o

�/am��@s�dd
lZdd
l
Z
dd
lZdd
lZdd
lmZ
ddlmZ
ddlm	Z	
ddl
mZ
ddlm
Z
mZmZmZmZ
ddlmZmZmZ
e
�d�
ZGdd	�d	e�ZGd
d�de�ZGdd
�d
e�ZGdd�de�ZGdd�de�Zd
S)�N)
�Ldb)
�
ndr_unpack)
�security)�
SCOPE_SUBTREE�SCOPE_ONELEVEL�
SCOPE_BASE�ERR_NO_SUCH_OBJECT�LdbError)�Command�CommandError�Optionz^([^;]+);range=(\d+)-(\d+|\*)$c@s�eZ
dZd
d
d
d
d
dddejejdfdd�
Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�ZdS)�LDAPBaseF�section��SUBTcCs�
g}|
}d
|
v
rtj
�|
�
rd|
}nd|
}|���d�
r!dg
}||_|
|_t||||d�|_|
|_	||_
||_||_||_
||_|	|_||_|
|_||_t|j���
|_t|j���
|_t|j���
|_t|j���
|_|��|_|��|_t �!dd|j��"d	d
�|_#|�$�|_%|�&�
|jr�|js�|j�'d|j�

|j�'dd
|j�

|j�'dd|j�

|j�'dd|j�

|j�'dd|j#�

dSdSdS)Nz://ztdb://%sz	ldap://%szldap://zmodules:paged_searches)�url�credentials�lp�optionsz	[Dd][Cc]=r�
,�
.z
* Place-holders for %s:
�    z${DOMAIN_DN}      => %s
z${DOMAIN_NETBIOS} => %s
z${SERVER_NAME}     => %s
z${DOMAIN_NAME}    => %s
)(�os�path�isfile�lower�
startswith�outf�errfr�ldb�search_base�search_scope�two_domains�quiet�
descriptor�	sort_aces�view�verbose�host�skip_missing_dn�str�get_default_basedn�base_dn�get_root_basedn�root_dn�get_config_basedn�	config_dn�get_schema_basedn�	schema_dn�find_netbios�domain_netbios�find_servers�server_names�re�sub�replace�domain_name�find_domain_sid�
domain_sid�get_sid_map�write)�selfr(�credsr�twor#r$r%r'r&�base�scoperrr)�ldb_options�	samdb_url�rF�6/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py�__init__-sb











�
























�

�

�

��zLDAPBase.__init__c
Cs,|jj
|jd
td�}
ttj|
ddd�S)Nz(objectClass=*))rB�
expressionrCr
�	objectSid)r�searchr,rrr�dom_sid�r?�resrFrFrGr;bs

zLDAPBase.find_domain_sidc
Cs:|jj
d
|jtddg
d�}
t|
�
dksJ�
dd�|
D�
S)z	
        zOU=Domain Controllers,%sz(objectClass=computer)�cn)rBrCrI�attrsr
c
Ssg|]
}
t|
dd
�
�qS)rOr
�
r*��.0�
xrFrFrG�
<listcomp>lsz)LDAPBase.find_servers.<locals>.<listcomp>)rrKr,r�lenrMrFrFrGr5fs

�
zLDAPBase.find_serversc
CsP|jj
d
|jtdg
d�}
t|
�
dksJ�
|
D]}d|vr%|dd
SqdS)NzCN=Partitions,%s�nETBIOSName�rBrCrPr
)rrKr0rrV)r?rNrTrFrFrGr3ns

�


��zLDAPBase.find_netbiosc
Cs`d}z
|jj
|
td
�}Wnty)
}
z|j\}}|tkr$WYd}~dS�d}~w
wt|�
dkS)N)rBrCF�
)rrKrr	�argsrrV)r?�	object_dnrN�e2�enum�estrrFrFrG�
object_existsvs








��zLDAPBase.object_existsc
CsLz	|j�
|
�

WdStjy%
}
zd
t|�
vsJ�
WYd}~dSd}~w
w)NzNo such object)r�deleterr	r*)r?r[�
erFrFrG�delete_force�s



