/*
 *	IPv6 fragment reassembly
 *	Linux INET6 implementation 
 *
 *	Authors:
 *	Pedro Roque		<roque@di.fc.ul.pt>	
 *
 *	$Id: reassembly.c,v 1.26 2001/03/07 22:00:57 davem Exp $
 *
 *	Based on: net/ipv4/ip_fragment.c
 *
 *	This program is free software; you can redistribute it and/or
 *      modify it under the terms of the GNU General Public License
 *      as published by the Free Software Foundation; either version
 *      2 of the License, or (at your option) any later version.
 */

/* 
 *	Fixes:	
 *	Andi Kleen	Make it work with multiple hosts.
 *			More RFC compliance.
 *
 *      Horst von Brand Add missing #include <linux/string.h>
 *	Alexey Kuznetsov	SMP races, threading, cleanup.
 *	Patrick McHardy		LRU queue of frag heads for evictor.
 *	Mitsuru KANDA @USAGI	Register inet6_protocol{}.
 *	David Stevens and
 *	YOSHIFUJI,H. @USAGI	Always remove fragment header to
 *				calculate ICV correctly.
 */
#include <linux/errno.h>
#include <linux/types.h>
#include <linux/string.h>
#include <linux/socket.h>
#include <linux/sockios.h>
#include <linux/jiffies.h>
#include <linux/net.h>
#include <linux/list.h>
#include <linux/netdevice.h>
#include <linux/in6.h>
#include <linux/ipv6.h>
#include <linux/icmpv6.h>
#include <linux/random.h>
#include <linux/jhash.h>

#include <net/sock.h>
#include <net/snmp.h>

#include <net/ipv6.h>
#include <net/ip6_route.h>
#include <net/protocol.h>
#include <net/transp_v6.h>
#include <net/rawv6.h>
#include <net/ndisc.h>
#include <net/addrconf.h>

int sysctl_ip6frag_high_thresh __read_mostly = 256*1024;
int sysctl_ip6frag_low_thresh __read_mostly = 192*1024;

int sysctl_ip6frag_time __read_mostly = IPV6_FRAG_TIMEOUT;

struct ip6frag_skb_cb
{
	struct inet6_skb_parm	h;
	int			offset;
};

#define FRAG6_CB(skb)	((struct ip6frag_skb_cb*)((skb)->cb))


/*
 *	Equivalent of ipv4 struct ipq
 */

struct frag_queue
{
	struct hlist_node	list;
	struct list_head lru_list;		/* lru list member	*/

	__be32			id;		/* fragment id		*/
	struct in6_addr		saddr;
	struct in6_addr		daddr;

	spinlock_t		lock;
	atomic_t		refcnt;
	struct timer_list	timer;		/* expire timer		*/
	struct sk_buff		*fragments;
	int			len;
	int			meat;
	int			iif;
	struct timeval		stamp;
	unsigned int		csum;
	__u8			last_in;	/* has first/last segment arrived? */
#define COMPLETE		4
#define FIRST_IN		2
#define LAST_IN			1
	__u16			nhoffset;
};

/* Hash table. */

#define IP6Q_HASHSZ	64

static struct hlist_head ip6_frag_hash[IP6Q_HASHSZ];
static DEFINE_RWLOCK(ip6_frag_lock);
static u32 ip6_frag_hash_rnd;
static LIST_HEAD(ip6_frag_lru_list);
int ip6_frag_nqueues = 0;

static __inline__ void __fq_unlink(struct frag_queue *fq)
{
	hlist_del(&fq->list);
	list_del(&fq->lru_list);
	ip6_frag_nqueues--;
}

static __inline__ void fq_unlink(struct frag_queue *fq)
{
	write_lock(&ip6_frag_lock);
	__fq_unlink(fq);
	write_unlock(&ip6_frag_lock);
}

/*
 * callers should be careful not to use the hash value outside the ipfrag_lock
 * as doing so could race with ipfrag_hash_rnd being recalculated.
 */
static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
			       struct in6_addr *daddr)
{
	u32 a, b, c;

	a = (__force u32)saddr->s6_addr32[0];
	b = (__force u32)saddr->s6_addr32[1];
	c = (__force u32)saddr->s6_addr32[2];

	a += JHASH_GOLDEN_RATIO;
	b += JHASH_GOLDEN_RATIO;
	c += ip6_frag_hash_rnd;
	__jhash_mix(a, b, c);

	a += (__force u32)saddr->s6_addr32[3];
	b += (__force u32)daddr->s6_addr32[0];
	c += (__force u32)daddr->s6_addr32[1];
	__jhash_mix(a, b, c);

	a += (__force u32)daddr->s6_addr32[2];
	b += (__force u32)daddr->s6_addr32[3];
	c += (__force u32)id;
	__jhash_mix(a, b, c);

	return c & (IP6Q_HASHSZ - 1);
}

static struct timer_list ip6_frag_secret_timer;
int sysctl_ip6frag_secret_interval __read_mostly = 10 * 60 * HZ;

static void ip6_frag_secret_rebuild(unsigned long dummy)
{
	unsigned long now = jiffies;
	int i;

	write_lock(&ip6_frag_lock);
	get_random_bytes(&ip6_frag_hash_rnd, sizeof(u32));
	for (i = 0; i < IP6Q_HASHSZ; i++) {
		struct frag_queue *q;
		struct hlist_node *p, *n;

		hlist_for_each_entry_safe(q, p, n, &ip6_frag_hash[i], list) {
			unsigned int hval = ip6qhashfn(q->id,
						       &q->saddr,
						       &q->daddr);

			if (hval != i) {
				hlist_del(&q->list);

				/* Relink to new hash chain. */
				hlist_add_head(&q->list,
					       &ip6_frag_hash[hval]);

			}
		}
	}
	write_unlock(&ip6_frag_lock);

	mod_timer(&ip6_frag_secret_timer, now + sysctl_ip6frag_secret_interval);
}

atomic_t ip6_frag_mem = ATOMIC_INIT(0);

/* Memory Tracking Functions. */
static inline void frag_kfree_skb(struct sk_buff *skb, int *work)
{
	if (work)
		*work -= skb->truesize;
	atomic_sub(skb->truesize, &ip6_frag_mem);
	kfree_skb(skb);
}

static inline void frag_free_queue(struct frag_queue *fq, int *work)
{
	if (work)
		*work -= sizeof(struct frag_queue);
	atomic_sub(sizeof(struct frag_queue), &ip6_frag_mem);
	kfree(fq);
}

static inline struct frag_queue *frag_alloc_queue(void)
{
	struct frag_queue *fq = kzalloc(sizeof(struct frag_queue), GFP_ATOMIC);

	if(!fq)
		return NULL;
	atomic_add(sizeof(struct frag_queue), &ip6_frag_mem);
	return fq;
}

/* Destruction primitives. */

/* Complete destruction of fq. */
static void ip6_frag_destroy(struct frag_queue *fq, int *work)
{
	struct sk_buff *fp;

	BUG_TRAP(fq->last_in&COMPLETE);
	BUG_TRAP(del_timer(&fq->timer) == 0);

	/* Release all fragment data. */
	fp = fq->fragments;
	while (fp) {
		struct sk_buff *xp = fp->next;

		frag_kfree_skb(fp, work);
		fp = xp;
	}

	frag_free_queue(fq, work);
}

static __inline__ void fq_put(struct frag_queue *fq, int *work)
{
	if (atomic_dec_and_test(&fq->refcnt))
		ip6_frag_destroy(fq, work);
}

/* Kill fq entry. It is not destroyed immediately,
 * because caller (and someone more) holds reference count.
 */
static __inline__ void fq_kill(struct frag_queue *fq)
{
	if (del_timer(&fq->timer))
		atomic_dec(&fq->refcnt);

	if (!(fq->last_in & COMPLETE)) {
		fq_unlink(fq);
		atomic_dec(&fq->refcnt);
		fq->last_in |= COMPLETE;
	}
}

static void ip6_evictor(struct inet6_dev *idev)
{
	struct frag_queue *fq;
	struct list_head *tmp;
	int work;

	work = atomic_read(&ip6_frag_mem) - sysctl_ip6frag_low_thresh;
	if (work <= 0)
		return;

	while(work > 0) {
		read_lock(&ip6_frag_lock);
		if (list_empty(&ip6_frag_lru_list)) {
			read_unlock(&ip6_frag_lock);
			return;
		}
		tmp = ip6_frag_lru_list.next;
		fq = list_entry(tmp, struct frag_queue, lru_list);
		atomic_inc(&fq->refcnt);
		read_unlock(&ip6_frag_lock);

		spin_lock(&fq->lock);
		if (!(fq->last_in&COMPLETE))
			fq_kill(fq);
		spin_unlock(&fq->lock);

		fq_put(fq, &work);
		IP6_INC_STATS_BH(idev, IPSTATS_MIB_REASMFAILS);
	}
}

static void ip6_frag_expire(unsigned long data)
{
	struct frag_queue *fq = (struct frag_queue *) data;
	struct net_device *dev = NULL;

	spin_lock(&fq->lock);

	if (fq->last_in & COMPLETE)
		goto out;

	fq_kill(fq);

	dev = dev_get_by_index(fq->iif);
	if (!dev)
		goto out;

	rcu_read_lock();
	IP6_INC_STATS_BH(__in6_dev_get(dev), IPSTATS_MIB_REASMTIMEOUT);
	IP6_INC_STATS_BH(__in6_dev_get(dev), IPSTATS_MIB_REASMFAILS);
	rcu_read_unlock();

	/* Don't send error if the first segment did not arrive. */
	if (!(fq->last_in&FIRST_IN) || !fq->fragments)
		goto out;

	/*
	   But use as source device on which LAST ARRIVED
	   segment was received. And do not use fq->dev
	   pointer directly, device might already disappeared.
	 */
	fq->fragments->dev = dev;
	icmpv6_send(fq->fragments, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0, dev);
out:
	if (dev)
		dev_put(dev);
	spin_unlock(&fq->lock);
	fq_put(fq, NULL);
}

/* Creation primitives. */


static struct frag_queue *ip6_frag_intern(struct frag_queue *fq_in)
{
	struct frag_queue *fq;
	unsigned int hash;
#ifdef CONFIG_SMP
	struct hlist_node *n;
#endif

	write_lock(&ip6_frag_lock);
	hash = ip6qhashfn(fq_in->id, &fq_in->saddr, &fq_in->daddr);
#ifdef CONFIG_SMP
	hlist_for_each_entry(fq, n, &ip6_frag_hash[hash], list) {
		if (fq->id == fq_in->id && 
		    ipv6_addr_equal(&fq_in->saddr, &fq->saddr) &&
		    ipv6_addr_equal(&fq_in->daddr, &fq->daddr)) {
			atomic_inc(&fq->refcnt);
			write_unlock(&ip6_frag_lock);
			fq_in->last_in |= COMPLETE;
			fq_put(fq_in, NULL);
			return fq;
		}
	}
#endif
	fq = fq_in;

	if (!mod_timer(&fq->timer, jiffies + sysctl_ip6frag_time))
		atomic_inc(&fq->refcnt);

	atomic_inc(&fq->refcnt);
	hlist_add_head(&fq->list, &ip6_frag_hash[hash]);
	INIT_LIST_HEAD(&fq->lru_list);
	list_add_tail(&fq->lru_list, &ip6_frag_lru_list);
	ip6_frag_nqueues++;
	write_unlock(&ip6_frag_lock);
	return fq;
}


static struct frag_queue *
ip6_frag_create(__be32 id, struct in6_addr *src, struct in6_addr *dst,
		struct inet6_dev *idev)
{
	struct frag_queue *fq;

	if ((fq = frag_alloc_queue()) == NULL)
		goto oom;

	fq->id = id;
	ipv6_addr_copy(&fq->saddr, src);
	ipv6_addr_copy(&fq->daddr, dst);

	init_timer(&fq->timer);
	fq->timer.function = ip6_frag_expire;
	fq->timer.data = (long) fq;
	spin_lock_init(&fq->lock);
	atomic_set(&fq->refcnt, 1);

	return ip6_frag_intern(fq);

oom:
	IP6_INC_STATS_BH(idev, IPSTATS_MIB_REASMFAILS);
	return NULL;
}

static __inline__ struct frag_queue *
fq_find(__be32 id, struct in6_addr *src, struct in6_addr *dst,
	struct inet6_dev *idev)
{
	struct frag_queue *fq;
	struct hlist_node *n;
	unsigned int hash;

	read_lock(&ip6_frag_lock);
	hash = ip6qhashfn(id, src, dst);
	hlist_for_each_entry(fq, n, &ip6_frag_hash[hash], list) {
		if (fq->id == id && 
		    ipv6_addr_equal(src, &fq->saddr) &&
		    ipv6_addr_equal(dst, &fq->daddr)) {
			atomic_inc(&fq->refcnt);
			read_unlock(&ip6_frag_lock);
			return fq;
		}
	}
	read_unlock(&ip6_frag_lock);

	return ip6_frag_create(id, src, dst, idev);
}


static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, 
			   struct frag_hdr *fhdr, int nhoff)
{
	struct sk_buff *prev, *next;
	int offset, end;

	if (fq->last_in & COMPLETE)
		goto err;

	offset = ntohs(fhdr->frag_off) & ~0x7;
	end = offset + (ntohs(skb->nh.ipv6h->payload_len) -
			((u8 *) (fhdr + 1) - (u8 *) (skb->nh.ipv6h + 1)));

	if ((unsigned int)end > IPV6_MAXPLEN) {
		IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
				 IPSTATS_MIB_INHDRERRORS);
 		icmpv6_param_prob(skb,ICMPV6_HDR_FIELD, (u8*)&fhdr->frag_off - skb->nh.raw);
 		return;
	}

 	if (skb->ip_summed == CHECKSUM_COMPLETE)
 		skb->csum = csum_sub(skb->csum,
 				     csum_partial(skb->nh.raw, (u8*)(fhdr+1)-skb->nh.raw, 0));

	/* Is this the final fragment? */
	if (!(fhdr->frag_off & htons(IP6_MF))) {
		/* If we already have some bits beyond end
		 * or have different end, the segment is corrupted.
		 */
		if (end < fq->len ||
		    ((fq->last_in & LAST_IN) && end != fq->len))
			goto err;
		fq->last_in |= LAST_IN;
		fq->len = end;
	} else {
		/* Check if the fragment is rounded to 8 bytes.
		 * Required by the RFC.
		 */
		if (end & 0x7) {
			/* RFC2460 says always send parameter problem in
			 * this case. -DaveM
			 */
			IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
					 IPSTATS_MIB_INHDRERRORS);
			icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, 
					  offsetof(struct ipv6hdr, payload_len));
			return;
		}
		if (end > fq->len) {
			/* Some bits beyond end -> corruption. */
			if (fq->last_in & LAST_IN)
				goto err;
			fq->len = end;
		}
	}

	if (end == offset)
		goto err;

	/* Point into the IP datagram 'data' part. */
	if (!pskb_pull(skb, (u8 *) (fhdr + 1) - skb->data))
		goto err;
	
	if (pskb_trim_rcsum(skb, end - offset))
		goto err;

	/* Find out which fragments are in front and at the back of us
	 * in the chain of fragments so far.  We must know where to put
	 * this fragment, right?
	 */
	prev = NULL;
	for(next = fq->fragments; next != NULL; next = next->next) {
		if (FRAG6_CB(next)->offset >= offset)
			break;	/* bingo! */
		prev = next;
	}

	/* We found where to put this one.  Check for overlap with
	 * preceding fragment, and, if needed, align things so that
	 * any overlaps are eliminated.
	 */
	if (prev) {
		int i = (FRAG6_CB(prev)->offset + prev->len) - offset;

		if (i > 0) {
			offset += i;
			if (end <= offset)
				goto err;
			if (!pskb_pull(skb, i))
				goto err;
			if (skb->ip_summed != CHECKSUM_UNNECESSARY)
				skb->ip_summed = CHECKSUM_NONE;
		}
	}

	/* Look for overlap with succeeding segments.
	 * If we can merge fragments, do it.
	 */
	while (next && FRAG6_CB(next)->offset < end) {
		int i = end - FRAG6_CB(next)->offset; /* overlap is 'i' bytes */

		if (i < next->len) {
			/* Eat head of the next overlapped fragment
			 * and leave the loop. The next ones cannot overlap.
			 */
			if (!pskb_pull(next, i))
				goto err;
			FRAG6_CB(next)->offset += i;	/* next fragment */
			fq->meat -= i;
			if (next->ip_summed != CHECKSUM_UNNECESSARY)
				next->ip_summed = CHECKSUM_NONE;
			break;
		} else {
			struct sk_buff *free_it = next;

			/* Old fragment is completely overridden with
			 * new one drop it.
			 */
			next = next->next;

			if (prev)
				prev->next = next;
			else
				fq->fragments = next;

			fq->meat -= free_it->len;
			frag_kfree_skb(free_it, NULL);
		}
	}

	FRAG6_CB(skb)->offset = offset;

	/* Insert this fragment in the chain of fragments. */
	skb->next = next;
	if (prev)
		prev->next = skb;
	else
		fq->fragments = skb;

	if (skb->dev)
		fq->iif = skb->dev->ifindex;
	skb->dev = NULL;
	skb_get_timestamp(skb, &fq->stamp);
	fq->meat += skb->len;
	atomic_add(skb->truesize, &ip6_frag_mem);

	/* The first fragment.
	 * nhoffset is obtained from the first fragment, of course.
	 */
	if (offset == 0) {
		fq->nhoffset = nhoff;
		fq->last_in |= FIRST_IN;
	}
	write_lock(&ip6_frag_lock);
	list_move_tail(&fq->lru_list, &ip6_frag_lru_list);
	write_unlock(&ip6_frag_lock);
	return;

err:
	IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_REASMFAILS);
	kfree_skb(skb);
}

/*
 *	Check if this packet is complete.
 *	Returns NULL on failure by any reason, and pointer
 *	to current nexthdr field in reassembled frame.
 *
 *	It is called with locked fq, and caller must check that
 *	queue is eligible for reassembly i.e. it is not COMPLETE,
 *	the last and the first frames arrived and all the bits are here.
 */
static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff **skb_in,
			  struct net_device *dev)
{
	struct sk_buff *fp, *head = fq->fragments;
	int    payload_len;
	unsigned int nhoff;

	fq_kill(fq);

	BUG_TRAP(head != NULL);
	BUG_TRAP(FRAG6_CB(head)->offset == 0);

	/* Unfragmented part is taken from the first segment. */
	payload_len = (head->data - head->nh.raw) - sizeof(struct ipv6hdr) + fq->len - sizeof(struct frag_hdr);
	if (payload_len > IPV6_MAXPLEN)
		goto out_oversize;

	/* Head of list must not be cloned. */
	if (skb_cloned(head) && pskb_expand_head(head, 0, 0, GFP_ATOMIC))
		goto out_oom;

	/* If the first fragment is fragmented itself, we split
	 * it to two chunks: the first with data and paged part
	 * and the second, holding only fragments. */
	if (skb_shinfo(head)->frag_list) {
		struct sk_buff *clone;
		int i, plen = 0;

		if ((clone = alloc_skb(0, GFP_ATOMIC)) == NULL)
			goto out_oom;
		clone->next = head->next;
		head->next = clone;
		skb_shinfo(clone)->frag_list = skb_shinfo(head)->frag_list;
		skb_shinfo(head)->frag_list = NULL;
		for (i=0; i<skb_shinfo(head)->nr_frags; i++)
			plen += skb_shinfo(head)->frags[i].size;
		clone->len = clone->data_len = head->data_len - plen;
		head->data_len -= clone->len;
		head->len -= clone->len;
		clone->csum = 0;
		clone->ip_summed = head->ip_summed;
		atomic_add(clone->truesize, &ip6_frag_mem);
	}

	/* We have to remove fragment header from datagram and to relocate
	 * header in order to calculate ICV correctly. */
	nhoff = fq->nhoffset;
	head->nh.raw[nhoff] = head->h.raw[0];
	memmove(head->head + sizeof(struct frag_hdr), head->head, 
		(head->data - head->head) - sizeof(struct frag_hdr));
	head->mac.raw += sizeof(struct frag_hdr);
	head->nh.raw += sizeof(struct frag_hdr);

	skb_shinfo(head)->frag_list = head->next;
	head->h.raw = head->data;
	skb_push(head, head->data - head->nh.raw);
	atomic_sub(head->truesize, &ip6_frag_mem);

	for (fp=head->next; fp; fp = fp->next) {
		head->data_len += fp->len;
		head->len += fp->len;
		if (head->ip_summed != fp->ip_summed)
			head->ip_summed = CHECKSUM_NONE;
		else if (head->ip_summed == CHECKSUM_COMPLETE)
			head->csum = csum_add(head->csum, fp->csum);
		head->truesize += fp->truesize;
		atomic_sub(fp->truesize, &ip6_frag_mem);
	}

	head->next = NULL;
	head->dev = dev;
	skb_set_timestamp(head, &fq->stamp);
	head->nh.ipv6h->payload_len = htons(payload_len);
	IP6CB(head)->nhoff = nhoff;

	*skb_in = head;

	/* Yes, and fold redundant checksum back. 8) */
	if (head->ip_summed == CHECKSUM_COMPLETE)
		head->csum = csum_partial(head->nh.raw, head->h.raw-head->nh.raw, head->csum);

	rcu_read_lock();
	IP6_INC_STATS_BH(__in6_dev_get(dev), IPSTATS_MIB_REASMOKS);
	rcu_read_unlock();
	fq->fragments = NULL;
	return 1;

out_oversize:
	if (net_ratelimit())
		printk(KERN_DEBUG "ip6_frag_reasm: payload len = %d\n", payload_len);
	goto out_fail;
out_oom:
	if (net_ratelimit())
		printk(KERN_DEBUG "ip6_frag_reasm: no memory for reassembly\n");
out_fail:
	rcu_read_lock();
	IP6_INC_STATS_BH(__in6_dev_get(dev), IPSTATS_MIB_REASMFAILS);
	rcu_read_unlock();
	return -1;
}

static int ipv6_frag_rcv(struct sk_buff **skbp)
{
	struct sk_buff *skb = *skbp; 
	struct net_device *dev = skb->dev;
	struct frag_hdr *fhdr;
	struct frag_queue *fq;
	struct ipv6hdr *hdr;

	hdr = skb->nh.ipv6h;

	IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_REASMREQDS);

	/* Jumbo payload inhibits frag. header */
	if (hdr->payload_len==0) {
		IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_INHDRERRORS);
		icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, skb->h.raw-skb->nh.raw);
		return -1;
	}
	if (!pskb_may_pull(skb, (skb->h.raw-skb->data)+sizeof(struct frag_hdr))) {
		IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_INHDRERRORS);
		icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, skb->h.raw-skb->nh.raw);
		return -1;
	}

	hdr = skb->nh.ipv6h;
	fhdr = (struct frag_hdr *)skb->h.raw;

	if (!(fhdr->frag_off & htons(0xFFF9))) {
		/* It is not a fragmented frame */
		skb->h.raw += sizeof(struct frag_hdr);
		IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_REASMOKS);

