%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python3/dist-packages/samba/netcmd/domain/__pycache__/
Upload File :
Create Path :
Current File : //usr/lib/python3/dist-packages/samba/netcmd/domain/__pycache__/backup.cpython-312.pyc

�

�I�dl���(�ddlZddlZddlZddlZddlZddlZddlZddlZddlm	Z
ddlmZm
Z
ddlZddlmZddlmZddlmZddlmZmZmZddlmZddlmZmZmZdd	lm Z dd
l!m"Z"m#Z#ddl$m%Z%m&Z&m'Z'ddlm(Z(dd
l)m*Z*ddl+m,Z,m-Z-ddl.m/Z/ddl0m1Z1ddl+m2Z2ddl3m4Z4ddl5Z5ddl+m6Z6m7Z7m8Z8ddl9m:Z:m;Z;m<Z<ddl=m>Z>ddl?m@Z@ddlAZAddlBmCZCddlmDZDddlEmFZFddlGmHZHddlImJZJddlmKZLd�ZMd�ZNd�ZOd �ZPd!�ZQ	d0d"�ZRd#�ZSd$�ZTd%�ZUGd&�d'ej�j��ZXGd(�d)e*�ZYGd*�d+ej�j��ZZGd,�d-ej�j��Z[Gd.�d/ej�j��Z]y)1�N)�SamDB�get_default_backend_store)�LdbError)�libsmb_samba_internal)�param)�
backup_online�backup_restore�backup_offline)�system_session)�
DCJoinContext�
join_clone�DCCloneAndRenameContext)�dom_sid)�Option�CommandError)�misc�security�drsblobs)�Ldb)�cmd_fsmo_seize)�make_smbconf�DEFAULTSITE)�update_krbtgt_account_password)�	remove_dc)�secretsdb_self_join)�dbcheck)�guess_names�determine_host_ip�determine_host_ip6)�fill_dns_data_partitions�get_dnsadmins_sid�get_domainguid)�tdb_copy)�mdb_copy)�CalledProcessError)�sites)�_dsdb_load_udv_v2)�ndr_pack)�SMB_SIGNING_REQUIRED)�safe_tarfilec��	|j�}t	|j��}t
|�dzt
|�z}	|jtjd|zgddg��}t|�d	k7rtd
|z��td|�d|d
j�d���#t$r3}|jd�|jd�td|��d}~wwxYw#tj$r-}|j\}}	|tjk7r�Yd}~nd}~wwxYwt
|�dzt
|�zS)Nz}A SID could not be allocated for restoring the domain. Either no RID Set was found on this DC, or the RID Set was not usable.z�To initialise this DC's RID pools, obtain a RID Set from this domain's RID master, or run samba-tool dbcheck to fix the existing RID Set.zCannot create backup�-�<SID=%s>�show_deleted:1zshow_recycled:1)�scope�base�attrs�controls�z]Cannot create backup - this DC's RID pool is corrupt, the next SID (%s) appears to be in use.zCCannot create backup - this DC's RID pool is corrupt, the next SID z points to existing object rz1. Please run samba-tool dbcheck on the source DC.)�
next_free_ridr�inforr�get_domain_sid�str�search�ldb�
SCOPE_BASE�len�dn�args�ERR_NO_SUCH_OBJECT)
�samdb�logger�rid�err�sid�sid_for_restore�res�e�enum�emsgs
          �</usr/lib/python3/dist-packages/samba/netcmd/domain/backup.py�get_sid_for_restorerJ@sX��	8��!�!�#���%�&�&�(�
)�C��#�h��n�s�3�x�/�O���l�l���� *�_� <�!#�%5�%6�%8��9��
�s�8�q�=�� I� /� /�0�
0��,�S��V�Y�Y�	8�9�	9��5�8����5�	6�	���3�	4��1�3�7�7��8��>�<�<���v�v���t��3�)�)�)��*�����s�8�c�>�C��H�$�$s0�B)�A#C(�)	C%�2.C � C%�(D(�;#D#�#D(c��tj�}|j|j�|j	�}|jt�tj|d||��}|j|�|S)z7Returns an SMB connection to the sysvol share on the DC�sysvol)�lp�creds)	�s3param�get_context�load�
configfile�get_smb_signing�set_smb_signingr)�libsmb�Conn)�serverrMrN�s3_lp�saved_signing_state�conns      rI�smb_sysvol_connr[psj��
���!�E�	�J�J�r�}�}�� �/�/�1��	���.�/��;�;�v�x�E��?�D�	���-�.��K�c�z�tjj�j�jdd�S)N�:r,)�datetime�now�	isoformat�replace�r\rI�
get_timestamprds-����� � �"�,�,�.�6�6�s�C�@�@r\c�T�d|�d|�d�}tjj||�S)Nz
samba-backup-r,z.tar.bz2)�os�path�join)�	targetdir�name�time_str�filenames    rI�backup_filepathrm�s!��/3�X�>�H�
�7�7�<�<�	�8�,�,r\c��|jd|z�tj|d�}|j|d��|j	�y)NzCreating backup file %s...�w:bz2z./��arcname)r5�tarfile�open�add�close)r@�tmpdirrm�tfs    rI�create_backup_tarrx�s=��
�K�K�,��>�?�	���o�w�	/�B��F�F�6�4�F� ��H�H�Jr\c��ttjj|d�d�}	tjj�j
d�}|jd|z�|jd|jd�z�|jd|�d|�d	��|jd
|jd��d|jd
�j��d��|jdt|�z�|r|jd|z�|j�y#|j�wxYw)N�
backup.txt�wz%Y-%b-%d %H:%M:%SzBackup created %s
zUsing samba-tool version: %s
z
server stringzDomain z backup, using DC 'z'
zBackup for domain �	workgroup� (NetBIOS), �realmz
 (DNS realm)
z#Backup contains domain secrets: %s
z%s
)rsrfrgrhr_r`�strftime�write�get�lowerr7ru)rirM�backup_typerW�include_secrets�
extra_info�frks        rI�create_log_filer��s���
	
