from samba.samdb import get_default_backend_store
+
def get_domainguid(samdb, domaindn):
res = samdb.search(base=domaindn, scope=ldb.SCOPE_BASE, attrs=["objectGUID"])
- domainguid = str(ndr_unpack(misc.GUID, res[0]["objectGUID"][0]))
+ domainguid = str(ndr_unpack(misc.GUID, res[0]["objectGUID"][0]))
return domainguid
class SRVRecord(dnsp.DnssrvRpcRecord):
def __init__(self, target, port, priority=0, weight=100, serial=1, ttl=900,
- rank=dnsp.DNS_RANK_ZONE):
+ rank=dnsp.DNS_RANK_ZONE):
super(SRVRecord, self).__init__()
self.wType = dnsp.DNS_TYPE_SRV
self.rank = rank
setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
"ZONE_DN": domainzone_dn,
- "SECDESC" : b64encode(descriptor).decode('utf8')
+ "SECDESC": b64encode(descriptor).decode('utf8')
})
if fill_level != FILL_SUBDOMAIN:
setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
"ZONE_DN": forestzone_dn,
- "SECDESC" : b64encode(descriptor).decode('utf8')
+ "SECDESC": b64encode(descriptor).decode('utf8')
})
domainzone_guid = get_domainguid(samdb, domainzone_dn)
# CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
msg = ldb.Message(ldb.Dn(samdb, "CN=MicrosoftDNS,%s,%s" % (prefix, domaindn)))
msg["objectClass"] = ["top", "container"]
- msg["nTSecurityDescriptor"] = ldb.MessageElement(sd_val, ldb.FLAG_MOD_ADD,
- "nTSecurityDescriptor")
+ msg["nTSecurityDescriptor"] = \
+ ldb.MessageElement(sd_val, ldb.FLAG_MOD_ADD,
+ "nTSecurityDescriptor")
samdb.add(msg)
for rserver in rootservers:
record = [ndr_pack(ARecord(rootservers[rserver], serial=0, ttl=0, rank=dnsp.DNS_RANK_ROOT_HINT))]
# Add AAAA record as well (How does W2K* add IPv6 records?)
- #if rserver in rootservers_v6:
+ # if rserver in rootservers_v6:
# record.append(ndr_pack(AAAARecord(rootservers_v6[rserver], serial=0, ttl=0)))
msg = ldb.Message(ldb.Dn(samdb, "DC=%s,%s" % (rserver, container_dn)))
msg["objectClass"] = ["top", "dnsNode"]
msg["dnsRecord"] = ldb.MessageElement(record, ldb.FLAG_MOD_ADD, "dnsRecord")
samdb.add(msg)
+
def add_at_record(samdb, container_dn, prefix, hostname, dnsdomain, hostip, hostip6):
fqdn_hostname = "%s.%s" % (hostname, dnsdomain)
props.append(ndr_pack(AgingEnabledTimeProperty()))
msg = ldb.Message(ldb.Dn(samdb, "DC=%s,CN=MicrosoftDNS,%s,%s" % (dnsdomain, prefix, domaindn)))
msg["objectClass"] = ["top", "dnsZone"]
- msg["ntSecurityDescriptor"] = ldb.MessageElement(ndr_pack(sec), ldb.FLAG_MOD_ADD,
- "nTSecurityDescriptor")
+ msg["ntSecurityDescriptor"] = \
+ ldb.MessageElement(ndr_pack(sec),
+ ldb.FLAG_MOD_ADD,
+ "nTSecurityDescriptor")
msg["dNSProperty"] = ldb.MessageElement(props, ldb.FLAG_MOD_ADD, "dNSProperty")
samdb.add(msg)
def add_dc_domain_records(samdb, domaindn, prefix, site, dnsdomain, hostname,
- hostip, hostip6):
+ hostip, hostip6):
fqdn_hostname = "%s.%s" % (hostname, dnsdomain)
# Set up domain container - DC=<DNSDOMAIN>,CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
domain_container_dn = ldb.Dn(samdb, "DC=%s,CN=MicrosoftDNS,%s,%s" %