		IP6CB(skb)->nhoff = (u8*)fhdr - skb->nh.raw;
		return 1;
	}

	if (atomic_read(&ip6_frag_mem) > sysctl_ip6frag_high_thresh)
		ip6_evictor(ip6_dst_idev(skb->dst));

	if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr,
			  ip6_dst_idev(skb->dst))) != NULL) {
		int ret = -1;

		spin_lock(&fq->lock);

		ip6_frag_queue(fq, skb, fhdr, IP6CB(skb)->nhoff);

		if (fq->last_in == (FIRST_IN|LAST_IN) &&
		    fq->meat == fq->len)
			ret = ip6_frag_reasm(fq, skbp, dev);

		spin_unlock(&fq->lock);
		fq_put(fq, NULL);
		return ret;
	}

	IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_REASMFAILS);
	kfree_skb(skb);
	return -1;
}

static struct inet6_protocol frag_protocol =
{
	.handler	=	ipv6_frag_rcv,
	.flags		=	INET6_PROTO_NOPOLICY,
};

void __init ipv6_frag_init(void)
{
	if (inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT) < 0)
		printk(KERN_ERR "ipv6_frag_init: Could not register protocol\n");

	ip6_frag_hash_rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^
				   (jiffies ^ (jiffies >> 6)));

