s4-provision Add an invalid names check for 'domain == netbiosname'
[nivanova/samba-autobuild/.git] / source4 / scripting / python / samba / join.py
index 091b58c4301b2e4c795fd3a77f97046728245b7d..60f3ac305bce40ca3fcd01660c3e33eee8a9219b 100644 (file)
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
-import samba.getopt as options
+"""Joining a domain."""
+
 from samba.auth import system_session
 from samba.samdb import SamDB
-from samba import gensec, Ldb, drs_utils, dsdb
+from samba import gensec, Ldb, drs_utils
 import ldb, samba, sys, os, uuid
-from samba.ndr import ndr_pack, ndr_unpack, ndr_print
-from samba.dcerpc import security, drsuapi, misc, netlogon, nbt
+from samba.ndr import ndr_pack
+from samba.dcerpc import security, drsuapi, misc, nbt
 from samba.credentials import Credentials, DONT_USE_KERBEROS
 from samba.provision import secretsdb_self_join, provision, FILL_DRS, find_setup_dir
 from samba.schema import Schema
@@ -119,14 +120,14 @@ class dc_join:
         if recursive:
             try:
                 res = ctx.samdb.search(base=dn, scope=ldb.SCOPE_ONELEVEL, attrs=["dn"])
-            except:
+            except Exception:
                 return
             for r in res:
                 ctx.del_noerror(r.dn, recursive=True)
         try:
             ctx.samdb.delete(dn)
             print "Deleted %s" % dn
-        except:
+        except Exception:
             pass
 
     def cleanup_old_join(ctx):
@@ -150,16 +151,15 @@ class dc_join:
             if res:
                 ctx.new_krbtgt_dn = res[0]["msDS-Krbtgtlink"][0]
                 ctx.del_noerror(ctx.new_krbtgt_dn)
-        except:
+        except Exception:
             pass
 
     def find_dc(ctx, domain):
         '''find a writeable DC for the given domain'''
         try:
             ctx.cldap_ret = ctx.net.finddc(domain, nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)
-        except Exception, reason:
-            print("Failed to find a writeable DC for domain '%s': %s" % (domain, reason))
-            sys.exit(1)
+        except Exception:
+            raise Exception("Failed to find a writeable DC for domain '%s'" % domain)
         if ctx.cldap_ret.client_site is not None and ctx.cldap_ret.client_site != "":
             ctx.site = ctx.cldap_ret.client_site
         return ctx.cldap_ret.pdc_dns_name
@@ -198,8 +198,10 @@ class dc_join:
         '''check if a DN exists'''
         try:
             res = ctx.samdb.search(base=dn, scope=ldb.SCOPE_BASE, attrs=[])
-        except ldb.LdbError, (ERR_NO_SUCH_OBJECT, _):
-            return False
+        except ldb.LdbError, (enum, estr):
+            if enum == ldb.ERR_NO_SUCH_OBJECT:
+                return False
+            raise
         return True
 
     def add_krbtgt_account(ctx):
@@ -309,7 +311,7 @@ class dc_join:
             "objectClass": "computer",
             "displayname": ctx.samname,
             "samaccountname" : ctx.samname,
-            "userAccountControl" : str(ctx.userAccountControl),
+            "userAccountControl" : str(ctx.userAccountControl | samba.dsdb.UF_ACCOUNTDISABLE),
             "dnshostname" : ctx.dnshostname}
         if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2008:
             rec['msDS-SupportedEncryptionTypes'] = str(samba.dsdb.ENC_ALL_TYPES)
@@ -343,7 +345,7 @@ class dc_join:
             "systemFlags" : str(samba.dsdb.SYSTEM_FLAG_DISALLOW_MOVE_ON_DELETE),
             "dMDLocation" : ctx.schema_dn}
 
-        if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2008:
+        if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
             rec["msDS-Behavior-Version"] = str(ctx.behavior_version)
 
         if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2003:
@@ -404,6 +406,13 @@ class dc_join:
         res = ctx.samdb.search(base=ctx.acct_dn, scope=ldb.SCOPE_BASE, attrs=["msDS-keyVersionNumber"])
         ctx.key_version_number = int(res[0]["msDS-keyVersionNumber"][0])
 
+        print("Enabling account")
+        m = ldb.Message()
+        m.dn = ldb.Dn(ctx.samdb, ctx.acct_dn)
+        m["userAccountControl"] = ldb.MessageElement(str(ctx.userAccountControl),
+                                                     ldb.FLAG_MOD_REPLACE,
+                                                     "userAccountControl")
+        ctx.samdb.modify(m)
 
     def join_provision(ctx):
         '''provision the local SAM'''
@@ -498,7 +507,7 @@ class dc_join:
             ctx.join_provision()
             ctx.join_replicate()
             ctx.join_finalise()
-        except:
+        except Exception:
             print "Join failed - cleaning up"
             ctx.cleanup_old_join()
             raise
@@ -538,7 +547,8 @@ def join_RODC(server=None, creds=None, lp=None, site=None, netbios_name=None,
                            drsuapi.DRSUAPI_DRS_PER_SYNC |
                            drsuapi.DRSUAPI_DRS_GET_ANC |
                            drsuapi.DRSUAPI_DRS_NEVER_SYNCED |
-                           drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING)
+                           drsuapi.DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING |
+                           drsuapi.DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP)
     ctx.do_join()