%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/samba/provision/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/samba/provision/__pycache__/sambadns.cpython-312.pyc

�

�de����D�dZddlZddlZddlZddlZddlZddlmZddlZddl	Z	ddl
mZddlm
Z
ddlmZmZddl	mZddlmZmZmZdd	lmZmZmZmZmZmZdd
lmZmZm Z m!Z!m"Z"m#Z#m$Z$ddl%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-ddl.m/Z/dd
l0m1Z1d�Z2d�Z3Gd�dejh�Z5Gd�dejh�Z6Gd�dejh�Z7Gd�dejh�Z8Gd�dejh�Z9Gd�dejh�Z:Gd�dejh�Z;Gd�dejx�Z=Gd �d!ejx�Z>Gd"�d#ejx�Z?Gd$�d%ejx�Z@Gd&�d'ejx�ZAGd(�d)ejx�ZBGd*�d+ejx�ZCd,�ZDd-�ZEdKd.�ZFd/�ZGd0�ZHd1�ZId2�ZJd3�ZKd4�ZLd5�ZMd6�ZNd7�ZOd8�ZPd9�ZQd:�ZRd;�ZSd<�ZTd=�ZUd>�ZVd?�ZWd@�ZXdA�ZYdB�ZZdC�Z[dD�Z\dE�Z]dF�Z^dGe*dGfdH�Z_dddde*dfdI�Z`			dLdJ�Zay)MzDNS-related provisioning�N)�	b64encode)�tdb_copy)�mdb_copy)�ndr_pack�
ndr_unpack)�
setup_file)�dnsp�misc�security)�DS_DOMAIN_FUNCTION_2000�DS_DOMAIN_FUNCTION_2003�DS_DOMAIN_FUNCTION_2008_R2�DS_DOMAIN_FUNCTION_2012_R2�DS_DOMAIN_FUNCTION_2016�DS_GUID_USERS_CONTAINER)�get_deletedobjects_descriptor�get_domain_descriptor�'get_domain_delete_protected1_descriptor�'get_domain_delete_protected2_descriptor�get_dns_partition_descriptor�'get_dns_forest_microsoft_dns_descriptor�'get_dns_domain_microsoft_dns_descriptor)�
setup_path�setup_add_ldif�setup_modify_ldif�	setup_ldb�	FILL_FULL�FILL_SUBDOMAIN�FILL_NT4SYNC�FILL_DRS)�get_default_backend_store)�
get_stringc��|j|tjdg��}tt	t
j|ddd��}|S)N�
objectGUID��base�scope�attrsr)�search�ldb�
SCOPE_BASE�strrr
�GUID)�samdb�domaindn�res�
domainguids    �:/usr/lib/python3/dist-packages/samba/provision/sambadns.py�get_domainguidr3CsE��
�,�,�H�C�N�N�<�.�,�
Q�C��Z��	�	�3�q�6�,�+?��+B�C�D�J���c���d|jtj||�t�z}|j	|tj
dg��}t
tj|ddd�}|S)NzCN=DnsAdmins,%s�	objectSidr%r)	�get_wellknown_dnr*�Dnrr)r+rr�dom_sid)r.r/�base_dnr0�
dnsadmins_sids     r2�get_dnsadmins_sidr<Isn���%�"8�"8�����,4�:6�7N�#P�P�G�
�,�,�G�3�>�>�+��,�
O�C��x�/�/��Q���1D�Q�1G�H�M��r4c�:��eZdZddejf�fd�	Z�xZS)�ARecord��c���tt|��tj|_||_||_||_||_	y�N)
�superr>�__init__r	�
DNS_TYPE_A�wType�rank�dwSerial�dwTtlSeconds�data)�self�ip_addr�serial�ttlrG�	__class__s     �r2rDzARecord.__init__\s8���
�g�t�%�'��_�_��
���	���
������	r4��__name__�
__module__�__qualname__r	�
DNS_RANK_ZONErD�
__classcell__�rOs@r2r>r>Zs���'(�c��8J�8J��r4r>c�:��eZdZddejf�fd�	Z�xZS)�
AAAARecordr?r@c���tt|��tj|_||_||_||_||_	yrB)
rCrXrDr	�
DNS_TYPE_AAAArFrGrHrIrJ)rK�ip6_addrrMrNrGrOs     �r2rDzAAAARecord.__init__gs:���
�j�$�(�*��'�'��
���	���
������	r4rPrVs@r2rXrXes���()�s��9K�9K��r4rXc�:��eZdZddejf�fd�	Z�xZS)�CNAMERecordr?r@c���t�|��tj|_||_||_||_||_yrB)	rCrDr	�DNS_TYPE_CNAMErFrGrHrIrJ)rK�cnamerMrNrGrOs     �r2rDzCNAMERecord.__init__rs8���
�����(�(��
���	���
������	r4rPrVs@r2r]r]ps���%&�C�d�6H�6H��r4r]c�:��eZdZddejf�fd�	Z�xZS)�NSRecordr?r@c���tt|��tj|_||_||_||_||_	yrB)
rCrbrDr	�DNS_TYPE_NSrFrGrHrIrJ)rK�
dns_serverrMrNrGrOs     �r2rDzNSRecord.__init__}s:���
�h��&�(��%�%��
���	���
������	r4rPrVs@r2rbrb{s���*+��4�;M�;M��r4rbc�B��eZdZddddddejf�fd�	Z�xZS)�	SOARecordr?r@iXi�Qic
���tt|��tj|_|	|_||_||_tj�}
||
_
||
_||
_||
_
||
_||
_||
_|
|_yrB)rCrgrDr	�DNS_TYPE_SOArFrGrHrI�soarM�refresh�retry�expire�mname�rname�minimumrJ)rKrnrorMrkrlrmrprNrGrjrOs           �r2rDzSOARecord.__init__�sv���
�i��'�)��&�&��
���	���
�����h�h�j����
������	���
���	���	������	r4rPrVs@r2rgrg�s#���,-�s�#��t��D�<N�<N��r4rgc�>��eZdZddddejf�fd�	Z�xZS)�	SRVRecordr�dr?r@c����tt|��tj|_||_||_||_tj�}||_
||_||_||_
||_yrB)rCrrrDr	�DNS_TYPE_SRVrFrGrHrI�srv�
nameTarget�wPort�	wPriority�wWeightrJ)
rK�target�port�priority�weightrMrNrGrvrOs
         �r2rDzSRVRecord.__init__�sa���
�i��'�)��&�&��
���	���
�����h�h�j�������	� ��
������	r4rPrVs@r2rrrr�s���./��A�3��(�(��r4rrc�:��eZdZddejf�fd�	Z�xZS)�	TXTRecordr?r@c����tt|��tj|_||_||_||_tj�}t|�|_||_||_
yrB)rCr�rDr	�DNS_TYPE_TXTrFrGrHrI�string_list�len�countr,rJ)rK�slistrMrNrG�
stringlistrOs      �r2rDzTXTRecord.__init__�s[���
�i��'�)��&�&��
���	���
�����%�%�'�
��u�:�
���
����	r4rPrVs@r2r�r��s���%&�C�d�6H�6H�	�	r4r�c�6��eZdZejf�fd�	Z�xZS)�TypePropertyc�~��tt|��d|_d|_t
j|_||_y�Nr?)	rCr�rD�wDataLength�versionr	�DSPROPERTY_ZONE_TYPE�idrJ)rK�	zone_typerOs  �r2rDzTypeProperty.__init__�s3���
�l�D�*�,��������+�+�����	r4)rQrRrSr	�DNS_ZONE_TYPE_PRIMARYrDrUrVs@r2r�r��s���!%�!;�!;��r4r�c�6��eZdZejf�fd�	Z�xZS)�AllowUpdatePropertyc�~��tt|��d|_d|_t
j|_||_yr�)	rCr�rDr�r�r	�DSPROPERTY_ZONE_ALLOW_UPDATEr�rJ)rK�allow_updaterOs  �r2rDzAllowUpdateProperty.__init__�s4���
�!�4�1�3��������3�3��� ��	r4)rQrRrSr	�DNS_ZONE_UPDATE_SECURErDrUrVs@r2r�r��s���$(�$?�$?�!�!r4r�c� ��eZdZd�fd�	Z�xZS)�SecureTimePropertyc�~��tt|��d|_d|_t
j|_||_yr�)	rCr�rDr�r�r	�DSPROPERTY_ZONE_SECURE_TIMEr�rJ)rK�secure_timerOs  �r2rDzSecureTimeProperty.__init__�s4���
� �$�0�2��������2�2�����	r4�r�rQrRrSrDrUrVs@r2r�r��s
��� � r4r�c� ��eZdZd�fd�	Z�xZS)�NorefreshIntervalPropertyc�~��tt|��d|_d|_t
j|_||_yr�)	rCr�rDr�r�r	�"DSPROPERTY_ZONE_NOREFRESH_INTERVALr�rJ)rK�norefresh_intervalrOs  �r2rDz"NorefreshIntervalProperty.__init__�s4���
�'��7�9��������9�9���&��	r4r�r�rVs@r2r�r��s
���'�'r4r�c� ��eZdZd�fd�	Z�xZS)�RefreshIntervalPropertyc�~��tt|��d|_d|_t
j|_||_yr�)	rCr�rDr�r�r	� DSPROPERTY_ZONE_REFRESH_INTERVALr�rJ)rK�refresh_intervalrOs  �r2rDz RefreshIntervalProperty.__init__�s4���
�%�t�5�7��������7�7���$��	r4r�r�rVs@r2r�r���
���%�%r4r�c� ��eZdZd�fd�	Z�xZS)�AgingStatePropertyc�~��tt|��d|_d|_t
j|_||_yr�)	rCr�rDr�r�r	�DSPROPERTY_ZONE_AGING_STATEr�rJ)rK�
aging_enabledrOs  �r2rDzAgingStateProperty.__init__�s4���
� �$�0�2��������2�2���!��	r4r�r�rVs@r2r�r��s
���"�"r4r�c� ��eZdZd�fd�	Z�xZS)�AgingEnabledTimePropertyc�~��tt|��d|_d|_t
j|_||_yr�)	rCr�rDr�r�r	�"DSPROPERTY_ZONE_AGING_ENABLED_TIMEr�rJ)rK�next_cycle_hoursrOs  �r2rDz!AgingEnabledTimeProperty.__init__�s4���
�&��6�8��������9�9���$��	r4r�r�rVs@r2r�r��r�r4r�c��d|z}d|z}t|�}	t|�}
t|td�|t	|	�jd�d��|tk7r1t|td�|t	|	�jd�d��ttj��}tj||�j�j�}t|�}
t|�}t|td�|||||t	|
�jd�t	|�jd�t	|
�jd�d��t!|td�|||d	��|tk7r�ttj��}tj||�j�j�}t|td�|||||t	|
�jd�t	|�jd�t	|
�jd�d��t!|td�|||d	��yy)
NzDC=DomainDnsZones,%szDC=ForestDnsZones,%sz"provision_dnszones_partitions.ldif�utf8)�ZONE_DN�SECDESCzprovision_dnszones_add.ldif)r��	ZONE_GUID�ZONE_DNS�CONFIGDN�SERVERDN�DELETEDOBJECTS_DESCRIPTOR�LOSTANDFOUND_DESCRIPTOR�INFRASTRUCTURE_DESCRIPTORzprovision_dnszones_modify.ldif)r�r�r�)rrrrr�decoderr,�uuid�uuid4r*r8�canonical_ex_str�striprrr)r.�	domainsidr/�forestdn�configdn�serverdn�
fill_level�
domainzone_dn�
forestzone_dn�
descriptor�deletedobjects_desc�domainzone_guid�domainzone_dns�protected1_desc�protected2_desc�forestzone_guid�forestzone_dnss                 r2�setup_dns_partitionsr��s"��*�X�5�M�*�X�5�M�-�i�8�J�7�	�B���5�*�%I�J� ��Z�(�/�/��7�M���^�#��u�j�)M�N�$� ��,�3�3�F�;�Q
