o

�/a��@s�dd
lZdd
l
Z
dd
lZddlmZ
ddl
mZ
ddl
mZ
ddlmZ
ddlm	Z	
ddl
mZmZ
ddlm
Z

dd	lmZ
dd
lmZ
ddlmZmZ
ddlmZmZ
dd
lmZ
ddlmZ
dd�ZGdd�de�Zd
S)�N)
�	b64decode)
�dsdb)
�common)
�misc)
�drsuapi)�
ndr_unpack�ndr_pack)
�drsblobs)
�dsdb_Dn)
�security)�get_wellknown_sds�get_diff_sds)�system_session�
admin_session)
�CommandError)
�get_fsmo_roleownerc
	CsLg}
|D]}z
|
�|�
d
�
�

Wqty 


|
�t|�
�

Yqwd�|
�
S)z�Stringify a value list, using utf-8 if possible (which some tests
    want), or the python bytes representation otherwise (with leading
    'b' and escapes like b'').
    zutf-8�
,)�append�decode�UnicodeDecodeError�repr�join)�vals�result�value�r�1/usr/lib/python3/dist-packages/samba/dbchecker.py�dump_attr_values&s




�
rc@steZ
dZd
Z					d�dd�
Zdejddfdd�
Zdd	�Zd
d�Z	d�dd
�
Z
dd�Zdd�Zd�dd�
Z
dd�Zdd�Zdd�Zdd�Zdd�Zdd �Zd!d"�Zd#d$�Zd�d%d&�
Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd/d0�Zd1d2�Zd3d4�Zd5d6�Zd7d8�Zd9d:�Z 	d�d;d<�
Z!d=d>�Z"d?d@�Z#dAdB�Z$dCdD�Z%dEdF�Z&dGdH�Z'dIdJ�Z(dKdL�Z)dMdN�Z*dOdP�Z+dQdR�Z,dSdT�Z-dUdV�Z.dWdX�Z/dYdZ�Z0d[d\�Z1d]d^�Z2d_d`�Z3dadb�Z4dcdd�Z5dedf�Z6dgdh�Z7didj�Z8dkdl�Z9dmdn�Z:dodp�Z;dqdr�Z<dsdt�Z=dudv�Z>dwdx�Z?dydz�Z@d{d|�ZAd}d~�ZBdd��ZCd�d��ZDd�d��ZEd�d��ZFd�d��ZGd�d��ZHd�d��ZId�d�d��
ZJd�d��ZKd�d��ZLd�d��ZMdS)��dbcheckzcheck a SAM database for errorsNFcCsR|
|_d|_
|p	|
|_||_||_||_||_d
|_d
|_d
|_	d
|_
d
|_d
|_d
|_
d
|_d
|_d
|_d
|_d
|_d
|_d
|_d
|_d
|_d
|_d
|_d
|_t�|_d
|_d
|_d
|_d
|_d
|_ d
|_!d
|_"d
|_#d
|_$d
|_%d
|_&d
|_'d
|_(d
|_)d
|_*d
|_+d
|_,||_-|	|_.|
|_/d|_0d
|_1||_2t3�4|
d|
�5��|_6t3�4|
d|
�7��|_8|
�9�|_:t3�4|
d|
�5��|_;t3�4|
|
�<��|_=i|_>t?|j�
|_@d
|_Ad
|_Bd
|_Cd
|_Dd
|_EtF�|_Gi|_Hi|_Iz*d|
�J|
�K�tLjM�}|
jN|t3jOdg
d�}tPtQjR|ddd�}
tS|
�
|jId	<Wn t3jT�
y4
}
z|jU\}}|t3jVk�
r*�WYd}~nd}~w
wtW�|_XtYd|
�Z��|_[|jjN|j=t3jOd
dgd�}d
|dv�
r]|dd
|_\nd|dv�
rl|dd|_\nd|_\|jjNdt3jOd
g
d�}g|_]g|_^g|__z	|dd
|_`Wnta�
y�


Yn
tb�
y�


Yn
w|j`D]4}z|j�Jt3�4|j|�cd�
�tLjd�}|j]�e|�

W�
q�ta�
y�


|j^�et3�4|j|�cd�
��

Y�
q�wd|j�K�}d|j�f�}|jjNt3jgddg|j�h�d|d�}ti|�
dk�r|j_�et3�4|j|�|df�

|jjNt3jgddg|j�h�d|d�}ti|�
dk�r6|j_�et3�4|j|�|df�

t3�4|jd|j�5��}tj|j|d�}t3�4|j|j�<��|k�rZd|_knd
|_k|jjNt3�4|j|j�l��t3jOdg
d�}t3�4|j|ddd�cd�
�|_m|jjN|jmt3jOdg
d�}d|dv�r�t3�4|j|ddd�cd�
�|_nnd|_nd|j�7��o�}|
jN|t3jOddg
d�}d|dv�r�tp|ddd�
|_qnd|_qg|_rg|_sz.|jjNt3jOdd d!gd"�}d |dv�r�|dd |_rd!|dv�r|dd!|_sWdSWdSt3jT�y(
}
z|jU\}}|t3jVk�r�WYd}~dSd}~w
w)#NFr
zCN=Infrastructure,zCN=Partitions,%szCN=RID Manager$,CN=System,zCN=DnsAdmins,%s�	objectSid��base�scope�attrs�	DnsAdminszmsDS-hasMasterNCs�hasMasterNCs��namingContexts�utf8zDC=DomainDnsZones,%szDC=ForestDnsZones,%s�msDS-NC-Replica-Locations�msDS-NC-RO-Replica-Locationsz$(&(objectClass=crossRef)(ncName=%s)))r"r#r!�
expression�
�ridT�serverReference�rIDSetReferencesz1CN=Directory Service,CN=Windows NT,CN=Services,%sz(objectClass=nTDSService)�tombstoneLifetime)r!r"r+r#�z@SAMBA_DSDB�compatibleFeatures�requiredFeatures)r"r!r#)t�samdb�
dict_oid_name�samdb_schema�verbose�fix�yes�quiet�remove_all_unknown_attributes�remove_all_empty_attributes�fix_all_normalisation�fix_all_duplicates�fix_all_DN_GUIDs�fix_all_binary_dn�#remove_implausible_deleted_DN_links�!remove_plausible_deleted_DN_links�$fix_all_string_dn_component_mismatch�"fix_all_GUID_dn_component_mismatch�!fix_all_SID_dn_component_mismatch� fix_all_SID_dn_component_missing�(fix_all_old_dn_string_component_mismatch�fix_all_metadata�fix_time_metadata�fix_undead_linked_attributes�fix_all_missing_backlinks�fix_all_orphaned_backlinks�fix_all_missing_forward_links�dict�duplicate_link_cache�recover_all_forward_links�
fix_rmd_flags�fix_ntsecuritydescriptor�$fix_ntsecuritydescriptor_owner_group�seize_fsmo_role�move_to_lost_and_found�fix_instancetype�"fix_replmetadata_zero_invocationid� fix_replmetadata_duplicate_attid�fix_replmetadata_wrong_attid�fix_replmetadata_unsorted_attid�fix_deleted_deleted_objects�fix_dn�fix_base64_userparameters�fix_utf8_userparameters�fix_doubled_userparameters�fix_sid_rid_set_conflict�quick_membership_checks�reset_well_known_acls�check_expired_tombstones�expired_tombstones�reset_all_well_known_acls�in_transaction�ldb�Dn�	domain_dn�infrastructure_dn�get_config_basedn�	naming_dn�get_schema_basedn�	schema_dn�rid_dn�get_dsServiceName�ntds_dsa�class_schemaIDGUIDr�
wellknown_sds�fix_all_missing_objectclass�fix_missing_deleted_objects�fix_replica_locations�fix_missing_rid_set_master�fix_changes_after_deletion_bug�set�dn_set�
link_id_cache�name_map�get_wellknown_dn�get_default_basednr�DS_GUID_USERS_CONTAINER�search�
SCOPE_BASErr�dom_sid�str�LdbError�args�ERR_NO_SUCH_OBJECTr�system_session_infor�get_domain_sid�admin_session_info�	write_ncs�deleted_objects_containers�ncs_lacking_deleted_containers�dns_partitions�ncs�KeyError�
IndexErrorr�!DS_GUID_DELETED_OBJECTS_CONTAINERr�get_root_basedn�SCOPE_ONELEVEL�get_partitions_dn�lenr�
is_rid_master�get_serverName�
server_ref_dn�
rid_set_dn�get_linearized�intr0r2r3)�selfr4r6r7r8r9r:rfrarbrc�base_dn�res�
dnsadmins_sid�e5�enum�estr�nc�dn�domaindns_zone�forestdns_zone�domain�forest�fsmo_dn�
rid_master�ntds_service_dn�e6rrr�__init__7sZ





































































�

�






��












�



�
"
�





�




�




�"

�$

�


�






��


�




��zdbcheck.__init__cCs�|jj
|
|d
g
|d�}|�dt|�
�

d}||��7}t�|_|D]}|j�t	|j
�
�

||j|j
|d�7}q"|
durB||��7}|j
dkrO|�d|j
�

|dkr[|js[|�d�

|�d	t|�
|f�

|S)
z>perform a database check, returning the number of errors foundr��r!r"r#�controlszChecking %u objectsr
)
�requested_attrsNz�NOTICE: found %d expired tombstones, 'samba' will remove them daily, 'samba-tool domain tombstones expunge' would do that immediately.z$Please use --fix to fix these errorszChecked %u objects (%u errors))r4r��reportr�� check_deleted_objects_containersry�attribute_or_class_idsrz�addr�r��check_object�
check_rootdserdr8)r��DNr"r�r#r��error_count�objectrrr�check_database�s$