	init_timer(&ip6_frag_secret_timer);
	ip6_frag_secret_timer.function = ip6_frag_secret_rebuild;
	ip6_frag_secret_timer.expires = jiffies + sysctl_ip6frag_secret_interval;
	add_timer(&ip6_frag_secret_timer);
}
9' href='#n459'>459</a>
<a id='n460' href='#n460'>460</a>
<a id='n461' href='#n461'>461</a>
<a id='n462' href='#n462'>462</a>
<a id='n463' href='#n463'>463</a>
<a id='n464' href='#n464'>464</a>
<a id='n465' href='#n465'>465</a>
<a id='n466' href='#n466'>466</a>
<a id='n467' href='#n467'>467</a>
<a id='n468' href='#n468'>468</a>
<a id='n469' href='#n469'>469</a>
<a id='n470' href='#n470'>470</a>
<a id='n471' href='#n471'>471</a>
<a id='n472' href='#n472'>472</a>
<a id='n473' href='#n473'>473</a>
<a id='n474' href='#n474'>474</a>
<a id='n475' href='#n475'>475</a>
<a id='n476' href='#n476'>476</a>
<a id='n477' href='#n477'>477</a>
<a id='n478' href='#n478'>478</a>
<a id='n479' href='#n479'>479</a>
<a id='n480' href='#n480'>480</a>
<a id='n481' href='#n481'>481</a>
<a id='n482' href='#n482'>482</a>
<a id='n483' href='#n483'>483</a>
<a id='n484' href='#n484'>484</a>
<a id='n485' href='#n485'>485</a>
<a id='n486' href='#n486'>486</a>
<a id='n487' href='#n487'>487</a>
<a id='n488' href='#n488'>488</a>
<a id='n489' href='#n489'>489</a>
<a id='n490' href='#n490'>490</a>
<a id='n491' href='#n491'>491</a>
<a id='n492' href='#n492'>492</a>
<a id='n493' href='#n493'>493</a>
<a id='n494' href='#n494'>494</a>
<a id='n495' href='#n495'>495</a>
<a id='n496' href='#n496'>496</a>
<a id='n497' href='#n497'>497</a>
<a id='n498' href='#n498'>498</a>
<a id='n499' href='#n499'>499</a>
<a id='n500' href='#n500'>500</a>
<a id='n501' href='#n501'>501</a>
<a id='n502' href='#n502'>502</a>
<a id='n503' href='#n503'>503</a>
<a id='n504' href='#n504'>504</a>
<a id='n505' href='#n505'>505</a>
<a id='n506' href='#n506'>506</a>
<a id='n507' href='#n507'>507</a>
<a id='n508' href='#n508'>508</a>
<a id='n509' href='#n509'>509</a>
<a id='n510' href='#n510'>510</a>
<a id='n511' href='#n511'>511</a>
<a id='n512' href='#n512'>512</a>
<a id='n513' href='#n513'>513</a>
<a id='n514' href='#n514'>514</a>
<a id='n515' href='#n515'>515</a>
<a id='n516' href='#n516'>516</a>
<a id='n517' href='#n517'>517</a>
<a id='n518' href='#n518'>518</a>
<a id='n519' href='#n519'>519</a>
<a id='n520' href='#n520'>520</a>
<a id='n521' href='#n521'>521</a>
<a id='n522' href='#n522'>522</a>
<a id='n523' href='#n523'>523</a>
<a id='n524' href='#n524'>524</a>
<a id='n525' href='#n525'>525</a>
<a id='n526' href='#n526'>526</a>
<a id='n527' href='#n527'>527</a>
<a id='n528' href='#n528'>528</a>
<a id='n529' href='#n529'>529</a>
<a id='n530' href='#n530'>530</a>
<a id='n531' href='#n531'>531</a>
<a id='n532' href='#n532'>532</a>
<a id='n533' href='#n533'>533</a>
<a id='n534' href='#n534'>534</a>
<a id='n535' href='#n535'>535</a>
<a id='n536' href='#n536'>536</a>
<a id='n537' href='#n537'>537</a>
<a id='n538' href='#n538'>538</a>
<a id='n539' href='#n539'>539</a>
<a id='n540' href='#n540'>540</a>
<a id='n541' href='#n541'>541</a>
<a id='n542' href='#n542'>542</a>
<a id='n543' href='#n543'>543</a>
<a id='n544' href='#n544'>544</a>
<a id='n545' href='#n545'>545</a>
<a id='n546' href='#n546'>546</a>
<a id='n547' href='#n547'>547</a>
<a id='n548' href='#n548'>548</a>
<a id='n549' href='#n549'>549</a>
<a id='n550' href='#n550'>550</a>
<a id='n551' href='#n551'>551</a>
<a id='n552' href='#n552'>552</a>
<a id='n553' href='#n553'>553</a>
<a id='n554' href='#n554'>554</a>
<a id='n555' href='#n555'>555</a>
<a id='n556' href='#n556'>556</a>
<a id='n557' href='#n557'>557</a>
<a id='n558' href='#n558'>558</a>
<a id='n559' href='#n559'>559</a>
<a id='n560' href='#n560'>560</a>
<a id='n561' href='#n561'>561</a>
<a id='n562' href='#n562'>562</a>
<a id='n563' href='#n563'>563</a>
<a id='n564' href='#n564'>564</a>
<a id='n565' href='#n565'>565</a>
<a id='n566' href='#n566'>566</a>
<a id='n567' href='#n567'>567</a>
<a id='n568' href='#n568'>568</a>
<a id='n569' href='#n569'>569</a>
<a id='n570' href='#n570'>570</a>
<a id='n571' href='#n571'>571</a>
<a id='n572' href='#n572'>572</a>
<a id='n573' href='#n573'>573</a>
<a id='n574' href='#n574'>574</a>
<a id='n575' href='#n575'>575</a>
<a id='n576' href='#n576'>576</a>
<a id='n577' href='#n577'>577</a>
<a id='n578' href='#n578'>578</a>
<a id='n579' href='#n579'>579</a>
<a id='n580' href='#n580'>580</a>
<a id='n581' href='#n581'>581</a>
<a id='n582' href='#n582'>582</a>
<a id='n583' href='#n583'>583</a>
<a id='n584' href='#n584'>584</a>
<a id='n585' href='#n585'>585</a>
<a id='n586' href='#n586'>586</a>
<a id='n587' href='#n587'>587</a>
<a id='n588' href='#n588'>588</a>
<a id='n589' href='#n589'>589</a>
<a id='n590' href='#n590'>590</a>
<a id='n591' href='#n591'>591</a>
<a id='n592' href='#n592'>592</a>
<a id='n593' href='#n593'>593</a>
<a id='n594' href='#n594'>594</a>
<a id='n595' href='#n595'>595</a>
<a id='n596' href='#n596'>596</a>
<a id='n597' href='#n597'>597</a>
<a id='n598' href='#n598'>598</a>
<a id='n599' href='#n599'>599</a>
<a id='n600' href='#n600'>600</a>
<a id='n601' href='#n601'>601</a>
<a id='n602' href='#n602'>602</a>
<a id='n603' href='#n603'>603</a>
<a id='n604' href='#n604'>604</a>
<a id='n605' href='#n605'>605</a>
<a id='n606' href='#n606'>606</a>
<a id='n607' href='#n607'>607</a>
<a id='n608' href='#n608'>608</a>
<a id='n609' href='#n609'>609</a>
<a id='n610' href='#n610'>610</a>
<a id='n611' href='#n611'>611</a>
<a id='n612' href='#n612'>612</a>
<a id='n613' href='#n613'>613</a>
<a id='n614' href='#n614'>614</a>
<a id='n615' href='#n615'>615</a>
<a id='n616' href='#n616'>616</a>
<a id='n617' href='#n617'>617</a>
<a id='n618' href='#n618'>618</a>
<a id='n619' href='#n619'>619</a>
<a id='n620' href='#n620'>620</a>
<a id='n621' href='#n621'>621</a>
<a id='n622' href='#n622'>622</a>
<a id='n623' href='#n623'>623</a>
<a id='n624' href='#n624'>624</a>
<a id='n625' href='#n625'>625</a>
<a id='n626' href='#n626'>626</a>
<a id='n627' href='#n627'>627</a>
<a id='n628' href='#n628'>628</a>
<a id='n629' href='#n629'>629</a>
<a id='n630' href='#n630'>630</a>
<a id='n631' href='#n631'>631</a>
<a id='n632' href='#n632'>632</a>
<a id='n633' href='#n633'>633</a>
<a id='n634' href='#n634'>634</a>
<a id='n635' href='#n635'>635</a>
<a id='n636' href='#n636'>636</a>
<a id='n637' href='#n637'>637</a>
<a id='n638' href='#n638'>638</a>
<a id='n639' href='#n639'>639</a>
<a id='n640' href='#n640'>640</a>
<a id='n641' href='#n641'>641</a>
<a id='n642' href='#n642'>642</a>
<a id='n643' href='#n643'>643</a>
<a id='n644' href='#n644'>644</a>
<a id='n645' href='#n645'>645</a>
<a id='n646' href='#n646'>646</a>
<a id='n647' href='#n647'>647</a>
<a id='n648' href='#n648'>648</a>
<a id='n649' href='#n649'>649</a>
<a id='n650' href='#n650'>650</a>
<a id='n651' href='#n651'>651</a>
<a id='n652' href='#n652'>652</a>
<a id='n653' href='#n653'>653</a>
<a id='n654' href='#n654'>654</a>
<a id='n655' href='#n655'>655</a>
<a id='n656' href='#n656'>656</a>
<a id='n657' href='#n657'>657</a>
<a id='n658' href='#n658'>658</a>
<a id='n659' href='#n659'>659</a>
<a id='n660' href='#n660'>660</a>
<a id='n661' href='#n661'>661</a>
<a id='n662' href='#n662'>662</a>
<a id='n663' href='#n663'>663</a>
<a id='n664' href='#n664'>664</a>
<a id='n665' href='#n665'>665</a>
<a id='n666' href='#n666'>666</a>
<a id='n667' href='#n667'>667</a>
<a id='n668' href='#n668'>668</a>
<a id='n669' href='#n669'>669</a>
<a id='n670' href='#n670'>670</a>
<a id='n671' href='#n671'>671</a>
<a id='n672' href='#n672'>672</a>
<a id='n673' href='#n673'>673</a>
<a id='n674' href='#n674'>674</a>
<a id='n675' href='#n675'>675</a>
<a id='n676' href='#n676'>676</a>
<a id='n677' href='#n677'>677</a>
<a id='n678' href='#n678'>678</a>
<a id='n679' href='#n679'>679</a>
<a id='n680' href='#n680'>680</a>
<a id='n681' href='#n681'>681</a>
<a id='n682' href='#n682'>682</a>
<a id='n683' href='#n683'>683</a>
<a id='n684' href='#n684'>684</a>
<a id='n685' href='#n685'>685</a>
<a id='n686' href='#n686'>686</a>
<a id='n687' href='#n687'>687</a>
<a id='n688' href='#n688'>688</a>
<a id='n689' href='#n689'>689</a>
<a id='n690' href='#n690'>690</a>
<a id='n691' href='#n691'>691</a>
<a id='n692' href='#n692'>692</a>
<a id='n693' href='#n693'>693</a>
<a id='n694' href='#n694'>694</a>
<a id='n695' href='#n695'>695</a>
<a id='n696' href='#n696'>696</a>
<a id='n697' href='#n697'>697</a>
<a id='n698' href='#n698'>698</a>
<a id='n699' href='#n699'>699</a>
<a id='n700' href='#n700'>700</a>
<a id='n701' href='#n701'>701</a>
<a id='n702' href='#n702'>702</a>
<a id='n703' href='#n703'>703</a>
<a id='n704' href='#n704'>704</a>
<a id='n705' href='#n705'>705</a>
<a id='n706' href='#n706'>706</a>
<a id='n707' href='#n707'>707</a>
<a id='n708' href='#n708'>708</a>
<a id='n709' href='#n709'>709</a>
<a id='n710' href='#n710'>710</a>
<a id='n711' href='#n711'>711</a>
<a id='n712' href='#n712'>712</a>
<a id='n713' href='#n713'>713</a>
<a id='n714' href='#n714'>714</a>
<a id='n715' href='#n715'>715</a>
<a id='n716' href='#n716'>716</a>
<a id='n717' href='#n717'>717</a>
<a id='n718' href='#n718'>718</a>
<a id='n719' href='#n719'>719</a>
<a id='n720' href='#n720'>720</a>
<a id='n721' href='#n721'>721</a>
<a id='n722' href='#n722'>722</a>
<a id='n723' href='#n723'>723</a>
<a id='n724' href='#n724'>724</a>
<a id='n725' href='#n725'>725</a>
<a id='n726' href='#n726'>726</a>
<a id='n727' href='#n727'>727</a>
<a id='n728' href='#n728'>728</a>
<a id='n729' href='#n729'>729</a>
<a id='n730' href='#n730'>730</a>
<a id='n731' href='#n731'>731</a>
<a id='n732' href='#n732'>732</a>
<a id='n733' href='#n733'>733</a>
<a id='n734' href='#n734'>734</a>
<a id='n735' href='#n735'>735</a>
<a id='n736' href='#n736'>736</a>
<a id='n737' href='#n737'>737</a>
<a id='n738' href='#n738'>738</a>
<a id='n739' href='#n739'>739</a>
<a id='n740' href='#n740'>740</a>
<a id='n741' href='#n741'>741</a>
<a id='n742' href='#n742'>742</a>
<a id='n743' href='#n743'>743</a>
<a id='n744' href='#n744'>744</a>
<a id='n745' href='#n745'>745</a>
<a id='n746' href='#n746'>746</a>
<a id='n747' href='#n747'>747</a>
<a id='n748' href='#n748'>748</a>
<a id='n749' href='#n749'>749</a>
<a id='n750' href='#n750'>750</a>
<a id='n751' href='#n751'>751</a>
<a id='n752' href='#n752'>752</a>
<a id='n753' href='#n753'>753</a>
<a id='n754' href='#n754'>754</a>
<a id='n755' href='#n755'>755</a>
<a id='n756' href='#n756'>756</a>
<a id='n757' href='#n757'>757</a>
<a id='n758' href='#n758'>758</a>
<a id='n759' href='#n759'>759</a>
<a id='n760' href='#n760'>760</a>
<a id='n761' href='#n761'>761</a>
<a id='n762' href='#n762'>762</a>
<a id='n763' href='#n763'>763</a>
<a id='n764' href='#n764'>764</a>
<a id='n765' href='#n765'>765</a>
<a id='n766' href='#n766'>766</a>
<a id='n767' href='#n767'>767</a>
<a id='n768' href='#n768'>768</a>
<a id='n769' href='#n769'>769</a>
<a id='n770' href='#n770'>770</a>
<a id='n771' href='#n771'>771</a>
<a id='n772' href='#n772'>772</a>
<a id='n773' href='#n773'>773</a>
<a id='n774' href='#n774'>774</a>
<a id='n775' href='#n775'>775</a>
<a id='n776' href='#n776'>776</a>
<a id='n777' href='#n777'>777</a>
<a id='n778' href='#n778'>778</a>
<a id='n779' href='#n779'>779</a>
<a id='n780' href='#n780'>780</a>
<a id='n781' href='#n781'>781</a>
<a id='n782' href='#n782'>782</a>
<a id='n783' href='#n783'>783</a>
<a id='n784' href='#n784'>784</a>
<a id='n785' href='#n785'>785</a>
<a id='n786' href='#n786'>786</a>
<a id='n787' href='#n787'>787</a>
<a id='n788' href='#n788'>788</a>
<a id='n789' href='#n789'>789</a>
<a id='n790' href='#n790'>790</a>
<a id='n791' href='#n791'>791</a>
<a id='n792' href='#n792'>792</a>
<a id='n793' href='#n793'>793</a>
<a id='n794' href='#n794'>794</a>
<a id='n795' href='#n795'>795</a>
<a id='n796' href='#n796'>796</a>
<a id='n797' href='#n797'>797</a>
<a id='n798' href='#n798'>798</a>
<a id='n799' href='#n799'>799</a>
<a id='n800' href='#n800'>800</a>
<a id='n801' href='#n801'>801</a>
<a id='n802' href='#n802'>802</a>
<a id='n803' href='#n803'>803</a>
<a id='n804' href='#n804'>804</a>
<a id='n805' href='#n805'>805</a>
<a id='n806' href='#n806'>806</a>
<a id='n807' href='#n807'>807</a>
<a id='n808' href='#n808'>808</a>
<a id='n809' href='#n809'>809</a>
<a id='n810' href='#n810'>810</a>
<a id='n811' href='#n811'>811</a>
<a id='n812' href='#n812'>812</a>
<a id='n813' href='#n813'>813</a>
<a id='n814' href='#n814'>814</a>
<a id='n815' href='#n815'>815</a>
<a id='n816' href='#n816'>816</a>
<a id='n817' href='#n817'>817</a>
<a id='n818' href='#n818'>818</a>
<a id='n819' href='#n819'>819</a>
<a id='n820' href='#n820'>820</a>
<a id='n821' href='#n821'>821</a>
<a id='n822' href='#n822'>822</a>
<a id='n823' href='#n823'>823</a>
<a id='n824' href='#n824'>824</a>
<a id='n825' href='#n825'>825</a>
<a id='n826' href='#n826'>826</a>
<a id='n827' href='#n827'>827</a>
<a id='n828' href='#n828'>828</a>
<a id='n829' href='#n829'>829</a>
<a id='n830' href='#n830'>830</a>
<a id='n831' href='#n831'>831</a>
<a id='n832' href='#n832'>832</a>
<a id='n833' href='#n833'>833</a>
<a id='n834' href='#n834'>834</a>
<a id='n835' href='#n835'>835</a>
<a id='n836' href='#n836'>836</a>
<a id='n837' href='#n837'>837</a>
<a id='n838' href='#n838'>838</a>
<a id='n839' href='#n839'>839</a>
<a id='n840' href='#n840'>840</a>
<a id='n841' href='#n841'>841</a>
<a id='n842' href='#n842'>842</a>
<a id='n843' href='#n843'>843</a>
<a id='n844' href='#n844'>844</a>
<a id='n845' href='#n845'>845</a>
<a id='n846' href='#n846'>846</a>
<a id='n847' href='#n847'>847</a>
<a id='n848' href='#n848'>848</a>
<a id='n849' href='#n849'>849</a>
<a id='n850' href='#n850'>850</a>
<a id='n851' href='#n851'>851</a>
<a id='n852' href='#n852'>852</a>
<a id='n853' href='#n853'>853</a>
<a id='n854' href='#n854'>854</a>
<a id='n855' href='#n855'>855</a>
<a id='n856' href='#n856'>856</a>
<a id='n857' href='#n857'>857</a>
<a id='n858' href='#n858'>858</a>
<a id='n859' href='#n859'>859</a>
<a id='n860' href='#n860'>860</a>
<a id='n861' href='#n861'>861</a>
<a id='n862' href='#n862'>862</a>
<a id='n863' href='#n863'>863</a>
<a id='n864' href='#n864'>864</a>
<a id='n865' href='#n865'>865</a>
<a id='n866' href='#n866'>866</a>
<a id='n867' href='#n867'>867</a>
<a id='n868' href='#n868'>868</a>
<a id='n869' href='#n869'>869</a>
<a id='n870' href='#n870'>870</a>
<a id='n871' href='#n871'>871</a>
<a id='n872' href='#n872'>872</a>
<a id='n873' href='#n873'>873</a>
<a id='n874' href='#n874'>874</a>
<a id='n875' href='#n875'>875</a>
<a id='n876' href='#n876'>876</a>
<a id='n877' href='#n877'>877</a>
<a id='n878' href='#n878'>878</a>
<a id='n879' href='#n879'>879</a>
<a id='n880' href='#n880'>880</a>
<a id='n881' href='#n881'>881</a>
<a id='n882' href='#n882'>882</a>
<a id='n883' href='#n883'>883</a>
<a id='n884' href='#n884'>884</a>
<a id='n885' href='#n885'>885</a>
<a id='n886' href='#n886'>886</a>
<a id='n887' href='#n887'>887</a>
<a id='n888' href='#n888'>888</a>
<a id='n889' href='#n889'>889</a>
<a id='n890' href='#n890'>890</a>
<a id='n891' href='#n891'>891</a>
<a id='n892' href='#n892'>892</a>
<a id='n893' href='#n893'>893</a>
<a id='n894' href='#n894'>894</a>
<a id='n895' href='#n895'>895</a>
<a id='n896' href='#n896'>896</a>
<a id='n897' href='#n897'>897</a>
<a id='n898' href='#n898'>898</a>
<a id='n899' href='#n899'>899</a>
<a id='n900' href='#n900'>900</a>
<a id='n901' href='#n901'>901</a>
<a id='n902' href='#n902'>902</a>
<a id='n903' href='#n903'>903</a>
<a id='n904' href='#n904'>904</a>
<a id='n905' href='#n905'>905</a>
<a id='n906' href='#n906'>906</a>
<a id='n907' href='#n907'>907</a>
<a id='n908' href='#n908'>908</a>
<a id='n909' href='#n909'>909</a>
<a id='n910' href='#n910'>910</a>
<a id='n911' href='#n911'>911</a>
<a id='n912' href='#n912'>912</a>
<a id='n913' href='#n913'>913</a>
<a id='n914' href='#n914'>914</a>
<a id='n915' href='#n915'>915</a>
<a id='n916' href='#n916'>916</a>
<a id='n917' href='#n917'>917</a>
<a id='n918' href='#n918'>918</a>
<a id='n919' href='#n919'>919</a>
<a id='n920' href='#n920'>920</a>
<a id='n921' href='#n921'>921</a>
<a id='n922' href='#n922'>922</a>
<a id='n923' href='#n923'>923</a>
<a id='n924' href='#n924'>924</a>
<a id='n925' href='#n925'>925</a>
<a id='n926' href='#n926'>926</a>
<a id='n927' href='#n927'>927</a>
<a id='n928' href='#n928'>928</a>
<a id='n929' href='#n929'>929</a>
<a id='n930' href='#n930'>930</a>
<a id='n931' href='#n931'>931</a>
<a id='n932' href='#n932'>932</a>
<a id='n933' href='#n933'>933</a>
<a id='n934' href='#n934'>934</a>
<a id='n935' href='#n935'>935</a>
<a id='n936' href='#n936'>936</a>
<a id='n937' href='#n937'>937</a>
<a id='n938' href='#n938'>938</a>
<a id='n939' href='#n939'>939</a>
<a id='n940' href='#n940'>940</a>
<a id='n941' href='#n941'>941</a>
<a id='n942' href='#n942'>942</a>
<a id='n943' href='#n943'>943</a>
<a id='n944' href='#n944'>944</a>
<a id='n945' href='#n945'>945</a>
<a id='n946' href='#n946'>946</a>
<a id='n947' href='#n947'>947</a>
<a id='n948' href='#n948'>948</a>
<a id='n949' href='#n949'>949</a>
<a id='n950' href='#n950'>950</a>
<a id='n951' href='#n951'>951</a>
<a id='n952' href='#n952'>952</a>
<a id='n953' href='#n953'>953</a>
<a id='n954' href='#n954'>954</a>
<a id='n955' href='#n955'>955</a>
<a id='n956' href='#n956'>956</a>
<a id='n957' href='#n957'>957</a>
<a id='n958' href='#n958'>958</a>
<a id='n959' href='#n959'>959</a>
<a id='n960' href='#n960'>960</a>
<a id='n961' href='#n961'>961</a>
<a id='n962' href='#n962'>962</a>
<a id='n963' href='#n963'>963</a>
<a id='n964' href='#n964'>964</a>
<a id='n965' href='#n965'>965</a>
<a id='n966' href='#n966'>966</a>
<a id='n967' href='#n967'>967</a>
<a id='n968' href='#n968'>968</a>
<a id='n969' href='#n969'>969</a>
<a id='n970' href='#n970'>970</a>
<a id='n971' href='#n971'>971</a>
<a id='n972' href='#n972'>972</a>
<a id='n973' href='#n973'>973</a>
<a id='n974' href='#n974'>974</a>
<a id='n975' href='#n975'>975</a>
<a id='n976' href='#n976'>976</a>
<a id='n977' href='#n977'>977</a>
<a id='n978' href='#n978'>978</a>
<a id='n979' href='#n979'>979</a>
<a id='n980' href='#n980'>980</a>
<a id='n981' href='#n981'>981</a>
<a id='n982' href='#n982'>982</a>
<a id='n983' href='#n983'>983</a>
<a id='n984' href='#n984'>984</a>
<a id='n985' href='#n985'>985</a>
<a id='n986' href='#n986'>986</a>
<a id='n987' href='#n987'>987</a>
<a id='n988' href='#n988'>988</a>
<a id='n989' href='#n989'>989</a>
<a id='n990' href='#n990'>990</a>
<a id='n991' href='#n991'>991</a>
<a id='n992' href='#n992'>992</a>
<a id='n993' href='#n993'>993</a>
<a id='n994' href='#n994'>994</a>
<a id='n995' href='#n995'>995</a>
<a id='n996' href='#n996'>996</a>
<a id='n997' href='#n997'>997</a>
<a id='n998' href='#n998'>998</a>
<a id='n999' href='#n999'>999</a>
<a id='n1000' href='#n1000'>1000</a>
<a id='n1001' href='#n1001'>1001</a>
<a id='n1002' href='#n1002'>1002</a>
<a id='n1003' href='#n1003'>1003</a>
<a id='n1004' href='#n1004'>1004</a>
<a id='n1005' href='#n1005'>1005</a>
<a id='n1006' href='#n1006'>1006</a>
<a id='n1007' href='#n1007'>1007</a>
<a id='n1008' href='#n1008'>1008</a>
<a id='n1009' href='#n1009'>1009</a>
<a id='n1010' href='#n1010'>1010</a>
<a id='n1011' href='#n1011'>1011</a>
<a id='n1012' href='#n1012'>1012</a>
<a id='n1013' href='#n1013'>1013</a>
<a id='n1014' href='#n1014'>1014</a>
<a id='n1015' href='#n1015'>1015</a>
<a id='n1016' href='#n1016'>1016</a>
<a id='n1017' href='#n1017'>1017</a>
<a id='n1018' href='#n1018'>1018</a>
<a id='n1019' href='#n1019'>1019</a>
<a id='n1020' href='#n1020'>1020</a>
<a id='n1021' href='#n1021'>1021</a>
<a id='n1022' href='#n1022'>1022</a>
<a id='n1023' href='#n1023'>1023</a>
<a id='n1024' href='#n1024'>1024</a>
<a id='n1025' href='#n1025'>1025</a>
<a id='n1026' href='#n1026'>1026</a>
<a id='n1027' href='#n1027'>1027</a>
<a id='n1028' href='#n1028'>1028</a>
<a id='n1029' href='#n1029'>1029</a>
<a id='n1030' href='#n1030'>1030</a>
<a id='n1031' href='#n1031'>1031</a>
<a id='n1032' href='#n1032'>1032</a>
<a id='n1033' href='#n1033'>1033</a>
<a id='n1034' href='#n1034'>1034</a>
<a id='n1035' href='#n1035'>1035</a>
<a id='n1036' href='#n1036'>1036</a>
<a id='n1037' href='#n1037'>1037</a>
<a id='n1038' href='#n1038'>1038</a>
<a id='n1039' href='#n1039'>1039</a>
<a id='n1040' href='#n1040'>1040</a>
<a id='n1041' href='#n1041'>1041</a>
<a id='n1042' href='#n1042'>1042</a>
<a id='n1043' href='#n1043'>1043</a>
<a id='n1044' href='#n1044'>1044</a>
<a id='n1045' href='#n1045'>1045</a>
<a id='n1046' href='#n1046'>1046</a>
<a id='n1047' href='#n1047'>1047</a>
<a id='n1048' href='#n1048'>1048</a>
<a id='n1049' href='#n1049'>1049</a>
<a id='n1050' href='#n1050'>1050</a>
<a id='n1051' href='#n1051'>1051</a>
<a id='n1052' href='#n1052'>1052</a>
<a id='n1053' href='#n1053'>1053</a>
<a id='n1054' href='#n1054'>1054</a>
<a id='n1055' href='#n1055'>1055</a>
<a id='n1056' href='#n1056'>1056</a>
<a id='n1057' href='#n1057'>1057</a>
<a id='n1058' href='#n1058'>1058</a>
<a id='n1059' href='#n1059'>1059</a>
<a id='n1060' href='#n1060'>1060</a>
<a id='n1061' href='#n1061'>1061</a>
<a id='n1062' href='#n1062'>1062</a>
<a id='n1063' href='#n1063'>1063</a>
<a id='n1064' href='#n1064'>1064</a>
<a id='n1065' href='#n1065'>1065</a>
<a id='n1066' href='#n1066'>1066</a>
<a id='n1067' href='#n1067'>1067</a>
<a id='n1068' href='#n1068'>1068</a>
<a id='n1069' href='#n1069'>1069</a>
<a id='n1070' href='#n1070'>1070</a>
<a id='n1071' href='#n1071'>1071</a>
<a id='n1072' href='#n1072'>1072</a>
<a id='n1073' href='#n1073'>1073</a>
<a id='n1074' href='#n1074'>1074</a>
<a id='n1075' href='#n1075'>1075</a>
<a id='n1076' href='#n1076'>1076</a>
<a id='n1077' href='#n1077'>1077</a>
<a id='n1078' href='#n1078'>1078</a>
<a id='n1079' href='#n1079'>1079</a>
<a id='n1080' href='#n1080'>1080</a>
<a id='n1081' href='#n1081'>1081</a>
<a id='n1082' href='#n1082'>1082</a>
<a id='n1083' href='#n1083'>1083</a>
<a id='n1084' href='#n1084'>1084</a>
<a id='n1085' href='#n1085'>1085</a>
<a id='n1086' href='#n1086'>1086</a>
<a id='n1087' href='#n1087'>1087</a>
<a id='n1088' href='#n1088'>1088</a>
<a id='n1089' href='#n1089'>1089</a>
<a id='n1090' href='#n1090'>1090</a>
<a id='n1091' href='#n1091'>1091</a>
<a id='n1092' href='#n1092'>1092</a>
<a id='n1093' href='#n1093'>1093</a>
<a id='n1094' href='#n1094'>1094</a>
<a id='n1095' href='#n1095'>1095</a>
<a id='n1096' href='#n1096'>1096</a>
<a id='n1097' href='#n1097'>1097</a>
<a id='n1098' href='#n1098'>1098</a>
<a id='n1099' href='#n1099'>1099</a>
<a id='n1100' href='#n1100'>1100</a>
<a id='n1101' href='#n1101'>1101</a>
<a id='n1102' href='#n1102'>1102</a>
<a id='n1103' href='#n1103'>1103</a>
<a id='n1104' href='#n1104'>1104</a>
<a id='n1105' href='#n1105'>1105</a>
<a id='n1106' href='#n1106'>1106</a>
<a id='n1107' href='#n1107'>1107</a>
<a id='n1108' href='#n1108'>1108</a>
<a id='n1109' href='#n1109'>1109</a>
<a id='n1110' href='#n1110'>1110</a>
<a id='n1111' href='#n1111'>1111</a>
<a id='n1112' href='#n1112'>1112</a>
<a id='n1113' href='#n1113'>1113</a>
<a id='n1114' href='#n1114'>1114</a>
<a id='n1115' href='#n1115'>1115</a>
<a id='n1116' href='#n1116'>1116</a>
<a id='n1117' href='#n1117'>1117</a>
<a id='n1118' href='#n1118'>1118</a>
<a id='n1119' href='#n1119'>1119</a>
<a id='n1120' href='#n1120'>1120</a>
<a id='n1121' href='#n1121'>1121</a>
<a id='n1122' href='#n1122'>1122</a>
<a id='n1123' href='#n1123'>1123</a>
<a id='n1124' href='#n1124'>1124</a>
<a id='n1125' href='#n1125'>1125</a>
<a id='n1126' href='#n1126'>1126</a>
<a id='n1127' href='#n1127'>1127</a>
<a id='n1128' href='#n1128'>1128</a>
<a id='n1129' href='#n1129'>1129</a>
<a id='n1130' href='#n1130'>1130</a>
<a id='n1131' href='#n1131'>1131</a>
<a id='n1132' href='#n1132'>1132</a>
<a id='n1133' href='#n1133'>1133</a>
<a id='n1134' href='#n1134'>1134</a>
<a id='n1135' href='#n1135'>1135</a>
<a id='n1136' href='#n1136'>1136</a>
<a id='n1137' href='#n1137'>1137</a>
<a id='n1138' href='#n1138'>1138</a>
<a id='n1139' href='#n1139'>1139</a>
<a id='n1140' href='#n1140'>1140</a>
<a id='n1141' href='#n1141'>1141</a>
<a id='n1142' href='#n1142'>1142</a>
<a id='n1143' href='#n1143'>1143</a>
<a id='n1144' href='#n1144'>1144</a>
<a id='n1145' href='#n1145'>1145</a>
<a id='n1146' href='#n1146'>1146</a>
<a id='n1147' href='#n1147'>1147</a>
<a id='n1148' href='#n1148'>1148</a>
<a id='n1149' href='#n1149'>1149</a>
<a id='n1150' href='#n1150'>1150</a>
<a id='n1151' href='#n1151'>1151</a>
<a id='n1152' href='#n1152'>1152</a>
<a id='n1153' href='#n1153'>1153</a>
<a id='n1154' href='#n1154'>1154</a>
<a id='n1155' href='#n1155'>1155</a>
<a id='n1156' href='#n1156'>1156</a>
<a id='n1157' href='#n1157'>1157</a>
<a id='n1158' href='#n1158'>1158</a>
<a id='n1159' href='#n1159'>1159</a>
<a id='n1160' href='#n1160'>1160</a>
<a id='n1161' href='#n1161'>1161</a>
<a id='n1162' href='#n1162'>1162</a>
<a id='n1163' href='#n1163'>1163</a>
<a id='n1164' href='#n1164'>1164</a>
<a id='n1165' href='#n1165'>1165</a>
<a id='n1166' href='#n1166'>1166</a>
<a id='n1167' href='#n1167'>1167</a>
<a id='n1168' href='#n1168'>1168</a>
<a id='n1169' href='#n1169'>1169</a>
<a id='n1170' href='#n1170'>1170</a>
<a id='n1171' href='#n1171'>1171</a>
<a id='n1172' href='#n1172'>1172</a>
<a id='n1173' href='#n1173'>1173</a>
<a id='n1174' href='#n1174'>1174</a>
<a id='n1175' href='#n1175'>1175</a>
<a id='n1176' href='#n1176'>1176</a>
<a id='n1177' href='#n1177'>1177</a>
<a id='n1178' href='#n1178'>1178</a>
<a id='n1179' href='#n1179'>1179</a>
<a id='n1180' href='#n1180'>1180</a>
<a id='n1181' href='#n1181'>1181</a>
<a id='n1182' href='#n1182'>1182</a>
<a id='n1183' href='#n1183'>1183</a>
<a id='n1184' href='#n1184'>1184</a>
<a id='n1185' href='#n1185'>1185</a>
<a id='n1186' href='#n1186'>1186</a>
<a id='n1187' href='#n1187'>1187</a>
<a id='n1188' href='#n1188'>1188</a>
<a id='n1189' href='#n1189'>1189</a>
<a id='n1190' href='#n1190'>1190</a>
<a id='n1191' href='#n1191'>1191</a>
<a id='n1192' href='#n1192'>1192</a>
<a id='n1193' href='#n1193'>1193</a>
<a id='n1194' href='#n1194'>1194</a>
<a id='n1195' href='#n1195'>1195</a>
<a id='n1196' href='#n1196'>1196</a>
<a id='n1197' href='#n1197'>1197</a>
<a id='n1198' href='#n1198'>1198</a>
<a id='n1199' href='#n1199'>1199</a>
<a id='n1200' href='#n1200'>1200</a>
<a id='n1201' href='#n1201'>1201</a>
<a id='n1202' href='#n1202'>1202</a>
<a id='n1203' href='#n1203'>1203</a>
<a id='n1204' href='#n1204'>1204</a>
<a id='n1205' href='#n1205'>1205</a>
<a id='n1206' href='#n1206'>1206</a>
<a id='n1207' href='#n1207'>1207</a>
<a id='n1208' href='#n1208'>1208</a>
<a id='n1209' href='#n1209'>1209</a>
<a id='n1210' href='#n1210'>1210</a>
<a id='n1211' href='#n1211'>1211</a>
<a id='n1212' href='#n1212'>1212</a>
<a id='n1213' href='#n1213'>1213</a>
<a id='n1214' href='#n1214'>1214</a>
<a id='n1215' href='#n1215'>1215</a>
<a id='n1216' href='#n1216'>1216</a>
<a id='n1217' href='#n1217'>1217</a>
<a id='n1218' href='#n1218'>1218</a>
<a id='n1219' href='#n1219'>1219</a>
<a id='n1220' href='#n1220'>1220</a>
<a id='n1221' href='#n1221'>1221</a>
<a id='n1222' href='#n1222'>1222</a>
<a id='n1223' href='#n1223'>1223</a>
<a id='n1224' href='#n1224'>1224</a>
<a id='n1225' href='#n1225'>1225</a>
<a id='n1226' href='#n1226'>1226</a>
<a id='n1227' href='#n1227'>1227</a>
<a id='n1228' href='#n1228'>1228</a>
<a id='n1229' href='#n1229'>1229</a>
<a id='n1230' href='#n1230'>1230</a>
<a id='n1231' href='#n1231'>1231</a>
<a id='n1232' href='#n1232'>1232</a>
<a id='n1233' href='#n1233'>1233</a>
<a id='n1234' href='#n1234'>1234</a>
<a id='n1235' href='#n1235'>1235</a>
<a id='n1236' href='#n1236'>1236</a>
<a id='n1237' href='#n1237'>1237</a>
<a id='n1238' href='#n1238'>1238</a>
<a id='n1239' href='#n1239'>1239</a>
<a id='n1240' href='#n1240'>1240</a>
<a id='n1241' href='#n1241'>1241</a>
<a id='n1242' href='#n1242'>1242</a>
<a id='n1243' href='#n1243'>1243</a>
<a id='n1244' href='#n1244'>1244</a>
<a id='n1245' href='#n1245'>1245</a>
<a id='n1246' href='#n1246'>1246</a>
<a id='n1247' href='#n1247'>1247</a>
<a id='n1248' href='#n1248'>1248</a>
<a id='n1249' href='#n1249'>1249</a>
<a id='n1250' href='#n1250'>1250</a>
<a id='n1251' href='#n1251'>1251</a>
<a id='n1252' href='#n1252'>1252</a>
<a id='n1253' href='#n1253'>1253</a>
<a id='n1254' href='#n1254'>1254</a>
<a id='n1255' href='#n1255'>1255</a>
<a id='n1256' href='#n1256'>1256</a>
<a id='n1257' href='#n1257'>1257</a>
<a id='n1258' href='#n1258'>1258</a>
<a id='n1259' href='#n1259'>1259</a>
<a id='n1260' href='#n1260'>1260</a>
<a id='n1261' href='#n1261'>1261</a>
<a id='n1262' href='#n1262'>1262</a>
<a id='n1263' href='#n1263'>1263</a>
<a id='n1264' href='#n1264'>1264</a>
<a id='n1265' href='#n1265'>1265</a>
<a id='n1266' href='#n1266'>1266</a>
<a id='n1267' href='#n1267'>1267</a>
<a id='n1268' href='#n1268'>1268</a>
<a id='n1269' href='#n1269'>1269</a>
<a id='n1270' href='#n1270'>1270</a>
<a id='n1271' href='#n1271'>1271</a>
<a id='n1272' href='#n1272'>1272</a>
<a id='n1273' href='#n1273'>1273</a>
<a id='n1274' href='#n1274'>1274</a>
<a id='n1275' href='#n1275'>1275</a>
<a id='n1276' href='#n1276'>1276</a>
<a id='n1277' href='#n1277'>1277</a>
<a id='n1278' href='#n1278'>1278</a>
<a id='n1279' href='#n1279'>1279</a>
<a id='n1280' href='#n1280'>1280</a>
<a id='n1281' href='#n1281'>1281</a>
<a id='n1282' href='#n1282'>1282</a>
<a id='n1283' href='#n1283'>1283</a>
<a id='n1284' href='#n1284'>1284</a>
<a id='n1285' href='#n1285'>1285</a>
<a id='n1286' href='#n1286'>1286</a>
<a id='n1287' href='#n1287'>1287</a>
<a id='n1288' href='#n1288'>1288</a>
<a id='n1289' href='#n1289'>1289</a>
<a id='n1290' href='#n1290'>1290</a>
<a id='n1291' href='#n1291'>1291</a>
<a id='n1292' href='#n1292'>1292</a>
<a id='n1293' href='#n1293'>1293</a>
<a id='n1294' href='#n1294'>1294</a>
<a id='n1295' href='#n1295'>1295</a>
<a id='n1296' href='#n1296'>1296</a>
<a id='n1297' href='#n1297'>1297</a>
<a id='n1298' href='#n1298'>1298</a>
<a id='n1299' href='#n1299'>1299</a>
<a id='n1300' href='#n1300'>1300</a>
<a id='n1301' href='#n1301'>1301</a>
<a id='n1302' href='#n1302'>1302</a>
<a id='n1303' href='#n1303'>1303</a>
<a id='n1304' href='#n1304'>1304</a>
<a id='n1305' href='#n1305'>1305</a>
<a id='n1306' href='#n1306'>1306</a>
<a id='n1307' href='#n1307'>1307</a>
<a id='n1308' href='#n1308'>1308</a>
<a id='n1309' href='#n1309'>1309</a>
<a id='n1310' href='#n1310'>1310</a>
<a id='n1311' href='#n1311'>1311</a>
<a id='n1312' href='#n1312'>1312</a>
<a id='n1313' href='#n1313'>1313</a>
<a id='n1314' href='#n1314'>1314</a>
<a id='n1315' href='#n1315'>1315</a>
<a id='n1316' href='#n1316'>1316</a>
<a id='n1317' href='#n1317'>1317</a>
<a id='n1318' href='#n1318'>1318</a>
<a id='n1319' href='#n1319'>1319</a>
<a id='n1320' href='#n1320'>1320</a>
<a id='n1321' href='#n1321'>1321</a>
<a id='n1322' href='#n1322'>1322</a>
<a id='n1323' href='#n1323'>1323</a>
<a id='n1324' href='#n1324'>1324</a>
<a id='n1325' href='#n1325'>1325</a>
<a id='n1326' href='#n1326'>1326</a>
<a id='n1327' href='#n1327'>1327</a>
<a id='n1328' href='#n1328'>1328</a>
<a id='n1329' href='#n1329'>1329</a>
<a id='n1330' href='#n1330'>1330</a>
<a id='n1331' href='#n1331'>1331</a>
<a id='n1332' href='#n1332'>1332</a>
<a id='n1333' href='#n1333'>1333</a>
<a id='n1334' href='#n1334'>1334</a>
<a id='n1335' href='#n1335'>1335</a>
<a id='n1336' href='#n1336'>1336</a>
<a id='n1337' href='#n1337'>1337</a>
<a id='n1338' href='#n1338'>1338</a>
<a id='n1339' href='#n1339'>1339</a>
<a id='n1340' href='#n1340'>1340</a>
<a id='n1341' href='#n1341'>1341</a>
<a id='n1342' href='#n1342'>1342</a>
<a id='n1343' href='#n1343'>1343</a>
<a id='n1344' href='#n1344'>1344</a>
<a id='n1345' href='#n1345'>1345</a>
<a id='n1346' href='#n1346'>1346</a>
<a id='n1347' href='#n1347'>1347</a>
<a id='n1348' href='#n1348'>1348</a>
<a id='n1349' href='#n1349'>1349</a>
<a id='n1350' href='#n1350'>1350</a>
<a id='n1351' href='#n1351'>1351</a>
<a id='n1352' href='#n1352'>1352</a>
<a id='n1353' href='#n1353'>1353</a>
<a id='n1354' href='#n1354'>1354</a>
<a id='n1355' href='#n1355'>1355</a>
<a id='n1356' href='#n1356'>1356</a>
<a id='n1357' href='#n1357'>1357</a>
<a id='n1358' href='#n1358'>1358</a>
<a id='n1359' href='#n1359'>1359</a>
<a id='n1360' href='#n1360'>1360</a>
<a id='n1361' href='#n1361'>1361</a>
<a id='n1362' href='#n1362'>1362</a>
<a id='n1363' href='#n1363'>1363</a>
<a id='n1364' href='#n1364'>1364</a>
<a id='n1365' href='#n1365'>1365</a>
<a id='n1366' href='#n1366'>1366</a>
<a id='n1367' href='#n1367'>1367</a>
<a id='n1368' href='#n1368'>1368</a>
<a id='n1369' href='#n1369'>1369</a>
<a id='n1370' href='#n1370'>1370</a>
<a id='n1371' href='#n1371'>1371</a>
<a id='n1372' href='#n1372'>1372</a>
<a id='n1373' href='#n1373'>1373</a>
<a id='n1374' href='#n1374'>1374</a>
<a id='n1375' href='#n1375'>1375</a>
<a id='n1376' href='#n1376'>1376</a>
<a id='n1377' href='#n1377'>1377</a>
<a id='n1378' href='#n1378'>1378</a>
<a id='n1379' href='#n1379'>1379</a>
<a id='n1380' href='#n1380'>1380</a>
<a id='n1381' href='#n1381'>1381</a>
<a id='n1382' href='#n1382'>1382</a>
<a id='n1383' href='#n1383'>1383</a>
<a id='n1384' href='#n1384'>1384</a>
<a id='n1385' href='#n1385'>1385</a>
<a id='n1386' href='#n1386'>1386</a>
<a id='n1387' href='#n1387'>1387</a>
<a id='n1388' href='#n1388'>1388</a>
<a id='n1389' href='#n1389'>1389</a>
<a id='n1390' href='#n1390'>1390</a>
<a id='n1391' href='#n1391'>1391</a>
<a id='n1392' href='#n1392'>1392</a>
<a id='n1393' href='#n1393'>1393</a>
<a id='n1394' href='#n1394'>1394</a>
<a id='n1395' href='#n1395'>1395</a>
<a id='n1396' href='#n1396'>1396</a>
<a id='n1397' href='#n1397'>1397</a>
<a id='n1398' href='#n1398'>1398</a>
<a id='n1399' href='#n1399'>1399</a>
<a id='n1400' href='#n1400'>1400</a>
<a id='n1401' href='#n1401'>1401</a>
<a id='n1402' href='#n1402'>1402</a>
<a id='n1403' href='#n1403'>1403</a>
<a id='n1404' href='#n1404'>1404</a>
<a id='n1405' href='#n1405'>1405</a>
<a id='n1406' href='#n1406'>1406</a>
<a id='n1407' href='#n1407'>1407</a>
<a id='n1408' href='#n1408'>1408</a>
<a id='n1409' href='#n1409'>1409</a>
<a id='n1410' href='#n1410'>1410</a>
<a id='n1411' href='#n1411'>1411</a>
<a id='n1412' href='#n1412'>1412</a>
<a id='n1413' href='#n1413'>1413</a>
<a id='n1414' href='#n1414'>1414</a>
<a id='n1415' href='#n1415'>1415</a>
<a id='n1416' href='#n1416'>1416</a>
<a id='n1417' href='#n1417'>1417</a>
<a id='n1418' href='#n1418'>1418</a>
<a id='n1419' href='#n1419'>1419</a>
<a id='n1420' href='#n1420'>1420</a>
<a id='n1421' href='#n1421'>1421</a>
<a id='n1422' href='#n1422'>1422</a>
<a id='n1423' href='#n1423'>1423</a>
<a id='n1424' href='#n1424'>1424</a>
<a id='n1425' href='#n1425'>1425</a>
<a id='n1426' href='#n1426'>1426</a>
<a id='n1427' href='#n1427'>1427</a>
<a id='n1428' href='#n1428'>1428</a>
<a id='n1429' href='#n1429'>1429</a>
<a id='n1430' href='#n1430'>1430</a>
<a id='n1431' href='#n1431'>1431</a>
<a id='n1432' href='#n1432'>1432</a>
<a id='n1433' href='#n1433'>1433</a>
<a id='n1434' href='#n1434'>1434</a>
<a id='n1435' href='#n1435'>1435</a>
<a id='n1436' href='#n1436'>1436</a>
<a id='n1437' href='#n1437'>1437</a>
<a id='n1438' href='#n1438'>1438</a>
<a id='n1439' href='#n1439'>1439</a>
<a id='n1440' href='#n1440'>1440</a>
<a id='n1441' href='#n1441'>1441</a>
<a id='n1442' href='#n1442'>1442</a>
<a id='n1443' href='#n1443'>1443</a>
<a id='n1444' href='#n1444'>1444</a>
<a id='n1445' href='#n1445'>1445</a>
<a id='n1446' href='#n1446'>1446</a>
<a id='n1447' href='#n1447'>1447</a>
<a id='n1448' href='#n1448'>1448</a>
<a id='n1449' href='#n1449'>1449</a>
<a id='n1450' href='#n1450'>1450</a>
<a id='n1451' href='#n1451'>1451</a>
<a id='n1452' href='#n1452'>1452</a>
<a id='n1453' href='#n1453'>1453</a>
<a id='n1454' href='#n1454'>1454</a>
<a id='n1455' href='#n1455'>1455</a>
<a id='n1456' href='#n1456'>1456</a>
<a id='n1457' href='#n1457'>1457</a>
<a id='n1458' href='#n1458'>1458</a>
<a id='n1459' href='#n1459'>1459</a>
<a id='n1460' href='#n1460'>1460</a>
<a id='n1461' href='#n1461'>1461</a>
<a id='n1462' href='#n1462'>1462</a>
<a id='n1463' href='#n1463'>1463</a>
<a id='n1464' href='#n1464'>1464</a>
<a id='n1465' href='#n1465'>1465</a>
<a id='n1466' href='#n1466'>1466</a>
<a id='n1467' href='#n1467'>1467</a>
<a id='n1468' href='#n1468'>1468</a>
<a id='n1469' href='#n1469'>1469</a>
<a id='n1470' href='#n1470'>1470</a>
<a id='n1471' href='#n1471'>1471</a>
<a id='n1472' href='#n1472'>1472</a>
<a id='n1473' href='#n1473'>1473</a>
<a id='n1474' href='#n1474'>1474</a>
<a id='n1475' href='#n1475'>1475</a>
<a id='n1476' href='#n1476'>1476</a>
<a id='n1477' href='#n1477'>1477</a>
<a id='n1478' href='#n1478'>1478</a>
<a id='n1479' href='#n1479'>1479</a>
<a id='n1480' href='#n1480'>1480</a>
<a id='n1481' href='#n1481'>1481</a>
<a id='n1482' href='#n1482'>1482</a>
<a id='n1483' href='#n1483'>1483</a>
<a id='n1484' href='#n1484'>1484</a>
<a id='n1485' href='#n1485'>1485</a>
<a id='n1486' href='#n1486'>1486</a>
<a id='n1487' href='#n1487'>1487</a>
<a id='n1488' href='#n1488'>1488</a>
<a id='n1489' href='#n1489'>1489</a>
<a id='n1490' href='#n1490'>1490</a>
<a id='n1491' href='#n1491'>1491</a>
<a id='n1492' href='#n1492'>1492</a>
<a id='n1493' href='#n1493'>1493</a>
<a id='n1494' href='#n1494'>1494</a>
<a id='n1495' href='#n1495'>1495</a>
<a id='n1496' href='#n1496'>1496</a>
<a id='n1497' href='#n1497'>1497</a>
<a id='n1498' href='#n1498'>1498</a>
<a id='n1499' href='#n1499'>1499</a>
<a id='n1500' href='#n1500'>1500</a>
<a id='n1501' href='#n1501'>1501</a>
<a id='n1502' href='#n1502'>1502</a>
<a id='n1503' href='#n1503'>1503</a>
<a id='n1504' href='#n1504'>1504</a>
<a id='n1505' href='#n1505'>1505</a>
<a id='n1506' href='#n1506'>1506</a>
<a id='n1507' href='#n1507'>1507</a>
<a id='n1508' href='#n1508'>1508</a>
<a id='n1509' href='#n1509'>1509</a>
<a id='n1510' href='#n1510'>1510</a>
<a id='n1511' href='#n1511'>1511</a>
<a id='n1512' href='#n1512'>1512</a>
<a id='n1513' href='#n1513'>1513</a>
<a id='n1514' href='#n1514'>1514</a>
<a id='n1515' href='#n1515'>1515</a>
<a id='n1516' href='#n1516'>1516</a>
<a id='n1517' href='#n1517'>1517</a>
<a id='n1518' href='#n1518'>1518</a>
<a id='n1519' href='#n1519'>1519</a>
<a id='n1520' href='#n1520'>1520</a>
<a id='n1521' href='#n1521'>1521</a>
<a id='n1522' href='#n1522'>1522</a>
<a id='n1523' href='#n1523'>1523</a>
<a id='n1524' href='#n1524'>1524</a>
<a id='n1525' href='#n1525'>1525</a>
<a id='n1526' href='#n1526'>1526</a>
<a id='n1527' href='#n1527'>1527</a>
<a id='n1528' href='#n1528'>1528</a>
<a id='n1529' href='#n1529'>1529</a>
<a id='n1530' href='#n1530'>1530</a>
<a id='n1531' href='#n1531'>1531</a>
<a id='n1532' href='#n1532'>1532</a>
<a id='n1533' href='#n1533'>1533</a>
<a id='n1534' href='#n1534'>1534</a>
<a id='n1535' href='#n1535'>1535</a>
<a id='n1536' href='#n1536'>1536</a>
<a id='n1537' href='#n1537'>1537</a>
<a id='n1538' href='#n1538'>1538</a>
<a id='n1539' href='#n1539'>1539</a>
<a id='n1540' href='#n1540'>1540</a>
<a id='n1541' href='#n1541'>1541</a>
<a id='n1542' href='#n1542'>1542</a>
<a id='n1543' href='#n1543'>1543</a>
<a id='n1544' href='#n1544'>1544</a>
<a id='n1545' href='#n1545'>1545</a>
<a id='n1546' href='#n1546'>1546</a>
<a id='n1547' href='#n1547'>1547</a>
<a id='n1548' href='#n1548'>1548</a>
<a id='n1549' href='#n1549'>1549</a>
<a id='n1550' href='#n1550'>1550</a>
<a id='n1551' href='#n1551'>1551</a>
<a id='n1552' href='#n1552'>1552</a>
<a id='n1553' href='#n1553'>1553</a>
<a id='n1554' href='#n1554'>1554</a>
<a id='n1555' href='#n1555'>1555</a>
<a id='n1556' href='#n1556'>1556</a>
<a id='n1557' href='#n1557'>1557</a>
<a id='n1558' href='#n1558'>1558</a>
<a id='n1559' href='#n1559'>1559</a>
<a id='n1560' href='#n1560'>1560</a>
<a id='n1561' href='#n1561'>1561</a>
<a id='n1562' href='#n1562'>1562</a>
<a id='n1563' href='#n1563'>1563</a>
<a id='n1564' href='#n1564'>1564</a>
<a id='n1565' href='#n1565'>1565</a>
<a id='n1566' href='#n1566'>1566</a>
<a id='n1567' href='#n1567'>1567</a>
<a id='n1568' href='#n1568'>1568</a>
<a id='n1569' href='#n1569'>1569</a>
<a id='n1570' href='#n1570'>1570</a>
<a id='n1571' href='#n1571'>1571</a>
<a id='n1572' href='#n1572'>1572</a>
<a id='n1573' href='#n1573'>1573</a>
<a id='n1574' href='#n1574'>1574</a>
<a id='n1575' href='#n1575'>1575</a>
<a id='n1576' href='#n1576'>1576</a>
<a id='n1577' href='#n1577'>1577</a>
<a id='n1578' href='#n1578'>1578</a>
<a id='n1579' href='#n1579'>1579</a>
<a id='n1580' href='#n1580'>1580</a>
<a id='n1581' href='#n1581'>1581</a>
<a id='n1582' href='#n1582'>1582</a>
<a id='n1583' href='#n1583'>1583</a>
<a id='n1584' href='#n1584'>1584</a>
<a id='n1585' href='#n1585'>1585</a>
<a id='n1586' href='#n1586'>1586</a>
<a id='n1587' href='#n1587'>1587</a>
<a id='n1588' href='#n1588'>1588</a>
<a id='n1589' href='#n1589'>1589</a>
<a id='n1590' href='#n1590'>1590</a>
<a id='n1591' href='#n1591'>1591</a>
<a id='n1592' href='#n1592'>1592</a>
<a id='n1593' href='#n1593'>1593</a>
<a id='n1594' href='#n1594'>1594</a>
<a id='n1595' href='#n1595'>1595</a>
<a id='n1596' href='#n1596'>1596</a>
<a id='n1597' href='#n1597'>1597</a>
<a id='n1598' href='#n1598'>1598</a>
<a id='n1599' href='#n1599'>1599</a>
<a id='n1600' href='#n1600'>1600</a>
<a id='n1601' href='#n1601'>1601</a>
<a id='n1602' href='#n1602'>1602</a>
<a id='n1603' href='#n1603'>1603</a>
<a id='n1604' href='#n1604'>1604</a>
<a id='n1605' href='#n1605'>1605</a>
<a id='n1606' href='#n1606'>1606</a>
<a id='n1607' href='#n1607'>1607</a>
<a id='n1608' href='#n1608'>1608</a>
<a id='n1609' href='#n1609'>1609</a>
<a id='n1610' href='#n1610'>1610</a>
<a id='n1611' href='#n1611'>1611</a>
<a id='n1612' href='#n1612'>1612</a>
<a id='n1613' href='#n1613'>1613</a>
<a id='n1614' href='#n1614'>1614</a>
<a id='n1615' href='#n1615'>1615</a>
<a id='n1616' href='#n1616'>1616</a>
<a id='n1617' href='#n1617'>1617</a>
<a id='n1618' href='#n1618'>1618</a>
<a id='n1619' href='#n1619'>1619</a>
<a id='n1620' href='#n1620'>1620</a>
<a id='n1621' href='#n1621'>1621</a>
<a id='n1622' href='#n1622'>1622</a>
<a id='n1623' href='#n1623'>1623</a>
<a id='n1624' href='#n1624'>1624</a>
<a id='n1625' href='#n1625'>1625</a>
<a id='n1626' href='#n1626'>1626</a>
<a id='n1627' href='#n1627'>1627</a>
<a id='n1628' href='#n1628'>1628</a>
<a id='n1629' href='#n1629'>1629</a>
<a id='n1630' href='#n1630'>1630</a>
<a id='n1631' href='#n1631'>1631</a>
<a id='n1632' href='#n1632'>1632</a>
<a id='n1633' href='#n1633'>1633</a>
<a id='n1634' href='#n1634'>1634</a>
<a id='n1635' href='#n1635'>1635</a>
<a id='n1636' href='#n1636'>1636</a>
<a id='n1637' href='#n1637'>1637</a>
<a id='n1638' href='#n1638'>1638</a>
<a id='n1639' href='#n1639'>1639</a>
<a id='n1640' href='#n1640'>1640</a>
<a id='n1641' href='#n1641'>1641</a>
<a id='n1642' href='#n1642'>1642</a>
<a id='n1643' href='#n1643'>1643</a>
<a id='n1644' href='#n1644'>1644</a>
<a id='n1645' href='#n1645'>1645</a>
<a id='n1646' href='#n1646'>1646</a>
<a id='n1647' href='#n1647'>1647</a>
<a id='n1648' href='#n1648'>1648</a>
<a id='n1649' href='#n1649'>1649</a>
<a id='n1650' href='#n1650'>1650</a>
<a id='n1651' href='#n1651'>1651</a>
<a id='n1652' href='#n1652'>1652</a>
<a id='n1653' href='#n1653'>1653</a>
<a id='n1654' href='#n1654'>1654</a>
<a id='n1655' href='#n1655'>1655</a>
<a id='n1656' href='#n1656'>1656</a>
<a id='n1657' href='#n1657'>1657</a>
<a id='n1658' href='#n1658'>1658</a>
<a id='n1659' href='#n1659'>1659</a>
<a id='n1660' href='#n1660'>1660</a>
<a id='n1661' href='#n1661'>1661</a>
<a id='n1662' href='#n1662'>1662</a>
<a id='n1663' href='#n1663'>1663</a>
<a id='n1664' href='#n1664'>1664</a>
<a id='n1665' href='#n1665'>1665</a>
<a id='n1666' href='#n1666'>1666</a>
<a id='n1667' href='#n1667'>1667</a>
<a id='n1668' href='#n1668'>1668</a>
<a id='n1669' href='#n1669'>1669</a>
<a id='n1670' href='#n1670'>1670</a>
<a id='n1671' href='#n1671'>1671</a>
<a id='n1672' href='#n1672'>1672</a>
<a id='n1673' href='#n1673'>1673</a>
<a id='n1674' href='#n1674'>1674</a>
<a id='n1675' href='#n1675'>1675</a>
<a id='n1676' href='#n1676'>1676</a>
<a id='n1677' href='#n1677'>1677</a>
<a id='n1678' href='#n1678'>1678</a>
<a id='n1679' href='#n1679'>1679</a>
<a id='n1680' href='#n1680'>1680</a>
<a id='n1681' href='#n1681'>1681</a>
<a id='n1682' href='#n1682'>1682</a>
<a id='n1683' href='#n1683'>1683</a>
<a id='n1684' href='#n1684'>1684</a>
<a id='n1685' href='#n1685'>1685</a>
<a id='n1686' href='#n1686'>1686</a>
<a id='n1687' href='#n1687'>1687</a>
<a id='n1688' href='#n1688'>1688</a>
<a id='n1689' href='#n1689'>1689</a>
<a id='n1690' href='#n1690'>1690</a>
<a id='n1691' href='#n1691'>1691</a>
<a id='n1692' href='#n1692'>1692</a>
<a id='n1693' href='#n1693'>1693</a>
<a id='n1694' href='#n1694'>1694</a>
<a id='n1695' href='#n1695'>1695</a>
<a id='n1696' href='#n1696'>1696</a>
<a id='n1697' href='#n1697'>1697</a>
<a id='n1698' href='#n1698'>1698</a>
<a id='n1699' href='#n1699'>1699</a>
<a id='n1700' href='#n1700'>1700</a>
<a id='n1701' href='#n1701'>1701</a>
<a id='n1702' href='#n1702'>1702</a>
<a id='n1703' href='#n1703'>1703</a>
<a id='n1704' href='#n1704'>1704</a>
<a id='n1705' href='#n1705'>1705</a>
<a id='n1706' href='#n1706'>1706</a>
<a id='n1707' href='#n1707'>1707</a>
<a id='n1708' href='#n1708'>1708</a>
<a id='n1709' href='#n1709'>1709</a>
<a id='n1710' href='#n1710'>1710</a>
<a id='n1711' href='#n1711'>1711</a>
<a id='n1712' href='#n1712'>1712</a>
<a id='n1713' href='#n1713'>1713</a>
<a id='n1714' href='#n1714'>1714</a>
<a id='n1715' href='#n1715'>1715</a>
<a id='n1716' href='#n1716'>1716</a>
<a id='n1717' href='#n1717'>1717</a>
<a id='n1718' href='#n1718'>1718</a>
<a id='n1719' href='#n1719'>1719</a>
<a id='n1720' href='#n1720'>1720</a>
<a id='n1721' href='#n1721'>1721</a>
<a id='n1722' href='#n1722'>1722</a>
<a id='n1723' href='#n1723'>1723</a>
<a id='n1724' href='#n1724'>1724</a>
<a id='n1725' href='#n1725'>1725</a>
<a id='n1726' href='#n1726'>1726</a>
<a id='n1727' href='#n1727'>1727</a>
<a id='n1728' href='#n1728'>1728</a>
<a id='n1729' href='#n1729'>1729</a>
<a id='n1730' href='#n1730'>1730</a>
<a id='n1731' href='#n1731'>1731</a>
<a id='n1732' href='#n1732'>1732</a>
<a id='n1733' href='#n1733'>1733</a>
<a id='n1734' href='#n1734'>1734</a>
<a id='n1735' href='#n1735'>1735</a>
<a id='n1736' href='#n1736'>1736</a>
<a id='n1737' href='#n1737'>1737</a>
<a id='n1738' href='#n1738'>1738</a>
<a id='n1739' href='#n1739'>1739</a>
<a id='n1740' href='#n1740'>1740</a>
<a id='n1741' href='#n1741'>1741</a>
<a id='n1742' href='#n1742'>1742</a>
<a id='n1743' href='#n1743'>1743</a>
<a id='n1744' href='#n1744'>1744</a>
<a id='n1745' href='#n1745'>1745</a>
<a id='n1746' href='#n1746'>1746</a>
<a id='n1747' href='#n1747'>1747</a>
<a id='n1748' href='#n1748'>1748</a>
<a id='n1749' href='#n1749'>1749</a>
<a id='n1750' href='#n1750'>1750</a>
<a id='n1751' href='#n1751'>1751</a>
<a id='n1752' href='#n1752'>1752</a>
<a id='n1753' href='#n1753'>1753</a>
<a id='n1754' href='#n1754'>1754</a>
<a id='n1755' href='#n1755'>1755</a>
<a id='n1756' href='#n1756'>1756</a>
<a id='n1757' href='#n1757'>1757</a>
<a id='n1758' href='#n1758'>1758</a>
<a id='n1759' href='#n1759'>1759</a>
<a id='n1760' href='#n1760'>1760</a>
<a id='n1761' href='#n1761'>1761</a>
<a id='n1762' href='#n1762'>1762</a>
<a id='n1763' href='#n1763'>1763</a>
<a id='n1764' href='#n1764'>1764</a>
<a id='n1765' href='#n1765'>1765</a>
<a id='n1766' href='#n1766'>1766</a>
<a id='n1767' href='#n1767'>1767</a>
<a id='n1768' href='#n1768'>1768</a>
<a id='n1769' href='#n1769'>1769</a>
<a id='n1770' href='#n1770'>1770</a>
<a id='n1771' href='#n1771'>1771</a>
<a id='n1772' href='#n1772'>1772</a>
<a id='n1773' href='#n1773'>1773</a>
<a id='n1774' href='#n1774'>1774</a>
<a id='n1775' href='#n1775'>1775</a>
<a id='n1776' href='#n1776'>1776</a>
<a id='n1777' href='#n1777'>1777</a>
<a id='n1778' href='#n1778'>1778</a>
<a id='n1779' href='#n1779'>1779</a>
<a id='n1780' href='#n1780'>1780</a>
<a id='n1781' href='#n1781'>1781</a>
<a id='n1782' href='#n1782'>1782</a>
<a id='n1783' href='#n1783'>1783</a>
<a id='n1784' href='#n1784'>1784</a>
<a id='n1785' href='#n1785'>1785</a>
<a id='n1786' href='#n1786'>1786</a>
<a id='n1787' href='#n1787'>1787</a>
<a id='n1788' href='#n1788'>1788</a>
<a id='n1789' href='#n1789'>1789</a>
<a id='n1790' href='#n1790'>1790</a>
<a id='n1791' href='#n1791'>1791</a>
<a id='n1792' href='#n1792'>1792</a>
<a id='n1793' href='#n1793'>1793</a>
<a id='n1794' href='#n1794'>1794</a>
<a id='n1795' href='#n1795'>1795</a>
<a id='n1796' href='#n1796'>1796</a>
<a id='n1797' href='#n1797'>1797</a>
<a id='n1798' href='#n1798'>1798</a>
<a id='n1799' href='#n1799'>1799</a>
<a id='n1800' href='#n1800'>1800</a>
<a id='n1801' href='#n1801'>1801</a>
<a id='n1802' href='#n1802'>1802</a>
<a id='n1803' href='#n1803'>1803</a>
<a id='n1804' href='#n1804'>1804</a>
<a id='n1805' href='#n1805'>1805</a>
<a id='n1806' href='#n1806'>1806</a>
<a id='n1807' href='#n1807'>1807</a>
<a id='n1808' href='#n1808'>1808</a>
<a id='n1809' href='#n1809'>1809</a>
<a id='n1810' href='#n1810'>1810</a>
<a id='n1811' href='#n1811'>1811</a>
<a id='n1812' href='#n1812'>1812</a>
<a id='n1813' href='#n1813'>1813</a>
<a id='n1814' href='#n1814'>1814</a>
<a id='n1815' href='#n1815'>1815</a>
<a id='n1816' href='#n1816'>1816</a>
<a id='n1817' href='#n1817'>1817</a>
<a id='n1818' href='#n1818'>1818</a>
<a id='n1819' href='#n1819'>1819</a>
<a id='n1820' href='#n1820'>1820</a>
<a id='n1821' href='#n1821'>1821</a>
<a id='n1822' href='#n1822'>1822</a>
<a id='n1823' href='#n1823'>1823</a>
<a id='n1824' href='#n1824'>1824</a>
<a id='n1825' href='#n1825'>1825</a>
<a id='n1826' href='#n1826'>1826</a>
<a id='n1827' href='#n1827'>1827</a>
<a id='n1828' href='#n1828'>1828</a>
<a id='n1829' href='#n1829'>1829</a>
<a id='n1830' href='#n1830'>1830</a>
<a id='n1831' href='#n1831'>1831</a>
<a id='n1832' href='#n1832'>1832</a>
<a id='n1833' href='#n1833'>1833</a>
<a id='n1834' href='#n1834'>1834</a>
<a id='n1835' href='#n1835'>1835</a>
<a id='n1836' href='#n1836'>1836</a>
<a id='n1837' href='#n1837'>1837</a>
<a id='n1838' href='#n1838'>1838</a>
<a id='n1839' href='#n1839'>1839</a>
<a id='n1840' href='#n1840'>1840</a>
<a id='n1841' href='#n1841'>1841</a>
<a id='n1842' href='#n1842'>1842</a>
<a id='n1843' href='#n1843'>1843</a>
<a id='n1844' href='#n1844'>1844</a>
<a id='n1845' href='#n1845'>1845</a>
<a id='n1846' href='#n1846'>1846</a>
<a id='n1847' href='#n1847'>1847</a>
<a id='n1848' href='#n1848'>1848</a>
<a id='n1849' href='#n1849'>1849</a>
<a id='n1850' href='#n1850'>1850</a>
<a id='n1851' href='#n1851'>1851</a>
<a id='n1852' href='#n1852'>1852</a>
<a id='n1853' href='#n1853'>1853</a>
<a id='n1854' href='#n1854'>1854</a>
<a id='n1855' href='#n1855'>1855</a>
<a id='n1856' href='#n1856'>1856</a>
<a id='n1857' href='#n1857'>1857</a>
<a id='n1858' href='#n1858'>1858</a>
<a id='n1859' href='#n1859'>1859</a>
<a id='n1860' href='#n1860'>1860</a>
<a id='n1861' href='#n1861'>1861</a>
<a id='n1862' href='#n1862'>1862</a>
<a id='n1863' href='#n1863'>1863</a>
<a id='n1864' href='#n1864'>1864</a>
<a id='n1865' href='#n1865'>1865</a>
<a id='n1866' href='#n1866'>1866</a>
<a id='n1867' href='#n1867'>1867</a>
<a id='n1868' href='#n1868'>1868</a>
<a id='n1869' href='#n1869'>1869</a>
<a id='n1870' href='#n1870'>1870</a>
<a id='n1871' href='#n1871'>1871</a>
<a id='n1872' href='#n1872'>1872</a>
<a id='n1873' href='#n1873'>1873</a>
<a id='n1874' href='#n1874'>1874</a>
<a id='n1875' href='#n1875'>1875</a>
<a id='n1876' href='#n1876'>1876</a>
<a id='n1877' href='#n1877'>1877</a>
<a id='n1878' href='#n1878'>1878</a>
<a id='n1879' href='#n1879'>1879</a>
<a id='n1880' href='#n1880'>1880</a>
<a id='n1881' href='#n1881'>1881</a>
<a id='n1882' href='#n1882'>1882</a>
<a id='n1883' href='#n1883'>1883</a>
<a id='n1884' href='#n1884'>1884</a>
<a id='n1885' href='#n1885'>1885</a>
<a id='n1886' href='#n1886'>1886</a>
<a id='n1887' href='#n1887'>1887</a>
<a id='n1888' href='#n1888'>1888</a>
<a id='n1889' href='#n1889'>1889</a>
<a id='n1890' href='#n1890'>1890</a>
<a id='n1891' href='#n1891'>1891</a>
<a id='n1892' href='#n1892'>1892</a>
<a id='n1893' href='#n1893'>1893</a>
<a id='n1894' href='#n1894'>1894</a>
<a id='n1895' href='#n1895'>1895</a>
<a id='n1896' href='#n1896'>1896</a>
<a id='n1897' href='#n1897'>1897</a>
<a id='n1898' href='#n1898'>1898</a>
<a id='n1899' href='#n1899'>1899</a>
<a id='n1900' href='#n1900'>1900</a>
<a id='n1901' href='#n1901'>1901</a>
<a id='n1902' href='#n1902'>1902</a>
<a id='n1903' href='#n1903'>1903</a>
<a id='n1904' href='#n1904'>1904</a>
<a id='n1905' href='#n1905'>1905</a>
<a id='n1906' href='#n1906'>1906</a>
<a id='n1907' href='#n1907'>1907</a>
<a id='n1908' href='#n1908'>1908</a>
<a id='n1909' href='#n1909'>1909</a>
<a id='n1910' href='#n1910'>1910</a>
<a id='n1911' href='#n1911'>1911</a>
<a id='n1912' href='#n1912'>1912</a>
<a id='n1913' href='#n1913'>1913</a>
<a id='n1914' href='#n1914'>1914</a>
<a id='n1915' href='#n1915'>1915</a>
<a id='n1916' href='#n1916'>1916</a>
<a id='n1917' href='#n1917'>1917</a>
<a id='n1918' href='#n1918'>1918</a>
<a id='n1919' href='#n1919'>1919</a>
<a id='n1920' href='#n1920'>1920</a>
<a id='n1921' href='#n1921'>1921</a>
<a id='n1922' href='#n1922'>1922</a>
<a id='n1923' href='#n1923'>1923</a>
<a id='n1924' href='#n1924'>1924</a>
<a id='n1925' href='#n1925'>1925</a>
<a id='n1926' href='#n1926'>1926</a>
<a id='n1927' href='#n1927'>1927</a>
<a id='n1928' href='#n1928'>1928</a>
<a id='n1929' href='#n1929'>1929</a>
<a id='n1930' href='#n1930'>1930</a>
<a id='n1931' href='#n1931'>1931</a>
<a id='n1932' href='#n1932'>1932</a>
<a id='n1933' href='#n1933'>1933</a>
<a id='n1934' href='#n1934'>1934</a>
<a id='n1935' href='#n1935'>1935</a>
<a id='n1936' href='#n1936'>1936</a>
<a id='n1937' href='#n1937'>1937</a>
<a id='n1938' href='#n1938'>1938</a>
<a id='n1939' href='#n1939'>1939</a>
<a id='n1940' href='#n1940'>1940</a>
</pre></td>
<td class='lines'><pre><code>
<span class="hl slc"># Unix SMB/CIFS implementation.</span>
<span class="hl slc"># backend code for provisioning a Samba4 server</span>

