From: Douglas Bagnall Date: Fri, 28 Oct 2016 02:05:28 +0000 (+1300) Subject: getncchanges script: use library code, not copied functions. X-Git-Tag: talloc-2.1.9~216 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2ad69f4bd0f724296a40347a140a031f6ab341e9;p=thirdparty%2Fsamba.git getncchanges script: use library code, not copied functions. These functions were duplicates. To be exact, the diff -ub between what getncchanges had, and what drs_uitls now has is this: |@@ -1,4 +1,5 @@ |-def do_DsBind(drs): |+def drs_DsBind(drs): | '''make a DsBind call, returning the binding handle''' | bind_info = drsuapi.DsBindInfoCtr() | bind_info.length = 28 |@@ -32,7 +33,8 @@ | bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 | bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT | (info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info) |- return handle |+ |+ return (handle, info.info.supported_extensions) | | | def drs_get_rodc_partial_attribute_set(samdb): |@@ -43,7 +45,7 @@ | attids = [] | | # the exact list of attids we send is quite critical. Note that |- # we do ask for the secret attributes, but set set SPECIAL_SECRET_PROCESSING |+ # we do ask for the secret attributes, but set SPECIAL_SECRET_PROCESSING | # to zero them out | schema_dn = samdb.get_schema_basedn() | res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE, |@@ -71,3 +73,4 @@ | partial_attribute_set.attids = attids | partial_attribute_set.num_attids = len(attids) | return partial_attribute_set while the drs_utils code has changed in moving drs_get_rodc_partial_attribute_set() out of the class. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- diff --git a/python/samba/drs_utils.py b/python/samba/drs_utils.py index 07fc05af246..126c57eff07 100644 --- a/python/samba/drs_utils.py +++ b/python/samba/drs_utils.py @@ -144,6 +144,44 @@ def drs_DsBind(drs): return (handle, info.info.supported_extensions) +def drs_get_rodc_partial_attribute_set(samdb): + '''get a list of attributes for RODC replication''' + partial_attribute_set = drsuapi.DsPartialAttributeSet() + partial_attribute_set.version = 1 + + attids = [] + + # the exact list of attids we send is quite critical. Note that + # we do ask for the secret attributes, but set SPECIAL_SECRET_PROCESSING + # to zero them out + schema_dn = samdb.get_schema_basedn() + res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE, + expression="objectClass=attributeSchema", + attrs=["lDAPDisplayName", "systemFlags", + "searchFlags"]) + + for r in res: + ldap_display_name = r["lDAPDisplayName"][0] + if "systemFlags" in r: + system_flags = r["systemFlags"][0] + if (int(system_flags) & (samba.dsdb.DS_FLAG_ATTR_NOT_REPLICATED | + samba.dsdb.DS_FLAG_ATTR_IS_CONSTRUCTED)): + continue + if "searchFlags" in r: + search_flags = r["searchFlags"][0] + if (int(search_flags) & samba.dsdb.SEARCH_FLAG_RODC_ATTRIBUTE): + continue + attid = samdb.get_attid_from_lDAPDisplayName(ldap_display_name) + attids.append(int(attid)) + + # the attids do need to be sorted, or windows doesn't return + # all the attributes we need + attids.sort() + partial_attribute_set.attids = attids + partial_attribute_set.num_attids = len(attids) + return partial_attribute_set + + class drs_Replicate(object): '''DRS replication calls''' @@ -158,43 +196,6 @@ class drs_Replicate(object): raise RuntimeError("Must not set GUID 00000000-0000-0000-0000-000000000000 as invocation_id") self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs, invocation_id) - def drs_get_rodc_partial_attribute_set(self): - '''get a list of attributes for RODC replication''' - partial_attribute_set = drsuapi.DsPartialAttributeSet() - partial_attribute_set.version = 1 - - attids = [] - - # the exact list of attids we send is quite critical. Note that - # we do ask for the secret attributes, but set SPECIAL_SECRET_PROCESSING - # to zero them out - schema_dn = self.samdb.get_schema_basedn() - res = self.samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE, - expression="objectClass=attributeSchema", - attrs=["lDAPDisplayName", "systemFlags", - "searchFlags"]) - - for r in res: - ldap_display_name = r["lDAPDisplayName"][0] - if "systemFlags" in r: - system_flags = r["systemFlags"][0] - if (int(system_flags) & (samba.dsdb.DS_FLAG_ATTR_NOT_REPLICATED | - samba.dsdb.DS_FLAG_ATTR_IS_CONSTRUCTED)): - continue - if "searchFlags" in r: - search_flags = r["searchFlags"][0] - if (int(search_flags) & samba.dsdb.SEARCH_FLAG_RODC_ATTRIBUTE): - continue - attid = self.samdb.get_attid_from_lDAPDisplayName(ldap_display_name) - attids.append(int(attid)) - - # the attids do need to be sorted, or windows doesn't return - # all the attributes we need - attids.sort() - partial_attribute_set.attids = attids - partial_attribute_set.num_attids = len(attids) - return partial_attribute_set - def replicate(self, dn, source_dsa_invocation_id, destination_dsa_guid, schema=False, exop=drsuapi.DRSUAPI_EXOP_NONE, rodc=False, replica_flags=None): @@ -237,7 +238,7 @@ class drs_Replicate(object): req8.mapping_ctr.mappings = None if not schema and rodc: - req8.partial_attribute_set = self.drs_get_rodc_partial_attribute_set() + req8.partial_attribute_set = drs_get_rodc_partial_attribute_set(self.samdb) if self.supported_extensions & drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8: req_level = 8 diff --git a/source4/scripting/devel/getncchanges b/source4/scripting/devel/getncchanges index 37ec18b2248..9b6361b3548 100755 --- a/source4/scripting/devel/getncchanges +++ b/source4/scripting/devel/getncchanges @@ -14,80 +14,7 @@ from samba.dcerpc import drsuapi, misc from samba.samdb import SamDB from samba.auth import system_session from samba.ndr import ndr_unpack - -def do_DsBind(drs): - '''make a DsBind call, returning the binding handle''' - bind_info = drsuapi.DsBindInfoCtr() - bind_info.length = 28 - bind_info.info = drsuapi.DsBindInfo28() - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 - bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT - (info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info) - return handle - - -def drs_get_rodc_partial_attribute_set(samdb): - '''get a list of attributes for RODC replication''' - partial_attribute_set = drsuapi.DsPartialAttributeSet() - partial_attribute_set.version = 1 - - attids = [] - - # the exact list of attids we send is quite critical. Note that - # we do ask for the secret attributes, but set set SPECIAL_SECRET_PROCESSING - # to zero them out - schema_dn = samdb.get_schema_basedn() - res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE, - expression="objectClass=attributeSchema", - attrs=["lDAPDisplayName", "systemFlags", - "searchFlags"]) - - for r in res: - ldap_display_name = r["lDAPDisplayName"][0] - if "systemFlags" in r: - system_flags = r["systemFlags"][0] - if (int(system_flags) & (samba.dsdb.DS_FLAG_ATTR_NOT_REPLICATED | - samba.dsdb.DS_FLAG_ATTR_IS_CONSTRUCTED)): - continue - if "searchFlags" in r: - search_flags = r["searchFlags"][0] - if (int(search_flags) & samba.dsdb.SEARCH_FLAG_RODC_ATTRIBUTE): - continue - attid = samdb.get_attid_from_lDAPDisplayName(ldap_display_name) - attids.append(int(attid)) - - # the attids do need to be sorted, or windows doesn't return - # all the attributes we need - attids.sort() - partial_attribute_set.attids = attids - partial_attribute_set.num_attids = len(attids) - return partial_attribute_set +from samba.drs_utils import drs_get_rodc_partial_attribute_set, drs_DsBind ########### main code ########### @@ -148,7 +75,7 @@ if __name__ == "__main__": binding_str = "ncacn_ip_tcp:%s[seal,print]" % server drs = drsuapi.drsuapi(binding_str, lp, creds) - drs_handle = do_DsBind(drs) + drs_handle, supported_extensions = drs_DsBind(drs) print "DRS Handle: %s" % drs_handle req8 = drsuapi.DsGetNCChangesRequest8()