�


zdbcheck.check_databasec
Cs�d
}
|jD�
]r}||j
krq|
d7}
|�d|�

|�d|d�s"qt�|jd�}|�|�

d}z0|jj|tj	ggd�
d	�}t
|�
d
kr_|d
j�d
�
}t�|jdt
t�|�
�
�}|�|�

Wn-tjy�
}
z |j\}}	|tjkrtn|�d|	�

WYd}~
dSWYd}~nd}~w
w|du
r�z|j�||gd
�
�
Wn$tjy�
}

z|
j\}}	|�d|||	f�

WYd}
~

dSd}
~
w
w|jj|tj	dg
gd�
d	�}t
|�
dkr�|�d|�


dS|d
d}g}d}
|D]'}t|j|�d�
tj�}|�|�
�
r
|�d|�

|j�d
�
}
|�t
|�
�

q�|
du
�
r$dt
t�|
�
�
}ndtj}|�d||f�

d}|jjd||fddgd�
t��}t�|jt
|d
d�
�|_t�|tjd�|d<|j|dg
d|dd��
rr|�d |�

|j �|�

q|
S)!z`This function only fixes conflicts on the Deleted Objects
        containers, not the attributesr
r,z=ERROR: NC %s lacks a reference to a Deleted Objects containerz-Fix missing Deleted Objects container for %s?ruzCN=Deleted ObjectsN)�show_deleted:1�extended_dn:1:1�show_recycled:1�reveal_internals:0r��GUIDzCN=Deleted Objects\0ACNF:%sz<Couldn't check for conflicting Deleted Objects container: %s)r��relax:0r�z;Couldn't move old Deleted Objects placeholder: %s to %s: %s�wellKnownObjects)r��
extended_dn:0r�r�z(wellKnownObjects was not found for NC %sr(z7wellKnownObjects had duplicate Deleted Objects value %sz
objectGUID: %szB:32:%s�%s:%sr&z�dn: %s
objectClass: top
objectClass: container
description: Container for deleted objects
isDeleted: TRUE
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: TRUE
systemFlags: -1946157056%sr��provision:0�
r�r�z"NC %s lacks Deleted Objects WKGUIDF�
�validatezAdded %s well known guid link)!r�rnr��confirm_allrgrhr4�add_baser�r�r�r��get_extended_componentr�rr�r�r�r��renamer
rr�DSDB_SYNTAX_BINARY_DN�is_deleted_objects_dnrr��add_ldif�Message�MessageElement�FLAG_MOD_REPLACE�	do_modifyr�)r�r�r�r��conflict_dnr��guid�e2r�r��e1�wko�listwko�proposed_objectguid�
o�dsdb_dn�guid_suffix�
wko_prefix�deltarrrr�
s�











�


�
�





���






��

�













��




�


�z(dbcheck.check_deleted_objects_containerscCs|js	t
|
�

d
Sd
S)z#print a message unless quiet is setN)r:�print)r��msgrrrr�u
s
�zdbcheck.reportcCs0|jsd
S|j
r|jS|jrd}tj|
||d�S)zconfirm a changeFT��forced�	allow_all)r8r:r9r�confirm)r�r�r�r�rrrr�z
s





zdbcheck.confirmcCs�|jsd
St
||�dkrd
St
||�dkrd}n|j}|jr |Stj|
|dd�}|dkr4t||d�
dS|dkr@t||d�
d
S|S)z(confirm a change with support for "all" F�NONE�ALLTr�)r8�getattrr9r:rr��setattr)r�r��all_attrr��
crrrr��
s"














zdbcheck.confirm_allc
Cs�|jr
|�
d
|
�

z|dtjg
}|jj|
|d�
WdStyD
}
z|jr0td||f�
�
|�
d||f�

WYd}~dSd}~w
w)z&delete dn with optional verbose outputzdelete DN %s�local_oid:%s:0r��%s : %sNFT)	r7r�r�DSDB_CONTROL_DBCHECKr4�delete�	Exceptionrfr)r�r�r�r��errrrr�	do_delete�
s



�



��zdbcheck.do_deleteTc
Cs�|d
tj
g
}|jr|�|j�|
tj��

|�d|�

z|jj|
||d�
WdSt	yP
}
z|j
r<td||f�
�
|�d||f�

WYd}~dSd}~w
w)z-perform a modify with optional verbose outputr�zcontrols: %r)r�r�r�NFT)rr�r7r�r4�
write_ldifrg�CHANGETYPE_MODIFY�modifyr�rfr)r��
mr�r�r�r�rrrr��
s




�



��zdbcheck.do_modifyc
Cs�|jr|�
d
t|
�
t|�
t|�
f�

z||}|dtjg
}|jj|
||d�
WdStyR
}
z|jr>t	d||f�
�
|�
d||f�

WYd}~dSd}~w
w)z-perform a rename with optional verbose outputzDdn: %s
changeType: modrdn
newrdn: %s
deleteOldRdn: 1
newSuperior: %sr�r�r�NFT)
r7r�r�rr�r4r�r�rfr)r��from_dn�to_rdn�to_baser�r��to_dnr�rrr�	do_rename�
s 
�


�



��zdbcheck.do_renamecCsL|
|jvr
|j|
S|j
�|
�
}|r|j
�|
�
}nd}||f|j|
<||fS�
N)r{r6�get_linkId_from_lDAPDisplayName�!get_backlink_from_lDAPDisplayName)r��attrname�linkID�revnamerrr� get_attr_linkID_and_reverse_name�
s








z(dbcheck.get_attr_linkID_and_reverse_namecCs�|�d
||
f�

|�
d||
fd�s|�d|�

dSt��}|
|_t�dtj|�||<|j|ddgd	|d
d�rC|�d|�

dSdS)
zfix empty attributeszERROR: Empty attribute %s in %sz"Remove empty attribute %s from %s?r<zNot fixing empty attribute %sNr&r�r�z#Failed to remove empty attribute %sFr�zRemoved empty attribute %s)r�r�rgr�r�r��FLAG_MOD_DELETEr�)r�r�r�r�rrr�err_empty_attribute�
s






��zdbcheck.err_empty_attributec
CsN
|�d
||
f�

g}|D];}|j
�|j||g
�}t|�
dkr.|�d|�

|�|df�

q
|d|krH|�d||df�

|�||df�

q
|�d||
fd�s\|�d	|�

d
St��}|
|_	t
dt|�
�D]$}||\}}	t�|tj|�|d|<|	dkr�t�|	tj
|�|d|<qj|j|d
dgd|dd�r�|�d|�

d
Sd
S)z?fix attribute normalisation errors, without altering sort orderz1ERROR: Normalisation error for attribute %s in %sr,zUnable to normalise value '%s'r&r
zvalue '%s' should be '%s'z!Fix normalisation for %s from %s?r=zNot fixing attribute %sNzvalue_%uznormv_%ur�r�� Failed to normalise attribute %sFr��Normalised attribute %s)r�r4�dsdb_normalise_attributesr6r�rr�rgr�r��ranger�r
�FLAG_MOD_ADDr�)
r�r�r��values�mod_list�val�
normalisedr��
i�nvalrrr�err_normalise_mismatch�
s@




�




�










��

��zdbcheck.err_normalise_mismatchcCs�|j�
|j||�}t|�
|krd
S|�d||
f�

|�d|t|�
f�

|�d||
fd�s8|�d|�

d
St��}|
|_t�	|tj
|�||<|j|ddgd	|d
d�r_|�d|�

d
Sd
S)
z.fix attribute normalisation and/or sort errorsNz5ERROR: Normalisation error for attribute '%s' in '%s'z0Values/Order of values do/does not match: %s/%s!z%Fix normalisation for '%s' from '%s'?r=�Not fixing attribute '%s'r�r�r
Fr�r
)r4r
r6�listr�r�rgr�r�r�r�r�)r�r�r�r	
r
r�rrr�err_normalise_mismatch_replaces"









��z&dbcheck.err_normalise_mismatch_replacecCs�|�d
||
f�

|�dt
|�
t
|�
f�

|�d||
fd�s)|�d|�

dSt��}|
|_t�|tj|�||<|j|ddgd	|d
d�rP|�d|�

dSdS)
zfix duplicate attribute valuesz2ERROR: Duplicate values for attribute '%s' in '%s'z&Values contain a duplicate: [%s]/[%s]!z"Fix duplicates for '%s' from '%s'?r>r
Nr�r�z0Failed to remove duplicate value on attribute %sFr�z'Removed duplicate value on attribute %s)	r�rr�rgr�r�r�r�r�)r�r�r��
dup_valuesr	
r�rrr�err_duplicate_valuess 

�





��zdbcheck.err_duplicate_valuescCs|
jd
t
jkS)z2see if a dsdb_Dn is the special Deleted Objects DNzB:32:%s:)�prefixrr�)r�r�rrrr�*szdbcheck.is_deleted_objects_dncCsf|�d
|
|j
�|
�
f�

|�d|
d�s|�d|
�

dS|�|
dg
d|
�r1|�d|
�

dSdS)	z!handle object without objectclassz�ERROR: missing objectclass in object %s.  If you have another working DC, please run 'samba-tool drs replicate --full-sync --local <destinationDC> <sourceDC> %s'zIIf you cannot re-sync from another DC, do you wish to delete object '%s'?rtz1Not deleting object with missing objectclass '%s'Nr��Failed to remove DN %s�
Removed DN %s)r�r4�get_nc_rootr�r��r�r�rrr�err_missing_objectclass.s





��zdbcheck.err_missing_objectclasscCs�|s#|�d
||
|f�

|�dt
|�
�

|�dd�s"|�d�

dSn |�d||
|f�

|�dt
|�
�

|�dd	�sC|�d�

dSt��}|
|_t�|tj|�|d
<|�|ddt	j
gd
|�rk|�d|�

dSdS)z(handle a DN pointing to a deleted objectz4ERROR: target DN is deleted for %s in object %s - %sz#Target GUID points at deleted DN %rzRemove DN link?rAzNot removingNz6WARNING: target DN is deleted for %s in object %s - %szRemove stale DN link?rB�	old_valuer�r�z(Failed to remove deleted DN attribute %sz"Removed deleted DN on attribute %s)r�r�r�rgr�r�r�r
r�r� DSDB_CONTROL_REPLMD_VANISH_LINKS)r�r�r�r
r��
correct_dn�remove_plausibler�rrr�err_deleted_dn8s,





