mirror of
https://github.com/samba-team/samba.git
synced 2025-01-26 10:04:02 +03:00
c78eef6810
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
163 lines
5.9 KiB
Python
Executable File
163 lines
5.9 KiB
Python
Executable File
#!/usr/bin/python
|
|
|
|
|
|
from __future__ import print_function
|
|
import optparse
|
|
import sys
|
|
import base64
|
|
|
|
sys.path.insert(0, "bin/python")
|
|
|
|
import samba.getopt as options
|
|
from samba.dcerpc import drsblobs, misc
|
|
from samba.ndr import ndr_pack, ndr_unpack
|
|
from samba import Ldb
|
|
|
|
parser = optparse.OptionParser("get-descriptor [options]")
|
|
sambaopts = options.SambaOptions(parser)
|
|
credopts = options.CredentialsOptions(parser)
|
|
parser.add_option_group(credopts)
|
|
|
|
parser.add_option("-b", type="string", metavar="BASE",
|
|
help="set base DN for the search")
|
|
parser.add_option("--host", type="string", metavar="HOST",
|
|
help="Ip of the host")
|
|
|
|
lp = sambaopts.get_loadparm()
|
|
creds = credopts.get_credentials(lp)
|
|
|
|
opts = parser.parse_args()[0]
|
|
|
|
if opts.host is None:
|
|
print("Usage: demodirsync.py --host HOST [-b BASE]")
|
|
sys.exit(1)
|
|
|
|
def printdirsync(ctl):
|
|
arr = ctl.split(':')
|
|
if arr[0] == 'dirsync':
|
|
print("Need to continue: %s" % arr[1])
|
|
cookie = ndr_unpack(drsblobs.ldapControlDirSyncCookie, base64.b64decode(arr[3]))
|
|
print("DC's NTDS guid: %s " % cookie.blob.guid1)
|
|
print("highest usn %s" % cookie.blob.highwatermark.highest_usn)
|
|
print("tmp higest usn %s" % cookie.blob.highwatermark.tmp_highest_usn)
|
|
print("reserved usn %s" % cookie.blob.highwatermark.reserved_usn)
|
|
if cookie.blob.extra_length > 0:
|
|
print("highest usn in extra %s" % cookie.blob.extra.ctr.cursors[0].highest_usn)
|
|
return cookie
|
|
|
|
|
|
remote_ldb = Ldb("ldap://" + opts.host + ":389", credentials=creds, lp=lp)
|
|
tab = []
|
|
if opts.b:
|
|
base = opts.b
|
|
else:
|
|
base = None
|
|
|
|
guid = None
|
|
(msgs, ctrls) = remote_ldb.search(expression="(samaccountname=administrator)", base=base, attrs=["objectClass"], controls=["dirsync:1:1:50"])
|
|
if (len(ctrls)):
|
|
for ctl in ctrls:
|
|
arr = ctl.split(':')
|
|
if arr[0] == 'dirsync':
|
|
cookie = ndr_unpack(drsblobs.ldapControlDirSyncCookie, base64.b64decode(arr[3]))
|
|
guid = cookie.blob.guid1
|
|
pass
|
|
if not guid:
|
|
print("No dirsync control ... strange")
|
|
sys.exit(1)
|
|
|
|
print("")
|
|
print("Getting first guest without any cookie")
|
|
(msgs, ctrls) = remote_ldb.searchex(expression="(samaccountname=guest)", base=base, attrs=["objectClass"], controls=["dirsync:1:1:50"])
|
|
cookie = None
|
|
if (len(ctrls)):
|
|
for ctl in ctrls:
|
|
cookie = printdirsync(ctl)
|
|
print("Returned %d entries" % len(msgs))
|
|
|
|
savedcookie = cookie
|
|
|
|
print("")
|
|
print("Getting allusers with cookie")
|
|
controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
|
|
(msgs, ctrls) = remote_ldb.searchex(expression="(samaccountname=*)", base=base, attrs=["objectClass"], controls=controls)
|
|
if (len(ctrls)):
|
|
for ctl in ctrls:
|
|
cookie = printdirsync(ctl)
|
|
print("Returned %d entries" % len(msgs))
|
|
|
|
cookie = savedcookie
|
|
cookie.blob.guid1 = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
|
|
if cookie.blob.extra_length > 0:
|
|
cookie.blob.extra.ctr.cursors[0].source_dsa_invocation_id = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
|
|
|
|
print("")
|
|
print("Getting all the entries")
|
|
controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
|
|
(msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
|
|
cont = 0
|
|
if (len(ctrls)):
|
|
for ctl in ctrls:
|
|
cookie = printdirsync(ctl)
|
|
if cookie is not None:
|
|
cont = (ctl.split(':'))[1]
|
|
print("Returned %d entries" % len(msgs))
|
|
|
|
usn = cookie.blob.highwatermark.tmp_highest_usn
|
|
if cookie.blob.extra_length > 0:
|
|
bigusn = cookie.blob.extra.ctr.cursors[0].highest_usn
|
|
else:
|
|
bigusn = usn + 1000
|
|
while (cont == "1"):
|
|
print("")
|
|
controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
|
|
(msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
|
|
if (len(ctrls)):
|
|
for ctl in ctrls:
|
|
cookie = printdirsync(ctl)
|
|
if cookie is not None:
|
|
cont = (ctl.split(':'))[1]
|
|
print("Returned %d entries" % len(msgs))
|
|
|
|
print("")
|
|
print("Getting with cookie but usn changed to %d we should use the one in extra" % (bigusn - 1))
|
|
cookie.blob.highwatermark.highest_usn = 0
|
|
cookie.blob.highwatermark.tmp_highest_usn = usn - 2
|
|
if cookie.blob.extra_length > 0:
|
|
print("here")
|
|
cookie.blob.extra.ctr.cursors[0].highest_usn = bigusn - 1
|
|
controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
|
|
(msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
|
|
if (len(ctrls)):
|
|
for ctl in ctrls:
|
|
cookie = printdirsync(ctl)
|
|
print("Returned %d entries" % len(msgs))
|
|
|
|
print("")
|
|
print("Getting with cookie but usn %d changed and extra/cursor GUID too" % (usn - 2))
|
|
print(" so that it's (tmp)highest_usn that drives the limit")
|
|
cookie.blob.highwatermark.highest_usn = 0
|
|
cookie.blob.highwatermark.tmp_highest_usn = usn - 2
|
|
if cookie.blob.extra_length > 0:
|
|
cookie.blob.extra.ctr.cursors[0].source_dsa_invocation_id = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
|
|
cookie.blob.extra.ctr.cursors[0].highest_usn = bigusn - 1
|
|
controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
|
|
(msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
|
|
if (len(ctrls)):
|
|
for ctl in ctrls:
|
|
cookie = printdirsync(ctl)
|
|
print("Returned %d entries" % len(msgs))
|
|
|
|
print("")
|
|
print("Getting with cookie but usn changed to %d" % (usn - 2))
|
|
cookie.blob.highwatermark.highest_usn = 0
|
|
cookie.blob.highwatermark.tmp_highest_usn = (usn - 2)
|
|
if cookie.blob.extra_length > 0:
|
|
cookie.blob.extra.ctr.cursors[0].highest_usn = (usn - 2)
|
|
controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
|
|
(msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
|
|
if (len(ctrls)):
|
|
for ctl in ctrls:
|
|
cookie = printdirsync(ctl)
|
|
print("Returned %d entries" % len(msgs))
|