%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/samba/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/samba/__pycache__/join.cpython-312.pyc

�

�I�d�@��L�dZddlmZddlmZddlmZmZmZm	Z	m
Z
ddlZddlZddlZddl
mZmZddlmZmZmZmZmZmZmZmZddlmZdd	lmZmZdd
lmZm Z m!Z!m"Z"m#Z#m$Z$ddl%m&Z&ddl'm(Z(dd
lm)Z)ddl*m+Z+ddl,m-Z-ddlm.Z.ddlm/Z/ddl0m1Z1ddlm2Z2m3Z3ddlm4Z4ddl5m6Z6m7Z7m8Z8ddl9Z9ddl:Z:ddl;Z;ddl<Z<ddl=Z=ddl>Z>ddl?m@Z@ddlAmBZBddlCmDZDddlmEZEmFZFGd�deG�ZHGd�deI�ZJ						d%d�ZK						d%d�ZL				d&d �ZMGd!�d"eJ�ZNGd#�d$eN�ZOy)'zJoining a domain.�)�system_session)�SamDB)�gensec�Ldb�	drs_utils�arcfour_encrypt�string_to_byte_arrayN)�ndr_pack�
ndr_unpack)�security�drsuapi�misc�nbt�lsa�drsblobs�	dnsserver�dnsp)�DS_DOMAIN_FUNCTION_2003)�Credentials�DONT_USE_KERBEROS)�secretsdb_self_join�	provision�provision_fill�FILL_DRS�FILL_SUBDOMAIN�DEFAULTSITE)�
setup_path)�Schema)�
descriptor)�Net)�setup_bind9_dns)�read_and_sub_file)�werror)�	b64encode)�WERRORError�
NTSTATUSError)�sd_utils)�ARecord�
AAAARecord�CNAMERecord)�OrderedDict)�
get_string)�CommandError)�dsdb�functional_levelc���eZdZ�fd�Z�xZS)�DCJoinExceptionc�2��tt|�d|z�y)NzCan't join, error: %s)�superr1�__init__)�self�msg�	__class__s  ��,/usr/lib/python3/dist-packages/samba/join.pyr4zDCJoinException.__init__:s���
�o�t�-�.E��.K�L�)�__name__�
__module__�__qualname__r4�
__classcell__�r7s@r8r1r18s���M�Mr9r1c��eZdZdZ							d&d�Zd'd�Zd'd�Zd'd�Zd�Zd�Z	d	�Z
d
�Zd�Zd�Z
d
�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd(d�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Z d �Z!d!�Z"d"�Z#d#�Z$d$�Z%d%�Z&y))�
DCJoinContextzPerform a DC join.Nc�<�||_||_||_||_||_|
|_|
|_||_||_||_	d|_
g|_g|_|jj|j�tj z�t#|j|j��|_||_||_|r#||_|j*j,|_n�|j&r#|�}|j/|j&�|_n\|jj1d|z�|j3|�|_|jj1d|j&z�t5d|j&zt7�|j|j��|_|j�t8|_	|j*j;t<j>g��tG|j*jI��|_%tG|j*jM��|_'tG|j*jQ��|_)tG|j*jU��|_+tYjZ|j*j]��|_/|j^|_0|jc�|_2|jg�|_4tkjltGtojp���|_9|j*ju�|_;|jy�|_=|j}�|_?|	�|	|_@nt�j�dd�|_@|j*j��|_D|�r�||_Ed|j�z|_Fd	|j��d
|j�d|jV��|_Gd|j�z|_Hd	|j��d
|jJ��|_I|j�j���d|j���|_K|j*j��|_Md|jJz}|j�|�rd	|j��d|��|_Ond|_Od|j�zd|j�zd|j��d|j���g|_P|j*j;t<j>dg|jJ��}|ddd|_Qd|jJz|_Rd|jNz|_Sdt=j�|j��z}|j*j;t<j�g|j*j��|��}|�d|_Wn(t�|�dk(rd|_Wt�d�n||_W|j�|_Zd|_[t�j�t�j�zt�j�zt�j�zt�j�z|_bd|_cd|_dd|_ed|_fd|_gd|_\d|_hd|_id|_jd|_kd|_ld|_md|_ny#t<j@$r}|jB\}}tE|��d}~wwxYw)N)�creds�lpz&Finding a writeable DC for domain '%s'zFound DC %s�	ldap://%s��url�session_info�credentialsrC��scope�attrs�x�%s$�CN=z,CN=Servers,CN=z
,CN=Sites,zCN=NTDS Settings,%sz,OU=Domain Controllers,�.zGCN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,%s�,zHOST/%szGC/�/�rIDManagerReference)rJrK�baserzDC=DomainDnsZones,%szDC=ForestDnsZones,%s�$(&(objectClass=crossRef)(ncName=%s))�rJrKrS�
expression�NONEzCNO DNS zone information found in source domain, not replicating DNSF)o�loggerrBrC�site�	targetdir�	use_ntvfs�plaintext_secrets�
backend_store�backend_store_size�promote_existing�promote_from_dn�nc_list�full_nc_list�set_gensec_features�get_gensec_featuresr�FEATURE_SEALr �net�server�forced_local_samdb�samdbrF�find_dc_site�info�find_dcrrr�search�ldb�
SCOPE_BASE�LdbError�argsr1�str�get_default_basedn�base_dn�get_root_basedn�root_dn�get_schema_basedn�	schema_dn�get_config_basedn�	config_dnr�dom_sid�get_domain_sid�domsid�	forestsid�get_domain_name�domain_name�get_forest_domain_name�forest_domain_namer�GUID�uuid�uuid4�
invocation_id�get_dsServiceName�
dc_ntds_dn�get_dnsHostName�dc_dnsHostName�get_behavior_version�behavior_version�	acct_pass�samba� generate_random_machine_password�domain_dns_name�	dnsdomain�myname�samname�	server_dn�ntds_dn�acct_dn�lower�dnshostname�forest_dns_name�	dnsforest�	dn_exists�topology_dn�SPNs�rid_manager_dn�domaindns_zone�forestdns_zone�
binary_encode�SCOPE_ONELEVEL�get_partitions_dn�dns_backend�len�print�realm�	tmp_samdbr
�DRSUAPI_DRS_INIT_SYNC�DRSUAPI_DRS_PER_SYNC�DRSUAPI_DRS_GET_ANC�DRSUAPI_DRS_GET_NC_SIZE�DRSUAPI_DRS_NEVER_SYNCED�
replica_flags�never_reveal_sid�
reveal_sid�
connection_dn�RODC�	krbtgt_dn�	managedby�	subdomain�	adminpass�partition_dn�dns_a_dn�dns_cname_dn�
force_all_ips)�ctxrXrgrBrCrY�netbios_namerZ�domain�machinepassr[r�r_r\r]r^rh�e�enum�estr�
topology_base�res_rid_manager�expr�
res_domaindnss                        r8r4zDCJoinContext.__init__As�����
���	�������!��
�!��
� 1���)���!3���/���"����������	�	�%�%�e�&?�&?�&A�F�DW�DW�&W�X��C�I�I�#�&�&�1�����
�!3����*�C�I������C�J��z�z��<�"�/�/��
�
�;�C�H��
�
��� H�6� Q�R� �[�[��0��
��
�
���
��
�
� :�;��+��
�
�":�+9�+;�*-�)�)����@�C�I��8�8��"�C�H�	(��I�I���3�>�>���<�
�#�)�)�6�6�8�9����#�)�)�3�3�5�6����C�I�I�7�7�9�:��
��C�I�I�7�7�9�:��
��%�%�c�i�i�&>�&>�&@�A��
��
�
��
��-�-�/���!$�!;�!;�!=��� �I�I�c�$�*�*�,�&7�8������4�4�6��� �0�0�2���"�7�7�9����"�'�C�M�!�B�B�3��L�C�M��	�	�1�1�3��
��%�C�J��#�*�*�,�C�K�DG�J�J�PS�PX�PX�Z]�Zg�Zg�h�C�M�/�#�-�-�?�C�K�>A�j�j�#�+�+�V�C�K�),���)9�)9�);�S�]�]�K�C�O��I�I�5�5�7�C�M�e�hk�hs�hs�s�M��}�}�]�+�03�
�
�M�"J���"&���!�C�J�J�.�!�C�O�O�3�&)�o�o�s�}�}�E�G�C�H�"�i�i�.�.�S�^�^�6K�5L�47�K�K�/�A�O�"1��!3�4I�!J�1�!M�C��3�c�k�k�A���3�c�k�k�A���5��8I�8I�#�J\�J\�8]�]���	�	�(�(�s�/A�/A�/1�.1�i�i�.I�.I�.K�48�)�:�
���$�C�O��=�!�Q�&�"(����[�\�"-����M�M��	���
�$�:�:�$�9�9�:�$�8�8�9�%�<�<�=�%�=�=�	>��� $������ ��������
������
���
���
����������"����A�|�|�	(��6�6�L�T�4�!�$�'�'��	(�s�+[)�)\�<\�\c�<�|rR	|jj|tjdg��}|D]}|j|jd���!	|jj|�td|z�y#t$rYywxYw#t$rYywxYw)N�dn�rSrJrKT��	recursivez
Deleted %s)	rirmrnr��	Exception�del_noerrorr��deleter�)r�r�r��res�rs     r8r�zDCJoinContext.del_noerror�s����
��i�i�&�&�B�c�6H�6H�QU�PV�&�W���
6����������5�
6�	��I�I���R� ��,��#�$��
�
��
���	��	�s#�-B�)B�	B�B�	B�Bc
��|jj|jj�dtj|j
�zddg��}t
|�dk(ry|s�t�}|j|j�	|j|j�|j|jj��td|jzt!�||j��}|jtj"dd	g�
�}|dd	d|dddk(rt%d|j
z��|j'|dj(d�
�|dj+dd��}|�"||_|j'|j,�|jj|jj�dtjd|j.z��dtjd|j0z��d�g��}|r |j'|dj(d�
�|jj|jj�dtjd|j.z�zg��}|rQt%dtjd|j.z��dtjd|j0z�����y#Y���xYw)N�sAMAccountName=%s�msDS-krbTgtLink�	objectSID�rSrVrKrrDrE��tokenGroups)rJrSrKz�Not removing account %s which looks like a Samba DC account matching the password we already have.  To override, remove secrets.ldb and secrets.tdbTr��msDS-KrbTgtLink)�idxz(&(sAMAccountName=�dns-%sz)(servicePrincipalName=zdns/%sz))z(sAMAccountName=%s)zNot removing account zU which looks like a Samba DNS service account but does not have servicePrincipalName=)rirmrsrnr�r�r�r�guessrC�set_machine_account�set_kerberos_staterB�get_kerberos_staterrgrror1r�r��get�
new_krbtgt_dnr�r�)r��forcer�rB�
machine_samdb�	token_resr�s       r8�cleanup_old_accountsz"DCJoinContext.cleanup_old_accounts�s����i�i���C�I�I�$@�$@�$B�*=��@Q�@Q�RU�R]�R]�@^�*^�&7��%E��G���s�8�q�=����M�E��K�K�����
9��)�)�#�&�&�1��(�(����)E�)E�)G�H� %�+��
�
�*B�3A�3C�27�C�F�F�!D�
�*�0�0�s�~�~�B�Wd�Ve�0�f�	��Q�<�
�.�q�1��!�f�[�)�!�,�-�)�+\�-0�K�K�	+8�9�9�	����A��	�	�T��2���F�J�J�0�a�J�8�	�� � )�C���O�O�C�-�-�.��i�i���C�I�I�$@�$@�$B� #� 1� 1�(�S�Z�Z�2G� H� #� 1� 1�(�S�_�_�2L� M�+O�&(�	�)��
��O�O�C��F�I�I��O�6��i�i���C�I�I�$@�$@�$B�*?�#�BS�BS�T\�_b�_i�_i�Ti�Bj�*j�%'��)���!�$'�#4�#4�X��
�
�5J�#K�#&�#4�#4�X����5O�#P�	#R�S�
S���=
��s
�A2K:�:K?c�h�|js|j|��|j�|j|j�|j�|j|j�|j|j
�|j|jd��|jr|j|j�|jr|j|j�|j�rdd}tjd|j�d|�d�|j|j�}tj�}tj�|_|j#d	|t$j&�}tj(�}|j*|_|j/||tj0�}|j3||j4j6�tj(�}|j8|_|j/||tj0�}|j3||j4j6�|j:r|j|j:�|j<r|j|j<�yy)
z$Remove any DNs from a previous join.)r�NTr��sign�
ncacn_ip_tcp:�[�]r�)r�r�r�r�r�r�r�r�r�r�lsarpcrgrCrB�ObjectAttribute�QosInfo�sec_qos�OpenPolicy2r�SEC_FLAG_MAXIMUM_ALLOWED�Stringr��string�QueryTrustedDomainInfoByName�!LSA_TRUSTED_DOMAIN_INFO_FULL_INFO�DeleteTrustedDomain�info_ex�sidr�r�r�)r�r��binding_options�lsaconn�
objectAttr�
pol_handle�namerks        r8�cleanup_old_joinzDCJoinContext.cleanup_old_joins����}�}��$�$�5�$�1����(��O�O�C�-�-�.��=�=�$��O�O�C�M�M�*�������$�����
�
���6��?�?��O�O�C�O�O�,�����O�O�C�,�,�-��=�=�$�O��j�j�#�*�*�o�!V�!$������4�G��,�,�.�J�!$����J�� �,�,�R�-7�-5�-N�-N�P�J��:�:�<�D��)�)�D�K��7�7�
�D�#�Jo�Jo�p�D��'�'�
�D�L�L�4D�4D�E��:�:�<�D��0�0�D�K��7�7�
�D�#�Jo�Jo�p�D��'�'�
�D�L�L�4D�4D�E��<�<��O�O�C�L�L�)�����O�O�C�,�,�-�r9c�z�|jrtd��|jj|jj	�dtj|j�zgd���}t|�dk(rtd|jz��d|dvsd|dvsd	|dvrtd
|jz��t|ddd�tjjtjjzzdk(rtd|jz��|dj|_y
)z]confirm that the account is just a bare NT4 BDC or a member server, so can be safely promotedz Can not promote into a subdomainr�)r��userAccountControl�serverReferenceBL�rIDSetReferencesr�rzcCould not find domain member account '%s' to promote to a DC, use 'samba-tool domain join' instead'r�r�r�zhAccount '%s' appears to be an active DC, use 'samba-tool domain join' if you must re-create this accountr�zZAccount %s is not a domain member or a bare NT4 BDC, use 'samba-tool domain join' instead'N)r�r�rirmrsrnr�r�r��intr�r.�UF_WORKSTATION_TRUST_ACCOUNT�UF_SERVER_TRUST_ACCOUNTr�r`�r�r�s  r8�promote_possiblezDCJoinContext.promote_possibleJsm���=�=��>�?�?��i�i���C�I�I�$@�$@�$B�*=��@Q�@Q�RU�R]�R]�@^�*^�%w��y���s�8�q�=��B�EH�EP�EP�P�Q�
Q���A��&�*=��Q��*G�K]�ad�ef�ag�Kg��G�JM�JU�JU�U�V�
V���A��+�,�Q�/�0�E�J�J�4[�4[�49�J�J�4V�4V�5W�
X�[\�
]��x�{~�|G�|G�G�H�
H�!�!�f�i�i��r9c���	|jj|tjtjztj
z��|_|jj�4|jjdk7r|jj|_|jjS#t$r#}td|�d|jd����d}~wt$rtd|z��wxYw)z(find a writeable DC for the given domain)r��flagsz*Failed to find a writeable DC for domain 'z': �Nz-Failed to find a writeable DC for domain '%s'r�)rf�finddcr�NBT_SERVER_LDAP�
NBT_SERVER_DS�NBT_SERVER_WRITABLE�	cldap_retr&r-rqr��client_siterY�pdc_dns_name)r�r��errors   r8rlzDCJoinContext.find_dc]s���	Y��G�G�N�N�&��@S�@S�VY�Vg�Vg�@g�jm�kB�kB�AB�N�C�C�M��=�=�$�$�0�S�]�]�5N�5N�RT�5T��}�}�0�0�C�H��}�}�)�)�)���	8�� &��
�
�1�
� 7�8�
8���	Y��N�QW�W�X�X�	Y�s�AB4�4	C6�=C�C6c���d}|jj|tjtjz��}|j
�|j
dk7r|j
}|S)N)�addressrr�)rfrrr	r
r
)r�rgrYrs    r8rjzDCJoinContext.find_dc_sitejs^�����G�G�N�N�6�),�)<�)<�s�?P�?P�)P�#�R�	�� � �,��1F�1F�"�1L��(�(�D��r9c���|jj|jtjdg��}d|dvrt|ddd�StjjS)N�msDS-Behavior-Versionr�r)	rirmrtrnrorr�r.�DS_DOMAIN_FUNCTION_2000rs  r8r�z"DCJoinContext.get_behavior_versionrs_���i�i���C�K�K�s�~�~�Ne�Mf��g��"�c�!�f�,��s�1�v�5�6�q�9�:�:��:�:�5�5�5r9c��|jjdtjdg��}t	|ddd�S)Nr��dnsHostNamer�r)rirmrnrorrrs  r8r�zDCJoinContext.get_dnsHostNameys<���i�i���B�c�n�n�]�O��T���3�q�6�-�(��+�,�,r9c�(�|jj�}|jj|tjdgdtj
t
|jj���z��}t
|ddd�S�z9get netbios name of the domain from the partitions record�nETBIOSNamez	ncName=%s)rSrJrKrVr)rir�rmrnr�r�rrrs�r��
partitions_dnr�s   r8rzDCJoinContext.get_domain_name}s|���	�	�3�3�5�
��i�i���M��9K�9K�Ta�Sb�*5��8I�8I�#�c�i�i�Nj�Nj�Nl�Jm�8n�*n��p���3�q�6�-�(��+�,�,r9c�(�|jj�}|jj|tjdgdtj
t
|jj���z��}t
|ddd�Sr)rir�rmrnr�r�rrrurs   r8r�z$DCJoinContext.get_forest_domain_name�s|���	�	�3�3�5�
��i�i���M��9K�9K�Ta�Sb�*5��8I�8I�#�c�i�i�Ng�Ng�Ni�Jj�8k�*k��m���3�q�6�-�(��+�,�,r9c��|jj|jgdtj|j
�tjtjjfz��}t|dj�S)z7get the parent domain partition DN from parent DNS namez9(&(objectclass=crossRef)(dnsRoot=%s)(systemFlags:%s:=%u)))rSrKrVr)rirmrzrnr��parent_dnsdomain�OID_COMPARATOR_ANDr�r.�SYSTEM_FLAG_CR_NTDS_DOMAINrrr�rs  r8�get_parent_partition_dnz%DCJoinContext.get_parent_partition_dn�sp���i�i���C�M�M��*e� #� 1� 1�#�2F�2F� G� #� 6� 6��
�
�8]�8]� _�+_��`���3�q�6�9�9�~�r9c��|jjdtjdg��}|ddd}t	|jjd|��S)zhget the SID of the connected user. Only works with w2k8 and later,
           so only used for RODC joinr�r�r�rr�)rirmrnror,�schema_format_value)r�r��binsids   r8�	get_mysidzDCJoinContext.get_mysid�sT���i�i���B�c�n�n�]�O��T���Q��
�&�q�)���#�)�)�7�7��V�L�M�Mr9c���	|jj|tjg��}y#tj$r-}|j
\}}|tjk(rYd}~y�d}~wwxYw)zcheck if a DN existsr�NFT)rirmrnrorprq�ERR_NO_SUCH_OBJECT)r�r�r��e5r�r�s      r8r�zDCJoinContext.dn_exists�sb��	��)�)�"�"��#�.�.��"�K�C����|�|�	��7�7�L�T�4��s�-�-�-����		�s�,/�A/�"A*�)A*�*A/c���td|jz�|jdttjj
tjjz�dd|jzd�}|jj|dg�|jj|jtjdg��}|d	dd	|_
td
|jz�tj�}tj|j|j �|_tj$|jtj&d�|d<|jj)|�d|j�d
|j*��|_td|j�d|j,���|jj/|j|j,�y)z#RODCs need a special krbtgt account�	Adding %s�user�TRUEz
krbtgt for %s)r��objectclass�useraccountcontrol�showinadvancedviewonly�description�
rodc_join:1:1�samAccountNamer�rzGot krbtgt_name=%sr�rN�
,CN=Users,z	Renaming z to N)r�r�rrr�r.�UF_NORMAL_ACCOUNT�UF_ACCOUNTDISABLEr�ri�addrmrnro�krbtgt_name�Message�Dnr�r��MessageElement�FLAG_MOD_REPLACE�modifyrtr��rename)r��recr��ms    r8�add_krbtgt_accountz DCJoinContext.add_krbtgt_account�sm��
�k�C�M�M�)�*��-�-�!�"%�e�j�j�&B�&B�&+�j�j�&B�&B�'C�#D�&,�*�S�[�[�8�
:��	�	�	�
�
�c�O�,�-��i�i���C�M�M����P`�Oa��b���a�&�!1�2�1�5���
�"�S�_�_�4�5��K�K�M���v�v�c�i�i����-���"�1�1�#�-�-�25�2F�2F�HY� [��
���	�	�����36�?�?�C�K�K�P���
�S�]�]�C�4E�4E�F�G��	�	�������(9�(9�:r9c�*�d}|jj�dk\r|dz
}d|j�d|�d�}tj||j|j�|_tj|j�\|_|_y)z.make a DRSUAPI connection to the naming master�seal�	�,printr�r�r�N)	rC�	log_levelrgr
rBr�
drs_DsBind�drsuapi_handle�bind_supported_extensions)r�r��binding_strings   r8�drsuapi_connectzDCJoinContext.drsuapi_connect�ss�� ���6�6�����"��x�'�O��25�*�*�o�N���o�o�n�c�f�f�c�i�i�H���>G�>R�>R�SV�S^�S^�>_�;��	�S�:r9c	��t|j|j��|_t	t�dd|j|jdd��|_|jj|j�y)z2create a temporary samdb object for schema queries)�schemadnNF)rGrF�auto_connectrHrC�
global_schema�am_rodc)
rr}rx�
tmp_schemarrrBrCr��
set_schema�r�s r8�create_tmp_samdbzDCJoinContext.create_tmp_samdb�s[����
�
�),���8����>�+;��TY�*-�)�)����e�&+�-��
�	�
�
� � ����0r9c�z�tj�}|jj|�|_d|_y)z$build a DsReplicaAttributeCtr objectrN)r