�R�W�W�\�\�)�\�
2�C�8�A���$�$�(�(�*�3�3�4G�H��	���%��0�1�	���0�2�6�6�/�3J�J�K�	���{�F�K�L�	�������$�b�f�f�W�o�&;�&;�&=�?�	@�	���6��_�9M�M�N��
�G�G�F�Z�'�(�	���	�����	�s�C3D0�0Ec���tj�}tj|d�|_tj|tj
|�||<|j
|�y)N�@SAMBA_DSDB)r9�Message�Dnr<�MessageElement�FLAG_MOD_ADD�modify)r?�marker�value�ms    rI�add_backup_markerr��sH�����
�A��6�6�%��'�A�D��"�"�5�#�*:�*:�F�C�A�f�I�	�L�L��Or\c�
�|�td��tjj|�s*|j	d|z�tj
|�ytjj
|�std|z��y)NzTarget directory requiredzCreating targetdir %s...z%s is not a directory)rrfrg�existsr5�makedirs�isdir)r@ris  rI�check_targetdirr��sh�����6�7�7�
�7�7�>�>�)�$����.��:�;�
���I��
�W�W�]�]�9�
%��2�Y�>�?�?�&r\c��|j�}d|�dtj�d�}d|�d�}|j|j	�t
j|��}t|dd�}tjdd	�}|jd
|�d|���|jd|z�|j||d
|��y)zASets a randomly generated password for the backup DB's admin userz(objectsid=r,�)z(&(objectClass=user))r0r/�
expressionr�samaccountname�� zSetting z password in backup to: z7Run 'samba-tool user setpassword %s' after restoring DBF)�force_change_at_next_login�usernameN)r6r�DOMAIN_RID_ADMINISTRATORr8�	domain_dnr9�
SCOPE_SUBTREEr7�samba�generate_random_passwordr5�setpassword)r@r?�	domainsid�match_admin�search_exprrEr��	adminpasss        rI�set_admin_passwordr��s����$�$�&�I�)2�)1�)J�)J�L�K�/:�<�K��,�,�E�O�O�-�S�5F�5F�"-��/�C��3�q�6�*�+�,�H��.�.�r�2�6�I�
�K�K�(�I�N�O�
�K�K�I����	���k�9��'��)r\c��eZdZdZdZejejd�Ze	dde
��e	de
d�	�e	d
ddd
��e	dddddgde�z��gZ		dd�Z
y)�cmd_domain_backup_onlinea�Copy a running DC's current DB into a backup tar file.

    Takes a backup copy of the current domain from a running DC. If the domain
    were to undergo a catastrophic failure, then the backup file can be used to
    recover the domain. The backup created is similar to the DB that a new DC
    would receive when it joins the domain.

    Note that:
    - it's recommended to run 'samba-tool dbcheck' before taking a backup-file
      and fix any errors it reports.
    - all the domain's secrets are included in the backup file.
    - although the DB contents can be untarred and examined manually, you need
      to run 'samba-tool domain backup restore' before you can start a Samba DC
      from the backup file.z6%prog --server=<DC-to-backup> --targetdir=<output-dir>��	sambaopts�credopts�--server�The DC to backup��help�type�--targetdirz%Directory to write the backup file to)r�r��--no-secrets�
store_trueF�-Exclude secret values from the backup created��action�defaultr��--backend-store�choice�BACKENDSTORE�tdb�mdb�7Specify the database backend to be used (default is %s)�r��metavar�choicesr�Nc
�2�|j�}|jtj�|j	�}|j|�}	|�t
d��t||�tj|��}
|}	t||	|||d|
|��}|j}
~td|z|	t�|��}t||�}|j�}|j!d�t"j$j'|
d�}t)|||	�}t+|||j-��t/j0|
j2�t|
j4t�|t6j8�	�}t;�}t=|d
|�t=|d|�t=|dd
�|rt?||�tA|||�}tC|
|d
||�tE||
|�t/j0|
�y#t/j0|
�wxYw)N�Server required��dir�SAMBA_INTERNAL)r@rNrMr�rW�dns_backendri�
backend_store�ldap://��url�credentials�session_inforMz$Backing up sysvol files (via SMB)...�
sysvol.tar.gz�r�r�rM�flags�
backupDate�
sidForRestore�
backupType�online)#�
get_logger�setLevel�logging�DEBUG�get_loadparm�get_credentialsrr��tempfile�mkdtempr
�pathsrrrJ�domain_dns_namer5rfrgrhr[rr6�shutil�rmtreerLr?r9�FLG_DONT_CREATE_DBrdr�r�rmr�rx)�selfr�r�rWri�
no_secretsr�r@rMrNrvr��ctxr��
remote_sam�new_sidr~�
sysvol_tar�smb_connr?rk�backup_files                      rI�runzcmd_domain_backup_online.run�s������"������
�
�&�
�
#�
#�
%���(�(��,���>��0�1�1���	�*��!�!�i�0��)�.��+	"��F�%�B�-<�V�)9�V�+8�:�C��I�I�E���9�v�#5�5�,:�,<��E�J�)�*�f�=�G��.�.�0�E�
�K�K�>�?������f�o�>�J�&�v�r�5�9�H��(�J�
�0I�0I�0K�L�
�M�M�%�,�,�'��e�k�k��8H�R� #� 6� 6�8�E�$��H��e�\�8�<��e�_�g�>��e�\�8�<��"�6�5�1�*�)�U�H�E�K��F�B��&�/�J��f�f�k�:��M�M�&�!��F�M�M�&�!�s
�E%G?�?H)NNNNFN)�__name__�
__module__�__qualname__�__doc__�synopsis�options�SambaOptions�CredentialsOptions�takes_optiongroupsrr7r�
takes_optionsr�rcr\rIr�r��s���
�H�H��)�)��.�.���	�z� 2��=��}�3�;�	=��~�l�E�C�	E�� �x���u�~�!�#<�#>�?�	@�
�M�IM�,0�="r\r�c
��eZdZdZdZedde��edde��edd	e��ed
ddd
��edddd��edde��gZejejd�Zd�Zd�Z
d�Zd�Zd�Zd�Z			dd�Zy)�cmd_domain_backup_restorea�Restore the domain's DB from a backup-file.