��zLDAPBase.delete_forcecCs t�
|
�
}|d
ur|
S|�d�
S)zi Returns the real attribute name
            It resolved ranged results e.g. member;range=0-1499
        NrY)�RE_RANGED_RESULT�match�group)r?�key�
mrFrFrG�get_attribute_name�s



zLDAPBase.get_attribute_namecCs
t�
|�
}|d
ur|S|�d�
}t|�d�
�
}	d||df}|jj|
t|g
d�}t|�
dks2J�
t|d�
}|d=d
}	d
}
|D]}t�
|�
}|d
urMqA|�d�
|krUqA|}	t	||�
}

|	d
ure	|S|�
|
�

|	�d�
d	krt	|St|	�d
�
�
|dks�J�
t|	�d�
�
}q)zp Returns list with all attribute values
            It resolved ranged results e.g. member;range=0-1499
        NrY�Tz
%s;range=%d-*rXr
�dn�
*�)rcrdre�intrrKrrV�dict�list�extend)r?r[rf�valsrg�attr�hi�
nrN�fm�fvalsrFrFrG�get_attribute_values�s@

















�
�
�zLDAPBase.get_attribute_valuescCst|jj
|
td
g
d�}t|�
dksJ�
t|d�
}|d=i}|��D]\}}|�|�
}t|�
}|�|
||�||<q!|S)z: Returns dict with all default visible attributes
        rkrXrYr
rj)	rrKrrVrn�itemsrh�sortedrw)r?r[rN�
attributesrfrq�namerFrFrG�get_attributes�s





zLDAPBase.get_attributescCs<|jj
|
td
g
d�}|dd
d}ttj|�}|�|j�
S)N�nTSecurityDescriptorrXr
)rrKrrrr$�as_sddlr<)r?r[rN�descrFrFrG�get_descriptor_sddl�s



zLDAPBase.get_descriptor_sddlc
Cs�d
|
}gd�
}d}d}d}|t|�
krdd}d}|||krTt
t||�
�
�dd�}	dd|	|	gt|	�
}	d|t|�
krB|	|}n||	7}|d	7}|d	7}|||ks||d
7}|d	7}|t|�
ks|t|�
kslJ�
|���d
d�S)z� Translate binary representation of schemaIDGUID to standard string representation.
            @gid_blob: binary schemaIDGUID
        �%s)�rlrlrl�r
r�0xN�
0rlrY�
 �
-)rV�hex�ordr9�strip)
r?�	guid_blob�blob�stops�indexrNrT�tmp�
y�
crFrFrG�guid_as_string�s,














�	
�
zLDAPBase.guid_as_stringc
	Csni|_|j
j|jd
tddgd�}
|
D]"}zt|dd�
|jdttj|dd�<Wqt	y4


YqwdS)za Build dictionary that maps GUID to 'name' attribute found in Schema or Extended-Rights.
        z
(objectSid=*)rJ�sAMAccountName)rBrIrCrPr
r�N)
�sid_maprrKr,rr*rrrL�KeyError)r?rN�itemrFrFrGr=�s



�
.


��zLDAPBase.get_sid_mapN)�__name__�
__module__�__qualname__�sys�stdout�stderrrHr;r5r3r_rbrhrwr|r�r�r=rFrFrFrGr
+s 




�54r
c@s>eZ
dZejejfd
d�
Zdd�Zdd�Zdd�Z	d	d
�Z
dS)�
DescriptorcCsL||_||_
|
|_||_|j�|j�
|_|��|_|jjr$|j�	�
dSdS�
N)
rr�conrjr��sddl�extract_dacl�	dacl_listr%�sort)r?�
connectionrjrrrFrFrGrH
s








�zDescriptor.__init__c
Cs\zd
|jvrt
�d|j��d�
}
n
t
�d|j��d�
}
Wnty'


gYSwt
�d|
�S)zG Extracts the DACL as a list of ACE string (with the brakets).
        zS:zD:(.*?)(\(.*?\))S:rlzD:(.*?)(\(.*\))z	(\(.*?\)))r�r7rKre�AttributeError�findallrMrFrFrGr�
s


