search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
samba-tool rodc: consistently use self.outf, not stdout
[Samba.git] / python / samba / netcmd / rodc.py
blob533f9446a091b8bae72eb6ab3459dce07b80b87c
1 # rodc related commands
2 #
3 # Copyright Andrew Tridgell 2010
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 #
18
19 from samba.netcmd import Command, CommandError, Option, SuperCommand
20 import samba.getopt as options
21 from samba.samdb import SamDB
22 from samba.auth import system_session
23 import ldb
24 from samba.dcerpc import misc, drsuapi
25 from samba.drs_utils import drs_Replicate
26 import sys
27
28 class RODCException(Exception):
29 def __init__(self, value):
30 self.value = value
31
32 def __str__(self):
33 return "%s: %s" % (self.__class__.__name__, self.value)
34
35 class NamingError(RODCException):
36 pass
37
38 class ReplicationError(RODCException):
39 pass
40
41 class cmd_rodc_preload(Command):
42 """Preload accounts for an RODC. Multiple accounts may be requested."""
43
44 synopsis = "%prog (<SID>|<DN>|<accountname>)+ ... [options]"
45
46 takes_optiongroups = {
47 "sambaopts": options.SambaOptions,
48 "versionopts": options.VersionOptions,
49 "credopts": options.CredentialsOptions,
50 }
51
52 takes_options = [
53 Option("--server", help="DC to use", type=str),
54 Option("--file", help="Read account list from a file, or - for stdin (one per line)", type=str),
55 Option("--ignore-errors", help="When preloading multiple accounts, skip any failing accounts", action="store_true"),
56 ]
57
58 takes_args = ["account*"]
59
60 def get_dn(self, samdb, account):
61 '''work out what DN they meant'''
62
63 # we accept the account in SID, accountname or DN form
64 if account[0:2] == 'S-':
65 res = samdb.search(base="<SID=%s>" % account,
66 expression="objectclass=user",
67 scope=ldb.SCOPE_BASE, attrs=[])
68 elif account.find('=') >= 0:
69 res = samdb.search(base=account,
70 expression="objectclass=user",
71 scope=ldb.SCOPE_BASE, attrs=[])
72 else:
73 res = samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" % ldb.binary_encode(account),
74 scope=ldb.SCOPE_SUBTREE, attrs=[])
75 if len(res) != 1:
76 raise NamingError("Failed to find account '%s'" % account)
77 return str(res[0]["dn"])
78
79
80 def run(self, *accounts, **kwargs):
81 sambaopts = kwargs.get("sambaopts")
82 credopts = kwargs.get("credopts")
83 versionpts = kwargs.get("versionopts")
84 server = kwargs.get("server")
85 accounts_file = kwargs.get("file")
86 ignore_errors = kwargs.get("ignore_errors")
87
88 if server is None:
89 raise Exception("You must supply a server")
90
91 if accounts_file is not None:
92 accounts = []
93 if accounts_file == "-":
94 for line in sys.stdin:
95 accounts.append(line.strip())
96 else:
97 for line in open(accounts_file, 'r'):
98 accounts.append(line.strip())
99
100 lp = sambaopts.get_loadparm()
101
102 creds = credopts.get_credentials(lp, fallback_machine=True)
103
104 # connect to the remote and local SAMs
105 samdb = SamDB(url="ldap://%s" % server,
106 session_info=system_session(),
107 credentials=creds, lp=lp)
108
109 local_samdb = SamDB(url=None, session_info=system_session(),
110 credentials=creds, lp=lp)
111
112 destination_dsa_guid = misc.GUID(local_samdb.get_ntds_GUID())
113
114 binding_options = "seal"
115 if lp.log_level() >= 9:
116 binding_options += ",print"
117 repl = drs_Replicate("ncacn_ip_tcp:%s[%s]" % (server, binding_options),
118 lp, creds,
119 local_samdb, destination_dsa_guid)
120
121 errors = []
122 for account in accounts:
123 # work out the source and destination GUIDs
124 dc_ntds_dn = samdb.get_dsServiceName()
125 res = samdb.search(base=dc_ntds_dn, scope=ldb.SCOPE_BASE, attrs=["invocationId"])
126 source_dsa_invocation_id = misc.GUID(local_samdb.schema_format_value("objectGUID", res[0]["invocationId"][0]))
127
128 try:
129 dn = self.get_dn(samdb, account)
130 except RODCException, e:
131 if not ignore_errors:
132 raise CommandError(str(e))
133 errors.append(e)
134 continue
135
136 self.outf.write("Replicating DN %s\n" % dn)
137
138 local_samdb.transaction_start()
139 try:
140 repl.replicate(dn, source_dsa_invocation_id, destination_dsa_guid,
141 exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True)
142 except Exception, e:
143 local_samdb.transaction_cancel()
144 if not ignore_errors:
145 raise CommandError("Error replicating DN %s" % dn)
146 errors.append(ReplicationError("Error replicating DN %s" % dn))
147 continue
148
149 local_samdb.transaction_commit()
150
151 if len(errors) > 0:
152 self.message("\nPreload encountered problematic users:")
153 for error in errors:
154 self.message(" %s" % error)
155
156
157 class cmd_rodc(SuperCommand):
158 """Read-Only Domain Controller (RODC) management."""
159
160 subcommands = {}
161 subcommands["preload"] = cmd_rodc_preload()
Samba GIT mirror