�








���zdbcheck.err_deleted_dnc

Cs�
t|
�
�
d
�
dkr|�d||
|f�

|�d�

dS|�|�
\}}|d@dkr�t|�
�
d
�
dkr�|�|�
\}}|du
rL|�d||
|f�

|�d	�

dS|j�|
�
}z	|j�|j�
}	Wn tjy{
}

z|
j	\}}|tj
kro�d}	WYd}
~
nd}
~
w
w|	dur�|�d
||j|
|f�

|�d�

dS||	kr�|�d||
|f�

|�d
�

dS|�d||
|f�

|�|
||||d�
dS|�d||
|f�

|�|
||||d�
dS)zxhandle a missing target DN (if specified, GUID form can't be found,
        and otherwise DN string form can't be found)z\0ADEL���zTWARNING: no target object found for GUID component link %s in deleted object %s - %sz`Not removing dangling one-way link on deleted object (tombstone garbage collection in progress?)r
r,Nz`WARNING: no target object found for GUID component for one-way forward link %s in object %s - %sz"Not removing dangling forward linkzeWARNING: no target object found for GUID component for link %s in object to %s outside our NCs%s - %szhNot removing dangling one-way left-over link outside our NCs (we might be building a renamed/lab domain)z`WARNING: no target object found for GUID component for cross-partition link %s in object %s - %szPNot removing dangling one-way cross-partition link (we might be mid-replication)zTWARNING: no target object found for GUID component for DN value %s in object %s - %sTzNERROR: no target object found for GUID component for link %s in object %s - %sF)r��findr�r

r4r
r�rgr�r�r�r
)
r�r�r�r
r�r��
_�reverse_link_name�nc_root�target_nc_root�
er�r�rrr�err_missing_target_dn_or_GUIDOsd�

�
�










���
�
�

��
z%dbcheck.err_missing_target_dn_or_GUIDc
Csp
|�d
|||
|f�

ddg}z|j
jt|j�
tjg|d�}Wn1tjyP
}
z$|j\}	}
|�d|j|
f�

|	tj	kr=�|�
|
|||�
WYd}~dSd}~w
wt|�
dkri|�d|j�

|�
|
|||�
dS|dj|_|�d	t|�
d
�s�|�d|�

dSt�
�}|
|_t�|tj|�|d<t�t|�
tj|�|d
<|�|dg
d||f�r�|�d||f�

dSdS)z+handle a missing GUID extended DN componentz,ERROR: %s component for %s in object %s - %sr�r�r�z&unable to find object for DN %s - (%s)Nr
zunable to find object for DN %s�Change DN to %s?r?�
Not fixing %sr
�	new_value� Failed to fix %s on attribute %s�Fixed %s on attribute %s)r�r4r�r�r�rgr�r�r�r�r'
r�r�r�r�r
r
r�)r�r�r�r
r��errstrr�r��e7r�r�r�rrr�err_missing_dn_GUID_component�s@




�







��












��z%dbcheck.err_missing_dn_GUID_componentcCs�|�d
|||
|f�

|�
dt|�
d�s|�d|�

dSt��}|
|_t�|tj|�|d<t�t|�
tj|�|d<|�	|dg
d	||f�rR|�d
||f�

dSdS)z'handle an incorrect binary DN componentz3ERROR: %s binary component for %s in object %s - %sr(
r@r)
Nr
r*
r�r+
r,
)
r�r�r�rgr�r�r�r
r
r�)r�r�r�r
r�r-
r�rrr�err_incorrect_binary_dn�s








��zdbcheck.err_incorrect_binary_dncCs�|�d
||
|f�

||_
|�dt|�
d�s|�d�

dSt��}|
|_
t�|tj|�|d<t�t|�
tj|�|d<|�	|dd	t
jgd
|�rR|�d|�

dSdS)z<handle a DN string being incorrect due to a rename or deletezPNOTE: old (due to rename or delete) DN string component for %s in object %s - %sr(
rGzNot fixing old string componentNr
r*
r��local_oid:%s:1z+Failed to fix old DN string on attribute %sz#Fixed old DN string on attribute %s)r�r�r�r�rgr�r�r
r
r�r�%DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME)r�r�r�r
r�r
r�rrr�err_dn_string_component_old�s$

�







���z#dbcheck.err_dn_string_component_oldcCs�|�d
|||
|f�

||_
|�dt|�
d|�s#|�d|�

dSt��}|
|_
t�|tj|�|d<t�t|�
tj|�|d<|�	|dg
d	||f�rW|�d
||f�

dSdS)z"handle a DN string being incorrectz9ERROR: incorrect DN %s component for %s in object %s - %sr(
z fix_all_%s_dn_component_mismatchz Not fixing %s component mismatchNr
r*
r�z-Failed to fix incorrect DN %s on attribute %sz%Fixed incorrect DN %s on attribute %s)
r�r�r�r�rgr�r�r
r
r�)r�r�r�r
r�r
�
mismatch_typer�rrr� err_dn_component_target_mismatch�s 

�








��z(dbcheck.err_dn_component_target_mismatchcCs�|�d
||
|f�

t
|j�
dkr|�d�

dSt�|j|j���}|�d|�
|�	d|��d�s9|�d�

dS|�
d	�
}t�|jd
�}|�d	|�
|�d|�
t��}	|
|	_t�|��tj
|�|	d<dd
tjg}
|�|	|
d|�r}|�d|�

dSdS)z*fix missing <SID=...> on linked attributesz8ERROR: missing DN SID component for %s in object %s - %sr
z3Not fixing missing DN SID on DN+BINARY or DN+STRINGN�SIDr(
rFz#Not fixing missing DN SID componentr�r&r*
r�r1
z,Failed to ADD missing DN SID on attribute %sz$Fixed missing DN SID on attribute %s)r�r�r
rgrhr4r��extended_str�set_extended_componentr�r�r�r�r
r�$DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SIDr�)r�r�r�r
r��target_sid_blobr
�target_guid_blob�guid_sid_dnr�r�rrr�#err_dn_component_missing_target_sid�s4




�








�
��z+dbcheck.err_dn_component_missing_target_sidcCs�|�d
||
j
f�

|�d|d�s|�d|�

dSt��}|
j
|_
t�gtj|�|d<|�|ddgd	|�rA|�d
|�

dSdS)z!handle an unknown attribute errorz#ERROR: unknown attribute '%s' in %szRemove unknown attribute %sr;zNot removing %sNr
r�r�z%Failed to remove unknown attribute %szRemoved unknown attribute %s)r�r�r�rgr�r�r
r�)r��objr�r�rrr�err_unknown_attributes







��zdbcheck.err_unknown_attributecCs�|�d
|||
j
f�

|�d|d�s|�d|�

dSt��}|
j
|_
t�|tj|�|d<|�|ddd	d
tj	gd|�rG|�d|�

dSdS)
z:handle a link that should not be there on a deleted objectzDERROR: linked attribute '%s' to '%s' is present on deleted object %szRemove linked attribute %srJz Not removing linked attribute %sNr
r�r�r�r�z Failed to delete forward link %szFixed undead forward link %s)
r�r�r�rgr�r�r
r�rr
)r�r>
r�r
r�rrr�err_undead_linked_attribute$s 

�





���z#dbcheck.err_undead_linked_attributecCs�|�d
||||
j
f�

|�d|d�s|�d|�

dSt��}||_
t�|tj|�|d<|�|ddgd	|�rB|�d
|�

dSdS)zhandle a missing backlink valuez>ERROR: missing backlink attribute '%s' in %s for link %s in %szFix missing backlink %srKzNot fixing missing backlink %sNr*
r�r�z!Failed to fix missing backlink %szFixed missing backlink %s)r�r�r�rgr�r�r
r�)r�r>
r�r
�
backlink_name�	target_dnr�rrr�err_missing_backlink4s







��zdbcheck.err_missing_backlinkcCs�t|j
�d
�
�
}|�d|||
j
|j
��f�

|�d|d�s(|�d|�

dSt��}|
j
|_
t�t	|�
tj
|�|d<|�|gd�
d	|�rP|�d
|�

dSdS)z"handle a incorrect RMD_FLAGS value�	RMD_FLAGSzHERROR: incorrect RMD_FLAGS value %u for attribute '%s' in %s for link %szFix incorrect RMD_FLAGS %urQz!Not fixing incorrect RMD_FLAGS %uNr
)r�r��show_deleted:0z$Failed to fix incorrect RMD_FLAGS %uzFixed incorrect RMD_FLAGS %u)r�r�r�r�r7
r�rgr�r�r�r
r�)r�r>
r��revealed_dn�	rmd_flagsr�rrr�err_incorrect_rmd_flagsAs








��zdbcheck.err_incorrect_rmd_flagsc	Cs�|d
ur|�|||�r|�
dd||
||f�

dS|�
d||
||f�

|�d|d�s6|�
d|�

dSt��}|
|_t�|tj|�|d	<|�|d
dgd|�r[|�
d
|�

dSdS)z handle a orphaned backlink valueTz*WARNING: Keep orphaned backlink attribute z"'%s' in '%s' for link '%s' in '%s'Nz?ERROR: orphaned backlink attribute '%s' in %s for link %s in %szRemove orphaned backlink %srLz!Not removing orphaned backlink %srr�r�z"Failed to fix orphaned backlink %szFixed orphaned backlink %s)	�has_duplicate_linksr�r�rgr�r�r�r
r�)	r��obj_dn�
backlink_attr�backlink_valrB
�forward_attr�forward_syntax�check_duplicatesr�rrr�err_orphaned_backlinkOs&


��








��zdbcheck.err_orphaned_backlinkcCs�|�d
||
j
f�

|�d|d�s|�d||
j
f�

dSt��}|
j
|_
t�|tj|�|d<|�|dtj	g
d|�r[|�d	|�

d
t
|
j
�
|f}||jvsTJ�
d|j|<dSdS)zhandle a duplicate links valuezPRECHECK: 'Missing/Duplicate/Correct link' lines above for attribute '%s' in '%s'zDCommit fixes for (missing/duplicate) forward links in attribute '%s'rPzPNot fixing corrupted (missing/duplicate) forward links in attribute '%s' of '%s'Nrr1
z/Failed to fix duplicate links in attribute '%s'z'Fixed duplicate links in attribute '%s'r�F)r�r�r�rgr�r�r�r�r�(DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKSr�rO)r�r>
rM
�forward_valsr��duplicate_cache_keyrrr�err_recover_forward_linkscs"