- (dnsdomain, prefix, domaindn))
+ (dnsdomain, prefix, domaindn))
# DC=@ record
add_at_record(samdb, domain_container_dn, "DC=@", hostname, dnsdomain,
- hostip, hostip6)
+ hostip, hostip6)
# DC=<HOSTNAME> record
add_host_record(samdb, domain_container_dn, "DC=%s" % hostname, hostip,
- hostip6)
+ hostip6)
# DC=_kerberos._tcp record
add_srv_record(samdb, domain_container_dn, "DC=_kerberos._tcp",
- fqdn_hostname, 88)
+ fqdn_hostname, 88)
# DC=_kerberos._tcp.<SITENAME>._sites record
add_srv_record(samdb, domain_container_dn, "DC=_kerberos._tcp.%s._sites" %
- site, fqdn_hostname, 88)
+ site, fqdn_hostname, 88)
# DC=_kerberos._udp record
add_srv_record(samdb, domain_container_dn, "DC=_kerberos._udp",
- fqdn_hostname, 88)
+ fqdn_hostname, 88)
# DC=_kpasswd._tcp record
add_srv_record(samdb, domain_container_dn, "DC=_kpasswd._tcp",
- fqdn_hostname, 464)
+ fqdn_hostname, 464)
# DC=_kpasswd._udp record
add_srv_record(samdb, domain_container_dn, "DC=_kpasswd._udp",
- fqdn_hostname, 464)
+ fqdn_hostname, 464)
# DC=_ldap._tcp record
add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp", fqdn_hostname,
- 389)
+ 389)
# DC=_ldap._tcp.<SITENAME>._sites record
add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.%s._sites" %
- site, fqdn_hostname, 389)
+ site, fqdn_hostname, 389)
# FIXME: The number of SRV records depend on the various roles this DC has.
# _gc and _msdcs records are added if the we are the forest dc and not subdomain dc
# DC=_gc._tcp record
add_srv_record(samdb, domain_container_dn, "DC=_gc._tcp", fqdn_hostname,
- 3268)
+ 3268)
# DC=_gc._tcp.<SITENAME>,_sites record
add_srv_record(samdb, domain_container_dn, "DC=_gc._tcp.%s._sites" % site,
- fqdn_hostname, 3268)
+ fqdn_hostname, 3268)
# DC=_msdcs record
add_ns_glue_record(samdb, domain_container_dn, "DC=_msdcs", fqdn_hostname)
# DC=_ldap._tcp.<SITENAME>._sites.DomainDnsZones
add_srv_record(samdb, domain_container_dn,
- "DC=_ldap._tcp.%s._sites.DomainDnsZones" % site, fqdn_hostname,
- 389)
+ "DC=_ldap._tcp.%s._sites.DomainDnsZones" % site, fqdn_hostname,
+ 389)
# DC=_ldap._tcp.<SITENAME>._sites.ForestDnsZones
add_srv_record(samdb, domain_container_dn,
- "DC=_ldap._tcp.%s._sites.ForestDnsZones" % site, fqdn_hostname,
- 389)
+ "DC=_ldap._tcp.%s._sites.ForestDnsZones" % site, fqdn_hostname,
+ 389)
# DC=_ldap._tcp.DomainDnsZones
add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.DomainDnsZones",
- fqdn_hostname, 389)
+ fqdn_hostname, 389)
# DC=_ldap._tcp.ForestDnsZones
add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.ForestDnsZones",
- fqdn_hostname, 389)
+ fqdn_hostname, 389)
# DC=DomainDnsZones
add_host_record(samdb, domain_container_dn, "DC=DomainDnsZones", hostip,
- hostip6)
+ hostip6)
# DC=ForestDnsZones
add_host_record(samdb, domain_container_dn, "DC=ForestDnsZones", hostip,
- hostip6)
+ hostip6)
def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname,
- hostip, hostip6, domainguid, ntdsguid):
