%PDF- %PDF- Mini Shell
Mini Shell

Direktori : /lib/python3/dist-packages/samba/__pycache__/
Current File : //lib/python3/dist-packages/samba/__pycache__/dbchecker.cpython-312.pyc
�

�de\���ddlZddlZddlZddlmZmZddlmZddlmZddlm	Z	ddlm
Z
ddlmZm
Z
ddlmZdd	lmZdd
lmZddlmZmZmZddlmZmZdd
lmZddlmZddlmZmZm Z m!Z!d�Z"Gd�de#�Z$y)�N)�	b64decode�	b64encode)�dsdb)�common)�misc)�drsuapi)�
ndr_unpack�ndr_pack)�drsblobs)�dsdb_Dn)�security)�get_wellknown_sds�get_deletedobjects_descriptor�get_diff_sds)�system_session�
admin_session)�CommandError)�get_fsmo_roleowner)�c_RED�
c_DARK_YELLOW�c_DARK_CYAN�c_DARK_GREENc���g}|D]#}	|j|jd���%dj	|�S#t$r|jt|��Y�\wxYw)z�Stringify a value list, using utf-8 if possible (which some tests
    want), or the python bytes representation otherwise (with leading
    'b' and escapes like b'').
    zutf-8�,)�append�decode�UnicodeDecodeError�repr�join)�vals�result�values   �1/usr/lib/python3/dist-packages/samba/dbchecker.py�dump_attr_valuesr$*sd��
�F��'��	'��M�M�%�,�,�w�/�0�'�
�8�8�F����"�	'��M�M�$�u�+�&�	'�s� <�#A"�!A"c��eZdZdZ						dKd�Zdejddfd�Zd�Zd�Z	dLd�Z
d�Zd	�ZdMd
�Z
d�Zd�Zd
�Zd�Zd�Zd�Zd�Zd�ZdNd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Z 	dMd�Z!d�Z"d �Z#d!�Z$d"�Z%d#�Z&d$�Z'd%�Z(d&�Z)d'�Z*d(�Z+d)�Z,d*�Z-d+�Z.d,�Z/d-�Z0d.�Z1d/�Z2d0�Z3d1�Z4d2�Z5d3�Z6d4�Z7d5�Z8d6�Z9d7�Z:d8�Z;d9�Z<d:�Z=d;�Z>d<�Z?d=�Z@d>�ZAd?�ZBd@�ZCdA�ZDdB�ZEdC�ZFdD�ZGdE�ZHdF�ZIdOdG�ZJdH�ZKdI�ZLdJ�ZMy)P�dbcheckzcheck a SAM database for errorsNc
��||_d|_|xs||_||_||_||_||_||_d|_d|_	d|_
d|_d|_d|_
d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_t7�|_d|_d|_d|_d|_ d|_!d|_"d|_#d|_$d|_%d|_&d|_'d|_(d|_)d|_*d|_+d|_,d|_-||_.|	|_/|
|_0d|_1d|_2||_3tijj|d|jm�z�|_7tijj|d|jq�z�|_9|ju�|_;tijj|d|jm�z�|_<tijj||j{��|_>i|_?t�|j�|_Ad|_Bd|_Cd|_Dd|_Ed|_Ft��|_Hi|_Ii|_J	d|j�|j��t�j��z}|j�|thj�dg��}
t�t�j�|
ddd�}t�|�|j�d	<t��|_Yt�d|j���|_\|jj�|j|thj�d
dg��}
d
|
dvr|
dd
|_]nd|
dvr|
dd|_]nd|_]|jj�dthj�d
g��}
g|_^g|__g|_`	|
dd
|_a|j�D]u}	|jj�tijj|j|j�d��t�j��}|j�j�|��wd|jj��z}d|jj��z}|jj�thj�ddg|jj��d|z��}t�|�dk(r>|j�j�tijj|j|�|df�|jj�thj�ddg|jj��d|z��}t�|�dk(r>|j�j�tijj|j|�|df�tijj|jd|jjm�z�}t�|j|d�}tijj|j|jj{��|k(rd|_lnd|_l|jj�tijj|j|jj���thj�dg��}
tijj|j|
dddj�d��|_n|jj�|j�thj�dg��}
d|
dvr>tijj|j|
dddj�d��|_ond|_od|jjq�j��z}|j�|thj�ddg��}
d|
dvrt�|
ddd�|_rnd|_rg|_sg|_t	|jj�thj�dd d!g�"�}
d |
dvr
|
dd |_sd!|
dvr|
dd!|_tyy#thj�$r.}|j�\}}|thj�k7r�Yd}~���d}~wwxYw#t�$rY���t�$rY���wxYw#t�$rL|j�j�tijj|j|j�d���Y��.wxYw#thj�$r-}|j�\}}|thj�k7r�Yd}~yd}~wwxYw)#NFrzCN=Infrastructure,zCN=Partitions,%szCN=RID Manager$,CN=System,zCN=DnsAdmins,%s�	objectSid��base�scope�attrs�	DnsAdminszmsDS-hasMasterNCs�hasMasterNCs��namingContexts�utf8zDC=DomainDnsZones,%szDC=ForestDnsZones,%s�msDS-NC-Replica-Locations�msDS-NC-RO-Replica-Locationsz$(&(objectClass=crossRef)(ncName=%s)))r+r,r*�
expression��ridT�serverReference�rIDSetReferencesz1CN=Directory Service,CN=Windows NT,CN=Services,%sz(objectClass=nTDSService)�tombstoneLifetime)r*r+r4r,�z@SAMBA_DSDB�compatibleFeatures�requiredFeatures)r+r*r,)u�samdb�
dict_oid_name�samdb_schema�verbose�fix�yes�quiet�colour�remove_all_unknown_attributes�remove_all_empty_attributes�fix_all_normalisation�fix_all_duplicates�fix_all_DN_GUIDs�fix_all_binary_dn�#remove_implausible_deleted_DN_links�!remove_plausible_deleted_DN_links�$fix_all_string_dn_component_mismatch�"fix_all_GUID_dn_component_mismatch�!fix_all_SID_dn_component_mismatch� fix_all_SID_dn_component_missing�(fix_all_old_dn_string_component_mismatch�fix_all_metadata�fix_time_metadata�fix_undead_linked_attributes�fix_all_missing_backlinks�fix_all_orphaned_backlinks�fix_all_missing_forward_links�dict�duplicate_link_cache�recover_all_forward_links�
fix_rmd_flags�fix_ntsecuritydescriptor�$fix_ntsecuritydescriptor_owner_group�seize_fsmo_role�move_to_lost_and_found�fix_instancetype�"fix_replmetadata_zero_invocationid� fix_replmetadata_duplicate_attid�fix_replmetadata_wrong_attid�fix_replmetadata_unsorted_attid�fix_deleted_deleted_objects�fix_dn�fix_base64_userparameters�fix_utf8_userparameters�fix_doubled_userparameters�fix_sid_rid_set_conflict�quick_membership_checks�reset_well_known_acls�check_expired_tombstones�expired_tombstones�reset_all_well_known_acls�in_transaction�ldb�Dn�	domain_dn�infrastructure_dn�get_config_basedn�	naming_dn�get_schema_basedn�	schema_dn�rid_dn�get_dsServiceName�ntds_dsa�class_schemaIDGUIDr�
wellknown_sds�fix_all_missing_objectclass�fix_missing_deleted_objects�fix_replica_locations�fix_missing_rid_set_master�fix_changes_after_deletion_bug�set�dn_set�
link_id_cache�name_map�get_wellknown_dn�get_default_basednr�DS_GUID_USERS_CONTAINER�search�
SCOPE_BASEr	r
�dom_sid�str�LdbError�args�ERR_NO_SUCH_OBJECTr�system_session_infor�get_domain_sid�admin_session_info�	write_ncs�deleted_objects_containers�ncs_lacking_deleted_containers�dns_partitions�ncs�KeyError�
IndexErrorr�!DS_GUID_DELETED_OBJECTS_CONTAINERr�get_root_basedn�SCOPE_ONELEVEL�get_partitions_dn�lenr�
is_rid_master�get_serverName�
server_ref_dn�
rid_set_dn�get_linearized�intr9r;r<)�selfr=r?r@rArBrCrprkrlrmrD�base_dn�res�
dnsadmins_sid�e5�enum�estr�nc�dn�domaindns_zone�forestdns_zone�domain�forest�fsmo_dn�
rid_master�ntds_service_dn�e6s                            r#�__init__zdbcheck.__init__;s�����
�!���)�2�U��������������
����-2��*�+0��(�%*��"�"'��� %���!&���38��0�16��.�49��1�27��/�16��.�05��-�8=��5� %���!&���,1��)�).��&�*/��'�-2��*�$(�F��!�).��&�"���(-��%�49��1�$���&+��#� %���27��/�05��-�,1��)�/4��,�+0��(����).��&�',��$�*/��'�(-��%�'>��$�%:��"�(@��%�"#���).��&�,���!$����/C�e�o�o�FW�/W�!X�������'9�E�<S�<S�<U�'U�V����0�0�2����f�f�U�$@�5�?�?�CT�$T�U������u�e�&=�&=�&?�@��
�"$���.�t�z�z�:���+0��(�+0��(�%*��"�*/��'�.3��+��e��������
�	�'�%�*@�*@�05�0H�0H�0J�04�0L�0L�+N�N�G��,�,�G�3�>�>�&1�]��4�C�&�x�'7�'7��Q���9L�Q�9O�P�M�),�]�);�D�M�M�+�&�$2�#3�� �"/��e�6J�6J�6L�"M����j�j���T�]�]�#�.�.�Qd�ft�Pu��v���#�a�&�(� ��V�$7�8�D�N���Q��'�!$�Q���!7���!%����j�j���R�s�~�~�FV�EW��X��*,��'�.0��+� ���	��1�v�.�/�D�H��(�(�	b�B�
b��Z�Z�0�0�����
�
�B�I�I�f�DU�1V�15�1W�1W�Y���/�/�6�6�r�:�		b�0�$�*�*�2O�2O�2Q�Q��/�$�*�*�2L�2L�2N�N�����"�"��);�);�*E�Ge�)f�(,�
�
�(D�(D�(F�.T�We�.e�#�g���v�;�!�����&�&����t�z�z�>�(J�F�ST�I�'V�W����"�"��);�);�*E�Ge�)f�(,�
�
�(D�(D�(F�.T�We�.e�#�g���v�;�!�����&�&����t�z�z�>�(J�F�ST�I�'V�W��&�&����%A�D�J�J�DX�DX�DZ�%Z�[��'��
�
�G�U�C�
��6�6�$�*�*�d�j�j�:�:�<�=��K�!%�D��!&�D���j�j���S�V�V�D�J�J��
�
�8Q�8Q�8S�%T�&)�n�n�=N�<O� �Q��!�V�V�D�J�J��A��7H�0I�!�0L�0S�0S�TZ�0[�\����j�j���T�%7�%7�&)�n�n�=O�<P� �R����Q��'�!�f�f�T�Z�Z��Q��8J�1K�A�1N�1U�1U�V\�1]�^�D�O�"�D�O�M��*�*�6�6�8�G�G�I�J���l�l��!$���&A�"5�!6��8���#�a�&�(�%(��Q��0C�)D�Q�)G�%H�D�"�%(�D�"�"$��� "���	��*�*�#�#�#�.�.�)6�+?�+=�+?�$�@�C�$�s�1�v�-�*-�a�&�1E�*F��'�!�S��V�+�(+�A��/A�(B��%�,��G�|�|�	��7�7�L�T�4��s�-�-�-��.��	��6�	���	��	���
b��3�3�:�:�3�6�6�$�*�*�b�i�i�X^�N_�;`�a�
b��@�|�|�	��7�7�L�T�4��s�-�-�-��.��	�s^�Bb�?