�	�
�$�*�*�,�'�O��V�V�E�=�1�B�B�D�J�J�L�N�=�i�H�O�=�i�H�O��5�*�%B�C� �$�"���%.�/B�%C�%J�%J�6�%R�#,�_�#=�#D�#D�V�#L�%.��%?�%F�%F�v�%N�	F�	��e�Z�(H�I��� �L���^�#��d�j�j�l�+������}�5�F�F�H�N�N�P���u�j�)F�G�$�(�&� � �)2�3F�)G�)N�)N�v�)V�'0��'A�'H�'H��'P�)2�?�)C�)J�)J�6�)R�	J
�		�	�%��,L�!M� � �$�P
�	�$r4c�4�t|td�d|i�y)Nzprovision_dns_accounts_add.ldif�DOMAINDN)rr)r.r/s  r2�add_dns_accountsr�:s���5�*�%F�G��H�J�r4c	�:�dt|�i}|durt||��}n
t||��}tjtj
|d|�d|����}ddg|d<tj|tjd	�|d	<|j|�y)
N�	DnsAdminsT)�name_mapzCN=MicrosoftDNS,�,�top�	container�objectClass�nTSecurityDescriptor)	r,rrr*�Messager8�MessageElement�FLAG_MOD_ADD�add)	r.r/�prefix�
domain_sidr;�forestr��sd_val�msgs	         r2�add_dns_containerr�@s����S��/�0�H�
��~�8��BJ�L��9��BJ�L���+�+�c�f�f�U�v�x�$P�Q�
R�C���-�C�
�����6�3�#3�#3�1�	3����
�I�I�c�Nr4c��i}d|d<d|d<d|d<d|d<d	|d
<d|d<d
|d<d|d<d|d<d|d<d|d<d|d<d|d<i}d|d<d|d<d|d<d|d<d|d
<d |d<d!|d<d"|d<d#|d<d$|d<d%|d<d&|d<d'|d<d(|�d)|��}tjtj||��}g}|jt	ttj�*���|jt	ttj�+���|jt	t���|jt	t���|jt	t���|jt	t���|jt	t���d,d-g|d.<tjd/tj d0�|d0<tj|tj d1�|d1<|j#|�g}|D]7}	|jt	t%|	d2d2tj&�3����9tjtj|d4|z��}d,d5g|d.<tj|tj d6�|d6<|j#|�|D]�}	t	t)||	d2d2tj&�3��g}tjtj|d7|	�d)|����}d,d5g|d.<tj|tj d6�|d6<|j#|���y)8Nz
198.41.0.4za.root-servers.netz192.228.79.201zb.root-servers.netz192.33.4.12zc.root-servers.netz199.7.91.13zd.root-servers.netz192.203.230.10ze.root-servers.netz192.5.5.241zf.root-servers.netz192.112.36.4zg.root-servers.netz
198.97.190.53zh.root-servers.netz
192.36.148.17zi.root-servers.netz
192.58.128.30zj.root-servers.netz193.0.14.129zk.root-servers.netz199.7.83.42zl.root-servers.netz202.12.27.33zm.root-servers.netz2001:503:ba3e::2:30z2001:500:84::bz
2001:500:2::cz2001:500:2d::dz2001:500:a8::ez2001:500:2f::fz2001:500:12::d0dz2001:500:1::53z2001:7fe::53z2001:503:c27::2:30z2001:7fd::1z2001:500:9f::42z2001:dc3::35z"DC=RootDNSServers,CN=MicrosoftDNS,r�)r�)r�r��dnsZoner��Zone�cn�dNSPropertyr)rMrNrG�DC=@,%s�dnsNode�	dnsRecord�DC=)r*r�r8�appendrr�r	�DNS_ZONE_TYPE_CACHEr��DNS_ZONE_UPDATE_OFFr�r�r�r�r�r�r�r�rb�DNS_RANK_ROOT_HINTr>)
r.r/r��rootservers�rootservers_v6�container_dnr��props�record�rservers
          r2�add_rootserversr�Qsm���K�(4�K�$�%�(8�K�$�%�(5�K�$�%�(5�K�$�%�(8�K�$�%�(5�K�$�%�(6�K�$�%�(7�K�$�%�(7�K�$�%�(7�K�$�%�(6�K�$�%�(5�K�$�%�(6�K�$�%��N�+@�N�'�(�+;�N�'�(�+:�N�'�(�+;�N�'�(�+;�N�'�(�+;�N�'�(�+=�N�'�(�+;�N�'�(�+9�N�'�(�+?�N�'�(�+8�N�'�(�+<�N�'�(�+9�N�'�(�@F��Q�L��+�+�c�f�f�U�L�1�
2�C��E�	�L�L��,��1I�1I�J�K�L�	�L�L��-�4�;S�;S�T�U�V�	�L�L��,�.�/�0�	�L�L��3�5�6�7�	�L�L��1�3�4�5�	�L�L��,�.�/�0�	�L�L��2�4�5�6���+�C�
���"�"�6�3�+;�+;�T�B�C��I��+�+�E�3�3C�3C�]�S�C�
��	�I�I�c�N��F��b���
�
�h�x���q�t�G^�G^�_�`�a�b��+�+�c�f�f�U�I��$<�=�
>�C���+�C�
���)�)�&�#�2B�2B�K�P�C���	�I�I�c�N�����7�;�w�#7��q�t�Of�Of�g�h�i���k�k�#�&�&��g�|�(L�M�N��#�Y�/��M���-�-�f�c�6F�6F��T��K��
�	�	�#��r4c�&�|�d|��}g}t|d|z�}	|jt|	��t|�}
|jt|
��|�%t	|�}|jt|��|�%t|�}|jt|��t
jt
j|d|z��}
ddg|
d<t
j|tjd�|
d<|j|
�y)N�.z
hostmaster.%sr�r�r�r�r�)rgr�rrbr>rXr*r�r8r�r�r�)r.r�r��hostname�	dnsdomain�hostip�hostip6�
fqdn_hostname�
at_records�
at_soa_record�at_ns_record�at_a_record�at_aaaa_recordr�s              r2�
add_at_recordr	�s���'��3�M��J��m�_�y�-H�I�M����h�}�-�.��M�*�L����h�|�,�-�
���f�o�����(�;�/�0���#�G�,�����(�>�2�3�

�+�+�c�f�f�U�I��$<�=�
>�C���+�C�
���)�)�*�c�6F�6F��T�C���	�I�I�c�Nr4c�
�t||�}tjtj||�d|����}ddg|d<tjt|�tjd�|d<|j|�y�Nr�r�r�r�r�)rrr*r�r8r�rr�r�)r.r�r��hostr|�
srv_recordr�s       r2�add_srv_recordr�sk���4��&�J�

�+�+�c�f�f�U�v�|�$D�E�
F�C���+�C�
���)�)�(�:�*>��@P�@P�R]�^�C���	�I�I�c�Nr4c��t|�}tjtj||�d|����}ddg|d<tjt|�tjd�|d<|j|�yr)rbr*r�r8r�rr�r��r.r�r�r�	ns_recordr�s      r2�
add_ns_recordr�sh�����I�

�+�+�c�f�f�U�v�|�$D�E�
F�C���+�C�
���)�)�(�9�*=�s�?O�?O�Q\�]�C���	�I�I�c�Nr4c�(�t|tj��}tjtj
||�d|����}ddg|d<tjt|�tjd�|d<|j|�y)N)rGr�r�r�r�r�)
rbr	�DNS_RANK_NS_GLUEr*r�r8r�rr�r�rs      r2�add_ns_glue_recordr�sq����D�$9�$9�:�I�

�+�+�c�f�f�U�v�|�$D�E�
F�C���+�C�
���)�)�(�9�*=�s�?O�?O�Q\�]�C���	�I�I�c�Nr4c��t|�}tjtj||�d|����}ddg|d<tjt|�tjd�|d<|j|�yr)r]r*r�r8r�rr�r�)r.r�r�r�cname_recordr�s      r2�add_cname_recordr�si���t�$�L�

�+�+�c�f�f�U�v�|�$D�E�
F�C���+�C�
���)�)�(�<�*@�#�BR�BR�T_�`�C���	�I�I�c�Nr4c��g}|r%t|�}|jt|��|r%t|�}|jt|��|rot	j
t	j||�d|����}ddg|d<t	j|tjd�|d<|j|�yyr)
r>r�rrXr*r�r8r�r�r�)	r.r�r�rr�host_records�a_record�aaaa_recordr�s	         r2�add_host_recordr�s����L�
��6�?�����H�X�.�/�� ��)�����H�[�1�2���k�k�#�&�&��6�<�(H�I�J��#�Y�/��M���-�-�l�C�<L�<L�k�Z��K��
�	�	�#��	r4c�|�d|z}tjj||�}g}|jt	t���|jt	t
���|jt	t���|jt	td����|jt	td����|jt	t���|jt	t���tjtj|d|�d|�d|����}	dd	g|	d
<tjt	|�tj d�|	d<tj|tj d
�|	d
<|j#|	�y)Na{O:SYG:BAD:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)(A;CIID;RPWPCRCCDCLCRCWOWDSDDTSW;;;%s)(A;CIID;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)(OA;CIID;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;CIID;LC;;;RU)(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;BA)S:AI�)r�)r�r��,CN=MicrosoftDNS,r�r�r�r�r��ntSecurityDescriptorr�)rr��	from_sddlr�rr�r�r�r�r�r�r�r*r�r8r�r�r�)
r.r/r�rr�r;�sddl�secr�r�s
          r2�add_domain_recordr%�sO�����D��
�
�
'�
'��i�
8�C��E�	�L�L��,�.�)�*�	�L�L��-�/�0�1�	�L�L��,�.�/�0�	�L�L��3�s�K�L�M�	�L�L��1�3�G�H�I�	�L�L��,�.�/�0�	�L�L��2�4�5�6�

�+�+�c�f�f�U�Y�PV�X`�$a�b�
c�C���+�C�
�����8�C�=��+�+�1�	3�����+�+�E�3�3C�3C�]�S�C�
��	�I�I�c�Nr4c��tjtj|d|�d|�d|����}ddg|d<|j|�y)N�
DC=_msdcs.r r�r�r�r�)r*r�r8r�)r.r�r��	dnsforestr�s     r2�add_msdcs_recordr)sF��

�+�+�c�f�f�U�%.���%B�C�D�C���+�C�
��	�I�I�c�Nr4c	��|�d|��}tj|d|�d|�d|���}	t||	d||||�t||	d|z||�t	||	d|d�t	||	d	|z|d�t	||	d
|d�t	||	d|d�t	||	d
|d�t	||	d|d�t	||	d|z|d�t	||	d|d�t	||	d|z|d�t||	d|�t	||	d|z|d�t	||	d|z|d�t	||	d|d�t	||	d|d�t||	d||�t||	d||�y)Nr�r�r r��DC=@�DC=%szDC=_kerberos._tcp�XzDC=_kerberos._tcp.%s._siteszDC=_kerberos._udpzDC=_kpasswd._tcpi�zDC=_kpasswd._udpz
DC=_ldap._tcp�zDC=_ldap._tcp.%s._siteszDC=_gc._tcp��zDC=_gc._tcp.%s._sitesz	DC=_msdcsz&DC=_ldap._tcp.%s._sites.DomainDnsZonesz&DC=_ldap._tcp.%s._sites.ForestDnsZoneszDC=_ldap._tcp.DomainDnsZoneszDC=_ldap._tcp.ForestDnsZones�DC=DomainDnsZones�DC=ForestDnsZones)r*r8r	rrr)
r.r/r��siterr�rrr�domain_container_dns
          r2�add_dc_domain_recordsr4s��� (��3�M��&�&��"+�V�X�)?�@���%�,�f�h�	��'�#��E�.��(�0B�F����5�-�/B� �"�&��5�-�/L��0�&��,��5�-�/B� �"�&��5�-�/A� �#�'��5�-�/A� �#�'��5�-��
����5�-�/H��0�&��-��5�-�}�m����5�-�/F��/M� �$�(��u�1�;�
�N��5�-�;�d�B�M���
�5�-�;�d�B�M���
�5�-�/M� �#�'��5�-�/M� �#�'��E�.�0C�V����E�.�0C�V��r4c
	��|�d|��}
tj|d|�d|�d|���}t||d||dd�t||d|
d�t||d|z|
d�t||d	|
d
�t||d|z|
d
�t||d|z|
d
�t||d|
d
�t||d|
d
�t	||d||�t||d|z|
d
�t||d|	z|
�y)Nr�r'r r�r+zDC=_kerberos._tcp.dcr-zDC=_kerberos._tcp.%s._sites.dczDC=_ldap._tcp.dcr.zDC=_ldap._tcp.%s._sites.dczDC=_ldap._tcp.%s._sites.gcr/zDC=_ldap._tcp.gczDC=_ldap._tcp.pdczDC=gczDC=_ldap._tcp.%s.domainsr,)r*r8r	rrr)r.r�r�r2r(r�rrr1�ntdsguidr�forest_container_dns            r2�add_dc_msdcs_recordsr8lsF�� (��3�M��&�&��"+�V�X�)?�@���%�,�f�h�	�����5�-�/E� �"�&��5�-�3�d�:�M�2�O��5�-�/A� �#�'��5�-�/K��0�&��-��5�-�/K��0�&��.��5�-�/A� �$�(��5�-�/B� �#�'��E�.����I��5�-�-�
�:�M�3�P��U�/��8�1C�"�$r4c	��	tjtjj||��tjtjj||��|�d}t|t
d�|||t|jd��jd�t|�|j|jj��d|jj���d��y#t$rY��wxYw)z�Add DNS specific bits to a secrets database.