    This restores a previously backed up copy of the domain's DB on a new DC.

    Note that the restored DB will not contain the original DC that the backup
    was taken from (or any other DCs in the original domain). Only the new DC
    (specified by --newservername) will be present in the restored DB.

    Samba can then be started against the restored DB. Any existing DCs for the
    domain should be shutdown before the new DC is started. Other DCs can then
    be joined to the new DC to recover the network.

    Note that this command should be run as the root user - it will fail
    otherwise.zQ%prog --backup-file=<tar-file> --targetdir=<output-dir> --newservername=<DC-name>z
--backup-filezPath to backup filer�r�zPath to write toz--newservernamezName for new serverz	--host-ip�string�	IPADDRESSzset IPv4 ipaddress)r�r�r�z
--host-ip6�
IP6ADDRESSzset IPv6 ipaddressz--sitezSite to add the new server inr�c�
�t|�}|j}	|j�j�}
|jj�}|}|jj�}
t|j��}t||	�}t||	�}t|||�}t|||�}|�
|�td��|jd|z�|jd�t||||	|
|||
|||||d��y)zi
        Registers the new realm's DNS objects when a renamed domain backup
        is restored.
        Nz+Please specify a host-ip for the new serverzDNS realm was renamed to %sz*Populating DNS partitions for new realm...F)�add_root)r�domaindn�get_root_basedn�get_linearized�	dnsdomainr��netbiosnamerr6r!r"rrrr5r )r�r@r?rM�ntdsguid�host_ip�host_ip6�site�namesr��forestdnr�	dnsforest�hostnamer��
dnsadmins_sid�
domainguids                 rI�register_dns_zonez+cmd_domain_backup_restore.register_dns_zoneTs���B����>�>���(�(�*�9�9�;���O�O�)�)�+�	��	��$�$�*�*�,���E�0�0�2�3�	�)�%��:�
�#�E�8�4�
�$�F�B��8��%�f�b�(�;���?�x�/��L�M�M����1�I�=�>����@�A�	!��	�4��!)�9�i��!(�(�J��!.��	@r\c���|j�t|dddd��}t|dd�ddg}t|dd�|d	gz
}d
}d|g}|j||��|j	�y
)z3Fixes attributes that reference the old/removed DCsTF��quiet�fix�yes�in_transaction�(fix_all_old_dn_string_component_mismatch�ALL�lastKnownParent�interSiteTopologyGenerator�!remove_plausible_deleted_DN_linkszmsDS-NC-Replica-Locations�search_options:1:2r.)r2r1N��transaction_startr�setattr�check_database�transaction_commit)r�r?�chkr1�cross_ncs_ctrlr2s      rI�fix_old_dc_referencesz/cmd_domain_backup_restore.fix_old_dc_referencesus���	���!��e�4�T�u�%)�+��	��?��G�"�$@�A��	��8�%�@�
�-�.�.��-��$�n�5�����H�E��:�
� � �"r\c�:�t}dj|�}|j|j�tj
|��}t
|�dk(rE|jdj|��tj||j�|�|S)z5Creates the default site, if it doesn't already existz(&(cn={0})(objectclass=site))�r/r�rzCreating default site '{0}')
r�formatr8�get_config_basednr9r�r;r5r&�create_site)r�r?r@�sitenamer�rEs      rI�create_default_sitez-cmd_domain_backup_restore.create_default_site�s�����5�<�<�X�F���l�l�5�2�2�4�C�<M�<M�&1��3���s�8�q�=��K�K�5�<�<�X�F�G����e�U�%<�%<�%>��I��r\c�f�gd�}|jtj|d�tj|��}tj�}tj|d�|_|D]2}||dvs�tjgtj|�||<�4|j|�y)z-Remove DB markers added by the backup process)r��backupRenamer�r�r��r0r/r1rN)	r8r9r�r:r�r<r��FLAG_MOD_DELETEr�)r�r?�markersrEr��attrs      rI�remove_backup_markersz/cmd_domain_backup_restore.remove_backup_markers�s���P���l�l����u�m� <�!$���!(��*��

�K�K�M���v�v�e�]�+����	L�D��s�1�v�~��,�,�R��1D�1D�d�K��$��	L�	���Q�r\c���|jtj|d�tjddg��}d|dvrt	|dd�}|Sd|dvrd}|Sd}|S)Nr�r+r�r,r�renamer�)r8r9r�r:r7)r�r?rEr�s    rI�get_backup_typez)cmd_domain_backup_restore.get_backup_type�s����l�l����u�m� <�!$���"0�,�!?��A���3�q�6�!��c�!�f�\�2�3�K����s�1�v�
%�"�K���#�K��r\c��|D]�}t||�}tj�}d|_||j_t
|�|j_t|�}tj�}tj||�|_tj|tjd�|d<|j|���y)z?Ensures the UTDV used by DRS is correct after an offline backup��replUpToDateVectorN)r'r�replUpToDateVectorBlob�version�ctr�cursorsr;�countr(r9r�r�r<r��FLAG_MOD_REPLACEr�)r�r?�
partitions�nc�utdv�	utdv_blob�	new_valuer�s        rI�save_uptodate_vectorsz/cmd_domain_backup_restore.save_uptodate_vectors�s����	�B�$�U�B�/�D�!�7�7�9�I� !�I��$(�I�M�M�!�"%�d�)�I�M�M�� ��+�I����
�A��6�6�%��$�A�D�&)�&8�&8��9<�9M�9M�9M�'O�A�"�#�
�L�L��O�!	r\Nc	���|rtjj|�std��|�td��tjj|�rBtj|�r-tj
j
d�dk7rtd��|std��tj�}	|	jtj�|	jtjtj��|j�}tjj!|�}t#j$|�}
|
j'|�|
j)�tjj+|dd�}t-j.||d	z�|j1�}|r*|	j3d
|z�t-j.||�t4j6j9�}
|
j;|�tjj+|d�}tjj+|d�}t=|t?�|
t@jB�
�}|jE|�}|�2|jG||	�}|	j3djI|��|jKdt@jLdg��}|dj
d�D�cgc]
}tO|���}}|dk(r|jQ||�|jS|
�}tU|	||
|||��}||_+||_,t4jZj\t4jZj^z|_0|	j3d�tc|||jd|jf||
d��|jKtAjh|d�t@jLdg��}|dj
d�d}|	j3dtO|�z�	|jktmtO|����tAj��} tAjh|d+�| _?tO|j��}!tAj�d,|!zt@j�d-�| d-<|j�| �|d.k(r!|j�|	||
|j�|||�tjj+|d/�}"t�|"t?�|
t@jB�0�}#t�|#|jd|jf|j�|j�|j�|j�|j�t�j��1�	|j��}$t5j�|j���}%d2|$fd3|%fg}&|&D]!\}'}(|(|vs�|j�|'|dddd4�5��#d6D]}'|j�|'|d4�5��d7})|jK|j��t@j�|)�8�}|D]2} tO| j
d9�d�}*|*|k7s�&t�||	|*��4|D]�}+tAj��},tAjh||+�|,_?tAj�gt@j�d:�|,d:<tAj�gt@j�d;�|,d;<|j�|,���t�|�t�|�tjj+|d<�}-|
j
d=d>�}.tjj|.�stj�|.�t�|-|.||�tj�|-�|	j3d?�|j�|�|j�|�|	j3d@|z�|	j3dA�ycc}w#tn$�rI}|jp\}}|t@jrk7r�g}	|jKtAjh|d|z�t@jLdgddg� �}n9#tn$r-}|jp\}}|t@jtk7r�Yd}~nd}~wwxYwtw|�d!k7r�|jyd|ddd�}|j{d"�}|	j}d#|z�|	j}d$�|	j}d%�|	j}d&|z�td'|dj~�d(|�d)|�d*���d}~wwxYw)BNzBackup file not found.z!Please specify a target directory�SAMBA_SELFTEST�1zTarget directory is not emptyzServer name required�etczsmb.confz.origz&Using %s as restored domain's smb.conf�private�sam.ldbr�zAdding new DC to site '{0}'��namingContextsr,r�offline)rNrMr�forced_local_samdb�netbios_namez#Updating basic smb.conf settings...z"active directory domain controller)rM�
serverroler�r�zCreating account with SID: )�
specified_sidr-�
objectGUIDzshow_deleted:0zshow_recycled:0)r0r/r1r2r3zutf-8z|The RID Pool on the source DC for the backup in %s may be corrupt or in conflict with SIDs already allocated in the domain. zaRunning 'samba-tool dbcheck' on the source DC (and obtaining a new backup) may correct the issue.z@Alternatively please obtain a new backup against a different DC.zVThe SID we wish to use (%s) is recorded in @SAMBA_DSDB as the sidForRestore attribute.zCDomain restore failed because there is already an existing object (z) with SID z and objectGUID zT.  This conflicts with the new DC account we want to add for the restored domain.   z@ROOTDSEz	<GUID=%s>�
dsServiceNamer2zsecrets.ldb)r�rMr�)�domainr~rrr��machinepass�key_version_number�secure_channel_type�	domaindns�	forestdnsT)�force)rA�pdc�naming�infrastructure�schemaz*(&(objectClass=Server)(serverReference=*))r$�cn�repsFrom�repsTor�rgrLz4Fixing up any remaining references to the old DCs...z'Backup file successfully restored to %szEPlease check the smb.conf settings are correct before starting samba.)]rfrgr�r�listdir�environr�r��	getLoggerr�r��
addHandler�
StreamHandler�sys�stdout�upper�abspathrrrs�
extractallrurhr��copyfile�get_loadparm_pathr5r�r�LoadParmrQrrr9r�r3r)r%r8r:r7rBr�r�nc_list�full_nc_list�dsdb�UF_SERVER_TRUST_ACCOUNT�UF_TRUSTED_FOR_DELEGATION�userAccountControlr�domain_namer~r��join_add_objectsrrr=�ERR_CONSTRAINT_VIOLATIONr>r;�schema_format_value�decode�errorr<r��	ntds_guidr�r<r�rrrr�myname�domsid�	acct_passrTr�SEC_CHAN_BDCr��dn_from_dns_name�forest_dns_name�seize_dns_role�
seize_roler&r�rrr�r	�remover"r0)/r�r�r�r�ri�
newservernamerrrr@rw�smbconf�cli_smbconfrM�private_dir�
samdb_pathr?r�rE�r�ncsrNr�rCrFrGrH�dup_res�dup_e�dup_enum�_�
objectguidr�ry�secrets_path�secrets_ldbr��	forest_dn�	dns_roles�roler<r�r]r>�msgr��dest_sysvol_dirs/                                               rIr�zcmd_domain_backup_restore.run�s=��������{� ;��7�8�8����B�C�C��G�G�N�N�9�%�"�*�*�Y�*?��J�J�N�N�+�,��3��>�?�?���5�6�6��"�"�$������
�
�&����'�/�/��
�
�;�<�&�+�+�-�
��G�G�O�O�I�.�	�
�\�\�+�
&��
�
�
�i� �
���
��'�'�,�,�y�%��<�������7�!2�3� �1�1�3����K�K�@�;�N�O��O�O�K��1�
�[�[�
!�
!�
#��
������g�g�l�l�9�i�8���W�W�\�\�+�y�9�
��*�>�3C���2�2�4���*�*�5�1���<��+�+�E�6�:�D��K�K�5�<�<�T�B�C��l�l��#�.�.�"2�!3��5��"�1�v�z�z�*:�;�<�!�s�1�v�<��<��)�#��&�&�u�c�2�
�(�(��,���F�%�B�T�/4�)6�8��������"'�*�*�"D�"D�"'�*�*�"F�"F�#G���	���9�:��W�m�S�_�_��Y�Y�	�b� D�	F�
�l�l����u�m� <�!$���"1�!2��4���!�f�j�j��)�!�,�����1�C��H�<�=�+	A�� � �w�s�3�x�/@� �A�X
�K�K�M���v�v�e�Z�(�����
�
�&�	� �/�/��i�0G�03�0D�0D�0?�A��/��	���Q��
�(�"��"�"�6�5�"�c�m�m�#*�H�d�
<��w�w�|�|�K��?���,�^�5E�"� #� 6� 6�8���K����"%�)�)�s�}�}�(+�
�
�c�j�j�(+�
�
�/2�/E�/E�04�0A�0A�	C��O�O�%�	��*�*�5�+@�+@�+B�C�	�!�9�-�!�9�-�/�	�!�	O�H�D�"��S�y��#�#�D�%��t�T��#�N�	O�
I�	5�D��O�O�D�%�t�O�4�	5�
C���l�l�5�2�2�4�C�<M�<M�&1��3���	-�A��Q�U�U�4�[��^�$�B��]�"��%���,�	-��
	�B��+�+�-�C��V�V�E�2�&�C�F�!�0�0��14�1E�1E�1;�=�C�
�O� �.�.�r�/2�/C�/C�/7�9�C��M�
�L�L���
	�	'�u�-�&�u�-��W�W�\�\�)�_�=�
��&�&���2���w�w�~�~�o�.��K�K��(��z�?�E�7�C�
�	�	�*��	���J�K��"�"�5�)�	
�"�"�5�)����=�	�I�J����&�	'��I=��J�)	A��6�6�L�T�4��s�3�3�3���G�	
��,�,�C�F�F�5�*�s�:J�,K�-0�^�^�.:�^�1A�1B�1D�'�E���
�
� %�
�
�
��1��s�5�5�5��6��
��
�G���!���2�2�<�7>�q�z�,�7O�PQ�7R�T�J�#�*�*�7�3�J��L�L�+�.9�9�
:�
�L�L�R�
S��L�L�3�
4��L�L�G���
 ��!(��
�
�
�s�J�
 @�A�
A��G)	A�sI�:`�2$`"�"
e5�,%e0�=b�e0�	c�#c�<e0�c�B*e0�0e5)NNNNNNNN)r�r�r�r�r�rr7r�r�r�r�r�rr"r)r0r3rBr�rcr\rIr�r�2s���
�,�H�	��%:��E��}�#5�C�@�� �'<�3�G��{��;�(�	*��|�(�L�(�	*��x�=�C�H�	�M��)�)��.�.���
@�B#�2��&�"�(>B�GK��_'r\r�c
��eZdZdZdZejejd�Ze	dde
��e	dde
��e	d	d
dd�
�e	dd
dd�
�e	dddddgde�z��gZddgZ
d�Zd�Zd�Zd�Z			dd�Zy) �cmd_domain_backup_renamea�Copy a running DC's DB to backup file, renaming the domain in the process.

