a Wa@sdZddlZddlZddlZddlZddlZddlmZddlZddl Z ddl m Z ddl m Z ddlmZmZddl mZddlmZmZmZdd lmZmZmZmZmZdd lmZmZmZm Z m!Z!m"Z"dd l#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+dd l,m-Z-dd l.m/Z/ddZ0ddZ1Gdddej2Z3Gdddej2Z4Gdddej2Z5Gdddej2Z6Gdddej2Z7Gdddej2Z8Gdddej2Z9Gd d!d!ej:Z;Gd"d#d#ej:ZGd(d)d)ej:Z?Gd*d+d+ej:Z@Gd,d-d-ej:ZAd.d/ZBd0d1ZCdjd3d4ZDd5d6ZEd7d8ZFd9d:ZGd;d<ZHd=d>ZId?d@ZJdAdBZKdCdDZLdEdFZMdGdHZNdIdJZOdKdLZPdMdNZQdOdPZRdQdRZSdSdTZTdUdVZUdWdXZVdYdZZWd[d\ZXd]d^ZYd_d`ZZdadbZ[dce(dcfdddeZ\dddde(dfdfdgZ]dkdhdiZ^dS)lzDNS-related provisioningN) b64encode)tdb_copy)mdb_copy)ndr_pack ndr_unpack) setup_file)dnspmiscsecurity)DS_DOMAIN_FUNCTION_2000DS_DOMAIN_FUNCTION_2003DS_DOMAIN_FUNCTION_2008_R2DS_DOMAIN_FUNCTION_2012_R2DS_DOMAIN_FUNCTION_2016)get_domain_descriptor'get_domain_delete_protected1_descriptor'get_domain_delete_protected2_descriptorget_dns_partition_descriptor'get_dns_forest_microsoft_dns_descriptor'get_dns_domain_microsoft_dns_descriptor) setup_pathsetup_add_ldifsetup_modify_ldif setup_ldb FILL_FULLFILL_SUBDOMAIN FILL_NT4SYNCFILL_DRS)get_default_backend_store) get_stringcCs4|j|tjdgd}tttj|ddd}|S)NZ objectGUIDbasescopeattrsr)searchldb SCOPE_BASEstrrr ZGUID)samdbdomaindnres domainguidr,:/usr/lib/python3/dist-packages/samba/provision/sambadns.pyget_domainguidAsr.cCs4|jd|tjdgd}ttj|ddd}|S)NzCN=DnsAdmins,CN=Users,%sZ objectSidr r)r$r%r&rr Zdom_sid)r(r)r* dnsadmins_sidr,r,r-get_dnsadmins_sidGs r0cs&eZdZddejffdd ZZS)ARecordcs2tt|tj|_||_||_||_||_ dSN) superr1__init__rZ DNS_TYPE_AwTyperankdwSerial dwTtlSecondsdata)selfZip_addrserialttlr8 __class__r,r-r6Ps zARecord.__init____name__ __module__ __qualname__rZ DNS_RANK_ZONEr6 __classcell__r,r,r?r-r1Nsr1cs&eZdZddejffdd ZZS) AAAARecordr2r3cs2tt|tj|_||_||_||_||_ dSr4) r5rFr6rZ DNS_TYPE_AAAAr7r8r9r:r;)r<Zip6_addrr=r>r8r?r,r-r6[s zAAAARecord.__init__rAr,r,r?r-rFYsrFcs&eZdZddejffdd ZZS) CNameRecordr2r3cs2tt|tj|_||_||_||_||_ dSr4) r5rGr6rZDNS_TYPE_CNAMEr7r8r9r:r;)r<Zcnamer=r>r8r?r,r-r6fs zCNameRecord.__init__rAr,r,r?r-rGdsrGcs&eZdZddejffdd ZZS)NSRecordr2r3cs2tt|tj|_||_||_||_||_ dSr4) r5rHr6rZ DNS_TYPE_NSr7r8r9r:r;)r<Z dns_serverr=r>r8r?r,r-r6qs zNSRecord.__init__rAr,r,r?r-rHosrHcs.eZdZddddddejffdd ZZS) SOARecordr2r3iXiQic sdtt|tj|_| |_||_||_t } || _ || _ || _ || _ || _|| _|| _| |_dSr4)r5rIr6rZ DNS_TYPE_SOAr7r8r9r:soar=refreshretryexpiremnamernameminimumr;) r<rNrOr=rKrLrMrPr>r8rJr?r,r-r6|szSOARecord.