�DsReplicaAttributer��get_attid_from_lDAPDisplayName�attid�	value_ctr)r��attrname�	attrvaluer�s    r8�build_DsReplicaAttributez&DCJoinContext.build_DsReplicaAttribute�s-���&�&�(���-�-�>�>�x�H�����r9c	�f�|j�|j�|j�|j�g}|D�]0}tj�}|d|_g}|D]�}|dk(r�	t
||t�s||g}n||}|D�cgc]%}t
|t�r|jd�n|��'}}|jj|j||�}	|j|	���tj�}
t|�|
_||
_tj �}||_|
|_tj&�}||_|j|���3tj*�}
|d|
_|
j,}|ddD]}||_|}�
|jj1|j2d|
�\}}|dk(r�|j4tj6k7r#t9d|j4z�t;d��|j<dt>j@k7r#t9d	|j<z�t;d��|d
k(�r<|jBdk7rt;d|jBz��|jDjFdt>j@k7r�|jDjH�0t9d|jDjFdz�t;d��t9d
|jDjFd�d|jDjHj<���t;d��|jDj4tj6k7r-t9d|jDj4z�t;d��|jJScc}w)z,add a record via the DRSUAPI DsAddEntry callNr��utf8rr�z!DsAddEntry failed with dir_err %uzDsAddEntry failedz(DsAddEntry failed with status %s info %s�zexpected err_ver 1, got %uz.DsAddEntry failed with status %s, info omittedzDsAddEntry failed with status z info )&r
rJr�rS�DsReplicaObjectIdentifierr��
isinstance�listrr�encode�dsdb_DsReplicaAttribute�append�DsReplicaAttributeCtrr��num_attributes�
attributes�DsReplicaObject�
identifier�
attribute_ctr�DsReplicaObjectListItem�object�DsAddEntryRequest2�first_object�next_object�
DsAddEntryrG�dir_err�DRSUAPI_DIRERR_OKr��RuntimeError�extended_errr#�WERR_SUCCESS�err_ver�err_data�statusrk�objects)r��recsrzr>�idrK�a�v�x�rattrrkrm�list_object�req2�prev�o�level�ctrs                  r8rqzDCJoinContext.DsAddEntry�s?���;�;�����!��=�=� �� � �"����	(�C��2�2�4�B���I�B�E��E��	
$����9��!�#�a�&�$�/��Q���A��A��A�LM�N�q��A�s�);�Q�X�X�f�%��B�N��N��
�
�=�=�c�m�m�Q�PQ�R�����U�#�	
$�$�9�9�;�M�+.�u�:�M�(�',�M�$��,�,�.�F� "�F��#0�F� �!�9�9�;�K�!'�K���N�N�;�'�5	(�8�)�)�+��#�A�J���� � ������	�A� �D���D�	��{�{�-�-�c�.@�.@�!�T�J�����A�:��{�{�g�7�7�7��9�C�K�K�G�H�"�#6�7�7�����"�f�&9�&9�9��@�C�DT�DT�U�V�"�#6�7�7��A�:��{�{�a��"�#?�#�+�+�#M�N�N��|�|�"�"�1�%��)<�)<�<��<�<�$�$�,��J�c�l�l�Na�Na�bc�Nd�e�f�#�#6�7�7�����H[�H[�\]�H^�HK���HY�HY�Hf�Hf�h�i�"�#6�7�7��|�|�#�#�w�'@�'@�@��9�C�L�L�<P�<P�P�Q�"�#6�7�7��{�{���[Os�*N.c��td|jz�td|jfddttj
j�fd|jfg�}|j|j|jg}|jtj
jk\r-tj|j�}t|�|d<|jtj
jk\r|j|d<|jr(d|jz|d	<|j |d
<d|d<|Sd
|jz|d	<|jtj
jk\r|j |d<g|d<|D]%}||j vs�|dj#|��'d|d<t%|j&�|d<|S)z return the ntdsdsa object to addr*r�)r-�nTDSDSA�systemFlags�dMDLocationrzmsDS-HasDomainNCszCN=NTDS-DSA-RO,%s�objectCategoryzmsDS-HasFullReplicaNCs�37�optionszCN=NTDS-DSA,%szmsDS-HasMasterNCs�HasMasterNCs�1�invocationId)r�r�r+rrr�r.�#SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETErxrtrzr�rr/�dc_level_from_lprCr�rbrer
r�)r�r>ra�domainControllerFunctionality�ncs     r8�join_ntdsdsa_objzDCJoinContext.join_ntdsdsa_objs���	�k�C�K�K�'�(��
�3�;�;��&�
�C��
�
� N� N�O�P�
�C�M�M�*�	,�-���;�;��
�
�s�}�}�=�����5�:�:�#E�#E�E�
-=�,M�,M�c�f�f�,U�)�+.�/L�+M�C�'�(����5�:�:�#E�#E�E�'*�{�{�C�#�$��8�8�$7�#�-�-�$G�C� �!�,/�,<�,<�C�(�)�!�C�	�N�"�
�%5�s�}�}�$D�C� �!��#�#�u�z�z�'I�'I�I�+.�+;�+;��'�(�')�C����
3����)�)�)���'�.�.�r�2�
3�!�C�	�N�"*�3�+<�+<�"=�C����
r9c���|j�}|jr|jj|dg��n<|jr|jj|dg�n|j|g�|jj
|jtjdg��}tj|jjd|ddd��|_
y)zadd the ntdsdsa object�relax:0��controlsr1�
objectGUIDr�rN)r�rhrir6r�rqrmr�rnrorr�r#�	ntds_guid)r�r>r�s   r8�join_add_ntdsdsazDCJoinContext.join_add_ntdsdsaMs����"�"�$���!�!��I�I�M�M�#���M�4�
�X�X��I�I�M�M�#��0�1��N�N�C�5�!��i�i���C�K�K�s�~�~�l�^��\���	�	�#�)�)�"?�"?��c�RS�f�Ua�Nb�cd�Ne�"f�g��
r9c
���|j�r9td|jz�|jd|j|jt|jt
jjz�|jd�}|jt
jjk\r'tt
jj�|d<n|jrg|d<|jr|j|d<n|jrg|d<|jr|j|d<n|jrg|d<|jr|j|d<n|jrg|d<|rt!|�|d<|jr�|j"|jk7r0|j$j'|j"|j�|j$j)t*j,j/|j$|t*j0��n$d	}|�d
g}|j$j3||��|j4r|j7�|j8r�td|j8z�|j8dtt
jj:t
jj<zt
jj>z�|jd
�}|jr|j|d<|j$j3|�|j@rd	|_!y	|jD�r�|jG�dt+jH|jJ�z}|j$jMt*jNg|j$jQ�|��|jJf}dt+jH|jR�z}|j$jMt*jNg|j$jQ�|��|jRf}||fD]�\}}||jTvr�tW|�dk(s�$t+j,�}	|djX|	_,d}
|jZrd}
t+j\|jDt*j^|
�|	|
<|j$j)|	���|j`�Otd|j`z�|j`ddd|jbd�}|j$j3|�|j�r�td|jz�t+j,�}	t+jd|j$|j�|	_,tgtW|jh��D]A}|jh|jkdt|jB��|jh|<�Ct+j\|jht*j0d�|	d<|j$j)|	�td|jz�	|j$jmdt+jH|j�z|jnd|j��|j$jM|jt*j|d!d"g�#�}d!|dvrt|dd!d�|_@nd	|_@t�t�j�|ddd�|_Dtd$�t+j,�}	t+jd|j$|j�|	_,t+j\t|j�t*j0d%�|	d%<|j$j)|	�|j�j�d&��rtj�d'd(�|_H|j$j�t�t�d)�|j�|j�|j�t�|j�j�d*��j�d+�|jd,���}|D]�\}}|t*j�k(sJ�|d-}td.|d-z�|d/=|d0=tt
jj�t
jjz�|d%<	|j$j3|���td1|j�z�	|j$jmd2t+jH|j��z|j�d|j��|j$jMt*j|d!g�#�}d!|dvrt|dd!d�|_Uy	d	|_Uy	y	#t*jp$rj}|jr\}
}|
t*jtk7r�|jvjy|j|jz|jn� �Yd	}~���d	}~wwxYw#t*jp$r.}|jr\}
}|
t*j�k7r�Yd	}~��d	}~wwxYw#t*jp$rm}|jr\}
}|
t*jtk7r�|jvjyd3|j�z|jz|j�� �Yd	}~���d	}~wwxYw)4z+add the various objects needed for the joinr*�computer)r��objectClass�displayname�samaccountnamer�r�zmsDS-SupportedEncryptionTypesr�zmsDS-NeverRevealGroupzmsDS-RevealOnDemandGroup�	objectSidNr�r�rg)r�r-r�r�serverReferencerTrUrrzmsDS-NC-Replica-LocationszmsDS-NC-RO-Replica-Locations�nTDSConnectionr,�65)r�r-�enabledconnectionr��
fromServerzAdding SPNs to %sz	$NTDSGUID�servicePrincipalNamezSetting account password for %sz((&(objectClass=user)(sAMAccountName=%s))F)�force_change_at_next_login�username)�account_namer��newpasswordzmsDS-KeyVersionNumberr�r�zEnabling accountr��BIND9_��zprovision_dns_add_samba.ldif�	utf-16-ler])�	DNSDOMAIN�DOMAINDN�HOSTNAME�DNSPASS_B64�DNSNAMEr�z#Adding DNS account %s with dns/ SPN�clearTextPassword�isCriticalSystemObjectz#Setting account password for dns-%sz,(&(objectClass=user)(samAccountName=dns-%s))r�)Vr�r�r�rrr�r�r.r5r�r��DS_DOMAIN_FUNCTION_2008�
ENC_ALL_TYPESr_r�r�r�r
r`rir=r<rnr8�	from_dictr;r6r�r@r��SYSTEM_FLAG_CONFIG_ALLOW_RENAME�%SYSTEM_FLAG_CONFIG_ALLOW_LIMITED_MOVEr�r�r�r�r�r�r�rmr�r�r�rar�r�r�r:�FLAG_MOD_ADDr�r�r9�ranger��replace�setpasswordr�rprq�ERR_UNWILLING_TO_PERFORMrf�set_passwordr�ror�key_version_numberrrr{�new_dc_account_sidr��
startswith�generate_random_password�dnspass�
parse_ldifr"rr�rtr�r$rc�decode�CHANGETYPE_NONEr4�ERR_ENTRY_ALREADY_EXISTS�dns_key_version_number)r��
specified_sidr>r�r�r��forest�part�zoner?�attr�i�e2�num�_r�r{�
changetyper6�dns_acct_dnr��e3s                      r8�join_add_objectszDCJoinContext.join_add_objects\se	���;�;��+����+�,��k�k�)�"�{�{�"%�+�+�&)�#�*@�*@�5�:�:�C_�C_�*_�&`�"���
0�C��#�#�u�z�z�'I�'I�I�7:�5�:�:�;S�;S�7T��3�4��%�%�79��3�4��}�}�#&�=�=��K� ��%�%�#%��K� ��#�#�/2�/C�/C��+�,��%�%�/1��+�,��~�~�25�.�.��.�/��%�%�24��.�/��#+�M�#:��K� ��#�#��&�&�#�+�+�5��I�I�$�$�S�%8�%8�#�+�+�F��	�	� � ����!6�!6�s�y�y�#�s�G[�G[�!\�]��� �,� )�{�H��	�	�
�
�c�H�
�5��=�=��"�"�$��=�=��+��
�
�-�.��m�m�'�"�5�:�:�#M�#M�#(�:�:�#S�#S�$T�#(�:�:�#Q�#Q�$R� S� #���0�C��{�{�),����%�&��I�I�M�M�#���=�=� �C�M���;�;�� � �"�:�C�<M�<M�c�N`�N`�<a�a�D��i�i�&�&�S�-?�-?�-/�,/�I�I�,G�,G�,I�26�'�8�:=�9K�9K�M�F�
:�C�<M�<M�c�N`�N`�<a�a�D��i�i�&�&�S�-?�-?�-/�,/�I�I�,G�,G�,I�26�'�8�:=�9K�9K�M�F�
 &�v�.�

(�
��d��s�{�{�*���t�9��>����
�A���7�:�:�A�D�6�D��x�x�=��!�0�0����14�1A�1A�4�I�A�d�G��I�I�$�$�Q�'�

(����(��+�� 1� 1�1�2��'�'�/�%+��!�n�n�.�C�
�I�I�M�M�#���;�;��%����3�4����
�A��6�6�#�)�)�S�[�[�1�A�D��3�s�x�x�=�)�
S��!�h�h�q�k�1�1�+�s�3�=�=�?Q�R������
S�(+�(:�(:�3�8�8�;>�;O�;O�;Q�)S�A�$�%�
�I�I���Q��
�3�c�k�k�A�B�
@��	�	�%�%�&P�(+�(9�(9�#�+�+�(F�'G�&)�m�m�AF�/2�{�{�	&�<��)�)�"�"����3�>�>�*A�*5�*7�#�8�C�'�#�a�&�0�),�S��V�4K�-L�Q�-O�)P��&�)-��&�%/��0@�0@�03�A��{�0C�A�0F�&H�C�"�
�$�%����
�A��6�6�#�)�)�S�[�[�1�A�D�&)�&8�&8��S�=S�=S�9T�9<�9M�9M�9M�'O�A�"�#�
�I�I���Q���?�?�%�%�h�/��8�8��c�B�C�K��9�9�'�'�(9�*�Ec�:d�HK�
�
�GJ�{�{�GJ�z�z�JS�TW�T_�T_�Tf�Tf�gr�Ts�Jt�J{�J{�}C�KD�FI�o�o�	;W�)X�Y�D�$(�
��
�C�!�S�%8�%8�8�8�8�!�$�i���;�c�$�i�G�H��+�,��0�1�,/��
�
�0L�0L�05�
�
�0L�0L�1M�-N��(�)���I�I�M�M�#�&�
�0
�7�#�*�*�D�E�
>��	�	�%�%�&T�(+�(9�(9�#�*�*�(E�'F�&)�k�k�AF�/2�{�{�	&�<��)�)�"�"��3�>�>�*A�)B�#�D�C�&�#�a�&�0�-0��Q��8O�1P�QR�1S�-T��*�-1��*�k0��7�<�<�
@��7�7���a��#�6�6�6�����$�$�#�+�+�14���14���%�@�@��	
@��d�|�|�� �v�v�H�S�!��c�:�:�:��;����"�<�<�
>��7�7���a��#�6�6�6�����$�$�(�S�Z�Z�2G�14���14���%�>�>��	
>�sL�Ah�>j�4Ak"�j�1Aj�j�k�1#k�k�"m"�5A"m�m"c��td|jz�dt|j��dtj
��i}t
j|j|��}|jdd|jz|j|j|j|jttjj tjj"z�|d�	}|j$tjj&k\rt|j$�|d<|j)�}|j+||g�}t-|�d	k7rt/d
��|dj0|_td�|j4j7|jt9j:d
�|j2t<j>t<j@��td�|j4j7|jBt9j:d
�|j2t<j>t<j@��y)zLadd the various objects needed for the join, for subdomains post replicationr*�SubdomainAdmins�-)�name_map�crossRefzCN=Cross-Ref,%s)	r�r-r��nCNamer�dnsRoot�trustParentr��ntSecurityDescriptorrr^z"Expected 2 objects from DsAddEntryrzReplicating partition DN�$00000000-0000-0000-0000-000000000000)�exopr�zReplicating NTDS DNN)"r�r�rrr}r�DOMAIN_RID_ADMINSr�+get_paritions_crossref_subdomain_descriptorr~rxrtr�r��parent_partition_dnr�r.�SYSTEM_FLAG_CR_NTDS_NCr r�rr�rqr�r1�guidr��repl�	replicaterr�r
�DRSUAPI_EXOP_REPL_OBJ�DRSUAPI_DRS_WRIT_REPr�)r�r��	sd_binaryr>�rec2rzs      r8�join_add_objects2zDCJoinContext.join_add_objects23s���	�k�C�,�,�,�-�%�#�c�j�j�/�8�C]�C]�'^�_���J�J�3�=�=�ck�l�	��"�"�%�/�#�-�-�?��k�k��?�?��}�}��2�2��u�z�z�@�@�%�*�*�Bg�Bg�g�h�$-�

�����5�:�:�#E�#E�E�+.�s�/C�/C�+D�C�'�(��#�#�%���.�.�#�t��-���w�<�1��!�"F�G�G���
����
�
�(�)������3�+�+��9�9�%K�L��=�=� '� =� =�)0�)E�)E�		�	G�	�#�$������3�;�;��9�9�%K�L��=�=� '� =� =�)0�)E�)E�		�	Gr9c�|�td�|jj}t|jt�fid|�d|j�dt�d|j�d|j�d|j�d|j�d	|j�d
|j�d|j�d|j�d
|j �d|j"�dd�d|j$�d|j�d|j&�d|j(�d|j*�d|j,�d|j.�d|j0�dd��}td|j2z�|j4|_|j|_|j8|_|j:|_|j<|j:_y)�Provision the local SAM.zCalling bare provision�smbconfrZ�
samdb_fillr��rootdn�domaindnrL�configdn�serverdnr��hostname�	domainsidr��
serverrole�"active directory domain controller�sitenamerC�ntdsguidr[r�r\r]r^�
batch_modeTzProvision OK for domain DN %sN)r�rC�
configfilerrXrrZrr�rvrtrxrzr�r�r�r}r�rYr�r[r�r\r]r^r�ri�local_samdb�paths�namesr~)r�r��presults   r8�join_provisionzDCJoinContext.join_provision^s���	�&�'��&�&�#�#���C�J�J��(8�-�'�-�&)�m�m�-�@H�-�PS�PY�PY�-�#&�;�;�-�9<���-�&)�]�]�-�>A�]�]�-�&)�]�]�	-�<?�?�?�	-�
&)�Z�Z�-�
<?�:�:�-�),�
�
�
-�Cg�
-�&)�X�X�-�36�&�&�-�DG�=�=�-�'*�m�m�-�BE���-�/2�.C�.C�-�+.�*;�*;�-�03�/E�/E�-�(,�-��	�-��0@�0@�@�A�!�-�-���!�*�*���!�-�-��	�!�-�-��	�"�m�m��	�	�r9c�P�td�t|jjdgt	�|jj
d��|_|jjt|j��|j|_|jjd�|jj|jtjdgddg�	�}d
|dvr/t!d|j�d
|jj����	tt#j$tj&|j|dddj)d��j+d���|j,_|jjd|j,j.z�|jjd�t3|j4j6t	�|j
��}t9|j||j|j,|j4|j:|j<t>|j@d|j
|j,jB|j,jD|jF|jH��|j:tJjLjNk\r�|j:}d}t
jQd��#t
jSdd�td�d}tjU�	ddl+m,}||jd��}|j[|tJjLj\d��tj_�|rt
jSdd�td |j,jdz�y#t0$rt!d|dddz��wxYw#t`$r'}tjc�t!d|z��d}~wwxYw)!r�zReconnecting to local samdbz#transaction_index_cache_size:200000F)rFr�rGrCrNzFinding domain GUID from ncName�ncNamezextended_dn:1:1zreveal_internals:0)rSrJrKr�r�rz*Can't find naming context on partition DN z in r]r�z3Can't find GUID in naming master on partition DN %szGot domain GUID %szCalling own domain provision�rGrCr�)
�dom_for_fun_levelrZr�r�r�rC�hostip�hostip6r�r�zdsdb:schema update allowedN�yesz;Temporarily overriding 'dsdb:schema update allowed' settingT)�DomainUpdate)�fix)�update_revisionzDomainUpdate() failed: %s�nozProvision OK for domain %s)3r�rrrFrrCri�set_invocation_idrrr�rXrkrmr�rnror1rr�r9r��get_extended_componentr�
domainguid�KeyErrorrr�secretsrr�rZrr�r
rr�r�r�r.�DS_DOMAIN_FUNCTION_2012r��set�transaction_start�samba.domain_updater
�check_updates_functional_levelr��transaction_commitr��transaction_cancelr�)r�r��secrets_ldb�adprep_level�updates_allowed_overriddenr
r�r�s        r8�join_provision_own_domainz'DCJoinContext.join_provision_own_domain{sP��	�+�,��c�o�o�1�1�B�"D�'5�'7� �_�_�/�/�(-�/��	�	�	�	�#�#�C��(9�(9�$:�;��)�)����
�
���9�:��o�o�$�$�#�*:�*:�#�.�.�Ya�Xb�/@�BV�.W�%�Y���3�q�6�!�!�Z]�Zj�Zj�lo�lu�lu�ly�ly�"z�{�{�	o�#&�t�y�y�����	�	�3�q�6�(�CS�TU�CV�C]�C]�^d�Ce�1f�1}�1}�E�2F�(G�$H�C�I�I� �	�
�
���,�s�y�y�/C�/C�C�D��
�
���6�7��#�)�)�+�+�.�:J�s�v�v�V���s�����z�z�3�9�9�c�i�i�),�)=�)=�!$���>�#&�=�=�=a��&�&����)9�)9�3�9�9�CT�CT�#&�?�?�c�m�m�
	M����5�:�:�#E�#E�E��/�/�L�).�&��v�v�2�3�;����3�U�;��S�T�-1�*��#�#�%�
G�<�%�c�o�o�4�@���5�5�l�6;�j�j�6X�6X�FJ�6�L��(�(�*�
*����3�T�:�
�*�S�Y�Y�-@�-@�@�A��W�	o�!�"W�Z]�^_�Z`�ai�Zj�kl�Zm�"m�n�n�	o��H�
G��(�(�*�%�&A�A�&E�F�F��
G�s&�A2O�<AO5�!O2�5	P%�>"P � P%c��tjd|j�d|�d�|j||j|j
�S�z2Creates a new DRS object for managing replicationsr�r�r�)r�
drs_ReplicatergrCrr�)r��
repl_credsr�s   r8�create_replicatorzDCJoinContext.create_replicator�s:���&�&�),���_�E����
�C�O�O�S�5F�5F�H�	Hr9c��|jjd�|jj�	t	j
|jj��}|j�/td�t	j
tj�}n|j}|jrqt�}|j|j�|j!t"�|j%|j&�|j)|j*�n|j,}d}|jj/�dk\r|dz
}|j1||�}|j3|j4||d|j|j6��|j3|j8|||j|j6�	�|j:s�td
�	|j3|j<|||j|j>tj@z�	�|j>tj@zs5	|j3|j<|||j|j>�	�td�|jL|jNfD]R}||jPvs�tdtS|�z�|j3||||j|j6�	��T|jr]|j3|jT||tjVd��|j3|jX||tjVd��n:|jZ�.	|j3|jZ||tj\��||_3||_4||_5|jjd�|j>tj@zs*|jjmtnjpd�|jjs�|jjmtnjpd�|jjd�|jw�y#tB$rH}|jDdtFjHk(r|jjKd�n�Yd}~���d}~wwxYw#tB$r^}|jDdtFjHk(r8|j>tj@zr|jjKd
��d}~wwxYw#t^j`$rR}|jD\}	}
|	tjbk(r$td|jdz�td�n�Yd}~��d}~wwxYw#|jju��xYw)zReplicate the SAM.zStarting replicationNzUsing DS_BIND_GUID_W2K3rBrCrDT)�schema�rodcr�)r(r�z;Replicating critical objects from the base DN of the domainrz�First pass of replication with DRSUAPI_DRS_CRITICAL_ONLY not possible due to a missing parent object.  This is typical of a Samba 4.5 or earlier server. We will replicate all the objects instead.z�Replication with DRSUAPI_DRS_CRITICAL_ONLY failed due to a missing parent object.  This may be a Samba 4.5 or earlier server and is not compatible with --critical-onlyz5Done with always replicated NC (base, config, schema)zReplicating %s)r�r()r�zdWARNING: Unable to replicate own RID Set, as server %s (the server we joined) is not the RID Master.zxNOTE: This is normal and expected, Samba will be able to create users after it contacts the RID Master at first startup.z1Committing SAM database - this may take some timerzCommitted SAM database)<rXrkrrrr�ri�get_invocation_idr�r�r
�DRSUAPI_DS_BIND_GUID_W2K3r�rr�rCr�r�set_usernamer�r�r�rBrEr%r�rxr�rzr�rt�domain_replica_flags�DRSUAPI_DRS_CRITICAL_ONLYr%rqr#�WERR_DS_DRA_MISSING_PARENT�warningr�r�rarrr��DRSUAPI_EXOP_REPL_SECRETr�r��DRSUAPI_EXOP_FSMO_RID_ALLOCr��DsExtendedError�DRSUAPI_EXOP_ERR_FSMO_NOT_OWNERrgr��source_dsa_invocation_id�destination_dsa_guid�set_opaque_integerr.�0DSDB_FULL_JOIN_REPLICATION_COMPLETED_OPAQUE_NAMErr�refresh_ldb_connection)r�r4r5r$r�r�r�r��e1r�r�s           r8�join_replicatezDCJoinContext.join_replicate�s���	�
�
���.�/�
	���)�)�+�F	6�'+�y�y����1L�1L�1N�'O�$��}�}�$��/�0�'+�y�y��1R�1R�'S�$�'*�}�}�$��x�x�(�]�
�� � ����(��-�-�.?�@��'�'����4��'�'��
�
�6� �Y�Y�
�$�O��v�v���!�Q�&��8�+���(�(��_�E�D��N�N�3�=�=�*B�/��3�8�8�),�):�):�
�
<�
�N�N�3�=�=�*B�/�c�h�h�),�):�):�
�
<��=�=��S�T���N�N�3�;�;�0H�#7�c�h�h�14�1I�1I�G�Lm�Lm�1m�#�o�0�/�/�'�2S�2S�S�����s�{�{�4L�';�#�(�(�58�5M�5M�'�O�
�I�J�
�)�)�3�+=�+=�>�
D������$��*�c�"�g�6�7��N�N�2�'?�#7�c�h�h�14�1B�1B�#�D�
D��x�x����s�{�{�,D�3�$+�$D�$D�4��Q����s�0�0�2J�3�$+�$D�$D�4��Q��#�#�/�
��N�N�3�#5�#5�7O�#7�(/�(K�(K�#�M��C�H�+C�C�(�';�C�$��J�J�O�O�O�P��+�+�g�.O�.O�O����2�2�4�3h�3h�34�6��O�O�.�.�0��O�O�.�.�t�/d�/d�/0�
2��J�J�O�O�4�5�	�"�"�$��C#�
��v�v�a�y�F�$E�$E�E��
�
�*�*�,X�Y��Y��
��4'���6�6�!�9��(I�(I�I��3�3�g�6W�6W�W��J�J�.�.�0\�]�����F�,�,��#%�7�7�L�T�4��w�F�F�F��E�HK�HR�HR�R�S��Y�Z��Z��	��	��O�O�.�.�0��s��F3V*�+AR�0V*�4S�4V*�7B8V*�0-U�0V*�	S�
=S�
V*�S�V*�	T?�!AT:�:T?�?V*�V'�AV"�V*�"V'�'V*�*Wc��	|jjtjg��y#tj$r�}|j
\}}|tjk(rad|vsd|vrY|jjd�td|jzt�|j|j��|_nt|��Yd}~yd}~wwxYw)NrI�!NT_STATUS_CONNECTION_DISCONNECTED�NT_STATUS_CONNECTION_RESETz)LDB connection disconnected. ReconnectingrDrE)rirmrnrorprq�ERR_OPERATIONS_ERRORrXr/rrgrrBrCr1)r�r�r�r�s    r8r8z$DCJoinContext.refresh_ldb_connection^s���	,��I�I���3�>�>���<���|�|�	,��6�6�L�T�4���0�0�0�4��<�-��5��
�
�"�"�#N�O�!�k�C�J�J�&>�/=�/?�.1�i�i�C�F�F�D��	�&�d�+�+�	��	,�s�+.�C�BC�Cc���tj�}tj�|_t	|�|j_t
jd�|j_tjd�|j_|j|_
t	|j��d|j��|_tj tj"z|_|j&s#|xj$tj(zc_|j�|j+�|jj-|j.d|�y)Nr�zS-0-0z._msdcs.r)r
�DsReplicaUpdateRefsRequest1r`�naming_contextrrr�rr�r�rr{r�r��
dest_dsa_guidr��dest_dsa_dns_name�DRSUAPI_DRS_ADD_REF�DRSUAPI_DRS_DEL_REFr�r�r�rJ�DsReplicaUpdateRefsrG)r�r�r�s   r8�send_DsReplicaUpdateRefsz&DCJoinContext.send_DsReplicaUpdateRefsps����/�/�1��"�<�<�>���!�"�g����� $�	�	�*P� Q�����'�/�/��8������-�-���03�C�M�M�0B�C�M�M�R����/�/�'�2M�2M�M��	��x�x�
�I�I��5�5�5�I��;�;�����!����'�'��(:�(:�A�q�Ar9c�
�tj}tjtjz}|j}d|j
z}|j}t|j�}|�d|��}tj|j|j�}|jjdt|�||fz�d}	tjd|j �d|	�d�|j|j"�}
d}t%j&|j(�}t+j,�}
|j.|
_t+j2d	t|j4�t*j6fz�|
_	|
j;|d
|j ||dt<j>|dd�
\}}|r�jHD]�}|jJD]z}|jLt<jNk(s|jLt<jPk(s�>tjR�}||_$	|
jU|d
|j ||d|��|��|D]�}|jWd
�dk7r0|jjd|�d|�d|���tY|�}n/|jjd|�d|�d|���t[|�}tjR�}||_$|
jU|d
|j |||d���t|�d
kD�r�t]j^|j(|j`�}|j(jc|�d|��|��\|_2}|jg|jd|
dt*jht*jjzzg��|jjd|�d|�d|���tjR�}tm|�}||_$|
jU|d
|j |||d�t]j^|j(|jn�}|j(jc|�d|��|��\|_8}|jg|jp|
dt*jht*jjzzg��|jjd�y#t@$r-}|jBd
tDjFk(rd}Yd}~��Cd}~wwxYw#t@$r-}|jBd
tDjFk(rn�Yd}~��_d}~wwxYw)a�Remotely Add a DNS record to the target DC.  We assume that if we
           replicate DNS that the server holds the DNS roles and can accept
           updates.