    :param secretsdb: Ldb Handle to the secrets database
    :param names: Names shortcut
    :param machinepass: Machine password
    Nr?zsecrets_dns.ldifzutf-8r�r�)�REALM�	DNSDOMAIN�
DNS_KEYTAB�DNSPASS_B64�KEY_VERSION_NUMBER�HOSTNAME�DNSNAME)�os�unlink�path�join�OSErrorrrr�encoder�r,r��netbiosname�lowerr)	�	secretsdb�names�private_dir�binddns_dir�realmr�dns_keytab_path�dnspass�key_version_numbers	         r2�secretsdb_setup_dnsrQ�s���
�
�	�	�"�'�'�,�,�{�O�<�=�
�	�	�"�'�'�,�,�{�O�<�=��!����i��$6�7��"�)�$�W�^�^�G�%<�=�D�D�V�L�"%�&8�"9�����!�!�'�'�)�5�?�?�+@�+@�+B�D�	:�	���
��
�s�A&C:�:	D�Dc���tjj|j�}	t	j
|d�tj|d�|j�9	tj|d|j�tj|d�yy#t$rY�gwxYw#t$r7dtjvr"|jd||jfz�YyYywxYw)zx(Re)create the DNS directory and chown it to bind.

    :param logger: Logger object
    :param paths: paths object
    T�N����SAMBA_SELFTEST�!Failed to chown %s to bind gid %u)
rArC�dirname�dns�shutil�rmtreerE�mkdir�bind_gid�chown�chmod�environ�error)�logger�paths�dns_dirs   r2�create_dns_dirrd�s����g�g�o�o�e�i�i�(�G�
��
�
�g�t�$��H�H�W�e���~�~�!�	.��H�H�W�b�%�.�.�1��H�H�W�e�$�	"���
��
���	.��r�z�z�1����@��U�^�^�D-�-�.�2�	.�s#�B�$7B,�	B)�(B)�,;C,�+C,c	��tjj|j|j�}tjj|j
|j�}tjj
|�r�tjj
|�r	tj|�	tj||�|j��	tj|j
d�tj|j
d|j�	tj|d
�tj|d|j�yyy#t$r+}|jd|�d|j���Yd}~��d}~wwxYw#t$r.}|jd|�d|�d|j���Yd}~��d}~wwxYw#t$r<dtjvr'|j!d	|j
|j�Y��wxYw#t$r4dtjvr|j!d	||j�YyYywxYw)zhCreate link for BIND to DNS keytab

    :param logger: Logger object
    :param paths: paths object
    zFailed to remove z: NzFailed to create link z -> rSrTrUrVi�)rArCrDrK�
dns_keytabrL�isfilerBrEr`�strerror�linkr\r^r]r_�info)rarb�private_dns_keytab_path�bind_dns_keytab_path�es     r2�create_dns_dir_keytab_linkrn�s���!�g�g�l�l�5�+<�+<�e�>N�>N�O���7�7�<�<��(9�(9�5�;K�;K�L��	�w�w�~�~�-�.�
�7�7�>�>�.�/�
A��	�	�.�/�	V��G�G�+�-A�B��>�>�%�
C�����*�*�E�2�����*�*�B����?�

F����-�u�5����-�r�5�>�>�B�&�!/���
A����2�A�J�J�@�A�A��
A���	V��L�L�1�3G����U�
V�
V��	V���
C�#�2�:�:�5��K�K� C� %� 1� 1�5�>�>�C��
C���
F�#�2�:�:�5��K�K� C� 4�e�n�n�F�6�
F�sV�(E'�>F�!AG�-7H �'	F�0!F�F�	G�'$G�G�AH�H� 8I�Ic�b�t|	t�sJ�|�d|z}|dz|z}
d|z}nd}d}
d}|�d|z}|dz|z}d|z}nd}d}d}ttd	�|j||||||	tjd
�||
||
||d�
�|j�M	tj|jd|j�tj|jd
�yy#t$rAdtjvr,|jd|j|jfz�YyYywxYw)a�Write out a DNS zone file, from the info in the current database.