__init__rAr,r,r?r-rIzs rIcs*eZdZddddejffdd ZZS) SRVRecordrdr2r3c sRtt|tj|_||_||_||_t }||_ ||_ ||_ ||_ ||_dSr4)r5rQr6rZ DNS_TYPE_SRVr7r8r9r:srvZ nameTargetZwPortZ wPriorityZwWeightr;) r<targetportZpriorityZweightr=r>r8rSr?r,r-r6szSRVRecord.__init__rAr,r,r?r-rQsrQcs&eZdZddejffdd ZZS) TXTRecordr2r3csJtt|tj|_||_||_||_t }t ||_ ||_ ||_ dSr4)r5rVr6rZ DNS_TYPE_TXTr7r8r9r:Z string_listlencountr'r;)r<Zslistr=r>r8Z stringlistr?r,r-r6s zTXTRecord.__init__rAr,r,r?r-rVsrVcs"eZdZejffdd ZZS) TypePropertycs,tt|d|_d|_tj|_||_dSNr2) r5rYr6 wDataLengthversionrZDSPROPERTY_ZONE_TYPEidr;)r< zone_typer?r,r-r6s zTypeProperty.__init__)rBrCrDrZDNS_ZONE_TYPE_PRIMARYr6rEr,r,r?r-rYsrYcs"eZdZejffdd ZZS)AllowUpdatePropertycs,tt|d|_d|_tj|_||_dSrZ) r5r_r6r[r\rZDSPROPERTY_ZONE_ALLOW_UPDATEr]r;)r< allow_updater?r,r-r6s zAllowUpdateProperty.__init__)rBrCrDrZDNS_ZONE_UPDATE_SECUREr6rEr,r,r?r-r_sr_cseZdZdfdd ZZS)SecureTimePropertyrcs,tt|d|_d|_tj|_||_dSrZ) r5rar6r[r\rZDSPROPERTY_ZONE_SECURE_TIMEr]r;)r<Z secure_timer?r,r-r6s zSecureTimeProperty.__init__)rrBrCrDr6rEr,r,r?r-rasracseZdZdfdd ZZS)NorefreshIntervalPropertyrcs,tt|d|_d|_tj|_||_dSrZ) r5rcr6r[r\rZ"DSPROPERTY_ZONE_NOREFRESH_INTERVALr]r;)r<norefresh_intervalr?r,r-r6s z"NorefreshIntervalProperty.__init__)rrbr,r,r?r-rcsrccseZdZdfdd ZZS)RefreshIntervalPropertyrcs,tt|d|_d|_tj|_||_dSrZ) r5rer6r[r\rZ DSPROPERTY_ZONE_REFRESH_INTERVALr]r;)r<refresh_intervalr?r,r-r6s z RefreshIntervalProperty.__init__)rrbr,r,r?r-resrecseZdZdfdd ZZS)AgingStatePropertyrcs,tt|d|_d|_tj|_||_dSrZ) r5rgr6r[r\rZDSPROPERTY_ZONE_AGING_STATEr]r;)r<Z aging_enabledr?r,r-r6s zAgingStateProperty.__init__)rrbr,r,r?r-rgsrgcseZdZdfdd ZZS)AgingEnabledTimePropertyrcs,tt|d|_d|_tj|_||_dSrZ) r5rhr6r[r\rZ"DSPROPERTY_ZONE_AGING_ENABLED_TIMEr]r;)r<Znext_cycle_hoursr?r,r-r6s z!AgingEnabledTimeProperty.__init__)rrbr,r,r?r-rhsrhc Csjd|}d|}t|} t|td|t| dd|tkr`t|td|t| ddt||} tt } t || } t|} t|} t|td|| | ||t| dt| ddt|td|||d |tkrft||}tt }t || }t|td|||||t| dt| ddt|td|||d dS) NzDC=DomainDnsZones,%szDC=ForestDnsZones,%sz"provision_dnszones_partitions.ldifutf8)ZONE_DNZSECDESCzprovision_dnszones_add.ldif)rjZ ZONE_GUIDZZONE_DNSCONFIGDNSERVERDNZLOSTANDFOUND_DESCRIPTORZINFRASTRUCTURE_DESCRIPTORzprovision_dnszones_modify.ldif)rkrlrj)rrrrdecoderr.r'uuidZuuid4r%DnZcanonical_ex_strstriprrr)r( domainsidr)forestdnconfigdnserverdn fill_levelZ domainzone_dnZ forestzone_dn descriptorZdomainzone_guidZdomainzone_dnsZprotected1_descZprotected2_descZforestzone_guidZforestzone_dnsr,r,r-setup_dns_partitionssb                 