c�A2c2�;Ae
�c�&#c�c�	c/�#c/�.c/�2Ae�e�
f
�#f�f
c��|jj||dg|��}|jdt|�z�d}d|_||j�z
}t
�|_|D]P}|jjt|j��||j|j|��z
}�R|�||j�z
}|jdkDr|jd|jz�|jdt|�||jzfz�|jdk7r|jd|j�d	��|dk7r!|js|jd
|�d��|S)z>perform a database check, returning the number of errors foundr��r*r+r,�controlszChecking %u objectsr)�requested_attrsz�NOTICE: found %d expired tombstones, 'samba' will remove them daily, 'samba-tool domain tombstones expunge' would do that immediately.zChecked %u objects (%u errors)z	WARNING: z/ of these errors cannot be automatically fixed.z-Please use 'samba-tool dbcheck --fix' to fix z errors)r=r��reportr��unfixable_errors� check_deleted_objects_containersr��attribute_or_class_idsr��addr�r��check_object�
check_rootdsernrA)r��DNr+r�r,r��error_count�objects        r#�check_databasezdbcheck.check_database�s����j�j���R�u�T�F�X��V�����)�C��H�4�5��� !����t�<�<�>�>��&)�e��#��	O�F��K�K�O�O�C��	�	�N�+��4�,�,�V�Y�Y��,�N�N�K�	O��:��4�-�-�/�/�K��"�"�Q�&��K�K�5��/�/�	1�
2�	
���4���X�{�T�-B�-B�B�C�D�	E�� � �A�%��K�K�)�D�$9�$9�#:�;I�I�
J��!��D�H�H��K�K�G�&�-�w�0�
1���c
�	�d}|jD�]�}||jk(r�|dz
}|jd|z�|jd|zd�s�Ct	j
|jd�}|j|�d}	|jj|tjggd��	�}t|�dk7rn|djjd
�}t	j
|jdttj|��z�}|j|�|� 	|jj'||gd
��|jj|tjdggd��	�}t|�dk7r|jd|z�y|dd}g}d}
|D]�}t)|j|j+d�t,j.�}|j1|�r/|jd|z�|jjd
�}
|j3t|����|
�"dttj|
��z}n+dt,j4z}|j3|�d|���d}t7j8|jj;��}t=||j>��}tA|�j+d�}|jjCd|�d|�d|��ddg� �t	jD�}t	j
|jt|dd!��|_t	jF|tjHd�|d<|jK|dgd"|zd#�$�r|jd%|z�|jLj3|����|S#tj $rH}|j"\}}	|tj$k(rn|jd|	z�Yd}~yYd}~���d}~wwxYw#tj $r4}
|
j"\}}	|jd|�d|�d|	���Yd}
~
yd}
~
wwxYw)&z`This function only fixes conflicts on the Deleted Objects
        containers, not the attributesrr5z=ERROR: NC %s lacks a reference to a Deleted Objects containerz-Fix missing Deleted Objects container for %s?rzCN=Deleted ObjectsN)�show_deleted:1�extended_dn:1:1�show_recycled:1�reveal_internals:0r��GUIDzCN=Deleted Objects\0ACNF:%sz<Couldn't check for conflicting Deleted Objects container: %s)r��relax:0r�z/Couldn't move old Deleted Objects placeholder: � to z: �wellKnownObjects)r��
extended_dn:0r�r�z(wellKnownObjects was not found for NC %sr1z7wellKnownObjects had duplicate Deleted Objects value %sz
objectGUID: %szB:32:%s�:r/�r��dn: z�
objectClass: top
objectClass: container
description: Container for deleted objects
isDeleted: TRUE
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: TRUE
nTSecurityDescriptor:: z
systemFlags: -1946157056r��provision:0�r�r�z"NC %s lacks Deleted Objects WKGUIDF��validatezAdded %s well known guid link)'r�rxr��confirm_allrqrrr=�add_baser�r�r�r��get_extended_componentr�rr�r�r�r��renamerrr�DSDB_SYNTAX_BINARY_DN�is_deleted_objects_dnrr�r
r�r�rr�r�add_ldif�Message�MessageElement�FLAG_MOD_REPLACE�	do_modifyr�)r�r�r�r��conflict_dnr��guid�e2r�r��e1�wko�listwko�proposed_objectguid�o�dsdb_dn�guid_suffix�
wko_prefix�
domain_sid�sec_desc�sec_desc_b64�deltas                      r#r�z(dbcheck.check_deleted_objects_containerss�����5�5�c	7�B��T�^�^�#���1��K��K�K�W�Z\�\�]��#�#�$S�WY�$Z�\y�z������
�
�$8�9�B��K�K��O��K�
��j�j�'�'�R�s�~�~�R�2[�(�\���s�8�q�=��q�6�9�9�;�;�F�C�D�"%�&�&����)G�#�d�i�i�X\�o�J^�)^�#`�K��(�(��,��&���J�J�%�%�b�+�7g�h��*�*�#�#��3�>�>�+=�*>�.W�$�X�C��3�x�1�}����F��K�L���a�&�+�,�C��G�"&���
'��!�$�*�*�a�h�h�v�.>��@Z�@Z�[���-�-�g�6��K�K� Y�\]� ]�^�+2�*�*�*K�*K�F�*S�'����s�1�v�&�
'�#�.�0�3�t�y�y�AT�7U�3V�V��&��)O�)O�O�
����*�b�9�:� ��"�)�)�$�*�*�*C�*C�*E�F�J�4�Z�>B�m�m�M�H�$�X�.�5�5�f�=�L�
�J�J���"$�\�;�!@�+4�]�)C�
 �	
E��K�K�M�E��v�v�d�j�j�#�c�!�f�T�l�*;�<�E�H�(+�(:�(:�7�;>�;O�;O�;M�)O�E�$�%�
�~�~�e�i�[�B�R�G�',��.����;�b�@�A��+�+�2�2�2�6�Gc	7�J���]�<�<�
�!�w�w���t��3�1�1�1���K�K� ^�ae� e�f����
���|�|��#%�7�7�L�T�4��K�K�ac�ep�rv� w�x����s1�B+O�4P8�P5�-7P0�0P5�8Q?�)Q:�:Q?c���|jry|jr�|jd�rtd�|ddz}n�|jd�rt	d�|ddz}n�|jd�rtd�|ddz}nh|jd�rtd�|d	dz}nE|jd
�rtd
�|ddz}n"|jd�rt
d�|ddz}t|�y)
z#print a message unless quiet is setN�ERROR��WARNING��INFO��NOTICE��NOTE�SKIPPING�)rCrD�
startswithrrrr�print)r��msgs  r#r�zdbcheck.report�s����:�:���;�;��~�~�g�&��G�n�s�1�2�w�.�����	�*�#�I�.��Q�R��8������'�!�&�)�C���G�3������)�!�(�+�c�!�"�g�5������'�!�&�)�C���G�3�����
�+�"�:�.��Q�R��8��
�c�
r�c��|jsy|jr|jS|jrd}tj|||��S)zconfirm a changeFT��forced�	allow_all)rArCrBr�confirm)r�rrrs    r#rzdbcheck.confirm�s;���x�x���:�:��8�8�O��8�8��F��~�~�c�&�I�F�Fr�c��|jsyt||�dk(ryt||�dk(rd}n|j}|jr|St	j
||d��}|dk(rt
||d�y|dk(rt
||d�y|S)z(confirm a change with support for "all" F�NONE�ALLTr)rA�getattrrBrCrr�setattr)r�r�all_attrr�cs     r#r�zdbcheck.confirm_all�s����x�x���4��"�f�,���4��"�e�+��F��X�X�F��:�:��M��N�N�3�v��>����:��D�(�E�*����;��D�(�F�+���r�c�>�|jr|jd|z�	|dtjzgz}|jj||��y#t$r<}|jrt|�d|����|j|�d|���Yd}~yd}~wwxYw)z&delete dn with optional verbose outputzdelete DN %s�local_oid:%s:0r�� : NFT)	r@r�r�DSDB_CONTROL_DBCHECKr=�delete�	Exceptionrpr)r�r�r�r�errs     r#�	do_deletezdbcheck.do_delete�s����<�<��K�K���+�,�	��#3�d�6O�6O�#O�"P�P�H��J�J���b�8��4����	��"�"�"��S�#9�:�:��K�K�S�#�.�/���		�s�4A�	B� 2B�Bc��|dtjzgz}|jrM|j|jj|tj��|jd|z�	|jj|||��y#t$r<}|jrt|�d|����|j|�d|���Yd}~yd}~wwxYw)z-perform a modify with optional verbose outputrzcontrols: %r)r�r�rNFT)rrr@r�r=�
write_ldifrq�CHANGETYPE_MODIFY�modifyrrpr)r��mr�rr�rs      r#r�zdbcheck.do_modify�s����/�$�2K�2K�K�L�L���<�<��K�K��
�
�-�-�a��1F�1F�G�H��K�K���1�2�	��J�J���a�(�X��F����	��"�"�"��S�#9�:�:��K�K�S�#�.�/���		�s�2B�	C�2C�Cc
��|jr5|jdt|��dt|��dt|����	||z}|dtjzgz}|j
j
|||��y	#t$r<}|jrt|�d|����|j|�d|���Yd}~yd}~wwxYw)
z-perform a rename with optional verbose outputr�z
changeType: modrdn
newrdn: z
deleteOldRdn: 1
newSuperior: rr�rNFT)
r@r�r�rrr=r�rrpr)r��from_dn�to_rdn�to_baser�r�to_dnrs        r#�	do_renamezdbcheck.do_rename�s����<�<��K�K��'�l�C��K��W��	?�
@�
	��W�$�E��#3�d�6O�6O�#O�"P�P�H��J�J���g�u�x��@����	��"�"�"��S�#9�:�:��K�K�S�#�.�/���		�s�:A>�>	C�2B>�>Cc���||jvr|j|S|jj|�}|r|jj|�}nd}||f|j|<||fS�N)r�r?�get_linkId_from_lDAPDisplayName�!get_backlink_from_lDAPDisplayName)r��attrname�linkID�revnames    r#� get_attr_linkID_and_reverse_namez(dbcheck.get_attr_linkID_and_reverse_name�st���t�)�)�)��%�%�h�/�/��"�"�B�B�8�L����'�'�I�I�(�S�G��G�(.��'8����8�$��w��r�c�r�|jd|�d|���|jd|�d|�d�d�s|jd|z�ytj�}||_tj
d	tj|�||<|j|d
dgd|zd
��r|jd|z�yy)zfix empty attributeszERROR: Empty attribute � in zRemove empty attribute � from �?rFzNot fixing empty attribute %sNr/r�r�z#Failed to remove empty attribute %sFr�zRemoved empty attribute %s)r�r�rqr�r�r��FLAG_MOD_DELETEr�)r�r�r%rs    r#�err_empty_attributezdbcheck.err_empty_attribute�s�������2�F�G�����RT� U�Wt�u��K�K�7�(�B�C���K�K�M������(�(��S�-@�-@�(�K��(���>�>�!�i�):�;�?�(�J�UZ��\��K�K�4�x�?�@�\r�c�`�|jd|�d|���g}|D]�}|jj|j||g�}t	|�dk7r(|jd|z�|j|df��a|d|k7s�j|jd|�d|d�d	��|j||df���|j
d
|�d|�d�d
�s|jd|z�ytj�}||_	tdt	|��D]f}||\}}	tj|tj|�|d|z<|	dk7s�<tj|	tj|�|d|z<�h|j|ddgd|zd��r|jd|z�yy)z?fix attribute normalisation errors, without altering sort orderz)ERROR: Normalisation error for attribute r*r5zUnable to normalise value '%s'r/rzvalue 'z
' should be '�'zFix normalisation for r+r,rGzNot fixing attribute %sNzvalue_%uznormv_%ur�r�� Failed to normalise attribute %sFr��Normalised attribute %s)r�r=�dsdb_normalise_attributesr?r�rr�rqr�r��ranger�r-�FLAG_MOD_ADDr�)
r�r�r%�values�mod_list�val�
normalisedr�i�nvals
          r#�err_normalise_mismatchzdbcheck.err_normalise_mismatchs������8�UW�X�Y����	6�C����=�=��!�!�8�c�U�4�J��:��!�#����<�s�B�C�����b�	�*��Q�-�3�&����3�
�1�
�N�O�����j��m� 4�5�	6����x�QS� T�Vm�n��K�K�1�H�<�=���K�K�M������q�#�h�-�(�	A�A�"�1�+�K�S�$� #� 2� 2�3��8K�8K�X� V�A�j�1�n���r�z�$'�$6�$6�t�S�=M�=M�7?�%A��*�q�.�!�		A��>�>�!�i�):�;�<�x�G�#(��*�
�K�K�1�H�<�=�*r�c�"�|jj|j||�}t|�|k(ry|j	d|�d|�d��|j	d|�dt|��d��|jd|�d	|�d
�d�s|j	d|z�yt
j�}||_t
j|tj|�||<|j|d
dgd|zd��r|j	d|z�yy)z.fix attribute normalisation and/or sort errorsNz*ERROR: Normalisation error for attribute '�' in 'r0z*Values/Order of values do/does not match: �/�!zFix normalisation for '�' from '�'?rG�Not fixing attribute '%s'r�r�r1Fr�r2)r=r3r?�listr�r�rqr�r�r�r�r�)r�r�r%r6r9rs      r#�err_normalise_mismatch_replacez&dbcheck.err_normalise_mismatch_replace%s����Z�Z�9�9�$�:K�:K�X�W]�^�
��
��v�%�����x�Y[�\�]����&�RV�Wa�Rb�c�d����8�UW� X�Zq�r��K�K�3�h�>�?���K�K�M������(�(��S�5I�5I�8�T��(���>�>�!�i�):�;�<�x�G�#(��*�
�K�K�1�H�<�=�*r�c���|jd|�d|�d��|jdt|��dt|��d��|jd|�d|�d	�d
�s|jd|z�ytj�}||_tj|tj|�||<|j|d
dgd|zd��r|jd|z�yy)zfix duplicate attribute valuesz'ERROR: Duplicate values for attribute 'r>r0zValues contain a duplicate: [z]/[z]!zFix duplicates for 'rArBrHrCNr�r�z0Failed to remove duplicate value on attribute %sFr�z'Removed duplicate value on attribute %s)	r�r$r�rqr�r�r�r�r�)r�r�r%�
dup_valuesr6rs      r#�err_duplicate_valueszdbcheck.err_duplicate_values:s������H�VX�Y�Z����%�j�1�3C�F�3K�M�	N�����RT� U�Wk�l��K�K�3�h�>�?���K�K�M������(�(���1E�1E�x�P��(���>�>�!�i�):�;�L�x�W�#(��*�
�K�K�A�H�L�M�*r�c�B�|jdtjzk(S)z2see if a dsdb_Dn is the special Deleted Objects DNzB:32:%s:)�prefixrr�)r�r�s  r#r�zdbcheck.is_deleted_objects_dnLs���~�~��d�.T�.T�!T�T�Tr�c��|jd|�d|jj|��d��|jd|zd�s|jd|z�y|j	|dgd	|z�r|jd
|z�yy)z!handle object without objectclassz%ERROR: missing objectclass in object zw.  If you have another working DC, please run 'samba-tool drs replicate --full-sync --local <destinationDC> <sourceDC> r0zIIf you cannot re-sync from another DC, do you wish to delete object '%s'?r~z1Not deleting object with missing objectclass '%s'Nr��Failed to remove DN %s�
Removed DN %s)r�r=�get_nc_rootr�r�r�r�s  r#�err_missing_objectclasszdbcheck.err_missing_objectclassPs������|~�@D�@J�@J�@V�@V�WY�@Z�[�	\���� k�np� p�sP�Q��K�K�K�b�P�Q���>�>�"�y�k�2�R�7�9��K�K��"�,�-�9r�c�v�|s[|jd|�d|�d|���|jdt|�z�|jdd�sm|jd�y|jd	|�d|�d|���|jdt|�z�|jd
d�s|jd�ytj�}||_tj|tj|�|d<|j|d
