b dZddlZddlZddlZddlZddlZddlmZddlZddl Z ddl m Z ddl m Z ddlmZmZddl mZddlmZmZmZdd lmZmZmZmZmZmZdd lmZmZm Z m!Z!m"Z"m#Z#dd l$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,dd l-m.Z.dd l/m0Z0dZ1dZ2Gddej3Z4Gddej3Z5Gddej3Z6Gddej3Z7Gddej3Z8Gddej3Z9Gddej3Z:Gddej;Z<Gd d!ej;Z=Gd"d#ej;Z>Gd$d%ej;Z?Gd&d'ej;Z@Gd(d)ej;ZAGd*d+ej;ZBd,ZCd-ZDdLd/ZEd0ZFd1ZGd2ZHd3ZId4ZJd5ZKd6ZLd7ZMd8ZNd9ZOd:ZPd;ZQd<ZRd=ZSd>ZTd?ZUd@ZVdAZWdBZXdCZYdDZZdEZ[dFZ\dGZ]dHe)dHfdIZ^dddde)dfdJZ_ dMdKZ`dS)NzDNS-related provisioningN) b64encode)tdb_copy)mdb_copy)ndr_pack ndr_unpack) setup_file)dnspmiscsecurity)DS_DOMAIN_FUNCTION_2000DS_DOMAIN_FUNCTION_2003DS_DOMAIN_FUNCTION_2008_R2DS_DOMAIN_FUNCTION_2012_R2DS_DOMAIN_FUNCTION_2016DS_GUID_USERS_CONTAINER)get_domain_descriptor'get_domain_delete_protected1_descriptor'get_domain_delete_protected2_descriptorget_dns_partition_descriptor'get_dns_forest_microsoft_dns_descriptor'get_dns_domain_microsoft_dns_descriptor) setup_pathsetup_add_ldifsetup_modify_ldif setup_ldb FILL_FULLFILL_SUBDOMAIN FILL_NT4SYNCFILL_DRS)get_default_backend_store) get_stringc||tjdg}tt t j|ddd}|S)N objectGUIDbasescopeattrsr)searchldb SCOPE_BASEstrrr GUID)samdbdomaindnres domainguids :/usr/lib/python3/dist-packages/samba/provision/sambadns.pyget_domainguidr2BsJ ,,HCN<., Q QCZ 3q6,+?+BCCDDJ cd|tj||tz}||tjdg}t tj|ddd}|S)NzCN=DnsAdmins,%s objectSidr$r) get_wellknown_dnr)Dnrr(r*rr dom_sid)r-r.base_dnr/ dnsadmins_sids r1get_dnsadmins_sidr;Hsx%"8"8,4:6:67N#P#PPG ,,G3>+, O OCx/Q 1DQ1GHHM r3c0eZdZddejffd ZxZS)ARecordctt|tj|_||_||_||_||_ dSN) superr=__init__r DNS_TYPE_AwTyperankdwSerial dwTtlSecondsdata)selfip_addrserialttlrF __class__s r1rCzARecord.__init__[sI gt%%'''_    r3__name__ __module__ __qualname__r DNS_RANK_ZONErC __classcell__rNs@r1r=r=YsG'(c8Jr3r=c0eZdZddejffd ZxZS) AAAARecordr>r?ctt|tj|_||_||_||_||_ dSrA) rBrWrCr DNS_TYPE_AAAArErFrGrHrI)rJip6_addrrLrMrFrNs r1rCzAAAARecord.__init__fsJ j$((***'    r3rOrUs@r1rWrWdsG()s9Kr3rWc0eZdZddejffd ZxZS) CNAMERecordr>r?cttj|_||_||_||_||_dSrA) rBrCr DNS_TYPE_CNAMErErFrGrHrI)rJcnamerLrMrFrNs r1rCzCNAMERecord.__init__qsD (    r3rOrUs@r1r\r\osG%&Cd6Hr3r\c0eZdZddejffd ZxZS)NSRecordr>r?ctt|tj|_||_||_||_||_ dSrA) rBrarCr DNS_TYPE_NSrErFrGrHrI)rJ dns_serverrLrMrFrNs r1rCzNSRecord.__init__|sJ h&&(((%    r3rOrUs@r1rarazsG*+4;Mr3rac8eZdZddddddejffd ZxZS) SOARecordr>r?iXiQic 8tt|tj|_| |_||_||_tj } || _ || _ || _ || _ || _|| _|| _| |_dSrA)rBrfrCr DNS_TYPE_SOArErFrGrHsoarLrefreshretryexpiremnamernameminimumrI) rJrmrnrLrjrkrlrorMrFrirNs r1rCzSOARecord.