    Where <new-domain> is the new domain's NetBIOS name, and <new-dnsrealm> is
    the new domain's realm in DNS form.

    This is similar to 'samba-tool backup online' in that it clones the DB of a
    running DC. However, this option also renames all the domain entries in the
    DB. Renaming the domain makes it possible to restore and start a new Samba
    DC without it interfering with the existing Samba domain. In other words,
    you could use this option to clone your production samba domain and restore
    it to a separate pre-production environment that won't overlap or interfere
    with the existing production Samba domain.

    Note that:
    - it's recommended to run 'samba-tool dbcheck' before taking a backup-file
      and fix any errors it reports.
    - all the domain's secrets are included in the backup file.
    - although the DB contents can be untarred and examined manually, you need
      to run 'samba-tool domain backup restore' before you can start a Samba DC
      from the backup file.
    - GPO and sysvol information will still refer to the old realm and will
      need to be updated manually.
    - if you specify 'keep-dns-realm', then the DNS records will need updating
      in order to work (they will still refer to the old DC's IP instead of the
      new DC's address).
    - we recommend that you only use this option if you know what you're doing.
    zR%prog <new-domain> <new-dnsrealm> --server=<DC-to-backup> --targetdir=<output-dir>r�r�r�r�r�z"Directory to write the backup filez--keep-dns-realmr�Fz6Retain the DNS entries for the old realm in the backupr�r�r�r�r�r�r�r�r�r��new_domain_name�
new_dns_realmc��|j�}|j|tjdgd��}|j	�}|D�]}|dD]�}	t|	�}	|j}
||	vs�tjd|z||	�}|jd|�d|
���tj�}|
|_tj|tjd�|d<|j|�|s��|jd|	�d|
���tj|	tjd�|d<|j|�����y	)
z?Updates dnsRoot for the partition objects to reflect the rename�dnsRootz$(&(objectClass=crossRef)(dnsRoot=*))�r0r/r1r�z%s$zAdding z dnsRoot to z	Removing z dnsRoot from N)�get_partitions_dnr8r9�SCOPE_ONELEVELr�r7r<�re�subr5r�r�r�r�r-)
r�r@r?�	old_realm�delete_old_dns�
partitions_dnrE�	new_realm�res_msg�dns_rootr<�new_dns_rootr�s
             rI�update_dns_rootz(cmd_domain_backup_rename.update_dns_root�sA���/�/�1�
��l�l�
�S�5G�5G�"+��&L��N���)�)�+�	��	(�G�#�I�.�
(���x�=���Z�Z����(�#%�6�6�%�)�*;�Y�*2�$4�L��K�K�\�2� N�O����
�A��A�D�#&�#5�#5�l�69�6F�6F�6?�$A�A�i�L��L�L��O�&����X�EG�%I�J�'*�'9�'9�(�:=�:M�:M�:C�(E��)�����Q��-
(�	(r\c�T�|j�}tjt|��}|j	�}|j|tjdgd|z��}|jd|z�tj�}|dj|_	tj|tjd�|d<|j|�d|�d|��}	|jd|dj�d	|	���|j|dj|	d
g��y)
z?Renames the domain partition object and updates its nETBIOSName�nETBIOSNamez	ncName=%sr�z+Changing backup domain's NetBIOS name to %srzCN=�,z	Renaming z --> zrelax:0�r2N)�get_default_basednr9�
binary_encoder7r�r8r�r5r�r<r�r<r�r2)
r�r@r?�new_netbios_name�base_dn�nc_namer�rEr��new_dns
          rI�rename_domain_partitionz0cmd_domain_backup_rename.rename_domain_partitions��
�*�*�,���#�#�C��L�1���/�/�1�
��l�l�
�S�5G�5G�"/��&1�G�&;��=��	���A�$�%�	&��K�K�M���1�v�y�y����-�-�.>�.1�.B�.B�.;�=��-��	���Q�� 0��?�����C��F�I�I�v�>�?�
���S��V�Y�Y��)���=r\c��|j�}d|�d|��}|jd|z�|j|dg�|j�j	�}d|�d|��}|jd|z�|j|dg�y)NzDC=z#,CN=MicrosoftDNS,DC=DomainDnsZones,zDeleting old DNS zone %sz
tree_delete:1z
DC=_msdcs.z#,CN=MicrosoftDNS,DC=ForestDnsZones,)r�r5�deleterr)r�r@r?r��basednr<r	s       rI�delete_old_dns_zonesz-cmd_domain_backup_rename.delete_old_dns_zones+s����)�)�+��=F��
O�����.��3�4�
���R�/�*�+��(�(�*�9�9�;��DM�DL�N�����.��3�4�
���R�/�*�+r\c��|j�t|dddd��}t|dd�d}d|g}|j|��|j	�y	)
z@Fixes attributes (i.e. objectCategory) that still use the old DNTFrrrrr.r�Nr)r�r?r r!r2s     rI�fix_old_dn_attributesz.cmd_domain_backup_rename.fix_old_dn_attributes8s`��	���!��e�4�T�u�%)�+��	��?��G�-��$�n�5�����H��-�
� � �"r\Nc

�l�|j�}
|
jtj�|j	�}|j|�}|�t
d��t|
|�|}
|j�}|j�}tj|�}|
jd|z�|
jd|z�|
jd|z�tj|��}|}t||||
|||d|||	��}|j }||k(r t#j$|�t
d��|j&}||k(r t#j$|�t
d	��|j)�|`|j,}t/d
|z|t1�|��}t3||
�}t4j6j9|d�}t;|||�}t=|||j?��|jA|jB�t/|jDt1�|tFjH�
�}tK�}tM|d|�tM|d|�tM|d|�tM|dd�|jO|
|||
�|jQ|
||�|
r|jS|
||�|
jd�|jU|�|rtW|
|�tY|||�}t[||d||d|�d|�d��t]|
||�t#j$|�y)Nr�z"New realm for backed up domain: %sz$New base DN for backed up domain: %szNew domain NetBIOS name: %sr�r�)r@rNrMr�r�rWrir�z+Cannot use the current domain NetBIOS name.z(Cannot use the current domain DNS realm.r�r�r�r�r�r�r+r�r2z$Fixing DN attributes after rename...zOriginal domain r}z (DNS realm))/r�r�r��INFOr�r�rr�r�rgr�r~r5r�r�rrsr�r�r~�do_join�local_samdbr�rrrJrfrgrhr[rr6rQr�r?r9r�rdr�r�r�r�r�r�rmr�rx)r�r�r�r�r�rWri�keep_dns_realmr�r�r@rMrNr��new_base_dnrvr�r��
old_domainr�r�r�r�r�r�r?rkr�s                            rIr�zcmd_domain_backup_rename.runFs������"��������%�
�
#�
#�
%���(�(��,���>��0�1�1���	�*�+�+��%�+�+�-�
�)�/�/�1���,�,�]�;�����8�=�H�I����:�[�H�I����1�O�C�D��!�!�i�0��)�.��%�k�?�&3�F�,1�b�6E�2B�-3�v�4A�
C���_�_�
���(��M�M�&�!��L�M�M��I�I�	��
�%��M�M�&�!��I�J�J�	���
�
�O��	�	���y�6�1�u�(6�(8�R�A�
�%�j�&�9���W�W�\�\�&�/�:�
�"�6�2�u�5���h�
�J�,E�,E�,G�H�	����
�
���%�+�+�N�4D���2�2�4��!�?���%��x�8��%��'�:��%���;��%��x�8�	
���V�U�I�~�F�	
�$�$�V�U�O�D���%�%�f�e�Y�?����:�;��"�"�5�)���v�u�-�&�i���I�����H�f�o�#�Y�0�	1�	�&�&�+�6��
�
�f�r\)NNNNFFN)r�r�r�r�r�r�r�r�r�rr7rr��
takes_argsr�r�r�r�r�rcr\rIr�r��s����8+�H��)�)��.�.���	�z� 2��=��}�#G��	��!�,��L�	N��~�l�E�C�	E�� �x���u�~�!�#<�#>�?�	@��M�$�_�5�J�#(�N>�4,�#�=A�GL�,0�gr\r�c�r�eZdZdZdZdejiZedde	��gZ
dZd�Zd	�Z
d
�Zd�Zd�Zdd�Zy
)�cmd_domain_backup_offlinea�Backup the local domain directories safely into a tar file.

    Takes a backup copy of the current domain from the local files on disk,
    with proper locking of the DB to ensure consistency. If the domain were to
    undergo a catastrophic failure, then the backup file can be used to recover
    the domain.