           This avoids issues getting replication going after the DC
           first starts as the rest of the domain does not have to
           wait for samba_dnsupdate to run successfully.

           Specifically, we add the records implied by the DsReplicaUpdateRefs
           call above.

           We do not just run samba_dnsupdate as we want to strictly
           operate against the DC we just joined:
            - We do not want to query another DNS server
            - We do not want to obtain a Kerberos ticket
              (as the KDC we select may not be the DC we just joined,
              and so may not be in sync with the password we just set)
            - We do not wish to set the _ldap records until we have started
            - We do not wish to use NTLM (the --use-samba-tool mode forces
              NTLM)

        z	_msdcs.%srOz&Adding %d remote DNS records for %s.%sr�r�r�r�Tz%s-%drNF�:���zAdding DNS AAAA record z for IPv6 IP: zAdding DNS A record z for IPv4 IP: )�
dns_partitionz
sd_flags:1:%dr�zAdding DNS CNAME record z for z_All other DNS records (like _ldap SRV records) will be created samba_dnsupdate on first startup)9r�DNS_CLIENT_VERSION_LONGHORN�DNS_RPC_VIEW_AUTHORITY_DATA�DNS_RPC_VIEW_NO_CHILDRENr�r�r�rrr�r��
interface_ipsrCr�rXrkr�rgrBr'�SDUtilsrirrr��	owner_sidr{r}�DOMAIN_RID_DCS�	group_sid�DnssrvEnumRecords2r�DNS_TYPE_ALLr%rqr#�"WERR_DNS_ERROR_NAME_DOES_NOT_EXISTr>�records�wType�
DNS_TYPE_A�
DNS_TYPE_AAAA�DNS_RPC_RECORD_BUF�DnssrvUpdateRecord2�findr)r(rnr9r��
dns_lookupr��modify_sd_on_dn�
SECINFO_OWNER�
SECINFO_GROUPr*r�r�)r��client_version�select_flagsr��
msdcs_zoner��msdcs_cname�cname_target�IPsr��dns_conn�
name_found�	sd_helper�change_owner_sd�buflenr�r�r>�record�del_rec_buf�IP�add_rec_buf�domaindns_zone_dn�ldap_record�forestdns_zone_dns                         r8�join_add_dns_recordsz"DCJoinContext.join_add_dns_records�s���0#�>�>�� �<�<��.�.�/���}�}�� �3�=�=�0�
��z�z���#�-�-�(��"&��-���!�!�#�&�&�#�*;�*;�<���
�
���@��S��4��.�/�	0�!���&�&��
�
�O�'\�'*�v�v�s�y�y�:���
��$�$�S�Y�Y�/�	�"�-�-�/��$'�$:�$:��!�$,�$4�$4�W�69�#�*�*�o�6>�6M�6M�6O�6O�%P��!�
	#��-�-�n�./�.1�j�j�.2�.2�.2�.2�.?�.?�.:�.2�.2�	4�
�V�S���w�w�
&��!�k�k�&�F��|�|�t���6��|�|�t�'9�'9�9�&/�&B�&B�&D��*0���&�$�8�8��9:�9<���9=�9=�9=�9D�
F�&�
&�*�	/�B��w�w�s�|�r�!��
�
���#'��r�!3�4� ��n���
�
���#'��r�!3�4��b�k��$�6�6�8�K�!�K�O��(�(��)*�),���)-�)-�)4�)-�

/�	/�*
��H�q�L� #���s�y�y�#�2D�2D� E���)�)�&�&�$��'=�5F�'�H�
(�S�\�;�

�%�%�c�l�l�O�0?�3;�3I�3I�5=�5K�5K�4L�1M�0N�
&�
O�
�J�J�O�O�*�J��F�
G�$�6�6�8�K��l�+�C�!�K�O��(�(��)*�),���)3�)4�)4�)-�

/�!$���s�y�y�#�2D�2D� E���)�)�&�&�+�z�'J�5F�'�H�
,�S�
�{�

�%�%�c�&6�&6��0?�3;�3I�3I�5=�5K�5K�4L�1M�0N�
&�
O�
	�
�
���K�	L��k�	#��v�v�a�y�F�E�E�E�"�
���	#��( +�&� �v�v�a�y�F�,U�,U�U� $� %�!%��&�s0�5S�:!T�	T�"T�T�	U�"T?�?Uc	�<�|j|jfD]�}||jvs�|jj	dt|�z�|jj||j|j|j|jd����y)Nz!Replicating new DNS records in %sF)r(r��	full_sync)r�r�rarXrkrrr�r�r4r�r�r�)r�r�s  r8�join_replicate_new_dns_recordsz,DCJoinContext.join_replicate_new_dns_recordss����%�%�s�'9�'9�:�	4�B��S�[�[� ��
�
��� C�s�2�w� O�P����"�"�2�s�'C�'C�#&�=�=�s�x�x�14�1B�1B�-2�#�4�	4r9c
�6�|jjd�|jD]}|j|��|j�r"td�|jjt|j��|jjd|j�tj�}tj|jd|jz�|_tj"t%|j�tj&d�|d<|jj)|�|jj+|j dd�|jjd�tj�}tj|jd�|_tj"d	tj&d
�|d
<|j,}tj"dt|�ztj&d�|d<|jj)|�|j.ry
t1|j2j4t7�|j8��}|jjd�t;||j<|j>|j@|jB|jD|jF|jH|jJ��	|jLjOd�r{tQ|j||jR|j2|j8|j|jL|jT|j|jV|jX��y
y
)z=Finalise the join, mark us synchronised and setup secrets db.z=Sending DsReplicaUpdateRefs for all the replicated partitionszSetting RODC invocationId�domainFunctionalityz%sr�r�(Setting isSynchronized and dsServiceName�@ROOTDSEr,�isSynchronized�	<GUID=%s>�
dsServiceNameNrzSetting up secrets database)r�r�r��netbiosnamer�r��secure_channel_typer�r�)r�r��os_levelrZr�)-rXrkrarGr�r�rrrrr�r6r�rnr8r9r�r�r:r
r;r<�"set_attribute_replmetadata_versionr�r�rrrrrCrr�r�r�r�r}r�r�r�r�r�r!rr�rZr�)r�r�r?r�rs     r8�
join_finalisezDCJoinContext.join_finalise#s���	�
�
���W�X��+�+�	-�B��(�(��,�	-��8�8��-�.��O�O�-�-�c�#�2C�2C�.D�E��O�O�.�.�/D�/2�/C�/C�
E����
�A��6�6�#�/�/�4�#�+�+�+=�>�A�D� #� 2� 2�8�C�<M�<M�3N�36�3G�3G�3A�!C�A�n��
�O�O�"�"�1�%�
�O�O�>�>�q�t�t�?M�?@�
B�	�
�
���B�C��K�K�M���v�v�c�o�o�z�2���!�0�0���9M�9M�O_�`��
���}�}�� �/�/��c�$�i�0G�03�0D�0D�o�W��/�������q�!��=�=���#�)�)�+�+�.�:J�s�v�v�V���
�
���5�6��K����"%�)�)�&)�m�m�(+�
�
�&)�j�j�(+�
�
�03�0G�0G�/2�/E�/E�	G��?�?�%�%�h�/��C�O�O�[��I�I�s�y�y�#�&�&�#�*�*�(+���$'�K�K�#�:N�:N�&)�m�m�/2�/I�/I�
K�0r9c�P
�td|jz�d}tjd|j�d|�d�|j|j
�}tj�}tj�|_|jdjd�|tj�}tj�}|j|j_|j|j"_|j$|_tj(tj*z|_tj.|_tj2|_	tj6�}|j|_|j9||tj:�}td|j�d|j<j&�d	��|j?||j<j&�tC|jDjGd
��}tIjJ�}	tM|�|	_'||	_(tIjR�}
tUjVtYt[jZ���|
_.tj^|
_0|	|
_1tIjd�}d|_3|
g|_4tIjj�}d|_3||_6tIjn�}
dgd
z}tqd
�D]}tsjtdd�||<�||
_;||
_<||
_=t}|
�}t|j�|�}tj��}tM|�|_'tC|�|_Btj��}||_D|j�|||tj��}d|j��d|j���dt�|j0�t�|j4�t�|j,�|j�|j�t}|�t}|�t}|j��d�
}|j�j�|�d|j��d|j���dt�tTj�j��|jDjGd
�d|j�zd�}|j�j�|�y#t@$rY��(wxYw)zprovision the local SAM.z"Setup domain trusts with server %sr�z	ncacn_np:r�r�zutf-8zRemoving old trust record for � (SID �)r�rr_irr�zcn=z,cn=system,�
trustedDomain)
r�r-�	trustType�trustAttributes�trustDirection�flatname�trustPartner�trustAuthIncoming�trustAuthOutgoing�securityIdentifierz$,cn=users,r+rM)r�r-r�r�r2N)Pr�rgrr�rCrBr�r�r�r�r�rr��TrustDomainInfoInfoExr�r�r�r�r}r��LSA_TRUST_DIRECTION_INBOUND�LSA_TRUST_DIRECTION_OUTBOUND�trust_direction�LSA_TRUST_TYPE_UPLEVEL�
trust_type�!LSA_TRUST_ATTRIBUTE_WITHIN_FOREST�trust_attributesr�r�r�r�r�rtr	�
trustdom_passrcr�
AuthInfoClearr��size�password�AuthenticationInformationr��unix2nttimer�time�LastUpdateTime�TRUST_AUTH_TYPE_CLEAR�AuthType�AuthInfo�AuthenticationInformationArray�count�array�trustAuthInOutBlob�current�trustDomainPasswordsr��random�randint�
confounder�outgoing�incomingr
r�session_key�	DATA_BUF2�data�TrustDomainInfoAuthInfoInternal�	auth_blob�CreateTrustedDomainEx2�SEC_STD_DELETEr�rtrrr�r~rr6r.�UF_INTERDOMAIN_TRUST_ACCOUNT)r�r�r�r�r�rk�oldname�oldinfo�
password_blob�clear_value� clear_authentication_information� authentication_information_arrayr��	trustpassr�r��trustpass_blob�encrypted_trustpassr��	auth_info�trustdom_handler>s                      r8�join_setup_trustszDCJoinContext.join_setup_trustsks��	�2�S�Z�Z�?�@����*�*�#�*�*�o�N� �V�V�S�Y�Y�0���(�(�*�
� �[�[�]�
���(�(����7�);�)3�X�5V�5V�X�
��(�(�*��"%�-�-�����#&�?�?���� ��:�:���"�>�>��Aa�Aa�a����4�4��� #� E� E���	��j�j�l�G� �]�]�G�N��:�:�:�w�;>�;`�;`�b�G�����PW�P_�P_�Pc�Pc�d�e��'�'�
�G�O�O�4G�4G�H�-�S�->�->�-E�-E�k�-R�S�
��,�,�.���}�-���,���+3�+M�+M�+O�(�:?�:K�:K�C�PT�PY�PY�P[�L\�:]�(�7�47�4M�4M�(�1�4?�(�1�+3�+R�+R�+T�(�12�(�.�2R�1S�(�.��.�.�0�����;����1�1�3�	��S�3�Y�
��s��	3�A�"�N�N�1�c�2�J�q�M�	3� *�	��%�	��%�	��!�)�,��-�g�.A�.A�>�R���M�M�O�	��0�1�	��-�.A�B�	���7�7�9�	�'�	��!�8�8��9=�9B�9A�9P�9P�R��+.�-�-����E�*��T�_�_�-�"�4�#8�#8�9�!�$�"6�"6�7��.�.��M�M�!)�(�!3�!)�(�!3�"*�3�=�=�"9�
��	�����C� �+.�*@�*@�#�+�+�N�!�"%�e�j�j�&M�&M�"N�!$�!2�!2�!9�!9�+�!F�#�c�&<�&<�<�
��	�����C� ��M�	��	�s� BT�	T%�$T%c��|j|jg|_|j|j|jg|_|j
r0|jdk7r!|xj|jgz
c_y|j
s�|xj|jgz
c_|jdk7r�|xj|jgz
c_|xj|jgz
c_|xj|jgz
c_|xj|jgz
c_yyy)NrW)	rzrxrartrbr�r�r�r�rRs r8�build_nc_listszDCJoinContext.build_nc_lists�s����}�}�c�m�m�4����K�K�����
�
�F����=�=�S�_�_��6�����!3�!3� 4�4������K�K�C�K�K�=�(�K����&�(����� 2� 2�3�3������ 2� 2�3�3��� � �S�%7�%7�$8�8� �� � �S�%7�%7�$8�8� �	)�r9c�Z�|j�|jr|j�n|j�	|j	�|j�|j
�|jr0|j�|j�|j�|jdk7r |j�|j�|j�y#	td�n#t $rYnwxYw|j#�|j��xYw)NrWzJoin failed - cleaning up)r�r_rr�r�rr:r�r�r r�r�rtrwr�r��IOErrorr8rRs r8�do_joinzDCJoinContext.do_join�s����������� � �"�� � �"�	�� � �"���� ���� ��}�}��%�%�'��-�-�/��%�%�'����&�(��(�(�*��2�2�4������
	�
��1�2���
��
��

�&�&�(�� � �"��s0�B+C+�+D*�.C:�9D*�:	D�D*�D�$D*)NNNNNNNNNFNFFNNN)F�N)'r:r;r<�__doc__r4r�r�r�rrlrjr�r�rr�r!r%r�r@rJrSr[rqr�r�r�r�rr r%r:r8rGrtrwr�r�r�r��r9r8r@r@>s����JN�;?�@D�;@�#�$(�$(�
U"�n�3S�j-.�^(�&*��6�-�-�-��N�	�;�:`�1��A�F.�`
h�U2�n)G�V,�:FB�PH�S%�j,�$B�"WL�r4�FK�Pc!�J9�* r9r@c��t|||||||||	|
|||
||��}|jd|j�|jd|jz�|jd|j�|jd|jz�d|j
�d|j��|_d|j�d	tj�d
�dtjzdtjzdtjzdtjzg|_d|j�d	tj �d
�|_|j%�}d|z}||_t(j*j,t(j*j.zt(j*j0z|_|j4j7d|j
zd|j8zg�d
|j:z|_t>j@|_!d|_"|xjFtHjJtHjLzzc_#|jF|_'|r#|xjNtHjPzc_'|jS�|jd|j�d|j�d��y)zJoin as a RODC.�r]r^�	workgroup�workgroup is %sr��realm is %sz
CN=krbtgt_r3z<SID=r��>z<SID=%s>zRestrictedKrbHost/%szCN=RODC Connection (FRS),%sT�Joined domain r�z) as an RODCN)*r@rr�rkr�r�rtr�r}r�DOMAIN_RID_RODC_DENY�SID_BUILTIN_ADMINISTRATORS�SID_BUILTIN_SERVER_OPERATORS�SID_BUILTIN_BACKUP_OPERATORS�SID_BUILTIN_ACCOUNT_OPERATORSr��DOMAIN_RID_RODC_ALLOWr�r%r�r�r.r�)UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION�UF_PARTIAL_SECRETS_ACCOUNTr�r��extendr�r�r�r�
SEC_CHAN_RODCr�r�r�r
�%DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING�$DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIPr,r-r�)rXrgrBrCrYr�rZr��domain_critical_onlyr�r[r�r_r\r]r^r��mysid�admin_dns                   r8�	join_RODCr�s#������r�4��!�6�;�	�;�(�*;�&3�+=�	?�C��F�F�;����(�
�K�K�!�C�O�O�3�4��F�F�7�C�I�I��
�K�K�
��	�	�)�*�25�*�*�c�k�k�J�C�M����X�%B�%B�C��X�8�8�8��X�:�:�:��X�:�:�:��X�;�;�;�=�C��'*�j�j�(�2P�2P�Q�C�N��M�M�O�E��E�!�H��C�M�#�j�j�E�E�#�j�j�R�R�S�#�j�j�C�C�D�C���H�H�O�O�+�c�j�j�8�+�c�o�o�=�?�@�6����C�C��"�0�0�C���C�H����'�G�G�!�F�F�G�H��"�0�0�C���� � �G�$E�$E�E� ��K�K�M�
�K�K�#�/�/�3�:�:�V�Wr9c�Z�t|||||||||	|
|||
||��}|jd|j�|jd|jz�|jd|j�|jd|jz�t
jjt
jjz|_	|jjd|jz�tj|_|xj t"j$t"j&zzc_|j |_|r#|xj(t"j*zc_|j-�|jd|j�d|j.�d	��y
)z
Join as a DC.r�r�r�r�r�z1E3514235-4B06-11D1-AB04-00C04FC2DCD2/$NTDSGUID/%sr�r�z	) as a DCN)r@rr�rkr�r�r.r�UF_TRUSTED_FOR_DELEGATIONr�r�rer�r�SEC_CHAN_BDCr�r�r
r��!DRSUAPI_DRS_FULL_SYNC_IN_PROGRESSr,r-r�r})rXrgrBrCrYr�rZr�r�r�r[r�r_r\r]r^r�s                 r8�join_DCr�@s>������r�4��!�6�;�	�;�(�*;�&3�+=�	?�C��F�F�;����(�
�K�K�!�C�O�O�3�4��F�F�7�C�I�I��
�K�K�
��	�	�)�*�"�Z�Z�?�?�%�*�*�Bf�Bf�f�C���H�H�O�O�G�#�-�-�W�X�"�/�/�C�����'�6�6�!�C�C�D�E��"�0�0�C���� � �G�$E�$E�E� ��K�K�M�
�K�K�s����
�
�S�Tr9c
��t||||||||||	��
}
|jd|
j�|jd|
jz�|jd|
j�|jd|
jz�|
j�|jd|
j�d|
j�d��|
S)	z%Creates a local clone of a remote DC.)rZr�r��include_secretsr]r^r�r�r�r�zCloned domain r�r�)�DCCloneContextrr�rkr�r�r})rXrgrBrCrZr�r�r�r]r^r�s           r8�
join_cloner�bs���
�����i� &�K�)8�'4�,>�	@�C��F�F�;����(�
�K�K�!�C�O�O�3�4��F�F�7�C�I�I��
�K�K�
��	�	�)�*��K�K�M�
�K�K�s����
�
�K�L��Jr9c�8��eZdZdZ				d�fd�	Zd�Zd�Z�xZS)r�zClones a remote DC.c����tt|�||||||||	|
��	d|_d|_d|_|jjd�d|_d|_	d|_
|jj�|_
|xjtj tj"zzc_|s#|xjtj$zc_|j|_y)N)rZr�r�r]r^rOr)r3r�r4r�r�r�rg�splitr�r�r�ri�
get_ntds_GUID�remote_dc_ntds_guidr�r
r�r�r�r,)r�rXrgrBrCrZr�r�r�r]r^r7s           �r8r4zDCCloneContext.__init__{s����	�n�c�+�F�F�E�2�6?��8C�:G�?Q�		,�	S���
��������Z�Z�%�%�c�*�1�-��
���
�!���#&�)�)�"9�"9�";������g�:�:�%�G�G�H�	I�������!N�!N�N��#&�#4�#4�� r9c��|jjd�tj�}tj|j
d�|_tjdtjd�|d<|j}tjdt|�ztjd�|d<|j
j|�y)Nrzr{r,r|r}r~)rXrkrnr8r9rr�r:r;r�rrr<)r�r?r�s   r8r�zDCCloneContext.join_finalise�s����
�
���B�C��K�K�M���v�v�c�o�o�z�2���!�0�0���9M�9M�1A�C��
���&�&�� �/�/��c�$�i�0G�03�0D�0D�0?�A��/��	�����q�!r9c��|j�|j�|j�|j�yr�)r�rr:r�rRs r8r�zDCCloneContext.do_join�s4������	�����������r9)
NNNNNNNFNN)r:r;r<r�r4r�r�r=r>s@r8r�r�xs!����?C�:>�6:�$(�5�6"�r9r�c�B��eZdZdZ			d�fd�	Zd�Zd�Zd�Zd�Z�xZ	S)�DCCloneAndRenameContextz6Clones a remote DC, renaming the domain along the way.c
�h��tt|�||||||	|
||��	||_||_||_y)N)rZr�r�r�r])r3r�r4�new_base_dn�new_domain_name�	new_realm)r�r�r�r�rXrgrBrCrZr�r�r�r]r7s             �r8r4z DCCloneAndRenameContext.__init__�sJ���	�%�s�4�V�V�U�B�?H�<B�AL�ET�CP�	5�	R�&���-���!��
r9c	���d|j�d|�d�}tj||j||j|j
|j|j�Sr")rgr�drs_ReplicateRenamerrCrr�rtr�)r�r$r��binding_strs    r8r%z)DCCloneAndRenameContext.create_replicator�sN��03�z�z�?�K���-�-�k�3�6�6�:�.1�o�o�.1�.?�.?�.1�k�k�3�?�?�L�	Lr9c���tj�\}}|jd|�tjj|��}t
j|�|S)z?Creates a non-global LoadParm based on the global LP's settingsF)�filename_for_non_global_lp)�tempfile�mkstemp�dumpr��param�LoadParm�os�remove)r��	global_lp�fd�tmp_file�local_lps     r8�create_non_global_lpz,DCCloneAndRenameContext.create_non_global_lp�sL�� �'�'�)���H����u�h�'��;�;�'�'�8�'�L��
�	�	�(���r9c�b�|j}tjd|z|j|�S)z/Uses string substitution to replace the base DNrM)rt�re�subr�)r��dn_str�old_base_dns   r8�	rename_dnz!DCCloneAndRenameContext.rename_dn�s'���k�k���v�v�e�k�)�3�?�?�F�C�Cr9c�F�td�|j|j�}t|jt�|jt|j||j|j�|j|j|j�|j|j�|j|jd|j |j"��}td|j$z�|j&|_|j*|_y)z"Provision the local (renamed) SAM.z(Provisioning the new (renamed) domain...r�)
rZr�r�rCr�r�rLr�r�r�r�r�r]z%Provision OK for renamed domain DN %sN)r�rrCrrXrrZrr�r
rvr�rxrzr�r}r�r]r�rirr)r��
non_global_lprs   r8rz&DCCloneAndRenameContext.join_provision�s���	�8�9��0�0����8�
��C�J�J��(8�&)�m�m��"%�-�-�M�#&�=�=����#=����%(�]�]�3�=�=�%A�%(�]�]�3�=�=�%A�#&�#6�#6�#�*�*�'K�(+���*-�*;�*;�	=��	�5��8H�8H�H�I�!�-�-����M�M��	r9)	NNNNNNNTN)
r:r;r<r�r4r%rr
rr=r>s@r8r�r��s*���@�FJ�JN�GK�"�
L�
�D�"r9r�)NNNNNNNNFNFNFFNN)
NNNNNNFrWNN)Pr��
samba.authr�samba.samdbrr�rrrrr	rnr��	samba.ndrr
r�samba.dcerpcrr
rrrrrr�
samba.dsdbr�samba.credentialsrr�samba.provisionrrrrrr�samba.provision.commonr�samba.schemarr�	samba.netr �samba.provision.sambadnsr!r"r#�base64r$r%r&r'�samba.dnsserverr(r)r*�loggingr�r�r	rr��collectionsr+�samba.commonr,�samba.netcmdr-r.r/r�r1rmr@r�r�r�r�r�r�r9r8�<module>r!s��&�%��O�O�
���*�U�U�U�.�<�D�D�-����4�#���,��<�<��
��	�	��#�#�%�(�M�i�M�G�F�G�T.VZ�@E�=A�8=� �!%�5X�pTX�>C�;?�6;��#�U�D9=�<A�15�"&��,3�]�3�pS"�n�S"r9

Zerion Mini Shell 1.0