dtjzgd|z�r|jd|z�yy)z(handle a DN pointing to a deleted objectz ERROR: target DN is deleted for � in object � - z#Target GUID points at deleted DN %rzRemove DN link?rKzNot removingNz"WARNING: target DN is deleted for zRemove stale DN link?rL�	old_valuer�rz(Failed to remove deleted DN attribute %sz"Removed deleted DN on attribute %s)r�r�r�rqr�r�r�r-r�r� DSDB_CONTROL_REPLMD_VANISH_LINKS)r�r�r%r8r��
correct_dn�remove_plausiblers        r#�err_deleted_dnzdbcheck.err_deleted_dnZs����K�K�RZ�\^�`c�d�e��K�K�=��J��O�P��#�#�$5�7\�]����N�+���K�K�T\�^`�be�f�g��K�K�=��J��O�P��#�#�$;�=`�a����N�+���K�K�M������+�+�C��1D�1D�h�O��+���>�>�!�/�.��1V�1V�V�X�D�x�O�Q�
�K�K�<�x�G�H�Qr�c
�8�t|�jd�dk7r,|jd|�d|�d|���|jd�y|j|�\}}|dzdk(�r>t|�jd�dk(�r |j|�\}}|�,|jd
|�d|�d|���|jd�y|jj|�}	|jj|j�}	|	�9|jd
|�d|j�d|�d|���|jd�y||	k7r,|jd|�d|�d|���|jd�y|jd|�d|�d|���|j|||||d�y|jd|�d|�d|���|j|||||d�y#tj$r0}
|
j\}}|tjk7r�d	}	Yd	}
~
��d	}
~
wwxYw)zxhandle a missing target DN (if specified, GUID form can't be found,
        and otherwise DN string form can't be found)z\0ADEL���z8WARNING: no target object found for GUID component link z in deleted object rSz`Not removing dangling one-way link on deleted object (tombstone garbage collection in progress?)rr5NzLWARNING: no target object found for GUID component for one-way forward link rRz"Not removing dangling forward linkz<WARNING: no target object found for GUID component for link z in object to z outside our NCszhNot removing dangling one-way left-over link outside our NCs (we might be building a renamed/lab domain)zLWARNING: no target object found for GUID component for cross-partition link zPNot removing dangling one-way cross-partition link (we might be mid-replication)z@WARNING: no target object found for GUID component for DN value Tz:ERROR: no target object found for GUID component for link F)r��findr�r(r=rNr�rqr�r�r�rX)
r�r�r%r8r�r&�_�reverse_link_name�nc_root�target_nc_root�er�r�s
             r#�err_missing_target_dn_or_GUIDz%dbcheck.err_missing_target_dn_or_GUIDqs.��
�r�7�<�<�	�"�b�(�
�K�K�%-�r�3�8�
9�
�K�K�F�
G���9�9�(�C�	����Q�J�!�O��W��!2�!2�9�!=��!C��7�7��A�
&�F�%� �,����*2�2�s�<�=����@�A���j�j�,�,�R�0�G�
&�!%���!7�!7��
�
�!C���%����*2�7�:�:�r�3�H�I����J�K���.�(����*2�2�s�<�=����<�=��
�K�K�%-�r�3�8�
9�
����H�c� '��$�
8��	
���!)�2�s�4�	5�	
���B��#�w���G���e�<�<�
&� �v�v���t��3�1�1�1��!%���	
&�s�#%G�H�)%H�Hc
��|jd|�d|�d|�d|���ddg}	|jjt|j�t
jg|��}t|�dk(r3|jd
|jz�|j||||�y|dj|_|jdt|�zd�s|jd|z�ytj�}||_tj|t
j|�|d<tjt|�t
j |�|d<|j#|dgd|�d|���r|jd|�d|���yy#t
j$rc}|j\}	}
|jd|j�d	|
�d
��|	t
jk7r�|j||||�Yd}~yd}~wwxYw)z+handle a missing GUID extended DN component�ERROR: � component for rRrSr�r�r�zunable to find object for DN z - (�)Nrzunable to find object for DN %s�Change DN to %s?rI�
Not fixing %srT�	new_value�Failed to fix � on attribute �Fixed )r�r=r�r�r�rqr�r�r�r�rar�r�r�r�r-r5r�)r�r�r%r8r��errstrr�r��e7r�r�rs            r#�err_missing_dn_GUID_componentz%dbcheck.err_missing_dn_GUID_component�s������f�h�XZ�\_�`�a�%�'8�9��		��*�*�#�#��W�Z�Z�����*,�x�$�A�C��s�8�q�=��K�K�9�G�J�J�F�G��.�.�r�8�S�'�J����V�Y�Y��
���� 2�S��\� A�CU�V��K�K��&�0�1���K�K�M������+�+�C��1D�1D�h�O��+���+�+�C��L�#�:J�:J�H�U��+���>�>�!�/�0�@F��Q�S��K�K�f�h�G�H�S��+�|�|�	��7�7�L�T�4��K�K�G�J�J�PT�U�V��s�-�-�-���.�.�r�8�S�'�J���
	�s�AF�H�%AH�Hc
���|jd|�d|�d|�d|���|jdt|�zd�s|jd|z�ytj�}||_tj|tj|�|d	<tjt|�tj|�|d
<|j|dgd|�d
|���r|jd|�d
|���yy)z'handle an incorrect binary DN componentrcz binary component for rRrSrfrJrgNrTrhr�rirjrk)
r�r�r�rqr�r�r�r-r5r�)r�r�r%r8r�rlrs       r#�err_incorrect_binary_dnzdbcheck.err_incorrect_binary_dn�s������V�U]�_a�cf�g�h���� 2�S��\� A�CV�W��K�K��&�0�1���K�K�M������+�+�C��1D�1D�h�O��+���+�+�C��L�#�:J�:J�H�U��+���>�>�!�/�0�@F��Q�S��K�K�f�h�G�H�Sr�c�
�|jd|�d|�d|���||_|jdt|�zd�s|jd�yt	j
�}||_t	j|tj|�|d<t	jt|�tj|�|d	<|j|d
dtjzgd|z�r|jd
|z�yy)z<handle a DN string being incorrect due to a rename or deletez<NOTE: old (due to rename or delete) DN string component for rRrSrfrQzNot fixing old string componentNrTrhr��local_oid:%s:1z+Failed to fix old DN string on attribute %sz#Fixed old DN string on attribute %s)r�r�r�r�rqr�r�r-r5r�r�%DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME)r�r�r%r8r�rVrs       r#�err_dn_string_component_oldz#dbcheck.err_dn_string_component_old�s������jr�tv�x{�|�}���
���� 2�S��\� A� J�L��K�K�9�:���K�K�M������+�+�C��1D�1D�h�O��+���+�+�C��L�#�:J�:J�H�U��+���>�>�!�/�.��1[�1[�[�]�G�8�T�V�
�K�K�=��J�K�Vr�c
��|jd|�d|�d|�d|���||_|jdt|�zd|z�s|jd|z�yt	j
�}||_t	j|tj|�|d	<t	jt|�tj|�|d
<|j|dgd|�d
|���r|jd|�d
|���yy)z"handle a DN string being incorrectzERROR: incorrect DN rdrRrSrfz fix_all_%s_dn_component_mismatchz Not fixing %s component mismatchNrTrhr�zFailed to fix incorrect DN rjzFixed incorrect DN )
r�r�r�r�rqr�r�r-r5r�)r�r�r%r8r�rV�
mismatch_typers        r#� err_dn_component_target_mismatchz(dbcheck.err_dn_component_target_mismatchs������S`�bj�ln�ps�t�u���
���� 2�S��\� A� B�]� R�T��K�K�:�]�J�K���K�K�M������+�+�C��1D�1D�h�O��+���+�+�C��L�#�:J�:J�H�U��+���>�>�!�/�0�MZ�\d�e�g��K�K�=�RZ�[�\�gr�c�V�|jd|�d|�d|���t|j�dk7r|jd�ytj|j
|jj��}|jd|�|jd|j�zd	�s|jd
�y|jd�}tj|j
d�}|jd|�|jd|�tj�}	||	_tj|j�tj|�|	d
<ddtjzg}
|j!|	|
d|z�r|jd|z�yy)z*fix missing <SID=...> on linked attributesz$ERROR: missing DN SID component for rRrSrz3Not fixing missing DN SID on DN+BINARY or DN+STRINGN�SIDrfrPz#Not fixing missing DN SID componentr�r/rhr�rrz,Failed to ADD missing DN SID on attribute %sz$Fixed missing DN SID on attribute %s)r�r�rJrqrrr=r��extended_str�set_extended_componentr�r�r�r�r5r�$DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SIDr�)r�r�r%r8r��target_sid_blobrV�target_guid_blob�guid_sid_dnrr�s           r#�#err_dn_component_missing_target_sidz+dbcheck.err_dn_component_missing_target_sidsh�����RZ�\^�`c�d�e��w�~�~��!�#��K�K�M�N���V�V�D�J�J��
�
�(?�(?�(A�B�
��)�)�%��A���� 2�Z�5L�5L�5N� N� B�D��K�K�=�>��%�<�<�V�D���f�f�T�Z�Z��,���*�*�6�3C�D��*�*�5�/�B��K�K�M������+�+�K�,D�,D�,F��HX�HX�Zb�c��+����t�H�H�H�
���>�>�!�X�H�H�U�W��K�K�>�(�K�L�Wr�c��|jd|�d|j���|jd|zd�s|jd|z�ytj�}|j|_tj
gtj|�|d<|j|dd	gd
|z�r|jd|z�yy)z!handle an unknown attribute errorzERROR: unknown attribute '�' in zRemove unknown attribute %srEzNot removing %sNrTr�r�z%Failed to remove unknown attribute %szRemoved unknown attribute %s)r�r�r�rqr�r�r-r�)r��objr%rs    r#�err_unknown_attributezdbcheck.err_unknown_attribute9s������X�s�v�v�N�O���� =�� H�Ji�j��K�K�)�H�4�5���K�K�M���v�v����+�+�B��0C�0C�X�N��+���>�>�!�i�):�;�A�H�L�N��K�K�6�(�C�D�Nr�c��|jd|�d|�d|j���|jd|zd�s|jd|z�ytj�}|j|_tj
|tj|�|d<|j|d	d
ddtjzgd
|z�r|jd|z�yy)z:handle a link that should not be there on a deleted objectzERROR: linked attribute 'z' to 'z' is present on deleted object zRemove linked attribute %srTz Not removing linked attribute %sNrTr�r�r�rz Failed to delete forward link %szFixed undead forward link %s)
r�r�r�rqr�r�r-r�rrU)r�r�r%r8rs     r#�err_undead_linked_attributez#dbcheck.err_undead_linked_attributeFs������+3�S�#�&�&�B�	C���� <�x� G�Ig�h��K�K�:�X�E�F���K�K�M���v�v����+�+�C��1D�1D�h�O��+���>�>�!�/�1A�CW�.��1V�1V�V�X�<�x�G�I�
�K�K�6�(�C�D�Ir�c
��|jd|�d|�d|�d|j���|jd|zd�s|jd|z�ytj�}||_tj
|tj|�|d	<|j|d
dgd|z�r|jd
|z�yy)zhandle a missing backlink valuez#ERROR: missing backlink attribute 'r��
 for link r*zFix missing backlink %srUzNot fixing missing backlink %sNrhr�r�z!Failed to fix missing backlink %szFixed missing backlink %s)r�r�r�rqr�r�r5r�)r�r�r%r8�
backlink_name�	target_dnrs       r#�err_missing_backlinkzdbcheck.err_missing_backlinkVs������Xe�gp�rz�|�}C�}C�D�	E���� 9�M� I�Kf�g��K�K�8�=�H�I���K�K�M������+�+�C��1A�1A�=�Q��+���>�>�!�/��;�=�
�M�O��K�K�3�}�E�F�Or�c��t|jjd��}|jd|||j|jj	�fz�|jd|zd�s|jd|z�yt
j�}|j|_t
jt|�tj|�|d<|j|gd�d	|z�r|jd
|z�yy)z"handle a incorrect RMD_FLAGS value�	RMD_FLAGSzHERROR: incorrect RMD_FLAGS value %u for attribute '%s' in %s for link %szFix incorrect RMD_FLAGS %ur[z!Not fixing incorrect RMD_FLAGS %uNrT)r�r��show_deleted:0z$Failed to fix incorrect RMD_FLAGS %uzFixed incorrect RMD_FLAGS %u)r�r�r�r�rzr�rqr�r�r�r-r�)r�r�r%�revealed_dn�	rmd_flagsrs      r#�err_incorrect_rmd_flagszdbcheck.err_incorrect_rmd_flagscs������=�=�k�J�K�	����^�bk�mu�wz�w}�w}�@K�@N�@N�@[�@[�@]�b^�^�	_���� <�y� H�/�Z��K�K�;�i�G�H���K�K�M���v�v����+�+�C��,<�c�>Q�>Q�S[�\��+���>�>�!�X�@�9�L�N��K�K�6�)�D�E�Nr�c���|dur5|j|||�r"|jdd|�d|�d|�d|�d�	z�y|jd|�d|�d	|�d
|���|jd|zd�s|jd
|z�ytj�}||_tj|tj|�|d<|j|ddgd|z�r|jd|z�yy)z handle a orphaned backlink valueTz*WARNING: Keep orphaned backlink attribute r0r>z' for link 'Nz$ERROR: orphaned backlink attribute 'r�r�r*zRemove orphaned backlink %srVz!Not removing orphaned backlink %sr"r�r�z"Failed to fix orphaned backlink %szFixed orphaned backlink %s)	�has_duplicate_linksr�r�rqr�r�r�r-r�)	r��obj_dn�
backlink_attr�backlink_valr��forward_attr�forward_syntax�check_duplicatesrs	         r#�err_orphaned_backlinkzdbcheck.err_orphaned_backlinkqs����t�#��(@�(@��L�Zh�(i��K�K�D�)�6�<��L�L�
M�
����Yf�hn�p|�H�I�	J���� =�
� M�Ok�l��K�K�;�m�K�L���K�K�M������'�'��c�6I�6I�=�Y��'�
��>�>�!�/��;�>��N�P��K�K�4�
�F�G�Pr�c�>�|jd|�d|j�d��|jd|zd�s#|jd|�d|j�d��ytj�}|j|_tj
|tj|�|d	<|j|d
tjzgd|z�rN|jd|z�t|j��d
|��}||jvsJ�d|j|<yy)zhandle a duplicate links valuezERECHECK: 'Missing/Duplicate/Correct link' lines above for attribute 'r>r0zDCommit fixes for (missing/duplicate) forward links in attribute '%s'rZzENot fixing corrupted (missing/duplicate) forward links in attribute '�' of 'Nr"rrz/Failed to fix duplicate links in attribute '%s'z'Fixed duplicate links in attribute '%s'r�F)r�r�r�rqr�r�r�r�r�(DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKSr�rY)r�r�r��forward_valsr�duplicate_cache_keys      r#�err_recover_forward_linksz!dbcheck.err_recover_forward_links�s��	
���jv�x{�x~�x~��	A���� f�iu� u�xS�T��K�K�$�c�f�f�.�
/���K�K�M���v�v����'�'��c�6J�6J�L�Y��'�
��>�>�!�.��1^�1^�^�_�K�l�Z�\��K�K�A�\�R�S�-0����[�,�"G��&�$�*C�*C�C�C�C�=B�D�%�%�&9�:�\r�c��|jd|jz�|jjdtj
dg��}t
|�dk(sJ�t|ddd�}|jd|j�d|��d	�s"|jd
|j�d|���yt	j�}|j|_t	j|tjd�|d
<|j|gd|j�d|���r"|jd|j�d|���yy)zhandle a missing fSMORoleOwnerz*ERROR: fSMORoleOwner not found for role %sr/�
dsServiceName)r+r,r5rzSeize role z) onto current DC by adding fSMORoleOwner=r^zNot Seizing role N�
fSMORoleOwnerr"zFailed to seize role zSeized role )
r�r�r=r�rqr�r�r�r�r�r�r5r�)r�r�r��serviceNamers     r#�err_no_fsmoRoleOwnerzdbcheck.err_no_fsmoRoleOwner�s�����@�C�F�F�K�L��j�j����&)�n�n�_�<M� �O���3�x�1�}��}��#�a�&��1�!�4�5�����^a�^d�^d�fq� r�uF�G��K�K�\_�\b�\b�do�p�q���K�K�M���v�v����'�'��S�5E�5E��W��'�
��>�>�!�R�be�bh�bh�ju�v�x��K�K�WZ�W]�W]�_j�k�l�xr�c���|jd|jz�|jd|jzd�s|jd|jz�yd}|jj	�	|jj|j�}|jj
|tj�}tj|jt|j��}|jt|�dz
�|j|j||dd	gd
|j�d||z���r�|jd|j�d||z���tj�}|j|_tj t|jj#��tj$d
�|d
<|j'|gd||zz�r|jd||zz�d}|r|jj+�y|jj)�y#|jj)��xYw)zhandle a missing parentz%ERROR: parent object not found for %sz!Move object %s into LostAndFound?r_z&Not moving object %s into LostAndFoundNFr5r�r��Failed to rename object z into lostAndFound at zRenamed object �lastKnownParentz:Failed to set lastKnownParent on lostAndFound object at %sz0Set lastKnownParent on lostAndFound object at %sT)r�r�r�r=�transaction_startrNr�r�DS_GUID_LOSTANDFOUND_CONTAINERrqrrr��remove_base_componentsr�r r�r��parentr�r��transaction_cancel�transaction_commit)r�r��keep_transactionr^�lost_and_found�new_dnrs       r#�err_missing_parentzdbcheck.err_missing_parent�s������;�s�v�v�F�G���� C�s�v�v� N�Ph�i��K�K�@�C�F�F�K�L�� ���
�
�$�$�&�	��j�j�,�,�S�V�V�4�G�!�Z�Z�8�8��$�Be�Be�f�N��V�V�D�J�J��C�F�F��4�F��)�)�#�f�+��/�:��~�~�c�f�f�f�n�?O�QZ�>[�VY�V\�V\�^d�gu�^u�v�x����3�6�6�SY�\j�Sj�k�l��K�K�M���v�v���'*�'9�'9�#�c�f�f�m�m�o�:N�PS�Pd�Pd�fw�'x��#�$��>�>�!�R�"^�bh�ky�by�"z�|��K�K� R�V\�_m�Vm� n�o�'+�$�
��J�J�)�)�+��J�J�)�)�+��	��J�J�)�)�+��s
�:FI	�	I&c
�Z�tj|jt|��}|j	t|�dz
�|j
�}d}	||k7r|	|�d|�d�z
}	|	d|zz
}	|jd|j�d|	�d|�d	��|jd
|j�d|�d�d
�s"|jd|j�d|���y|j|j|||d|j�d|���r"|jd|j�d|���yy)zhandle a wrong dnr5r/�=� zname=%rzERROR: wrong dn[z] z new_dn[�]zRename r�r,rfz
Not renaming Nr�z into zRenamed )rqrrr=r�r�r�r�r�r�r�r )
r�r�r��rdn_attr�rdn_val�name_valr��new_rdn�
new_parent�
attributess
          r#�err_wrong_dnzdbcheck.err_wrong_dn�s����&�&����S��[�1���&�&�s�7�|�a�'7�8��]�]�_�
��
��h���h��8�8�J��i�8�,�,�
����3�6�6�:�v�V�W����c�f�f�f� E�x�P��K�K�3�6�6�6�B�C���>�>�#�&�&�'�:�x�BE�&�&�&�Q�S��K�K�����?�@�Sr�c�6�|jd|d|j|fz�|jd|d||jfzd�s%|jd|d||jfz�ytj�}|j|_tj
t
|�tjd�|d<|j|dtjzgd	|j|fz�r!|jd
|j|fz�yy)zhandle a wrong instanceTypez0ERROR: wrong instanceType %s on %s, should be %d�instanceTypez(Change instanceType from %s to %d on %s?r`z-Not changing instanceType from %s to %d on %sNr"rzGFailed to correct missing instanceType on %s by setting instanceType=%dz7Corrected instancetype on %s by setting instanceType=%d)r�r�r�rqr�r�r�r�r�r�&DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA)r�r��calculated_instancetypers    r#�err_wrong_instancetypezdbcheck.err_wrong_instancetype�s@�����F�#�n�J]�_b�_e�_e�g~�I��	A���� J�c�R`�Na�cz�|�}C�}C�ND�!D�FX�Y��K�K�G�3�~�K^�`w�y|�y�y�KA�A�
B���K�K�M���v�v����'�'��,C�(D�c�FZ�FZ�\j�k��'�
��>�>�!�.��1\�1\�\�]�c�gj�gm�gm�pG�gH�H�I��K�K�Q�UX�U[�U[�]t�Tu�u�v�Ir�c��|jd|j�d|jj|j��d��y)N�0ERROR: incorrect userParameters value on object z�.  If you have another working DC that does not give this warning, please run 'samba-tool drs replicate --full-sync --local <destinationDC> <sourceDC> r0�r�r�r=rN)r�r�r%r"s    r#�err_short_userParametersz dbcheck.err_short_userParameters�si�����gj�gm�gm�os�oy�oy�oE�oE�FI�FL�FL�oM�N�	Or�c��|jd|�d|j�d��|jd|jzd�s|jd|jz�ytj�}|j|_tj
t
||d�tjd	�|d
<|j|gd|jz�r|jd|jz�yy)
z6handle a userParameters that is wrongly base64 encodedz(ERROR: wrongly formatted userParameters � on z, should not be base64-encodedz2Convert userParameters from base64 encoding on %s?rgz6Not changing userParameters from base64 encoding on %sNr�userParametersr"zOFailed to correct base64-encoded userParameters on %s by converting from base64zGCorrected base64-encoded userParameters on %s by converting from base64)	r�r�r�rqr�r�rr�r��r�r�r%r"rs     r#�err_base64_userParametersz!dbcheck.err_base64_userParameters�s������hm�or�ou�ou�v�w���� T�X[�X^�X^� _�a|�}��K�K�P�TW�TZ�TZ�[�\���K�K�M���v�v����'�'�	�#�h�-��2B�(C�S�EY�EY�[k�l��'�
��>�>�!�R�k�or�ou�ou�v�x��K�K�a�eh�ek�ek�l�m�xr�c��|jd|jz�|jd|jzd�s|jd|jz�ytj�}|j|_tj
||dj
d�jd�tjd	�|d
<|j|gd|jz�r|jd|jz�yy)
z5handle a userParameters that is wrongly utf-8 encodedzPERROR: wrongly formatted userParameters on %s, should not be pseudo-UTF8 encodedz0Convert userParameters from UTF8 encoding on %s?rhz4Not changing userParameters from UTF8 encoding on %sNrr1�	utf-16-ler�r"zQFailed to correct psudo-UTF8 encoded userParameters on %s by converting from UTF8zICorrected psudo-UTF8 encoded userParameters on %s by converting from UTF8�
r�r�r�rqr�r�r�encoder�r�r�s     r#�err_utf8_userParameterszdbcheck.err_utf8_userParameterss������8�;>�6�6�C�	D���� R�VY�V\�V\� ]�_x�y��K�K�N�RU�RX�RX�Y�Z���K�K�M���v�v����'�'��H�
�a�(8�(?�(?��(G�(N�(N�{�([�(+�(<�(<�>N�P��'�
��>�>�!�R�m�qt�qw�qw�x�z��K�K�c�gj�gm�gm�n�o�zr�c��|jd|jz�|jd|jzd�s|jd|jz�ytj�}|j|_tj
||dj
d�jd�tjd	�|d
<|j|gd|jz�r|jd|jz�yy)
z:handle a userParameters that has been utf-16 encoded twicezQERROR: wrongly formatted userParameters on %s, should not be double UTF16 encodedz:Convert userParameters from doubled UTF-16 encoding on %s?riz>Not changing userParameters from doubled UTF-16 encoding on %sNrr�r1r�r"zJFailed to correct doubled-UTF16 encoded userParameters on %s by convertingzBCorrected doubled-UTF16 encoded userParameters on %s by convertingr�r�s     r#�err_doubled_userParametersz"dbcheck.err_doubled_userParameterss������g�kn�kq�kq�r�s���� \�`c�`f�`f� g�jF�G��K�K�X�\_�\b�\b�c�d���K�K�M���v�v����'�'��H�
�a�(8�(?�(?��(L�(S�(S�TZ�([�(+�(<�(<�>N�P��'�
��>�>�!�R�f�jm�jp�jp�q�s��K�K�\�`c�`f�`f�g�h�sr�c��|jd|j�d|jj|j��d��y)z?Fix a truncated userParameters due to a pre 4.1 replication bugr�z� (odd length).  If you have another working DC that does not give this warning, please run 'samba-tool drs replicate --full-sync --local <destinationDC> <sourceDC> r0Nr�)r�r�r%s   r#�err_odd_userParameterszdbcheck.err_odd_userParameters+si�����tw�tz�tz�|@�|F�|F�|R�|R�SV�SY�SY�|Z�[�	\r�c�H�|jj|tj|ggd���}|jj|�}|d|D]L}t
|j|jd�|�}|jjd�}||k(s�J|cSy)z#return a revealed link in an object)r�r�r�r�rr1r�N)
r=r�rqr�r?�#get_syntax_oid_from_lDAPDisplayNamerrr�r�)	r�r�r%r�r��
syntax_oidr8r��guid2s	         r#�find_revealed_linkzdbcheck.find_revealed_link/s����j�j���R�s�~�~�h�Z�)b� �d���&�&�J�J�8�T�
��q�6�(�#�	�C��d�j�j�#�*�*�V�*<�j�I�G��J�J�5�5�f�=�E��u�}���		�
r�c���d}t�}t�}|dzr|||fS|�|||fSt|j��d|��}	|	|jvrd|j|	<||D�]�}
t	|j
|
j
d�|�}|jjd�}|��Httj|��}
|
|jz}||vr|||<�|dz
}||vr%t�||<d||d<t�||d	<t||jjd
��}t|jjd
��}||kDr$||||d<||d	j|���!||kr)|||d<||d	j||�|||<��Ot||jjd��}t|jjd��}||k\r$||||d<||d	j|����|||d<||d	j||�|||<���|dk7rd|j|	<|||fS)
�1check a linked values for duplicate forward linksrr5Nr�Fr1r��keepr�RMD_VERSION�
RMD_LOCAL_USNT)rXr�r�rYrr=rr�rr�rJrDr�r)r�r�r�r��forward_linkIDr�r��duplicate_dict�unique_dictr�r8r�r��guidstr�keystr�v1�v2�u1�u2s                   r#�check_duplicate_linkszdbcheck.check_duplicate_links;s���������f���A�����=�=�� ����=�=�),�S�V�V��l�C���d�&?�&?�?�=B�D�%�%�&9�:��|�$�'	*�C��d�j�j�#�*�*�V�*<�n�M�G��:�:�4�4�V�<�D��|���$�)�)�D�/�*�G��w�~�~�-�F��[�(�&-��F�#���1��K��^�+�)-���v�&�15��v�&�v�.�37�6��v�&�x�0��[��(�+�+�B�B�=�Q�R�B��W�Z�Z�6�6�}�E�F�B��B�w�1<�V�1D��v�&�v�.��v�&�x�0�7�7��@���B�w�18��v�&�v�.��v�&�x�0�7�7��F�8K�L�&-��F�#���[��(�+�+�B�B�?�S�T�B��W�Z�Z�6�6��G�H�B��R�x�1<�V�1D��v�&�v�.��v�&�x�0�7�7��@��-4�N�6�"�6�*��6�"�8�,�3�3�K��4G�H�")�K���O'	*�R�!��=A�D�%�%�&9�:��^�[�9�9r�c��d}t|��d|��}||jvr|j|S|j|�\}}|g}ddg}		|jj	t|�t
j||	��}
|
d}|j|||||�\}}}||jvr|j|Sy#t
j$r-}|j\}}
|t
jk7r�Yd}~yd}~wwxYw)r�rr�r�r�r�NF)r�rYr(r=r�rqr�r�r�r�r�)r�r�r�r�r�r�r�r�r,r�r��e8r�r�r�r�r�s                 r#r�zdbcheck.has_duplicate_links|s����),�R��,�?���$�";�";�;��,�,�-@�A�A�(,�(M�(M�l�([�%��
����%�';�<��	��*�*�#�#��R�����*/�(�$�D�C��!�f���&�&�s�L�.�.�Zg�h�	1��^�[��$�";�";�;��,�,�-@�A�A����|�|�	��7�7�L�T�4��s�-�-�-����	�s�6B>�>C>�#C9�9C>c�&�g}d}|�||fS|tjk7r|jd|z�||fSd|jvr|jd�||fS	|dd}t	ttj|��}	d|�d|	�d	�}
|jj|
tjdggd
���}|D�] }t|j|jj�|�}|jj!d�}t	t
j|��}||vr�qtt"j$|d
d�}|j&j(D]9}|j*}|j,}|j.t0j2k(s�9nt
jd�}d}}|}d}|}|}}d}|jj5dt	|��|jj5dt	|��|jj5dt	|��|jj5dt7|��|jj5dt	|��|jj5dt	|��|jj5dt	|��|dz
}|j9|���#||fS#tj$r}|j\}
}�d}~wwxYw)zMFind all backlinks linking to obj_guid_str not already in forward_unique_dictrNz5Not checking for missing forward links for syntax: %s�sortedLinkszQNot checking for missing forward links because the db has the sortedLinks feature�
objectGUID�(z=<GUID=z>))r��search_options:1:2zpaged_results:1:1000)r4r+r,r�r��replPropertyMetadataz$ffffffff-4700-4700-4700-000000b13228r5�RMD_ADDTIME�RMD_CHANGETIMEr��RMD_INVOCID�RMD_ORIGINATING_USNr�r�)rq�	SYNTAX_DNr�r;r�r	rr�r=r��
SCOPE_SUBTREEr�r�rr�rzr�r�replPropertyMetaDataBlob�ctr�array�	local_usn�originating_change_time�attidr�DRSUAPI_ATTID_objectClassr{r
r) r�r�r�r�r��forward_unique_dict�missing_forward_linksr��obj_guid�obj_guid_str�filterr��e9r�r��rr�r�r��replr�r��t�originating_invocid�originating_usn�rmd_addtime�rmd_changetimer��rmd_invocid�rmd_originating_usn�
rmd_local_usn�rmd_versions                                 r#�)find_missing_forward_links_from_backlinksz1dbcheck.find_missing_forward_links_from_backlinks�s���!#����� �)�;�7�7��S�]�]�*��K�K�O�&�'�
(�)�;�7�7��D�3�3�3��K�K�6�
7�)�;�7�7�	��<�(��+�H��z�$�)�)�X�>�?�L�)6��E�F��*�*�#�#�v�*-�*;�*;�L�>�.F�$�G�C��>	4�A���
�
�A�D�D�,=�,=�,?��P�I��<�<�6�6�v�>�D��$�)�)�D�/�*�G��-�-��(�h�?�?�!�"8�9�!�<�>�D��X�X�^�^�
���K�K�	��-�-���7�7�g�?�?�?��	
�#'�)�)�,R�"S���O��K��N��I�-�K�"1��%�M��K��L�L�/�/�
�s�;�?O�P��L�L�/�/�0@�#�n�BU�V��L�L�/�/��S��^�L��L�L�/�/�
�x��?T�U��L�L�/�/�0E�s�K^�G_�`��L�L�/�/���]�AS�T��L�L�/�/�
�s�;�?O�P��1��K�!�(�(��3�}>	4�@&�{�3�3��I�|�|�	��7�7�L�T�4���	�s�A$K(�(L�;L�Lc��d}|dd}|j|�\}}|�|jj|�}nd}|dv}	|	r|jri}
n|j	|||||�\}}
}t|
�dk7�r�|j
||||�\}}
||
z
}|j�D�cgc]}|��}}|
dk7r#|jd|�d|j�d��n"|jd|�d|j�d��|D]v}|jd	|z�|jd
|zd�sE|j|j||jj�|j||d�
��q||gz
}�x|
j�D]<}|
|}|dD]}|jd|z��|jd|dz��>t|�D�cgc]
}t|���}}|j!|||�t#j$|d|�||<||D�]�}t'|j(|j+d�|�}|jj-d�}|�%|dz
}|j/|j|||d��ltt1j2|��}ddg}t|�j5�dk(r-|j|j6k(rd}|j9d�nd}|�|j9|�	|j(j;d|zt"j<|gd���}|rudtG|ddd�z|_$dtG|ddd�z|_%t|�t|�k7r&|dz
}|jM|j|||d ����d|vxr"t|dd�jO�d!k(}d|dvxr%t|ddd�jO�d!k(} |r4|j|jPvr|r|jS|||�|dz
}��"| �r|jU|��s|�r|dz
}|jj-d"�}!|!r�d|dvr�tWtXjZ|dd#d�}"d}#|"j\j^D]>}$|$j`tbjdk(s�!|$jf}%|%tG|!�k\s�<d}#n|#r/|ji|j||||djd���|ji|j||||djd���?|jj-d$�}&d}'|&�tG|&�}'|'dzsd|�bt|dj�t|j�k7r4|dz
}|jk|j||||djd%����|djj-d�|jj-d�k7r4|dz
}|jk|j||||djd���@|djj-d&�}(|jj-d&�})|)�(|(�&|dz
}|jm|j||||(����|)|(k7r4|dz
}|jk|j||||djd&����|��|dk(r�t|dj�t|j�k7rS|jH|jjo�z}*|jq|j||*||dj���f|	r|jr��vd}+||dvr�|d|D]}},t'|j(|,j+d��}-|-jj-d�}.|-jj-d$�}/d}0|/�tG|/�}0|0dzr�s|.|k(s�y|+dz
}+�|+dk7r�|trjtk(s|trjtk(ra|dzs\d}1||D]K}2t'|j(|2j+d��jj-d�}3|3|k(s�G|1dz
}1�M|+|1k(r���d}4||D]}},t'|j(|,j+d��}-|-jj-d�}.|-jj-d$�}/d}0|/�tG|/�}0|0dzr�s|.|k(s�y|4dz
}4�|+|4k(r��!|4|+z
}5|dzrx|+dk(r1|dz
}|j|j|||j||���a|jd'||4t|j�||+t|j�fz����| rJ�|jd(||4t|j�||+t|j�fz�|5dk7s���|dz
}|5dkDrp|+dkDs|5dkDr)|jd)t|j�z���+|jw|||jj�||j�|5dz}5nJ|j|dj||jj�|j||�|5dz
}5|5dk7r�ʐ��|Scc}wcc}w#t"j>$rO}|j@\}}|t"jBk7r�||jE|j|||�z
}Yd}~�	�$d}~wwxYw)*z$check a DN attribute for correctnessrr�N)�member�memberOfz@ERROR: Missing and duplicate forward link values for attribute 'r>r0z4ERROR: Duplicate forward link values for attribute 'zMissing   link '%s'z8Schedule re-adding missing forward link for attribute %srWF)r�rzDuplicate link '%s'zCorrect   link '%s'r�r1r�r5zmissing GUID�	isDeleted�replPropertyMetaDatazmsds-hasinstantiatedncsTr��	<GUID=%s>)r�r�r�r�z	B:8:%08X:z%08Xz(incorrect instanceType part of Binary DN�TRUEr�r�r��stringryzHWARNING: Link (back) mismatch for '%s' (%d) on '%s' to '%s' (%d) on '%s'zIERROR: Link (forward) mismatch for '%s' (%d) on '%s' to '%s' (%d) on '%s'z5ERROR: Can't fix missing multi-valued backlinks on %s)<r(r?r�rkr�r�rr6r�r�r�r�rz�keys�sortedr�r�rqr�rr=rr�rnrr��lowerr{rr�r�r�r�r�rar�rJ�binaryrp�upperr�r�r�r	rr�r�r�r�r�DRSUAPI_ATTID_isDeletedr�rXrwr�r�rtrr�r�)6r�r�r%r�r�rr&r]�reverse_syntax_oid�is_member_linkr�r�r��missing_error_countr��
forward_linksrr��d�ddr r8r�r�r�r,�fixing_msDS_HasInstantiatedNCsr��e3r�r��
is_deleted�target_is_deletedr�r�
found_datar��deleted_usn�rmd_blobr��
target_sid�link_sid�bad_dn�match_count�v�v_dn�v_guid�v_blob�v_rmd_flags�
forward_count�w�w_guid�expected_count�
diff_counts6                                                      r#�check_dnzdbcheck.check_dns������|�$�Q�'��$(�$I�$I�(�$S�!��!��(�!%�!2�!2�!V�!V�Wh�!i��!%��!�%;�;���d�:�:��N��*�*�3��*�+1�3D�F�
5�K����~��!�#��>�>�s�?G��?P�?J�L�
7�!�#6�

�.�.�K�*5�*<�*<�*>�?�B�R�?�M�?�"�a�'����$�c�f�f�.�/����ai�kn�kq�kq�r�s�*�	
%�����1�Q�7�8��'�'�(b�em�(m�(G�I��.�.�q�t�t�5F�/2�v�v�/B�/B�/D�c�f�f�/7��@E�/�G���!��$�
�	
%�)�-�-�/�
?��"�6�*���H�+�<�B��K�K� 5�� :�;�<����1�A�f�I�=�>�	
?�'-�]�&;�<��C��G�<�D�<��*�*�3��$�?��.�.�t�Q��A�C��M��x�=�k	$�C��d�j�j�#�*�*�V�*<�j�I�G��:�:�4�4�V�<�D��|��q� ���2�2�3�6�6�8�S�'�3A�C���$�)�)�D�/�*�G� �"8�9�E��H�
�#�#�%�)B�B����SW�S`�S`�I`�15�.����^�,�16�.� �,����.�/�
��j�j�'�'�[�7�-B�#�.�.�.3�?A�(�B�� .�!,�s�3�q�6�.�3I�!�3L�/M�!M���!'�#�c�!�f�^�.D�Q�.G�*H�!H����w�<�3�s�8�+��1�$�K��0�0�����3��Q{�|��%��+�Z��C��4D�Q�4G�0H�0N�0N�0P�TZ�0Z�J� +�s�1�v� 5� g�#�c�!�f�[�>Q�RS�>T�:U�:[�:[�:]�ag�:g���c�f�f�D�,K�,K�K�PV�
�0�0��h��D��q� ���"�4�+E�+E�g�+N�SY��q� ��#�J�J�=�=�o�N�	��-��Q��7�)�(�*K�*K�*-�a�&�1G�*H��*K� M��%*�
�!%�����*�A� �w�w�'�*I�*I�I�./�k�k��#.�#�i�.�#@�26�J�$)�*�&� �/�/�����03�W�c�!�f�i�i��O�$��#�#�C�F�F�H�c�7�C��F�I�I�u�U��
�z�z�8�8��E�H��I��#���M�	��q�=�%6�%B��s�1�v�y�y�>�S����_�4��1�$�K��9�9�#�&�&�(�C�QX�:=�a�&�)�)�X�O���1�v�y�y�/�/��7�7�:�:�;\�;\�]c�;d�d��q� ���5�5�c�f�f�h��W�69�!�f�i�i��I���Q����9�9�%�@�J��z�z�8�8��?�H���J�$:��q� ���8�8�����3�9@�*�N���:�%��q� ���5�5�c�f�f�h��W�69�!�f�i�i��H��!�(��Q�;�3�s�1�v�y�y�>�S����_�#D�
%�^�^�g�j�j�.G�.G�.I�I�F��4�4�S�V�V�X�v�5<�c�!�f�i�i�I���$�">�">���K� �C��F�*��Q�� 1�2�
)�A�"�4�:�:�q�x�x��/?�@�D�!�W�W�;�;�F�C�F�!�W�W�;�;�K�H�F�"#�K��)�&)�&�k��"�Q�� ���)�#�q�(��
)��a����!;�!;�;�?Q�UY�Uo�Uo�?o�!�A�:�()�
�!$�X��3�A�%,�T�Z�Z����&�9I�%J�%M�%M�%d�%d�ek�%l�F�%��~� -�� 2�
�3�
'�-�7�$��N���]�

(���t�z�z�1�8�8�F�+;�<�����7�7��?�����7�7��D�����%�"%�f�+�K���?���T�>�"�a�'�N�

(��n�,��'�+�5�J���z��!�#��1�$�K��.�.�s�v�v�x�/2�G�J�J�/@�/A�C�����f�$�n�c�#�&�&�k�-�{�C��
�
�O�jM�M�N��(�(�(��K�K�c� �.�#�c�f�f�+�)�;��G�J�J��gI�I�
J���/��q� ����>�"�Q��*�q�.����%C�EH����_�%U�V���-�-�c�8�.1�f�f�.A�.A�.C�.?�.5�j�j�:��!�O�J��.�.�s�1�v�y�y�:K�/2�v�v�/B�/B�/D�c�f�f�/7��E��!�O�J�#��/�uk	$�Z���Y@��4=��D�<�<�

�!�w�w���t��3�1�1�1���t�A�A�#�&�&�BJ�BE�BI� K�K����

�s%�+	k�k�
2k$�$m�7Am�mc�`�|jjD]}|j|k(s�|cSyr")r�r�r�)r�rr�r�s    r#�find_repl_attidzdbcheck.find_repl_attid-s/�������	�A��w�w�%����	�r�c�x�ttj|�}|j||�}|�|jSy)z�Read metadata properties and return the originating time for
           a given attributeId.

           :return: the originating time or 0 if not found
        r)r	rr�r;r�)r�r8r�rr�s     r#�get_originating_timezdbcheck.get_originating_time4s<���(�;�;�S�A��� � ��u�-���=��,�,�,�r�c�&�t�}t�}g}|j|j�}ttj
|�}|jjD]�}|jj|j�}	|j|	j��|j|j�|jj|	|��}
|
|jk7s��|j|j���|||fS)zgRead metadata properties and list attributes in it.
           raises KeyError if the attid is unknown.��is_schema_nc)r��is_child_ofrxr	rr�r�r�r?�get_lDAPDisplayName_by_attidr�r�rr�get_attid_from_lDAPDisplayName)r�r�r8�set_att�wrong_attids�
list_attid�in_schema_ncrr��att�
correct_attids           r#�process_metadatazdbcheck.process_metadataAs����%���u���
��~�~�d�n�n�5���(�;�;�S�A�������	*�A��#�#�@�@����I�C��K�K��	�	��$����a�g�g�&� �-�-�L�L�S�Zf�M�h�M�����'�� � ����)�	*���\�2�2r�c���tttj|dd��}t	j
|jd|z�}|jj|tj|gddg��}|d}t	j�}||_
t	j||tj|�||<|j|gd�d|z�r|jd	|z�y
y
)z�re-write replPropertyMetaData elements for a single attribute for a
        object. This is used to fix missing replPropertyMetaData elementsr�rrr�r�r�)r�r�r��'Failed to fix metadata for attribute %szFixed metadata for attribute %sN)r�r	rr�rqrrr=r�r�r�r�r�r�r�r�)r�r��attr�guid_strr�r�r�nmsgs        r#�fix_metadatazdbcheck.fix_metadataWs����z�$�)�)�S��->�q�-A�B�C��
�V�V�D�J�J��h� 6�
7���j�j���R�s�~�~�d�V�*>�*;�*=� �>���!�f���{�{�}������'�'��D�	�3�3G�3G��N��T�
��>�>�$� M�C�d�J�L��K�K�9�D�@�A�Lr�c���|jtjzryd}|jtjk(rd}n_|jtj
k(rd}n?|jtjk(rd}n|jtjk(rd}|sy|jjtjzsyt|jj�S)NFT)�flagsr
�SEC_ACE_FLAG_INHERIT_ONLY�type�"SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT�!SEC_ACE_TYPE_ACCESS_DENIED_OBJECT� SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT� SEC_ACE_TYPE_SYSTEM_ALARM_OBJECTr��%SEC_ACE_INHERITED_OBJECT_TYPE_PRESENTr��inherited_type)r��ace�checks   r#� ace_get_effective_inherited_typez(dbcheck.ace_get_effective_inherited_typegs����9�9�x�9�9�9�����8�8�x�B�B�B��E�
�X�X��C�C�
C��E�
�X�X��B�B�
B��E�
�X�X��B�B�
B��E����z�z���(�"P�"P�P���3�:�:�,�,�-�-r�c��||jvr|j|Sd|z}|jj|j|dg��}t	ttj|ddd��}||j|<|S)Nz0(&(ldapDisplayName=%s)(objectClass=classSchema))�schemaIDGUID)r*r4r,r)r|r=r�rxr�r	rr�)r��cls�fltr�rs     r#�lookup_class_schemaIDGUIDz!dbcheck.lookup_class_schemaIDGUID}s����$�)�)�)��*�*�3�/�/�@�3�F���j�j���T�^�^�+.�'5�&6� �8��
�
�4�9�9�c�!�f�^�&<�Q�&?�@�A��'(�����$��r�c��d}||}ttj|d�}d|vxr"t|dd�j	�dk(}|r|dfStj�}|j
|_|j|_|j|_|j|_d}d}	g}
|j�|jj}
tdt|
��D]V}|
|}|jtjzs|j|��7|j!|�}
|
��K|	�|
|	k7rd}�U|
}	�Xg}
|j"�|j"j}
tdt|
��D]V}|
|}|jtjzs|j%|��7|j!|�}
|
��K|	�|
|	k7rd}�U|
}	�X|r||fS|	�|dfSd}	|dd}|�k|j(j+|t,j.ddgd	g�
�}|d}d|vxr"t|dd�j	�dk(}|r|dfS|dd}|j1|�}
|
|	k7r||fS|dfS#t&$r
}Yd}~��d}~wwxYw)N�nTSecurityDescriptorrrrFT�objectClassrZr�r�)r	r
�
descriptorr�r�	owner_sid�	group_sidrT�revision�sacl�acesr4r�rR�SEC_ACE_FLAG_INHERITED_ACE�sacl_addr]�dacl�dacl_addr�r=r�rqr�rb)r�r�r��sd_attr�sd_val�sdr&�sd_clean�broken�last_inherited_typerkr:r[rr`r`r�r�s                  r#�
process_sdzdbcheck.process_sd�s���(���W���
��+�+�V�A�Y�
7�� �C�'�V�C��K�0@��0C�,D�,J�,J�,L�PV�,V�
����:���&�&�(���\�\����\�\�������
��K�K�����"����
�7�7���7�7�<�<�D��q�#�d�)�$�	$�A��q�'�C��9�9�x�B�B�B��!�!�#�&���5�5�c�:�A��y��"�.��+�+�"�F��"#��+	$�.��
�7�7���7�7�<�<�D��q�#�d�)�$�	$�A��q�'�C��9�9�x�B�B�B��!�!�#�&���5�5�c�:�A��y��"�.��+�+�"�F��"#��+	$�.��b�>�!��&���:����	��m�$�R�(�C��;��*�*�#�#��3�>�>�+6�
�*F�.?�-@�$�B�C��A��A�$��)�V�c�!�K�.��2C�.D�.J�.J�.L�PV�.V�J���D�z�!��M�"�2�&�C��*�*�3�/���#�#��b�>�!��D�z���+�	���	�s�"I5�5	J�Jc��d}t|�}tjtjz}|j	d|�d|�d�d�s|jd|�d|�d��yt
j�}||_t
j|tj|�||<|j|d	|zgd
|z�r|jd|�d|�d
��yy)z/re-write the SD due to incorrect inherited ACEsrd�Fix r�r,r\�Not fixing �
N�
sd_flags:1:%d�Failed to fix attribute %s�Fixed attribute 'r��'
)r
r
�SECINFO_DACL�SECINFO_SACLr�r�rqr�r�r�r�r�)r�r�rr�	sd_brokenrprq�sd_flagsrOs        r#�err_wrong_sdzdbcheck.err_wrong_sd�s���(���"����(�(�8�+@�+@�@�����7�B� ?�A[�\��K�K�7�B�?�@���{�{�}������*�*�6�3�3G�3G��Q��W�
��>�>�$��8�!;� <�6��@�B��K�K�G�R�H�I�Br�c�0�d}t|�}tjtjz}|j�|tj
z}|j�|tjz}|jd|�d|�d|��d�s|jd|�d|�d��ytj�}||_tj|tj|�||<|j|d	|zgd
|z�r|jd|�d|�d
��yy)zare-write the SD due to not matching the default (optional mode for fixing an incorrect provision)rdNzReset r�z back to provision default?