<span class="hl slc"># Copyright (C) Jelmer Vernooij &lt;jelmer&#64;samba.org&gt; 2007-2010</span>
<span class="hl slc"># Copyright (C) Andrew Bartlett &lt;abartlet&#64;samba.org&gt; 2008-2009</span>
<span class="hl slc"># Copyright (C) Oliver Liebel &lt;oliver&#64;itc.li&gt; 2008-2009</span>
<span class="hl slc">#</span>
<span class="hl slc"># Based on the original in EJS:</span>
<span class="hl slc"># Copyright (C) Andrew Tridgell &lt;tridge&#64;samba.org&gt; 2005</span>
<span class="hl slc">#</span>
<span class="hl slc"># This program is free software; you can redistribute it and/or modify</span>
<span class="hl slc"># it under the terms of the GNU General Public License as published by</span>
<span class="hl slc"># the Free Software Foundation; either version 3 of the License, or</span>
<span class="hl slc"># (at your option) any later version.</span>
<span class="hl slc">#   </span>
<span class="hl slc"># This program is distributed in the hope that it will be useful,</span>
<span class="hl slc"># but WITHOUT ANY WARRANTY; without even the implied warranty of</span>
<span class="hl slc"># MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the</span>
<span class="hl slc"># GNU General Public License for more details.</span>
<span class="hl slc">#   </span>
<span class="hl slc"># You should have received a copy of the GNU General Public License</span>
<span class="hl slc"># along with this program.  If not, see &lt;http://www.gnu.org/licenses/&gt;.</span>
<span class="hl slc">#</span>

<span class="hl str">&quot;&quot;&quot;Functions for setting up a Samba configuration.&quot;&quot;&quot;</span>

<span class="hl kwa">from</span> base64 <span class="hl kwa">import</span> b64encode
<span class="hl kwa">import</span> os
<span class="hl kwa">import</span> re
<span class="hl kwa">import</span> pwd
<span class="hl kwa">import</span> grp
<span class="hl kwa">import</span> logging
<span class="hl kwa">import</span> time
<span class="hl kwa">import</span> uuid
<span class="hl kwa">import</span> socket
<span class="hl kwa">import</span> urllib
<span class="hl kwa">import</span> shutil

<span class="hl kwa">import</span> ldb

<span class="hl kwa">from</span> samba<span class="hl opt">.</span>auth <span class="hl kwa">import</span> system_session<span class="hl opt">,</span> admin_session
<span class="hl kwa">import</span> samba
<span class="hl kwa">from</span> samba <span class="hl kwa">import</span> version<span class="hl opt">,</span> Ldb<span class="hl opt">,</span> substitute_var<span class="hl opt">,</span> valid_netbios_name
<span class="hl kwa">from</span> samba <span class="hl kwa">import</span> check_all_substituted<span class="hl opt">,</span> read_and_sub_file<span class="hl opt">,</span> setup_file
<span class="hl kwa">from</span> samba<span class="hl opt">.</span>dsdb <span class="hl kwa">import</span> DS_DOMAIN_FUNCTION_2003<span class="hl opt">,</span> DS_DOMAIN_FUNCTION_2008_R2<span class="hl opt">,</span> ENC_ALL_TYPES
<span class="hl kwa">from</span> samba<span class="hl opt">.</span>dcerpc <span class="hl kwa">import</span> security
<span class="hl kwa">from</span> samba<span class="hl opt">.</span>dcerpc<span class="hl opt">.</span>misc <span class="hl kwa">import</span> SEC_CHAN_BDC<span class="hl opt">,</span> SEC_CHAN_WKSTA
<span class="hl kwa">from</span> samba<span class="hl opt">.</span>idmap <span class="hl kwa">import</span> IDmapDB
<span class="hl kwa">from</span> samba<span class="hl opt">.</span>ms_display_specifiers <span class="hl kwa">import</span> read_ms_ldif
<span class="hl kwa">from</span> samba<span class="hl opt">.</span>ntacls <span class="hl kwa">import</span> setntacl<span class="hl opt">,</span> dsacl2fsacl
<span class="hl kwa">from</span> samba<span class="hl opt">.</span>ndr <span class="hl kwa">import</span> ndr_pack<span class="hl opt">,</span>ndr_unpack
<span class="hl kwa">from</span> samba<span class="hl opt">.</span>provisionbackend <span class="hl kwa">import</span> <span class="hl opt">(</span>
    ExistingBackend<span class="hl opt">,</span>
    FDSBackend<span class="hl opt">,</span>
    LDBBackend<span class="hl opt">,</span>
    OpenLDAPBackend<span class="hl opt">,</span>
    <span class="hl opt">)</span>
<span class="hl kwa">import</span> samba<span class="hl opt">.</span>param
<span class="hl kwa">import</span> samba<span class="hl opt">.</span>registry
<span class="hl kwa">from</span> samba<span class="hl opt">.</span>schema <span class="hl kwa">import</span> Schema
<span class="hl kwa">from</span> samba<span class="hl opt">.</span>samdb <span class="hl kwa">import</span> SamDB

__docformat__ <span class="hl opt">=</span> <span class="hl str">&quot;restructuredText&quot;</span>
DEFAULT_POLICY_GUID <span class="hl opt">=</span> <span class="hl str">&quot;31B2F340-016D-11D2-945F-00C04FB984F9&quot;</span>
DEFAULT_DC_POLICY_GUID <span class="hl opt">=</span> <span class="hl str">&quot;6AC1786C-016F-11D2-945F-00C04fB984F9&quot;</span>