    An offline backup differs to an online backup in the following ways:
    - a backup can be created even if the DC isn't currently running.
    - includes non-replicated attributes that an online backup wouldn't store.
    - takes a copy of the raw database files, which has the risk that any
      hidden problems in the DB are preserved in the backup.z%prog [options]r�r�zOutput directory (required)r�z.bak-offlinec���||jz}	t||d��tjj|�sd}t|j|���y#t$rb}	tj|�|�#t
$r9}t
|d�r&|jtjk(r	Yd}~Yd}~y|�d}~wwxYwd}~wt$r}t|j|��d}~wwxYw)NT)�readonly�errnoz1tdbbackup said backup succeeded but {0} not found)�
backup_extr#r%r�rs�	Exception�hasattrr��EINVAL�FileNotFoundErrorr�strerrorrfrgr�r%)r�rg�backup_path�copy_errrF�ss      rI�offline_tdb_copyz*cmd_domain_backup_offline.offline_tdb_copy�s����T�_�_�,��	.��T�;��6�"�w�w�~�~�k�*�C�A��q�x�x��4�5�5�+��!"�
	�
������
�N��	�
��1�g�&�1�7�7�e�l�l�+B��F����
��!�	.��q�z�z�1�-�-��	.�sM�A�	C(�%A<�:C�<	B>�)B9�.C�7B9�9B>�>C�C(�
C#�#C(c�6�t|||jz�y�N)r$r�)r�rgs  rI�offline_mdb_copyz*cmd_domain_backup_offline.offline_mdb_copy�s����t�d�o�o�-�.r\c�:�tjj|d�}t|dz|tj
��}|j
d|z�|j�|j|dz�|j|dz�|j�y)N�secrets�.ldb�rMr��Starting transaction on �.tdb)
rfrgrhrr9r�r5rr��transaction_cancel)r�r�rMr@r��secrets_objs      rI�backup_secretsz(cmd_domain_backup_offline.backup_secrets�s����w�w�|�|�K��;���,��/�B� #� 6� 6�8�����.��=�>��%�%�'����l�V�3�4����l�V�3�4��&�&�(r\c���tjj|d�}d}|jdtj
|g��}||dvxrt
|d|d�dk(}d}	d}
|r.|jd�|j}
|j�}	n0|jd|z�|j}
|j�|jd	|z�|j|�|d
z}tj|�D]�}tjj||�}|jd�r|jd|z�|
|��Q|jd
�r&|jd|z�|j|���|jd|z�tj|||j z���t#||�}
|r~	|
S|j%�|
S)NrH�backendStorez
@PARTITIONr,rr�z1MDB backend detected.  Using mdb backup function.r�z   backing up z.dr�z"   backing up locked/related file r�z$   tdbbackup of locked/related file z   copying locked/related file )rfrgrhr8r9r:r7r5r��search_iteratorr�rr`�endswithr�rjr�rJr�)r�r�r?rMr@�sam_ldb_path�store_labelrE�mdb_backend�res_iterator�
copy_function�	sam_ldb_d�sam_filerCs              rI�backup_smb_dbsz(cmd_domain_backup_offline.backup_smb_dbs�s����w�w�|�|�K��;��%���l�l��C�N�N�"-���0��!�S��V�+�T��C��F�;�4G��4J�0K�u�0T�����
���K�K�K�L� �1�1�M�!�0�0�2�L��K�K�2�\�A�B� �1�1�M��#�#�%����$�|�3�4����l�+� �4�'�	��
�
�9�-�
	F�H��w�w�|�|�I�x�8�H�� � ��(����@�8�K�L��h�'��"�"�6�*����B�X�M�N��%�%�h�/����=��H�I�����(�T�_�_�*D�E�
	F�"�%��0�����
�
�$�$�&��
r\c�n�|j|jtjj	|j
�d�}|j
�D��cgc]\}}|j|�r||f��}}}|d\}}t|�dkDrt|d���\}}||t|�dz
}|Scc}}w)N)rG�staterFrr3c��t|d�S)Nr3)r;)�ps rI�<lambda>z8cmd_domain_backup_offline.get_arc_path.<locals>.<lambda>>s���Q�q�T��r\)�key)
r��	state_dirrfrg�dirnamer��items�
startswithr;�max)	r�rg�
conf_paths�backup_dirsr�r��
matching_dirs�arc_path�fs_paths	         rI�get_arc_pathz&cmd_domain_backup_offline.get_arc_path3s���",�"8�"8� *� 4� 4� �g�g�o�o�j�.@�.@�A�C��/:�.?�.?�.A�-�F�Q������+��Q��-�
�-�)�!�,���'��}���!� #�M�7J� K��H�g��D��W���'�'�����-s�B1Nc	���tj�}|jtj�|j	tj
tj��|j�}tjj||jd��}|jr)tjj!|j�s5|j#dj%|j��t'd��t)||�|j*|j,tjj/|j0�g}|j3dj%dj5|���g}t7�}|D�]d}	tj8|	�D�]H\}
}}|
j;|j<�r�$|
j?d�sd|
vr�:|
j;tjj5|j@d��r�t|D]�}
tjj5|
|
�}	tjB|d	�
�}|jH|jJf|vr�V|
j?|jL�rtjN|���|
j?d�r��|jQ|�|jS|jH|jJf�����K��gtU|jtW�|tXjZ��}|j]|j*||�|j_|j*|||�}|ja�}tcjd|�}d}tg|j|jLztW�|d