rozNot resetting rzr{zFailed to reset attribute %sr}r�r~)r
r
rr�rg�
SECINFO_OWNERrh�
SECINFO_GROUPr�r�rqr�r�r�r�r�)r�r�rr�diffrprqr�rs        r#�err_wrong_default_sdzdbcheck.err_wrong_default_sds���(���"����(�(�8�+@�+@�@��
�<�<�#���.�.�.�H�
�<�<�#���.�.�.�H����SZ�\^�`d� e�hC�D��K�K�g�r�B�C���K�K�M������'�'���0D�0D�g�N��'�
��>�>�!�o��8�9�8�7�B�D��K�K�G�R�H�I�Dr�c�B�d}t|�}tjtjz}|j	d|�d|�d�d�s|jd|�d|�d��yt
j�}||_t
j|tj|�||<|jj|j�|j|d	|zgd
|z�r|jd|�d|�d
��|jj|j�y)z/re-write the SD due to a missing owner or grouprdzFix missing owner or group in r�r,r]z"Not fixing missing owner or group rzNr{rLr}r�r~)r
r
r�r�r�r�rqr�r�r�r�r=�set_session_infor�r�r�)r�r�rrrprqr�rOs       r#�err_missing_sd_ownerzdbcheck.err_missing_sd_owners���(���"����)�)�H�,B�,B�B�����W�VX� Y�\B�C��K�K�'�SU�V�W���{�{�}������*�*�6�3�3G�3G��Q��W�
�	
�
�
�#�#�D�$;�$;�<��>�>�$��8�!;� <�C�g�M�O��K�K�G�R�H�I��
�
�#�#�D�$<�$<�=r�c
��|jry||jvryttj|�}|j|tj�}tj|j�}tj�}|jdz}||z
}||kry||z}	|dz}
|
dkrA|jd|z�|jdtj|	�|dzfz�n=|jd|z�|jdtj|	�|
fz�|jd	|j|j |j"|j$|j&tjtj|j��fz�|xj(d
z
c_y)NF�Q�z`SKIPPING additional checks on object %s which very recently became an expired tombstone (normal)zbINFO: it is expected this will be expunged by the next daily task some time after %s, %d hours agoiz+SKIPPING: object %s is an expired tombstonezTINFO: it was expected this object would have been expunged soon after%s, %d days agozHisDeleted: attid=0x%08x version=%d invocation=%s usn=%s (local=%s) at %sr5T)rmr�r	rr�r;rr�samba�nttime2unixr��timer9r��ctimer��version�originating_invocation_idrr�rn)r�r��repl_valrr�delete_time�current_time�tombstone_deltar��expunge_time�
delta_dayss           r#�is_expired_tombstonezdbcheck.is_expired_tombstone8s����(�(��
��0�0�0���(�;�;�X�F���(�(��w�/N�/N�O�	��'�'�	�(I�(I�J���y�y�{���0�0�L�A���{�*���O�#��"�_�4���l�+�
���?��K�K�?�AC�D�
E�
�K�K�'� �:�:�l�3�U�w�5G�H�I�
J�

�K�K�E��J�K��K�K�*� �:�:�l�3�Z�@�A�
B�
	
���^��O�O��%�%��7�7��-�-��'�'��J�J�u�0�0��1R�1R�S�T�
bV�V�	W�	
���1�$��r�c�.�ttj|�}|j|tj
�}t
j|j�}|jdz}g}|jjD]�}|jtj
k(r�!|j|jkr�;|j|jkr�Ut
j|j�}||z
}	|	|kr�|j|���||fS)Nr�)r	rr�r;rrr�r�r�r9r�r�r�r�r)
r�r�rrr�r��foundr��change_timer�s
          r#�find_changes_after_deletionz#dbcheck.find_changes_after_deletionns����(�;�;�X�F���(�(��w�/N�/N�O�	��'�'�	�(I�(I�J���0�0�L�A���������	�A��w�w�'�9�9�9���{�{�i�1�1�1���(�(�I�,M�,M�M���+�+�A�,E�,E�F�K��+�-�E���'��
�L�L��O�)	�,�i��r�c����j|�\}}t|�dk(ry�fd�}�jd|z�||�|D]
}||��y)NrFc���	�jj|j�}�j	d||j|j
|j|j|jtjtj|j��fz�y#t$rd|jz}Y��wxYw)N�<unknown:0x%x08x>zA%s: attid=0x%08x version=%d invocation=%s usn=%s (local=%s) at %s)r?rBr�r�r�r�r�rr�r�r�r�r�r�)r��attnamer�s  �r#�report_attidz8dbcheck.has_changes_after_deletion.<locals>.report_attid�s����
8��+�+�H�H����Q��
�K�K�[�����!�)�)��3�3��)�)�����
�
�5�#4�#4�Q�5N�5N�#O�P�_R�R�
S���
8�-����7��
8�s�%B&�&C�Cz,ERROR: object %s, has changes after deletionT)r�r�r�)r�r�r�r�rr�r�s`      r#�has_changes_after_deletionz"dbcheck.has_changes_after_deletion�sc����;�;�H�E���y��u�:��?��	S�	
���B�R�G�H��Y���	�A���O�	�r�c�X�|j|�\}}|j|j�}|j�}|jj||��}g}|D]�}	|	j|k(r�|	jtjk(r�1|	jtjk(r�O	|jj|	j�}
|j|
���t|�dkDr5|jddj|�z�|jd�y|j!d|�d|j"�d	�d
�s|jd�y|j%|dgd|z�r|jd
|z�yy#t$rd|	jz}
Y��wxYw)Nr?r�rzUnexpeted attributes: %srz%Not fixing changes after deletion bugzDelete broken tombstone object z	 deleted z
 days ago?r�r�rLrM)r�rArx�get_rdn_namer?rCr�r�DRSUAPI_ATTID_name�DRSUAPI_ATTID_lastKnownParentrBr�rr�r�rr�r9r)r�r�r�r�rrGr��	rdn_attid�
unexpectedr�r�s           r#�err_changes_after_deletionz"dbcheck.err_changes_after_deletion�s����;�;�H�E���y��~�~�d�n�n�5���?�?�$���%�%�D�D�X�BN�E�P�	��
��	'�A��w�w�)�#���w�w�'�4�4�4���w�w�'�?�?�?��
8��+�+�H�H����Q��
���g�&�	'��z�?�Q���K�K�2�S�X�X�j�5I�I�J��K�K�?�@����� "�D�$:�$:�!<�=]�_��K�K�?�@���>�>�"�y�k�2�R�7�9��K�K��"�,�-�9���
8�-����7��
8�s�1%F�F)�(F)c��ttj|�}|j}d}|jD]�}|j
t
jd�k7r�&d}|jd||j|jtjtj|j��|j j#�fz���|S)NF�$00000000-0000-0000-0000-000000000000Ta
ERROR: on replPropertyMetaData of %s, the instanceType on attribute 0x%08x,
                           version %d changed at %s is 00000000-0000-0000-0000-000000000000,
                           but should be non-zero.  Proposed fix is to set to our invocationID (%s).)r	rr�r�r�r�rr�r�r�r�r�r�r�r�r�r=�get_invocation_id)r�r��repl_meta_datarr�r�r�s       r#�"has_replmetadata_zero_invocationidz*dbcheck.has_replmetadata_zero_invocationid�s����(�;�;�(�*���h�h�������	<�A��*�*�d�i�i�8^�._�_���E��K�K�h��q�w�w��	�	��:�:�e�&7�&7��8Q�8Q�&R�S��:�:�7�7�9�;�;�
<�
	<��r�c	��ttj|�}|j}t	j
t
tj���}d}|jD]�}|jtjd�k7r�&d}|jjtj�}	|j dz|_||_tj|jj%��|_	|	|_|	|_��|r�t+|�}
tj,�}||_|j1d|�d|�d|jj%��d�d	�s|j3d
|�d|�d��ytj,�}||_tj4|
tj6|�||<|j9|dt:j<zd
gd|z�r|j3d|�d|�d��yyy)NFr�Tr5rxr�zK by setting originating_invocation_id on some elements to our invocationID r,raz-Not fixing zero originating_invocation_id in rzr�#local_oid:1.3.6.1.4.1.7165.4.3.14:0r|r}r�r~)r	rr�r�r��unix2nttimer�r�r�r�rr�r=�sequence_numberrq�SEQ_NEXTr�r�r�rr�r
r�r�r�r�r�r�r�rr�)
r�r�rMr�rr��nowr�r��seq�replBlobrrOs
             r#�"err_replmetadata_zero_invocationidz*dbcheck.err_replmetadata_zero_invocationid�s����(�;�;�(�*���h�h������D�I�I�K� 0�1�������	�A��*�*�d�i�i�8^�._�_���E��*�*�,�,�S�\�\�:�C��	�	�A�
�A�I�(+�A�%�*.�)�)�D�J�J�4P�4P�4R�*S�A�'� #�A���A�K�	����~�H��+�+�-�C��C�F��#�#�'+�R����1M�1M�1O�%Q�Rv�x����Y]�_a�b�c���;�;�=�D��D�G��+�+�H�c�6J�6J�D�Q�D��J��~�~�d�%5��8c�8c�%c�%J�%L�:�T�A�C�����b�I�J�C�r�c� �ttj|�}|j}|jD](}	|j
j
|j�}�*y#t$r%|jd|j||fz�YywxYw)NzIERROR: attributeID 0X%0X is not known in our schema, not fixing %s on %s
)
r	rr�r�r�r?rBr�r�r�)r�r�rMr�rr�r�rHs        r#�err_replmetadata_unknown_attidz&dbcheck.err_replmetadata_unknown_attids����(�;�;�(�*���h�h�����	�A�
��'�'�D�D�Q�W�W�M��	���
����h�lm�ls�ls�uy�{}�k~�~���
�s�%A�*B
�B
c
�`�ttj|�}d}t�}t�}i}	|j	|j
�}
|j}t|jddd���|_t|j�D�]�}td||jfz�|jj|j�}
|
j�|v�r|jd|
�d|�d|�d��|j!d	|||j|
|	|
jfzd
�s$|jd|j|
||fz�yd}|j#|j�|j$|	|
j$kDrd|j&|	|
_|j(|	|
_|j*|	|
_|j,|	|
_|j$|	|
_��e||	|
<|j#|
j�����|jD�cgc]}|j|vs�|��}}t/|�d
kDr�|D]�}|j|vs�|jj|j�}
|jj1|
|
��}|jd|�d|�d��|j!d|||j|
|	|
jfzd�s%|jd|j||
||fz�yd}||_��|rt|ddd���|dd|sJ|jd|�d|�d��|j!d|�d|�d�d�s|jd|�d|�d��yt/|�|_||_t5|�}t7j8�}||_t7j<|t6j>|�||<|jA|dtBjDzddgd|z�r|jd|�d|�d��yycc}w) NFc��|jSr"�r��r�s r#�<lambda>z:dbcheck.err_replmetadata_incorrect_attid.<locals>.<lambda>!s
��q�w�w�r�)�keyz
%s: 0x%08xz(ERROR: duplicate attributeID values for r*r�rzzLFix %s on %s by removing the duplicate value 0x%08x for %s (keeping 0x%08x)?rbz5Not fixing duplicate value 0x%08x for %s in %s on %s
Trr?z'ERROR: incorrect attributeID values in zEFix %s on %s by replacing incorrect value 0x%08x for %s (new 0x%08x)?rczANot fixing incorrect value 0x%08x with 0x%08x for %s in %s on %s
c��|jSr"r�r�s r#r�z:dbcheck.err_replmetadata_incorrect_attid.<locals>.<lambda>Xs
�����r�z&ERROR: unsorted attributeID values in rxz by sorting the attribute list?rdryrr�z#local_oid:1.3.6.1.4.1.7165.4.3.25:0r|r}r�r~)#r	rr�r�rArxr�rr��reversedrr�r?rBrr�r�r�r�r�r�r�rr�rC�countr
rqr�r�r�r�r�rr�)r�r�rMr�rErrArD�remove_attid�hash_attrGr�r�rH�new_listrIr�rOs                  r#� err_replmetadata_incorrect_attidz(dbcheck.err_replmetadata_incorrect_attids����(�;�;�(�*�����%���u�����~�~�d�n�n�5���h�h���3�9�9�Q�<�->�?��	��#�)�)�$�	%�A��,�"�a�g�g��.�/��#�#�@�@����I�C��y�y�{�g�%����Z]�_c�eg�h�i��'�'�(v�+/��Q�W�W�c�8�C�=�CV�CV�*W�)X�(J�L��K�K� X�#$�7�7�C��r�":�!;�<����� � ����)��;�;��#��!8�!8�8�
-.�I�I�H�S�M�)�<=�<U�<U�H�S�M�9�>?�>Y�>Y�H�S�M�;�45�4E�4E�H�S�M�1�./�k�k�H�S�M�+���H�S�M��K�K��	�	��$�?	%�D #�y�y�H�!�A�G�G�<�,G�A�H��H�����!��
,���7�7�l�*��+�+�H�H����Q�C�$(�$5�$5�$T�$T�UX�gs�$T�$t�M��K�K�W[�]_� `�a��+�+�,s�/3�R����#�x�PS�}�GZ�GZ�.[�-\�]{�}����$h�'(�w�w�
�s�D�"�&M�%N�O���C�+�A�G�
,��$�X�a�[�6G�H������K�K�d�TV�W�X��#�#�'+�R�%1�2S�U����t�R�@�A����M��	���	��D�>���{�{�}������'�'��#�2F�2F��M��T�
��>�>�$�!1�D�4_�4_�!_�!F�!F�!H�7��=�?�
�K�K�D�"�E�F�	?��IIs�)P+�=P+c��d}d|vr |jd|jz�d}d|vs"t|dd�j�dk(r |jd|jz�d}d	|vr |jd
|jz�d}d|vs"t|dd�j�dk(r |jd|jz�d}d