    :param paths: paths object
    :param dnsdomain: DNS Domain name
    :param domaindn: DN of the Domain
    :param hostip: Local IPv4 IP
    :param hostip6: Local IPv6 IP
    :param hostname: Local hostname
    :param realm: Realm name
    :param domainguid: GUID of the domain.
    :param ntdsguid: GUID of the hosts nTDSDSA record.
    Nz            IN AAAA    z        IN AAAA    z#gc._msdcs               IN AAAA    �z            IN A    z        IN A    z gc._msdcs               IN A    zprovision.zonez%Y%m%d%H)
r?r;r:�HOSTIP_BASE_LINE�HOSTIP_HOST_LINE�
DOMAINGUID�
DATESTRING�DEFAULTSITE�NTDSGUID�HOSTIP6_BASE_LINE�HOSTIP6_HOST_LINE�GC_MSDCS_IP_LINE�GC_MSDCS_IP6_LINErTi�rUrV)�
isinstancer,rrrX�time�strftimer\rAr]r^rEr_r`)�lprarb�	targetdirrrrr�rMr1r6r2�hostip6_base_line�hostip6_host_line�gc_msdcs_ip6_line�hostip_base_line�hostip_host_line�gc_msdcs_ip_lines                  r2�create_zone_filer�sf���j�#�&�&�&���5��?��$�'<�<�w�F��A�G�K��������
��1�F�:��#�&8�8�6�A��=��F���������z�*�+�U�Y�Y� �"�� 0� 0�$��-�-�
�3�� �!2�!2� 0�!2�9�� 
�~�~�!�	0��H�H�U�Y�Y��E�N�N�3��H�H�U�Y�Y��&�	"��
�	0��r�z�z�1����@��I�I�u�~�~�D/�/�0�2�	0�s�AC$�$AD.�-D.c	�
�|j}tjj|d�}tjj	|j
�}tjj|d�}	i}
|j
dtjddg��}|ddD]2}t|�jd�\}
}||
|
j�<�4t�}d|dvrt|ddd�}|jj�}tjj||
|�}	tj|	�t|d�j!�|�d	|��}t#j$|�}|j
d
tj��}|j'|d�d|z}t)t+|��j-d
�}t/|t1d�|j|t|�|d��t/|t1d�d�|
|=d|jj�z}d|j4j�z}|
|}|
j7|�}d}	tj8tjj||�tjj|	|��tj8tjj||�tjj||��|dk(rXtj8tjj||dz�tjj||dz��|r�tj8tjj||�tjj||��|dk(rXtj8tjj||dz�tjj||dz��|
|=|r|
|=	t=tjj|d�tjj|d��|
D]�}
|
|
}|dk(rIt?tjj||�tjj||���Vt=tjj||�tjj||����	|j@��	tjB|�D]�\}}}|D]Y} tjj|| �}!tjD|!d|j@�tjF|!d��[|D]k}"|"jId�s�tjj||"�}#tjD|#d|j@�tjF|#d��m��ydtjJvr|jMd�yy#|j3d��xYw#t:$r|j3d��wxYw#|j3d��xYw#t:$r(dtjJvr|j3d�YyYywxYw) zRCreate a copy of samdb and give write permissions to named for dns partitions
    z	sam.ldb.dz
@PARTITION�	partition�backendStorer%r�:�wz://z
@INDEXLIST)r&r'zobjectGUID: %s
-r�zprovision_basedn.ldif)r�rs�	DOMAINSID�
DESCRIPTORzprovision_basedn_options.ldifNz>Failed to setup database for BIND, AD based DNS cannot be usedzDC=DOMAINDNSZONES,%szDC=FORESTDNSZONES,%szmetadata.tdb�mdbz-lockzsam.ldbrTrS)z.ldbz.tdbzldb-locki�rUz9Failed to set permissions to sam.ldb* files, fix manuallyz\Unable to find group id for BIND,
                set permissions to sam.ldb* files manually)'rKrArCrDrWrXr)r*r+r,�split�upperr!r/r[�open�close�samba�Ldbr�rrr�rrr`�rootdn�getrirErrr\�walkr]r^�endswithr_�warning)$r.rarbrJr�r1rK�
samldb_dirrc�dns_samldb_dir�partfiler0�tmp�nc�fname�
backend_storer/�domainpart_file�dom_url�dom_ldb�	index_res�domainguid_line�descr�domainzonedn�forestzonedn�domainzone_file�forestzone_file�
metadata_file�pfilerW�dirs�files�d�dpath�f�fpaths$                                    r2�create_samdb_copyr�Bs����#�#�K������k�;�7�J��g�g�o�o�e�i�i�(�G��W�W�\�\�'�;�7�N��H�
�,�,�L� �^�^�)�>�:��<�C��1�v�k�"�%���#�h�n�n�S�)���U�$�������%�.�/�M���Q����C��F�>�2�1�5�6�
��~�~�#�#�%�H��g�g�l�l�7�H�X�,>�?�O��
���� ��_�c�"�(�(�*� -�o�>���)�)�G�$���L�L�l�#�.�.�L�I�	����I�a�L�!�-�
�:���/�	�:�;�B�B�6�J���w�
�+B� C����)��Y���	F!�	"�
	�w�!�"A�B�D�	J�	���*�E�N�N�,@�,@�,B�B�L�)�E�L�L�,>�,>�,@�@�L��|�,�O��l�l�<�0�O�"�M��
��������Z��7������^�]�;�	=�
��������[�/�:������W�o�6�	8��E�!�
�G�G�B�G�G�L�L��o��.G�H��G�G�L�L��/�G�*C�D�
F���G�G�B�G�G�L�L��o�>��G�G�L�L��/�:�
<���%���������[�/�G�2K�L������W�o��.G�H�J�	�����\�"��������k�9�5������g�y�1�	3��	7�B��R�L�E���%�������k�5�9������g�u�5�7�������k�5�9������g�u�5�7�
	7�
�~�~�!�	Q�(*����(8�	
/�$���u��+�A��G�G�L�L��!�4�E��H�H�U�B����7��H�H�U�E�*�+��/�A��z�z�">�?� "�����W�a� 8�������E�N�N�;������.�	/�	
/��2�:�:�-��N�N�>�
?�.��i����L�	N�
��J�����L�	N�
���*����L�	N�
���	Q��r�z�z�1����O�Q�2�	Q�sA�<C,Y�>F2Y�9C*Y9�1BZ�AZ�Y�Y6�9Z
�,[�[c��ttd�|jd�ttd�|jd�y)z Write out a dns_update_list file�dns_update_listN�spn_update_list)rrr�r�)r~rarbs   r2�create_dns_update_listr��s4���z�+�,�e�.C�.C�T�J��z�+�,�e�.C�.C�T�Jr4c��ddlm}|dk(r�ttd�|j|||j
ddj
|jd�dd�z|j|jd	��ttd
�|j�y|dk(�r�tjdgd
tjtjd��j�d}t|�}d}d}d}	d}
d}d}d}
d}|j�j!d�dk7rd}�n�|j�j!d�dk7rd}�n�|j�j!d�dk7rd}	�n�|j�j!d�dk7rd}
�n\|j�j!d�dk7rd}�n6|j�j!d�dk7rd}�n|j�j!d�dk7rd}
n�|j�j!d�dk7rd}n�|j�j!d�dk7r|d��|j�j!d�dk7r|d��|j�j!d�dk7r|d��|j�j!d�dk7r|d��|j#d |jz�ttd!�|j|jt$j&j)�|||	|
|||
|d"�
�yy)#acWrite out a file containing zone statements suitable for inclusion in a
    named.conf file (including GSS-TSIG configuration).

