HEX

File: //lib/python3/dist-packages/samba/provision/__pycache__/sambadns.cpython-310.pyc
o

ɣ�b��@s0dZddlZddlZddlZddlZddlZddlmZddlZddl	Z	ddl
mZddlm
Z
ddlmZmZddl	mZddlmZmZmZdd	lmZmZmZmZmZmZdd
lmZmZm Z m!Z!m"Z"m#Z#ddl$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,ddl-m.Z.dd
l/m0Z0dd�Z1dd�Z2Gdd�dej3�Z4Gdd�dej3�Z5Gdd�dej3�Z6Gdd�dej3�Z7Gdd�dej3�Z8Gdd�dej3�Z9Gdd�dej3�Z:Gd d!�d!ej;�Z<Gd"d#�d#ej;�Z=Gd$d%�d%ej;�Z>Gd&d'�d'ej;�Z?Gd(d)�d)ej;�Z@Gd*d+�d+ej;�ZAGd,d-�d-ej;�ZBd.d/�ZCd0d1�ZDdld3d4�ZEd5d6�ZFd7d8�ZGd9d:�ZHd;d<�ZId=d>�ZJd?d@�ZKdAdB�ZLdCdD�ZMdEdF�ZNdGdH�ZOdIdJ�ZPdKdL�ZQdMdN�ZRdOdP�ZSdQdR�ZTdSdT�ZUdUdV�ZVdWdX�ZWdYdZ�ZXd[d\�ZYd]d^�ZZd_d`�Z[dadb�Z\dcdd�Z]dee)defdfdg�Z^dddde)dfdhdi�Z_			dmdjdk�Z`dS)nzDNS-related provisioning�N)�	b64encode)�tdb_copy)�mdb_copy)�ndr_pack�
ndr_unpack)�
setup_file)�dnsp�misc�security)�DS_DOMAIN_FUNCTION_2000�DS_DOMAIN_FUNCTION_2003�DS_DOMAIN_FUNCTION_2008_R2�DS_DOMAIN_FUNCTION_2012_R2�DS_DOMAIN_FUNCTION_2016�DS_GUID_USERS_CONTAINER)�get_domain_descriptor�'get_domain_delete_protected1_descriptor�'get_domain_delete_protected2_descriptor�get_dns_partition_descriptor�'get_dns_forest_microsoft_dns_descriptor�'get_dns_domain_microsoft_dns_descriptor)�
setup_path�setup_add_ldif�setup_modify_ldif�	setup_ldb�	FILL_FULL�FILL_SUBDOMAIN�FILL_NT4SYNC�FILL_DRS)�get_default_backend_store)�
get_stringcCs4|j|tjdgd�}tttj|ddd��}|S)N�
objectGUID��base�scope�attrsr)�search�ldb�
SCOPE_BASE�strrr	�GUID)�samdb�domaindn�res�
domainguid�r/�:/usr/lib/python3/dist-packages/samba/provision/sambadns.py�get_domainguidBsr1cCsHd|�t�||�t�}|j|tjdgd�}ttj|ddd�}|S)NzCN=DnsAdmins,%s�	objectSidr"r)	�get_wellknown_dnr'�Dnrr&r(rr
�dom_sid)r+r,�base_dnr-�
dnsadmins_sidr/r/r0�get_dnsadmins_sidHs��r8c�&eZdZddejf�fdd�	Z�ZS)�ARecord��c�2tt|���tj|_||_||_||_||_	dS�N)
�superr:�__init__r�
DNS_TYPE_A�wType�rank�dwSerial�dwTtlSeconds�data)�self�ip_addr�serial�ttlrC��	__class__r/r0r@[�
zARecord.__init__��__name__�
__module__�__qualname__r�
DNS_RANK_ZONEr@�
__classcell__r/r/rKr0r:Y�r:cr9)�
AAAARecordr;r<cr=r>)
r?rUr@r�
DNS_TYPE_AAAArBrCrDrErF)rG�ip6_addrrIrJrCrKr/r0r@frMzAAAARecord.__init__rNr/r/rKr0rUdrTrUcr9)�CNAMERecordr;r<cs.t���tj|_||_||_||_||_dSr>)	r?r@r�DNS_TYPE_CNAMErBrCrDrErF)rG�cnamerIrJrCrKr/r0r@qs