�




�


�z!dbcheck.err_recover_forward_linkscCs�|�d
|
j
�

|jjdtjdg
d�}t|�
dksJ�
t|ddd�
}|�d|
j
|fd�s<|�d	|
j
|f�

d
St�	�}|
j
|_
t�
|tjd�|d<|�|gd
|
j
|f�rf|�d|
j
|f�

d
Sd
S)zhandle a missing fSMORoleOwnerz*ERROR: fSMORoleOwner not found for role %sr&�
dsServiceName)r"r#r,r
z8Seize role %s onto current DC by adding fSMORoleOwner=%srTz>Not Seizing role %s onto current DC by adding fSMORoleOwner=%sN�
fSMORoleOwnerrzBFailed to seize role %s onto current DC by adding fSMORoleOwner=%sz9Seized role %s onto current DC by adding fSMORoleOwner=%s)
r�r�r4r�rgr�r�r�r�r�r�r
r�)r�r>
r��serviceNamer�rrr�err_no_fsmoRoleOwnervs"

�








��zdbcheck.err_no_fsmoRoleOwnerc
CsX
|�d
|
j
�

|�d|
j
d�s|�d|
j
�

dSd}|j��
zp|j�|
j
�
}|j�|tj�}t	�
|jt|
j
�
�}|�t
|�
d�

|�|
j
||dd	gd
|
j
||f�r�|�d|
j
||f�

t	��}|
j
|_
t	�t|
j
���
t	jd�|d<|�|gd
||�r�|�d||�

d}Wn	


|j��
�|r�|j��
dS|j��
dS)zhandle a missing parentz%ERROR: parent object not found for %sz!Move object %s into LostAndFound?rUz&Not moving object %s into LostAndFoundNFr,rE
r�z2Failed to rename object %s into lostAndFound at %sz)Renamed object %s into lostAndFound at %s�lastKnownParentz:Failed to set lastKnownParent on lostAndFound object at %sz0Set lastKnownParent on lostAndFound object at %sT)r�r�r�r4�transaction_startr
r}r�DS_GUID_LOSTANDFOUND_CONTAINERrgrhr��remove_base_componentsr�r�r�r��parentr�r��transaction_cancel�transaction_commit)r�r>
�keep_transactionr$
�lost_and_found�new_dnr�rrr�err_missing_parent�s<











�



�
�




zdbcheck.err_missing_parentc
	Cs�t�
|jt|�
�}|�t|�
d
�

|��}d}	||kr$|	d||f7}	|	d|7}	|�d|
j|	|f�

|�	d|
j|fd�sL|�d|
j|f�

d	S|�
|
j|||d
|
j|f�rg|�d|
j|f�

d	Sd	S)zhandle a wrong dnr,r&z%s=%r zname=%rz!ERROR: wrong dn[%s] %s new_dn[%s]zRename %s to %s?r\zNot renaming %s to %sNz"Failed to rename object %s into %szRenamed %s into %s)rgrhr4r�r\
r�r]
r�r�r�r�)
r�r>
rb
�rdn_attr�rdn_val�name_valr��new_rdn�
new_parent�
attributesrrr�err_wrong_dn�s 








��zdbcheck.err_wrong_dncCs�|�d
|
d|
j
|f�

|�d|
d||
j
fd�s*|�d|
d||
j
f�

dSt��}|
j
|_
t�t|�
tjd�|d<|�|dt	j
g
d	|
j
|f�rZ|�d
|
j
|f�

dSdS)zhandle a wrong instanceTypez0ERROR: wrong instanceType %s on %s, should be %d�instanceTypez(Change instanceType from %s to %d on %s?rVz-Not changing instanceType from %s to %d on %sNrr�zGFailed to correct missing instanceType on %s by setting instanceType=%dz7Corrected instancetype on %s by setting instanceType=%d)r�r�r�rgr�r�r�r�r�r�&DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA)r�r>
�calculated_instancetyper�rrr�err_wrong_instancetype�s






��zdbcheck.err_wrong_instancetypecCs"|�d
|
j
|j�|
j
�
f�

dS)Nz�ERROR: incorrect userParameters value on object %s.  If you have another working DC that does not give this warning, please run 'samba-tool drs replicate --full-sync --local <destinationDC> <sourceDC> %s'�r�r�r4r
)r�r>
r�rrrr�err_short_userParameters��"z dbcheck.err_short_userParameterscCs�|�d
||
j
f�

|�d|
j
d�s|�d|
j
�

dSt��}|
j
|_
t�t|
|d�
tjd�|d<|�|gd	|
j
�rI|�d
|
j
�

dSdS)z6handle a userParameters that is wrongly base64 encodedzNERROR: wrongly formatted userParameters %s on %s, should not be base64-encodedz2Convert userParameters from base64 encoding on %s?r]z6Not changing userParameters from base64 encoding on %sNr
�userParametersrzOFailed to correct base64-encoded userParameters on %s by converting from base64zGCorrected base64-encoded userParameters on %s by converting from base64)	r�r�r�rgr�r�rr�r��r�r>
r�rr�rrr�err_base64_userParameters�s



 


��z!dbcheck.err_base64_userParameterscC�|�d
|
j
�

|�d|
j
d�s|�d|
j
�

dSt��}|
j
|_
t�|
|d�d�
�d�
tjd	�|d
<|�	|gd|
j
�rK|�d|
j
�

dSdS)
z5handle a userParameters that is wrongly utf-8 encodedzPERROR: wrongly formatted userParameters on %s, should not be pseudo-UTF8 encodedz0Convert userParameters from UTF8 encoding on %s?r^z4Not changing userParameters from UTF8 encoding on %sNr
r(�	utf-16-lerr
rzQFailed to correct psudo-UTF8 encoded userParameters on %s by converting from UTF8zICorrected psudo-UTF8 encoded userParameters on %s by converting from UTF8�
r�r�r�rgr�r�r�encoder�r�rs
rrr�err_utf8_userParameters�s 
�




�
��zdbcheck.err_utf8_userParameterscCru
)
z:handle a userParameters that has been utf-16 encoded twicezQERROR: wrongly formatted userParameters on %s, should not be double UTF16 encodedz:Convert userParameters from doubled UTF-16 encoding on %s?r_z>Not changing userParameters from doubled UTF-16 encoding on %sNr
rv
r(rr
rzJFailed to correct doubled-UTF16 encoded userParameters on %s by convertingzBCorrected doubled-UTF16 encoded userParameters on %s by convertingrw
rs
rrr�err_doubled_userParameters�s




�
��z"dbcheck.err_doubled_userParameterscCs"|�d
|
j
|j�|
j
�
f�

dS)z?Fix a truncated userParameters due to a pre 4.1 replication bugz�ERROR: incorrect userParameters value on object %s (odd length).  If you have another working DC that does not give this warning, please run 'samba-tool drs replicate --full-sync --local <destinationDC> <sourceDC> %s'Nro
)r�r>
r�rrr�err_odd_userParameters	rq
zdbcheck.err_odd_userParametersc	Csn|jj
|
tj|g
gd
�
d�}|j�|�
}|d|D]}t|j|�d�
|�}|j�	d�
}||kr4|
SqdS)z#return a revealed link in an object)rE
r�r�r�r
r(r�N)
r4r�rgr�r6�#get_syntax_oid_from_lDAPDisplayNamer
rr�r�)	r�r�r�r�r��
syntax_oidr
r��guid2rrr�find_revealed_link
s
�




�zdbcheck.find_revealed_linkcCsd
}t�}t�}|d@r|||fS|dur|||fSdt
|
j�
|f}	|	|jv
r-d|j|	<|
|D]�}
t|j|
�d�
|�}|j�d�
}|durHq1t
t�	|�
�
}
|
|j
}||v
r]|||<q1|d7}||v
rwt�||<d||d<t�||d	<t||j�d
�
�
}t|j�d
�
�
}||kr�||||d<||d	�
|�

q1||kr�|||d<||d	�
||�

|||<q1t||j�d�
�
}t|j�d�
�
}||kr�||||d<||d	�
|�

q1|||d<||d	�
||�

|||<q1|d
k�
r
d|j|	<|||fS)
�1check a linked values for duplicate forward linksr
r,Nr�Fr(r��keepr��RMD_VERSION�
RMD_LOCAL_USNT)rNr�r�rOr
r4rr�rr�r
r
r�r)r�r>
rM
rN
�forward_linkIDrK
r��duplicate_dict�unique_dictrS
r
r�r��guidstr�keystr�v1�v2�u1�u2rrr�check_duplicate_linkss`













































zdbcheck.check_duplicate_linksc
Cs�d
}dt|
�
|f}||j
vr|j
|S|�|�
\}}|g
}ddg}	z|jjt|
�
tj||	d�}
WntjyP
}
z|j\}}
|tj	krE�WYd}~dSd}~w
w|
d
}|�
|||||�\}}}||j
vrk|j
|SdS)r�
r
r�r�r�r�NF)r�rOr

r4r�rgr�r�r�r�r�
)r�r�rM
rN
r�rS
r�
rK
r#r�r��e8r�r�r>
r�
r�
rrrrI
Zs0







�




���


zdbcheck.has_duplicate_linksc 
Csg}d
}|dur||fS|tj
kr|�d|�

||fSd|jvr*|�d�

||fSz$|
dd
}tttj|��
}	d||	f}
|jj	|
tj
dg
gd�
d	�}Wntjya
}
z|j\}
}�d}~w
w|D]�}t
|j|j��|�}|j�d
�
}tt�|�
�
}||vr�qdttj|
dd
�}|jjD]}|j}|j}|jtjkr�
n
q�t�d�
}d
}|}|}d
}|}|}|}d
}|j�dt|�
�
|j�dt|�
�
|j�dt|�
�
|j�dt|�
�
|j�dt|�
�
|j�dt|�
�
|j�dt|�
�
|d
7}|�|�

qd||fS)zMFind all backlinks linking to obj_guid_str not already in forward_unique_dictr
Nz5Not checking for missing forward links for syntax: %s�sortedLinkszQNot checking for missing forward links because the db has the sortedLinks feature�
objectGUIDz(%s=<GUID=%s>))r��search_options:1:2zpaged_results:1:1000)r+r"r#r�r��replPropertyMetadataz$ffffffff-4700-4700-4700-000000b13228r,�RMD_ADDTIME�RMD_CHANGETIMErD
�RMD_INVOCID�RMD_ORIGINATING_USNr�
r�
)rg�	SYNTAX_DNr�r2r�rrr�r4r��
SCOPE_SUBTREEr�r�r
r�r7
r�r	�replPropertyMetaDataBlob�ctr�array�	local_usn�originating_change_time�attidr�DRSUAPI_ATTID_objectClassr8
rr) r�r>
rM
rN
rK
�forward_unique_dict�missing_forward_linksr��obj_guid�obj_guid_str�filterr��e9r�r��
rrB
r�r�
�replr�r�
�
t�originating_invocid�originating_usn�rmd_addtime�rmd_changetimerG
�rmd_invocid�rmd_originating_usn�
rmd_local_usn�rmd_versionrrr�)find_missing_forward_links_from_backlinks{sv




