o

�/a�H�@s�dd
lZdd
l
Z
ddl
mZ
ddlmZ
ddlmZ
ddlmZm	Z	
ddl
mZmZm
Z
mZmZmZ
Gdd�de�Zd	d
�Zddd
�
Zdd�Z					ddd�
Z							ddd�
Zdd�Zdd�Zd
S)�N)
�LdbError)
�werror)
�
ndr_unpack)�misc�dnsp)�DNS_TYPE_NS�
DNS_TYPE_A�
DNS_TYPE_AAAA�DNS_TYPE_CNAME�DNS_TYPE_SRV�DNS_TYPE_PTRc@s eZ
dZd
Zdd�Zdd�ZdS)�DemoteExceptionzBase element for demote errorscCs
|
|_dS�
N�
�value)�selfr�r�1/usr/lib/python3/dist-packages/samba/remove_dc.py�__init__ �

zDemoteException.__init__c

Cs
d
|jS)NzDemoteException: r)
rrrr�__str__#rzDemoteException.__str__N)�__name__�
__module__�__qualname__�__doc__rrrrrrr
s
r
c
Cs�
|��}d
d|fD]\}t
�||�}|�|���
dkr%td||��f�
�
|�d�
dkr2td|�
�
|�dd|�
z|
�d	|�

|�	|�

Wq
t
j
yf
}
z|j\}}|t
jkr[n
�WYd}~q
d}~w
wd
D]^}t
�||�}|�|�
��
dkr�td||�
�f�
�
|�d�
dkr�td||f�
�
|�dd|�
z|
�d	|�

|�	|�

Wqit
j
y�
}	
z|	j\}}|t
jkr�n
�WYd}	~	qid}	~	w
wdS)Nz3CN=Enterprise,CN=Microsoft System Volumes,CN=Systemz+CN=%s,CN=Microsoft System Volumes,CN=SystemFz+Failed constructing DN %s by adding base %szCN=Xz.Failed constructing DN %s by adding child CN=Xr
�CNzRemoving Sysvol reference: %s)zMCN=Domain System Volumes (SYSVOL share),CN=File Replication Service,CN=SystemzDCN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=SystemzAFailed constructing DN %s by adding child CN=X (soon to be CN=%s))�domain_dns_name�ldb�Dn�add_base�get_config_basednr
�	add_child�
set_component�info�deleter�args�ERR_NO_SUCH_OBJECT�get_default_basedn)
�samdb�logger�dc_name�realm�
s�dn�
e�enum�estr�e1rrr�remove_sysvol_references's`

�


�

�








���



�

�







����r2Fcs�
�jd
t
jdgdg
d�}t|�
dkrdS|��}z	��|�
\}�Wn3tyT
}
z'|j\}}	|tj	ks8|tj
krH|rAt�|
||�
WYd}~dStd||	f�
�
d}~w
w��
|g�
�jd
t
jdg
d�}
t|
�
d	ksmJ�
|
dd}�f
d
d��
t�
f
dd
�|D�
�
}�f
dd��|D]b}
z|
�d|
�

��|
�
\}}Wn&ty�
}
z|j\}}	|tj	kr�WYd}~
dStd|
|	f�
�
d}~w
wt|�
}�f
dd�|D�
}t|�
|kr�|
�d|
t|�
|t|�
f�

��
|
|�
q�t�|
||�
dS)N�z.(&(objectClass=dnsZone)(!(dc=RootDNSServers)))�search_options:0:2)�base�scope�
expression�attrs�controlsr
zlookup of %s failed: %s�namingContexts�r6r8�
c

st�
�|����d
d�dS)N�
/r<r
)rr�
canonical_str�split)
r-)
r(rr�dns_name_from_dn�sz/remove_dns_references.<locals>.dns_name_from_dnc
3s�|]	}
�t|
�
�
V
qdSr)
�str)�.0r-)
r@rr�	<genexpr>�s�z(remove_dns_references.<locals>.<genexpr>c
s@|jt
ks
|jtkr�D]}
|
j|jkr|
j|jkr
d
SqdS�NTF)�wTyperr	�data)�	dnsRecord�rec)
�primary_recsrr�a_rec_to_remove�s