__init__s i'')))&   hjj        r3rOrUs@r1rfrfsP,-s#tDr?ctt|tj|_||_||_||_tj }||_ ||_ ||_ ||_ ||_dSrA)rBrqrCr DNS_TYPE_SRVrErFrGrHsrv nameTargetwPort wPrioritywWeightrI) rJtargetportpriorityweightrLrMrFrurNs r1rCzSRVRecord.__init__sq i'')))&   hjj     r3rOrUs@r1rqrqsL./A3(          r3rqc0eZdZddejffd ZxZS) TXTRecordr>r?c tt|tj|_||_||_||_tj }t||_ ||_ ||_ dSrA)rBrrCr DNS_TYPE_TXTrErFrGrH string_listlencountr+rI)rJslistrLrMrF stringlistrNs r1rCzTXTRecord.__init__sm i'')))&   %'' u::   r3rOrUs@r1rrsG%&Cd6H          r3rc,eZdZejffd ZxZS) TypePropertyctt|d|_d|_t j|_||_dSNr>) rBrrC wDataLengthversionr DSPROPERTY_ZONE_TYPEidrI)rJ zone_typerNs r1rCzTypeProperty.__init__sC lD!!**,,, + r3)rPrQrRr DNS_ZONE_TYPE_PRIMARYrCrTrUs@r1rrsC!%!;r3rc,eZdZejffd ZxZS)AllowUpdatePropertyctt|d|_d|_t j|_||_dSr) rBrrCrrr DSPROPERTY_ZONE_ALLOW_UPDATErrI)rJ allow_updaterNs r1rCzAllowUpdateProperty.__init__sD !4((11333 3  r3)rPrQrRr DNS_ZONE_UPDATE_SECURErCrTrUs@r1rrsC$($?!!!!!!!!!!r3rc eZdZdfd ZxZS)SecureTimePropertyrctt|d|_d|_t j|_||_dSr) rBrrCrrr DSPROPERTY_ZONE_SECURE_TIMErrI)rJ secure_timerNs r1rCzSecureTimeProperty.__init__sD  $''00222 2 r3rrPrQrRrCrTrUs@r1rrs=          r3rc eZdZdfd ZxZS)NorefreshIntervalPropertyrctt|d|_d|_t j|_||_dSr) rBrrCrrr "DSPROPERTY_ZONE_NOREFRESH_INTERVALrrI)rJnorefresh_intervalrNs r1rCz"NorefreshIntervalProperty.__init__sD '..77999 9& r3rrrUs@r1rrs=''''''''''r3rc eZdZdfd ZxZS)RefreshIntervalPropertyrctt|d|_d|_t j|_||_dSr) rBrrCrrr DSPROPERTY_ZONE_REFRESH_INTERVALrrI)rJrefresh_intervalrNs r1rCz RefreshIntervalProperty.__init__sD %t,,55777 7$ r3rrrUs@r1rr=%%%%%%%%%%r3rc eZdZdfd ZxZS)AgingStatePropertyrctt|d|_d|_t j|_||_dSr) rBrrCrrr DSPROPERTY_ZONE_AGING_STATErrI)rJ aging_enabledrNs r1rCzAgingStateProperty.__init__sD  $''00222 2! r3rrrUs@r1rrs=""""""""""r3rc eZdZdfd ZxZS)AgingEnabledTimePropertyrctt|d|_d|_t j|_||_dSr) rBrrCrrr "DSPROPERTY_ZONE_AGING_ENABLED_TIMErrI)rJnext_cycle_hoursrNs r1rCz!AgingEnabledTimeProperty.__init__sD &--66888 9$ r3rrrUs@r1rrrr3rc ,d|z}d|z}t|} t|td|t| dd|t krAt|td|t| ddt tj} tj || } t|} t|} t|td|| | ||t| dt| ddt|td|||d |t krt tj}tj || }t|td|||||t| dt| ddt|td|||d dSdS) NzDC=DomainDnsZones,%szDC=ForestDnsZones,%sz"provision_dnszones_partitions.ldifutf8)ZONE_DNSECDESCzprovision_dnszones_add.ldif)r ZONE_GUIDZONE_DNSCONFIGDNSERVERDNLOSTANDFOUND_DESCRIPTORINFRASTRUCTURE_DESCRIPTORzprovision_dnszones_modify.ldif)rrr)rrrrdecoderr+uuiduuid4r)r7canonical_ex_strstriprrr)r- domainsidr.forestdnconfigdnserverdn fill_level domainzone_dn forestzone_dn descriptordomainzone_guiddomainzone_dnsprotected1_descprotected2_descforestzone_guidforestzone_dnss r1setup_dns_partitionsrs*X5M*X5M-i88J5*%IJJ Z((//77MM^##uj)MNN$ ,,33F;;Q Q    $*,,''OVE=11BBDDJJLLN=iHHO=iHHO5*%BCC $"#,_#=#=#D#DV#L#L%.