source4/scripting/devel/demodirsync.py

   1 #!/usr/bin/python
   2
   3
   4 from __future__ import print_function
   5 import optparse
   6 import sys
   7 import base64
   8
   9 sys.path.insert(0, "bin/python")
  10
  11 import samba.getopt as options
  12 from samba.dcerpc import drsblobs, misc
  13 from samba.ndr import ndr_pack, ndr_unpack
  14 from samba import Ldb
  15
  16 parser = optparse.OptionParser("get-descriptor [options]")
  17 sambaopts = options.SambaOptions(parser)
  18 credopts = options.CredentialsOptions(parser)
  19 parser.add_option_group(credopts)
  20
  21 parser.add_option("-b", type="string", metavar="BASE",
  22                   help="set base DN for the search")
  23 parser.add_option("--host", type="string", metavar="HOST",
  24                   help="Ip of the host")
  25
  26 lp = sambaopts.get_loadparm()
  27 creds = credopts.get_credentials(lp)
  28
  29 opts = parser.parse_args()[0]
  30
  31
  32 def printdirsync(ctl):
  33         arr = ctl.split(':')
  34         if arr[0] == 'dirsync':
  35             print("Need to continue: %s" % arr[1])
  36             cookie = ndr_unpack(drsblobs.ldapControlDirSyncCookie, base64.b64decode(arr[3]))
  37             print("DC's NTDS guid: %s " % cookie.blob.guid1)
  38             print("highest usn %s" % cookie.blob.highwatermark.highest_usn)
  39             print("tmp higest usn %s" % cookie.blob.highwatermark.tmp_highest_usn)
  40             print("reserved usn %s" % cookie.blob.highwatermark.reserved_usn)
  41             if cookie.blob.extra_length > 0:
  42                 print("highest usn in extra %s" % cookie.blob.extra.ctr.cursors[0].highest_usn)
  43         return cookie
  44
  45
  46 remote_ldb = Ldb("ldap://" + opts.host + ":389", credentials=creds, lp=lp)
  47 tab = []
  48 if opts.b:
  49     base = opts.b
  50 else:
  51     base = None
  52
  53 guid = None
  54 (msgs, ctrls) = remote_ldb.search(expression="(samaccountname=administrator)", base=base, attrs=["objectClass"], controls=["dirsync:1:1:50"])
  55 if (len(ctrls)):
  56     for ctl in ctrls:
  57         arr = ctl.split(':')
  58         if arr[0] == 'dirsync':
  59             cookie = ndr_unpack(drsblobs.ldapControlDirSyncCookie, base64.b64decode(arr[3]))
  60             guid = cookie.blob.guid1
  61             pass
  62 if not guid:
  63     print("No dirsync control ... strange")
  64     sys.exit(1)
  65
  66 print("")
  67 print("Getting first guest without any cookie")
  68 (msgs, ctrls) = remote_ldb.searchex(expression="(samaccountname=guest)", base=base, attrs=["objectClass"], controls=["dirsync:1:1:50"])
  69 cookie = None
  70 if (len(ctrls)):
  71     for ctl in ctrls:
  72         cookie = printdirsync(ctl)
  73     print("Returned %d entries" % len(msgs))
  74
  75 savedcookie = cookie
  76
  77 print("")
  78 print("Getting allusers with cookie")
  79 controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
  80 (msgs, ctrls) = remote_ldb.searchex(expression="(samaccountname=*)", base=base, attrs=["objectClass"], controls=controls)
  81 if (len(ctrls)):
  82     for ctl in ctrls:
  83         cookie = printdirsync(ctl)
  84     print("Returned %d entries" % len(msgs))
  85
  86 cookie = savedcookie
  87 cookie.blob.guid1 = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
  88 if cookie.blob.extra_length > 0:
  89     cookie.blob.extra.ctr.cursors[0].source_dsa_invocation_id = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
  90
  91 print("")
  92 print("Getting all the entries")
  93 controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
  94 (msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
  95 cont = 0
  96 if (len(ctrls)):
  97     for ctl in ctrls:
  98         cookie = printdirsync(ctl)
  99     if cookie != None:
 100         cont = (ctl.split(':'))[1]
 101     print("Returned %d entries" % len(msgs))
 102
 103 usn = cookie.blob.highwatermark.tmp_highest_usn
 104 if cookie.blob.extra_length > 0:
 105     bigusn = cookie.blob.extra.ctr.cursors[0].highest_usn
 106 else:
 107     bigusn  = usn + 1000
 108 while (cont == "1"):
 109     print("")
 110     controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
 111     (msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
 112     if (len(ctrls)):
 113         for ctl in ctrls:
 114             cookie = printdirsync(ctl)
 115         if cookie != None:
 116             cont = (ctl.split(':'))[1]
 117         print("Returned %d entries" % len(msgs))
 118
 119 print("")
 120 print("Getting with cookie but usn changed to %d we should use the one in extra" % (bigusn - 1))
 121 cookie.blob.highwatermark.highest_usn = 0
 122 cookie.blob.highwatermark.tmp_highest_usn = usn - 2
 123 if cookie.blob.extra_length > 0:
 124     print("here")
 125     cookie.blob.extra.ctr.cursors[0].highest_usn = bigusn - 1
 126 controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
 127 (msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
 128 if (len(ctrls)):
 129     for ctl in ctrls:
 130         cookie = printdirsync(ctl)
 131     print("Returned %d entries" % len(msgs))
 132
 133 print("")
 134 print("Getting with cookie but usn %d changed and extra/cursor GUID too" % (usn - 2))
 135 print(" so that it's (tmp)highest_usn that drives the limit")
 136 cookie.blob.highwatermark.highest_usn = 0
 137 cookie.blob.highwatermark.tmp_highest_usn = usn - 2
 138 if cookie.blob.extra_length > 0:
 139     cookie.blob.extra.ctr.cursors[0].source_dsa_invocation_id = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
 140     cookie.blob.extra.ctr.cursors[0].highest_usn = bigusn - 1
 141 controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8'))
 142 (msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
 143 if (len(ctrls)):
 144     for ctl in ctrls:
 145         cookie = printdirsync(ctl)
 146     print("Returned %d entries" % len(msgs))
 147
 148 print("")
 149 print("Getting with cookie but usn changed to %d" % (usn - 2))
 150 cookie.blob.highwatermark.highest_usn = 0
 151 cookie.blob.highwatermark.tmp_highest_usn = (usn - 2)
 152 if cookie.blob.extra_length > 0:
 153     cookie.blob.extra.ctr.cursors[0].highest_usn = (usn - 2)
 154 controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
 155 (msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
 156 if (len(ctrls)):
 157     for ctl in ctrls:
 158         cookie = printdirsync(ctl)
 159     print("Returned %d entries" % len(msgs))