�








�


��





�



�














z1dbcheck.find_missing_forward_links_from_backlinksc5Cs�d
}|
dd
}|�|�
\}}|du
r|j
�|�
}nd}|dv}	|	r(|jr(i}
n|�|
||||�\}}
}t|
�
d
kr�|�|
||||�\}}
||
7}dd�|��D�
}|
d
kra|�d||
j	f�

n
|�d||
j	f�

|D](}|�d	|�

|�
d
|d�s�|j|j	||
j	��|
j	||dd
�
qm||g
7}qm|
�
�D]}|
|}|dD]	}|�d|�

q�|�d|d�

q�dd�t|�
D�
}|�|
||�
t�|d
|�|
|<|
|D�]�}t|j|�d�
|�}|j	�d�
}|dur�|d7}|�|
j	|||d�
q�tt�|�
�
}ddg}t|�
��dk�
r|
j	|jk�
rd}|�d�

nd}|du
�
r*|�|�

z|jjd|tj|gd�
d�}Wn+tj�
yf
}
z|j \}}|tj!k�
rQ�||�"|
j	|||�7}WYd}~q�d}~w
w|�
r�dt#|d
dd
�
|_$d t#|d
dd
�
|_%t|�
t|�
k�
r�|d7}|�&|
j	|||d!�
q�d|
v�
o�t|
dd
�
�'�d"k}d|d
v�
o�t|d
dd
�
�'�d"k}|�
r�|
j	|j(v
�
r�|�
r�|�)|
||�
|d7}q�|�rG|�*|�
�sG|�rG|d7}|j	�d#�
} | �r8d|d
v�r8t+t,j-|d
d$d
�}!d}"|!j.j/D]}#|#j0t1j2k�r$|#j3}$|$t#| �
k�r$d}"
n�q
|"�r8|�4|
j	||||d
j	d�
q�|�4|
j	||||d
j	d�
q�|j	�d%�
}%d
}&|%du
�rXt#|%�
}&|&d@�s�|du
�r�t|d
j	�
t|j	�
k�r�|d7}|�5|
j	||||d
j	d&�
q�|d
j	�d�
|j	�d�
k�r�|d7}|�5|
j	||||d
j	d�
q�|d
j	�d'�
}'|j	�d'�
}(|(du�r�|'du
�r�|d7}|�6|
j	||||'�
q�|(|'k�r�|d7}|�5|
j	||||d
j	d'�
q�|du�r|d
k�rt|d
j	�
t|j	�
k�r|j$|j	�7�})|�8|
j	||)||d
j	�
q�|	�r|j�rq�d
}*||d
v�r[|d
|D]3}+t|j|+�d�
�},|,j	�d�
}-|,j	�d%�
}.d
}/|.du
�rIt#|.�
}/|/d@�rP�q'|-|k�rY|*d7}*�q'|*dk�r�|t9j:k�sl|t9j:k�r�|d@�s�d
}0|
|D]}1t|j|1�d�
�j	�d�
}2|2|k�r�|0d7}0�qw|*|0k�r�q�d
}3|
|D]3}+t|j|+�d�
�},|,j	�d�
}-|,j	�d%�
}.d
}/|.du
�r�t#|.�
}/|/d@�rƐq�|-|k�r�|3d7}3�q�|*|3k�r�q�|3|*}4|d@�r
|*d
k�r�|d7}|�|
j	|||j	||�
q�|�d(||3t|
j	�
||*t|j	�
f�

q�|�rJ�
|�d)||3t|
j	�
||*t|j	�
f�

|4d
k�rq|d7}|4d
k�rW|*d
k�s:|4dk�rE|�d*t|j	�
�

n,|�;|
||
j	��||j	�
|4d8}4n|�|d
j	||
j	��|
j	||�
|4d7}4|4d
k�s'q�|S)+z$check a DN attribute for correctnessr
r�
N)�member�memberOfc
Ssg|]}
|
�qSrr��.0r�rrr�
<listcomp>�sz$dbcheck.check_dn.<locals>.<listcomp>zKERROR: Missing and duplicate forward link values for attribute '%s' in '%s'z?ERROR: Duplicate forward link values for attribute '%s' in '%s'zMissing   link '%s'z7Schedule readding missing forward link for attribute %srMF)
rO
r�zDuplicate link '%s'zCorrect   link '%s'r�
c
S�g|]}
t|
�
�qSr�
r�r�
rrrr�
�r(r�r,zmissing GUID�	isDeleted�replPropertyMetaDatazmsds-hasinstantiatedncsTrk
�	<GUID=%s>)r�r�r�r�z	B:8:%08X:z%08Xz(incorrect instanceType part of Binary DN�TRUEr�
r�
rD
�stringr6
zHWARNING: Link (back) mismatch for '%s' (%d) on '%s' to '%s' (%d) on '%s'zIERROR: Link (forward) mismatch for '%s' (%d) on '%s' to '%s' (%d) on '%s'z5ERROR: Can't fix missing multi-valued backlinks on %s)<r

r6r|
rar�
r�r�
r	
r�r�r�rP
r7
�keys�sortedrT
rgr�r
r4rr�r/
r�rr��lowerrqrr�r�r�r�r�r'
r�r
�binaryr0
�upperr�r@
r�rr	r�
r�
r�
r�
r�DRSUAPI_ATTID_isDeletedr�
r
r5
r=
r�r3
rr�rC
)5r�r>
r�r}
r�r�
r�r#
�reverse_syntax_oid�is_member_linkr�
r�
r�
�missing_error_count�
forward_linksr�r�
�
d�ddrr
r�r�r�
r#�fixing_msDS_HasInstantiatedNCsr��e3r�r��
is_deleted�target_is_deletedr�
r�
�
found_datar��deleted_usn�rmd_blobrG
�
target_sid�link_sid�bad_dn�match_count�
v�v_dn�v_guid�v_blob�v_rmd_flags�
forward_count�
w�w_guid�expected_count�
diff_countrrr�check_dn�s�








��


��


�




�



�











�
 







�







���




"*








�




�


�









�



�




�





�
	$



�















�








�
















�









�

�


�





�



�


�
��zdbcheck.check_dncCs$|
jj
D]}|j|kr|
SqdSr�)r�
r�
r�
)r�r�
r�
r�rrr�find_repl_attids




�zdbcheck.find_repl_attidcCs*tt
j|
�}|�||�}|d
u
r|jSdS)z�Read metadata properties and return the originating time for
           a given attributeId.

           :return: the originating time or 0 if not found
        Nr
)rr	r�
r�
r�
)r�r
r�
r�
r�rrr�get_originating_times




zdbcheck.get_originating_timecCs�t�}t�}g}|
�
|j�
}ttj|�}|jjD])}|j�	|j
�
}	|�|	���

|�
|j
�

|jj|	|d
�}
|
|j
krA|�|j
�

q|||fS)zgRead metadata properties and list attributes in it.
           raises KeyError if the attid is unknown.�
�is_schema_nc)ry�is_child_ofrnrr	r�
r�
r�
r6�get_lDAPDisplayName_by_attidr�
r�r�
r�get_attid_from_lDAPDisplayName)r�r�r
�set_att�wrong_attids�
list_attid�in_schema_ncr�
r��att�
correct_attidrrr�process_metadatas 







�

�
zdbcheck.process_metadatacCs�tt
tj|
d
d��
}t�|jd|�}|jj|tj|g
ddgd�}|d}t�	�}||_
t�||tj|�||<|�
|gd�
d|�rN|�d	|�

d
Sd
S)z�re-write replPropertyMetaData elements for a single attribute for a
        object. This is used to fix missing replPropertyMetaData elementsr�
r
r�
r�
r�r�)r�r�r��'Failed to fix metadata for attribute %szFixed metadata for attribute %sN)r�rrr�rgrhr4r�r�r�r�r�r�r�r�)r�r>
�attr�guid_strr�r�r��nmsgrrr�fix_metadata5s 



��




��zdbcheck.fix_metadatacCs�|
jt
j@rdSd
}|
jt
jkrd}n|
jt
jkrd}n|
jt
jkr%d}n|
jt
jkr-d}|s1dS|
jjt
j	@s:dSt
|
jj�
S)NFT)�flagsr�SEC_ACE_FLAG_INHERIT_ONLY�type�"SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT�!SEC_ACE_TYPE_ACCESS_DENIED_OBJECT� SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT� SEC_ACE_TYPE_SYSTEM_ALARM_OBJECTr��%SEC_ACE_INHERITED_OBJECT_TYPE_PRESENTr��inherited_type)r��ace�checkrrr� ace_get_effective_inherited_typeEs 











z(dbcheck.ace_get_effective_inherited_typecCs\|
|jvr
|j|
Sd
|
}|j
j|j|dg
d�}tttj|ddd��
}||j|
<|S)Nz0(&(ldapDisplayName=%s)(objectClass=classSchema))�schemaIDGUID)r!r+r#r
)rrr4r�rnr�rrr�)r��cls�fltr�r�
rrr�lookup_class_schemaIDGUID[s