%?%?%F%Fv%N%NFFeZ(HII LL ^##djll++}55FFHHNNPPuj)FGG$(&  '0'A'A'H'H'P'P)2?)C)C)J)J6)R)RJ J     %,L!M!M  $P P      $#r3cFt|tdd|idS)Nzprovision_dns_accounts_add.ldifDOMAINDN)rr)r-r.s r1add_dns_accountsr6s65*%FGGHJr3Fc Ndt|i}|durt||}nt||}tjtj|d|d|}ddg|d<tj|tjd |d <||dS) N DnsAdminsT)name_mapzCN=MicrosoftDNS,,top container objectClassnTSecurityDescriptor) r+rrr)Messager7MessageElement FLAG_MOD_ADDadd) r-r.prefix domain_sidr:forestrsd_valmsgs r1add_dns_containerr<sS//0H ~~8BJLLL9BJLLL +cfUUvvvxx$PQQ R RC-C  63#31 3 3 IIcNNNNNr3c i}d|d<d|d<d|d<d|d<d |d <d |d <d |d<d|d<d|d<d|d<d|d<d|d<d|d<i}d|d<d|d<d|d<d|d<d|d <d |d <d!|d<d"|d<d#|d<d$|d<d%|d<d&|d<d'|d<d(|d)|}tjtj||}g}|t t t j*|t tt j +|t t|t t|t t|t t|t td,d-g|d.<tjd/tjd0|d0<tj|tjd1|d1<||g}|D]?} |t t%| d2d2t j3@tjtj|d4|z}d,d5g|d.<tj|tjd6|d6<|||D]} t t)|| d2d2t j3g}tjtj|d7| d)|}d,d5g|d.<tj|tjd6|d6<||dS)8Nz 198.41.0.4za.root-servers.netz192.228.79.201zb.root-servers.netz 192.33.4.12zc.root-servers.netz 199.7.91.13zd.root-servers.netz192.203.230.10ze.root-servers.netz 192.5.5.241zf.root-servers.netz 192.112.36.4zg.root-servers.netz 198.97.190.53zh.root-servers.netz 192.36.148.17zi.root-servers.netz 192.58.128.30zj.root-servers.netz 193.0.14.129zk.root-servers.netz 199.7.83.42zl.root-servers.netz 202.12.27.33zm.root-servers.netz2001:503:ba3e::2:30z2001:500:84::bz 2001:500:2::cz2001:500:2d::dz2001:500:a8::ez2001:500:2f::fz2001:500:12::d0dz2001:500:1::53z 2001:7fe::53z2001:503:c27::2:30z 2001:7fd::1z2001:500:9f::42z 2001:dc3::35z"DC=RootDNSServers,CN=MicrosoftDNS,r)r)rrdnsZonerZonecn dNSPropertyr)rLrMrFDC=@,%sdnsNode dnsRecordDC=)r)rr7appendrrr DNS_ZONE_TYPE_CACHErDNS_ZONE_UPDATE_OFFrrrrrrrrraDNS_RANK_ROOT_HINTr=) r-r.r rootserversrootservers_v6 container_dnrpropsrecordrservers r1add_rootserversrMsK(4K$%(8K$%(5K$%(5K$%(8K$%(5K$%(6K$%(7K$%(7K$%(7K$%(6K$%(5K$%(6K$%N+@N'(+;N'(+:N'(+;N'(+;N'(+;N'(+=N'(+;N'(+9N'(+?N'(+8N'(+ >C+C )BKPPC  IIcNNN7;w#7qtOfggghhik#&ggg||(LMMNN#Y/M-fc6F TTK #r3c|d|}g}t|d|z} |t| t|} |t| |1t |} |t| |1t |} |t| t jt j|d|z} ddg| d<t j |t j d| d<| | dS)N.z hostmaster.