HEX

File: //lib/python3/dist-packages/samba/tests/__pycache__/domain_backup.cpython-310.pyc
o

�/ak�@s�ddlmZmZddlZddlZddlZddlmZmZm	Z	m
Z
mZddlZddl
mZddlmZddlmZmZddlmZddlZddlmZdd	lmZd
d�ZGdd
�d
e
�ZGdd�de�ZGdd�de�ZGdd�de�ZdS)�)�	provision�paramN)�env_loadparm�create_test_ou�BlackboxProcessError�BlackboxTestCase�
connect_samdb)�SamDB)�system_session)�Ldb�dn_from_dns_name)�get_fsmo_roleowner)�sites)�_dsdb_load_udv_v2cCs(t|t�|d�}|jdgd�tjdd�S)N)�session_info�lpzCN=Primary Domains)�objectClass�samAccountName�secretzmsDS-KeyVersionNumberz(objectClass=kerberosSecret))�base�attrs�scope�
expression)rr
�search�ldb�
SCOPE_SUBTREE)�secrets_pathr�secrets_ldb�r�;/usr/lib/python3/dist-packages/samba/tests/domain_backup.py�get_prim_dom!s�r cs�eZdZ�fdd�Zdd�Zdd�Zdd�Zd	d
�Zd2dd
�Zdd�Z	dd�Z
d3dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd �Zd4d"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd2d.d/�Zd2d0d1�Z�ZS)5�DomainBackupBasecs�tt|���tjd}dtjdtjdf|_td|�|_d|_|�	�|_
d|_ddg|_tjd	|_
tjd
|_d|_dS)N�	DC_SERVERz-U%s%%%s�DC_USERNAME�DC_PASSWORDz	ldap://%s�
BACKUPSERV�
sidForRestore�
backupDate�DOMAIN�REALM)�superr!�setUp�os�environ�	user_authrr�
new_server�upper�server�base_cmd�backup_markers�restore_domain�
restore_realm�backend)�selfr1��	__class__rrr+2s

�


zDomainBackupBase.setUpcCs||_|jd|g7_dS)z8Explicitly set the DB backend that the backup should usez--backend-store=N)r6r2)r7r6rrr�use_backendCszDomainBackupBase.use_backendcCs.t|���}d|}||d|d|d|gS)NzCN=Configuration,%szCN=Schema,%szDC=DomainDnsZones,%szDC=ForestDnsZones,%s)�str�get_default_basedn)r7�samdb�basedn�	config_dnrrr�get_expected_partitionsHs
�z(DomainBackupBase.get_expected_partitionscCs`|jdtjdgd�}dd�|d�d�D�}|�|�}|D]}|�||vd|t|�f�qdS)	z?Asserts all expected partitions are present in the backup samdb��namingContexts�rrrcS�g|]}t|��qSr�r;)�.0�rrrr�
<listcomp>S�z>DomainBackupBase.assert_partitions_present.<locals>.<listcomp>rz%s not in %sN)rr�
SCOPE_BASE�getr@�
assertTruer;)r7r=�res�
actual_ncs�expected_ncs�ncrrr�assert_partitions_presentOs
�

��z*DomainBackupBase.assert_partitions_presentcCsX|j��}|�|�}|D]}d}t||�D]
}|t|j�kr"d}nq|�|d�qdS)z>Asserts an replUpToDateVector entry exists for the original DCFTz"Couldn't find UDTV for original DCN)r�get_invocation_idr@rr;�source_dsa_invocation_idrL)r7r=�
orig_invoc_idrOrP�found�cursorrrr�assert_repl_uptodate_vector[s