�

z!dbcheck.lookup_class_schemaIDGUIDc
CsLd
}||}tt
j|d�}d|vot|dd�
��dk}|r$|dfSt
��}|j|_|j|_|j|_|j|_d}d}	g}
|j	du
rG|j	j
}
tdt|
�
�D])}|
|}|j
t
j@s`|�|�

qN|�|�
}
|
durjqN|	du
ru|
|	krtd}qN|
}	qNg}
|jdu
r�|jj
}
tdt|
�
�D])}|
|}|j
t
j@s�|�|�

q�|�|�
}
|
dur�q�|	du
r�|
|	kr�d}q�|
}	q�|r�||fS|	dur�|dfSd}z|dd}Wnty�
}
zWYd}~nd}~w
w|du�
r|jj|
tjddgd	g
d
�}|d}d|v�
ot|dd�
��dk}|�
r|dfS|dd}|�|�
}
|
|	k�
r"||fS|dfS)N�nTSecurityDescriptorr
r�
r�
FT�objectClassr 
r�r�)rr�
descriptorr�r�
�	owner_sid�	group_sidr�
�revision�sacl�acesr
r�r�
�SEC_ACE_FLAG_INHERITED_ACE�sacl_addr�
�dacl�dacl_addr�r4r�rgr�r)r�r�r>
�sd_attr�sd_val�sdr�
�sd_clean�broken�last_inherited_typerr

r�
r�
r
r&
r�r�rrr�
process_sdhs�

 




































��



�"




zdbcheck.process_sdcCs�d
}t|�
}t
jt
jB}|�d||
fd�s!|�d||
f�

dSt��}|
|_t�	|tj
|�||<|�|d|g
d|�rI|�d||
f�

dSdS)	z/re-write the SD due to incorrect inherited ACEsrz
Fix %s on %s?rR�Not fixing %s on %s
N�
sd_flags:1:%d�Failed to fix attribute %s�Fixed attribute '%s' of '%s'
)rr�SECINFO_DACL�SECINFO_SACLr�r�rgr�r�r�r�r�)r�r�r�	sd_brokenrr�sd_flagsr�
rrr�err_wrong_sd�s







��zdbcheck.err_wrong_sdcCs�d
}t|�
}t
jt
jB}|jdu
r|t
jO}|jdu
r |t
jO}|�d||
|fd�s6|�	d||
f�

dSt
��}|
|_t
�
|t
j|�||<|�|d|g
d|�r^|�	d||
f�

dSdS)	zare-write the SD due to not matching the default (optional mode for fixing an incorrect provision)rNz,Reset %s on %s back to provision default?
%srezNot resetting %s on %s
rzFailed to reset attribute %sr)rrrrr�
SECINFO_OWNERr�
SECINFO_GROUPr�r�rgr�r�r�r�r�)r�r�r�diffrrrr�rrr�err_wrong_default_sd�s$















��zdbcheck.err_wrong_default_sdcCs�d
}t|�
}t
jt
jB}|�d||
fd�s!|�d||
f�

dSt��}|
|_t�	|tj
|�||<|j�|j
�

|�|d|g
d|�rN|�d||
f�

|j�|j�

dS)	z/re-write the SD due to a missing owner or grouprz'Fix missing owner or group in %s on %s?rSz+Not fixing missing owner or group %s on %s
Nrr�
r)rrr r!r�r�rgr�r�r�r�r4�set_session_infor�r�r�)r�r�rrrrr�
rrr�err_missing_sd_owner�s








�
zdbcheck.err_missing_sd_ownerc
Cs
|jrd
S|
|j
vrd
Sttj|�}|�|tj�}t�	|j
�
}t��}|jd}||}||k
r2d
S||}	|d}
|
dk
rT|�
d|
�

|�
dt�|	�
|df�

n|�
d|
�

|�
dt�|	�
|
f�

|�
d	|j|j|j|j|jt�t�	|j
�
�
f�

|jd
7_dS)NF�Q
�z`SKIPPING additional checks on object %s which very recently became an expired tombstone (normal)zbINFO: it is expected this will be expunged by the next daily task some time after %s, %d hours agoiz+SKIPPING: object %s is an expired tombstonezTINFO: it was expected this object would have been expunged soon after%s, %d days agozHisDeleted: attid=0x%08x version=%d invocation=%s usn=%s (local=%s) at %sr,T)rcr�rr	r�
r�
rr�
�samba�nttime2unixr�
�timer0r��ctimer�
�version�originating_invocation_idr�
r�
rd)r�r��repl_valr�
r�
�delete_time�current_time�tombstone_deltar��expunge_time�
delta_daysrrr�is_expired_tombstonesF






��
�





�
zdbcheck.is_expired_tombstonec
Cs�tt
j|
�}|�|tj�}t�|j�
}|j	d
}g}|j
jD]+}|jtjkr'q|j
|j
k
r.q|j|jk
r5qt�|j�
}||}	|	|k
rDq|�|�

q||fS)Nr&)rr	r�
r�
rr�
r(r)r�
r0r�
r�
r�
r�
r)
r�r.r�
r�
r/r1�foundr��change_timer�rrr�find_changes_after_deletionLs$








z#dbcheck.find_changes_after_deletioncsV��|�
\}}t
|�
d
krdS�f
dd�}��d|
�

||�

|D]}||�

q"dS)Nr
Fc
shz	�j�
|j�
}
Wnty


d
|j}
Yn
w��d|
|j|j|j|j|jt	�
t�|j
�
�
f�

dS)N�<unknown:0x%x08x>zA%s: attid=0x%08x version=%d invocation=%s usn=%s (local=%s) at %s)r6r�
r�
r�r�r,r-r�
r�
r*r+r(r)r�
)r��attname�
r�rr�report_attidss



�





�z8dbcheck.has_changes_after_deletion.<locals>.report_attidz,ERROR: object %s, has changes after deletionT)r7r�r�)r�r�r.r5r�
r;r�rr:r�has_changes_after_deletionns







z"dbcheck.has_changes_after_deletionc	Cs
|�|�
\}}|
�
|j�
}|
��}|jj||d
�}g}|D]3}	|	j|kr%q|	jtjkr,q|	jtj	kr3qz	|j�
|	j�
}
WntyJ


d|	j}
Yn
w|�|
�

qt
|�
dkrh|�dd�|�
�

|�d�

dS|�d|
|jfd�sz|�d�

dS|�|
d	g
d
|
�r�|�d|
�

dSdS)Nr�
r8r
zUnexpeted attributes: %srz%Not fixing changes after deletion bugz6Delete broken tombstone object %s deleted %s days ago?rxr�r
r
)r7r�
rn�get_rdn_namer6r�
r�
r�DRSUAPI_ATTID_name�DRSUAPI_ATTID_lastKnownParentr�
r�rr�r�rr�r0r�)r�r�r.r5r�
r�
rd
�	rdn_attid�
unexpectedr�r9rrr�err_changes_after_deletion�sH



�











�




�
�



��z"dbcheck.err_changes_after_deletioncCsltt
j|�}|j}d
}|jD]%}|jt�d�
krqd}|�d|
|j	|j
t�t
�|j�
�
|j��f�

q|S)NF�$00000000-0000-0000-0000-000000000000Ta

ERROR: on replPropertyMetaData of %s, the instanceType on attribute 0x%08x,
                           version %d changed at %s is 00000000-0000-0000-0000-000000000000,
                           but should be non-zero.  Proposed fix is to set to our invocationID (%s).)rr	r�
r�
r�
r-rr�r�r�
r,r*r+r(r)r�
r4�get_invocation_id)r�r��repl_meta_datar�
r�
r5r�rrr�"has_replmetadata_zero_invocationid�s 

�







��z*dbcheck.has_replmetadata_zero_invocationidc
Cs0
tt
j|�}|j}t�tt���
�
}d
}|jD],}|j	t
�d�
kr"qd}|j�
tj�
}	|jd|_||_t
�|j���
|_	|	|_|	|_q|r�t|�
}
t��}|
|_|�d||
|j��fd�sj|�d||
f�

dSt��}|
|_t�|
tj|�||<|�|dtjd	gd
|�r�|�d||
f�

dSdSdS)NFrCTr,zZFix %s on %s by setting originating_invocation_id on some elements to our invocationID %s?rWz6Not fixing zero originating_invocation_id in %s on %s
r��#local_oid:1.3.6.1.4.1.7165.4.3.14:0rr)rr	r�
r�
r(�unix2nttimer�r*r�
r-rr�r4�sequence_numberrg�SEQ_NEXTr,r�
rDr�
r�
rr�r�r�r�r�r�r�rrl
)
r�r�r�
rEr�
r�
�nowr5r��seq�replBlobr�r�
rrr�"err_replmetadata_zero_invocationid�sL

�














�
�




���
z*dbcheck.err_replmetadata_zero_invocationidc
Cs`tt
j|�}|j}|jD]!}z	|j�|j�
}Wqty-


|�	d
|j||
f�

Y
dSwdS)NzIERROR: attributeID 0X%0X is not known in our schema, not fixing %s on %s
)
rr	r�
r�
r�
r6r�
r�
r�r�)r�r�r�
rEr�
r�
r�r�
rrr�err_replmetadata_unknown_attid�s

�





��z&dbcheck.err_replmetadata_unknown_attidc
s�tt
j|�}d
}t�}t��i}|
�|j�
}	|j}
t|
jdd�dd�d�|
_t	|
j�
D]|}t
d|
|jf�

|j�
|j�
}|��|vr�|�d|||
f�

|�d||
|j|||jfd�sn|�d	|j|||
f�


dSd
}��|j�

|j||jkr�|j||_|j||_|j||_|j||_|j||_q,|||<|�|���

q,�f
dd�|
jD�
}
t|�
d
k�
r|
D]F}|j|v�
r|j�
|j�
}|jj||	d�}|�d||
f�

|�d||
|j|||jfd�s�|�d|j||||
f�


dSd
}||_q�|�
rt|
dd�dd�d�|
dd�<|�
s8|�d||
f�

|�d||
fd��
s8|�d||
f�

dSt|
�
|
_|
|
_t|�
}t��}|
|_t�|tj|�||<|� |dt!j"ddgd|��
rp|�d||
f�

dSdS)NFc


S�|jSr��
r�
�
r�rrr�<lambda>��z:dbcheck.err_replmetadata_incorrect_attid.<locals>.<lambda>)
�keyz
%s: 0x%08xz7ERROR: duplicate attributeID values for %s in %s on %s
zLFix %s on %s by removing the duplicate value 0x%08x for %s (keeping 0x%08x)?rXz5Not fixing duplicate value 0x%08x for %s in %s on %s
Tc
sg|]	}
|
j�v
r|
�qSrrQ)r�
r��
�remove_attidrrr�
%sz<dbcheck.err_replmetadata_incorrect_attid.<locals>.<listcomp>r
r�
z0ERROR: incorrect attributeID values in %s on %s
zEFix %s on %s by replacing incorrect value 0x%08x for %s (new 0x%08x)?rYzANot fixing incorrect value 0x%08x with 0x%08x for %s in %s on %s
c