�

�zDescriptor.extract_daclc	Cs`d
|
}t�
d|�}t|�
dkr|S|D]}z|jj|}|�||�}Wqty-


Yqw|S)Nr�z	S-[-0-9]+r
)r7r�rVr�r�r9r�)r?�acerN�sids�sidr{rFrFrG�fix_sid
s







�zDescriptor.fix_sidc	Cs$
d
}t|j
�
t|
j
�
kr&|d7}|ddt|j
�
7}|ddt|
j
�
7}d}d}	d}d}z	d|j
|}WntyC


d
}Yn
wz	d|
j
|}WntyX


d
}Yn
wt|�
t|�
dkrh	||fSd|�|�
}d|
�|�
}||kr�|d||f7}d	}n|d
||f7}|d7}q+)Nr�    Difference in ACE count:
�        �=> %s
r
Tr�z
%60s * %s
Fz
%60s | %s
rY)rVr��
IndexErrorr�)	r?�otherrN�
i�flag�self_ace�	other_ace�self_ace_fixed�other_ace_fixedrFrFrG�diff_1+
s>












�


�
	�




�zDescriptor.diff_1c		s�
d
}t�
j
�
t�j
�
kr&|d7}|ddt�
j
�
7}|ddt�j
�
7}g}g}g}�
f
dd��
j
D�
}�f
dd��j
D�
}|D]}z|�|�

WntyY


|�|�

YqBw|�|�

qBt|�
}t|�
dkr�|d	d
�
jj7}|D]
}|d|d7}qv|D]}z|�|�

Wnty�


|�|�

Yq�w|�|�

q�t|�
}t|�
dkr�|d	d
�jj7}|D]
}|d|d7}q�ttt	|�
�
�
}�
jj
r�|d7}|D]
}|d|d7}q�|gko�|gk|fS)
Nrr�r�r�c
�g|]}
��|
�
�qSrF�
r��rSr��
r?rFrGrUV
�z%Descriptor.diff_2.<locals>.<listcomp>c
r�rFr�r��
r�rFrGrUW
r�r
rzACEs found only in %s:
�

z    ACEs found in both:
)rVr�r��
ValueError�appendryr�r(ro�setr')	r?r�rN�common_aces�	self_aces�
other_aces�self_dacl_list_fixed�other_dacl_list_fixedr�rF�r�r?rG�diff_2L
sP













�








�









zDescriptor.diff_2N)r�r�r�r�r�r�rHr�r�r�r�rFrFrFrGr�
s

!r�c@s^eZ
dZejejfd
d�
Zdd�Zdd�Zdd�Z	d	d
�Z
dd�Zd
d�Zdd�Z
dd�ZdS)�
LDAPObjectcCs�
||_||_
|
|_|jj|_|jj|_|jj|_||_|�d
|jj�|_	|j	�dd|jj
�|_	|jjD]}|j	�dd|�|_	q4|j�|j	�
|_
gd�
|_|j|_|jdg
7_|rc|j|7_g|_g|_g|_g|_g|_|jr�|jgd�
7_gd�
|_d	d
�|jD�
|_gd�
|_dd
�|jD�
|_gd
�
|_dd
�|jD�
|_gd�
|_dd
�|jD�
|_ddg|_dd
�|jD�
|_tdd
�|jD�
�
|_dS)N�${DOMAIN_DN}�CN=${DOMAIN_NETBIOS}�CN=%s�CN=${SERVER_NAME}) �badPasswordTime�badPwdCount�dSCorePropagationData�
lastLogoff�	lastLogon�
logonCount�
modifiedCountzmsDS-Cached-Membershipz!msDS-Cached-Membership-Time-StampzmsDS-EnabledFeatureBLzmsDS-ExecuteScriptPasswordzmsDS-NcTypezmsDS-ReplicationEpochzmsDS-RetiredReplNCSignatureszmsDS-USNLastSyncSuccess�partialAttributeDeletionList�partialAttributeSet�pekList�	prefixMap�replPropertyMetaData�replUpToDateVector�repsFrom�repsTo�
rIDNextRID�rIDPreviousAllocationPool�schemaUpdate�serverState�subRefs�
uSNChanged�
uSNCreated�
uSNLastObjRem�whenChanged�msExchServer1HighestUSN)#�objectCategory�
objectGUIDrJ�whenCreatedr��
pwdLastSetr��creationTimer��priorSetTime�rIDManagerReference�gPLink�ipsecNFAReference�fRSPrimaryMember�
fSMORoleOwner�
masteredBy�ipsecOwnersReference�wellKnownObjects�otherWellKnownObjectsr��ipsecISAKMPReference�ipsecFilterReferencezmsDs-masteredBy�lastSetTime�ipsecNegotiationPolicyReferencer��gPCFileSysPath�accountExpires�invocationId�operatingSystemVersion�oEMInformation�
schemaInfo�
targetAddress�msExchMailboxGuid�siteFolderGUID)&�distinguishedName�defaultObjectCategory�member�memberOf�siteList�nCName�homeMDB�homeMTA�interSiteTopologyGenerator�serverReferencezmsDS-HasInstantiatedNCs�hasMasterNCszmsDS-hasMasterNCszmsDS-HasDomainNCs�dMDLocation�msDS-IsDomainFor�rIDSetReferences�serverReferenceBL�msExchHomeRoutingGroup�msExchResponsibleMTAServer�siteFolderServer�msExchRoutingMasterDN�msExchRoutingGroupMembersBL�	homeMDBBL�msExchHomePublicMDB�msExchOwningServer�
templateRoots�addressBookRoots�msExchPolicyRoots�globalAddressList�msExchOwningPFTree�msExchResponsibleMTAServerBL�msExchOwningPFTreeBLz$msDS-MembersOfResourcePropertyListBLzmsDS-ValueTypeReferencez"msDS-MembersOfResourcePropertyListzmsDS-ValueTypeReferenceBLzmsDS-ClaimTypeAppliesToClassc
S�g|]}
|
���qSrF�
�upperrRrFrFrGrU�
�z'LDAPObject.__init__.<locals>.<listcomp>)�proxyAddresses�mail�userPrincipalName�"msExchSmtpFullyQualifiedDomainName�dnsHostName�networkAddress�dnsRoot�servicePrincipalNamec
Sr 
rFr!
rRrFrFrGrU�
r#
)r
r{�CNr��dNSHostNamer+
r
r
r
r
r