zCNAMERecord.__init__rNr/r/rKr0rXorTrXcr9)�NSRecordr;r<cr=r>)
r?r[r@r�DNS_TYPE_NSrBrCrDrErF)rG�
dns_serverrIrJrCrKr/r0r@|rMzNSRecord.__init__rNr/r/rKr0r[zrTr[cs.eZdZddddddejf�fdd�	Z�ZS)�	SOARecordr;r<iXi�Qic
sdtt|���tj|_|	|_||_||_t�	�}
||
_
||
_||
_||
_
||
_||
_||
_|
|_dSr>)r?r^r@r�DNS_TYPE_SOArBrCrDrE�soarI�refresh�retry�expire�mname�rname�minimumrF)rGrdrerIrarbrcrfrJrCr`rKr/r0r@�s
zSOARecord.__init__rNr/r/rKr0r^�s
�r^cs*eZdZddddejf�fdd�	Z�ZS)�	SRVRecordr�dr;r<c	sRtt|���tj|_||_||_||_t�	�}||_
||_||_||_
||_dSr>)r?rgr@r�DNS_TYPE_SRVrBrCrDrE�srv�
nameTarget�wPort�	wPriority�wWeightrF)	rG�target�port�priority�weightrIrJrCrjrKr/r0r@�s
zSRVRecord.__init__rNr/r/rKr0rg�s�rgcr9)�	TXTRecordr;r<csJtt|���tj|_||_||_||_t�	�}t
|�|_||_||_
dSr>)r?rsr@r�DNS_TYPE_TXTrBrCrDrE�string_list�len�countr)rF)rG�slistrIrJrC�
stringlistrKr/r0r@�s

zTXTRecord.__init__rNr/r/rKr0rs�rTrsc�"eZdZejf�fdd�	Z�ZS)�TypePropertyc�,tt|���d|_d|_tj|_||_dS�Nr;)	r?r{r@�wDataLength�versionr�DSPROPERTY_ZONE_TYPE�idrF)rG�	zone_typerKr/r0r@��

zTypeProperty.__init__)rOrPrQr�DNS_ZONE_TYPE_PRIMARYr@rSr/r/rKr0r{��r{crz)�AllowUpdatePropertycr|r})	r?r�r@r~rr�DSPROPERTY_ZONE_ALLOW_UPDATEr�rF)rG�allow_updaterKr/r0r@�r�zAllowUpdateProperty.__init__)rOrPrQr�DNS_ZONE_UPDATE_SECUREr@rSr/r/rKr0r��r�r�c�eZdZd�fdd�	Z�ZS)�SecureTimePropertyrcr|r})	r?r�r@r~rr�DSPROPERTY_ZONE_SECURE_TIMEr�rF)rG�secure_timerKr/r0r@�r�zSecureTimeProperty.__init__�r�rOrPrQr@rSr/r/rKr0r���r�cr�)�NorefreshIntervalPropertyrcr|r})	r?r�r@r~rr�"DSPROPERTY_ZONE_NOREFRESH_INTERVALr�rF)rG�norefresh_intervalrKr/r0r@�r�z"NorefreshIntervalProperty.__init__r�r�r/r/rKr0r��r�r�cr�)�RefreshIntervalPropertyrcr|r})	r?r�r@r~rr� DSPROPERTY_ZONE_REFRESH_INTERVALr�rF)rG�refresh_intervalrKr/r0r@�r�z RefreshIntervalProperty.__init__r�r�r/r/rKr0r��r�r�cr�)�AgingStatePropertyrcr|r})	r?r�r@r~rr�DSPROPERTY_ZONE_AGING_STATEr�rF)rG�
aging_enabledrKr/r0r@�r�zAgingStateProperty.__init__r�r�r/r/rKr0r��r�r�cr�)�AgingEnabledTimePropertyrcr|r})	r?r�r@r~rr�"DSPROPERTY_ZONE_AGING_ENABLED_TIMEr�rF)rG�next_cycle_hoursrKr/r0r@�r�z!AgingEnabledTimeProperty.__init__r�r�r/r/rKr0r��r�r�cCsld|}d|}t|�}	t|td�|t|	��d�d��|tkr0t|td�|t|	��d�d��t||�}
tt�	��}
t
�||����
�}t|�}t|�}
t|td�||
|||t|
��d�t|��d�d��t|td�|||d	��|tkr�t||�}tt�	��}t
�||����
�}t|td�|||||t|
��d�t|��d�d��t|td�|||d	��dSdS)
NzDC=DomainDnsZones,%szDC=ForestDnsZones,%sz"provision_dnszones_partitions.ldif�utf8)�ZONE_DN�SECDESCzprovision_dnszones_add.ldif)r��	ZONE_GUID�ZONE_DNS�CONFIGDN�SERVERDN�LOSTANDFOUND_DESCRIPTOR�INFRASTRUCTURE_DESCRIPTORzprovision_dnszones_modify.ldif)r�r�r�)rrrr�decoderr1r)�uuid�uuid4r'r4�canonical_ex_str�striprrr)r+�	domainsidr,�forestdn�configdn�serverdn�
fill_level�
domainzone_dn�
forestzone_dn�
descriptor�domainzone_guid�domainzone_dns�protected1_desc�protected2_desc�forestzone_guid�forestzone_dnsr/r/r0�setup_dns_partitions�sd
�
�

�
	�

�
	��r�cCst|td�d|i�dS)Nzprovision_dns_accounts_add.ldif�DOMAINDN)rr)r+r,r/r/r0�add_dns_accounts8s

�r�Fc	Csvdt|�i}|durt||d�}nt||d�}t�t�|d||f��}ddg|d<t�|tjd�|d<|�|�dS)	N�	DnsAdminsT)�name_mapzCN=MicrosoftDNS,%s,%s�top�	container�objectClass�nTSecurityDescriptor)	r)rrr'�Messager4�MessageElement�FLAG_MOD_ADD�add)	r+r,�prefix�
domain_sidr7�forestr��sd_val�msgr/r/r0�add_dns_container>s��
��r�c

Cs�i}d|d<d|d<d|d<d|d<d	|d
<d|d<d
|d<d|d<d|d<d|d<d|d<d|d<d|d<i}d|d<d|d<d|d<d|d<d|d
<d |d<d!|d<d"|d<d#|d<d$|d<d%|d<d&|d<d'|d<d(||f}t�t�||��}g}|�tttjd)���|�tttj	d*���|�tt
���|�tt���|�tt���|�tt
���|�tt���d+d,g|d-<t�d.tjd/�|d/<t�|tjd0�|d0<|�|�g}|D]}	|�tt|	d1d1tjd2���q�t�t�|d3|��}d+d4g|d-<t�|tjd5�|d5<|�|�|D]3}	tt||	d1d1tjd2��g}t�t�|d6|	|f��}d+d4g|d-<t�|tjd5�|d5<|�|��qdS)7Nz
198.41.0.4za.root-servers.netz192.228.79.201zb.root-servers.netz192.33.4.12zc.root-servers.netz199.7.91.13zd.root-servers.netz192.203.230.10ze.root-servers.netz192.5.5.241zf.root-servers.netz192.112.36.4zg.root-servers.netz
198.97.190.53zh.root-servers.netz
192.36.148.17zi.root-servers.netz
192.58.128.30zj.root-servers.netz193.0.14.129zk.root-servers.netz199.7.83.42zl.root-servers.netz202.12.27.33zm.root-servers.netz2001:503:ba3e::2:30z2001:500:84::bz
2001:500:2::cz2001:500:2d::dz2001:500:a8::ez2001:500:2f::fz2001:500:12::d0dz2001:500:1::53z2001:7fe::53z2001:503:c27::2:30z2001:7fd::1z2001:500:9f::42z2001:dc3::35z'DC=RootDNSServers,CN=MicrosoftDNS,%s,%s)r�)r�r��dnsZoner��Zone�cn�dNSPropertyr)rIrJrC�DC=@,%s�dnsNode�	dnsRecordzDC=%s,%s)r'r�r4�appendrr{r�DNS_ZONE_TYPE_CACHEr��DNS_ZONE_UPDATE_OFFr�r�r�r�r�r�r�r�r[�DNS_RANK_ROOT_HINTr:)
r+r,r��rootservers�rootservers_v6�container_dnr��props�record�rserverr/r/r0�add_rootserversOsp

