utils code has changed in moving
drs_get_rodc_partial_attribute_set() out of the class.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-10-28 05:05:28 +03:00
from samba.drs_utils import drs_get_rodc_partial_attribute_set, drs_DsBind
2010-09-30 02:50:04 +04:00
2010-08-23 06:47:51 +04:00
########### main code ###########
if __name__ == "__main__":
parser = OptionParser("getncchanges [options] server")
sambaopts = options.SambaOptions(parser)
2010-09-20 22:31:11 +04:00
parser.add_option_group(sambaopts)
2010-08-23 06:47:51 +04:00
credopts = options.CredentialsOptionsDouble(parser)
parser.add_option_group(credopts)
parser.add_option("", "--dn", dest="dn", help="DN to replicate",)
parser.add_option("", "--exop", dest="exop", help="extended operation",)
2010-09-30 02:50:04 +04:00
parser.add_option("", "--pas", dest="use_pas", action='store_true', default=False,
2012-10-30 09:12:33 +04:00
help="send partial attribute set (for RODC)")
2011-08-04 19:59:49 +04:00
parser.add_option("", "--nb-iter", type='int', help="Number of getncchange iterations")
2012-10-24 09:12:08 +04:00
parser.add_option("", "--dest-dsa", type='str', help="destination DSA GUID")
2012-10-30 09:12:33 +04:00
parser.add_option("", "--rodc", action='store_true', default=False,
help='use RODC replica flags')
parser.add_option("", "--partial-rw", action='store_true', default=False,
help='use RW partial replica flags, not be confused with --pas')
2010-09-30 02:50:04 +04:00
parser.add_option("", "--replica-flags", type='int',
default=drsuapi.DRSUAPI_DRS_INIT_SYNC |
drsuapi.DRSUAPI_DRS_PER_SYNC |
2012-10-30 08:43:14 +04:00
drsuapi.DRSUAPI_DRS_WRIT_REP |
2010-09-30 02:50:04 +04:00
drsuapi.DRSUAPI_DRS_GET_ANC |
drsuapi.DRSUAPI_DRS_NEVER_SYNCED,
help='replica flags')
2010-08-23 06:47:51 +04:00
(opts, args) = parser.parse_args()
2012-10-30 09:12:33 +04:00
if opts.rodc:
opts.replica_flags = drsuapi.DRSUAPI_DRS_INIT_SYNC |\
drsuapi.DRSUAPI_DRS_PER_SYNC |\
drsuapi.DRSUAPI_DRS_GET_ANC |\
drsuapi.DRSUAPI_DRS_NEVER_SYNCED |\
drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING |\
drsuapi.DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
if opts.partial_rw:
opts.replica_flags = drsuapi.DRSUAPI_DRS_INIT_SYNC |\
drsuapi.DRSUAPI_DRS_PER_SYNC |\
drsuapi.DRSUAPI_DRS_GET_ANC |\
drsuapi.DRSUAPI_DRS_NEVER_SYNCED
2010-08-23 06:47:51 +04:00
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
if len(args) != 1:
parser.error("You must supply a server")
if creds.is_anonymous():
parser.error("You must supply credentials")
2012-10-30 09:12:33 +04:00
if opts.partial_rw and opts.rodc:
parser.error("Can't specify --partial-rw and --rodc")
2010-08-23 06:47:51 +04:00
server = args[0]
binding_str = "ncacn_ip_tcp:%s[seal,print]" % server
drs = drsuapi.drsuapi(binding_str, lp, creds)
getncchanges script: use library code, not copied functions.