%srrrrr) rfrrrar=rWr)rr7rrr)r-rrhostname dnsdomainhostiphostip6 fqdn_hostname at_records at_soa_record at_ns_record at_a_recordat_aaaa_recordrs r1 add_at_recordrs.'xx3MJm_y-HIIMh}--...M**Lh|,,--- foo (;//000#G,,(>22333 +cfUI $<== > >C+C )*c6F TTC  IIcNNNNNr3ct||}tjtj||d|}ddg|d<tjt |tjd|d<||dSNrrrrr)rqr)rr7rrrr)r-rrhostr{ srv_recordrs r1add_srv_recordr s~4&&J +cfUvvv||$DEE F FC+C )(:*>*>@PR]^^C  IIcNNNNNr3ct|}tjtj||d|}ddg|d<tjt |tjd|d<||dSr)rar)rr7rrrrr-rrr  ns_recordrs r1 add_ns_recordrszI +cfUvvv||$DEE F FC+C )(9*=*=s?OQ\]]C  IIcNNNNNr3c,t|tj}tjtj||d|}ddg|d<tjt|tjd|d<| |dS)N)rFrrrrr) rar DNS_RANK_NS_GLUEr)rr7rrrrr s r1add_ns_glue_recordrsD$9:::I +cfUvvv||$DEE F FC+C )(9*=*=s?OQ\]]C  IIcNNNNNr3ct|}tjtj||d|}ddg|d<tjt |tjd|d<||dSr)r\r)rr7rrrr)r-rrr  cname_recordrs r1add_cname_recordrs|t$$L +cfUvvv||$DEE F FC+C )(<*@*@#BRT_``C  IIcNNNNNr3cg}|r1t|}|t||r1t|}|t||rmt jt j||d|}ddg|d<t j|tjd|d<| |dSdSr) r=rrrWr)rr7rrr) r-rrrr host_recordsa_record aaaa_recordrs r1add_host_recordrsL 06??HX..///3 )) H[11222k#&666<<(HIIJJ#Y/M-lCzsecrets_dns.ldifzutf-8rr)REALM DNSDOMAIN DNS_KEYTAB DNSPASS_B64KEY_VERSION_NUMBERHOSTNAMEDNSNAME)osunlinkpathjoinOSErrorrrrencoderr+r netbiosnamelowerr) secretsdbnames private_dir binddns_dirrealmrdns_keytab_pathdnspasskey_version_numbers r1secretsdb_setup_dnsrNs  "',,{O<<=== "',,{O<<====      !i$677")$W^^G%<%<==DDVLL"%&8"9"9!''))))5?+@+@+B+B+BD : :     sA$A'' A43A4ctj|j} t j|dn#t $rYnwxYwtj|d|jt tj |d|jtj |ddS#t $r4dtj vr"| d||jfzYdSYdSwxYwdS)zx(Re)create the DNS directory and chown it to bind. :param logger: Logger object :param paths: paths object TNSAMBA_SELFTEST!Failed to chown %s to bind gid %u) r>r@dirnamednsshutilrmtreerBmkdirbind_gidchownchmodenvironerror)loggerpathsdns_dirs r1create_dns_dirras gooei((G  gt$$$$      HWe ~! . HWb%. 1 1 1 HWe $ $ $ $ $ . . .rz11 @U^D--......211 . "!s!< A A )0B7CCc Rtj|j|j}tj|j|j}tj|rtj|rM tj|n7#t$r*}| d|d|j Yd}~nd}~wwxYw tj ||n:#t$r-}| d|d|d|j Yd}~nd}~wwxYw|j tj |jdtj|jd|j n?#t$r2dtjvr!|d |j|j YnwxYw tj |d tj|d|j dS#t$r1dtjvr|d ||j YdSYdSwxYwdSdS) zhCreate link for BIND to DNS keytab :param logger: Logger object :param paths: paths object zFailed to remove z: NzFailed to create link z -> rPrQrRrSi)r>r@rArH dns_keytabrIisfiler?rBr]strerrorlinkrYr[rZr\info)r^r_private_dns_keytab_pathbind_dns_keytab_pathes r1create_dns_dir_keytab_linkrks !gll5+NOO7<<(95;KLL w~~-..F 7>>. / / A A .