<span class="hl kwa">def</span> <span class="hl kwd">find_setup_dir</span><span class="hl opt">():</span>
    <span class="hl str">&quot;&quot;&quot;Find the setup directory used by provision.&quot;&quot;&quot;</span>
    <span class="hl kwa">import</span> sys
    <span class="hl kwa">for</span> prefix <span class="hl kwa">in</span> <span class="hl opt">[</span>sys<span class="hl opt">.</span>prefix<span class="hl opt">,</span>
            os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">dirname</span><span class="hl opt">(</span>__file__<span class="hl opt">),</span> <span class="hl str">&quot;../../../..&quot;</span><span class="hl opt">)]:</span>
        <span class="hl kwa">for</span> suffix <span class="hl kwa">in</span> <span class="hl opt">[</span><span class="hl str">&quot;share/setup&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;share/samba/setup&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;setup&quot;</span><span class="hl opt">]:</span>
            ret <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>prefix<span class="hl opt">,</span> suffix<span class="hl opt">)</span>
            <span class="hl kwa">if</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">isdir</span><span class="hl opt">(</span>ret<span class="hl opt">):</span>
                <span class="hl kwa">return</span> ret
    <span class="hl slc"># In source tree</span>
    dirname <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">dirname</span><span class="hl opt">(</span>__file__<span class="hl opt">)</span>
    ret <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>dirname<span class="hl opt">,</span> <span class="hl str">&quot;../../../setup&quot;</span><span class="hl opt">)</span>
    <span class="hl kwa">if</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">isdir</span><span class="hl opt">(</span>ret<span class="hl opt">):</span>
        <span class="hl kwa">return</span> ret
    <span class="hl kwa">raise</span> <span class="hl kwc">Exception</span><span class="hl opt">(</span><span class="hl str">&quot;Unable to find setup directory.&quot;</span><span class="hl opt">)</span>

<span class="hl slc"># Descriptors of naming contexts and other important objects</span>

<span class="hl slc"># &quot;get_schema_descriptor&quot; is located in &quot;schema.py&quot;</span>

<span class="hl kwa">def</span> <span class="hl kwd">get_sites_descriptor</span><span class="hl opt">(</span>domain_sid<span class="hl opt">):</span>
    sddl <span class="hl opt">=</span> <span class="hl str">&quot;O:EAG:EAD:AI(A;;RPLCLORC;;;AU)&quot;</span> \
           <span class="hl str">&quot;(A;;RPWPCRCCLCLORCWOWDSW;;;EA)&quot;</span> \
           <span class="hl str">&quot;(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)&quot;</span> \
           <span class="hl str">&quot;(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)&quot;</span> \
           <span class="hl str">&quot;(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;DA)&quot;</span> \
           <span class="hl str">&quot;S:AI(AU;CISA;CCDCSDDT;;;WD)&quot;</span> \
           <span class="hl str">&quot;(OU;CIIOSA;CR;;f0f8ffab-1191-11d0-a060-00aa006c33ed;WD)&quot;</span> \
           <span class="hl str">&quot;(OU;CIIOSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967ab3-0de6-11d0-a285-00aa003049e2;WD)&quot;</span> \
           <span class="hl str">&quot;(OU;CIIOSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967ab3-0de6-11d0-a285-00aa003049e2;WD)&quot;</span> \
           <span class="hl str">&quot;(OU;CIIOSA;WP;3e10944c-c354-11d0-aff8-0000f80367c1;b7b13124-b82e-11d0-afee-0000f80367c1;WD)&quot;</span>
    sec <span class="hl opt">=</span> security<span class="hl opt">.</span>descriptor<span class="hl opt">.</span><span class="hl kwd">from_sddl</span><span class="hl opt">(</span>sddl<span class="hl opt">,</span> domain_sid<span class="hl opt">)</span>
    <span class="hl kwa">return</span> <span class="hl kwd">ndr_pack</span><span class="hl opt">(</span>sec<span class="hl opt">)</span>

<span class="hl kwa">def</span> <span class="hl kwd">get_config_descriptor</span><span class="hl opt">(</span>domain_sid<span class="hl opt">):</span>
    sddl <span class="hl opt">=</span> <span class="hl str">&quot;O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)&quot;</span> \
           <span class="hl str">&quot;(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)&quot;</span> \
           <span class="hl str">&quot;(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)&quot;</span> \
           <span class="hl str">&quot;(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)&quot;</span> \
           <span class="hl str">&quot;(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)&quot;</span> \
           <span class="hl str">&quot;(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)&quot;</span> \
           <span class="hl str">&quot;(A;;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)&quot;</span> \
           <span class="hl str">&quot;(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;CIIO;RPWPCRCCLCLORCWOWDSDSW;;;DA)&quot;</span> \
           <span class="hl str">&quot;(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)&quot;</span> \
           <span class="hl str">&quot;(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)&quot;</span> \
           <span class="hl str">&quot;(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)&quot;</span> \
           <span class="hl str">&quot;(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)&quot;</span> \
           <span class="hl str">&quot;(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)&quot;</span> \
           <span class="hl str">&quot;S:(AU;SA;WPWOWD;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)&quot;</span> \
           <span class="hl str">&quot;(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)&quot;</span>
    sec <span class="hl opt">=</span> security<span class="hl opt">.</span>descriptor<span class="hl opt">.</span><span class="hl kwd">from_sddl</span><span class="hl opt">(</span>sddl<span class="hl opt">,</span> domain_sid<span class="hl opt">)</span>
    <span class="hl kwa">return</span> <span class="hl kwd">ndr_pack</span><span class="hl opt">(</span>sec<span class="hl opt">)</span>

<span class="hl kwa">def</span> <span class="hl kwd">get_domain_descriptor</span><span class="hl opt">(</span>domain_sid<span class="hl opt">):</span>
    sddl<span class="hl opt">=</span> <span class="hl str">&quot;O:BAG:BAD:AI(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)&quot;</span> \
        <span class="hl str">&quot;(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;IF)&quot;</span> \
    <span class="hl str">&quot;(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RPLCLORC;;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)&quot;</span> \
    <span class="hl str">&quot;(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)&quot;</span> \
    <span class="hl str">&quot;(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)&quot;</span> \
    <span class="hl str">&quot;(OA;CIIO;RPWPCR;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)&quot;</span> \
    <span class="hl str">&quot;(A;;RPWPCRCCLCLORCWOWDSW;;;DA)&quot;</span> \
    <span class="hl str">&quot;(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)&quot;</span> \
    <span class="hl str">&quot;(A;;RPRC;;;RU)&quot;</span> \
    <span class="hl str">&quot;(A;CI;LC;;;RU)&quot;</span> \
    <span class="hl str">&quot;(A;CI;RPWPCRCCLCLORCWOWDSDSW;;;BA)&quot;</span> \
    <span class="hl str">&quot;(A;;RP;;;WD)&quot;</span> \
    <span class="hl str">&quot;(A;;RPLCLORC;;;ED)&quot;</span> \
    <span class="hl str">&quot;(A;;RPLCLORC;;;AU)&quot;</span> \
    <span class="hl str">&quot;(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)&quot;</span> \
    <span class="hl str">&quot;S:AI(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)&quot;</span> \
    <span class="hl str">&quot;(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)&quot;</span> \
    <span class="hl str">&quot;(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPWOWD;;;WD)&quot;</span>
    sec <span class="hl opt">=</span> security<span class="hl opt">.</span>descriptor<span class="hl opt">.</span><span class="hl kwd">from_sddl</span><span class="hl opt">(</span>sddl<span class="hl opt">,</span> domain_sid<span class="hl opt">)</span>
    <span class="hl kwa">return</span> <span class="hl kwd">ndr_pack</span><span class="hl opt">(</span>sec<span class="hl opt">)</span>

DEFAULTSITE <span class="hl opt">=</span> <span class="hl str">&quot;Default-First-Site-Name&quot;</span>
LAST_PROVISION_USN_ATTRIBUTE <span class="hl opt">=</span> <span class="hl str">&quot;lastProvisionUSN&quot;</span>

<span class="hl kwa">class</span> <span class="hl kwd">ProvisionPaths</span><span class="hl opt">(</span><span class="hl kwb">object</span><span class="hl opt">):</span>

    <span class="hl kwa">def</span> <span class="hl kwd">__init__</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        self<span class="hl opt">.</span>shareconf <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>hklm <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>hkcu <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>hkcr <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>hku <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>hkpd <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>hkpt <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>samdb <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>idmapdb <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>secrets <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>keytab <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>dns_keytab <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>dns <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>winsdb <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>private_dir <span class="hl opt">=</span> <span class="hl kwa">None</span>


<span class="hl kwa">class</span> <span class="hl kwd">ProvisionNames</span><span class="hl opt">(</span><span class="hl kwb">object</span><span class="hl opt">):</span>

    <span class="hl kwa">def</span> <span class="hl kwd">__init__</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        self<span class="hl opt">.</span>rootdn <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>domaindn <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>configdn <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>schemadn <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>ldapmanagerdn <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>dnsdomain <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>realm <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>netbiosname <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>domain <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>hostname <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>sitename <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>smbconf <span class="hl opt">=</span> <span class="hl kwa">None</span>


<span class="hl kwa">def</span> <span class="hl kwd">update_provision_usn</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> low<span class="hl opt">,</span> high<span class="hl opt">,</span> replace<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Update the field provisionUSN in sam.ldb</span>
<span class="hl str"></span>
<span class="hl str">    This field is used to track range of USN modified by provision and </span>
<span class="hl str">    upgradeprovision.</span>
<span class="hl str">    This value is used afterward by next provision to figure out if </span>
<span class="hl str">    the field have been modified since last provision.</span>
<span class="hl str"></span>
<span class="hl str">    :param samdb: An LDB object connect to sam.ldb</span>
<span class="hl str">    :param low: The lowest USN modified by this upgrade</span>
<span class="hl str">    :param high: The highest USN modified by this upgrade</span>
<span class="hl str">    :param replace: A boolean indicating if the range should replace any </span>
<span class="hl str">                    existing one or appended (default)</span>
<span class="hl str">    &quot;&quot;&quot;</span>

    tab <span class="hl opt">= []</span>
    <span class="hl kwa">if not</span> replace<span class="hl opt">:</span>
        entry <span class="hl opt">=</span> samdb<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>expression<span class="hl opt">=</span><span class="hl str">&quot;(&amp;(dn=&#64;PROVISION)(</span><span class="hl ipl">%s</span><span class="hl str">=*))&quot;</span> <span class="hl opt">%</span> \
                                LAST_PROVISION_USN_ATTRIBUTE<span class="hl opt">,</span> base<span class="hl opt">=</span><span class="hl str">&quot;&quot;</span><span class="hl opt">,</span> 
                                scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">,</span>
                                attrs<span class="hl opt">=[</span>LAST_PROVISION_USN_ATTRIBUTE<span class="hl opt">,</span> <span class="hl str">&quot;dn&quot;</span><span class="hl opt">])</span>
        <span class="hl kwa">for</span> e <span class="hl kwa">in</span> entry<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span>LAST_PROVISION_USN_ATTRIBUTE<span class="hl opt">]:</span>
            tab<span class="hl opt">.</span><span class="hl kwd">append</span><span class="hl opt">(</span><span class="hl kwb">str</span><span class="hl opt">(</span>e<span class="hl opt">))</span>

    tab<span class="hl opt">.</span><span class="hl kwd">append</span><span class="hl opt">(</span><span class="hl str">&quot;</span><span class="hl ipl">%s-%s</span><span class="hl str">&quot;</span> <span class="hl opt">% (</span>low<span class="hl opt">,</span> high<span class="hl opt">))</span>
    delta <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Message</span><span class="hl opt">()</span>
    delta<span class="hl opt">.</span>dn <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Dn</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl str">&quot;&#64;PROVISION&quot;</span><span class="hl opt">)</span>
    delta<span class="hl opt">[</span>LAST_PROVISION_USN_ATTRIBUTE<span class="hl opt">] =</span> ldb<span class="hl opt">.</span><span class="hl kwd">MessageElement</span><span class="hl opt">(</span>tab<span class="hl opt">,</span>
                                                    ldb<span class="hl opt">.</span>FLAG_MOD_REPLACE<span class="hl opt">,</span>
                                                    LAST_PROVISION_USN_ATTRIBUTE<span class="hl opt">)</span>
    samdb<span class="hl opt">.</span><span class="hl kwd">modify</span><span class="hl opt">(</span>delta<span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">set_provision_usn</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> low<span class="hl opt">,</span> high<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Set the field provisionUSN in sam.ldb</span>
<span class="hl str">    This field is used to track range of USN modified by provision and</span>
<span class="hl str">    upgradeprovision.</span>
<span class="hl str">    This value is used afterward by next provision to figure out if</span>
<span class="hl str">    the field have been modified since last provision.</span>
<span class="hl str"></span>
<span class="hl str">    :param samdb: An LDB object connect to sam.ldb</span>
<span class="hl str">    :param low: The lowest USN modified by this upgrade</span>
<span class="hl str">    :param high: The highest USN modified by this upgrade&quot;&quot;&quot;</span>
    tab <span class="hl opt">= []</span>
    tab<span class="hl opt">.</span><span class="hl kwd">append</span><span class="hl opt">(</span><span class="hl str">&quot;</span><span class="hl ipl">%s-%s</span><span class="hl str">&quot;</span> <span class="hl opt">% (</span>low<span class="hl opt">,</span> high<span class="hl opt">))</span>
    delta <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Message</span><span class="hl opt">()</span>
    delta<span class="hl opt">.</span>dn <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Dn</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl str">&quot;&#64;PROVISION&quot;</span><span class="hl opt">)</span>
    delta<span class="hl opt">[</span>LAST_PROVISION_USN_ATTRIBUTE<span class="hl opt">] =</span> ldb<span class="hl opt">.</span><span class="hl kwd">MessageElement</span><span class="hl opt">(</span>tab<span class="hl opt">,</span>
                                                  ldb<span class="hl opt">.</span>FLAG_MOD_ADD<span class="hl opt">,</span>
                                                  LAST_PROVISION_USN_ATTRIBUTE<span class="hl opt">)</span>
    samdb<span class="hl opt">.</span><span class="hl kwd">add</span><span class="hl opt">(</span>delta<span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">get_max_usn</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span>basedn<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot; This function return the biggest USN present in the provision</span>
<span class="hl str"></span>
<span class="hl str">    :param samdb: A LDB object pointing to the sam.ldb</span>
<span class="hl str">    :param basedn: A string containing the base DN of the provision</span>
<span class="hl str">                    (ie. DC=foo, DC=bar)</span>
<span class="hl str">    :return: The biggest USN in the provision&quot;&quot;&quot;</span>

    res <span class="hl opt">=</span> samdb<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>expression<span class="hl opt">=</span><span class="hl str">&quot;objectClass=*&quot;</span><span class="hl opt">,</span>base<span class="hl opt">=</span>basedn<span class="hl opt">,</span>
                         scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">,</span>attrs<span class="hl opt">=[</span><span class="hl str">&quot;uSNChanged&quot;</span><span class="hl opt">],</span>
                         controls<span class="hl opt">=[</span><span class="hl str">&quot;search_options:1:2&quot;</span><span class="hl opt">,</span>
                                   <span class="hl str">&quot;server_sort:1:1:uSNChanged&quot;</span><span class="hl opt">,</span>
                                   <span class="hl str">&quot;paged_results:1:1&quot;</span><span class="hl opt">])</span>
    <span class="hl kwa">return</span> res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;uSNChanged&quot;</span><span class="hl opt">]</span>
    
<span class="hl kwa">def</span> <span class="hl kwd">get_last_provision_usn</span><span class="hl opt">(</span>sam<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Get the lastest USN modified by a provision or an upgradeprovision</span>
<span class="hl str"></span>
<span class="hl str">    :param sam: An LDB object pointing to the sam.ldb</span>
<span class="hl str">    :return an integer corresponding to the highest USN modified by </span>
<span class="hl str">            (upgrade)provision, 0 is this value is unknown&quot;&quot;&quot;</span>

    entry <span class="hl opt">=</span> sam<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>expression<span class="hl opt">=</span><span class="hl str">&quot;(&amp;(dn=&#64;PROVISION)(</span><span class="hl ipl">%s</span><span class="hl str">=*))&quot;</span> <span class="hl opt">%</span> \
                        LAST_PROVISION_USN_ATTRIBUTE<span class="hl opt">,</span>
                        base<span class="hl opt">=</span><span class="hl str">&quot;&quot;</span><span class="hl opt">,</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">,</span>
                        attrs<span class="hl opt">=[</span>LAST_PROVISION_USN_ATTRIBUTE<span class="hl opt">])</span>
    <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>entry<span class="hl opt">):</span>
        <span class="hl kwb">range</span> <span class="hl opt">= []</span>
        idx <span class="hl opt">=</span> <span class="hl num">0</span>
        p <span class="hl opt">=</span> re<span class="hl opt">.</span><span class="hl kwb">compile</span><span class="hl opt">(</span>r<span class="hl str">&#39;-&#39;</span><span class="hl opt">)</span>
        <span class="hl kwa">for</span> r <span class="hl kwa">in</span> entry<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span>LAST_PROVISION_USN_ATTRIBUTE<span class="hl opt">]:</span>
            tab <span class="hl opt">=</span> p<span class="hl opt">.</span><span class="hl kwd">split</span><span class="hl opt">(</span><span class="hl kwb">str</span><span class="hl opt">(</span>r<span class="hl opt">))</span>
            <span class="hl kwb">range</span><span class="hl opt">.</span><span class="hl kwd">append</span><span class="hl opt">(</span>tab<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">])</span>
            <span class="hl kwb">range</span><span class="hl opt">.</span><span class="hl kwd">append</span><span class="hl opt">(</span>tab<span class="hl opt">[</span><span class="hl num">1</span><span class="hl opt">])</span>
            idx <span class="hl opt">=</span> idx <span class="hl opt">+</span> <span class="hl num">1</span>
        <span class="hl kwa">return</span> <span class="hl kwb">range</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        <span class="hl kwa">return None</span>

<span class="hl kwa">class</span> <span class="hl kwd">ProvisionResult</span><span class="hl opt">(</span><span class="hl kwb">object</span><span class="hl opt">):</span>

    <span class="hl kwa">def</span> <span class="hl kwd">__init__</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        self<span class="hl opt">.</span>paths <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>domaindn <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>lp <span class="hl opt">=</span> <span class="hl kwa">None</span>
        self<span class="hl opt">.</span>samdb <span class="hl opt">=</span> <span class="hl kwa">None</span>


<span class="hl kwa">def</span> <span class="hl kwd">check_install</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> session_info<span class="hl opt">,</span> credentials<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Check whether the current install seems ok.</span>
<span class="hl str">    </span>
<span class="hl str">    :param lp: Loadparm context</span>
<span class="hl str">    :param session_info: Session information</span>
<span class="hl str">    :param credentials: Credentials</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">if</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;realm&quot;</span><span class="hl opt">) ==</span> <span class="hl str">&quot;&quot;</span><span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwc">Exception</span><span class="hl opt">(</span><span class="hl str">&quot;Realm empty&quot;</span><span class="hl opt">)</span>
    samdb <span class="hl opt">=</span> <span class="hl kwd">Ldb</span><span class="hl opt">(</span>lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;sam database&quot;</span><span class="hl opt">),</span> session_info<span class="hl opt">=</span>session_info<span class="hl opt">,</span> 
            credentials<span class="hl opt">=</span>credentials<span class="hl opt">,</span> lp<span class="hl opt">=</span>lp<span class="hl opt">)</span>
    <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>samdb<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span><span class="hl str">&quot;(cn=Administrator)&quot;</span><span class="hl opt">)) !=</span> <span class="hl num">1</span><span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwd">ProvisioningError</span><span class="hl opt">(</span><span class="hl str">&quot;No administrator account found&quot;</span><span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">findnss</span><span class="hl opt">(</span>nssfn<span class="hl opt">,</span> names<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Find a user or group from a list of possibilities.</span>
<span class="hl str">    </span>
<span class="hl str">    :param nssfn: NSS Function to try (should raise KeyError if not found)</span>
<span class="hl str">    :param names: Names to check.</span>
<span class="hl str">    :return: Value return by first names list.</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">for</span> name <span class="hl kwa">in</span> names<span class="hl opt">:</span>
        <span class="hl kwa">try</span><span class="hl opt">:</span>
            <span class="hl kwa">return</span> <span class="hl kwd">nssfn</span><span class="hl opt">(</span>name<span class="hl opt">)</span>
        <span class="hl kwa">except</span> <span class="hl kwc">KeyError</span><span class="hl opt">:</span>
            <span class="hl kwa">pass</span>
    <span class="hl kwa">raise</span> <span class="hl kwc">KeyError</span><span class="hl opt">(</span><span class="hl str">&quot;Unable to find user/group in</span> <span class="hl ipl">%r</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> names<span class="hl opt">)</span>


findnss_uid <span class="hl opt">=</span> <span class="hl kwa">lambda</span> names<span class="hl opt">:</span> <span class="hl kwd">findnss</span><span class="hl opt">(</span>pwd<span class="hl opt">.</span>getpwnam<span class="hl opt">,</span> names<span class="hl opt">)[</span><span class="hl num">2</span><span class="hl opt">]</span>
findnss_gid <span class="hl opt">=</span> <span class="hl kwa">lambda</span> names<span class="hl opt">:</span> <span class="hl kwd">findnss</span><span class="hl opt">(</span>grp<span class="hl opt">.</span>getgrnam<span class="hl opt">,</span> names<span class="hl opt">)[</span><span class="hl num">2</span><span class="hl opt">]</span>


<span class="hl kwa">def</span> <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>ldb<span class="hl opt">,</span> ldif_path<span class="hl opt">,</span> subst_vars<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>controls<span class="hl opt">=[</span><span class="hl str">&quot;relax:0&quot;</span><span class="hl opt">]):</span>
    <span class="hl str">&quot;&quot;&quot;Setup a ldb in the private dir.</span>
<span class="hl str">    </span>
<span class="hl str">    :param ldb: LDB file to import data into</span>
<span class="hl str">    :param ldif_path: Path of the LDIF file to load</span>
<span class="hl str">    :param subst_vars: Optional variables to subsitute in LDIF.</span>
<span class="hl str">    :param nocontrols: Optional list of controls, can be None for no controls</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">assert</span> <span class="hl kwb">isinstance</span><span class="hl opt">(</span>ldif_path<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">)</span>
    data <span class="hl opt">=</span> <span class="hl kwd">read_and_sub_file</span><span class="hl opt">(</span>ldif_path<span class="hl opt">,</span> subst_vars<span class="hl opt">)</span>
    ldb<span class="hl opt">.</span><span class="hl kwd">add_ldif</span><span class="hl opt">(</span>data<span class="hl opt">,</span> controls<span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">setup_modify_ldif</span><span class="hl opt">(</span>ldb<span class="hl opt">,</span> ldif_path<span class="hl opt">,</span> subst_vars<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>controls<span class="hl opt">=[</span><span class="hl str">&quot;relax:0&quot;</span><span class="hl opt">]):</span>
    <span class="hl str">&quot;&quot;&quot;Modify a ldb in the private dir.</span>
<span class="hl str">    </span>
<span class="hl str">    :param ldb: LDB object.</span>
<span class="hl str">    :param ldif_path: LDIF file path.</span>
<span class="hl str">    :param subst_vars: Optional dictionary with substitution variables.</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    data <span class="hl opt">=</span> <span class="hl kwd">read_and_sub_file</span><span class="hl opt">(</span>ldif_path<span class="hl opt">,</span> subst_vars<span class="hl opt">)</span>
    ldb<span class="hl opt">.</span><span class="hl kwd">modify_ldif</span><span class="hl opt">(</span>data<span class="hl opt">,</span> controls<span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">setup_ldb</span><span class="hl opt">(</span>ldb<span class="hl opt">,</span> ldif_path<span class="hl opt">,</span> subst_vars<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Import a LDIF a file into a LDB handle, optionally substituting variables.</span>
<span class="hl str"></span>
<span class="hl str">    :note: Either all LDIF data will be added or none (using transactions).</span>
<span class="hl str"></span>
<span class="hl str">    :param ldb: LDB file to import into.</span>
<span class="hl str">    :param ldif_path: Path to the LDIF file.</span>
<span class="hl str">    :param subst_vars: Dictionary with substitution variables.</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">assert</span> ldb <span class="hl kwa">is not None</span>
    ldb<span class="hl opt">.</span><span class="hl kwd">transaction_start</span><span class="hl opt">()</span>
    <span class="hl kwa">try</span><span class="hl opt">:</span>
        <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>ldb<span class="hl opt">,</span> ldif_path<span class="hl opt">,</span> subst_vars<span class="hl opt">)</span>
    <span class="hl kwa">except</span><span class="hl opt">:</span>
        ldb<span class="hl opt">.</span><span class="hl kwd">transaction_cancel</span><span class="hl opt">()</span>
        <span class="hl kwa">raise</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        ldb<span class="hl opt">.</span><span class="hl kwd">transaction_commit</span><span class="hl opt">()</span>


<span class="hl kwa">def</span> <span class="hl kwd">provision_paths_from_lp</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> dnsdomain<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Set the default paths for provisioning.</span>
<span class="hl str"></span>
<span class="hl str">    :param lp: Loadparm context.</span>
<span class="hl str">    :param dnsdomain: DNS Domain name</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    paths <span class="hl opt">=</span> <span class="hl kwd">ProvisionPaths</span><span class="hl opt">()</span>
    paths<span class="hl opt">.</span>private_dir <span class="hl opt">=</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;private dir&quot;</span><span class="hl opt">)</span>