|vr |jd|jz�d}d|vrBt|dd�j�dk(r |jd|jz�d}d|vs9t	|d�dk7s(t|dd�dk7st|dd�dk7r |jd|jz�d}d|vst|dd�dk7r |jd|jz�d}|S)NF�descriptionz>ERROR: description not present on Deleted Objects container %sT�showInAdvancedViewOnlyr�FALSEzIERROR: showInAdvancedViewOnly not present on Deleted Objects container %s�objectCategoryzAERROR: objectCategory not present on Deleted Objects container %s�isCriticalSystemObjectzIERROR: isCriticalSystemObject not present on Deleted Objects container %s�
isRecycledz9ERROR: isRecycled present on Deleted Objects container %srz8ERROR: isDeleted not set on Deleted Objects container %srer��topr5�	containerzBERROR: objectClass incorrectly set on Deleted Objects container %s�systemFlags�-1946157056zBERROR: systemFlags incorrectly set on Deleted Objects container %s)r�r�r�rr�)r�r��faultys   r#�is_deleted_deleted_objectsz"dbcheck.is_deleted_deleted_objectsqs�������#��K�K�X�[^�[a�[a�a�b��F�#�3�.�#�c�:R�6S�TU�6V�2W�2]�2]�2_�cj�2j��K�K�c�fi�fl�fl�l�m��F��3�&��K�K�[�^a�^d�^d�d�e��F�#�3�.�#�c�:R�6S�TU�6V�2W�2]�2]�2_�cj�2j��K�K�c�fi�fl�fl�l�m��F��3���K�K�S�VY�V\�V\�\�]��F��#��#�c�+�&6�q�&9�":�"@�"@�"B�g�"M��K�K�R�UX�U[�U[�[�\��F���#��C�
�,>�(?�1�(D�(+�C�
�,>�q�,A�(B�e�(K�(+�C�
�,>�q�,A�(B�k�(Q��K�K�\�_b�_e�_e�e�f��F���#�s�3�}�+=�a�+@�'A�]�'R��K�K�\�_b�_e�_e�e�f��F��
r�c���tj�}|jx|_}d|vr(tjdtjd�|d<d|vr(tjdtjd�|d<d|vr5tjd|j
ztjd�|d<d|vr(tjdtjd�|d<d|vr(tjdtjd�|d<tjdtjd	�|d	<tjd
tjd�|d<tjdd
gtjd�|d<|jd|zd�s|jd|z�y|j|dgd|z�r|jd|z�yy)Nr�zContainer for deleted objectsr�rr�zCN=Container,%sr�r�rr�r�r�r�rezAFix Deleted Objects container %s by restoring default attributes?re�.Not fixing missing/incorrect attributes on %s
r�z+Failed to fix Deleted Objects container  %sz%Fixed Deleted Objects container '%s'
)
rqr�r�r�r�rxr-r�r�r�)r�r�rOr�s    r#�err_deleted_deleted_objectsz#dbcheck.err_deleted_deleted_objects�s����{�{�}���v�v����"���#�"%�"4�"4�5T�VY�Vj�Vj�ly�"z�D���#�3�.�-0�-?�-?���H\�H\�^v�-w�D�)�*��3�&�%(�%7�%7�8I�D�N�N�8Z�\_�\p�\p�sC�&D�D�!�"�#�3�.�-0�-?�-?���H\�H\�^v�-w�D�)�*��3��!$�!3�!3�F�C�<O�<O�Q]�!^�D����.�.�v�s�7K�7K�[�Y��[��!�0�0���@T�@T�Vc�d��]��!�0�0�%��1E�s�G[�G[�]j�k��]����� c�#%�!'�(E�G��K�K�I�R�P�Q���>�>�$���G�"�L�N��K�K�@�B�G�H�Nr�c�>�tj�}||_|jj	�}|jj�r#|j
d|�d|j�d��y|jd|jzd�s|j
d|jz�ytj|tj|�||<|j|gd|�d|j���r"|j
d	|�d|j���yy)
Nryr�z
 for the RODCz-Add yourself to the replica locations for %s?r�r�zFailed to add � for rk)rqr�r�r=rz�am_rodcr�r�r�r5r�)r�r��	cross_refrMrO�targets      r#�err_replica_locationszdbcheck.err_replica_locations�s����{�{�}��������-�-�/���:�:�����K�K�4����H�I����� O�#&�6�6�!+�,C�E��K�K�I�S�V�V�T�U���'�'���0@�0@�$�G��T�
��>�>�$���s�v�v�$N�O��K�K�T�3�6�6�:�;�Pr�c��||jjk(ry||jk(ry||jk(ry||jk(ry||j
k(ryy)NTF)r=rsrtrvrxryrOs  r#�is_fsmo_rolezdbcheck.is_fsmo_role�sX��
����%�%�%��
��'�'�'��
������
������
������r�c�:�d}|jj|�}||k(rc|tjz}	|jj	|j�tjgdg��|tjz}|j�At|�|jD�cgc]
}t|���c}vr|tjz}|S#tj$r-}|j\}}|tjk7r�Yd}~��d}~wwxYwcc}w)Nrr�r�)r=rNr�INSTANCE_TYPE_IS_NC_HEADr�r�rqr��INSTANCE_TYPE_NC_ABOVEr�r�r�r�r��INSTANCE_TYPE_WRITE)r�r��instancetyper^�e4r�r��xs        r#�calculate_instancetypezdbcheck.calculate_instancetype�s������*�*�(�(��,��
��=��D�9�9�9�L�
<��
�
�!�!�r�y�y�{�#�.�.�PR�^o�]p�!�q��� ;� ;�;���>�>�%�#�g�,�4�>�>�:Z�a�3�q�6�:Z�*Z��D�4�4�4�L�����<�<�
�!�w�w���t��3�1�1�1��2��
��;[s�<C�*D�D�(#D�Dc��|jD]e\}}||k(s�tj|jj	��}ttj|||j���cSt�)Nr�)	r}r
r�r=r�r	rfr�r�)r�r��sd_dn�
descriptor_fnr�s     r#�get_wellknown_sdzdbcheck.get_wellknown_sd�sr��&*�&8�&8�	I�"�U�M��U�{�%�-�-�d�j�j�.G�.G�.I�J�
�!�(�"5�"5�"/�
�9=���#H�I�I�	I��r�c����	�|�dg�nt|��td��D���	��	fd�}d�	vs$d�	vs |j�j��	vr"�j	d��	jd�d�	vr |j�ddfD]
}||��d	}d�	vrd
}n*�D]%}|j
|�\}}|dk(r�|dzr�#d
}n|r|d
�|d���	fS)z�A helper function for check_object() that calculates the list of
        attributes that need to be checked, and returns that as a list
        in the original case, and a set normalised to lowercase (for
        easy existence checks).
        �*c3�<K�|]}|j����y�wr")r)�.0r�s  r#�	<genexpr>z/dbcheck.find_checkable_attrs.<locals>.<genexpr>�s����0�Q�q�w�w�y�0�s�c���|j��vr1�j|��j|j��yyr")rrr�)�ar,�lc_attrss ��r#�add_attrz.dbcheck.find_checkable_attrs.<locals>.add_attr�s3����w�w�y��(����Q�����Q�W�W�Y�'�)r�r��distinguishedname�namerr�FTrr5rr�)rDr�r�rrr�r()
r�r�r�r�r��need_replPropertyMetaDatar&r\r,r�s
        @@r#�find_checkable_attrszdbcheck.find_checkable_attrs�s����"��E�E���)�E��0�%�0�0��	(�

�H���8�+��O�O��#�#�%��1��L�L�� ��L�L�� ��X���o�o�'�!�#�%�
�����
�
%*�!��(�?�(,�%��
�� �A�A�!�D�	����Q�;���A�:��,0�)��
�%��+�,�����h��r�c
��(�|jr|jd|z�|j||�\}}	d}|tjz}|tj
z}|tjz}|tjz}|jj|tjdddd|zdg|��}t!|�dk7r|jd|z�y|d}
d}t#�}t#�}
d
}|jj%|
j&�}	|jj)|t*j,j.�}d
}d
}d
}d
}d}d
}|
D]k}|j3�dk(rt5|
|d�dk7rd}|j3�dk(rt7|
|d�}|j3�dk(s�d|
|d}�m|rA|r?|j9||�r|dz
}|j;||�|S|j=||�r|S|
D�]�}|dk(s|dk(r�|j3�dk(rd}|j3�dk(rnt!|
|�dk7rL|xj>dz
c_|jdt!|
|�|t5|
j&�fz�nt5|
|d�}|j3�t5|
j&jA��j3�k(rp|}t!|
|�dk7rL|xj>dz
c_|jdt!|
|�|t5|
j&�fz�nt5|
|d�}|j3�dk(r�|jC||
|d�r|dz
}|jE|||
|d�	|jG||
|d�\}}}t!|�t!|�kst!|�dkDstK|�|k7r |dz
}|jM|||
|d|�n>|ddk7r6|xj>dz
c_|jd|�dt5|��d����P|j3�dk(�r|jO||
�\}}|�|jQ|||�|dz
}���|jR�|jT�|jW||�|dz
}���||k(s|jXr�	|j[|�}t]tj^|
|d�}d
}|jXsd}ta||tjb|jje��|��}|dk7r|jg|||�|dz
}��r��t|j3�dk(r�|jji|jj||
|�} tK| �tK|
|�k7s| d|
|dk7s| d|
|dk7r$|jm||to|
|��|dz
}��
|j3�dk(�r
|
|d}!|!d k(r|dz
}|jq|
||
|���K|!d
d!d"k(r��U|!d
d#d$k(r|dz
}|js|
||
|���z|!ddk7r=|!d%dk7r5|!d&dk7r-|!d'dk7r%|!d(dk7r|dz
}|ju|
||
|����t!|!�d)zdk7r|dz
}|jw|
|����|!ddk(r=|!d)dk(r5|!d%dk(r-|!d*dk7r%|!d&dk(r|dz
}|jy|
||
|���.|j3�d+k(s|j3�d,k(rv|
|d|jzvrA|xj>dz
c_|jd-|�d.|
j&�d/|
|d�d0��n!|jzj}|
|d�|
|D]}"|"d1k(s�	|j||�|dz
}�!	|jjj�|�}#|j�|�\}%}&|jjj�|�}'|'t,j�zs4|'t,j�zs!|%s|
j}|j3��|#t,j�t,j�t,j�tj�fvr||j�|
||#�z
}n�t#�}(|
|D]n}"|(j}|"�|jji|jj||"g�} t!| �dk7s	| d|"k7s�S|j�|||
|�|dz
}nt!|
|�t!|(�k7r'|j�|||
|to|(��|dz
}ng|j3�d2k(s���|j�|�})t!|
d3�dk7st7|
d3d�|)k7s���|dz
}|j�|
|)���|sd4|vsd|vr|dz
}|j�|�d4|vsd|vr�|�<|xj>dz
c_|jd5t5|
j&�z�|�X|xj>dz
c_|jd6|
j&jA��dt5|
j&��d7��|��Gd
}*dd8g}+|r6|t*j,j�zs|}*|+d9t,j�zgz
}+|*�|
j&j��}*	tj�|jd:|*z�},|,j�d|
j&jA�|�|
j&|k(r|
j&},|,|
j&k7r|dz
}|j�|
|,||||+�nX|
j&j��|k7r;|xj>dz
c_|jd;|�d<|�d=|
j&�d7��	d}.|�rO|
j&|k(r�d@}/dA}0|j�||/�}1|1|0k7r�|j�dBt5|�zdC�rgtj��}2||2_tj�dDtj�dE�|2dE<|dz
}|jj�|2dFg�G�n|jdHt5|�z�|
j�|�D]o}3|.r|jdI|z�d
}.|dz
}|jdJ|3z�|j�dK|3zdL�s|jdM|3z��^|j�|
|3��q|j�|�r"dN|
vrd4|vsdO|vr|j�|
�|dz
}	||jj��k7rat5|j���|j�vr<|jj|j��tjddg�P�}||j�vr+d4|vr'|j�|
�r|j�|
�|dz
}|j�D]�\}5}$||5k(s�dS|
vs�dT}6|jj��rdU}6|6|$vr#|j�|
|$j&|6�|dz
}�Vd
}7|$|6D]+}8t5|8�|jj��k(s�*d}7�-|7r��|j�|
|$j&|6�|dz
}��||j�k(r�d4|vsdV|vr�dW|
vr�|dz
}|j�rb|j�dXdY�r~|jj��	|jj��|jj��n.|jj��s|jdZ|z�||j�k(�r�d[d\g}9|jj|j�tj|9�]�}|9D]a}:|:|dvr�t7|d|:d�};|;d^z	}<d_|;z}=|;dk7s�/|=|<k\s�5|jd`|=|<|=|<fz�|xj>dz
c_�cd[|dvr)|jda|z�|xj>dz
c_	|jj��\}>}<|jje�}?|>|<kr�db|?|>fz}@	|jjdc@ztjg�]�}|��|jdd@�de|dj&�df|���|dz
}|j�dg|@�dh|�di�dj�r^|jj��		|jj��}A|A|>k\rAdz}>n�&	|jj��n	|S|>dz
}>|>|<kr��|S|S#tj$rR}|j\}}	|tjk(r*|jr|jd	|z�Yd
}~yYd
}~y�d
}~wwxYw#t0$rd
}Y��wxYw#t0$r|dz
}|jI|||
|�Y��qwxYw#t0$rY���wxYw#t�$r"}$|j�|
|�|dz
}Yd
}$~$���d
}$~$wwxYw#t�$r5}-|xj>dz
c_|jd>|*�d?��Yd
}-~-���d
}-~-wwxYw#tj$rw}4|4j\}}	|tjk(rI|r0|jdQ|
j&z�|jdR�n|j�|
�|dz
}n�Yd
}4~4��gd
}4~4wwxYw#|jj���xYw#tj$r0}-|-j\}}	|tjk7r�d
}Yd
}-~-���d
}-~-wwxYw#|jj���xYw#tj$rC}BBj\}}	|jdk|	z�|xj>dz
c_Yd
}B~B|Sd
}B~BwwxYw)lzcheck one object�Checking object %srr�r�r�r{r�)r*r+r�r,z)ERROR: Object %s disappeared during checkNr5z,ERROR: Object %s failed to load during checkF�	isdeletedr�T�systemflags�replpropertymetadatar��distinguishedName�objectclassr�z1ERROR: Not fixing num_values(%d) for '%s' on '%s'z4ERROR: Not fixing incorrect initial attributeID in 'z' on 'z', it should be objectClass�ntsecuritydescriptor)�ignoreAdditionalACEsr/rZ�userparameters� �s        �sIAAgACAAIAAgACAAIAAg�r�r��	r�r��attributeid�	governsidzError: r�r�z. already exists as an attributeId or governsIdr�r�r�r�z(ERROR: Not fixing missing 'name' on '%s'zERROR: Not fixing missing 'r0r�rrz