//// A A A 222AJJ@AAAAAAAA A  V G+-A B B B B V V V LLL1113G3G3GU V V V V V V V V V > % C*E222*B???? C C C#2:55KK C % 15>CCC C F-u555-r5>BBBBB F F F#2:55KK C 4enFFFFFF655 F7FF & %sTB** C4 CC"C88 D/#D**D/::E559F10F150G''4H"!H"c :t| tsJ|d|z} |dz|z} d|z}nd} d} d}|d|z}|dz|z}d|z}nd}d}d}ttd |j|||||| t jd | | | | ||d |j tj |jd |jtj |jd dS#t$r9dtj vr'| d|j|jfzYdSYdSwxYwdS)aWrite out a DNS zone file, from the info in the current database. :param paths: paths object :param dnsdomain: DNS Domain name :param domaindn: DN of the Domain :param hostip: Local IPv4 IP :param hostip6: Local IPv6 IP :param hostname: Local hostname :param realm: Realm name :param domainguid: GUID of the domain. :param ntdsguid: GUID of the hosts nTDSDSA record. Nz IN AAAA z IN AAAA z#gc._msdcs IN AAAA z IN A z IN A z gc._msdcs IN A zprovision.zonez%Y%m%d%H) r<r8r7HOSTIP_BASE_LINEHOSTIP_HOST_LINE DOMAINGUID DATESTRING DEFAULTSITENTDSGUIDHOSTIP6_BASE_LINEHOSTIP6_HOST_LINEGC_MSDCS_IP_LINEGC_MSDCS_IP6_LINErQirRrS) isinstancer+rrrUtimestrftimerYr>rZr[rBr\r])lpr^r_ targetdirrrrrrJr0r3r/hostip6_base_linehostip6_host_linegc_msdcs_ip6_linehostip_base_linehostip_host_linegc_msdcs_ip_lines r1create_zone_filers j# & &&&&5?$'<} t|  d\} }|| | <?t}d| dvr!t| ddd}|j }tj|| |} tj| t|d|d |}t#j|}|d tj }||dd |z}t)t+|d }t/|t1d|j |t||dt/|t1ddn#|dxYw| |=d|j z}d|j z}| |}| |}d} tjtj||tj| |tjtj||tj|||dkrWtjtj||dztj||dz|rtjtj||tj|||dkrWtjtj||dztj||dzn$#t:$r|dwxYw| |=|r| |= t=tj|dtj|d| D]} | | }|dkrMt?tj||tj||]t=tj||tj||n#|dxYw|j  tj!|D]\}}}|D]R} tj|| }!tj"|!d|j tj#|!dS|D]g}"|"$drPtj||"}#tj"|#d|j tj#|#dhdS#t:$r*dtj%vr|dYdSYdSwxYwdtj%vr|&ddSdS) zRCreate a copy of samdb and give write permissions to named for dns partitions z sam.ldb.dz @PARTITION partition backendStorer$r:wz://z @INDEXLIST)r%r&zobjectGUID: %s -rzprovision_basedn.ldif)rrp DOMAINSID DESCRIPTORzprovision_basedn_options.ldifNz>Failed to setup database for BIND, AD based DNS cannot be usedzDC=DOMAINDNSZONES,%szDC=FORESTDNSZONES,%sz metadata.tdbmdbz-lockzsam.ldbrQrP)z.ldbz.tdbzldb-lockirRz9Failed to set permissions to sam.ldb* files, fix manuallyz\Unable to find group id for BIND, set permissions to sam.ldb* files manually)'rHr>r@rArTrUr(r)r*r+splitupperr r.rXopenclosesambaLdbrrrrrrr]rootdngetrfrBrrrYwalkrZr[endswithr\warning)$r-r^r_rGrr0rH samldb_dirr`dns_samldb_dirpartfiler/tmpncfname backend_storer.domainpart_filedom_urldom_ldb index_resdomainguid_linedescr domainzonedn forestzonedndomainzone_fileforestzone_file metadata_filepfilerTdirsfilesddpathffpaths$ r1create_samdb_copyr>s#Kk;77Jgooei((GW\\';77NH ,,L ^)>:  < 21566 ~##%%Hgll7HX,>??O     _c""((*** -}}oo>)G$$LLl#.LII  IaL!!!