2018-12-11 12:23:17 +13:00
#!/usr/bin/env python3
2011-04-26 00:04:32 +04:00
# vim: expandtab
#
# Copyright (C) Matthieu Patou <mat@matws.net> 2011
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import optparse
import sys
# Allow to run from s4 source directory (without installing samba)
sys.path.insert(0, "bin/python")
import ldb
import samba
import samba.getopt as options
import os
from samba.credentials import DONT_USE_KERBEROS
from samba.auth import system_session
from samba import param
from samba.provision import find_provision_key_parameters, secretsdb_self_join
from samba.upgradehelpers import get_ldbs, get_paths
__docformat__ = "restructuredText"
parser = optparse.OptionParser("provision [options]")
sambaopts = options.SambaOptions(parser)
parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
parser.add_option("--oldname",
help="Old DC name")
parser.add_option("--newname",
help="New DC name")
opts = parser.parse_args()[0]
if len(sys.argv) == 1:
opts.interactive = True
lp = sambaopts.get_loadparm()
smbconf = lp.configfile
creds = credopts.get_credentials(lp)
creds.set_kerberos_state(DONT_USE_KERBEROS)
if __name__ == '__main__':
global defSDmodified
defSDmodified = False
# 1) First get files paths
paths = get_paths(param, smbconf=smbconf)
# Get ldbs with the system session, it is needed for searching
# provision parameters
session = system_session()
ldbs = get_ldbs(paths, creds, session, lp)
ldbs.sam.transaction_start()
ldbs.secrets.transaction_start()
if opts.oldname is None or opts.newname is None:
raise Exception("Option oldname or newname is missing")
res = ldbs.sam.search(expression="(&(name=%s)(serverReferenceBL=*))" % opts.oldname)
2015-02-23 16:10:31 +13:00
if len(res) != 1:
raise Exception("Wrong number of result returned (%d), are you sure of the old name %s" %
(len(res), opts.oldname))
2011-04-26 00:04:32 +04:00
# Ok got it then check that the new name is not used as well
res2 = ldbs.sam.search(expression="(&(name=%s)(objectclass=computer))" % opts.newname)
if len(res2) != 0:
raise Exception("Seems that %s is a name that already exists, pick another one" %
2015-02-23 16:10:31 +13:00
opts.newname)
2011-04-26 00:04:32 +04:00
names = find_provision_key_parameters(ldbs.sam, ldbs.secrets, ldbs.idmap,
paths, smbconf, lp)
2011-07-17 13:28:21 +02:00
# First rename the entry
2011-04-26 00:04:32 +04:00
# provision put the name in upper case so let's do it too !
2015-02-23 16:10:31 +13:00
newdn = ldb.Dn(ldbs.sam, str(res[0].dn))
newdn.set_component(0, "cn", opts.newname.upper())
ldbs.sam.rename(res[0].dn, newdn)
2011-04-26 00:04:32 +04:00
# Then change password and samaccountname and dnshostname
2015-02-23 16:10:31 +13:00
msg = ldb.Message(newdn)
2021-02-24 02:03:25 +13:00
machinepass = samba.generate_random_machine_password(120, 120)
2011-04-26 00:04:32 +04:00
mputf16 = machinepass.encode('utf-16-le')
account = "%s$" % opts.newname.upper()
msg["clearTextPassword"] = ldb.MessageElement(mputf16,
ldb.FLAG_MOD_REPLACE,
"clearTextPassword")
msg["sAMAccountName"] = ldb.MessageElement(account,
ldb.FLAG_MOD_REPLACE,
"sAMAccountName")
msg["dNSHostName"] = ldb.MessageElement("%s.%s" % (opts.newname,
names.dnsdomain),
ldb.FLAG_MOD_REPLACE,
"dNSHostName")
ldbs.sam.modify(msg)
# Do a self join one more time to resync the secrets file
2015-02-23 16:10:31 +13:00
res = ldbs.sam.search(base=newdn, scope=ldb.SCOPE_BASE,
attrs=["msDs-keyVersionNumber", "serverReferenceBL"])
2011-04-26 00:04:32 +04:00
assert(len(res) == 1)
kvno = int(str(res[0]["msDs-keyVersionNumber"]))
serverbldn = ldb.Dn(ldbs.sam, str(res[0]["serverReferenceBL"]))
secrets_msg = ldbs.secrets.search(expression="sAMAccountName=%s$" %
opts.oldname.upper(),
attrs=["secureChannelType"])
secChanType = int(secrets_msg[0]["secureChannelType"][0])
secretsdb_self_join(ldbs.secrets, domain=names.domain,
realm=names.realm,
domainsid=names.domainsid,
dnsdomain=names.dnsdomain,
netbiosname=opts.newname.upper(),
machinepass=machinepass,
key_version_number=kvno,
secure_channel_type=secChanType)
2015-02-23 16:10:31 +13:00
# Update RID set reference so we don't have to runtime fixup until the next dbcheck as there is no back link.
2011-04-26 00:04:32 +04:00
2015-02-23 16:10:31 +13:00
res = ldbs.sam.search(expression="(objectClass=rIDSet)", base=newdn, scope=ldb.SCOPE_ONELEVEL, attrs=[])
2011-04-26 00:04:32 +04:00
assert(len(res) == 1)
newridset = str(res[0].dn)
2015-02-23 16:10:31 +13:00
msg = ldb.Message(newdn)
2011-04-26 00:04:32 +04:00
msg["rIDSetReferences"] = ldb.MessageElement(newridset,
ldb.FLAG_MOD_REPLACE,
"rIDSetReferences")
ldbs.sam.modify(msg)
# Update the server's sites configuration
2015-02-23 16:10:31 +13:00
newserverrefdn = ldb.Dn(ldbs.sam, str(serverbldn))
newserverrefdn.set_component(0, "cn", opts.newname.upper())
ldbs.sam.rename(serverbldn, newserverrefdn)
msg = ldb.Message(newserverrefdn)
msg["dNSHostName"] = ldb.MessageElement("%s.%s" % (opts.newname,
names.dnsdomain),
ldb.FLAG_MOD_REPLACE,
"dNSHostName")
ldbs.sam.modify(msg)
2011-04-26 00:04:32 +04:00
try:
ldbs.sam.transaction_prepare_commit()
ldbs.secrets.transaction_prepare_commit()
except Exception:
ldbs.sam.rollback()
ldbs.secrets.rollback()
2015-02-23 16:10:31 +13:00
raise
2011-04-26 00:04:32 +04:00
try:
ldbs.sam.transaction_commit()
ldbs.secrets.transaction_commit()
except Exception:
ldbs.sam.rollback()
ldbs.secrets.rollback()
2015-02-23 16:10:31 +13:00
raise
2011-04-26 00:04:32 +04:00
# All good so far
#print lp.get("private dir")
cf = open(lp.configfile)
ncfname = "%s.new" % lp.configfile
newconf = open(ncfname, 'w')
for l in cf.readlines():
if l.find("netbios name") > 0:
newconf.write("\tnetbios name = %s\n" % opts.newname.upper())
else:
newconf.write(l)
newconf.close()
cf.close()
os.rename(ncfname, lp.configfile)