��z,DomainBackupBase.assert_repl_uptodate_vectorNcCshd}|j|��tj|d�}d}|D]}|t|j�vrd}q|�|d|�|r2|�t|�|k�dSdS)z=Checks that the expected server is present in the restored DBz*(&(objectClass=Server)(serverReference=*))�rrFTzCould not find %s serverN)r�get_config_basednrrr;�dnrL�len)r7r=�expected_server�expected_count�search_exprrM�server_found�msgrrr�assert_dcs_presentis 
����z#DomainBackupBase.assert_dcs_presentcCs8tj�|jd�}tj�|�st�|�|�tj|�|S)N�tree)	r,�path�join�tempdir�exists�mkdir�
addCleanup�shutil�rmtree)r7�extract_dirrrr�restore_dirzs

zDomainBackupBase.restore_dircCsB|��}t�|��}|�|�Wd�dS1swYdS)z@Untar the backup file's raw contents (i.e. not a proper restore)N)rl�tarfile�open�
extractall)r7�backup_filerk�tfrrr�untar_backup�s"�zDomainBackupBase.untar_backuprc
Cs�|��}|�|�tj�|��d�}tj�|d�}t�}t|t�|d�}|j	t
�|d�t
j|j
d�}|�t|�d�|j
D]}|�|d�|�d|�q=tj�|d	�}	t|	|�}|�t|�|�|�|�d
S)z@Creates a backup, untars the raw files, and sanity-checks the DB�privatezsam.ldb)�urlrr�@SAMBA_DSDBrC�rz%s backup marker missingzsecrets.ldbN)�
create_backuprrr,rcrdrlrr	r
rr�DnrJr3�assertEqualr[�assertIsNotNonerKr rQ)
r7�primary_domain_secretsrp�private_dir�
samdb_pathrr=rM�markerrrrr�_test_backup_untar�s&
�
�
z#DomainBackupBase._test_backup_untarcCs(|��}|�|�|��}|�|�dS)z?Does a backup/restore, with specific checks of the resulting DBN�rw�restore_backup�check_restored_smbconf�check_restored_database�r7rprrrr�_test_backup_restore�s
z%DomainBackupBase._test_backup_restorecCs2|jdgd�}|�|�|��}|j|dd�dS)zADoes a backup/restore with secrets excluded from the resulting DBz--no-secrets)�
extra_argsF��expect_secretsNr�r�rrr�_test_backup_restore_no_secrets�s
z0DomainBackupBase._test_backup_restore_no_secretscCs�d}t�|j|j��|�|�tj|j|j��|�|��}|�|d|g�|��}|�	|�}d�
||���}d�
|j�}|j|tj
|d�}|�t|�dkd�dS)	z2Does a backup and restores into a non-default sitezTest-Site-For-Backupsz--site=zCN={0},CN=Sites,{1}z(&(objectClass=server)(cn={0}))rXrvz Failed to find new DC under siteN)r�create_siterrYrh�delete_siterwr�r�r��formatr/rrrLr[)r7�sitenamerpr�restored_ldb�site_dn�match_serverrMrrr�_test_backup_restore_into_site�s&
�
�
��z/DomainBackupBase._test_backup_restore_into_sitecCsbtjd}tj|d�}|��D]
\}}|�||�qtj�|jd�}|�	d|�|�
tj|�|S)z9Creates a very basic smb.conf to pass to the restore tool�
SMB_CONF_PATH��filename_for_non_global_lp�smb.confF)r,r-r�LoadParm�items�setrcrdre�dumprh�remove)r7�settings�testenv_conf�local_lp�key�val�new_smbconfrrr�create_smbconf�s
zDomainBackupBase.create_smbconfc
Cs�|��}ddddd�}ddd�}|�|�|�|�}|�|d	|g�|��}|�|�|��D]\}}|�t|�	|��|d
||�	|�f�q0dS)z9Checks smb.conf values passed to the restore are retainedz/var/run�FOOBAR�NOTMYDOMAINzNOT.MY.REALM)�state directory�netbios name�	workgroup�realm�275�7)zdrs: max link synczprefork childrenz
--configfile=z'%s' was '%s' in smb.confN)
rw�updater�r�r�r�r�ryr;rK)r7rpr��assert_settings�smbconfrr�r�rrr�_test_backup_restore_with_conf�s&��


��z/DomainBackupBase._test_backup_restore_with_confcCs�tj�|��dd�}tj|d�}|�|�d�|j�|�|�d�|j	�|�|�d�|j
���tj�|��d�}|�|�d�|�tj�|��d	�}|�|�d
�|�|S)z=Sanity-check important smb.conf values are restored correctly�etcr�r�r�r�r�rszprivate dir�stater�)r,rcrdrlrr�ryrKr/r4r5r0)r7r��bkp_lpr|�	state_dirrrrr��sz'DomainBackupBase.check_restored_smbconfTc
Cst�||�d��}t|j|�}|�t|�d�|d�d�}|�|�|�t|d�|j	d�|�|d�d��t
|jt�||�
�d�}|jt�|d�tj|jd	�}|�t|�d�|jD]}|�|d�|�d
|�q_|j|��tjddgd	�}|�t|�d�|�|d�d��|�|d�d��|j|��tjddgd	�}|�t|�d�|�|d�d��|�|d�d��|jr�|jd
tjdgd	�}t|d�d��}	|�|	|j�|�|�|j||j	dd�|�||j	|j�|j||d�|�|�|S)Nr�rvrr�$r)rtrr�credentialsrurCz%s backup-marker left behind�repsFrom�repsToz
@PARTITION�backendStore)r]r�)r�provision_paths_from_lprKr �secretsryr[rzr;r/r	r=r
�get_credentialsrrrxrJr3�assertIsNoner<rYr6rQra�assert_fsmo_rolesr1�assert_secretsrW)
r7r�r��paths�bkp_pd�acnr=rMr~r6rrrr�sZ

��
�
�
�
�

z(DomainBackupBase.check_restored_databasecCsHt|���}d||f}|r|�|�d|��dS|�t|jd|�dS)z8Asserts that a user has/doesn't have secrets as expectedzCN=%s,CN=users,%s�
unicodePwdN)r;r<rz�	searchone�assertRaises�KeyError)r7r=�usernamer�r>�user_dnrrr�assert_user_secretsFs
z$DomainBackupBase.assert_user_secretscCs$gd�}|D]	}|�|||�qdS)z?Check the user secrets in the restored DB match what's expected)�alice�bob�janeN)r�)r7r=r��
test_users�userrrrr�Rs�zDomainBackupBase.assert_secretsc
Cs�|��}t|���}d|d|��t|���d||d|d|d�}|��D]0\}}t|t�	||�|�}	|�
d�|�|	��vd||f�|�
d�|�|	��vd	||f�q(d
S)z2Asserts the expected server is the FSMO role ownerzCN=Infrastructure,zCN=Partitions,%szCN=RID Manager$,CN=System,z$CN=Infrastructure,DC=DomainDnsZones,z$CN=Infrastructure,DC=ForestDnsZones,)�infrastructure�naming�schema�rid�pdc�	domaindns�	forestdnszCN={0},zExpected %s to own FSMO role %sz%s found as FSMO %s role ownerN)
�	domain_dnr�forest_dns_namerYr;�get_schema_basednr�r
rrxrLr��extended_str)
r7r=r1�exclude_serverr��	forest_dn�fsmos�rolerZ�ownerrrrr�Zs*