- :/ ::;;BB6JJw +B C C)Y F!F! " " " w!"ABBD J J J J L N N N  *EN,@,@,B,BBL)EL,>,>,@,@@L|,Oll<00O"M  Z77 ^];; = = =  [/:: Wo66 8 8 8 E ! ! GBGLLo.GHHGLL/G*CDD F F F  J GBGLLo>>GLL/:: < < <%% [/G2KLL Wo.GHHJJJ  L N N N  # \ "k955gy11 3 3 3 7 7BRLE%%k599gu557777k599gu557777  7 L N N N  ~! Q(*(8(8 / /$u++AGLL!44EHUB777HUE****//Azz">??/ " Wa 8 8EN;;;... / / / Q Q Qrz11 OQQQQQQ211 Q 2: - - NN> ? ? ? ? ? . -s:DI--J#F/R!R4C8V99WCZ99-[-,[-cttd|jdttd|jddS)z Write out a dns_update_list filedns_update_listNspn_update_list)rrrr)r{r^r_s r1create_dns_update_listrsFz+,,e.CTJJJz+,,e.CTJJJJJr3cddlm}|dkrttd|j|||jdd|dddz|j|jd ttd |jdS|d kr"tj d gd tj tj d d}t|}d}d}d} d} d} d} d} d}|ddkrd}n=|ddkrd}n|ddkrd} n|ddkrd} n|ddkrd} n|ddkrd} nR|ddkrd} n#|ddkrd}n|ddkr |d|ddkr |d|ddkr |d|ddkr |d|d |jzttd!|j|jt$j||| | | | | |d" dSdS)#acWrite out a file containing zone statements suitable for inclusion in a named.conf file (including GSS-TSIG configuration). :param paths: all paths :param realm: Realm name :param dnsdomain: DNS Domain name :param dns_backend: DNS backend type :param keytab_name: File name of DNS keytab file :param logger: Logger object r)ProvisioningErrorBIND9_FLATFILEz named.confz*.rr>N)r8r7 ZONE_FILEREALM_WC NAMED_CONFNAMED_CONF_UPDATEznamed.conf.update BIND9_DLZznamed -VT)shellstdoutstderrcwd#zBIND 9.8rQrmzBIND 9.9z BIND 9.10z BIND 9.11z BIND 9.12z BIND 9.14z BIND 9.16z BIND 9.18zBIND 9.7z&DLZ option incompatible with BIND 9.7.z BIND_9.13z/Only stable/esv releases of BIND are supported.z BIND_9.15z BIND_9.17z0BIND version unknown, please modify %s manually.znamed.conf.dlz) r MODULESDIRBIND9_8BIND9_9BIND9_10BIND9_11BIND9_12BIND9_14BIND9_16BIND9_18)samba.provisionrrr namedconfrUrArnamedconf_update subprocessPopenPIPESTDOUT communicater!rfindrrparam modules_dir)r_rJr dns_backendr^r bind_infobind9_8bind9_9bind9_10bind9_11bind9_12bind9_14bind9_16bind9_18s r1create_named_confrs"211111&&&:l++U_!*"!& $sxx C0@0@0D'E'E E"'/).)? ??    :122E4JKKKKK  # #$j\,6O,6,=),.../:kmmA? y))  ??   ! !* - - 3 3GG __   # #J / /2 5 5GG __   # #K 0 0B 6 6HH __   # #K 0 0B 6 6HH __   # #K 0 0B 6 6HH __   # #K 0 0B 6 6HH __   # #K 0 0B 6 6HH __   # #K 0 0B 6 6HH __   # #J / /2 5 5##$LMM M __   # #K 0 0B 6 6##$UVV V __   # #K 0 0B 6 6##$UVV V __   # #K 0 0B 6 6##$UVV V NNMPUP__ ` ` `:.