python/samba/netcmd/dbcheck.py

   1 # Samba4 AD database checker
   2 #
   3 # Copyright (C) Andrew Tridgell 2011
   4 #
   5 # This program is free software; you can redistribute it and/or modify
   6 # it under the terms of the GNU General Public License as published by
   7 # the Free Software Foundation; either version 3 of the License, or
   8 # (at your option) any later version.
   9 #
  10 # This program is distributed in the hope that it will be useful,
  11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 # GNU General Public License for more details.
  14 #
  15 # You should have received a copy of the GNU General Public License
  16 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 #
  18
  19 import ldb
  20 import sys
  21 import samba.getopt as options
  22 from samba.auth import system_session
  23 from samba.samdb import SamDB
  24 from samba.netcmd import (
  25     Command,
  26     CommandError,
  27     Option
  28 )
  29 from samba.dbchecker import dbcheck
  30
  31
  32 class cmd_dbcheck(Command):
  33     """Check local AD database for errors."""
  34     synopsis = "%prog [<DN>] [options]"
  35
  36     takes_optiongroups = {
  37         "sambaopts": options.SambaOptions,
  38         "versionopts": options.VersionOptions,
  39         "credopts": options.CredentialsOptionsDouble,
  40     }
  41
  42     def process_yes(option, opt, value, parser):
  43         assert value is None
  44         done = 0
  45         rargs = parser.rargs
  46         if rargs:
  47             arg = rargs[0]
  48             if ((arg[:2] == "--" and len(arg) > 2) or
  49                 (arg[:1] == "-" and len(arg) > 1 and arg[1] != "-")):
  50                 setattr(parser.values, "yes", True)
  51             else:
  52                 setattr(parser.values, "yes_rules", arg.split())
  53                 del rargs[0]
  54         else:
  55             setattr(parser.values, "yes", True)
  56
  57     takes_args = ["DN?"]
  58
  59     takes_options = [
  60         Option("--scope", dest="scope", default="SUB",
  61                help="Pass search scope that builds DN list. Options: SUB, ONE, BASE"),
  62         Option("--fix", dest="fix", default=False, action='store_true',
  63                help='Fix any errors found'),
  64         Option("--yes", action='callback', callback=process_yes,
  65                help="don't confirm changes individually. Applies all as a single transaction (will not succeed if any errors are found)"),
  66         Option("--cross-ncs", dest="cross_ncs", default=False, action='store_true',
  67                help="cross naming context boundaries"),
  68         Option("-v", "--verbose", dest="verbose", action="store_true", default=False,
  69                help="Print more details of checking"),
  70         Option("-q", "--quiet", action="store_true", default=False,
  71                help="don't print details of checking"),
  72         Option("--attrs", dest="attrs", default=None, help="list of attributes to check (space separated)"),
  73         Option("--reindex", dest="reindex", default=False, action="store_true", help="force database re-index"),
  74         Option("--force-modules", dest="force_modules", default=False, action="store_true", help="force loading of Samba modules and ignore the @MODULES record (for very old databases)"),
  75         Option("--reset-well-known-acls", dest="reset_well_known_acls", default=False, action="store_true", help="reset ACLs on objects with well known default ACL values to the default"),
  76         Option("-H", "--URL", help="LDB URL for database or target server (defaults to local SAM database)",
  77                type=str, metavar="URL", dest="H"),
  78     ]
  79
  80     def run(self, DN=None, H=None, verbose=False, fix=False, yes=False,
  81             cross_ncs=False, quiet=False,
  82             scope="SUB", credopts=None, sambaopts=None, versionopts=None,
  83             attrs=None, reindex=False, force_modules=False,
  84             reset_well_known_acls=False, yes_rules=[]):
  85
  86         lp = sambaopts.get_loadparm()
  87
  88         over_ldap = H is not None and H.startswith('ldap')
  89
  90         if over_ldap:
  91             creds = credopts.get_credentials(lp, fallback_machine=True)
  92         else:
  93             creds = None
  94
  95         if force_modules:
  96             samdb = SamDB(session_info=system_session(), url=H,
  97                           credentials=creds, lp=lp, options=["modules=samba_dsdb"])
  98         else:
  99             try:
 100                 samdb = SamDB(session_info=system_session(), url=H,
 101                               credentials=creds, lp=lp)
 102             except:
 103                 raise CommandError("Failed to connect to DB at %s.  If this is a really old sam.ldb (before alpha9), then try again with --force-modules" % H)
 104
 105         if H is None or not over_ldap:
 106             samdb_schema = samdb
 107         else:
 108             samdb_schema = SamDB(session_info=system_session(), url=None,
 109                                  credentials=creds, lp=lp)
 110
 111         scope_map = {"SUB": ldb.SCOPE_SUBTREE, "BASE": ldb.SCOPE_BASE, "ONE": ldb.SCOPE_ONELEVEL}
 112         scope = scope.upper()
 113         if not scope in scope_map:
 114             raise CommandError("Unknown scope %s" % scope)
 115         search_scope = scope_map[scope]
 116
 117         controls = ['show_deleted:1']
 118         if over_ldap:
 119             controls.append('paged_results:1:1000')
 120         if cross_ncs:
 121             controls.append("search_options:1:2")
 122
 123         if not attrs:
 124             attrs = ['*']
 125         else:
 126             attrs = attrs.split()
 127
 128         started_transaction = False
 129         if yes and fix:
 130             samdb.transaction_start()
 131             started_transaction = True
 132         try:
 133             chk = dbcheck(samdb, samdb_schema=samdb_schema, verbose=verbose,
 134                           fix=fix, yes=yes, quiet=quiet, in_transaction=started_transaction,
 135                           reset_well_known_acls=reset_well_known_acls)
 136
 137             for option in yes_rules:
 138                 if hasattr(chk, option):
 139                     setattr(chk, option, 'ALL')
 140                 else:
 141                     raise CommandError("Invalid fix rule %s" % option)
 142
 143             if reindex:
 144                 self.outf.write("Re-indexing...\n")
 145                 error_count = 0
 146                 if chk.reindex_database():
 147                     self.outf.write("completed re-index OK\n")
 148
 149             elif force_modules:
 150                 self.outf.write("Resetting @MODULES...\n")
 151                 error_count = 0
 152                 if chk.reset_modules():
 153                     self.outf.write("completed @MODULES reset OK\n")
 154
 155             else:
 156                 error_count = chk.check_database(DN=DN, scope=search_scope,
 157                                                  controls=controls, attrs=attrs)
 158         except:
 159             if started_transaction:
 160                 samdb.transaction_cancel()
 161             raise
 162
 163         if started_transaction:
 164             samdb.transaction_commit()
 165
 166         if error_count != 0:
 167             sys.exit(1)