+ hostip, hostip6, domainguid, ntdsguid):
fqdn_hostname = "%s.%s" % (hostname, dnsforest)
# Set up forest container - DC=<DNSDOMAIN>,CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
forest_container_dn = ldb.Dn(samdb, "DC=_msdcs.%s,CN=MicrosoftDNS,%s,%s" %
- (dnsforest, prefix, forestdn))
+ (dnsforest, prefix, forestdn))
# DC=@ record
add_at_record(samdb, forest_container_dn, "DC=@", hostname, dnsforest,
- None, None)
+ None, None)
# DC=_kerberos._tcp.dc record
add_srv_record(samdb, forest_container_dn, "DC=_kerberos._tcp.dc",
- fqdn_hostname, 88)
+ fqdn_hostname, 88)
# DC=_kerberos._tcp.<SITENAME>._sites.dc record
add_srv_record(samdb, forest_container_dn,
- "DC=_kerberos._tcp.%s._sites.dc" % site, fqdn_hostname, 88)
+ "DC=_kerberos._tcp.%s._sites.dc" % site, fqdn_hostname, 88)
# DC=_ldap._tcp.dc record
add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.dc",
- fqdn_hostname, 389)
+ fqdn_hostname, 389)
# DC=_ldap._tcp.<SITENAME>._sites.dc record
add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.%s._sites.dc" %
- site, fqdn_hostname, 389)
+ site, fqdn_hostname, 389)
# DC=_ldap._tcp.<SITENAME>._sites.gc record
add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.%s._sites.gc" %
- site, fqdn_hostname, 3268)
+ site, fqdn_hostname, 3268)
# DC=_ldap._tcp.gc record
add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.gc",
- fqdn_hostname, 3268)
+ fqdn_hostname, 3268)
# DC=_ldap._tcp.pdc record
add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.pdc",
- fqdn_hostname, 389)
+ fqdn_hostname, 389)
# DC=gc record
add_host_record(samdb, forest_container_dn, "DC=gc", hostip, hostip6)
# DC=_ldap._tcp.<DOMAINGUID>.domains record
add_srv_record(samdb, forest_container_dn,
- "DC=_ldap._tcp.%s.domains" % domainguid, fqdn_hostname, 389)
+ "DC=_ldap._tcp.%s.domains" % domainguid, fqdn_hostname, 389)
# DC=<NTDSGUID>
add_cname_record(samdb, forest_container_dn, "DC=%s" % ntdsguid,
- fqdn_hostname)
+ fqdn_hostname)
def secretsdb_setup_dns(secretsdb, names, private_dir, binddns_dir, realm,
"DNSPASS_B64": b64encode(dnspass.encode('utf-8')).decode('utf8'),
"KEY_VERSION_NUMBER": str(key_version_number),
"HOSTNAME": names.hostname,
- "DNSNAME" : '%s.%s' % (
+ "DNSNAME": '%s.%s' % (
names.netbiosname.lower(), names.dnsdomain.lower())
})
domainguid_line = "objectGUID: %s\n-" % domainguid
descr = b64encode(get_domain_descriptor(domainsid)).decode('utf8')
setup_add_ldif(dom_ldb, setup_path("provision_basedn.ldif"), {
- "DOMAINDN" : names.domaindn,
- "DOMAINGUID" : domainguid_line,
- "DOMAINSID" : str(domainsid),
- "DESCRIPTOR" : descr})
+ "DOMAINDN": names.domaindn,
+ "DOMAINGUID": domainguid_line,
+ "DOMAINSID": str(domainsid),
+ "DESCRIPTOR": descr})
setup_add_ldif(dom_ldb,
- setup_path("provision_basedn_options.ldif"), None)
+ setup_path("provision_basedn_options.ldif"), None)
except:
logger.error(
metadata_file = "metadata.tdb"
try:
os.link(os.path.join(samldb_dir, metadata_file),