�r�cCs�d||f}g}t|d|�}	|�t|	��t|�}
|�t|
��|dur0t|�}|�t|��|dur?t|�}|�t|��t�t�|d|��}
ddg|
d<t�	|tj
d�|
d<|�|
�dS)N�%s.%sz
hostmaster.%sr�r�r�r�r�)r^r�rr[r:rUr'r�r4r�r�r�)r+r�r��hostname�	dnsdomain�hostip�hostip6�
fqdn_hostname�
at_records�
at_soa_record�at_ns_record�at_a_record�at_aaaa_recordr�r/r/r0�
add_at_record�s r�cCsVt||�}t�t�|d||f��}ddg|d<t�t|�tjd�|d<|�|�dS�N�%s,%sr�r�r�r�)rgr'r�r4r�rr�r�)r+r�r��hostrp�
srv_recordr�r/r/r0�add_srv_record�s

r�cC�Tt|�}t�t�|d||f��}ddg|d<t�t|�tjd�|d<|�|�dSr�)r[r'r�r4r�rr�r��r+r�r�r��	ns_recordr�r/r/r0�
add_ns_record��
r�cCsZt|tjd�}t�t�|d||f��}ddg|d<t�t|�tjd�|d<|�	|�dS)N)rCr�r�r�r�r�)
r[r�DNS_RANK_NS_GLUEr'r�r4r�rr�r�r�r/r/r0�add_ns_glue_record�s
r�cCr�r�)rXr'r�r4r�rr�r�)r+r�r�r��cname_recordr�r/r/r0�add_cname_record�r�r�c	Cs�g}|rt|�}|�t|��|rt|�}|�t|��|rBt�t�|d||f��}ddg|d<t�|tjd�|d<|�	|�dSdSr�)
r:r�rrUr'r�r4r�r�r�)	r+r�r�r�r��host_records�a_record�aaaa_recordr�r/r/r0�add_host_record�s�r�c
	Cs�d|}tj�||�}g}|�tt���|�tt���|�tt���|�ttdd���|�tt	dd���|�tt
���|�tt���t�
t�|d|||f��}	ddg|	d<t�t|�tjd	�|	d
<t�|tjd�|	d<|�|	�dS)Na{O:SYG:BAD:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)(A;CIID;RPWPCRCCDCLCRCWOWDSDDTSW;;;%s)(A;CIID;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)(OA;CIID;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;CIID;LC;;;RU)(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;BA)S:AI�)r�)r��DC=%s,CN=MicrosoftDNS,%s,%sr�r�r�r��ntSecurityDescriptorr�)r
r��	from_sddlr�rr{r�r�r�r�r�r�r'r�r4r�r�r�)
r+r,r�r�r�r7�sddl�secr�r�r/r/r0�add_domain_record�s*�

��rc	Cs6t�t�|d|||f��}ddg|d<|�|�dS)N�"DC=_msdcs.%s,CN=MicrosoftDNS,%s,%sr�r�r�)r'r�r4r�)r+r�r��	dnsforestr�r/r/r0�add_msdcs_records
�rc
Cs`d||f}t�|d|||f�}	t||	d||||�t||	d|||�t||	d|d�t||	d||d�t||	d|d�t||	d	|d
�t||	d|d
�t||	d|d
�t||	d||d
�t||	d|d�t||	d||d�t||	d|�t||	d||d
�t||	d||d
�t||	d|d
�t||	d|d
�t||	d||�t||	d||�dS)Nr�r��DC=@�DC=%szDC=_kerberos._tcp�XzDC=_kerberos._tcp.%s._siteszDC=_kerberos._udpzDC=_kpasswd._tcpi�zDC=_kpasswd._udpz
DC=_ldap._tcp�zDC=_ldap._tcp.%s._siteszDC=_gc._tcp��zDC=_gc._tcp.%s._sitesz	DC=_msdcsz&DC=_ldap._tcp.%s._sites.DomainDnsZonesz&DC=_ldap._tcp.%s._sites.ForestDnsZoneszDC=_ldap._tcp.DomainDnsZoneszDC=_ldap._tcp.ForestDnsZones�DC=DomainDnsZones�DC=ForestDnsZones)r'r4r�r�r�r�)
r+r,r��siter�r�r�r�r��domain_container_dnr/r/r0�add_dc_domain_records
s|���������
���
	������
�
�rc
Cs�d||f}
t�|d|||f�}t||d||dd�t||d|
d�t||d||
d�t||d|
d�t||d	||
d�t||d
||
d�t||d|
d�t||d
|
d�t||d||�t||d||
d�t||d|	|
�dS)Nr�rrzDC=_kerberos._tcp.dcrzDC=_kerberos._tcp.%s._sites.dczDC=_ldap._tcp.dcr	zDC=_ldap._tcp.%s._sites.dczDC=_ldap._tcp.%s._sites.gcr
zDC=_ldap._tcp.gczDC=_ldap._tcp.pdczDC=gczDC=_ldap._tcp.%s.domainsr)r'r4r�r�r�r�)r+r�r�r
rr�r�r�r.�ntdsguidr��forest_container_dnr/r/r0�add_dc_msdcs_recordsjsN���
��������
��rc		
Cs�zt�tj�||��t�tj�||��Wn	tyYnw|dur&d}t|td�|||t|�d���	d�t
|�|jd|j�
�|j�
�fd��dS)z�Add DNS specific bits to a secrets database.