//"'/"'+"9"9";";&& ( ( ( ( ( ( C C     Q $ #r3c ttd|||||tj|||ddS)abWrite out a file containing zone statements suitable for inclusion in a named.conf file (including GSS-TSIG configuration). :param path: Path of the new named.conf file. :param realm: Realm name :param dnsdomain: DNS Domain name :param binddns_dir: Path to bind dns directory :param keytab_name: File name of DNS keytab file z named.txt)r8r=r7r9DNS_KEYTAB_ABS PRIVATE_DIRN)rrr>r@rA)r@rJrdnsnamerI keytab_names r1create_named_txtr#sXz+&&"% gll; DD& //r3c |dvS)N)rrSAMBA_INTERNALNONE)rs r1is_valid_dns_backendr8s S SSr3c6t|cxko tkncSrA)r r)os_levels r1is_valid_os_levelr<s% "h I I I I2I I I I IIr3cNt||d||t||ddSNz CN=System)rr)r-rrr:s r1create_dns_legacyr@s0eX{I}MMME8[11111r3c Zt||d|||t||d|||||dSr)r"r1) r-rrrr/rrrr:s r1fill_dns_data_legacyrGsReX{Iy#%%%%;i"FG55555r3c t|||||j|j|t||d|||tkrt||d||ddSdS)Nr-r.T)r)rrrrr)r-rrGr.rr:rs r1create_dns_partitionsrRs 8XEEEeX':I#%%%^##%+> ' 6 6 6 6 6 6$#r3Tc |rt||dt||d||| | rt||d||||| |tkr.t ||d|| rt ||d||||| | | dSdSdS)aFill data in various AD partitions :param samdb: LDB object connected to sam.ldb file :param domainsid: Domain SID (as dom_sid object) :param site: Site name to create hostnames in :param domaindn: DN of the domain :param forestdn: DN of the forest :param dnsdomain: DNS name of the domain :param dnsforest: DNS name of the forest :param hostname: Host name of this DC :param hostip: IPv4 addresses :param hostip6: IPv6 addresses :param domainguid: Domain GUID :param ntdsguid: NTDS GUID :param dnsadmins_sid: SID for DnsAdmins group :param autofill: Create DNS records (using fixed template) r-r.N)rr"r1rr&r5)r-rr/r.rrr%rrrr0r3r:autofillradd_roots r1fill_dns_data_partitionsr`s0>x)<===eX':I000DeX/BD'67 D D D^## *=yIII  7 2Et!*Hfg!+X 7 7 7 7 7$#  7 7r3ct|std|zt|std|z|dkr|ddS|dt ||j|j}|}|j }|}|j }|j }t||}t||}| |d|zt||j|||t"kr5|d|zt%||j||||| | | nz|d vrv|t&krk|d t)||j||||| |d t+||j||||||| | ||j|| |n#|xYw|d rt5||||||||||| | | | dSdS)aWProvision DNS information (assuming GC role) :param samdb: LDB object connected to sam.ldb file :param secretsdb: LDB object connected to secrets.ldb file :param names: Names shortcut :param paths: Paths shortcut :param lp: Loadparm object :param logger: Logger object :param dns_backend: Type of DNS backend :param os_level: Functional level (treated as os level) :param dnspass: Password for bind's DNS account :param hostip: IPv4 address :param hostip6: IPv6 address :param targetdir: Target directory for creating DNS-related files for BIND9 Invalid dns backend: %rInvalid os level: %rrz'No DNS backend set, not configuring