SrPr�rQrRrrrrS6rTz/ERROR: unsorted attributeID values in %s on %s
z+Fix %s on %s by sorting the attribute list?rZrr�rGz#local_oid:1.3.6.1.4.1.7165.4.3.25:0rr)#rr	r�
ryr�
rnr�
r�
r�
�reversedr�r�
r6r�
r�
r�r�r�r�
r,r�
r-r�
r�r�
�countrrgr�r�r�r�r�rrl
)r�r�r�
rEr�
r�
r8r�
�hash_attr�
r�
r�r�
�new_listr�
rMr�
rrVr� err_replmetadata_incorrect_attid�s�

�







��
�













�
�
�

�
 


�
�








���z(dbcheck.err_replmetadata_incorrect_attidcCs|
d
}d|
v
r|�d|
j
�

d}d|
v
s t|
dd�
��dkr*|�d|
j
�

d}d	|
v
r8|�d
|
j
�

d}d|
v
sHt|
dd�
��dkrR|�d|
j
�

d}d
|
vr`|�d|
j
�

d}d|
vrzt|
dd�
��dkrz|�d|
j
�

d}d|
v
s�t|
d�
dks�t|
dd�
dks�t|
dd�
dkr�|�d|
j
�

d}d|
v
s�t|
dd�
dkr�|�d|
j
�

d}|S)NF�descriptionz>ERROR: description not present on Deleted Objects container %sT�showInAdvancedViewOnlyr
�FALSEzIERROR: showInAdvancedViewOnly not present on Deleted Objects container %s�objectCategoryzAERROR: objectCategory not present on Deleted Objects container %s�isCriticalSystemObjectzIERROR: isCriticalSystemObject not present on Deleted Objects container %s�
isRecycledz9ERROR: isRecycled present on Deleted Objects container %sr�
z8ERROR: isDeleted not set on Deleted Objects container %srr'�topr,�	containerzBERROR: objectClass incorrectly set on Deleted Objects container %s�systemFlags�-1946157056zBERROR: systemFlags incorrectly set on Deleted Objects container %s)r�r�r�r�
r�)r�r>
�faultyrrr�is_deleted_deleted_objectsOs8



 





 





 











z"dbcheck.is_deleted_deleted_objectscCs2
t�
�}|
j|_}d
|
v
rt�dtjd
�|d
<d|
v
r&t�dtjd�|d<d|
v
r7t�d|jtjd�|d<d|
v
rEt�dtjd�|d<d|
vrSt�dtjd�|d<t�dtjd	�|d	<t�d
tjd�|d<t�dd
gtjd�|d<|�d|d�s�|�d|�

dS|�	|dg
d|�r�|�d|�

dSdS)Nr]zContainer for deleted objectsr^r�
r`zCN=Container,%srarbr�
rfrercrdrzAFix Deleted Objects container %s by restoring default attributes?r[�.Not fixing missing/incorrect attributes on %s
r�z+Failed to fix Deleted Objects container  %sz%Fixed Deleted Objects container '%s'
)
rgr�r�r�r�rnr
r�r�r�)r�r>
r�
r�rrr�err_deleted_deleted_objectsms6













�
�


��z#dbcheck.err_deleted_deleted_objectscCs�t�
�}||_|j��}|j��r|�d
||
jf�

dS|�d|
jd�s0|�d|
j�

dSt�|tj	|�||<|�
|gd||
jf�rR|�d||
jf�

dSdS)NzNot fixing %s %s for the RODCz-Add yourself to the replica locations for %s?rvrizFailed to add %s for %szFixed %s for %s)rgr�r�r4rp�am_rodcr�r�r�r
r�)r�r>
�	cross_refr�
r�
�targetrrr�err_replica_locations�s"







�
�


�zdbcheck.err_replica_locationscCsL|
|jj
krd
S|
|jkrd
S|
|jkrd
S|
|jkrd
S|
|jkr$d
SdS)NTF)r4rirjrlrnror
rrr�is_fsmo_role�s













zdbcheck.is_fsmo_rolec
Cs�d
}|j�
|
�
}|
|krE|tjO}z|jj|
��tjgdg
d�
Wntjy?
}
z|j	\}}|tj
kr5�WYd}~n
d}~w
w|tjO}|jdu
r[t
|�
dd�|jD�
vr[|tjO}|S)Nr
r�r�c
Sr�
rr�
�r�
�
xrrrr�
�r�
z2dbcheck.calculate_instancetype.<locals>.<listcomp>)r4r
r�INSTANCE_TYPE_IS_NC_HEADr�r]
rgr�r�r�r��INSTANCE_TYPE_NC_ABOVEr�r��INSTANCE_TYPE_WRITE)r�r��instancetyper$
�e4r�r�rrr�calculate_instancetype�s"





 






���
"


zdbcheck.calculate_instancetypecCsF|jD]\}}|
|kr t
�|j���
}tt
j|||jd
��
Sqt�
)N)
r|)	rsrr�r4r�rrr|r�)r�r��sd_dn�
descriptor_fn�
domain_sidrrr�get_wellknown_sd�s





���zdbcheck.get_wellknown_sdcs�|d
urdg
�nt|�
�t
dd��D�
�
�
��
fdd�}d�
vs,d�
vs,|
�����
vr6��d	�

�
�d	�

d	�
vrH|
��d
dfD]}||�

qAd}d�
vrQd
}n�D]}|�|�
\}}|dkraqS|d@rfqSd
}
|ro|d�

|d�

��
fS)z�A helper function for check_object() that calculates the list of
        attributes that need to be checked, and returns that as a list
        in the original case, and a set normalised to lowercase (for
        easy existence checks).
        N�
*c
ss�|]}
|
��V
qdSr�)
r�
rprrr�	<genexpr>�s�z/dbcheck.find_checkable_attrs.<locals>.<genexpr>c

s,|���
v
r��
|�

�
�|���

dSdSr�)r�
rr�)
�
a�r#�lc_attrsrr�add_attr�s



�z.dbcheck.find_checkable_attrs.<locals>.add_attrr��distinguishedname�namer�
reFTr
r,r�
r�
)r
ryr=r�
rr�r

)r�r�r�r�r~�need_replPropertyMetaDatar�r"
rrr�find_checkable_attrs�s>









�











zdbcheck.find_checkable_attrscBCs�|jr
|�
d
|
�

|�|
|�\}}z*d}|tjO}|tjO}|tjO}|tjO}|jj	|
t
jdddd|dg|d�}Wn0t
jyl
}
z#|j
\}}	|t
jkrg|jr`|�
d	|
�

WYd
}~dSWYd
}~dS�d
}~w
wt|�
dkr||�
d|
�

dS|d}
d}t�}t�}
d
}|j�|
j�
}z|j�|tjj�}Wnty�


d
}Yn
wd
}d
}d
}d
}d}d
}|
D].}|��dkr�t|
|d�
dkr�d}|��dkr�t|
|d�
}|��dkr�|
|d}q�|�
r|�
r|�|
|�r�|d7}|�|
|�
|S|�|
|��
r|S|
D�]�}|dk�
s|dk�
r�
q|��dk�
r d}|��dk�
rNt|
|�
dk�
rF|d7}|�
dt|
|�
|t|
j�
f�

nt|
|d�
}|��t|
j���
��k�
r�|}t|
|�
dk�
r}|d7}|�
dt|
|�
|t|
j�
f�

nt|
|d�
}|��dk�r|� |
|
|d��
r�|d7}|�!|
||
|d�
z|�"|
|
|d�\}}}Wnt�
y�


|d7}|�#|
||
|�
Y�
qwt|�
t|�
k�
s�t|�
dk�
s�t$|�
|k�
r�|d7}|�%|
||
|d|�
n|ddk�r|d7}|�
d|t|
�
f�

�
q|��dk�r�|�&|
|
�\}}|d
u
�r/|�'|
||�
|d7}�
q|j(d
u�s;|j)d
u�rG|�*|
|�
|d7}�
q|j+�r�z|�,|
�
}Wnt�y]