    <span class="hl slc"># This is stored without path prefix for the &quot;privateKeytab&quot; attribute in</span>
    <span class="hl slc"># &quot;secrets_dns.ldif&quot;.</span>
    paths<span class="hl opt">.</span>dns_keytab <span class="hl opt">=</span> <span class="hl str">&quot;dns.keytab&quot;</span>
    paths<span class="hl opt">.</span>keytab <span class="hl opt">=</span> <span class="hl str">&quot;secrets.keytab&quot;</span>

    paths<span class="hl opt">.</span>shareconf <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> <span class="hl str">&quot;share.ldb&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>samdb <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;sam database&quot;</span><span class="hl opt">)</span> <span class="hl kwa">or</span> <span class="hl str">&quot;samdb.ldb&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>idmapdb <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;idmap database&quot;</span><span class="hl opt">)</span> <span class="hl kwa">or</span> <span class="hl str">&quot;idmap.ldb&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>secrets <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;secrets database&quot;</span><span class="hl opt">)</span> <span class="hl kwa">or</span> <span class="hl str">&quot;secrets.ldb&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>privilege <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> <span class="hl str">&quot;privilege.ldb&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>dns <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> <span class="hl str">&quot;dns&quot;</span><span class="hl opt">,</span> dnsdomain <span class="hl opt">+</span> <span class="hl str">&quot;.zone&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>dns_update_list <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> <span class="hl str">&quot;dns_update_list&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>spn_update_list <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> <span class="hl str">&quot;spn_update_list&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>namedconf <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> <span class="hl str">&quot;named.conf&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>namedconf_update <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> <span class="hl str">&quot;named.conf.update&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>namedtxt <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> <span class="hl str">&quot;named.txt&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>krb5conf <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> <span class="hl str">&quot;krb5.conf&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>winsdb <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> <span class="hl str">&quot;wins.ldb&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>s4_ldapi_path <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> <span class="hl str">&quot;ldapi&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>phpldapadminconfig <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> 
                                            <span class="hl str">&quot;phpldapadmin-config.php&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>hklm <span class="hl opt">=</span> <span class="hl str">&quot;hklm.ldb&quot;</span>
    paths<span class="hl opt">.</span>hkcr <span class="hl opt">=</span> <span class="hl str">&quot;hkcr.ldb&quot;</span>
    paths<span class="hl opt">.</span>hkcu <span class="hl opt">=</span> <span class="hl str">&quot;hkcu.ldb&quot;</span>
    paths<span class="hl opt">.</span>hku <span class="hl opt">=</span> <span class="hl str">&quot;hku.ldb&quot;</span>
    paths<span class="hl opt">.</span>hkpd <span class="hl opt">=</span> <span class="hl str">&quot;hkpd.ldb&quot;</span>
    paths<span class="hl opt">.</span>hkpt <span class="hl opt">=</span> <span class="hl str">&quot;hkpt.ldb&quot;</span>
    paths<span class="hl opt">.</span>sysvol <span class="hl opt">=</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;path&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;sysvol&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>netlogon <span class="hl opt">=</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;path&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;netlogon&quot;</span><span class="hl opt">)</span>
    paths<span class="hl opt">.</span>smbconf <span class="hl opt">=</span> lp<span class="hl opt">.</span>configfile
    <span class="hl kwa">return</span> paths


<span class="hl kwa">def</span> <span class="hl kwd">guess_names</span><span class="hl opt">(</span>lp<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> hostname<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> domain<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> dnsdomain<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
                serverrole<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> rootdn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> domaindn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> configdn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
                schemadn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> serverdn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> sitename<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Guess configuration settings to use.&quot;&quot;&quot;</span>

    <span class="hl kwa">if</span> hostname <span class="hl kwa">is None</span><span class="hl opt">:</span>
        hostname <span class="hl opt">=</span> socket<span class="hl opt">.</span><span class="hl kwd">gethostname</span><span class="hl opt">().</span><span class="hl kwd">split</span><span class="hl opt">(</span><span class="hl str">&quot;.&quot;</span><span class="hl opt">)[</span><span class="hl num">0</span><span class="hl opt">]</span>

    netbiosname <span class="hl opt">=</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;netbios name&quot;</span><span class="hl opt">)</span>
    <span class="hl kwa">if</span> netbiosname <span class="hl kwa">is None</span><span class="hl opt">:</span>
        netbiosname <span class="hl opt">=</span> hostname
    <span class="hl kwa">assert</span> netbiosname <span class="hl kwa">is not None</span>
    netbiosname <span class="hl opt">=</span> netbiosname<span class="hl opt">.</span><span class="hl kwd">upper</span><span class="hl opt">()</span>
    <span class="hl kwa">if not</span> <span class="hl kwd">valid_netbios_name</span><span class="hl opt">(</span>netbiosname<span class="hl opt">):</span>
        <span class="hl kwa">raise</span> <span class="hl kwd">InvalidNetbiosName</span><span class="hl opt">(</span>netbiosname<span class="hl opt">)</span>

    <span class="hl kwa">if</span> dnsdomain <span class="hl kwa">is None</span><span class="hl opt">:</span>
        dnsdomain <span class="hl opt">=</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;realm&quot;</span><span class="hl opt">)</span>
        <span class="hl kwa">if</span> dnsdomain <span class="hl kwa">is None or</span> dnsdomain <span class="hl opt">==</span> <span class="hl str">&quot;&quot;</span><span class="hl opt">:</span>
            <span class="hl kwa">raise</span> <span class="hl kwd">ProvisioningError</span><span class="hl opt">(</span><span class="hl str">&quot;guess_names: &#39;realm&#39; not specified in supplied</span> <span class="hl ipl">%s</span><span class="hl str">!&quot;</span><span class="hl opt">,</span> lp<span class="hl opt">.</span>configfile<span class="hl opt">)</span>

    dnsdomain <span class="hl opt">=</span> dnsdomain<span class="hl opt">.</span><span class="hl kwd">lower</span><span class="hl opt">()</span>

    <span class="hl kwa">if</span> serverrole <span class="hl kwa">is None</span><span class="hl opt">:</span>
        serverrole <span class="hl opt">=</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;server role&quot;</span><span class="hl opt">)</span>
        <span class="hl kwa">if</span> serverrole <span class="hl kwa">is None</span><span class="hl opt">:</span>
            <span class="hl kwa">raise</span> <span class="hl kwd">ProvisioningError</span><span class="hl opt">(</span><span class="hl str">&quot;guess_names: &#39;server role&#39; not specified in supplied</span> <span class="hl ipl">%s</span><span class="hl str">!&quot;</span> <span class="hl opt">%</span> lp<span class="hl opt">.</span>configfile<span class="hl opt">)</span>

    serverrole <span class="hl opt">=</span> serverrole<span class="hl opt">.</span><span class="hl kwd">lower</span><span class="hl opt">()</span>

    realm <span class="hl opt">=</span> dnsdomain<span class="hl opt">.</span><span class="hl kwd">upper</span><span class="hl opt">()</span>

    <span class="hl kwa">if</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;realm&quot;</span><span class="hl opt">) ==</span> <span class="hl str">&quot;&quot;</span><span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwd">ProvisioningError</span><span class="hl opt">(</span><span class="hl str">&quot;guess_names: &#39;realm =&#39; was not specified in supplied</span> <span class="hl ipl">%s</span><span class="hl str">.  Please remove the smb.conf file and let provision generate it&quot;</span> <span class="hl opt">%</span> lp<span class="hl opt">.</span>configfile<span class="hl opt">)</span>

    <span class="hl kwa">if</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;realm&quot;</span><span class="hl opt">).</span><span class="hl kwd">upper</span><span class="hl opt">() !=</span> realm<span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwd">ProvisioningError</span><span class="hl opt">(</span><span class="hl str">&quot;guess_names: &#39;realm=</span><span class="hl ipl">%s</span><span class="hl str">&#39; in</span> <span class="hl ipl">%s</span> <span class="hl str">must match chosen realm &#39;</span><span class="hl ipl">%s</span><span class="hl str">&#39;!  Please remove the smb.conf file and let provision generate it&quot;</span> <span class="hl opt">% (</span>lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;realm&quot;</span><span class="hl opt">).</span><span class="hl kwd">upper</span><span class="hl opt">(),</span> realm<span class="hl opt">,</span> lp<span class="hl opt">.</span>configfile<span class="hl opt">))</span>

    <span class="hl kwa">if</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;server role&quot;</span><span class="hl opt">).</span><span class="hl kwd">lower</span><span class="hl opt">() !=</span> serverrole<span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwd">ProvisioningError</span><span class="hl opt">(</span><span class="hl str">&quot;guess_names: &#39;server role=</span><span class="hl ipl">%s</span><span class="hl str">&#39; in</span> <span class="hl ipl">%s</span> <span class="hl str">must match chosen server role &#39;</span><span class="hl ipl">%s</span><span class="hl str">&#39;!  Please remove the smb.conf file and let provision generate it&quot;</span> <span class="hl opt">% (</span>lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;server role&quot;</span><span class="hl opt">).</span><span class="hl kwd">upper</span><span class="hl opt">(),</span> serverrole<span class="hl opt">,</span> lp<span class="hl opt">.</span>configfile<span class="hl opt">))</span>

    <span class="hl kwa">if</span> serverrole <span class="hl opt">==</span> <span class="hl str">&quot;domain controller&quot;</span><span class="hl opt">:</span>
        <span class="hl kwa">if</span> domain <span class="hl kwa">is None</span><span class="hl opt">:</span>
            <span class="hl slc"># This will, for better or worse, default to &#39;WORKGROUP&#39;</span>
            domain <span class="hl opt">=</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;workgroup&quot;</span><span class="hl opt">)</span>
        domain <span class="hl opt">=</span> domain<span class="hl opt">.</span><span class="hl kwd">upper</span><span class="hl opt">()</span>

        <span class="hl kwa">if</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;workgroup&quot;</span><span class="hl opt">).</span><span class="hl kwd">upper</span><span class="hl opt">() !=</span> domain<span class="hl opt">:</span>
            <span class="hl kwa">raise</span> <span class="hl kwd">ProvisioningError</span><span class="hl opt">(</span><span class="hl str">&quot;guess_names: Workgroup &#39;</span><span class="hl ipl">%s</span><span class="hl str">&#39; in smb.conf must match chosen domain &#39;</span><span class="hl ipl">%s</span><span class="hl str">&#39;!  Please remove the</span> <span class="hl ipl">%s</span> <span class="hl str">file and let provision generate it&quot;</span> <span class="hl opt">% (</span>lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;workgroup&quot;</span><span class="hl opt">).</span><span class="hl kwd">upper</span><span class="hl opt">(),</span> domain<span class="hl opt">,</span> lp<span class="hl opt">.</span>configfile<span class="hl opt">))</span>

        <span class="hl kwa">if</span> domaindn <span class="hl kwa">is None</span><span class="hl opt">:</span>
            domaindn <span class="hl opt">=</span> <span class="hl str">&quot;DC=&quot;</span> <span class="hl opt">+</span> dnsdomain<span class="hl opt">.</span><span class="hl kwd">replace</span><span class="hl opt">(</span><span class="hl str">&quot;.&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;,DC=&quot;</span><span class="hl opt">)</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        domain <span class="hl opt">=</span> netbiosname
        <span class="hl kwa">if</span> domaindn <span class="hl kwa">is None</span><span class="hl opt">:</span>
            domaindn <span class="hl opt">=</span> <span class="hl str">&quot;DC=&quot;</span> <span class="hl opt">+</span> netbiosname
        
    <span class="hl kwa">if not</span> <span class="hl kwd">valid_netbios_name</span><span class="hl opt">(</span>domain<span class="hl opt">):</span>
        <span class="hl kwa">raise</span> <span class="hl kwd">InvalidNetbiosName</span><span class="hl opt">(</span>domain<span class="hl opt">)</span>
        
    <span class="hl kwa">if</span> hostname<span class="hl opt">.</span><span class="hl kwd">upper</span><span class="hl opt">() ==</span> realm<span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwd">ProvisioningError</span><span class="hl opt">(</span><span class="hl str">&quot;guess_names: Realm &#39;</span><span class="hl ipl">%s</span><span class="hl str">&#39; must not be equal to hostname &#39;</span><span class="hl ipl">%s</span><span class="hl str">&#39;!&quot;</span> <span class="hl opt">% (</span>realm<span class="hl opt">,</span> hostname<span class="hl opt">))</span>
    <span class="hl kwa">if</span> netbiosname <span class="hl opt">==</span> realm<span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwd">ProvisioningError</span><span class="hl opt">(</span><span class="hl str">&quot;guess_names: Realm &#39;</span><span class="hl ipl">%s</span><span class="hl str">&#39; must not be equal to netbios hostname &#39;</span><span class="hl ipl">%s</span><span class="hl str">&#39;!&quot;</span> <span class="hl opt">% (</span>realm<span class="hl opt">,</span> netbiosname<span class="hl opt">))</span>
    <span class="hl kwa">if</span> domain <span class="hl opt">==</span> realm<span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwd">ProvisioningError</span><span class="hl opt">(</span><span class="hl str">&quot;guess_names: Realm &#39;</span><span class="hl ipl">%s</span><span class="hl str">&#39; must not be equal to short domain name &#39;</span><span class="hl ipl">%s</span><span class="hl str">&#39;!&quot;</span> <span class="hl opt">% (</span>realm<span class="hl opt">,</span> domain<span class="hl opt">))</span>

    <span class="hl kwa">if</span> rootdn <span class="hl kwa">is None</span><span class="hl opt">:</span>
       rootdn <span class="hl opt">=</span> domaindn
       
    <span class="hl kwa">if</span> configdn <span class="hl kwa">is None</span><span class="hl opt">:</span>
        configdn <span class="hl opt">=</span> <span class="hl str">&quot;CN=Configuration,&quot;</span> <span class="hl opt">+</span> rootdn
    <span class="hl kwa">if</span> schemadn <span class="hl kwa">is None</span><span class="hl opt">:</span>
        schemadn <span class="hl opt">=</span> <span class="hl str">&quot;CN=Schema,&quot;</span> <span class="hl opt">+</span> configdn

    <span class="hl kwa">if</span> sitename <span class="hl kwa">is None</span><span class="hl opt">:</span>
        sitename<span class="hl opt">=</span>DEFAULTSITE

    names <span class="hl opt">=</span> <span class="hl kwd">ProvisionNames</span><span class="hl opt">()</span>
    names<span class="hl opt">.</span>rootdn <span class="hl opt">=</span> rootdn
    names<span class="hl opt">.</span>domaindn <span class="hl opt">=</span> domaindn
    names<span class="hl opt">.</span>configdn <span class="hl opt">=</span> configdn
    names<span class="hl opt">.</span>schemadn <span class="hl opt">=</span> schemadn
    names<span class="hl opt">.</span>ldapmanagerdn <span class="hl opt">=</span> <span class="hl str">&quot;CN=Manager,&quot;</span> <span class="hl opt">+</span> rootdn
    names<span class="hl opt">.</span>dnsdomain <span class="hl opt">=</span> dnsdomain
    names<span class="hl opt">.</span>domain <span class="hl opt">=</span> domain
    names<span class="hl opt">.</span>realm <span class="hl opt">=</span> realm
    names<span class="hl opt">.</span>netbiosname <span class="hl opt">=</span> netbiosname
    names<span class="hl opt">.</span>hostname <span class="hl opt">=</span> hostname
    names<span class="hl opt">.</span>sitename <span class="hl opt">=</span> sitename
    names<span class="hl opt">.</span>serverdn <span class="hl opt">=</span> <span class="hl str">&quot;CN=</span><span class="hl ipl">%s</span><span class="hl str">,CN=Servers,CN=</span><span class="hl ipl">%s</span><span class="hl str">,CN=Sites,</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">% (</span>netbiosname<span class="hl opt">,</span> sitename<span class="hl opt">,</span> configdn<span class="hl opt">)</span>
 
    <span class="hl kwa">return</span> names
    

<span class="hl kwa">def</span> <span class="hl kwd">make_smbconf</span><span class="hl opt">(</span>smbconf<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> hostname<span class="hl opt">,</span> domain<span class="hl opt">,</span> realm<span class="hl opt">,</span> serverrole<span class="hl opt">,</span> 
                 targetdir<span class="hl opt">,</span> sid_generator<span class="hl opt">=</span><span class="hl str">&quot;internal&quot;</span><span class="hl opt">,</span> eadb<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Create a new smb.conf file based on a couple of basic settings.</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">assert</span> smbconf <span class="hl kwa">is not None</span>
    <span class="hl kwa">if</span> hostname <span class="hl kwa">is None</span><span class="hl opt">:</span>
        hostname <span class="hl opt">=</span> socket<span class="hl opt">.</span><span class="hl kwd">gethostname</span><span class="hl opt">().</span><span class="hl kwd">split</span><span class="hl opt">(</span><span class="hl str">&quot;.&quot;</span><span class="hl opt">)[</span><span class="hl num">0</span><span class="hl opt">]</span>
    netbiosname <span class="hl opt">=</span> hostname<span class="hl opt">.</span><span class="hl kwd">upper</span><span class="hl opt">()</span>

    <span class="hl kwa">if</span> serverrole <span class="hl kwa">is None</span><span class="hl opt">:</span>
        serverrole <span class="hl opt">=</span> <span class="hl str">&quot;standalone&quot;</span>

    <span class="hl kwa">assert</span> serverrole <span class="hl kwa">in</span> <span class="hl opt">(</span><span class="hl str">&quot;domain controller&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;member server&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;standalone&quot;</span><span class="hl opt">)</span>
    <span class="hl kwa">if</span> serverrole <span class="hl opt">==</span> <span class="hl str">&quot;domain controller&quot;</span><span class="hl opt">:</span>
        smbconfsuffix <span class="hl opt">=</span> <span class="hl str">&quot;dc&quot;</span>
    <span class="hl kwa">elif</span> serverrole <span class="hl opt">==</span> <span class="hl str">&quot;member server&quot;</span><span class="hl opt">:</span>
        smbconfsuffix <span class="hl opt">=</span> <span class="hl str">&quot;member&quot;</span>
    <span class="hl kwa">elif</span> serverrole <span class="hl opt">==</span> <span class="hl str">&quot;standalone&quot;</span><span class="hl opt">:</span>
        smbconfsuffix <span class="hl opt">=</span> <span class="hl str">&quot;standalone&quot;</span>

    <span class="hl kwa">if</span> sid_generator <span class="hl kwa">is None</span><span class="hl opt">:</span>
        sid_generator <span class="hl opt">=</span> <span class="hl str">&quot;internal&quot;</span>

    <span class="hl kwa">assert</span> domain <span class="hl kwa">is not None</span>
    domain <span class="hl opt">=</span> domain<span class="hl opt">.</span><span class="hl kwd">upper</span><span class="hl opt">()</span>

    <span class="hl kwa">assert</span> realm <span class="hl kwa">is not None</span>
    realm <span class="hl opt">=</span> realm<span class="hl opt">.</span><span class="hl kwd">upper</span><span class="hl opt">()</span>

    default_lp <span class="hl opt">=</span> samba<span class="hl opt">.</span>param<span class="hl opt">.</span><span class="hl kwd">LoadParm</span><span class="hl opt">()</span>
    <span class="hl slc">#Load non-existant file</span>
    <span class="hl kwa">if</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>smbconf<span class="hl opt">):</span>
        default_lp<span class="hl opt">.</span><span class="hl kwd">load</span><span class="hl opt">(</span>smbconf<span class="hl opt">)</span>
    <span class="hl kwa">if</span> eadb<span class="hl opt">:</span>
        <span class="hl kwa">if</span> targetdir <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            privdir <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>targetdir<span class="hl opt">,</span> <span class="hl str">&quot;private&quot;</span><span class="hl opt">)</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            privdir <span class="hl opt">=</span> default_lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;private dir&quot;</span><span class="hl opt">)</span>
        posixeadb_line <span class="hl opt">=</span> <span class="hl str">&quot;posix:eadb = &quot;</span> <span class="hl opt">+</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">abspath</span><span class="hl opt">(</span>os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>privdir<span class="hl opt">,</span> <span class="hl str">&quot;eadb.tdb&quot;</span><span class="hl opt">))</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        posixeadb_line <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>

    <span class="hl kwa">if</span> targetdir <span class="hl kwa">is not None</span><span class="hl opt">:</span>
        privatedir_line <span class="hl opt">=</span> <span class="hl str">&quot;private dir = &quot;</span> <span class="hl opt">+</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">abspath</span><span class="hl opt">(</span>os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>targetdir<span class="hl opt">,</span> <span class="hl str">&quot;private&quot;</span><span class="hl opt">))</span>
        lockdir_line <span class="hl opt">=</span> <span class="hl str">&quot;lock dir = &quot;</span> <span class="hl opt">+</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">abspath</span><span class="hl opt">(</span>targetdir<span class="hl opt">)</span>

        default_lp<span class="hl opt">.</span><span class="hl kwb">set</span><span class="hl opt">(</span><span class="hl str">&quot;lock dir&quot;</span><span class="hl opt">,</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">abspath</span><span class="hl opt">(</span>targetdir<span class="hl opt">))</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        privatedir_line <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>
        lockdir_line <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>

    <span class="hl kwa">if</span> sid_generator <span class="hl opt">==</span> <span class="hl str">&quot;internal&quot;</span><span class="hl opt">:</span>
        sid_generator_line <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        sid_generator_line <span class="hl opt">=</span> <span class="hl str">&quot;sid generator = &quot;</span> <span class="hl opt">+</span> sid_generator

    used_setup_dir <span class="hl opt">=</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;&quot;</span><span class="hl opt">)</span>
    default_setup_dir <span class="hl opt">=</span> default_lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;setup directory&quot;</span><span class="hl opt">)</span>
    setupdir_line <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>
    <span class="hl kwa">if</span> used_setup_dir <span class="hl opt">!=</span> default_setup_dir<span class="hl opt">:</span>
        setupdir_line <span class="hl opt">=</span> <span class="hl str">&quot;setup directory =</span> <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> used_setup_dir
        default_lp<span class="hl opt">.</span><span class="hl kwb">set</span><span class="hl opt">(</span><span class="hl str">&quot;setup directory&quot;</span><span class="hl opt">,</span> used_setup_dir<span class="hl opt">)</span>

    sysvol <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>default_lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;lock dir&quot;</span><span class="hl opt">),</span> <span class="hl str">&quot;sysvol&quot;</span><span class="hl opt">)</span>
    netlogon <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>sysvol<span class="hl opt">,</span> realm<span class="hl opt">.</span><span class="hl kwd">lower</span><span class="hl opt">(),</span> <span class="hl str">&quot;scripts&quot;</span><span class="hl opt">)</span>

    <span class="hl kwd">setup_file</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision.smb.conf.</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> smbconfsuffix<span class="hl opt">),</span> 
               smbconf<span class="hl opt">, {</span>
            <span class="hl str">&quot;NETBIOS_NAME&quot;</span><span class="hl opt">:</span> netbiosname<span class="hl opt">,</span>
            <span class="hl str">&quot;DOMAIN&quot;</span><span class="hl opt">:</span> domain<span class="hl opt">,</span>
            <span class="hl str">&quot;REALM&quot;</span><span class="hl opt">:</span> realm<span class="hl opt">,</span>
            <span class="hl str">&quot;SERVERROLE&quot;</span><span class="hl opt">:</span> serverrole<span class="hl opt">,</span>
            <span class="hl str">&quot;NETLOGONPATH&quot;</span><span class="hl opt">:</span> netlogon<span class="hl opt">,</span>
            <span class="hl str">&quot;SYSVOLPATH&quot;</span><span class="hl opt">:</span> sysvol<span class="hl opt">,</span>
            <span class="hl str">&quot;SETUPDIRECTORY_LINE&quot;</span><span class="hl opt">:</span> setupdir_line<span class="hl opt">,</span>
            <span class="hl str">&quot;SIDGENERATOR_LINE&quot;</span><span class="hl opt">:</span> sid_generator_line<span class="hl opt">,</span>
            <span class="hl str">&quot;PRIVATEDIR_LINE&quot;</span><span class="hl opt">:</span> privatedir_line<span class="hl opt">,</span>
            <span class="hl str">&quot;LOCKDIR_LINE&quot;</span><span class="hl opt">:</span> lockdir_line<span class="hl opt">,</span>
            <span class="hl str">&quot;POSIXEADB_LINE&quot;</span><span class="hl opt">:</span> posixeadb_line
            <span class="hl opt">})</span>


<span class="hl kwa">def</span> <span class="hl kwd">setup_name_mappings</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> idmap<span class="hl opt">,</span> sid<span class="hl opt">,</span> domaindn<span class="hl opt">,</span> root_uid<span class="hl opt">,</span> nobody_uid<span class="hl opt">,</span>
                        users_gid<span class="hl opt">,</span> wheel_gid<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;setup reasonable name mappings for sam names to unix names.</span>
<span class="hl str"></span>
<span class="hl str">    :param samdb: SamDB object.</span>
<span class="hl str">    :param idmap: IDmap db object.</span>
<span class="hl str">    :param sid: The domain sid.</span>
<span class="hl str">    :param domaindn: The domain DN.</span>
<span class="hl str">    :param root_uid: uid of the UNIX root user.</span>
<span class="hl str">    :param nobody_uid: uid of the UNIX nobody user.</span>
<span class="hl str">    :param users_gid: gid of the UNIX users group.</span>
<span class="hl str">    :param wheel_gid: gid of the UNIX wheel group.&quot;&quot;&quot;</span>
    idmap<span class="hl opt">.</span><span class="hl kwd">setup_name_mapping</span><span class="hl opt">(</span><span class="hl str">&quot;S-1-5-7&quot;</span><span class="hl opt">,</span> idmap<span class="hl opt">.</span>TYPE_UID<span class="hl opt">,</span> nobody_uid<span class="hl opt">)</span>
    idmap<span class="hl opt">.</span><span class="hl kwd">setup_name_mapping</span><span class="hl opt">(</span><span class="hl str">&quot;S-1-5-32-544&quot;</span><span class="hl opt">,</span> idmap<span class="hl opt">.</span>TYPE_GID<span class="hl opt">,</span> wheel_gid<span class="hl opt">)</span>
    
    idmap<span class="hl opt">.</span><span class="hl kwd">setup_name_mapping</span><span class="hl opt">(</span>sid <span class="hl opt">+</span> <span class="hl str">&quot;-500&quot;</span><span class="hl opt">,</span> idmap<span class="hl opt">.</span>TYPE_UID<span class="hl opt">,</span> root_uid<span class="hl opt">)</span>
    idmap<span class="hl opt">.</span><span class="hl kwd">setup_name_mapping</span><span class="hl opt">(</span>sid <span class="hl opt">+</span> <span class="hl str">&quot;-513&quot;</span><span class="hl opt">,</span> idmap<span class="hl opt">.</span>TYPE_GID<span class="hl opt">,</span> users_gid<span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">setup_samdb_partitions</span><span class="hl opt">(</span>samdb_path<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> logger<span class="hl opt">,</span> lp<span class="hl opt">,</span> session_info<span class="hl opt">,</span> 
                           provision_backend<span class="hl opt">,</span> names<span class="hl opt">,</span> schema<span class="hl opt">,</span> serverrole<span class="hl opt">,</span> 
                           erase<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Setup the partitions for the SAM database. </span>
<span class="hl str">    </span>
<span class="hl str">    Alternatively, provision() may call this, and then populate the database.</span>
<span class="hl str">    </span>
<span class="hl str">    :note: This will wipe the Sam Database!</span>
<span class="hl str">    </span>
<span class="hl str">    :note: This function always removes the local SAM LDB file. The erase </span>
<span class="hl str">        parameter controls whether to erase the existing data, which </span>
<span class="hl str">        may not be stored locally but in LDAP.</span>
<span class="hl str"></span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">assert</span> session_info <span class="hl kwa">is not None</span>