gtXjZ��}ti�}tk|d|�tk|d|�tk|dd�d}|D]�}tjj!||jLz�r�0|j?d�rs|j3d|z�tg||tXjZ��}|jm�|j3d�|jo|�|jq���|j?d�s��|j3d|z�|jo|���tsjt|d��}tjj5|d�}twjx|d�}|j3d�d}tjj5||�}t{|j<||j0|�|jS||�tjN|�t}||ddd �tjj5|d!�}|jS|tjj|��tjN|�|j3d"�|D�]}|j�||�}tjj!||jLz�rg|j3d#|z|jLzd$z�|jS||jLz|�%�tjN||jLz���|j?d�s|j?d�r|j3d&|z���|j3d'|z�|jS||�%���	|j��tj�|tjj5|d(j%|���tj�|�|j3d)�y#tD$r|jG|�d��Y���wxYw)*Nr~zNo database found at {0}zCPlease check you are root, and are running this command on an AD DCzrunning backup on dirs: {0}� z.sockz.sock/�dnsF)�follow_symlinksz does not exist!r�zmodules:)r�r�rMr�r�r�r�r�rKr�z!Starting transaction on solo db: r�z%   running tdbbackup on the same filer�z#running tdbbackup on lone tdb file �INCOMPLETEsambabackupfile)r��prefixzsamba-backup.tar.bz2roz&running offline ntacl backup of sysvolr��	localhostTrzzbuilding backup tarz   adding backup z to tar and deleting filerpz   skipping z   adding misc file zsamba-backup-{0}.tar.bz2zBackup succeeded.)Dr�rbr�r�rcrdrerfr�r��	provision�provision_paths_from_lpr�r?rfrgr�rxr%rr�r�r�r�r�r5rh�set�walkr�rLr��binddns_dir�statr��warning�st_ino�st_devr�r��appendrtrrr9r�r�r�r6rrrrdr�rr�r�r�r�rrrsr
r��basenamer�rur2�rmdir)r�r�rir@rMr�r��	all_files�	all_stats�
backup_dir�working_dirr��	filenamesrl�	full_pathr�r?rC�dom_sid_strrrkrg�ldb_obj�temp_tar_dir�
temp_tar_name�tar�
sysvol_tar_fnr��	backup_fnr�s                              rIr�zcmd_domain_backup_offline.runCs2���"�"�$������
�
�&����'�/�/��
�
�;�<��
#�
#�
%�����7�7��B�F�F�7�O�L����������u�{�{� ;��L�L�3�:�:�5�;�;�G�H�� F�G�
G�	��	�*��(�(�%�/�/��w�w���u�}�}�5�7�����1�8�8����+�9N�O�P��	��E�	�%�%	8�J�/1�w�w�z�/B�$
8�+��a���)�)�%�,�,�7���'�'��0�H��4K���)�)�"�'�'�,�,�u�7H�7H�%�*P�Q�� )�8�H� "�����[�(� C�I�
!��G�G�I�u�E��
���!�(�(�+�y�8� � �(�(����9��	�	�)�,� � �(�(��1� ��$�$�Y�/��M�M�1�8�8�Q�X�X�"6�7�58�$
8�%	8�T�%�+�+�N�4D���2�2�4��	
���E�-�-�r�6�:��!�!�%�"3�"3�U�B��G���*�*�,���"�"�;�/��
������d�o�o�5�#1�#3��)�l�#�2H�2H�J��!�?���%��x�8��%��#�6��%��y�9����	0�D��7�7�>�>�$����"8�9��=�=��(��K�K� C�d� J�K�!�$�2�S�5K�5K�L�G��-�-�/��K�K� G�H��)�)�$�/��.�.�0��]�]�6�*��K�K� E�� L�M��)�)�$�/�	0� �'�'�I�/J�L�������\�3I�J�
��l�l�=�'�2�����<�=�'�
��W�W�\�\�,�
�>�
��u�|�|�Z�����H����
�M�*�
�	�	�*����b�)�[�$�G��G�G�L�L��|�<�	����	�2�7�7�+�+�I�6�7�
�	�	�)�����)�*��	0�D��(�(��u�5�H��w�w�~�~�d�T�_�_�4�5����/�(�:�T�_�_�L�7�8�9�����t���.���A��	�	�$����0�1����v�&�$�-�-��*?����N�X�5�6����2�X�=�>�����h��/�	0�	�	�	��
�	�	�-��'�'�,�,�y�9�@�@��J�L�	M�	��������'�(��]-�!����)��4D�'E�F� �!�s�_�_%	�$_%	)NN)r�r�r�r�r�r�r�r�rr7r�r�r�r�r�r�r�r�rcr\rIr�r��sb��@�!�H��W�)�)���
	�}�1��	��M� �J�6�2/�
)�8�v� ])r\r�c�F�eZdZdZe�e�e�e�d�Zy)�cmd_domain_backupz)Create or restore a backup of the domain.)rKr�r2�restoreN)	r�r�r�r�r�r�r�r��subcommandsrcr\rIrr�s$��3�7�9�5�7�5�7�7�9�;�Kr\rr�)^r_rfrer�r�r�r�r��samba.getopt�getoptr��samba.samdbrrr9r�samba.samba3rrUrrO�samba.ntaclsrr	r
�
samba.authr�
samba.joinrr
r�samba.dcerpc.securityr�samba.netcmdrr�samba.dcerpcrrrr�samba.netcmd.fsmor�samba.provisionrr�samba.upgradehelpersr�samba.remove_dcrr�samba.dbcheckerrr�rrr�samba.provision.sambadnsr r!r"�samba.tdb_utilr#�samba.mdb_utilr$r��
subprocessr%r&�
samba.dsdbr'�	samba.ndrr(�samba.credentialsr)r*rrrJr[rdrmrxr�r�r�r��netcmd�Commandr�r�r�r��SuperCommandrrcr\rI�<module>r7s6��$�	�
��
���
��8�
��8�)�F�F�%�I�I�)�-�1�1��,�5�?�%�/�#�	�N�N�6�6�$�#��)��(��2�)�-%�`�A�-�
� $��,�@�)�,_"�u�|�|�3�3�_"�DA'��A'�Hw�u�|�|�3�3�w�tp)���� 4� 4�p)�f	;����1�1�;r\

Zerion Mini Shell 1.0