�	
��
��z"DomainBackupBase.assert_fsmo_rolescCs0t�|j�D]}tj�|j|�}t�|�qdS�N)r,�listdirrercrdrirj)r7�filename�filepathrrr�cleanup_tempdiros�z DomainBackupBase.cleanup_tempdirc
Cspd�|�}td|�z	|�d|�}Wnty1}z|��|�d|�WYd}~nd}~wwt|�dS)z,Executes a samba-tool backup/restore command� zExecuting: samba-tool %szsamba-tool zError calling samba-tool: %sN)rd�print�check_outputrr��fail)r7�args�cmd�out�errr�run_cmdts
��zDomainBackupBase.run_cmdcCs�|jd|jg}|r||7}|�|�g}t�|j�D]}|�d�r-|�d�r-|�|�q|�t	|�dkdt	|��tj
�|j|d�}|�tj
|�|S)z?Runs the backup cmd to produce a backup file for the testenv DC�--targetdir=z
samba-backup-z.tar.bz2rvz"Domain backup created %u tar filesr)r2rer�r,r��
startswith�endswith�appendrLr[rcrdrhr�)r7r�r��	tar_files�fnrprrrrw�s

�
�zDomainBackupBase.create_backupcCsp|��}dddd|d|d|jg}|r||7}|�|�|�|j�|�|j|j�|�|j|j|j�dS)z6Restores the samba directory files from a given backup�domain�backup�restorez--backup-file=r�z--newservername=N)rlr/r�rQrrar1r�)r7rpr�rkr�rrrr��s�
zDomainBackupBase.restore_backupr�)r�T)�__name__�
__module__�__qualname__r+r:r@rQrWrarlrrrr�r�r�r�r�r�r�r�r�r�r�r�rwr��
__classcell__rrr8rr!0s0


7
r!csDeZdZ�fdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Z�Z	S)
�DomainBackupOnlinecs*tt|���dddd|j|jg|_dS)Nr�r��online�	--server=)r*r�r+r1r.r2�r7r8rrr+�s
�zDomainBackupOnline.setUpcC�|��dSr��rr�rrr�test_backup_untar��z$DomainBackupOnline.test_backup_untarcC�|�d�|��dS�N�tdb�r:r�r�rrr�test_backup_restore��
z&DomainBackupOnline.test_backup_restorecCr�N�mdb�r:r�r�rrr�test_backup_restore_with_conf�rz0DomainBackupOnline.test_backup_restore_with_confcCrr�r:r�r�rrr�test_backup_restore_no_secrets�rz1DomainBackupOnline.test_backup_restore_no_secretscCrr�r:r�r�rrr�test_backup_restore_into_site�rz0DomainBackupOnline.test_backup_restore_into_site)
r�r�r�r+r�rr	rr
r�rrr8rr��sr�csjeZdZ�fdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
d�Z	dd�Z
dd�Zd�fdd�	Z�Z
S)�DomainBackupRenamecsZtt|���d|_d|_d|_d|_ddd|j|jd|j|jg|_	|j
d	g7_
dS)
N�
RENAMESERV�	NEWDOMAINzrename.test.netzDC=rename,DC=test,DC=netr�r��renamer��backupRename)r*rr+r/r4r5�
new_basednr1r.r2r3r�r8rrr+�s
�zDomainBackupRename.setUpcCr�r�r�r�rrrr��r�z$DomainBackupRename.test_backup_untarcCrrrr�rrrr�rz&DomainBackupRename.test_backup_restorecCrrrr�rrrr	�rz0DomainBackupRename.test_backup_restore_with_confcCrrr
r�rrrr�rz1DomainBackupRename.test_backup_restore_no_secretscCrrrr�rrrr
�rz0DomainBackupRename.test_backup_restore_into_sitecCsXd}dj||jtjdd�}|�t|j|�dj|tjd|jd�}|�t|j|�dS)z:Checks that rename commands with invalid args are rejectedz samba-tool domain backup rename z{cmd} {domain} {realm}r))r�r�r�r(N)r�r4r,r-r�rr�r5)r7�
rename_cmd�bad_cmdrrr�test_backup_invalid_args�s��z+DomainBackupRename.test_backup_invalid_argscCs<t��}t�|j|�|_t�|tj|�||<|j�|�dSr�)r�MessagerxrZ�MessageElement�FLAG_MOD_ADD�modify)r7�attr�source�target�mrrr�add_link�szDomainBackupRename.add_linkcCs�t|jd�}|�|jj|dg�d|}|j�|dd��d|}|j�|dd��d}|�|||�d	t|j���}|j�|d
d��|�|jj|�|�|||�|��}|�	|�|�
�}|�|�}t|j���}	t
�|	d|j|�}
t
�|	d|j|�}t
�|	d|j|�}|j|tj|gd�}
|�t|
�d
d�|�||
dvd�dd�|
d|D�}|�|
|v�|�||v�dS)z:Sanity-check that a rename handles one-way links correctly�rename_testz
tree_delete:1zCN=link_src,%s�msExchConfigurationContainer)rZ�objectclasszOU=link_tgt,%s�organizationalunit�addressBookRoots2z?CN=testrename,CN=Servers,CN=Default-First-Site-Name,CN=Sites,%sr1r�rCrvz)Failed to find renamed link source objectrzMissing link attributecSrDrrE)rF�xrrrrH,rIz9DomainBackupRename.test_one_way_links.<locals>.<listcomp>N)rrrh�delete�addrr;rYrwr�r�r�r<�re�subrrrJryr[rL)r7�test_ou�src_dn�	target_dn�	link_attr�	server_dnrprr��
old_basedn�
new_target_dn�
new_src_dn�
new_server_dnrM�link_valuesrrr�test_one_way_linkssD��


��z%DomainBackupRename.test_one_way_linksTc
s�tt|�}|�||�}t|���}|�||j�|��}t�	t|��}|j
|tjddgd|d�}|�t|�dd�|�t|d�
d��|j�|�t|d�
d��|j�|j}	d|j|jf}
|j
|
tjd	gd
�}|�t|�dd�d|j��|	f}|�t|d�
d	��|�d
|	|f}
|j
|
tjd�}|�t|�dd�|����}d|	|f}
|j
|
tjd�}|�t|�dd�|S)N�nETBIOSName�cnz	ncName=%s)rrrrrvz*Looking up partition's NetBIOS name failedrzCN=%s,OU=Domain Controllers,%s�dNSHostNamerCz&Looking up new DC's dnsHostname failedz%s.%sz*DC=%s,CN=MicrosoftDNS,DC=DomainDnsZones,%s)rrz&Lookup of new domain's DNS zone failedz1DC=_msdcs.%s,CN=MicrosoftDNS,DC=ForestDnsZones,%s)r*rr�r;r<ryr�get_partitions_dnr�
binary_encoder�SCOPE_ONELEVELr[rKr4r5r/rJ�lower�get_root_basedn�get_linearized)
r7rr��common_testr=r>�
partitions_dn�nc_namerMr�rZ�expected_val�forestdnr8rrr�1sJ

���
���z*DomainBackupRename.check_restored_databaser�)r�r�r�r+r�rr	rr
rrr4r�r�rrr8rr�s0rcs<eZdZ�fdd�Zdd�Zdd�Zdd�Zd	d
�Z�ZS)�DomainBackupOfflinecstt|���gd�|_dS)N)r�r��offline)r*rCr+r2r�r8rrr+_szDomainBackupOffline.setUpcCs|jdd�dS)Nrv)r{r�r�rrrr�csz%DomainBackupOffline.test_backup_untarcCr�r�)r�r�rrrr	fr�z1DomainBackupOffline.test_backup_restore_with_confcCr�r�)r�r�rrrrir�z'DomainBackupOffline.test_backup_restorecCr�r�)r�r�rrrr
lr�z1DomainBackupOffline.test_backup_restore_into_site)	r�r�r�r+r�r	rr
r�rrr8rrC]srC)�sambarrrmr,ri�samba.testsrrrrrr�samba.samdbr	�
samba.authr
rr�samba.netcmd.fsmor
r(r�
samba.dsdbrr r!r�rrCrrrr�<module>s*