return (handle, info.info.supported_extensions)
+def drs_get_rodc_partial_attribute_set(samdb):
+ '''get a list of attributes for RODC replication'''
+ partial_attribute_set = drsuapi.DsPartialAttributeSet()
+ partial_attribute_set.version = 1
+
+ attids = []
+
+ # the exact list of attids we send is quite critical. Note that
+ # we do ask for the secret attributes, but set SPECIAL_SECRET_PROCESSING
+ # to zero them out
+ schema_dn = samdb.get_schema_basedn()
+ res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
+ expression="objectClass=attributeSchema",
+ attrs=["lDAPDisplayName", "systemFlags",
+ "searchFlags"])
+
+ for r in res:
+ ldap_display_name = r["lDAPDisplayName"][0]
+ if "systemFlags" in r:
+ system_flags = r["systemFlags"][0]
+ if (int(system_flags) & (samba.dsdb.DS_FLAG_ATTR_NOT_REPLICATED |
+ samba.dsdb.DS_FLAG_ATTR_IS_CONSTRUCTED)):
+ continue
+ if "searchFlags" in r:
+ search_flags = r["searchFlags"][0]
+ if (int(search_flags) & samba.dsdb.SEARCH_FLAG_RODC_ATTRIBUTE):
+ continue
+ attid = samdb.get_attid_from_lDAPDisplayName(ldap_display_name)
+ attids.append(int(attid))
+
+ # the attids do need to be sorted, or windows doesn't return
+ # all the attributes we need
+ attids.sort()
+ partial_attribute_set.attids = attids
+ partial_attribute_set.num_attids = len(attids)
+ return partial_attribute_set
+
+
class drs_Replicate(object):
'''DRS replication calls'''
raise RuntimeError("Must not set GUID 00000000-0000-0000-0000-000000000000 as invocation_id")
self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs, invocation_id)
- def drs_get_rodc_partial_attribute_set(self):
- '''get a list of attributes for RODC replication'''
- partial_attribute_set = drsuapi.DsPartialAttributeSet()
- partial_attribute_set.version = 1
-
- attids = []
-
- # the exact list of attids we send is quite critical. Note that
- # we do ask for the secret attributes, but set SPECIAL_SECRET_PROCESSING
- # to zero them out
- schema_dn = self.samdb.get_schema_basedn()
- res = self.samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
- expression="objectClass=attributeSchema",
- attrs=["lDAPDisplayName", "systemFlags",
- "searchFlags"])
-
- for r in res:
- ldap_display_name = r["lDAPDisplayName"][0]
- if "systemFlags" in r:
- system_flags = r["systemFlags"][0]
- if (int(system_flags) & (samba.dsdb.DS_FLAG_ATTR_NOT_REPLICATED |
- samba.dsdb.DS_FLAG_ATTR_IS_CONSTRUCTED)):
- continue
- if "searchFlags" in r:
- search_flags = r["searchFlags"][0]
- if (int(search_flags) & samba.dsdb.SEARCH_FLAG_RODC_ATTRIBUTE):
- continue
- attid = self.samdb.get_attid_from_lDAPDisplayName(ldap_display_name)
- attids.append(int(attid))
-
- # the attids do need to be sorted, or windows doesn't return
- # all the attributes we need
- attids.sort()
- partial_attribute_set.attids = attids
- partial_attribute_set.num_attids = len(attids)
- return partial_attribute_set
-
def replicate(self, dn, source_dsa_invocation_id, destination_dsa_guid,
schema=False, exop=drsuapi.DRSUAPI_EXOP_NONE, rodc=False,
replica_flags=None):
req8.mapping_ctr.mappings = None
if not schema and rodc:
- req8.partial_attribute_set = self.drs_get_rodc_partial_attribute_set()
+ req8.partial_attribute_set = drs_get_rodc_partial_attribute_set(self.samdb)
if self.supported_extensions & drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8:
req_level = 8
from samba.samdb import SamDB
from samba.auth import system_session
from samba.ndr import ndr_unpack
-
-def do_DsBind(drs):
- '''make a DsBind call, returning the binding handle'''
- bind_info = drsuapi.DsBindInfoCtr()
- bind_info.length = 28
- bind_info.info = drsuapi.DsBindInfo28()
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
- bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
- (info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info)
- return handle
-
-
-def drs_get_rodc_partial_attribute_set(samdb):
- '''get a list of attributes for RODC replication'''
- partial_attribute_set = drsuapi.DsPartialAttributeSet()
- partial_attribute_set.version = 1
-
- attids = []
-
- # the exact list of attids we send is quite critical. Note that
- # we do ask for the secret attributes, but set set SPECIAL_SECRET_PROCESSING
- # to zero them out
- schema_dn = samdb.get_schema_basedn()
- res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
- expression="objectClass=attributeSchema",
- attrs=["lDAPDisplayName", "systemFlags",
- "searchFlags"])
-
- for r in res:
- ldap_display_name = r["lDAPDisplayName"][0]
- if "systemFlags" in r:
- system_flags = r["systemFlags"][0]
- if (int(system_flags) & (samba.dsdb.DS_FLAG_ATTR_NOT_REPLICATED |
- samba.dsdb.DS_FLAG_ATTR_IS_CONSTRUCTED)):
- continue
- if "searchFlags" in r:
- search_flags = r["searchFlags"][0]
- if (int(search_flags) & samba.dsdb.SEARCH_FLAG_RODC_ATTRIBUTE):
- continue
- attid = samdb.get_attid_from_lDAPDisplayName(ldap_display_name)
- attids.append(int(attid))
-
- # the attids do need to be sorted, or windows doesn't return
- # all the attributes we need
- attids.sort()
- partial_attribute_set.attids = attids
- partial_attribute_set.num_attids = len(attids)
- return partial_attribute_set
+from samba.drs_utils import drs_get_rodc_partial_attribute_set, drs_DsBind
########### main code ###########
binding_str = "ncacn_ip_tcp:%s[seal,print]" % server
drs = drsuapi.drsuapi(binding_str, lp, creds)
- drs_handle = do_DsBind(drs)
+ drs_handle, supported_extensions = drs_DsBind(drs)
print "DRS Handle: %s" % drs_handle
req8 = drsuapi.DsGetNCChangesRequest8()