    :param paths: all paths
    :param realm: Realm name
    :param dnsdomain: DNS Domain name
    :param dns_backend: DNS backend type
    :param keytab_name: File name of DNS keytab file
    :param logger: Logger object
    r)�ProvisioningError�BIND9_FLATFILEz
named.confz*.r�r?N)r;r:�	ZONE_FILE�REALM_WC�
NAMED_CONF�NAMED_CONF_UPDATEznamed.conf.update�	BIND9_DLZznamed -VT)�shell�stdout�stderr�cwd�#zBIND 9.8rTrpzBIND 9.9z	BIND 9.10z	BIND 9.11z	BIND 9.12z	BIND 9.14z	BIND 9.16z	BIND 9.18zBIND 9.7z&DLZ option incompatible with BIND 9.7.z	BIND_9.13z/Only stable/esv releases of BIND are supported.z	BIND_9.15z	BIND_9.17z0BIND version unknown, please modify %s manually.znamed.conf.dlz)
r��
MODULESDIR�BIND9_8�BIND9_9�BIND9_10�BIND9_11�BIND9_12�BIND9_14�BIND9_16�BIND9_18)�samba.provisionr�rr�	namedconfrXrDr��namedconf_update�
subprocess�Popen�PIPE�STDOUT�communicater"r��findr�r��param�modules_dir)rbrMr�dns_backendrar��	bind_info�bind9_8�bind9_9�bind9_10�bind9_11�bind9_12�bind9_14�bind9_16�bind9_18s               r2�create_named_confr��s���"2��&�&��:�l�+�U�_�_�!*�"�!&��� $�s�x�x����C�0@���0D�'E� E�"'�/�/�).�)?�)?�
?�	�	�:�1�2�E�4J�4J�K�	��	#��$�$�j�\��,6�O�O�,6�,=�,=�),�.�/:�k�m�A�?�	��y�)�	������������������?�?��!�!�*�-��3��G�
�_�_�
�
#�
#�J�
/�2�
5��G�
�_�_�
�
#�
#�K�
0�B�
6��H�
�_�_�
�
#�
#�K�
0�B�
6��H�
�_�_�
�
#�
#�K�
0�B�
6��H�
�_�_�
�
#�
#�K�
0�B�
6��H�
�_�_�
�
#�
#�K�
0�B�
6��H�
�_�_�
�
#�
#�K�
0�B�
6��H�
�_�_�
�
#�
#�J�
/�2�
5�#�$L�M�M�
�_�_�
�
#�
#�K�
0�B�
6�#�$U�V�V�
�_�_�
�
#�
#�K�
0�B�
6�#�$U�V�V�
�_�_�
�
#�
#�K�
0�B�
6�#�$U�V�V��N�N�M�PU�P_�P_�_�`��:�.�/����"'�/�/�"'�+�+�"9�"9�";�&�&� (� (� (� (� (� (�C�	�Q
$r4c�z�ttd�|||||tjj	||�|d��y)abWrite out a file containing zone statements suitable for inclusion in a
    named.conf file (including GSS-TSIG configuration).

    :param path: Path of the new named.conf file.
    :param realm: Realm name
    :param dnsdomain: DNS Domain name
    :param binddns_dir: Path to bind dns directory
    :param keytab_name: File name of DNS keytab file
    z	named.txt)r;r@r:r<�DNS_KEYTAB_ABS�PRIVATE_DIRN)rrrArCrD)rCrMr�dnsnamerL�keytab_names      r2�create_named_txtr�'s;���z�+�&��"���%� �g�g�l�l�;��D�&�
/�r4c�
�|dvS)N)r�r��SAMBA_INTERNAL�NONE�)r�s r2�is_valid_dns_backendr�<s���S�S�Sr4c�2�t|cxkxr	tkScSrB)rr)�os_levels r2�is_valid_os_levelr�@s��"�h�I�2I�I�I�I�Ir4c�<�t||d||�t||d�y�Nz	CN=System)r�r�)r.r�r�r;s    r2�create_dns_legacyr�Ds���e�X�{�I�}�M��E�8�[�1r4c	
�H�t||d|||�t||d|||||�yr�)r%r4)	r.r�r�rr2r�rrr;s	         r2�fill_dns_data_legacyr�Ks4���e�X�{�I�y�#�%��%��;��i�"�F�G�5r4c	��t|||||j|j|�t||d||�|tk7rt||d||d��yy)Nr0r1T)r�)r�r�r�r�r)r.r�rJr/r�r;r�s       r2�create_dns_partitionsr�Vs]����	�8�X��������E��e�X�':�I�#�%��^�#��%��+>�	�'��	6�$r4Tc���|r
t||d�t||d|||�|
rt||d|||||	�|tk7r&t	||d|�|
rt||d|||||	|
|�
yyy)a�Fill data in various AD partitions

    :param samdb: LDB object connected to sam.ldb file
    :param domainsid: Domain SID (as dom_sid object)
    :param site: Site name to create hostnames in
    :param domaindn: DN of the domain
    :param forestdn: DN of the forest
    :param dnsdomain: DNS name of the domain
    :param dnsforest: DNS name of the forest
    :param hostname: Host name of this DC
    :param hostip: IPv4 addresses
    :param hostip6: IPv6 addresses
    :param domainguid: Domain GUID
    :param ntdsguid: NTDS GUID
    :param dnsadmins_sid: SID for DnsAdmins group
    :param autofill: Create DNS records (using fixed template)
    r0r1N)r�r%r4rr)r8)r.r�r2r/r�rr(r�rrr1r6r;�autofillr��add_roots                r2�fill_dns_data_partitionsr�ds���0���x�)<�=��e�X�':�I���0���e�X�/B�D�'��6�7�	D��^�#�	���*=�y�I�� ���2E�t�!*�H�f�g�!+�X�
7��
$r4c�l�t|�std|z��t|�std|z��|dk(r|jd�y|jd�t	||j
�|j
}|j
�j�}|jj�}|}|j}|jj�}t||�}t||�}|j�	|jd|z�t||j ||�|t"k(r2|jd|z�t%||j |||||	|
|�	nw|d	vrs|t&k\rj|jd
�t)||j |||||�|jd�t+||j |||||||	|
||j,||��|j/�|j3d
�rt5|||||||||||	|
||
��yy#|j1��xYw)aWProvision DNS information (assuming GC role)