rwcCst|tdd|idS)Nzprovision_dns_accounts_add.ldifDOMAINDN)rr)r(r)r,r,r-add_dns_accounts-s ryFc Csvdt|i}|dur"t||d}n t||d}tt|d||f}ddg|d<t|tjd|d<||dS) NZ DnsAdminsT)name_mapzCN=MicrosoftDNS,%s,%stopZ container objectClassnTSecurityDescriptor) r'rrr%MessageroMessageElement FLAG_MOD_ADDadd) r(r)prefixZ domain_sidr/forestrzZsd_valmsgr,r,r-add_dns_container3s   rc Csi}d|d<d|d<d|d<d|d<d |d <d |d <d |d<d|d<d|d<d|d<d|d<d|d<d|d<i}d|d<d|d<d|d<d|d<d|d <d |d <d!|d<d"|d<d#|d<d$|d<d%|d<d&|d<d'|d<d(||f}tt||}g}|tttjd)|tttj d*|tt |tt |tt |tt |ttd+d,g|d-<td.tjd/|d/<t|tjd0|d0<||g}|D]"} |tt| d1d1tjd2qtt|d3|}d+d4g|d-<t|tjd5|d5<|||D]f} tt|| d1d1tjd2g}tt|d6| |f}d+d4g|d-<t|tjd5|d5<||q$dS)7Nz 198.41.0.4za.root-servers.netz192.228.79.201zb.root-servers.netz 192.33.4.12zc.root-servers.netz 199.7.91.13zd.root-servers.netz192.203.230.10ze.root-servers.netz 192.5.5.241zf.root-servers.netz 192.112.36.4zg.root-servers.netz 198.97.190.53zh.root-servers.netz 192.36.148.17zi.root-servers.netz 192.58.128.30zj.root-servers.netz 193.0.14.129zk.root-servers.netz 199.7.83.42zl.root-servers.netz 202.12.27.33zm.root-servers.netz2001:503:ba3e::2:30z2001:500:84::bz 2001:500:2::cz2001:500:2d::dz2001:500:a8::ez2001:500:2f::fz2001:500:12::d0dz2001:500:1::53z 2001:7fe::53z2001:503:c27::2:30z 2001:7fd::1z2001:500:9f::42z 2001:dc3::35z'DC=RootDNSServers,CN=MicrosoftDNS,%s,%s)r^)r`r{dnsZoner|ZZoneZcn dNSPropertyr)r=r>r8DC=@,%sdnsNode dnsRecordzDC=%s,%s)r%r~roappendrrYrZDNS_ZONE_TYPE_CACHEr_ZDNS_ZONE_UPDATE_OFFrarcrergrhrrrrHZDNS_RANK_ROOT_HINTr1) r(r)rZ rootserversZrootservers_v6 container_dnrpropsrecordZrserverr,r,r-add_rootserversDsn       rcCsd||f}g}t|d|} |t| t|} |t| |dur`t|} |t| |dur~t|} |t| tt|d|} ddg| d<t |tj d| d<| | dS)N%s.%sz hostmaster.%srr{rr|r) rIrrrHr1rFr%r~rorrr)r(rrhostname dnsdomainhostiphostip6 fqdn_hostnameZ at_recordsZ at_soa_recordZ at_ns_recordZ at_a_recordZat_aaaa_recordrr,r,r- add_at_records   rcCsVt||}tt|d||f}ddg|d<tt|tjd|d<||dSN%s,%sr{rr|r)rQr%r~rorrrr)r(rrhostrUZ srv_recordrr,r,r-add_srv_records   rcCsTt|}tt|d||f}ddg|d<tt|tjd|d<||dSr)rHr%r~rorrrrr(rrrZ ns_recordrr,r,r- add_ns_records  rcCsZt|tjd}tt|d||f}ddg|d<tt|tjd|d<| |dS)N)r8rr{rr|r) rHrZDNS_RANK_NS_GLUEr%r~rorrrrrr,r,r-add_ns_glue_records  rcCsTt|}tt|d||f}ddg|d<tt|tjd|d<||dSr)rGr%r~rorrrr)r(rrrZ cname_recordrr,r,r-add_cname_records  rc Csg}|rt|}|t||r8t|}|t||rtt|d||f}ddg|d<t|tjd|d<| |dSr) r1rrrFr%r~rorrr) r(rrrrZ host_recordsZa_recordZ aaaa_recordrr,r,r-add_host_records