| blob | a1a4d14d6212aa119175b01ee3915f5810e5626f |
1 #!/usr/bin/env python3
3 # script to call a DRS GetNCChanges from the command line
4 # this is useful for plugfest testing
5 import sys
6 from optparse import OptionParser
8 sys.path.insert(0, "bin/python")
10 import samba, ldb
11 import samba.getopt as options
12 from samba.dcerpc import drsuapi, misc
13 from samba.samdb import SamDB
14 from samba.auth import system_session
15 from samba.ndr import ndr_unpack
16 from samba.drs_utils import drs_get_rodc_partial_attribute_set, drs_DsBind
19 ########### main code ###########
20 if __name__ == "__main__":
21 parser = OptionParser("getncchanges [options] server")
22 sambaopts = options.SambaOptions(parser)
23 parser.add_option_group(sambaopts)
24 credopts = options.CredentialsOptionsDouble(parser)
25 parser.add_option_group(credopts)
27 parser.add_option("", "--dn", dest="dn", help="DN to replicate",)
28 parser.add_option("", "--exop", dest="exop", help="extended operation",)
29 parser.add_option("", "--pas", dest="use_pas", action='store_true', default=False,
30 help="send partial attribute set (for RODC)")
31 parser.add_option("", "--nb-iter", type='int', help="Number of getncchange iterations")
32 parser.add_option("", "--dest-dsa", type='str', help="destination DSA GUID")
33 parser.add_option("", "--rodc", action='store_true', default=False,
34 help='use RODC replica flags')
35 parser.add_option("", "--partial-rw", action='store_true', default=False,
36 help='use RW partial replica flags, not be confused with --pas')
37 parser.add_option("", "--replica-flags", type='int',
38 default=drsuapi.DRSUAPI_DRS_INIT_SYNC |
39 drsuapi.DRSUAPI_DRS_PER_SYNC |
40 drsuapi.DRSUAPI_DRS_WRIT_REP |
41 drsuapi.DRSUAPI_DRS_GET_ANC |
42 drsuapi.DRSUAPI_DRS_NEVER_SYNCED,
43 help='replica flags')
45 (opts, args) = parser.parse_args()
46 if opts.rodc:
47 opts.replica_flags = drsuapi.DRSUAPI_DRS_INIT_SYNC |\
48 drsuapi.DRSUAPI_DRS_PER_SYNC |\
49 drsuapi.DRSUAPI_DRS_GET_ANC |\
50 drsuapi.DRSUAPI_DRS_NEVER_SYNCED |\
51 drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING |\
52 drsuapi.DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
54 if opts.partial_rw:
55 opts.replica_flags = drsuapi.DRSUAPI_DRS_INIT_SYNC |\
56 drsuapi.DRSUAPI_DRS_PER_SYNC |\
57 drsuapi.DRSUAPI_DRS_GET_ANC |\
58 drsuapi.DRSUAPI_DRS_NEVER_SYNCED
60 lp = sambaopts.get_loadparm()
61 creds = credopts.get_credentials(lp)
63 if len(args) != 1:
64 parser.error("You must supply a server")
66 if creds.is_anonymous():
67 parser.error("You must supply credentials")
69 if opts.partial_rw and opts.rodc:
70 parser.error("Can't specify --partial-rw and --rodc")
72 server = args[0]
74 binding_str = "ncacn_ip_tcp:%s[seal,print]" % server
76 drs = drsuapi.drsuapi(binding_str, lp, creds)
77 drs_handle, supported_extensions = drs_DsBind(drs)
78 print("DRS Handle: %s" % drs_handle)
80 req8 = drsuapi.DsGetNCChangesRequest8()
82 samdb = SamDB(url="ldap://%s" % server,
83 session_info=system_session(),
84 credentials=creds, lp=lp)
86 if opts.use_pas:
87 local_samdb = SamDB(url=None, session_info=system_session(),
88 credentials=creds, lp=lp)
90 if opts.dn is None:
91 opts.dn = str(samdb.get_default_basedn())
93 if opts.exop is None:
94 exop = drsuapi.DRSUAPI_EXOP_NONE
95 else:
96 exop = int(opts.exop)
98 dest_dsa = opts.dest_dsa
99 if not dest_dsa:
100 print("no dest_dsa specified trying to figure out from ldap")
101 msgs = samdb.search(controls=["search_options:1:2"],
102 expression='(objectclass=ntdsdsa)')
103 if len(msgs) == 1:
104 dest_dsa = str(ndr_unpack(misc.GUID, msgs[0]["invocationId"][0]))
105 print("Found this dsa: %s" % dest_dsa)
106 else:
107 # TODO fixme
108 pass
109 if not dest_dsa:
110 print("Unable to find the dest_dsa automatically please specify it")
111 import sys
112 sys.exit(1)
114 null_guid = misc.GUID()
115 req8.destination_dsa_guid = misc.GUID(dest_dsa)
116 req8.source_dsa_invocation_id = misc.GUID(samdb.get_invocation_id())
117 req8.naming_context = drsuapi.DsReplicaObjectIdentifier()
118 req8.naming_context.dn = opts.dn.decode("utf-8")
119 req8.highwatermark = drsuapi.DsReplicaHighWaterMark()
120 req8.highwatermark.tmp_highest_usn = 0
121 req8.highwatermark.reserved_usn = 0
122 req8.highwatermark.highest_usn = 0
123 req8.uptodateness_vector = None
124 req8.replica_flags = opts.replica_flags
125 req8.max_object_count = 402
126 req8.max_ndr_size = 402116
127 req8.extended_op = exop
128 req8.fsmo_info = 0
129 if opts.use_pas:
130 req8.partial_attribute_set = drs_get_rodc_partial_attribute_set(local_samdb)
131 else:
132 req8.partial_attribute_set = None
133 req8.partial_attribute_set_ex = None
134 req8.mapping_ctr.num_mappings = 0
135 req8.mapping_ctr.mappings = None
137 nb_iter = 0
138 while True:
139 (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
140 nb_iter += 1
141 if ctr.more_data == 0 or opts.nb_iter == nb_iter:
142 break
143 req8.highwatermark = ctr.new_highwatermark