    :param secretsdb: Ldb Handle to the secrets database
    :param names: Names shortcut
    :param machinepass: Machine password
    Nr;zsecrets_dns.ldifzutf-8r�r�)�REALM�	DNSDOMAIN�
DNS_KEYTAB�DNSPASS_B64�KEY_VERSION_NUMBER�HOSTNAME�DNSNAME)�os�unlink�path�join�OSErrorrrr�encoder�r)r��netbiosname�lowerr�)	�	secretsdb�names�private_dir�binddns_dir�realmr��dns_keytab_path�dnspass�key_version_numberr/r/r0�secretsdb_setup_dns�s&�
��r*cCs�tj�|j�}zt�|d�Wn	tyYnwt�|d�|jdurRzt�	|d|j�t�
|d�WdStyQdtjvrN|�d||jf�YdSYdSwdS)zx(Re)create the DNS directory and chown it to bind.

    :param logger: Logger object
    :param paths: paths object
    T�N����SAMBA_SELFTEST�!Failed to chown %s to bind gid %u)
rr�dirname�dns�shutil�rmtreer�mkdir�bind_gid�chown�chmod�environ�error)�logger�paths�dns_dirr/r/r0�create_dns_dir�s&�

����r<c
Cs�tj�|j|j�}tj�|j|j�}tj�|�r�tj�|�rBzt�|�WntyA}z|�	d||j
f�WYd}~nd}~wwzt�||�Wntyg}z|�	d|||j
f�WYd}~nd}~ww|jdur�zt�
|jd�t�|jd|j�Wnty�dtjvr�|�d|j|j�Ynwzt�
|d�t�|d|j�WdSty�dtjvr�|�d||j�YdSYdSwdSdS)	zhCreate link for BIND to DNS keytab

    :param logger: Logger object
    :param paths: paths object
    zFailed to remove %s: %sNz"Failed to create link %s -> %s: %sr+r,r-r.i�)rrrr$�
dns_keytabr%�isfilerrr8�strerror�linkr4r6r5r7�info)r9r:�private_dns_keytab_path�bind_dns_keytab_path�er/r/r0�create_dns_dir_keytab_link�sV���
���

���

����rEcCst|	t�sJ�|durd|}|d|}
d|}nd}d}
d}|dur3d|}|d|}d|}nd}d}d}ttd	�|j||||||	t�d
�||
||
||d�
�|jdur�zt�	|jd|j�t�
|jd
�WdSty�dtjvr�|�
d|j|jf�YdSYdSwdS)a�Write out a DNS zone file, from the info in the current database.

