4 from __future__ import print_function
9 sys.path.insert(0, "bin/python")
11 import samba.getopt as options
12 from samba.dcerpc import drsblobs, misc
13 from samba.ndr import ndr_pack, ndr_unpack
16 parser = optparse.OptionParser("get-descriptor [options]")
17 sambaopts = options.SambaOptions(parser)
18 credopts = options.CredentialsOptions(parser)
19 parser.add_option_group(credopts)
21 parser.add_option("-b", type="string", metavar="BASE",
22 help="set base DN for the search")
23 parser.add_option("--host", type="string", metavar="HOST",
24 help="Ip of the host")
26 lp = sambaopts.get_loadparm()
27 creds = credopts.get_credentials(lp)
29 opts = parser.parse_args()[0]
31 def printdirsync(ctl):
33 if arr[0] == 'dirsync':
34 print("Need to continue: %s" % arr[1])
35 cookie = ndr_unpack(drsblobs.ldapControlDirSyncCookie, base64.b64decode(arr[3]))
36 print("DC's NTDS guid: %s " % cookie.blob.guid1)
37 print("highest usn %s" % cookie.blob.highwatermark.highest_usn)
38 print("tmp higest usn %s" % cookie.blob.highwatermark.tmp_highest_usn)
39 print("reserved usn %s" % cookie.blob.highwatermark.reserved_usn)
40 if cookie.blob.extra_length > 0:
41 print("highest usn in extra %s" % cookie.blob.extra.ctr.cursors[0].highest_usn)
44 remote_ldb = Ldb("ldap://" + opts.host + ":389", credentials=creds, lp=lp)
52 (msgs, ctrls) = remote_ldb.search(expression="(samaccountname=administrator)", base=base, attrs=["objectClass"], controls=["dirsync:1:1:50"])
56 if arr[0] == 'dirsync':
57 cookie = ndr_unpack(drsblobs.ldapControlDirSyncCookie, base64.b64decode(arr[3]))
58 guid = cookie.blob.guid1
61 print("No dirsync control ... strange")
65 print("Getting first guest without any cookie")
66 (msgs, ctrls) = remote_ldb.searchex(expression="(samaccountname=guest)", base=base, attrs=["objectClass"], controls=["dirsync:1:1:50"])
70 cookie = printdirsync(ctl)
71 print("Returned %d entries" % len(msgs))
76 print("Getting allusers with cookie")
77 controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
78 (msgs, ctrls) = remote_ldb.searchex(expression="(samaccountname=*)", base=base, attrs=["objectClass"], controls=controls)
81 cookie = printdirsync(ctl)
82 print("Returned %d entries" % len(msgs))
85 cookie.blob.guid1 = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
86 if cookie.blob.extra_length > 0:
87 cookie.blob.extra.ctr.cursors[0].source_dsa_invocation_id = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
90 print("Getting all the entries")
91 controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
92 (msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
96 cookie = printdirsync(ctl)
98 cont = (ctl.split(':'))[1]
99 print("Returned %d entries" % len(msgs))
101 usn = cookie.blob.highwatermark.tmp_highest_usn
102 if cookie.blob.extra_length > 0:
103 bigusn = cookie.blob.extra.ctr.cursors[0].highest_usn
108 controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
109 (msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
112 cookie = printdirsync(ctl)
114 cont = (ctl.split(':'))[1]
115 print("Returned %d entries" % len(msgs))
118 print("Getting with cookie but usn changed to %d we should use the one in extra" % (bigusn - 1))
119 cookie.blob.highwatermark.highest_usn = 0
120 cookie.blob.highwatermark.tmp_highest_usn = usn - 2
121 if cookie.blob.extra_length > 0:
123 cookie.blob.extra.ctr.cursors[0].highest_usn = bigusn - 1
124 controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
125 (msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
128 cookie = printdirsync(ctl)
129 print("Returned %d entries" % len(msgs))
132 print("Getting with cookie but usn %d changed and extra/cursor GUID too" % (usn - 2))
133 print(" so that it's (tmp)highest_usn that drives the limit")
134 cookie.blob.highwatermark.highest_usn = 0
135 cookie.blob.highwatermark.tmp_highest_usn = usn - 2
136 if cookie.blob.extra_length > 0:
137 cookie.blob.extra.ctr.cursors[0].source_dsa_invocation_id = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
138 cookie.blob.extra.ctr.cursors[0].highest_usn = bigusn - 1
139 controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8'))
140 (msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
143 cookie = printdirsync(ctl)
144 print("Returned %d entries" % len(msgs))
147 print("Getting with cookie but usn changed to %d" % (usn - 2))
148 cookie.blob.highwatermark.highest_usn = 0
149 cookie.blob.highwatermark.tmp_highest_usn = (usn - 2)
150 if cookie.blob.extra_length > 0:
151 cookie.blob.extra.ctr.cursors[0].highest_usn = (usn - 2)
152 controls = ["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie)).decode('utf8')]
153 (msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
156 cookie = printdirsync(ctl)
157 print("Returned %d entries" % len(msgs))