path: root/python/samba/join.py

# python join code
# Copyright Andrew Tridgell 2010
# Copyright Andrew Bartlett 2010
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

from __future__ import print_function
"""Joining a domain."""

from samba.auth import system_session
from samba.samdb import SamDB
from samba import gensec, Ldb, drs_utils, arcfour_encrypt, string_to_byte_array
import ldb, samba, sys, uuid
from samba.ndr import ndr_pack, ndr_unpack
from samba.dcerpc import security, drsuapi, misc, nbt, lsa, drsblobs, dnsserver, dnsp
from samba.dsdb import DS_DOMAIN_FUNCTION_2003
from samba.credentials import Credentials, DONT_USE_KERBEROS
from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN
from samba.provision.common import setup_path
from samba.schema import Schema
from samba import descriptor
from samba.net import Net
from samba.provision.sambadns import setup_bind9_dns
from samba import read_and_sub_file
from samba import werror
from base64 import b64encode
from samba import WERRORError, NTSTATUSError
from samba.dnsserver import ARecord, AAAARecord, PTRRecord, CNameRecord, NSRecord, MXRecord, SOARecord, SRVRecord, TXTRecord
from samba import sd_utils
import logging
import talloc
import random
import time

class DCJoinException(Exception):

    def __init__(self, msg):
        super(DCJoinException, self).__init__("Can't join, error: %s" % msg)


class dc_join(object):
    """Perform a DC join."""

    def __init__(ctx, logger=None, server=None, creds=None, lp=None, site=None,
                 netbios_name=None, targetdir=None, domain=None,
                 machinepass=None, use_ntvfs=False, dns_backend=None,
                 promote_existing=False, clone_only=False,
                 plaintext_secrets=False):
        if site is None:
            site = "Default-First-Site-Name"

        ctx.clone_only=clone_only

        ctx.logger = logger
        ctx.creds = creds
        ctx.lp = lp
        ctx.site = site
        ctx.targetdir = targetdir
        ctx.use_ntvfs = use_ntvfs
        ctx.plaintext_secrets = plaintext_secrets

        ctx.promote_existing = promote_existing
        ctx.promote_from_dn = None

        ctx.nc_list = []
        ctx.full_nc_list = []

        ctx.creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
        ctx.net = Net(creds=ctx.creds, lp=ctx.lp)

        if server is not None:
            ctx.server = server
        else:
            ctx.logger.info("Finding a writeable DC for domain '%s'" % domain)
            ctx.server = ctx.find_dc(domain)
            ctx.logger.info("Found DC %s" % ctx.server)

        ctx.samdb = SamDB(url="ldap://%s" % ctx.server,
                          session_info=system_session(),
                          credentials=ctx.creds, lp=ctx.lp)

        try:
            ctx.samdb.search(scope=ldb.SCOPE_ONELEVEL, attrs=["dn"])
        except ldb.LdbError as e4:
            (enum, estr) = e4.args
            raise DCJoinException(estr)


        ctx.base_dn = str(ctx.samdb.get_default_basedn())
        ctx.root_dn = str(ctx.samdb.get_root_basedn())
        ctx.schema_dn = str(ctx.samdb.get_schema_basedn())
        ctx.config_dn = str(ctx.samdb.get_config_basedn())
        ctx.domsid = security.dom_sid(ctx.samdb.get_domain_sid())
        ctx.forestsid = ctx.domsid
        ctx.domain_name = ctx.get_domain_name()
        ctx.forest_domain_name = ctx.get_forest_domain_name()
        ctx.invocation_id = misc.GUID(str(uuid.uuid4()))

        ctx.dc_ntds_dn = ctx.samdb.get_dsServiceName()
        ctx.dc_dnsHostName = ctx.get_dnsHostName()
        ctx.behavior_version = ctx.get_behavior_version()

        if machinepass is not None:
            ctx.acct_pass = machinepass
        else:
            ctx.acct_pass = samba.generate_random_machine_password(128, 255)

        ctx.dnsdomain = ctx.samdb.domain_dns_name()
        if clone_only:
            # As we don't want to create or delete these DNs, we set them to None
            ctx.server_dn = None
            ctx.ntds_dn = None
            ctx.acct_dn = None
            ctx.myname = ctx.server.split('.')[0]
            ctx.ntds_guid = None
            ctx.rid_manager_dn = None

            # Save this early
            ctx.remote_dc_ntds_guid = ctx.samdb.get_ntds_GUID()
        else:
            # work out the DNs of all the objects we will be adding
            ctx.myname = netbios_name
            ctx.samname = "%s$" % ctx.myname
            ctx.server_dn = "CN=%s,CN=Servers,CN=%s,CN=Sites,%s" % (ctx.myname, ctx.sit