Y�
qwt-tj.|
|d�}t/||t�0|j�1��
�}|dk�r�|�2|
||�
|d7}�
q�
q|��dk�r�|j�3|j4||
|�}t$|�
t$|
|�
k�s�|d|
|dk�s�|d|
|dk�r�|�5|
|t6|
|�
�
|d7}�
q|��dk�r�|
|d} | dk�r�|d7}|�7|
||
|�
�
q| d
d�dk�r��
q| d
d �d!k�r|d7}|�8|
||
|�
�
q| ddk�rB| d"dk�rB| d#dk�rB| d$dk�rB| d%dk�rB|d7}|�9|
||
|�
�
qt| �
d&dk�rW|d7}|�:|
|�
�
q| ddk�r�| d&dk�r�| d"dk�r�| d'dk�r�| d#dk�r�|d7}|�;|
||
|�
�
q|��d(k�s�|��d)k�r�|
|d|j<v�r�|d7}|�
d*||
j|
|df�

n
|j<�=|
|d�

|
|D]}!|!d+k�r�|�>|
|�
|d7}�qÐq�z|j4�?|�
}"Wnt@�y�
}#
z|�A|
|�
|d7}WYd
}#~#�
qd
}#~#w
w|�B|�
\}$}%|j4�C|�
}&|&tjD@�s"|&tjE@�s"|$�s"|
�=|���

|"tjFtjGtjHt
jIfv�r9||�J|
||"�7}nTt�}'|
|D]/}!|'�=|!�

|j�3|j4||!g
�}t|�
dk�s_|d|!k�rn|�K|
||
|�
|d7}
n�q@t|
|�
t|'�
k�r�|�L|
||
|t6|'�
�
|d7}
n,|��d,k�r�|�M|
�
}(t|
d-�
dk�s�t|
d-d�
|(k�r�|d7}|�N|
|(�
�
q|�s�d.|v�s�d|v�r�|d7}|�O|
�

d.|v�s�d|v�r|d
u�r�|d7}|�
d/t|
j�
�

|d
u�r|d7}|�
d0|
j��t|
j�
f�

|d
u
�rwd
})dd1g}*|�r#|tjjP@�s|})|*d2tjQg
7}*|)d
u�r-|
j�R�})t
�S|jd3|)�}+|+�Td|
j��|�
|
j|k�rI|
j}+|+|
jk�r^|d7}|�U|
|+||||*�
n|
j�V�|k�rw|d7}|�
d4||t|
j�
f�

d},|�r�|
j|k�r�d5}-d6}.|�W||-�}/|/|.k�r�|�Xd7t|
�
d8��r�t
�Y�}0|
|0_t
�Zd9t
j[d:�|0d:<|d7}|jj\|0d;g
d<�
n	|�
d=t|
�
�

|
�]|�
D]2}1|,�r�|�
d>|
�

d
},|d7}|�
d?|1�

|�Xd@|1dA��s�|�
dB|1�

�q�|�^|
|1�
�q�|�_|
�
�rdC|
v
�rd.|v�sdD|v�r|�`|
�

|d7}z"|
|j�a�k�r;t|
�R��
|jbv
�r;|jj	|
�R�t
jddgdE�}Wn;t
j�yw
}2
z-|2j
\}}	|t
jk�rl|�rb|�
dF|
j�

|�
dG�

n|�c|
�

|d7}n
�WYd
}2~2nd
}2~2w
w|
|jdv�r�d.|v�r�|�e|
�
�r�|�f|
�

|d7}|jgD]Q\}3}#|
|3k�r�dH|
v�r�dI}4|j�h��r�dJ}4|4|#v
�r�|�i|
|#j|4�
|d7}�q�d
}5|#|4D]}6t|6�
|j�j�k�r�d}5�q�|5�s�|�i|
|#j|4�
|d7}�q�|
|jkk�r4d.|v�s�dK|v�r4dL|
v
�r4|d7}|jl�r'|�XdMdN��r&|j�m�
z|j�n�
Wn	


|j�o�
�|j�p�
n
|j�h��s4|�
dO|
�

|
|jqk�r[dPdQg}7|jj	|jqt
j|7dR�}|7D]7}8|8|dv
�rV�qKt|d|8d�
}9|9dS?}:dT|9@};|9dk�r�|;|:k�r�|�
dU|;|:|;|:f�

|d7}�qKdP|dv
�r�|�
dV|
�

|d7}z	|j�r�\}<}:Wn%t
j�y�
}=
z|=j
\}}	|�
dW|	�

|d7}WYd
}=~=|Sd
}=~=w
w|j�1�}>|<|:k
�r[dX|>|<f}?z|jj	dY|?t
jgdR�}Wn"t
j�y
}@
z|@j
\}}	|t
jk�r��d
}WYd
}@~@nd
}@~@w
w|d
u
�rR|�
dZ|?|dj|
f�

|d7}|�Xd[|?|
fd\��rO|j�m�
z	|j�s�}A|A|<k�r<|Ad}<n�q-Wn	


|j�o�
�|j�p�
n	|S|<d7}<|<|:k
�s�|S)]zcheck one object�Checking object %sr
r�r�r�rr�)r!r"r�r#z)ERROR: Object %s disappeared during checkNr,z,ERROR: Object %s failed to load during checkF�	isdeletedr_T�systemflags�replpropertymetadatar��distinguishedName�objectclassr�z1ERROR: Not fixing num_values(%d) for '%s' on '%s'zYERROR: Not fixing incorrect initial attributeID in '%s' on '%s', it should be objectClass�ntsecuritydescriptorr&r 
�userparameters�
 �s        �sIAAgACAAIAAgACAAIAAg����	r'��attributeid�	governsidz@Error: %s %s on %s already exists as an attributeId or governsId�rurk
r|z(ERROR: Not fixing missing 'name' on '%s'z&ERROR: Not fixing missing '%s' on '%s'r�r1
z
RDN=RDN,%szERROR: Not fixing %s=%r on '%s'i0l�)�x1cB&z-Fix isDeleted originating_change_time on '%s'rIr�
r�
r�r�z4Not fixing isDeleted originating_change_time on '%s'zOn object %sz7ERROR: Attribute %s not present in replication metadataz-Fix missing replPropertyMetaData element '%s'rHz4Not fixing missing replPropertyMetaData element '%s'rV
�
fsmoroleowner)r!r"r�z'WARNING: parent object not found for %szFNot moving to LostAndFound (tombstone garbage collection in progress?)�repsFromr)r*�ridsetreferencesr/z,Allocate the missing RID set for RID master?rwz^No RID Set found for this server: %s, and we are not the RID Master (so can not self-allocate)�rIDAllocationPool�rIDPreviousAllocationPoolr � l��z!Invalid RID pool %d-%d, %d >= %d!z No rIDAllocationPool found in %szCouldn't get available RIDs: %sz%s-%dz<SID=%s>z6SID %s for %s conflicts with our current RID set in %szGFix conflict between SID %s and RID pool in %s by allocating a new RID?r`)tr7r�r�rr r!rrr4r�rgr�r�r�r�rfr�ryr
r�r}r(rr�r�r�
r�r�r<rBr4r=rFrNr�
rOr�
r\rrrrr%rbr{rrr
r�r�r#r
r6r
r
rp
rt
ry
r{
rz
r�r�r
r|
r�r?
r

�$get_systemFlags_from_lDAPDisplayName�DS_FLAG_ATTR_NOT_REPLICATED�DS_FLAG_ATTR_IS_CONSTRUCTEDr��DSDB_SYNTAX_OR_NAME�DSDB_SYNTAX_STRING_DNr�
r�
r
r
rwrn
r
�#SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETEr2
r]
rh�
set_componentrj
�
get_rdn_valuer�
r�r�r�r�r��
differencer�
rorX
r�rzrc
r�rhrjr�rkrnrpr�r�rZ
�create_own_rid_setr^
r_
r��free_rid_bounds�allocate_rid)Br�r�r��search_attrsr�rr��e10r�r�r>
r��set_attrs_from_md�set_attrs_seen�got_objectclass�nc_dn�deleted_objects_dn�object_rdn_attr�object_rdn_valrf
r�
re�repl_meta_data_valr��list_attid_from_mdr�
rr�
well_known_sd�
current_sdr"r
�
userparamsr
r}
r�r�r#
�flagr	
rm
�	parent_dnr��expected_dn�show_dn�isDeletedAttId�expectedTimeDo�originatingr�
r�
�e11�dns_part�locationr5�loc�
pool_attrs�	pool_attr�pool�high�low�
next_free_ridr�rz�sidr&
�
allocated_ridrrrr��s@













�
�	








��









��









�













�




�


�


�







�












�

�





































�




�




��

��

�





�




(


�




























�


























$


��








��














�

�

�





�
�

�





��







4��








�




��


���
	






�



�
�.zdbcheck.check_objectc
Cs>
t�
|jd
�}
|jr|�d|
�

|jj|
tjd�}t|�
dkr)|�d|
�

dS|d}d}d|v
r<|�d�

|dSt|dd�
�	d	�
s�|�d
�

|d7}|�
d�
sW|S|jjt�
|j|dd�d�
�tjd
g
d�}ttt
j|dd
d��
}t��}|
|_t�d|tjd�|d<|j|gddd�r�|�d�

|S)z!check the @ROOTDSE special objectz@ROOTDSEr�)r!r"r,z"Object %s disappeared during checkr
rU
z(ERROR: dsServiceName missing in @ROOTDSEz<GUID=z1ERROR: dsServiceName not in GUID form in @ROOTDSEz"Change dsServiceName to GUID form?r(r�
r r�
z+Failed to change dsServiceName to GUID formFr�z"Changed dsServiceName to GUID form)rgrhr4r7r�r�r�r�r��
startswithr�rrrr�r�r�r�r�r�)r�r�r�r>
r�r�
r�rrrr�s:
















 

�




�


zdbcheck.check_rootdsec
CsRt�
�}
t�|jd
�|
_t�dtjd�|
d<t�dtjd�|
d<|j|
gddd�S)	zre-index the whole databasez@ATTRIBUTESr��
force_reindexr�r�zre-indexed databaseFr�)	rgr�rhr4r�r�r
r
r��r�r�rrr�reindex_database7s




zdbcheck.reindex_databasec
Cs>t�
�}
t�|jd
�|
_t�dtjd�|
d<|j|
gddd�S)zOreset @MODULES to that needed for current sam.ldb (to read a very old database)z@MODULES�
samba_dsdbz@LISTzreset @MODULES on databaseFr�)rgr�rhr4r�r�r�r�r�rrr�
reset_modulesAs


zdbcheck.reset_modules)	NFFFFFFFF)FF)
T)
Fr�)N�__name__�
__module__�__qualname__�__doc__r�rgr�
r�r�r�r�r�r�r�r�r

r
r
r
r
r�r
r
r'
r/
r0
r3
r5
r=
r?
r@
rC
rH
rP
rT
rX
rc
rj
rn
rp
rt
ry
rz
r{
r
r�
rI
r�
r�
r�
r�
r�
r�
r�
rrrr#r%r4r7r<rBrFrNrOr\rhrjrnrorwr{r�r�r�r�r�rrrrr4s�





�<

�d



U  


�#A!f,

i6"$%_

1!$
r)rgr(r*�base64rrr�samba.dcerpcrr�	samba.ndrrrr	�samba.samdbr
r�samba.descriptorrr
�
samba.authrr�samba.netcmdr�samba.netcmd.fsmorrr�rrrrr�<module>
s$