rc Csd|}tj||}g}|tt|tt|tt|ttdd|tt dd|tt |tt t t |d|||f} ddg| d<t t|t jd | d <t |t jd | d <|| dS) Na{O:SYG:BAD:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)(A;CIID;RPWPCRCCDCLCRCWOWDSDDTSW;;;%s)(A;CIID;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)(OA;CIID;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;CIID;LC;;;RU)(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;BA)S:AI)rd)rfDC=%s,CN=MicrosoftDNS,%s,%sr{rr|r}ZntSecurityDescriptorr)r rvZ from_sddlrrrYr_rarcrergrhr%r~rorrr) r(r)rrrqr/ZsddlZsecrrr,r,r-add_domain_records*    rc Cs6tt|d|||f}ddg|d<||dS)N"DC=_msdcs.%s,CN=MicrosoftDNS,%s,%sr{rr|)r%r~ror)r(rrr dnsforestrr,r,r-add_msdcs_records   rc Cs`d||f}t|d|||f} t|| d||||t|| d|||t|| d|dt|| d||dt|| d|dt|| d |d t|| d |d t|| d |d t|| d||d t|| d|dt|| d||dt|| d|t|| d||d t|| d||d t|| d|d t|| d|d t|| d||t|| d||dS)NrrDC=@DC=%szDC=_kerberos._tcpXzDC=_kerberos._tcp.%s._siteszDC=_kerberos._udpzDC=_kpasswd._tcpizDC=_kpasswd._udpz DC=_ldap._tcpzDC=_ldap._tcp.%s._sitesz DC=_gc._tcp zDC=_gc._tcp.%s._sitesz DC=_msdcsz&DC=_ldap._tcp.%s._sites.DomainDnsZonesz&DC=_ldap._tcp.%s._sites.ForestDnsZoneszDC=_ldap._tcp.DomainDnsZoneszDC=_ldap._tcp.ForestDnsZonesDC=DomainDnsZonesDC=ForestDnsZones)r%rorrrr) r(r)rsiterrrrrZdomain_container_dnr,r,r-add_dc_domain_recordss|       rc Csd||f} t|d|||f} t|| d||ddt|| d| dt|| d|| dt|| d| dt|| d || dt|| d || d t|| d | d t|| d | dt|| d||t|| d|| dt|| d| | dS)NrrrzDC=_kerberos._tcp.dcrzDC=_kerberos._tcp.%s._sites.dczDC=_ldap._tcp.dcrzDC=_ldap._tcp.%s._sites.dczDC=_ldap._tcp.%s._sites.gcrzDC=_ldap._tcp.gczDC=_ldap._tcp.pdczDC=gczDC=_ldap._tcp.%s.domainsr)r%rorrrr) r(rrrrrrrrr+ntdsguidrZforest_container_dnr,r,r-add_dc_msdcs_records_sN     rc Csz,ttj||ttj||Wnty>Yn0|durLd}t|td|||t|d dt ||j d|j |j fddS)zAdd DNS specific bits to a secrets database. :param secretsdb: Ldb Handle to the secrets database :param names: Names shortcut :param machinepass: Machine password Nr2zsecrets_dns.ldifzutf-8rir)REALM DNSDOMAIN DNS_KEYTABZ DNSPASS_B64ZKEY_VERSION_NUMBERHOSTNAMEDNSNAME)osunlinkpathjoinOSErrorrrrencodermr'r netbiosnamelowerr) secretsdbnames private_dir binddns_dirrealmrdns_keytab_pathdnspasskey_version_numberr,r,r-secretsdb_setup_dnss$  rcCstj|j}zt|dWnty0Yn0t|d|jdurz t |d|jt |dWn0tydtj vr| d||jfYn0dS)zWrite out a DNS zone file, from the info in the current database. :param logger: Logger object :param paths: paths object TNSAMBA_SELFTEST!Failed to chown %s to bind gid %u) rrdirnamednsshutilZrmtreermkdirbind_gidchownchmodenvironerror)loggerpathsdns_dirr,r,r-create_dns_dirs     rc Cst| tsJ|dur4d|} |d|} d|}n d} d} d}|durfd|}|d|}d|}n d}d}d}ttd |j|||||| td | | | | ||d |jdurz$t |jd |jt |jd Wn6t y dtj vr| d|j|jfYn0dS)aWrite out a DNS zone file, from the info in the current database. :param paths: paths object :param dnsdomain: DNS Domain name :param domaindn: DN of the Domain :param hostip: Local IPv4 IP :param hostip6: Local IPv6 IP :param hostname: Local hostname :param realm: Realm name :param domainguid: GUID of the domain. :param ntdsguid: GUID of the hosts nTDSDSA record. Nz IN AAAA z IN AAAA z#gc._msdcs IN AAAA z IN A z IN A z gc._msdcs IN A zprovision.zonez%Y%m%d%H) rrrZHOSTIP_BASE_LINEZHOSTIP_HOST_LINE DOMAINGUIDZ DATESTRINGZ DEFAULTSITEZNTDSGUIDZHOSTIP6_BASE_LINEZHOSTIP6_HOST_LINEZGC_MSDCS_IP_LINEZGC_MSDCS_IP6_LINErirr) isinstancer'rrrtimestrftimerrrrrrr)lprr targetdirrrrrrr+rrZhostip6_base_lineZhostip6_host_lineZgc_msdcs_ip6_lineZhostip_base_lineZhostip_host_lineZgc_msdcs_ip_liner,r,r-create_zone_filesN       rc$Cs*|j}tj|d}tj|j}tj|d} i} |jdtjddgd} | ddD]"} t |  d\} }|| | <qVt }d| dvrt | ddd}|j }tj|| |}zt| t|dd ||f}t|}|jd tjd }||dd |}tt|d }t|td|j |t ||dt|tddWn|dYn0| |=d|j }d|j }| |}| |}d}zttj||tj| |ttj||tj|||dkrttj||dtj||d|rtttj||tj|||dkrtttj||dtj||dWn ty|dYn0| |=|r| |=z~ttj|dtj|d| D]V} | | }|dkrttj||tj||nttj||tj||qWn|dYn0|j durzt!|D]\}}}|D]0} tj|| }!t"|!d|j t#|!dqh|D]<}"|"$drtj||"}#t"|#d|j t#|#dqqZWn*ty dtj%vr|dYn0ndtj%vr&|&ddS) zRCreate a copy of samdb and give write permissions to named for dns partitions z sam.ldb.dz @PARTITION partitionZ backendStorer r:wz%s://%sz @INDEXLIST)r!r"zobjectGUID: %s -rizprovision_basedn.ldif)rxrZ DOMAINSIDZ DESCRIPTORzprovision_basedn_options.ldifNz>Failed to setup database for BIND, AD based DNS cannot be usedzDC=DOMAINDNSZONES,%szDC=FORESTDNSZONES,%sz metadata.tdbZmdbz-lockzsam.ldbrr)z.ldbz.tdbzldb-lockirz9Failed to set permissions to sam.ldb* files, fix manuallyz\Unable to find group id for BIND, set permissions to sam.ldb* files manually)'rrrrrrr$r%r&r'splitupperrr)ropenclosesambaZLdbrrrrmrrrZrootdngetlinkrrrrwalkrrendswithrwarning)$r(rrrrqr+rZ samldb_dirrZdns_samldb_dirZpartfiler*tmpZncfname backend_storer)Zdomainpart_fileZdom_urlZdom_ldbZ index_resZdomainguid_lineZdescrZ domainzonednZ forestzonednZdomainzone_fileZforestzone_fileZ metadata_fileZpfilerdirsfilesdZdpathfZfpathr,r,r-create_samdb_copy s                      rcCs(ttd|jdttd|jddS)z Write out a dns_update_list filedns_update_listNspn_update_list)rrrr)rrrr,r,r-create_dns_update_listsrc Cs&ddlm}|dkrfttd|j|||jdd|ddd|j|jd ttd |jn|d kr"t j d gd t j t j dd d}t|}d}d}d} d} d} d} d} |ddkrd}n$|ddkrd}n |ddkrd} n|ddkrd} n|ddkr8d} n|ddkrRd} n|ddkrld} n|ddkr|dnj|ddkr|dnL|ddkr|dn.