These functions were duplicates. To be exact, the diff -ub between what
getncchanges had, and what drs_uitls now has is this:
|@@ -1,4 +1,5 @@
|-def do_DsBind(drs):
|+def drs_DsBind(drs):
| '''make a DsBind call, returning the binding handle'''
| bind_info = drsuapi.DsBindInfoCtr()
| bind_info.length = 28
|@@ -32,7 +33,8 @@
| bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
| bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
| (info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info)
|- return handle
|+
|+ return (handle, info.info.supported_extensions)
|
|
| def drs_get_rodc_partial_attribute_set(samdb):
|@@ -43,7 +45,7 @@
| attids = []
|
| # the exact list of attids we send is quite critical. Note that
|- # we do ask for the secret attributes, but set set SPECIAL_SECRET_PROCESSING
|+ # we do ask for the secret attributes, but set SPECIAL_SECRET_PROCESSING
| # to zero them out
| schema_dn = samdb.get_schema_basedn()
| res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
|@@ -71,3 +73,4 @@
| partial_attribute_set.attids = attids
| partial_attribute_set.num_attids = len(attids)
| return partial_attribute_set
while the drs_utils code has changed in moving
drs_get_rodc_partial_attribute_set() out of the class.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-10-28 05:05:28 +03:00
drs_handle, supported_extensions = drs_DsBind(drs)
2010-08-23 06:47:51 +04:00
print "DRS Handle: %s" % drs_handle
req8 = drsuapi.DsGetNCChangesRequest8()
samdb = SamDB(url="ldap://%s" % server,
session_info=system_session(),
credentials=creds, lp=lp)
2010-09-30 02:50:04 +04:00
if opts.use_pas:
local_samdb = SamDB(url=None, session_info=system_session(),
credentials=creds, lp=lp)
2010-08-23 06:47:51 +04:00
if opts.dn is None:
opts.dn = str(samdb.get_default_basedn())
if opts.exop is None:
exop = drsuapi.DRSUAPI_EXOP_NONE
else:
exop = int(opts.exop)
2012-10-24 09:12:08 +04:00
dest_dsa = opts.dest_dsa
if not dest_dsa:
print "no dest_dsa specified trying to figure out from ldap"
msgs = samdb.search(controls=["search_options:1:2"],
expression='(objectclass=ntdsdsa)')
if len(msgs) == 1:
dest_dsa = str(ndr_unpack(misc.GUID, msgs[0]["invocationId"][0]))
print "Found this dsa: %s" % dest_dsa
else:
# TODO fixme
pass
if not dest_dsa:
print "Unable to find the dest_dsa automatically please specify it"
import sys
sys.exit(1)
2010-08-23 06:47:51 +04:00
null_guid = misc.GUID()
2012-10-24 09:12:08 +04:00
req8.destination_dsa_guid = misc.GUID(dest_dsa)
2010-08-23 06:47:51 +04:00
req8.source_dsa_invocation_id = misc.GUID(samdb.get_invocation_id())
req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
req8.naming_context.dn = opts.dn.decode("utf-8")
req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
req8.highwatermark.tmp_highest_usn = 0
req8.highwatermark.reserved_usn = 0
req8.highwatermark.highest_usn = 0
req8.uptodateness_vector = None
2010-09-30 02:50:04 +04:00
req8.replica_flags = opts.replica_flags
2010-08-23 06:47:51 +04:00
req8.max_object_count = 402
req8.max_ndr_size = 402116
req8.extended_op = exop
req8.fsmo_info = 0
2010-09-30 02:50:04 +04:00
if opts.use_pas:
req8.partial_attribute_set = drs_get_rodc_partial_attribute_set(local_samdb)
else:
req8.partial_attribute_set = None
2010-08-23 06:47:51 +04:00
req8.partial_attribute_set_ex = None
req8.mapping_ctr.num_mappings = 0
req8.mapping_ctr.mappings = None
2011-08-04 19:59:49 +04:00
nb_iter = 0
2010-09-30 02:50:04 +04:00
while True:
(level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
2011-08-04 19:59:49 +04:00
nb_iter += 1
if ctr.more_data == 0 or opts.nb_iter == nb_iter:
2010-09-30 02:50:04 +04:00
break
2012-12-18 17:46:23 +04:00
req8.highwatermark = ctr.new_highwatermark