    <span class="hl slc"># We use options=[&quot;modules:&quot;] to stop the modules loading - we</span>
    <span class="hl slc"># just want to wipe and re-initialise the database, not start it up</span>

    <span class="hl kwa">try</span><span class="hl opt">:</span>
        os<span class="hl opt">.</span><span class="hl kwd">unlink</span><span class="hl opt">(</span>samdb_path<span class="hl opt">)</span>
    <span class="hl kwa">except</span> <span class="hl kwc">OSError</span><span class="hl opt">:</span>
        <span class="hl kwa">pass</span>

    samdb <span class="hl opt">=</span> <span class="hl kwd">Ldb</span><span class="hl opt">(</span>url<span class="hl opt">=</span>samdb_path<span class="hl opt">,</span> session_info<span class="hl opt">=</span>session_info<span class="hl opt">,</span> 
                lp<span class="hl opt">=</span>lp<span class="hl opt">,</span> options<span class="hl opt">=[</span><span class="hl str">&quot;modules:&quot;</span><span class="hl opt">])</span>

    ldap_backend_line <span class="hl opt">=</span> <span class="hl str">&quot;# No LDAP backend&quot;</span>
    <span class="hl kwa">if</span> provision_backend<span class="hl opt">.</span><span class="hl kwb">type</span> <span class="hl kwa">is not</span> <span class="hl str">&quot;ldb&quot;</span><span class="hl opt">:</span>
        ldap_backend_line <span class="hl opt">=</span> <span class="hl str">&quot;ldapBackend:</span> <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> provision_backend<span class="hl opt">.</span>ldap_uri

    samdb<span class="hl opt">.</span><span class="hl kwd">transaction_start</span><span class="hl opt">()</span>
    <span class="hl kwa">try</span><span class="hl opt">:</span>
        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up sam.ldb partitions and settings&quot;</span><span class="hl opt">)</span>
        <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_partitions.ldif&quot;</span><span class="hl opt">), {</span>
                <span class="hl str">&quot;SCHEMADN&quot;</span><span class="hl opt">:</span> ldb<span class="hl opt">.</span><span class="hl kwd">Dn</span><span class="hl opt">(</span>schema<span class="hl opt">.</span>ldb<span class="hl opt">,</span> names<span class="hl opt">.</span>schemadn<span class="hl opt">).</span><span class="hl kwd">get_casefold</span><span class="hl opt">(),</span> 
                <span class="hl str">&quot;CONFIGDN&quot;</span><span class="hl opt">:</span> ldb<span class="hl opt">.</span><span class="hl kwd">Dn</span><span class="hl opt">(</span>schema<span class="hl opt">.</span>ldb<span class="hl opt">,</span> names<span class="hl opt">.</span>configdn<span class="hl opt">).</span><span class="hl kwd">get_casefold</span><span class="hl opt">(),</span>
                <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> ldb<span class="hl opt">.</span><span class="hl kwd">Dn</span><span class="hl opt">(</span>schema<span class="hl opt">.</span>ldb<span class="hl opt">,</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">).</span><span class="hl kwd">get_casefold</span><span class="hl opt">(),</span>
                <span class="hl str">&quot;LDAP_BACKEND_LINE&quot;</span><span class="hl opt">:</span> ldap_backend_line<span class="hl opt">,</span>
        <span class="hl opt">})</span>

        
        <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_init.ldif&quot;</span><span class="hl opt">), {</span>
                <span class="hl str">&quot;BACKEND_TYPE&quot;</span><span class="hl opt">:</span> provision_backend<span class="hl opt">.</span><span class="hl kwb">type</span><span class="hl opt">,</span>
                <span class="hl str">&quot;SERVER_ROLE&quot;</span><span class="hl opt">:</span> serverrole
                <span class="hl opt">})</span>

        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up sam.ldb rootDSE&quot;</span><span class="hl opt">)</span>
        <span class="hl kwd">setup_samdb_rootdse</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> names<span class="hl opt">)</span>
    <span class="hl kwa">except</span><span class="hl opt">:</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">transaction_cancel</span><span class="hl opt">()</span>
        <span class="hl kwa">raise</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">transaction_commit</span><span class="hl opt">()</span>

        
<span class="hl kwa">def</span> <span class="hl kwd">secretsdb_self_join</span><span class="hl opt">(</span>secretsdb<span class="hl opt">,</span> domain<span class="hl opt">,</span> 
                        netbiosname<span class="hl opt">,</span> machinepass<span class="hl opt">,</span> domainsid<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
                        realm<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> dnsdomain<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
                        keytab_path<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> 
                        key_version_number<span class="hl opt">=</span><span class="hl num">1</span><span class="hl opt">,</span>
                        secure_channel_type<span class="hl opt">=</span>SEC_CHAN_WKSTA<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Add domain join-specific bits to a secrets database.</span>
<span class="hl str">    </span>
<span class="hl str">    :param secretsdb: Ldb Handle to the secrets database</span>
<span class="hl str">    :param machinepass: Machine password</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    attrs<span class="hl opt">=[</span><span class="hl str">&quot;whenChanged&quot;</span><span class="hl opt">,</span>
           <span class="hl str">&quot;secret&quot;</span><span class="hl opt">,</span>
           <span class="hl str">&quot;priorSecret&quot;</span><span class="hl opt">,</span>
           <span class="hl str">&quot;priorChanged&quot;</span><span class="hl opt">,</span>
           <span class="hl str">&quot;krb5Keytab&quot;</span><span class="hl opt">,</span>
           <span class="hl str">&quot;privateKeytab&quot;</span><span class="hl opt">]</span>

    <span class="hl kwa">if</span> realm <span class="hl kwa">is not None</span><span class="hl opt">:</span>
      <span class="hl kwa">if</span> dnsdomain <span class="hl kwa">is None</span><span class="hl opt">:</span>
          dnsdomain <span class="hl opt">=</span> realm<span class="hl opt">.</span><span class="hl kwd">lower</span><span class="hl opt">()</span>
      dnsname <span class="hl opt">=</span> <span class="hl str">&#39;</span><span class="hl ipl">%s</span><span class="hl str">.</span><span class="hl ipl">%s</span><span class="hl str">&#39;</span> <span class="hl opt">% (</span>netbiosname<span class="hl opt">.</span><span class="hl kwd">lower</span><span class="hl opt">(),</span> dnsdomain<span class="hl opt">.</span><span class="hl kwd">lower</span><span class="hl opt">())</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
      dnsname <span class="hl opt">=</span> <span class="hl kwa">None</span>
    shortname <span class="hl opt">=</span> netbiosname<span class="hl opt">.</span><span class="hl kwd">lower</span><span class="hl opt">()</span>
    
    <span class="hl slc">#We don&#39;t need to set msg[&quot;flatname&quot;] here, because rdn_name will handle it, and it causes problems for modifies anyway</span>
    msg <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Message</span><span class="hl opt">(</span>ldb<span class="hl opt">.</span><span class="hl kwd">Dn</span><span class="hl opt">(</span>secretsdb<span class="hl opt">,</span> <span class="hl str">&quot;flatname=</span><span class="hl ipl">%s</span><span class="hl str">,cn=Primary Domains&quot;</span> <span class="hl opt">%</span> domain<span class="hl opt">))</span>
    msg<span class="hl opt">[</span><span class="hl str">&quot;secureChannelType&quot;</span><span class="hl opt">] = [</span><span class="hl kwb">str</span><span class="hl opt">(</span>secure_channel_type<span class="hl opt">)]</span>
    msg<span class="hl opt">[</span><span class="hl str">&quot;objectClass&quot;</span><span class="hl opt">] = [</span><span class="hl str">&quot;top&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;primaryDomain&quot;</span><span class="hl opt">]</span>
    <span class="hl kwa">if</span> dnsname <span class="hl kwa">is not None</span><span class="hl opt">:</span>
      msg<span class="hl opt">[</span><span class="hl str">&quot;objectClass&quot;</span><span class="hl opt">] = [</span><span class="hl str">&quot;top&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;primaryDomain&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;kerberosSecret&quot;</span><span class="hl opt">]</span>
      msg<span class="hl opt">[</span><span class="hl str">&quot;realm&quot;</span><span class="hl opt">] = [</span>realm<span class="hl opt">]</span>
      msg<span class="hl opt">[</span><span class="hl str">&quot;saltPrincipal&quot;</span><span class="hl opt">] = [</span><span class="hl str">&quot;host/</span><span class="hl ipl">%s</span><span class="hl str">&#64;</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">% (</span>dnsname<span class="hl opt">,</span> realm<span class="hl opt">.</span><span class="hl kwd">upper</span><span class="hl opt">())]</span>
      msg<span class="hl opt">[</span><span class="hl str">&quot;msDS-KeyVersionNumber&quot;</span><span class="hl opt">] = [</span><span class="hl kwb">str</span><span class="hl opt">(</span>key_version_number<span class="hl opt">)]</span>
      msg<span class="hl opt">[</span><span class="hl str">&quot;privateKeytab&quot;</span><span class="hl opt">] = [</span><span class="hl str">&quot;secrets.keytab&quot;</span><span class="hl opt">]</span>

    msg<span class="hl opt">[</span><span class="hl str">&quot;secret&quot;</span><span class="hl opt">] = [</span>machinepass<span class="hl opt">]</span>
    msg<span class="hl opt">[</span><span class="hl str">&quot;samAccountName&quot;</span><span class="hl opt">] = [</span><span class="hl str">&quot;</span><span class="hl ipl">%s</span><span class="hl str">$&quot;</span> <span class="hl opt">%</span> netbiosname<span class="hl opt">]</span>
    msg<span class="hl opt">[</span><span class="hl str">&quot;secureChannelType&quot;</span><span class="hl opt">] = [</span><span class="hl kwb">str</span><span class="hl opt">(</span>secure_channel_type<span class="hl opt">)]</span>
    <span class="hl kwa">if</span> domainsid <span class="hl kwa">is not None</span><span class="hl opt">:</span>
        msg<span class="hl opt">[</span><span class="hl str">&quot;objectSid&quot;</span><span class="hl opt">] = [</span><span class="hl kwd">ndr_pack</span><span class="hl opt">(</span>domainsid<span class="hl opt">)]</span>
    
    <span class="hl slc"># This complex expression tries to ensure that we don&#39;t have more</span>
    <span class="hl slc"># than one record for this SID, realm or netbios domain at a time,</span>
    <span class="hl slc"># but we don&#39;t delete the old record that we are about to modify,</span>
    <span class="hl slc"># because that would delete the keytab and previous password.</span>
    res <span class="hl opt">=</span> secretsdb<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span><span class="hl str">&quot;cn=Primary Domains&quot;</span><span class="hl opt">,</span> 
                           attrs<span class="hl opt">=</span>attrs<span class="hl opt">,</span> 
                           expression<span class="hl opt">=(</span><span class="hl str">&quot;(&amp;(|(flatname=</span><span class="hl ipl">%s</span><span class="hl str">)(realm=</span><span class="hl ipl">%s</span><span class="hl str">)(objectSid=</span><span class="hl ipl">%s</span><span class="hl str">))(objectclass=primaryDomain)(!(dn=</span><span class="hl ipl">%s</span><span class="hl str">)))&quot;</span> <span class="hl opt">% (</span>domain<span class="hl opt">,</span> realm<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">),</span> <span class="hl kwb">str</span><span class="hl opt">(</span>msg<span class="hl opt">.</span>dn<span class="hl opt">))),</span>
                           scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_ONELEVEL<span class="hl opt">)</span>
    
    <span class="hl kwa">for</span> del_msg <span class="hl kwa">in</span> res<span class="hl opt">:</span>
        secretsdb<span class="hl opt">.</span><span class="hl kwd">delete</span><span class="hl opt">(</span>del_msg<span class="hl opt">.</span>dn<span class="hl opt">)</span>

    res <span class="hl opt">=</span> secretsdb<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span>msg<span class="hl opt">.</span>dn<span class="hl opt">,</span> attrs<span class="hl opt">=</span>attrs<span class="hl opt">,</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_BASE<span class="hl opt">)</span>

    <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>res<span class="hl opt">) ==</span> <span class="hl num">1</span><span class="hl opt">:</span>
      msg<span class="hl opt">[</span><span class="hl str">&quot;priorSecret&quot;</span><span class="hl opt">] = [</span>res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;secret&quot;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">]]</span>
      msg<span class="hl opt">[</span><span class="hl str">&quot;priorWhenChanged&quot;</span><span class="hl opt">] = [</span>res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;whenChanged&quot;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">]]</span>

      <span class="hl kwa">try</span><span class="hl opt">:</span>
        msg<span class="hl opt">[</span><span class="hl str">&quot;privateKeytab&quot;</span><span class="hl opt">] = [</span>res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;privateKeytab&quot;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">]]</span>
      <span class="hl kwa">except</span> <span class="hl kwc">KeyError</span><span class="hl opt">:</span>
        <span class="hl kwa">pass</span>

      <span class="hl kwa">try</span><span class="hl opt">:</span>
        msg<span class="hl opt">[</span><span class="hl str">&quot;krb5Keytab&quot;</span><span class="hl opt">] = [</span>res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">][</span><span class="hl str">&quot;krb5Keytab&quot;</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">]]</span>
      <span class="hl kwa">except</span> <span class="hl kwc">KeyError</span><span class="hl opt">:</span>
        <span class="hl kwa">pass</span>

      <span class="hl kwa">for</span> el <span class="hl kwa">in</span> msg<span class="hl opt">:</span>
          <span class="hl kwa">if</span> el <span class="hl opt">!=</span> <span class="hl str">&#39;dn&#39;</span><span class="hl opt">:</span>
              msg<span class="hl opt">[</span>el<span class="hl opt">].</span><span class="hl kwd">set_flags</span><span class="hl opt">(</span>ldb<span class="hl opt">.</span>FLAG_MOD_REPLACE<span class="hl opt">)</span>
      secretsdb<span class="hl opt">.</span><span class="hl kwd">modify</span><span class="hl opt">(</span>msg<span class="hl opt">)</span>
      secretsdb<span class="hl opt">.</span><span class="hl kwd">rename</span><span class="hl opt">(</span>res<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">].</span>dn<span class="hl opt">,</span> msg<span class="hl opt">.</span>dn<span class="hl opt">)</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
      spn <span class="hl opt">= [</span> <span class="hl str">&#39;HOST/</span><span class="hl ipl">%s</span><span class="hl str">&#39;</span> <span class="hl opt">%</span> shortname <span class="hl opt">]</span>
      <span class="hl kwa">if</span> secure_channel_type <span class="hl opt">==</span> SEC_CHAN_BDC <span class="hl kwa">and</span> dnsname <span class="hl kwa">is not None</span><span class="hl opt">:</span>
          <span class="hl slc"># we are a domain controller then we add servicePrincipalName entries</span>
          <span class="hl slc"># for the keytab code to update</span>
          spn<span class="hl opt">.</span><span class="hl kwd">extend</span><span class="hl opt">([</span> <span class="hl str">&#39;HOST/</span><span class="hl ipl">%s</span><span class="hl str">&#39;</span> <span class="hl opt">%</span> dnsname <span class="hl opt">])</span>
      msg<span class="hl opt">[</span><span class="hl str">&quot;servicePrincipalName&quot;</span><span class="hl opt">] =</span> spn

      secretsdb<span class="hl opt">.</span><span class="hl kwd">add</span><span class="hl opt">(</span>msg<span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">secretsdb_setup_dns</span><span class="hl opt">(</span>secretsdb<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> names<span class="hl opt">,</span> private_dir<span class="hl opt">,</span>
                        realm<span class="hl opt">,</span> dnsdomain<span class="hl opt">,</span>
                        dns_keytab_path<span class="hl opt">,</span> dnspass<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Add DNS specific bits to a secrets database.</span>
<span class="hl str">    </span>
<span class="hl str">    :param secretsdb: Ldb Handle to the secrets database</span>
<span class="hl str">    :param setup_path: Setup path function</span>
<span class="hl str">    :param machinepass: Machine password</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">try</span><span class="hl opt">:</span>
        os<span class="hl opt">.</span><span class="hl kwd">unlink</span><span class="hl opt">(</span>os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>private_dir<span class="hl opt">,</span> dns_keytab_path<span class="hl opt">))</span>
    <span class="hl kwa">except</span> <span class="hl kwc">OSError</span><span class="hl opt">:</span>
        <span class="hl kwa">pass</span>

    <span class="hl kwd">setup_ldb</span><span class="hl opt">(</span>secretsdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;secrets_dns.ldif&quot;</span><span class="hl opt">), {</span> 
            <span class="hl str">&quot;REALM&quot;</span><span class="hl opt">:</span> realm<span class="hl opt">,</span>
            <span class="hl str">&quot;DNSDOMAIN&quot;</span><span class="hl opt">:</span> dnsdomain<span class="hl opt">,</span>
            <span class="hl str">&quot;DNS_KEYTAB&quot;</span><span class="hl opt">:</span> dns_keytab_path<span class="hl opt">,</span>
            <span class="hl str">&quot;DNSPASS_B64&quot;</span><span class="hl opt">:</span> <span class="hl kwd">b64encode</span><span class="hl opt">(</span>dnspass<span class="hl opt">),</span>
            <span class="hl str">&quot;HOSTNAME&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>hostname<span class="hl opt">,</span>
            <span class="hl str">&quot;DNSNAME&quot;</span> <span class="hl opt">:</span> <span class="hl str">&#39;</span><span class="hl ipl">%s</span><span class="hl str">.</span><span class="hl ipl">%s</span><span class="hl str">&#39;</span> <span class="hl opt">% (</span>names<span class="hl opt">.</span>netbiosname<span class="hl opt">.</span><span class="hl kwd">lower</span><span class="hl opt">(),</span> names<span class="hl opt">.</span>dnsdomain<span class="hl opt">.</span><span class="hl kwd">lower</span><span class="hl opt">())</span>
            <span class="hl opt">})</span>


<span class="hl kwa">def</span> <span class="hl kwd">setup_secretsdb</span><span class="hl opt">(</span>paths<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> session_info<span class="hl opt">,</span> backend_credentials<span class="hl opt">,</span> lp<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Setup the secrets database.</span>
<span class="hl str"></span>
<span class="hl str">   :note: This function does not handle exceptions and transaction on purpose,</span>
<span class="hl str">   it&#39;s up to the caller to do this job.</span>
<span class="hl str"></span>
<span class="hl str">    :param path: Path to the secrets database.</span>
<span class="hl str">    :param setup_path: Get the path to a setup file.</span>
<span class="hl str">    :param session_info: Session info.</span>
<span class="hl str">    :param credentials: Credentials</span>
<span class="hl str">    :param lp: Loadparm context</span>
<span class="hl str">    :return: LDB handle for the created secrets database</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">if</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>secrets<span class="hl opt">):</span>
        os<span class="hl opt">.</span><span class="hl kwd">unlink</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>secrets<span class="hl opt">)</span>

    keytab_path <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> paths<span class="hl opt">.</span>keytab<span class="hl opt">)</span>
    <span class="hl kwa">if</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>keytab_path<span class="hl opt">):</span>
        os<span class="hl opt">.</span><span class="hl kwd">unlink</span><span class="hl opt">(</span>keytab_path<span class="hl opt">)</span>

    dns_keytab_path <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> paths<span class="hl opt">.</span>dns_keytab<span class="hl opt">)</span>
    <span class="hl kwa">if</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>dns_keytab_path<span class="hl opt">):</span>
        os<span class="hl opt">.</span><span class="hl kwd">unlink</span><span class="hl opt">(</span>dns_keytab_path<span class="hl opt">)</span>

    path <span class="hl opt">=</span> paths<span class="hl opt">.</span>secrets

    secrets_ldb <span class="hl opt">=</span> <span class="hl kwd">Ldb</span><span class="hl opt">(</span>path<span class="hl opt">,</span> session_info<span class="hl opt">=</span>session_info<span class="hl opt">,</span> 
                      lp<span class="hl opt">=</span>lp<span class="hl opt">)</span>
    secrets_ldb<span class="hl opt">.</span><span class="hl kwd">erase</span><span class="hl opt">()</span>
    secrets_ldb<span class="hl opt">.</span><span class="hl kwd">load_ldif_file_add</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;secrets_init.ldif&quot;</span><span class="hl opt">))</span>
    secrets_ldb <span class="hl opt">=</span> <span class="hl kwd">Ldb</span><span class="hl opt">(</span>path<span class="hl opt">,</span> session_info<span class="hl opt">=</span>session_info<span class="hl opt">,</span> 
                      lp<span class="hl opt">=</span>lp<span class="hl opt">)</span>
    secrets_ldb<span class="hl opt">.</span><span class="hl kwd">transaction_start</span><span class="hl opt">()</span>
    <span class="hl kwa">try</span><span class="hl opt">:</span>
        secrets_ldb<span class="hl opt">.</span><span class="hl kwd">load_ldif_file_add</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;secrets.ldif&quot;</span><span class="hl opt">))</span>

        <span class="hl kwa">if</span> backend_credentials <span class="hl kwa">is not None and</span> backend_credentials<span class="hl opt">.</span><span class="hl kwd">authentication_requested</span><span class="hl opt">():</span>
            <span class="hl kwa">if</span> backend_credentials<span class="hl opt">.</span><span class="hl kwd">get_bind_dn</span><span class="hl opt">()</span> <span class="hl kwa">is not None</span><span class="hl opt">:</span>
                <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>secrets_ldb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;secrets_simple_ldap.ldif&quot;</span><span class="hl opt">), {</span>
                        <span class="hl str">&quot;LDAPMANAGERDN&quot;</span><span class="hl opt">:</span> backend_credentials<span class="hl opt">.</span><span class="hl kwd">get_bind_dn</span><span class="hl opt">(),</span>
                        <span class="hl str">&quot;LDAPMANAGERPASS_B64&quot;</span><span class="hl opt">:</span> <span class="hl kwd">b64encode</span><span class="hl opt">(</span>backend_credentials<span class="hl opt">.</span><span class="hl kwd">get_password</span><span class="hl opt">())</span>
                        <span class="hl opt">})</span>
            <span class="hl kwa">else</span><span class="hl opt">:</span>
                <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>secrets_ldb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;secrets_sasl_ldap.ldif&quot;</span><span class="hl opt">), {</span>
                        <span class="hl str">&quot;LDAPADMINUSER&quot;</span><span class="hl opt">:</span> backend_credentials<span class="hl opt">.</span><span class="hl kwd">get_username</span><span class="hl opt">(),</span>
                        <span class="hl str">&quot;LDAPADMINREALM&quot;</span><span class="hl opt">:</span> backend_credentials<span class="hl opt">.</span><span class="hl kwd">get_realm</span><span class="hl opt">(),</span>
                        <span class="hl str">&quot;LDAPADMINPASS_B64&quot;</span><span class="hl opt">:</span> <span class="hl kwd">b64encode</span><span class="hl opt">(</span>backend_credentials<span class="hl opt">.</span><span class="hl kwd">get_password</span><span class="hl opt">())</span>
                        <span class="hl opt">})</span>

        <span class="hl kwa">return</span> secrets_ldb
    <span class="hl kwa">except</span><span class="hl opt">:</span>
        secrets_ldb<span class="hl opt">.</span><span class="hl kwd">transaction_cancel</span><span class="hl opt">()</span>
        <span class="hl kwa">raise</span>

<span class="hl kwa">def</span> <span class="hl kwd">setup_privileges</span><span class="hl opt">(</span>path<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> session_info<span class="hl opt">,</span> lp<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Setup the privileges database.</span>
<span class="hl str"></span>
<span class="hl str">    :param path: Path to the privileges database.</span>
<span class="hl str">    :param setup_path: Get the path to a setup file.</span>
<span class="hl str">    :param session_info: Session info.</span>
<span class="hl str">    :param credentials: Credentials</span>
<span class="hl str">    :param lp: Loadparm context</span>
<span class="hl str">    :return: LDB handle for the created secrets database</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">if</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>path<span class="hl opt">):</span>
        os<span class="hl opt">.</span><span class="hl kwd">unlink</span><span class="hl opt">(</span>path<span class="hl opt">)</span>
    privilege_ldb <span class="hl opt">=</span> <span class="hl kwd">Ldb</span><span class="hl opt">(</span>path<span class="hl opt">,</span> session_info<span class="hl opt">=</span>session_info<span class="hl opt">,</span> lp<span class="hl opt">=</span>lp<span class="hl opt">)</span>
    privilege_ldb<span class="hl opt">.</span><span class="hl kwd">erase</span><span class="hl opt">()</span>
    privilege_ldb<span class="hl opt">.</span><span class="hl kwd">load_ldif_file_add</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_privilege.ldif&quot;</span><span class="hl opt">))</span>


<span class="hl kwa">def</span> <span class="hl kwd">setup_registry</span><span class="hl opt">(</span>path<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> session_info<span class="hl opt">,</span> lp<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Setup the registry.</span>
<span class="hl str">    </span>
<span class="hl str">    :param path: Path to the registry database</span>
<span class="hl str">    :param setup_path: Function that returns the path to a setup.</span>
<span class="hl str">    :param session_info: Session information</span>
<span class="hl str">    :param credentials: Credentials</span>
<span class="hl str">    :param lp: Loadparm context</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    reg <span class="hl opt">=</span> samba<span class="hl opt">.</span>registry<span class="hl opt">.</span><span class="hl kwd">Registry</span><span class="hl opt">()</span>
    hive <span class="hl opt">=</span> samba<span class="hl opt">.</span>registry<span class="hl opt">.</span><span class="hl kwd">open_ldb</span><span class="hl opt">(</span>path<span class="hl opt">,</span> session_info<span class="hl opt">=</span>session_info<span class="hl opt">,</span> 
                         lp_ctx<span class="hl opt">=</span>lp<span class="hl opt">)</span>
    reg<span class="hl opt">.</span><span class="hl kwd">mount_hive</span><span class="hl opt">(</span>hive<span class="hl opt">,</span> samba<span class="hl opt">.</span>registry<span class="hl opt">.</span>HKEY_LOCAL_MACHINE<span class="hl opt">)</span>
    provision_reg <span class="hl opt">=</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision.reg&quot;</span><span class="hl opt">)</span>
    <span class="hl kwa">assert</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>provision_reg<span class="hl opt">)</span>
    reg<span class="hl opt">.</span><span class="hl kwd">diff_apply</span><span class="hl opt">(</span>provision_reg<span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">setup_idmapdb</span><span class="hl opt">(</span>path<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> session_info<span class="hl opt">,</span> lp<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Setup the idmap database.</span>
<span class="hl str"></span>
<span class="hl str">    :param path: path to the idmap database</span>
<span class="hl str">    :param setup_path: Function that returns a path to a setup file</span>
<span class="hl str">    :param session_info: Session information</span>
<span class="hl str">    :param credentials: Credentials</span>
<span class="hl str">    :param lp: Loadparm context</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">if</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>path<span class="hl opt">):</span>
        os<span class="hl opt">.</span><span class="hl kwd">unlink</span><span class="hl opt">(</span>path<span class="hl opt">)</span>

    idmap_ldb <span class="hl opt">=</span> <span class="hl kwd">IDmapDB</span><span class="hl opt">(</span>path<span class="hl opt">,</span> session_info<span class="hl opt">=</span>session_info<span class="hl opt">,</span>
                        lp<span class="hl opt">=</span>lp<span class="hl opt">)</span>

    idmap_ldb<span class="hl opt">.</span><span class="hl kwd">erase</span><span class="hl opt">()</span>
    idmap_ldb<span class="hl opt">.</span><span class="hl kwd">load_ldif_file_add</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;idmap_init.ldif&quot;</span><span class="hl opt">))</span>
    <span class="hl kwa">return</span> idmap_ldb