�
z.remove_dns_references.<locals>.a_rec_to_removez(checking for DNS records to remove on %sc
sg|]}
�|
�
s|
�qSrr)rB�
r)
rJrr�
<listcomp>�sz)remove_dns_references.<locals>.<listcomp>�1updating %s keeping %d values, removing %s values)�searchr�
SCOPE_SUBTREE�len�upper�
dns_lookup�RuntimeErrorr%r�"WERR_DNS_ERROR_NAME_DOES_NOT_EXIST�WERR_DNS_ERROR_RCODE_NAME_ERROR�remove_hanging_dns_referencesr
�dns_replace�
SCOPE_BASE�set�debugr#)r(r)�dnsHostName�ignore_no_name�zones�dnsHostNameUpperr-�e4r/r0�res�ncs�a_names_to_remove_from�a_name�a_rec_dn�a_recs�e2�
orig_num_recsr)rJr@rIr(r�remove_dns_referencesZsj



�












�
��

�

�









��


��rhc	
s��f
d
d��
|D]V}|
�d|j
�

|j|j
tjddg
d�}|D]=}z|d}Wn	ty1


Yq w�
f
dd�|D�
}t|�
t|�
kr]|
�d	|j
t|�
t|�
t|�
f�

|�|j
|�
q qdS)
Nc
sbtt
j|�}
|
jtks|
jtks|
jtkr |
j���krd
SdS|
jt	kr/|
jj
���kr/d
SdSrD)rr�DnssrvRpcRecordrErr
rrFrQr�
nameTarget)rrG)
r^rr�	to_remove�s









�


z0remove_hanging_dns_references.<locals>.to_removezchecking %sz/(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))rG)r5r6r7r8c
s g|]}
�|
�
stt
j|
��qSr)rrri)rB�
v)
rkrrrL�s
�z1remove_hanging_dns_references.<locals>.<listcomp>rM)	rZr-rNrrO�KeyErrorrPr#�dns_replace_by_dn)	r(r)r^r]�zone�records�record�orig_values�valuesr)r^rkrrV�s4


�



�

�



�����rVcCs0|jd
t
jdg
d�}t|�
dksJ�
|ddd}	|j|gd�
t
jdd�}
|
d}t|d	d�
}zt
�||d
d�d�
�}
WntyL


d}
Yn
wz
t|dd�
}Wntyb


d}Yn
w|rl|�|d
g
�
|
du
r�|j|
dgd�
t
jd�}d|dvr�t|ddd�
}|
�	d|�

|�|�

d|dvr�t|ddd�
}|
�	d|�

|�|�

|r�|
�	d|
�

|�|
d
g
�
d|vr�t|dd�
}|r�|jdt
�
|�
|fgt
j|��d�}t|�
dkr�|
�	d|dj
�

|�|dj
�

|du
�
r|�
rt||
|�
|�
rt||
|�
dSdS)Nr3�
dsServiceNamer;r<r
)�serverReference�cnr[z(objectClass=server)�r5r8r6r7rvru�utf8r[�
tree_delete:0zobjectclass=computer)�msDS-KrbTgtLink�rIDSetReferencesrv�r5r7r8r6r{zRemoving RID Set: %srzzRemoving RODC KDC account: %sz5Removing computer account: %s (and any child objects)z=(&(objectclass=user)(cn=dns-%s)(servicePrincipalName=DNS/%s)))r7r8r6r5z/Removing Samba-specific DNS service account: %s)rNrrXrPrAr�decodermr$r#�
binary_encoderOr'r-rhr2)r(r)�	server_dn�remove_computer_obj�remove_server_obj�remove_sysvol_obj�remove_dns_names�remove_dns_accountr`�my_serviceName�msgs�msgr*�computer_dnr[�
computer_msgs�
rid_set_dn�krbtgt_link_dnrrr�offline_remove_server�st
�


�



�


�


�












�
�



�r�c

Cs8|jd
t
jdg
d�}
t|
�
dksJ�
t
�||
ddd�d�
�}|��}||kr/td|�
�
z
|j|dd	g
t
jd
�}
WntyY
}
z|j	\}}|t
j
krTtd|�
�
�d}~w
wt|
�
dkrjtd||��f�
�
|
d}|j�
�d
ks||j��dkr�td|�
�
ttj|d	d�}|r�|j|��d|d�}|D]}|
�d|j�

|�|j�

q�|r�|jd
t
jd|dg
d�}|D]'}t|�
}t
��}|j|_t
�|t
jd�|d<|
�d|j|f�

|�|�

q�z|
�d|�

|�|dg
�
Wnt�
y

}
z|j	\}}td|�
�
d}~w
wt||
||||||	d�
dS)Nr3rtr;r<r
rxz#Refusing to demote our own DSA: %s zobjectClass=ntdsDSA�
objectGUIDr|zGiven DN %s doesn't existz%s is not an ntdsda in %srz
NTDS Settingsz)Given DN (%s) wasn't the NTDS Settings DNz5(&(objectclass=nTDSConnection)(fromServer=<GUID=%s>)))r5r7zRemoving nTDSConnection: %sz(fsmoRoleOwner=<GUID=%s>))r4)r5r6r7r9�
fsmoRoleOwnerrz*Seizing FSMO role on: %s (now owned by %s)z'Removing nTDSDSA: %s (and any children)ryz,Failed to remove the DCs NTDS DSA object: %s�r�r�r�r�r�)rNrrXrPrr}�parentr
rr%r&rr-�get_rdn_name�
get_rdn_valuerr�GUIDr r#r$rOrA�Message�MessageElement�FLAG_MOD_REPLACE�warning�modifyr�)r(r)�ntds_dnr�r��remove_connection_obj�seize_stale_fsmor�r�r�r`r�rr��e5r/r0r��	ntds_guid�stale_connections�conn�stale_fsmo_roles�role�val�
m�e6rrr�offline_remove_ntds_dc!
s�

�





�




��


�



�


��





��





�
�






���





�r�c
Cs�
|��
d}zt
j|d
�
}d|}Wn[tym


z|j|��gdt�|�
d�}WntyF
}
z|j	\}}	t
d||��|	f�
�
d}~w
wt|�
dkr[|�
�
t
d||��f�
�
|dj}t�|d�}|�|�

Yn
wz|j|gtjd	d
�}
Wn.ty�
}
z"|j	\}}	|tjkr�g}
n|�
�
t
d||��|	f�
�
WYd}~nd}~w
wt|
�
dkr�|dur�|�
�
t
d||��f�
�
t||
|dddddd
�
nt||
|
djdddddddd�

|��
dS)N)
�hexz	<GUID=%s>z(&(objectClass=server)(cn=%s)))r5r8r7z4Failure checking if %s is an server object in %s: %sr
z%s is not an AD DC in %szCN=NTDS Settingsz(objectClass=ntdsdsa)rwz/Failure checking if %s is an NTDS DSA in %s: %sTr�)r�r�r�r�r�r�r�)�transaction_start�uuid�UUID�
ValueErrorrNr rr~rr%r
rrP�transaction_cancelr-rrrXr&r�r��transaction_commit)r(r)r*rr�r��server_msgs�e3r/r0�	ntds_msgs�e7rrr�	remove_dcv
s�







�
�


���



�



�


�








�����





�





�







�
r�cCs |��
t
||
d�
|��
dSr)�start_transactionr��commit_transaction)r(r�rrr� offline_remove_dc_RemoveDsServer�
sr�)
F)FFFFF)FFFFFFF)r�rr�sambar�	samba.ndrr�samba.dcerpcrr�samba.dcerpc.dnsprrr	r
rr�	Exceptionr
r2rhrVr�r�r�r�rrrr�<module>
s6




 


3P-




�O






�UP