|ddkr|dn|d|jttd |j|jtj||| | | | | d! dS)"acWrite out a file containing zone statements suitable for inclusion in a named.conf file (including GSS-TSIG configuration). :param paths: all paths :param realm: Realm name :param dnsdomain: DNS Domain name :param dns_backend: DNS backend type :param keytab_name: File name of DNS keytab file :param logger: Logger object r)ProvisioningErrorBIND9_FLATFILEz named.confz*..r2N)rrZ ZONE_FILEZREALM_WC NAMED_CONFZNAMED_CONF_UPDATEznamed.conf.update BIND9_DLZznamed -VT)shellstdoutstderrcwd#zBIND 9.8rrzBIND 9.9z BIND 9.10z BIND 9.11z BIND 9.12z BIND 9.14z BIND 9.16zBIND 9.7z&DLZ option incompatible with BIND 9.7.z BIND_9.13z/Only stable/esv releases of BIND are supported.z BIND_9.15z BIND_9.17z0BIND version unknown, please modify %s manually.znamed.conf.dlz) rZ MODULESDIRZBIND9_8ZBIND9_9ZBIND9_10ZBIND9_11ZBIND9_12ZBIND9_14ZBIND9_16)Zsamba.provisionrrr namedconfrrrZnamedconf_update subprocessPopenPIPEZSTDOUTZ communicaterrfindrrZparamZ modules_dir)rrr dns_backendrrZ bind_infoZbind9_8Zbind9_9Zbind9_10Zbind9_11Zbind9_12Zbind9_14Zbind9_16r,r,r-create_named_confsz          rc Cs,ttd|||||tj|||ddS)abWrite out a file containing zone statements suitable for inclusion in a named.conf file (including GSS-TSIG configuration). :param path: Path of the new named.conf file. :param realm: Realm name :param dnsdomain: DNS Domain name :param binddns_dir: Path to bind dns directory :param keytab_name: File name of DNS keytab file z named.txt)rrrrZDNS_KEYTAB_ABSZ PRIVATE_DIRN)rrrrr)rrrdnsnamer keytab_namer,r,r-create_named_txts  r cCs|dvS)N)rrSAMBA_INTERNALNONEr,)rr,r,r-is_valid_dns_backendsrcCst|kotkSSr4)r r)os_levelr,r,r-is_valid_os_levelsrcCs t||d||t||ddSNz CN=System)rr)r(rqrrr/r,r,r-create_dns_legacy src Cs,t||d|||t||d|||||dSr)rr) r(rqrrrrrrrr/r,r,r-fill_dns_data_legacys   rcCsHt|||||j|j|t||d|||tkrDt||d||dddS)NrrT)r)rwrsrtrr)r(rqrr)rrr/rur,r,r-create_dns_partitionss    rTc Cst|rt||dt||d||| | r|ddS|dt||j|j}|}|j }|}|j }|j }t ||}t ||}|z|d|t||j|||tkr|d|t||j||||| | | nf|d vrX|tkrX|d t||j||||| |d t||j||||||| | ||j|| d Wn|Yn 0||d rt||||||||||| | | | ddS)aWProvision