c
Sr 
rFr!
rRrFrFrGrU�
r#
)r+
r,
r
rWr{c
Sr 
rFr!
rRrFrFrGrU�
r#
r{�DCc
Sr 
rFr!
rRrFrFrGrU�
r#
c
Sr 
rFr!
rRrFrFrGrU�
r#
)rrr�r"r#r'�summaryr9r,rjr4r6r|rz�non_replicated_attributes�ignore_attributes�
dn_attributes�domain_attributes�servername_attributes�netbios_attributes�other_attributesr�)r?r�rjr/
�filter_listrrrTrFrFrGrH{
sF














$














zLDAPObject.__init__cC�|js
|j
�|
d
�

dSdS�zE
        Log on the screen if there is no --quiet option set
        r�N�r#rr>�r?�msgrFrFrG�log�
�
�zLDAPObject.logcCsLd
|
}|js	|S|�
��|jj�
��
r$|dt|�
t|jj�
�d}|S)Nr�r�)r"r"
�endswithr�r,rV�r?�
srNrFrFrG�fix_dns



 

zLDAPObject.fix_dncC�Fd
|
}|js	|S|�
|jj��|jj���}|�
|jj��d�}|S)Nr�z${DOMAIN_NAME})r"r9r�r:rr"
r@
rFrFrG�fix_domain_name
�





zLDAPObject.fix_domain_namecCrC
)Nr�z${DOMAIN_NETBIOS})r"r9r�r4rr"
r@
rFrFrG�fix_domain_netbiosrE
zLDAPObject.fix_domain_netbioscCsDd
|
}|jrt
|jj�
dkr|S|jjD]
}|���|d�}q|S)Nr�rYz${SERVER_NAME})r"rVr�r6r"
r9)r?rA
rNrTrFrFrG�fix_server_names





zLDAPObject.fix_server_namecCs|jj
r	|�|
�
S|�|
�
Sr�)r�r$�cmp_desc�	cmp_attrs)r?r�rFrFrG�__eq__"s




zLDAPObject.__eq__cCs�t|j
|j|j|jd
�}t|
j
|
j|j|jd
�}|j
jdkr$|�|�
}n|j
jdkr0|�|�
}ntd�
�
|d|_	|d|
_	|dS)N)rrr�	collisionzUnknown --view option value.rYr
)
r�r�rjrrr&r�r��	Exception�
screen_output)r?r��d1�d2rNrFrFrGrH
's