- os.path.join(dns_samldb_dir, metadata_file))
+ os.path.join(dns_samldb_dir, metadata_file))
os.link(os.path.join(private_dir, domainzone_file),
- os.path.join(dns_dir, domainzone_file))
+ os.path.join(dns_dir, domainzone_file))
if forestzone_file:
os.link(os.path.join(private_dir, forestzone_file),
os.path.join(dns_dir, forestzone_file))
pfile = partfile[nc]
if backend_store == "mdb":
mdb_copy(os.path.join(private_dir, pfile),
- os.path.join(dns_dir, pfile))
+ os.path.join(dns_dir, pfile))
else:
tdb_copy(os.path.join(private_dir, pfile),
- os.path.join(dns_dir, pfile))
+ os.path.join(dns_dir, pfile))
except:
logger.error(
"Failed to setup database for BIND, AD based DNS cannot be used")
def create_named_txt(path, realm, dnsdomain, dnsname, binddns_dir,
- keytab_name):
+ keytab_name):
"""Write out a file containing zone statements suitable for inclusion in a
named.conf file (including GSS-TSIG configuration).
dnsadmins_sid, fill_level):
# Set up additional partitions (DomainDnsZones, ForstDnsZones)
setup_dns_partitions(samdb, domainsid, domaindn, forestdn,
- names.configdn, names.serverdn, fill_level)
+ names.configdn, names.serverdn, fill_level)
# Set up MicrosoftDNS containers
add_dns_container(samdb, domaindn, "DC=DomainDnsZones", domainsid,
:param autofill: Create DNS records (using fixed template)
"""
- ##### Set up DC=DomainDnsZones,<DOMAINDN>
+ # Set up DC=DomainDnsZones,<DOMAINDN>
# Add rootserver records
if add_root:
add_rootservers(samdb, domaindn, "DC=DomainDnsZones")
dnsdomain, hostname, hostip, hostip6)
if fill_level != FILL_SUBDOMAIN:
- ##### Set up DC=ForestDnsZones,<FORESTDN>
+ # Set up DC=ForestDnsZones,<FORESTDN>
# Add _msdcs record
add_msdcs_record(samdb, forestdn, "DC=ForestDnsZones", dnsforest)
def setup_ad_dns(samdb, secretsdb, names, paths, lp, logger,
- dns_backend, os_level, dnspass=None, hostip=None, hostip6=None,
- targetdir=None, fill_level=FILL_FULL, backend_store=None):
+ dns_backend, os_level, dnspass=None, hostip=None, hostip6=None,
+ targetdir=None, fill_level=FILL_FULL, backend_store=None):
"""Provision DNS information (assuming GC role)
:param samdb: LDB object connected to sam.ldb file
def setup_bind9_dns(samdb, secretsdb, names, paths, lp, logger,
- dns_backend, os_level, site=None, dnspass=None, hostip=None,
- hostip6=None, targetdir=None, key_version_number=None,
- backend_store=None):
+ dns_backend, os_level, site=None, dnspass=None, hostip=None,
+ hostip6=None, targetdir=None, key_version_number=None,
+ backend_store=None):
"""Provision DNS information (assuming BIND9 backend in DC role)
:param samdb: LDB object connected to sam.ldb file
create_named_txt(paths.namedtxt,
realm=names.realm, dnsdomain=names.dnsdomain,
- dnsname = "%s.%s" % (names.hostname, names.dnsdomain),
+ dnsname="%s.%s" % (names.hostname, names.dnsdomain),
binddns_dir=paths.binddns_dir,
keytab_name=paths.dns_keytab)
logger.info("See %s for an example configuration include file for BIND",