DNS information (assuming GC role) :param samdb: LDB object connected to sam.ldb file :param secretsdb: LDB object connected to secrets.ldb file :param names: Names shortcut :param paths: Paths shortcut :param lp: Loadparm object :param logger: Logger object :param dns_backend: Type of DNS backend :param os_level: Functional level (treated as os level) :param dnspass: Password for bind's DNS account :param hostip: IPv4 address :param hostip6: IPv6 address :param targetdir: Target directory for creating DNS-related files for BIND9 Invalid dns backend: %rInvalid os level: %rr z'No DNS backend set, not configuring DNSNzAdding DNS accountsz%Creating CN=MicrosoftDNS,CN=System,%sz'Populating CN=MicrosoftDNS,CN=System,%s)r rz5Creating DomainDnsZones and ForestDnsZones partitionsz7Populating DomainDnsZones and ForestDnsZones partitions)ruBIND9_)rrrrrr)r Exceptionrinforyr)Zget_root_basednZget_linearizedrrZsitenamerr0r.Ztransaction_startrrqr rr rrrZtransaction_cancelZtransaction_commit startswithsetup_bind9_dns)r(rrrrrrrrrrrrurr)rrrrrrr/r+r,r,r- setup_ad_dnsYsb                 rcCs$t|r|dstd|t|s2td||j}t||}t|||j|j|j |j |j | | d t |||dkrt |||| ||j | | |j|j ||jd |dkr|tkrt|||||j|t||j |j ||dt|j|j |j d |j|j f|j|j d |d |j|d |jd S)aProvision DNS information (assuming BIND9 backend in DC role) :param samdb: LDB object connected to sam.ldb file :param secretsdb: LDB object connected to secrets.ldb file :param names: Names shortcut :param paths: Paths shortcut :param lp: Loadparm object :param logger: Logger object :param dns_backend: Type of DNS backend :param os_level: Functional level (treated as os level) :param site: Site to create hostnames in :param dnspass: Password for bind's DNS account :param hostip: IPv4 address :param hostip6: IPv6 address :param targetdir: Target directory for creating DNS-related files for BIND9 rrr)rrrrrr)rrrrrrr+rr)rrrrr)rrr rr z9See %s for an example configuration include file for BINDz@and %s for further documentation required for secure DNS updatesN)rrrrr)r.rrrrrZ dns_keytabrrrrr rrqrr Znamedtxtrr)r(rrrrrrrrrrrrrrr)r+r,r,r-rsX     r)F)NNNNNNN)___doc__rrnrrr%base64rrrZsamba.tdb_utilrZsamba.mdb_utilrZ samba.ndrrrrZ samba.dcerpcrr r Z samba.dsdbr r r rrZsamba.descriptorrrrrrrZsamba.provision.commonrrrrrrrrZ samba.samdbrZ samba.compatrr.r0ZDnssrvRpcRecordr1rFrGrHrIrQrVZ DnsPropertyrYr_rarcrergrhrwryrrrrrrrrrrrrrrrrrrr rrrrrrrrr,r,r,r-s     (             : G"]5> Q  1 f