    :param paths: paths object
    :param dnsdomain: DNS Domain name
    :param domaindn: DN of the Domain
    :param hostip: Local IPv4 IP
    :param hostip6: Local IPv6 IP
    :param hostname: Local hostname
    :param realm: Realm name
    :param domainguid: GUID of the domain.
    :param ntdsguid: GUID of the hosts nTDSDSA record.
    Nz            IN AAAA    z        IN AAAA    z#gc._msdcs               IN AAAA    �z            IN A    z        IN A    z gc._msdcs               IN A    zprovision.zonez%Y%m%d%H)
rrr�HOSTIP_BASE_LINE�HOSTIP_HOST_LINE�
DOMAINGUID�
DATESTRING�DEFAULTSITE�NTDSGUID�HOSTIP6_BASE_LINE�HOSTIP6_HOST_LINE�GC_MSDCS_IP_LINE�GC_MSDCS_IP6_LINEr,i�r-r.)�
isinstancer)rrr0�time�strftimer4rr5r6rr7r8)�lpr9r:�	targetdirr�r�r�r�r&r.rr
�hostip6_base_line�hostip6_host_line�gc_msdcs_ip6_line�hostip_base_line�hostip_host_line�gc_msdcs_ip_liner/r/r0�create_zone_filesT

�

����r\c$Cs(|j}tj�|d�}tj�|j�}tj�|d�}	i}
|jdtjddgd�}|ddD]}t	|��
d�\}
}||
|
��<q+t�}d|dvrPt	|ddd�}|j
��}tj�||
|�}zMt�|	�t|d���d	||f}t�|�}|jd
tjd�}|�|d�d|}tt|���d
�}t|td�|j
|t	|�|d��t|td�d�Wn	|�d��|
|=d|j
��}d|j��}|
|}|
�|�}d}zgt�tj�||�tj�|	|��t�tj�||�tj�||��|dk�rt�tj�||d�tj�||d��|�r7t�tj�||�tj�||��|dk�r7t�tj�||d�tj�||d��Wnt�yF|�d��w|
|=|�rP|
|=z@ttj�|d�tj�|d��|
D],}
|
|
}|dk�r~ttj�||�tj�||���qbttj�||�tj�||���qbWn	|�d��|j du�rzKt�!|�D]B\}}}|D]} tj�|| �}!t�"|!d|j �t�#|!d��q�|D]}"|"�$d��r�tj�||"�}#t�"|#d|j �t�#|#d��qȐq�WdSt�ydtj%v�r|�d�YdSYdSwdtj%v�r|�&d�dSdS) zRCreate a copy of samdb and give write permissions to named for dns partitions
    z	sam.ldb.dz
@PARTITION�	partition�backendStorer"r�:�wz%s://%sz
@INDEXLIST)r#r$zobjectGUID: %s
-r�zprovision_basedn.ldif)r�rI�	DOMAINSID�
DESCRIPTORzprovision_basedn_options.ldifNz>Failed to setup database for BIND, AD based DNS cannot be usedzDC=DOMAINDNSZONES,%szDC=FORESTDNSZONES,%szmetadata.tdb�mdbz-lockzsam.ldbr,r+)z.ldbz.tdbzldb-locki�r-z9Failed to set permissions to sam.ldb* files, fix manuallyz\Unable to find group id for BIND,
                set permissions to sam.ldb* files manually)'r$rrrr/r0r&r'r(r)�split�upperrr,r3�open�close�samba�Ldbr�rrr�rrr8�rootdn�getr@rrrr4�walkr5r6�endswithr7�warning)$r+r9r:r#r�r.r$�
samldb_dirr;�dns_samldb_dir�partfiler-�tmp�nc�fname�
backend_storer,�domainpart_file�dom_url�dom_ldb�	index_res�domainguid_line�descr�domainzonedn�forestzonedn�domainzone_file�forestzone_file�
metadata_file�pfiler/�dirs�files�d�dpath�f�fpathr/r/r0�create_samdb_copy@s��



���	
��
��
�����
�������

����r�cCs(ttd�|jd�ttd�|jd�dS)z Write out a dns_update_list file�dns_update_listN�spn_update_list)rrr�r�)rTr9r:r/r/r0�create_dns_update_list�sr�cCs*ddlm}|dkr3ttd�|j|||jdd�|�d�dd��|j|jd	��ttd
�|j�dS|dk�rt	j
dgd
t	jt	jdd��
�d}t|�}d}d}d}	d}
d}d}d}
d}|���d�dkrid}n�|���d�dkrud}n�|���d�dkr�d}	nx|���d�dkr�d}
nl|���d�dkr�d}n`|���d�dkr�d}nT|���d�dkr�d}
nH|���d�dkr�d}n<|���d�dkr�|d��|���d�dkr�|d��|���d�dkr�|d��|���d�dkr�|d��|�d |j�ttd!�|j|jtj��|||	|
|||
|d"�
�dSdS)#acWrite out a file containing zone statements suitable for inclusion in a
    named.conf file (including GSS-TSIG configuration).