zLDAPObject.cmp_desccs(d
}g�
_t
dd��
jD�
�
}t
dd��jD�
�
}||�j}|r9|dd�
jj7}|D]
}|d|d7}q.||�
j}|rY|dd�jj7}|D]
}|d|d7}qN||@}d	}	�
jD�
]r}|���
jvsr|��|vrsqbt�
j|t�r�t�j|t�r�t	�
j|�
�
j|<t	�j|�
�j|<�
j|�j|k�
r�d}
d}d}d}
|���
j
vrχ
f
d
d��
j|D�
}
�f
dd��j|D�
}|
|kr�qbn0|���
jvr�|
}|}
|
s�|s�
j|}�j|}
�
f
dd�|D�
}
�f
d
d�|
D�
}|
|kr�qb|���
jv�
r3|
}|}
|
�
s|�
s�
j|}�j|}
�
f
dd�|D�
}
�f
dd�|
D�
}|
|k�
r3qb|���
j
v�
rg|
}|}
|
�
sO|�
sO�
j|}�j|}
�
f
dd�|D�
}
�f
dd�|
D�
}|
|k�
rgqb|���
jv�
r�|
}|}
|
�
s�|�
s��
j|}�j|}
�
f
dd�|D�
}
�f
dd�|
D�
}|
|k�
r�qb|	�
r�||	d7}d}	|
�
r�|�
r�|d|d|
|fd7}n|d|d�
j|�j|fd7}�
j�|�

qb|�
r�||k�
s�J�
�
jdt|�
7<�
jd�
j7<�jdt|�
7<�jd�
j7<|�
_|�_|d
kS)Nrc
Sr 
rFr!
�rSrrrFrFrGrU:r#
z(LDAPObject.cmp_attrs.<locals>.<listcomp>c
Sr 
rFr!
rP
rFrFrGrU;r#
rzAttributes found only in %s:r�r�z#    Difference in attribute values:c
�"g|]
}
�jj
�d�
d
|
k�qS�rr
�r�r:�split�rS�
jr�rFrGrUY�"c
rQ
rR
rS
rU
r�rFrGrUZrW
c
r�rF�
rB
rU
r�rFrGrUdr�c
r�rFrX
rU
r�rFrGrUer�c
r�rF�
rD
rU
r�rFrGrUor�c
r�rFrY
rU
r�rFrGrUpr�c
r�rF�
rG
rU
r�rFrGrU{r�c
r�rFrZ
rU
r�rFrGrU|r�c
r�rF�
rF
rU
r�rFrGrU�r�c
r�rFr[
rU
r�rFrGrU�r�z
 => 
%s
%s�unique_attrs�df_value_attrs)r]
r�rzr1
r�r(r"
�
isinstanceroryr6
r2
r3
r4
r5
r�r/
rM
)r?r�rN�
self_attrs�other_attrs�self_unique_attrsrT�other_unique_attrs�
missing_attrs�title�
p�
qrgrtrFr�rGrI
6s�














 











�
















































(
�





zLDAPObject.cmp_attrsN)r�r�r�r�r�r�rHr=
rB
rD
rF
rG
rJ
rH
rI
rFrFrFrGr�z
s
�
r�c@sJeZ
dZd
d
ejejfdd�
Zdd�Zdd�Zdd	�Z	d
d�Z
dd
�Zd
S)�
LDAPBundleNc
Cs�
||_||_
|
|_|jj|_|jj|_|jj|_|jj|_|jj|_|jj|_i|_	g|j	d
<g|j	d<g|j	d<g|j	d<||_
|rG||_n|��dvrY|��|_
|�|�
|_ntd�
�
d}|t|j�
kr�|jr�|j|}|dt|�
t|jj�
�d}|�d	|jjd
�}t|jj�
dkr�|jjD]
}	|�d	|	d�}q�||j|<|d7}|t|j�
kr�|jsitt|j�
�
|_t|j�
|_t|j�
|_dS)
Nr\
r]
�known_ignored_dn�abnormal_ignored_dn��DOMAIN�
CONFIGURATION�SCHEMA�	DNSDOMAIN�	DNSFORESTz-Unknown initialization data for LDAPBundle().r
r�r�r�rYr�)rrr�r"r#r'r r!r)r/
r7
�dn_listr"
�context�get_dn_listrL
rVr,r9r4r6ror�ry�size)
r?r�rq
rp
r7
rr�counterr�rTrFrFrGrH�sF
