DNSNzAdding DNS accountsz%Creating CN=MicrosoftDNS,CN=System,%sz'Populating CN=MicrosoftDNS,CN=System,%s)rrz5Creating DomainDnsZones and ForestDnsZones partitionsz7Populating DomainDnsZones and ForestDnsZones partitions)rBIND9_)r/rLrrr|r)r Exceptionrrgrr.get_root_basednget_linearizedrrEsitenamerDr;r2transaction_startrrr rr rrr3transaction_committransaction_cancel startswithsetup_bind9_dns)r-rFrGr_r{r^rrrLrrr|rrr.rrr%r/rr:r0s r1 setup_ad_dnsrs& , ,A1K?@@@ X & &;.9:::f =>>> KK%&&&UEN+++"~H$$&&5577H%%''II >D &&((H%eX66Mx00J # ;hFGGG%(MJJJ . . . KKAHL M M M 9d!)67M K K K K; ; ;333 KKO P P P !%%8"/ = = = KKQ R R R $UEOT8X%. 8VW%/0: < < < <   """"    """ h''5y%F#XD'RX '9&3 5 5 5 5 5 555s 'C)H%%H<cdt|r|dstd|zt|std|z|j}t ||}t |||j|j|j |j |j | |  t||t|||dkr/t|||| ||j | | |j|j ||j |dkr$|t"krt%|||||j|t)||j |j ||t+|j|j |j |jd |j |j|j |d |j|d |jd S)aProvision DNS information (assuming BIND9 backend in DC role) :param samdb: LDB object connected to sam.ldb file :param secretsdb: LDB object connected to secrets.ldb file :param names: Names shortcut :param paths: Paths shortcut :param lp: Loadparm object :param logger: Logger object :param dns_backend: Type of DNS backend :param os_level: Functional level (treated as os level) :param site: Site to create hostnames in :param dnspass: Password for bind's DNS account :param hostip: IPv4 address :param hostip6: IPv6 address :param targetdir: Target directory for creating DNS-related files for BIND9 rrr)rJrrKrLrMr)r/rrrrrJr0r3r)rJrrr^r)rJrrrIrz9See %s for an example configuration include file for BINDz@and %s for further documentation required for secure DNS updatesN)rrrrr.r2rNrHrIrJrrcrarkrrr3r rrrrnamedtxtrgr)r-rFrGr_r{r^rrr/rLrrr|rMrr.r0s r1rrs* ! - -A  " "8 , ,A1K?@@@ X & &;.9:::~Hx00J 5))#k"'/(-(8'+= ????65!!!vu---&&&VUID#(?6!(5>${z"'.  2 2 2 2 k!!h2I&I&I%* > > >e5; %[#%%%%U^ ;%/(-H!&!2!&!1 3333  KKK!!! KK >+++++r3)F)NNNNNNN)a__doc__r>rrVryr)base64rrrsamba.tdb_utilrsamba.mdb_utilr samba.ndrrrr samba.dcerpcr r r samba.dsdbr r rrrrsamba.descriptorrrrrrrsamba.provision.commonrrrrrrrr samba.samdbr samba.commonr!r2r;DnssrvRpcRecordr=rWr\rarfrqr DnsPropertyrrrrrrrrrrrrr rrrrr"r&r1r5rNrarkrrrrrrrrrrrrrrr3r1rs*  ############********----------                    211111###### "d"%$&t#$($"     $   4#!!!!!$*!!!     )   ''''' 0'''%%%%%d.%%%""""")"""%%%%%t/%%%5 5 5 p "DDDN<   DZZZz2$2$2$j>...4'F'F'FT;0;0;0|E?E?E?PKKKRRRj*TTTJJJ222555 6 6 6 LP(1D-7-7-7-7b15T4ITb5b5b5b5LLPEI"&B+B+B+B+B+B+r3