    :param paths: all paths
    :param realm: Realm name
    :param dnsdomain: DNS Domain name
    :param dns_backend: DNS backend type
    :param keytab_name: File name of DNS keytab file
    :param logger: Logger object
    r)�ProvisioningError�BIND9_FLATFILEz
named.confz*.�.r;N)rr�	ZONE_FILE�REALM_WC�
NAMED_CONF�NAMED_CONF_UPDATEznamed.conf.update�	BIND9_DLZznamed -VT)�shell�stdout�stderr�cwd�#zBIND 9.8r,rFzBIND 9.9z	BIND 9.10z	BIND 9.11z	BIND 9.12z	BIND 9.14z	BIND 9.16z	BIND 9.18zBIND 9.7z&DLZ option incompatible with BIND 9.7.z	BIND_9.13z/Only stable/esv releases of BIND are supported.z	BIND_9.15z	BIND_9.17z0BIND version unknown, please modify %s manually.znamed.conf.dlz)
r��
MODULESDIR�BIND9_8�BIND9_9�BIND9_10�BIND9_11�BIND9_12�BIND9_14�BIND9_16�BIND9_18)�samba.provisionr�rr�	namedconfr0rrd�namedconf_update�
subprocess�Popen�PIPE�STDOUT�communicater re�findrnrh�param�modules_dir)r:r&r��dns_backendr9r��	bind_info�bind9_8�bind9_9�bind9_10�bind9_11�bind9_12�bind9_14�bind9_16�bind9_18r/r/r0�create_named_conf�s��	

����r�cCs,ttd�|||||tj�||�|d��dS)abWrite out a file containing zone statements suitable for inclusion in a
    named.conf file (including GSS-TSIG configuration).

    :param path: Path of the new named.conf file.
    :param realm: Realm name
    :param dnsdomain: DNS Domain name
    :param binddns_dir: Path to bind dns directory
    :param keytab_name: File name of DNS keytab file
    z	named.txt)rrrr�DNS_KEYTAB_ABS�PRIVATE_DIRN)rrrrr)rr&r��dnsnamer%�keytab_namer/r/r0�create_named_txt%s
�r�cCs|dvS)N)r�r��SAMBA_INTERNAL�NONEr/)r�r/r/r0�is_valid_dns_backend:sr�cCst|ko	tkSSr>)rr)�os_levelr/r/r0�is_valid_os_level>sr�cCs t||d||�t||d�dS�Nz	CN=System)r�r�)r+r�r�r7r/r/r0�create_dns_legacyBsr�c			Cs,t||d|||�t||d|||||�dSr�)rr)	r+r�r�r�r
r�r�r�r7r/r/r0�fill_dns_data_legacyIs��r�cCsLt|||||j|j|�t||d||�|tkr$t||d||dd�dSdS)NrrT)r�)r�r�r�r�r)r+r�r#r,r�r7r�r/r/r0�create_dns_partitionsTs

�
�

��r�TcCs||rt||d�t||d|||�|
rt||d|||||	�|tkr:t||d|�|
r<t||d|||||	|
|�
dSdSdS)a�Fill data in various AD partitions