 







�


zLDAPBundle.__init__cCr8
r9
r:
r;
rFrFrGr=
�r>
zLDAPBundle.logc

Cst|j
�
|_t|j
�
|_
dSr�)rVrp
rs
ryr�rFrFrG�update_size�s

zLDAPBundle.update_sizec
Cs~d
}|j|
jkr|�
d|j|
jf�

|jsd}tdd�|jD�
�
}tdd�|
jD�
�
}|jtkrr|jsr||}|rSd}|�
d|jj�

t	|�
D]	}|�
d|�

qI||}|rrd}|�
d|
jj�

t	|�
D]	}|�
d|�

qh||@}|�
d	t
|�
�

|D]�}	zt|j|	|j|j
|j|jd
�}
Wnty�
}
z|�
d|	|f�

WYd}~q�d}~w
wzt|
j|	|
j|j
|j|jd
�}Wnty�
}
z|�
d|	|f�

WYd}~q�d}~w
w|
|k�
r
|jj�
r	|�
d�

|�
d
|
j|
jjf�

|�
d
|j|jjf�

|�
d�

n*|�
d�

|�
d
|
j|
jjf�

|�
d
|j|jjf�

|�
|
j�

|�
d�

d}|
j|_|j|
_q�|S)NTz)
* DN lists have different size: %s != %sFc
Sr 
rFr!
�rSrf
rFrFrGrU�r#
z#LDAPBundle.diff.<locals>.<listcomp>c
Sr 
rFr!
rv
rFrFrGrU�r#
z
* DNs found only in %s:rz
* Objects to be compared: %d)r�rjr/
r7
rrzLdbError for dn %s: %sz
Comparing:z	'%s' [%s]z    OKz
    FAILED)rs
r=
r)r�rp
r!rr�r(ryrVr�r/
r7
rrr	r'rjrM
)
r?r�rN�self_dns�	other_dns�	self_onlyrT�
other_only�
common_dnsrj�object1ra�object2rFrFrG�diff�s~






















�

��





�

��








�









zLDAPBundle.diffc	
CsD
|
��d
kr|j
j}n/|
��dkr|j
j}n$|
��dkr!|j
j}n|
��dkr.d|j
j}n|
��dkr:d|j
j}g}|jsB||_|j��|_|jdkrQt|_n|jd	krZt	|_n
|jd
krct
|_ntd�
�
z|j
jj
|j|jdg
d
�}Wnty�
}
z|j\}}|j�d|j�

�d}~w
w|D]}|�|d���

q�|S)z� Query LDAP server about the DNs of certain naming self.con.ext Domain (or Default), Configuration, Schema.
            Parse all DNs and filter those that are 'strange' or abnormal.
        rk
rl
rm
rn
zDC=DomainDnsZones,%sro
zDC=ForestDnsZones,%sr�BASE�ONEz0Wrong 'scope' given. Choose from: SUB, ONE, BASErjrXzFailed search of base=%s
N)r"
r�r,r0r2r.r r!rrrr�rrKr	rZrr>r��get_linearized)	r?rq
r rp
rN�e3r]r^rTrFrFrGrr
s@






























��

zLDAPBundle.get_dn_listc

Cs�tt
|jd
�
�
|jd
<tt
|jd�
�
|jd<|jd
r6|�d|jj�

|�d�dd�|jd
D�
�
�

|jdrW|�d�

|�d�dd�|jdD�
�
�

g|jd<dSdS)	Nr\
r]
z
Attributes found only in %s:rc
S�g|]}
td|
�
�qS�
z
    rQrRrFrFrGrUJ�z,LDAPBundle.print_summary.<locals>.<listcomp>z"
Attributes with different values:c
Sr�
r�
rQrRrFrFrGrUNr�
)ror�r/
r=
r�r(�joinr�rFrFrG�
print_summaryDs



 



 