    :param samdb: LDB object connected to sam.ldb file
    :param secretsdb: LDB object connected to secrets.ldb file
    :param names: Names shortcut
    :param paths: Paths shortcut
    :param lp: Loadparm object
    :param logger: Logger object
    :param dns_backend: Type of DNS backend
    :param os_level: Functional level (treated as os level)
    :param dnspass: Password for bind's DNS account
    :param hostip: IPv4 address
    :param hostip6: IPv6 address
    :param targetdir: Target directory for creating DNS-related files for BIND9
    �Invalid dns backend: %r�Invalid os level: %rr�z'No DNS backend set, not configuring DNSNzAdding DNS accountsz%Creating CN=MicrosoftDNS,CN=System,%sz'Populating CN=MicrosoftDNS,CN=System,%s)r�r�z5Creating DomainDnsZones and ForestDnsZones partitionsz7Populating DomainDnsZones and ForestDnsZones partitions)r��BIND9_)r2rOrrrr�)r��	Exceptionr�rjr�r/�get_root_basedn�get_linearizedrrH�sitenamerGr<r3�transaction_startr�r�rr�r
r�r�r6�transaction_commit�transaction_cancel�
startswith�setup_bind9_dns)r.rIrJrbr~rar�r�rOrrrr�r�r/r�rr(r2r�r;r1s                      r2�setup_ad_dnsr
�s$��& ��,��1�K�?�@�@��X�&��.��9�:�:��f�����=�>���K�K�%�&��U�E�N�N�+�"�~�~�H��$�$�&�5�5�7�H����%�%�'�I��I��>�>�D�� � �&�&�(�H�%�e�X�6�M���x�0�J�	����#����;�h�F�G��%����(�M�J��.�.��K�K�A�H�L�M� ������9�d�!)�6�7�M�
K��;�
;��3�3�
�K�K�O�P�!�%����%��8�"/��
=�
�K�K�Q�R�$�U�E�O�O�T�8�X�%.�	�8�V�W�%/�����0:�
<�	� � �"����h�'���y�%���F�#�X�D�'�RX� '�9�&3�	5�(��
�
� � �"�
�s
�CH � H3c��t|�r|jd�std|z��t|�std|z��|j}t||�}t
|||j|j|j|j|j|	|
��	t||�t||�|dk(r?t||||||j|
||j|j||j ��|dk(r#|t"k\rt%|||||j&|�t)||j|j||��t+|j,|j|j|j�d	|j��|j|j�
�|j/d|j0�|j/d|j,�y
)a�Provision DNS information (assuming BIND9 backend in DC role)

    :param samdb: LDB object connected to sam.ldb file
    :param secretsdb: LDB object connected to secrets.ldb file
    :param names: Names shortcut
    :param paths: Paths shortcut
    :param lp: Loadparm object
    :param logger: Logger object
    :param dns_backend: Type of DNS backend
    :param os_level: Functional level (treated as os level)
    :param site: Site to create hostnames in
    :param dnspass: Password for bind's DNS account
    :param hostip: IPv4 address
    :param hostip6: IPv6 address
    :param targetdir: Target directory for creating DNS-related files for BIND9
    rr�r�)rMrrNrOrPr�)r2rrrr�rMr1r6r�)rMrr�rar�)rMrr�rLr�z9See %s for an example configuration include file for BINDz@and %s for further documentation required for secure DNS updatesN)r�rrr�r/r3rQrKrLrMrrfrdrnr�r�r6r
r�r�r�r��namedtxtrjr�)r.rIrJrbr~rar�r�r2rOrrrrPr�r/r1s                 r2r	r	�s���*
!��-��"�"�8�,��1�K�?�@�@��X�&��.��9�:�:��~�~�H���x�0�J��	�5��)�)��)�)�#�k�k�"'�/�/�(-�(8�(8�'�+=�
?��6�5�!��v�u�-��&�&���V�U�I�D�#(�?�?�6�!(�5�>�>�$�{�{�z�"'�.�.�		2��k�!�h�2I�&I��%�������*�	>��e�5�;�;� %���[�#�%��U�^�^� �;�;�%�/�/�(-������H�!&�!2�!2�!&�!1�!1�	3�
�K�K�K����!�
�K�K�� �>�>�+r4)F)NNNNNNN)b�__doc__rAr�rYr|r*�base64rr�r��samba.tdb_utilr�samba.mdb_utilr�	samba.ndrrrr�samba.dcerpcr	r
r�
samba.dsdbrr
rrrr�samba.descriptorrrrrrrr�samba.provision.commonrrrrrrrr �samba.samdbr!�samba.commonr"r3r<�DnssrvRpcRecordr>rXr]rbrgrrr��DnsPropertyr�r�r�r�r�r�r�r�r�r�r�r	rrrrrr%r)r4r8rQrdrnr�r�r�r�r�r�r�r�r�r�r�r
r	r�r4r2�<module>rs>��*�	��
��
����#�#�*��-�-������	�	�	�2�#���"�d�"�"����%�%���$�&�&���t�#�#����$�$��(��$�$��"��$�$���4�#�#��!�$�*�*�!� ��)�)� �'�� 0� 0�'�%�d�.�.�%�"��)�)�"�%�t�/�/�%�8�v��"D�N�<������D�Z�z2$�j�>.�4'F�T;0�|E?�PK�R�j�*T�J�2�5�6� LP�(1�D�-7�b15�T�4��I�T�b5�LLP�EI�"&�B+r4

Zerion Mini Shell 1.0