    :param samdb: LDB object connected to sam.ldb file
    :param domainsid: Domain SID (as dom_sid object)
    :param site: Site name to create hostnames in
    :param domaindn: DN of the domain
    :param forestdn: DN of the forest
    :param dnsdomain: DNS name of the domain
    :param dnsforest: DNS name of the forest
    :param hostname: Host name of this DC
    :param hostip: IPv4 addresses
    :param hostip6: IPv6 addresses
    :param domainguid: Domain GUID
    :param ntdsguid: NTDS GUID
    :param dnsadmins_sid: SID for DnsAdmins group
    :param autofill: Create DNS records (using fixed template)
    rrN)r�rrrrr)r+r�r
r,r�r�rr�r�r�r.rr7�autofillr��add_rootr/r/r0�fill_dns_data_partitionsbs$
�
�
��r�cCs�t|�s
td|��t|�std|��|dkr|�d�dS|�d�t||j�|j}|����}|j�	�}|}|j
}|j�	�}t||�}t
||�}|��z[|�d|�t||j||�|tkry|�d|�t||j|||||	|
|�	n1|d	vr�|tkr�|�d
�t||j|||||�|�d�t||j|||||||	|
||j||d�Wn|���|��|�d
�r�t|||||||||||	|
||
d�dSdS)aWProvision DNS information (assuming GC role)

    :param samdb: LDB object connected to sam.ldb file
    :param secretsdb: LDB object connected to secrets.ldb file
    :param names: Names shortcut
    :param paths: Paths shortcut
    :param lp: Loadparm object
    :param logger: Logger object
    :param dns_backend: Type of DNS backend
    :param os_level: Functional level (treated as os level)
    :param dnspass: Password for bind's DNS account
    :param hostip: IPv4 address
    :param hostip6: IPv6 address
    :param targetdir: Target directory for creating DNS-related files for BIND9
    �Invalid dns backend: %r�Invalid os level: %rr�z'No DNS backend set, not configuring DNSNzAdding DNS accountsz%Creating CN=MicrosoftDNS,CN=System,%sz'Populating CN=MicrosoftDNS,CN=System,%s)r�r�z5Creating DomainDnsZones and ForestDnsZones partitionsz7Populating DomainDnsZones and ForestDnsZones partitions)r��BIND9_)r
r(r�r�rUru)r��	Exceptionr�rAr�r,�get_root_basedn�get_linearizedr�r!�sitenamer r8r1�transaction_startr�r�rr�rr�r�r�transaction_cancel�transaction_commit�
startswith�setup_bind9_dns)r+r"r#r:rTr9r�r�r(r�r�rUr�rur,r�r�rr
r�r7r.r/r/r0�setup_ad_dns�sd





�
�

��


��r�cCs.t|�r	|�d�std|��t|�std|��|j}t||�}t|||j|j|j	|j
|j|	|
d�	t||�t
||�|dkrUt||||||j
|
||j|j	||jd�|dkrg|tkrgt|||||j|�t||j	|j
||d�t|j|j	|j
d	|j|j
f|j|jd
�|�d|j�|�d|j�d
S)a�Provision DNS information (assuming BIND9 backend in DC role)

    :param samdb: LDB object connected to sam.ldb file
    :param secretsdb: LDB object connected to secrets.ldb file
    :param names: Names shortcut
    :param paths: Paths shortcut
    :param lp: Loadparm object
    :param logger: Logger object
    :param dns_backend: Type of DNS backend
    :param os_level: Functional level (treated as os level)
    :param site: Site to create hostnames in
    :param dnspass: Password for bind's DNS account
    :param hostip: IPv4 address
    :param hostip6: IPv6 address
    :param targetdir: Target directory for creating DNS-related files for BIND9
    r�r�r�)r&r�r'r(r)r�)r
r�r�r�r�r&r.rr�)r&r�r�r9r�)r&r�r�r%r�z9See %s for an example configuration include file for BINDz@and %s for further documentation required for secure DNS updatesN)r�r�r�r�r,r1r*r$r%r&r�r=r<rEr\r�rrr�r�r�r��namedtxtrAr�)r+r"r#r:rTr9r�r�r
r(r�r�rUr)rur,r.r/r/r0r��sZ�
�

������r�)F)NNNNNNN)a�__doc__rr�r1rRr'�base64rr�rh�samba.tdb_utilr�samba.mdb_utilr�	samba.ndrrrr�samba.dcerpcrr	r
�
samba.dsdbrrr
rrr�samba.descriptorrrrrrr�samba.provision.commonrrrrrrrr�samba.samdbr�samba.commonr r1r8�DnssrvRpcRecordr:rUrXr[r^rgrs�DnsPropertyr{r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrrrr*r<rEr\r�r�r�r�r�r�r�r�r�r�r�r�r/r/r/r0�<module>s�  (






:
G"]5*>	U
�1
�f