�zLDAPBundle.print_summary)r�r�r�r�r�r�rHr=
ru
r~
rr
r�
rFrFrFrGrg
�s

�'I%rg
c@s�eZ
dZd
ZdZejejejd�Z	gd�
Z
eddddd	d
d�edd
ddd	dd�eddddd	dd�edddd	dd�edddd	dd�edddddgdd�ed d!d"d#d$�ed%d&d"d'd$�ed(d)d*gd+�
d,d�ed-d.d"d/d$�ed0d1dd	d2d�gZ	3			"		d6d4d5�
Z
d3S)7�cmd_ldapcmpzCompare two ldap databases.zO%prog <URL1> <URL2> (domain|configuration|schema|dnsdomain|dnsforest) [options])�	sambaopts�versionopts�credopts)�URL1�URL2z	context1?z	context2?z	context3?z	context4?z	context5?z-wz--tworA�
store_trueFz"Hosts are in two different domains)�dest�action�default�helpz-qz--quietr#z1Do not print anything but relay on just exit codez-vz	--verboser'z*Print all DN pairs that have been comparedz--sdr$z+Compare nTSecurityDescriptor attibutes onlyz--sort-acesr%z=Sort ACEs before comparison of nTSecurityDescriptor attributez--viewr&rrK
zUDisplay mode for nTSecurityDescriptor results. Possible values: section or collision.)r�
r�
�choicesr�
z--baserBrz:Pass search base that will build DN list for the first DC.)r�
r�
r�
z--base2�base2znPass search base that will build DN list for the second DC. Used when --two or when compare two different DNs.z--scoperCr)rr�
r
z>Pass search scope that builds DN list. Options: SUB, ONE, BASEz--filter�filterz?List of comma separated attributes to ignore in the comparisionz--skip-missing-dnr)zCSkip report and failure due to missing DNs in one server or anotherNc#Cs�|��}|
�
d
�
p
|�
d
�
}|r|j|dd�}nd}|j|dd�}|��r(|}n
|�d�

|�d�

|r<|��s<td�
�
g}|durO|rJ|rJdg
}n'gd	�
}n"|||||fD]}|dur]qV|�	�d	v
ritd
|�
�
|�
|�	��

qV|
ry|	rytd�
�
|s}|s�|r�|s�td�
�
t|
||||	|||
|
|||j|j
|d
�}t|j�
dks�J�
t|||||	|||
|
|||j|j
|d
�}t|j�
dks�J�
|�d�
}d}|D]l} |	s�|j�d| �

t|| ||j|j
d�}!t|| ||j|j
d�}"|!�|"�
r�|	s�|j�d| �

q�|	�
s2|j�d| �

|�
s2t|!jd�
t|"jd�
k�
sJ�
g|"jd<|j�d�

|j�d�

|!��
|"��
d}q�|dk�
r@td|�
�
dS)N�ldapT)
�fallback_machineF)
�guessrz3You must supply at least one username/password pairrk
rj
zIncorrect argument: %sz-You cannot set --verbose and --quiet togetherz<You need to specify both --base and --base2 at the same time)rAr#r$r%r'r&rBrCrrr)r
rz
* Comparing [%s] context...
)rq
r7
rrz
* Result for [%s]: SUCCESS
z
* Result for [%s]: FAILURE
r]
z	
SUMMARY
z
---------
���zCompare failed: %d)�get_loadparmr�get_credentials�get_credentials2�is_anonymous�
set_domain�set_workstation�authentication_requestedrr"
r�r
rrrVr,rT
r>rg
r~
r/
r�
)#r?r�
r�
�context1�context2�context3�context4�context5rAr#r'r$r%r&rBr�
rCr�
r�
r�
r�
r)r�
using_ldapr@�creds2�contextsr��con1�con2r7
�statusrq
�b1�b2rFrFrG�runws�























�



�




�
�



��

"









�zcmd_ldapcmp.run)NNNNNFFFFFrrrrrNNNF)r�r�r��__doc__�synopsisr�SambaOptions�VersionOptions�CredentialsOptionsDouble�takes_optiongroups�
takes_argsr�
takes_optionsr�
rFrFrFrGr�
Rs^



�
�
�
�

�

�
�
�
�
�
�

��


�r�
)rr7r��samba�samba.getopt�getoptrr�	samba.ndrr�samba.dcerpcrrrrrrr	�samba.netcmdr
rr�compilerc�objectr
r�r�rg
r�
rFrFrFrG�<module>
s(








[u*1