RDN=RDN,%szERROR: Not fixing r�z on 'z#ERROR: could not handle parent DN 'z': skipping RDN checksi0l�)�x1cB&z-Fix isDeleted originating_change_time on '%s'rSrrr�r�z4Not fixing isDeleted originating_change_time on '%s'zOn object %sz7ERROR: Attribute %s not present in replication metadataz-Fix missing replPropertyMetaData element '%s'rRz4Not fixing missing replPropertyMetaData element '%s'r��
fsmoroleowner)r*r+r�z'WARNING: parent object not found for %szFNot moving to LostAndFound (tombstone garbage collection in progress?)�repsFromr2r3�ridsetreferencesr8z,Allocate the missing RID set for RID master?r�z^No RID Set found for this server: %s, and we are not the RID Master (so can not self-allocate)�rIDAllocationPool�rIDPreviousAllocationPoolr)� l��z!Invalid RID pool %d-%d, %d >= %d!z No rIDAllocationPool found in %sz%s-%dz<SID=%s>zSID r�z' conflicts with our current RID set in zFix conflict between SID z and RID pool in z by allocating a new RID?rjzCouldn't get available RIDs: %s)vr@r�r�r
r�r�rr�r=r�rqr�r�r�r�rpr�r�rNr�r�r�rr�r�rr�r�r�r�r�r�r�r�r�rJr�rr�rvr�rgrhr�rlr�r	rfrr�r�r�r3r?rErDr�r�r�r�r�r�r�r.r�rr�r(�$get_systemFlags_from_lDAPDisplayName�DS_FLAG_ATTR_NOT_REPLICATED�DS_FLAG_ATTR_IS_CONSTRUCTEDr��DSDB_SYNTAX_OR_NAME�DSDB_SYNTAX_STRING_DNr�r9r<rHr�r�rP�#SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETErsr�rr�
set_componentr��
get_rdn_value�
ValueErrorr=r�r�r�r�r�
differencerPr�r�r�r�r�r�r�r�r�r�r�rzr�r�r��create_own_rid_setr�r�r��free_rid_bounds�allocate_rid)Cr�r�r��search_attrsr�r�r��e10r�r�r�r��set_attrs_from_md�set_attrs_seen�got_objectclass�nc_dn�deleted_objects_dn�object_rdn_attr�object_rdn_valr�rr��repl_meta_data_valr%�list_attid_from_mdrErrr��
well_known_sd�
current_sdrr�r9�
userparamsr8r�rr&r]�flagr6r��	parent_dnr��expected_dnr`�show_dn�isDeletedAttId�expectedTimeDo�originatingrOrH�e11�dns_part�locationr��loc�
pool_attrs�	pool_attr�pool�high�low�
next_free_ridr��sid�
allocated_ridrsC                                                                   r#r�zdbcheck.check_object	s����<�<��K�K�,�r�1�2�"&�!:�!:�2��!O���h�	��H���.�.�.�H���.�.�.�H���-�-�-�H���-�-�-�H��*�*�#�#��3�>�>�(9�(9�(8�(7�(�(B�(<�.&�+7�$�8�C�"�s�8�q�=��K�K�F��K�L���!�f�����E��������
�
�&�&�s�v�v�.��	&�!%���!<�!<�U�=B�Z�Z�=i�=i�"k���������	���!���		6�H��~�~��;�.��s�8�}�Q�'�(�G�3� $�I��~�~��=�0�!�#�h�-��"2�3���~�~��#9�9�%(��]�1�%5�"�		6��+��.�.�r�3E�F��q� ���/�/��4F�G�"�"��(�(��-?�@�"�"��U	N�H��4��8�/B�#B���~�~��=�0�"&���~�~��6�)��s�8�}�%��*��)�)�Q�.�)��K�K� S�!$�S��]�!3�X�s�3�6�6�{� K�!L�M� #�3�x�=��#3�4�H��~�~��3�s�v�v�':�':�'<�#=�#C�#C�#E�E�"*���s�8�}�%��*��)�)�Q�.�)��K�K� S�!$�S��]�!3�X�s�3�6�6�{� K�!L�M�&)��X��q�)9�%:�N��~�~��#9�9��:�:�2�s�8�}�Q�?O�P��1�$�K��;�;�B��#�h�-�XY�JZ�[���/�/��C��M�!�4D�E�J�&�(:�L��(�)�C�0B�,C�C��,�'�!�+��/�0�4F�F��1�$�K��9�9�"�h��H�
�VW�HX�Zf�g�
*�!�,��1��-�-��2�-����%-�s�2�w�%8�9���~�~��#9�9�"&�/�/�"�c�":���Y��(��%�%�b�"�i�8��1�$�K���<�<�'�2�<�<�+?��-�-�b�"�5��1�$�K���+�+�t�/I�/I�!�(,�(=�(=�b�(A�
�",�H�,?�,?�,/��M�!�,<�">�J�,1�(��5�5�/3�,�'�
�z�(0�(8�(8����9R�9R�9T�(U�=Q�S�D��r�z��1�1�"�m�T�J�#�q�(�� ���~�~��=�0�!�Z�Z�A�A�$�BS�BS�U]�_b�ck�_l�m�
��*�%���H�
�)>�>� ��m�s�8�}�Q�'7�7� ��n��H�
�b�(9�9��7�7��H�d�3�x�=�FY�Z��1�$�K���~�~��#3�3� ��]�1�-�
���%��1�$�K��1�1�#�x��X��O�����_��7�����_�(?�?��1�$�K��2�2�3��#�h�-�P��!��m�q�(� ��m�q�(� ��m�q�(� ��m�q�(� ��m�q�(� �1�$�K��0�0��h��H�
�N����_�q�(�A�-��1�$�K��/�/��X�>�� ��m�q�(� ��m�q�(� ��m�q�(� ��m�q�(� ��m�q�(� �1�$�K��3�3�C��3�x�=�Q���~�~��=�0�H�N�N�4D��4S��x�=��#�t�'B�'B�B��)�)�Q�.�)��K�K�#+�S�V�V�S��]�1�5E�!G�H��/�/�3�3�C��M�!�4D�E��8�}�
���#�:��,�,�R��:��1�$�K��	
�
�!�.�.�R�R�S[�\�
�)-�(M�(M�h�(W�%�F�%��$�$�I�I�(�S�D��4�;�;�;��t�?�?�?���"�"�8�>�>�#3�4��d�8�8�$�:R�:R�"�8�8�#�-�-�I�I��t�}�}�S�(�J�G�G������x�=��C��J�J�s�O�!%���!E�!E�d�FW�FW�Ya�dg�ch�!i�J��:��!�+�z�!�}��/C��3�3�B��#�h�-�P�#�q�(�����s�8�}�%��V��4��-�-�b�(�C��M�4�PV�<�X��1�$�K���~�~��>�1�*.�*E�*E�b�*I�'��s�>�*�+�q�0�C��N�8K�A�8N�4O�Sj�4j��1�$�K��/�/��5L�M�kU	N�n�C�8�O�}��7P��1��K��(�(��,��8�O�v��1����%�%��*�%����F�#�c�f�f�+�V�W��&��%�%��*�%�������H[�H[�H]�_b�cf�ci�ci�_j�k�l����I�)�9�5�H��#�e�j�j�&T�&T�T� 2�I��-��0Z�0Z�Z�[�[��� ��F�F�M�M�O�	�
N�!�f�f�T�Z�Z���1K�L���)�)�!�S�V�V�-@�-@�-B�H�M��6�6�/�/�"%�&�&�K��#�&�&�(��1�$�K��%�%�c�;��*�H�h�@��V�V�)�)�+�~�=��)�)�Q�.�)��K�K�_�ES�EH�V�V�!M�N�����v�v�+�+�!'��"5��"�7�7�8J�N�[���.�0��'�'�(W�Z]�^`�Za�(a�cv�w�"�{�{�}��"$���,/�,>�,>�v�s�G[�G[�]h�,i��[�)�#�q�(���
�
�)�)�$�-��)�I����$Z�]`�ac�]d�$d�e�%�0�0�1B�C�	
,����K�K��� 3�4�#�G��q� �����U�X[�[�\��'�'�(W�Z]�(]�_q�r��K�K� V�Y\� \�]���!�!�#�s�+�	
,����R� ��c�)�s�h��/�U]�B]��)�)�#�.��q� ��	��T�Z�Z�/�/�1�1�c�"�)�)�+�6F�d�k�k�6Y��j�j�'�'�R�Y�Y�[����2C�EU�1V�(�X����0�0�0�S�H�_��.�.�s�3��0�0��5��q� ��#�2�2�	%�O�X�s��X�~�*��"3�6���:�:�%�%�'�=�H��3�&��.�.�s�C�F�F�H�E��1�$�K�����x�=�%�C��3�x�4�:�:�#?�#?�#A�A� $��%���.�.�s�C�F�F�H�E��1�$�K�'	%�*��#�#�#��h��"4��"@�%�S�0� �1�$�K��)�)��+�+�-:�,H�J�!�J�J�8�8�:�&� $�
�
� =� =� ?�!�J�J�9�9�;�!�Z�Z�/�/�1����%9�;=�%>�?�6���� �-�/J�K�J��*�*�#�#�������*4�$�6�C�(�
/�	��C��F�*���3�q�6�)�,�Q�/�0���r�z�� �4�'���1�9�����K�K� C�!$�d�C�� 6�!7�8��)�)�Q�.�)�
/�#�#�a�&�0����>��C�D��%�%��*�%�7
+�&*�j�j�&@�&@�&B�#�
�t�"�Z�Z�6�6�8�
�#�t�+�!�Z��$?�?�C�#�"�j�j�/�/�Z�#�5E�69�n�n�68�0�:�������7:�C��F�I�I�r�%K�L�#�q�(���+�+�03�B�-8�-G�	H�
!�J�J�8�8�:�&�&*�48�J�J�4K�4K�4M�M�'4�
�'E�8E��8I�
�(-�	'+�).�
!�J�J�9�9�;�!���&��*�
�Y$�t�+�\��{���_�|�|�	��8�8�L�T�4��s�-�-�-��&�&��K�K� K�b� P�Q�����	��*�	&�"&��	&��B ���1�$�K��7�7��H�c�(�m�T����H$�!� �!��P�
��*�*�3��9��q� ����
��B�
3��%�%��*�%����A�)��M2�2�3�3��
3��v�|�|�	��8�8�L�T�4��s�-�-�-���K�K� I�S�V�V� T�U��K�K�!N�O��+�+�C�0��1�$�K����	��|&� $�
�
� =� =� ?� %��R�<�<�#�'(�v�v���t��3�#9�#9�9�!�"���	#��<&� $�
�
� =� =� ?� %��_�<�<�
+� �X�X�
��d����=��D�E��%�%��*�%�%�h���o
+�s+�BAG%� 4AI
�6AI�-AJ
�AJ�5#AK�)A>AL	�7AN�B;AP�C?/AN6�F'AO<�G%AI
�G8AAI�IAI�IAI
�I
AI�IAI�I$AJ�JAJ�J
	AJ�JAJ�J	AK�J#AK�KAK�K	AL�K*AL�LAL�L	AN�LA,AN�NAN�NAN3�N6AO9�O	%AO4�O4AO9�O<AP�PAQ2�P/8AQ-�Q-AQ2c���tj|jd�}|jr|j	d|z�|jj|tj��}t|�dk7r|j	d|z�y|d}d}d|vr|j	d�|dzSt|dd�jd	��s!|j	d
�|dz
}|jd�s|S|jjtj|j|ddjd��tjd
g��}tttj|dd
d��}tj�}||_tj"d|ztj$d�|d<|j'|gdd��r|j	d�|S)z!check the @ROOTDSE special objectz@ROOTDSEr�)r*r+r5z"Object %s disappeared during checkrr�z(ERROR: dsServiceName missing in @ROOTDSEz<GUID=z1ERROR: dsServiceName not in GUID form in @ROOTDSEz"Change dsServiceName to GUID form?r1r�r)rz+Failed to change dsServiceName to GUID formFr�z"Changed dsServiceName to GUID form)rqrrr=r@r�r�r�r�r�r�rrr	rr�r�r�r�r�r�)r�r�r�r�r�rNrs       r#r�zdbcheck.check_rootdseDs���
�V�V�D�J�J�
�
+���<�<��K�K�,�r�1�2��j�j���R�s�~�~��>���s�8�q�=��K�K�<�r�A�B���!�f�����#�%��K�K�B�C���?�"��3��'��*�+�6�6�x�@��K�K�K�L��1��K��<�<� D�E�"�"��*�*�#�#�����
�
�C��<P�QR�<S�<Z�<Z�[a�<b�)c�*-�.�.���$�P�C��:�d�i�i��Q���1E�a�1H�I�J�H����
�A��A�D�!$�!3�!3�K�(�4J�47�4H�4H�/�"[�A�o���~�~�a��%R�]b�~�c����@�A��r�c�>�tj�}tj|jd�|_tj
dtjd�|d<tj
dtjd�|d<|j|gdd��S)	zre-index the whole databasez@ATTRIBUTESr�
force_reindexr�rzre-indexed databaseFr�)	rqr�rrr=r�r�r5r-r��r�rs  r#�reindex_databasezdbcheck.reindex_databasehsw���K�K�M���v�v�d�j�j�-�0����(�(���1A�1A�?�S��%���(�(���1D�1D�o�V��(���~�~�a��%:�U�~�K�Kr�c���tj�}tj|jd�|_tj
dtjd�|d<|j|gdd��S)zOreset @MODULES to that needed for current sam.ldb (to read a very old database)z@MODULES�
samba_dsdbz@LISTzreset @MODULES on databaseFr�)rqr�rrr=r�r�r�r�rCs  r#�
reset_moduleszdbcheck.reset_modulesrsY���K�K�M���v�v�d�j�j�*�-����'�'��c�6J�6J�G�T��'�
��~�~�a��%A�E�~�R�Rr�)
NFFFFFFFFF)FF)T)Fr")N�__name__�
__module__�__qualname__�__doc__r�rqr�r�r�r�rr�rr�r r(r.r<rErHr�rPrXrarnrprtrwr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rr9r;r=rJrPr]rbrvr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rDrG�r�r#r&r&8s���)�DI�8=�).�',�*/��y�v!%�C�,=�,=��!�%�Ni�V�(G��*�
��&	�A�>�>>�*N�$U�.�I�.S�jI�@I� L�$]�"M�@E�E� G�F� 04�H�(C�&m�"!,�FA�*w�O�n�p� i�4\�
�?:�B�Bd4�Lh�T	��3�,B� .�,�g�RJ�"J�*>�>4�l  �D�2".�H�(#K�J
�]G�~�<I�8<�$��$�/�bh�X�HL�Sr�r&)%rqr�r��base64rrrr�samba.dcerpcrr�	samba.ndrr	r
r�samba.samdbrr
�samba.descriptorrrr�
samba.authrr�samba.netcmdr�samba.netcmd.fsmor�samba.colourrrrrr$r�r&rLr�r#�<module>rVs[��(���'���� �*�!��!���
5�%�0�H�H��,S�f�,Sr�
Zerion Mini Shell 1.0