<span class="hl kwa">def</span> <span class="hl kwd">setup_samdb_rootdse</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> names<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Setup the SamDB rootdse.</span>
<span class="hl str"></span>
<span class="hl str">    :param samdb: Sam Database handle</span>
<span class="hl str">    :param setup_path: Obtain setup path</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_rootdse_add.ldif&quot;</span><span class="hl opt">), {</span>
        <span class="hl str">&quot;SCHEMADN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>schemadn<span class="hl opt">,</span> 
        <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">,</span>
        <span class="hl str">&quot;ROOTDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>rootdn<span class="hl opt">,</span>
        <span class="hl str">&quot;CONFIGDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>configdn<span class="hl opt">,</span>
        <span class="hl str">&quot;SERVERDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>serverdn<span class="hl opt">,</span>
        <span class="hl opt">})</span>
        

<span class="hl kwa">def</span> <span class="hl kwd">setup_self_join</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> names<span class="hl opt">,</span>
                    machinepass<span class="hl opt">,</span> dnspass<span class="hl opt">,</span> 
                    domainsid<span class="hl opt">,</span> next_rid<span class="hl opt">,</span> invocationid<span class="hl opt">,</span> setup_path<span class="hl opt">,</span>
                    policyguid<span class="hl opt">,</span> policyguid_dc<span class="hl opt">,</span> domainControllerFunctionality<span class="hl opt">,</span>
                    ntdsguid<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Join a host to its own domain.&quot;&quot;&quot;</span>
    <span class="hl kwa">assert</span> <span class="hl kwb">isinstance</span><span class="hl opt">(</span>invocationid<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">)</span>
    <span class="hl kwa">if</span> ntdsguid <span class="hl kwa">is not None</span><span class="hl opt">:</span>
        ntdsguid_line <span class="hl opt">=</span> <span class="hl str">&quot;objectGUID:</span> <span class="hl ipl">%s</span><span class="hl str"></span><span class="hl esc">\n</span><span class="hl str">&quot;</span><span class="hl opt">%</span>ntdsguid
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        ntdsguid_line <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>
    <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_self_join.ldif&quot;</span><span class="hl opt">), {</span> 
              <span class="hl str">&quot;CONFIGDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>configdn<span class="hl opt">,</span> 
              <span class="hl str">&quot;SCHEMADN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>schemadn<span class="hl opt">,</span>
              <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">,</span>
              <span class="hl str">&quot;SERVERDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>serverdn<span class="hl opt">,</span>
              <span class="hl str">&quot;INVOCATIONID&quot;</span><span class="hl opt">:</span> invocationid<span class="hl opt">,</span>
              <span class="hl str">&quot;NETBIOSNAME&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>netbiosname<span class="hl opt">,</span>
              <span class="hl str">&quot;DEFAULTSITE&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>sitename<span class="hl opt">,</span>
              <span class="hl str">&quot;DNSNAME&quot;</span><span class="hl opt">:</span> <span class="hl str">&quot;</span><span class="hl ipl">%s</span><span class="hl str">.</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">% (</span>names<span class="hl opt">.</span>hostname<span class="hl opt">,</span> names<span class="hl opt">.</span>dnsdomain<span class="hl opt">),</span>
              <span class="hl str">&quot;MACHINEPASS_B64&quot;</span><span class="hl opt">:</span> <span class="hl kwd">b64encode</span><span class="hl opt">(</span>machinepass<span class="hl opt">),</span>
              <span class="hl str">&quot;REALM&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>realm<span class="hl opt">,</span>
              <span class="hl str">&quot;DOMAIN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domain<span class="hl opt">,</span>
              <span class="hl str">&quot;DOMAINSID&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">),</span>
              <span class="hl str">&quot;DCRID&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span>next_rid<span class="hl opt">),</span>
              <span class="hl str">&quot;DNSDOMAIN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>dnsdomain<span class="hl opt">,</span>
              <span class="hl str">&quot;SAMBA_VERSION_STRING&quot;</span><span class="hl opt">:</span> version<span class="hl opt">,</span>
              <span class="hl str">&quot;NTDSGUID&quot;</span><span class="hl opt">:</span> ntdsguid_line<span class="hl opt">,</span>
              <span class="hl str">&quot;DOMAIN_CONTROLLER_FUNCTIONALITY&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainControllerFunctionality<span class="hl opt">)})</span>

    <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_group_policy.ldif&quot;</span><span class="hl opt">), {</span> 
              <span class="hl str">&quot;POLICYGUID&quot;</span><span class="hl opt">:</span> policyguid<span class="hl opt">,</span>
              <span class="hl str">&quot;POLICYGUID_DC&quot;</span><span class="hl opt">:</span> policyguid_dc<span class="hl opt">,</span>
              <span class="hl str">&quot;DNSDOMAIN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>dnsdomain<span class="hl opt">,</span>
              <span class="hl str">&quot;DOMAINSID&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">),</span>
              <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">})</span>
    
    <span class="hl slc"># add the NTDSGUID based SPNs</span>
    ntds_dn <span class="hl opt">=</span> <span class="hl str">&quot;CN=NTDS Settings,</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> names<span class="hl opt">.</span>serverdn
    names<span class="hl opt">.</span>ntdsguid <span class="hl opt">=</span> samdb<span class="hl opt">.</span><span class="hl kwd">searchone</span><span class="hl opt">(</span>basedn<span class="hl opt">=</span>ntds_dn<span class="hl opt">,</span> attribute<span class="hl opt">=</span><span class="hl str">&quot;objectGUID&quot;</span><span class="hl opt">,</span>
                                     expression<span class="hl opt">=</span><span class="hl str">&quot;&quot;</span><span class="hl opt">,</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_BASE<span class="hl opt">)</span>
    <span class="hl kwa">assert</span> <span class="hl kwb">isinstance</span><span class="hl opt">(</span>names<span class="hl opt">.</span>ntdsguid<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">)</span>

    <span class="hl slc"># Setup fSMORoleOwner entries to point at the newly created DC entry</span>
    <span class="hl kwd">setup_modify_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_self_join_modify.ldif&quot;</span><span class="hl opt">), {</span>
              <span class="hl str">&quot;DOMAIN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domain<span class="hl opt">,</span>
              <span class="hl str">&quot;DNSDOMAIN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>dnsdomain<span class="hl opt">,</span>
              <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">,</span>
              <span class="hl str">&quot;CONFIGDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>configdn<span class="hl opt">,</span>
              <span class="hl str">&quot;SCHEMADN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>schemadn<span class="hl opt">,</span> 
              <span class="hl str">&quot;DEFAULTSITE&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>sitename<span class="hl opt">,</span>
              <span class="hl str">&quot;SERVERDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>serverdn<span class="hl opt">,</span>
              <span class="hl str">&quot;NETBIOSNAME&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>netbiosname<span class="hl opt">,</span>
              <span class="hl str">&quot;NTDSGUID&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>ntdsguid<span class="hl opt">,</span>
              <span class="hl str">&quot;RIDALLOCATIONSTART&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span>next_rid <span class="hl opt">+</span> <span class="hl num">100</span><span class="hl opt">),</span>
              <span class="hl str">&quot;RIDALLOCATIONEND&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span>next_rid <span class="hl opt">+</span> <span class="hl num">100</span> <span class="hl opt">+</span> <span class="hl num">499</span><span class="hl opt">),</span>
              <span class="hl opt">})</span>

    <span class="hl slc"># This is partially Samba4 specific and should be replaced by the correct</span>
    <span class="hl slc"># DNS AD-style setup</span>
    <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_dns_add.ldif&quot;</span><span class="hl opt">), {</span>
              <span class="hl str">&quot;DNSDOMAIN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>dnsdomain<span class="hl opt">,</span>
              <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">,</span>
              <span class="hl str">&quot;DNSPASS_B64&quot;</span><span class="hl opt">:</span> <span class="hl kwd">b64encode</span><span class="hl opt">(</span>dnspass<span class="hl opt">),</span>
              <span class="hl str">&quot;HOSTNAME&quot;</span> <span class="hl opt">:</span> names<span class="hl opt">.</span>hostname<span class="hl opt">,</span>
              <span class="hl str">&quot;DNSNAME&quot;</span> <span class="hl opt">:</span> <span class="hl str">&#39;</span><span class="hl ipl">%s</span><span class="hl str">.</span><span class="hl ipl">%s</span><span class="hl str">&#39;</span> <span class="hl opt">% (</span>names<span class="hl opt">.</span>netbiosname<span class="hl opt">.</span><span class="hl kwd">lower</span><span class="hl opt">(),</span> names<span class="hl opt">.</span>dnsdomain<span class="hl opt">.</span><span class="hl kwd">lower</span><span class="hl opt">())</span>
              <span class="hl opt">})</span>

<span class="hl kwa">def</span> <span class="hl kwd">getpolicypath</span><span class="hl opt">(</span>sysvolpath<span class="hl opt">,</span> dnsdomain<span class="hl opt">,</span> guid<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Return the physical path of policy given its guid.</span>
<span class="hl str"></span>
<span class="hl str">    :param sysvolpath: Path to the sysvol folder</span>
<span class="hl str">    :param dnsdomain: DNS name of the AD domain</span>
<span class="hl str">    :param guid: The GUID of the policy</span>
<span class="hl str">    :return: A string with the complete path to the policy folder</span>
<span class="hl str">    &quot;&quot;&quot;</span>

    <span class="hl kwa">if</span> guid<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">] !=</span> <span class="hl str">&quot;{&quot;</span><span class="hl opt">:</span>
        guid <span class="hl opt">=</span> <span class="hl str">&quot;{</span><span class="hl ipl">%s</span><span class="hl str">}&quot;</span> <span class="hl opt">%</span> guid
    policy_path <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>sysvolpath<span class="hl opt">,</span> dnsdomain<span class="hl opt">,</span> <span class="hl str">&quot;Policies&quot;</span><span class="hl opt">,</span> guid<span class="hl opt">)</span>
    <span class="hl kwa">return</span> policy_path

<span class="hl kwa">def</span> <span class="hl kwd">create_gpo_struct</span><span class="hl opt">(</span>policy_path<span class="hl opt">):</span>
    <span class="hl kwa">if not</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>policy_path<span class="hl opt">):</span>
        os<span class="hl opt">.</span><span class="hl kwd">makedirs</span><span class="hl opt">(</span>policy_path<span class="hl opt">,</span> <span class="hl num">0775</span><span class="hl opt">)</span>
    <span class="hl kwb">open</span><span class="hl opt">(</span>os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>policy_path<span class="hl opt">,</span> <span class="hl str">&quot;GPT.INI&quot;</span><span class="hl opt">),</span> <span class="hl str">&#39;w&#39;</span><span class="hl opt">).</span><span class="hl kwd">write</span><span class="hl opt">(</span>
                      <span class="hl str">&quot;[General]</span><span class="hl esc">\r\n</span><span class="hl str">Version=0&quot;</span><span class="hl opt">)</span>
    p <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>policy_path<span class="hl opt">,</span> <span class="hl str">&quot;MACHINE&quot;</span><span class="hl opt">)</span>
    <span class="hl kwa">if not</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>p<span class="hl opt">):</span>
        os<span class="hl opt">.</span><span class="hl kwd">makedirs</span><span class="hl opt">(</span>p<span class="hl opt">,</span> <span class="hl num">0775</span><span class="hl opt">)</span>
    p <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>policy_path<span class="hl opt">,</span> <span class="hl str">&quot;USER&quot;</span><span class="hl opt">)</span>
    <span class="hl kwa">if not</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>p<span class="hl opt">):</span>
        os<span class="hl opt">.</span><span class="hl kwd">makedirs</span><span class="hl opt">(</span>p<span class="hl opt">,</span> <span class="hl num">0775</span><span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">create_default_gpo</span><span class="hl opt">(</span>sysvolpath<span class="hl opt">,</span> dnsdomain<span class="hl opt">,</span> policyguid<span class="hl opt">,</span> policyguid_dc<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Create the default GPO for a domain</span>
<span class="hl str"></span>
<span class="hl str">        :param sysvolpath: Physical path for the sysvol folder</span>
<span class="hl str">        :param dnsdomain: DNS domain name of the AD domain</span>
<span class="hl str">        :param policyguid: GUID of the default domain policy</span>
<span class="hl str">        :param policyguid_dc: GUID of the default domain controler policy</span>
<span class="hl str">    &quot;&quot;&quot;</span>

    policy_path <span class="hl opt">=</span> <span class="hl kwd">getpolicypath</span><span class="hl opt">(</span>sysvolpath<span class="hl opt">,</span>dnsdomain<span class="hl opt">,</span>policyguid<span class="hl opt">)</span>
    <span class="hl kwd">create_gpo_struct</span><span class="hl opt">(</span>policy_path<span class="hl opt">)</span>

    policy_path <span class="hl opt">=</span> <span class="hl kwd">getpolicypath</span><span class="hl opt">(</span>sysvolpath<span class="hl opt">,</span>dnsdomain<span class="hl opt">,</span>policyguid_dc<span class="hl opt">)</span>
    <span class="hl kwd">create_gpo_struct</span><span class="hl opt">(</span>policy_path<span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">setup_samdb</span><span class="hl opt">(</span>path<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> session_info<span class="hl opt">,</span> provision_backend<span class="hl opt">,</span> lp<span class="hl opt">,</span> names<span class="hl opt">,</span>
        logger<span class="hl opt">,</span> domainsid<span class="hl opt">,</span> domainguid<span class="hl opt">,</span> policyguid<span class="hl opt">,</span> policyguid_dc<span class="hl opt">,</span> fill<span class="hl opt">,</span>
        adminpass<span class="hl opt">,</span> krbtgtpass<span class="hl opt">,</span> machinepass<span class="hl opt">,</span> invocationid<span class="hl opt">,</span> dnspass<span class="hl opt">,</span> ntdsguid<span class="hl opt">,</span>
        serverrole<span class="hl opt">,</span> am_rodc<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">,</span> dom_for_fun_level<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> schema<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
        next_rid<span class="hl opt">=</span><span class="hl num">1000</span><span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Setup a complete SAM Database.</span>
<span class="hl str">    </span>
<span class="hl str">    :note: This will wipe the main SAM database file!</span>
<span class="hl str">    &quot;&quot;&quot;</span>


    <span class="hl slc"># Provision does not make much sense values larger than 1000000000</span>
    <span class="hl slc"># as the upper range of the rIDAvailablePool is 1073741823 and</span>
    <span class="hl slc"># we don&#39;t want to create a domain that cannot allocate rids.</span>
    <span class="hl kwa">if</span> next_rid <span class="hl opt">&lt;</span> <span class="hl num">1000</span> <span class="hl kwa">or</span> next_rid <span class="hl opt">&gt;</span> <span class="hl num">1000000000</span><span class="hl opt">:</span>
        error <span class="hl opt">=</span> <span class="hl str">&quot;You want to run SAMBA 4 with a next_rid of</span> <span class="hl ipl">%u</span><span class="hl str">, &quot;</span> <span class="hl opt">% (</span>next_rid<span class="hl opt">)</span>
        error <span class="hl opt">+=</span> <span class="hl str">&quot;the valid range is</span> <span class="hl ipl">%u-%u</span><span class="hl str">. The default is</span> <span class="hl ipl">%u</span><span class="hl str">.&quot;</span> <span class="hl opt">% (</span><span class="hl num">1000</span><span class="hl opt">,</span> <span class="hl num">1000000000</span><span class="hl opt">,</span> <span class="hl num">1000</span><span class="hl opt">)</span>
        <span class="hl kwa">raise</span> <span class="hl kwd">ProvisioningError</span><span class="hl opt">(</span>error<span class="hl opt">)</span>

    <span class="hl slc"># ATTENTION: Do NOT change these default values without discussion with the</span>
    <span class="hl slc"># team and/or release manager. They have a big impact on the whole program!</span>
    domainControllerFunctionality <span class="hl opt">=</span> DS_DOMAIN_FUNCTION_2008_R2

    <span class="hl kwa">if</span> dom_for_fun_level <span class="hl kwa">is None</span><span class="hl opt">:</span>
        dom_for_fun_level <span class="hl opt">=</span> DS_DOMAIN_FUNCTION_2003

    <span class="hl kwa">if</span> dom_for_fun_level <span class="hl opt">&gt;</span> domainControllerFunctionality<span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwd">ProvisioningError</span><span class="hl opt">(</span><span class="hl str">&quot;You want to run SAMBA 4 on a domain and forest function level which itself is higher than its actual DC function level (2008_R2). This won&#39;t work!&quot;</span><span class="hl opt">)</span>

    domainFunctionality <span class="hl opt">=</span> dom_for_fun_level
    forestFunctionality <span class="hl opt">=</span> dom_for_fun_level

    <span class="hl slc"># Also wipes the database</span>
    <span class="hl kwd">setup_samdb_partitions</span><span class="hl opt">(</span>path<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> logger<span class="hl opt">=</span>logger<span class="hl opt">,</span> lp<span class="hl opt">=</span>lp<span class="hl opt">,</span>
        provision_backend<span class="hl opt">=</span>provision_backend<span class="hl opt">,</span> session_info<span class="hl opt">=</span>session_info<span class="hl opt">,</span>
        names<span class="hl opt">=</span>names<span class="hl opt">,</span> serverrole<span class="hl opt">=</span>serverrole<span class="hl opt">,</span> schema<span class="hl opt">=</span>schema<span class="hl opt">)</span>

    <span class="hl kwa">if</span> schema <span class="hl kwa">is None</span><span class="hl opt">:</span>
        schema <span class="hl opt">=</span> <span class="hl kwd">Schema</span><span class="hl opt">(</span>setup_path<span class="hl opt">,</span> domainsid<span class="hl opt">,</span> schemadn<span class="hl opt">=</span>names<span class="hl opt">.</span>schemadn<span class="hl opt">)</span>

    <span class="hl slc"># Load the database, but don&#39;s load the global schema and don&#39;t connect quite yet</span>
    samdb <span class="hl opt">=</span> <span class="hl kwd">SamDB</span><span class="hl opt">(</span>session_info<span class="hl opt">=</span>session_info<span class="hl opt">,</span> url<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> auto_connect<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">,</span>
                  credentials<span class="hl opt">=</span>provision_backend<span class="hl opt">.</span>credentials<span class="hl opt">,</span> lp<span class="hl opt">=</span>lp<span class="hl opt">,</span> global_schema<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">,</span>
                  am_rodc<span class="hl opt">=</span>am_rodc<span class="hl opt">)</span>

    logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Pre-loading the Samba 4 and AD schema&quot;</span><span class="hl opt">)</span>

    <span class="hl slc"># Load the schema from the one we computed earlier</span>
    samdb<span class="hl opt">.</span><span class="hl kwd">set_schema</span><span class="hl opt">(</span>schema<span class="hl opt">)</span>

    <span class="hl slc"># Set the NTDS settings DN manually - in order to have it already around</span>
    <span class="hl slc"># before the provisioned tree exists and we connect</span>
    samdb<span class="hl opt">.</span><span class="hl kwd">set_ntds_settings_dn</span><span class="hl opt">(</span><span class="hl str">&quot;CN=NTDS Settings,</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> names<span class="hl opt">.</span>serverdn<span class="hl opt">)</span>

    <span class="hl slc"># And now we can connect to the DB - the schema won&#39;t be loaded from the DB</span>
    samdb<span class="hl opt">.</span><span class="hl kwd">connect</span><span class="hl opt">(</span>path<span class="hl opt">)</span>

    <span class="hl kwa">if</span> fill <span class="hl opt">==</span> FILL_DRS<span class="hl opt">:</span>
        <span class="hl kwa">return</span> samdb
        
    samdb<span class="hl opt">.</span><span class="hl kwd">transaction_start</span><span class="hl opt">()</span>
    <span class="hl kwa">try</span><span class="hl opt">:</span>
        <span class="hl slc"># Set the domain functionality levels onto the database.</span>
        <span class="hl slc"># Various module (the password_hash module in particular) need</span>
        <span class="hl slc"># to know what level of AD we are emulating.</span>

        <span class="hl slc"># These will be fixed into the database via the database</span>
        <span class="hl slc"># modifictions below, but we need them set from the start.</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">set_opaque_integer</span><span class="hl opt">(</span><span class="hl str">&quot;domainFunctionality&quot;</span><span class="hl opt">,</span> domainFunctionality<span class="hl opt">)</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">set_opaque_integer</span><span class="hl opt">(</span><span class="hl str">&quot;forestFunctionality&quot;</span><span class="hl opt">,</span> forestFunctionality<span class="hl opt">)</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">set_opaque_integer</span><span class="hl opt">(</span><span class="hl str">&quot;domainControllerFunctionality&quot;</span><span class="hl opt">,</span> domainControllerFunctionality<span class="hl opt">)</span>

        samdb<span class="hl opt">.</span><span class="hl kwd">set_domain_sid</span><span class="hl opt">(</span><span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">))</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">set_invocation_id</span><span class="hl opt">(</span>invocationid<span class="hl opt">)</span>

        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Adding DomainDN:</span> <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">)</span>

<span class="hl slc">#impersonate domain admin</span>
        admin_session_info <span class="hl opt">=</span> <span class="hl kwd">admin_session</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">))</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">set_session_info</span><span class="hl opt">(</span>admin_session_info<span class="hl opt">)</span>
        <span class="hl kwa">if</span> domainguid <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            domainguid_line <span class="hl opt">=</span> <span class="hl str">&quot;objectGUID:</span> <span class="hl ipl">%s</span><span class="hl str"></span><span class="hl esc">\n</span><span class="hl str">-&quot;</span> <span class="hl opt">%</span> domainguid
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            domainguid_line <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>

        descr <span class="hl opt">=</span> <span class="hl kwd">b64encode</span><span class="hl opt">(</span><span class="hl kwd">get_domain_descriptor</span><span class="hl opt">(</span>domainsid<span class="hl opt">))</span>
        <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_basedn.ldif&quot;</span><span class="hl opt">), {</span>
                <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">,</span>
                <span class="hl str">&quot;DOMAINGUID&quot;</span><span class="hl opt">:</span> domainguid_line<span class="hl opt">,</span>
                <span class="hl str">&quot;DESCRIPTOR&quot;</span><span class="hl opt">:</span> descr
                <span class="hl opt">})</span>


        <span class="hl kwd">setup_modify_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_basedn_modify.ldif&quot;</span><span class="hl opt">), {</span>
            <span class="hl str">&quot;CREATTIME&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span><span class="hl kwb">int</span><span class="hl opt">(</span>time<span class="hl opt">.</span><span class="hl kwd">time</span><span class="hl opt">() *</span> <span class="hl num">1</span>e7<span class="hl opt">)),</span> <span class="hl slc"># seconds -&gt; ticks</span>
            <span class="hl str">&quot;DOMAINSID&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">),</span>
            <span class="hl str">&quot;NEXTRID&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span>next_rid<span class="hl opt">),</span>
            <span class="hl str">&quot;SCHEMADN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>schemadn<span class="hl opt">,</span> 
            <span class="hl str">&quot;NETBIOSNAME&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>netbiosname<span class="hl opt">,</span>
            <span class="hl str">&quot;DEFAULTSITE&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>sitename<span class="hl opt">,</span>
            <span class="hl str">&quot;CONFIGDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>configdn<span class="hl opt">,</span>
            <span class="hl str">&quot;SERVERDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>serverdn<span class="hl opt">,</span>
            <span class="hl str">&quot;POLICYGUID&quot;</span><span class="hl opt">:</span> policyguid<span class="hl opt">,</span>
            <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">,</span>
            <span class="hl str">&quot;DOMAIN_FUNCTIONALITY&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainFunctionality<span class="hl opt">),</span>
            <span class="hl str">&quot;SAMBA_VERSION_STRING&quot;</span><span class="hl opt">:</span> version
            <span class="hl opt">})</span>

        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Adding configuration container&quot;</span><span class="hl opt">)</span>
        descr <span class="hl opt">=</span> <span class="hl kwd">b64encode</span><span class="hl opt">(</span><span class="hl kwd">get_config_descriptor</span><span class="hl opt">(</span>domainsid<span class="hl opt">))</span>
        <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_configuration_basedn.ldif&quot;</span><span class="hl opt">), {</span>
            <span class="hl str">&quot;CONFIGDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>configdn<span class="hl opt">,</span> 
            <span class="hl str">&quot;DESCRIPTOR&quot;</span><span class="hl opt">:</span> descr<span class="hl opt">,</span>
            <span class="hl opt">})</span>

        <span class="hl slc"># The LDIF here was created when the Schema object was constructed</span>
        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up sam.ldb schema&quot;</span><span class="hl opt">)</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">add_ldif</span><span class="hl opt">(</span>schema<span class="hl opt">.</span>schema_dn_add<span class="hl opt">,</span> controls<span class="hl opt">=[</span><span class="hl str">&quot;relax:0&quot;</span><span class="hl opt">])</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">modify_ldif</span><span class="hl opt">(</span>schema<span class="hl opt">.</span>schema_dn_modify<span class="hl opt">)</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">write_prefixes_from_schema</span><span class="hl opt">()</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">add_ldif</span><span class="hl opt">(</span>schema<span class="hl opt">.</span>schema_data<span class="hl opt">,</span> controls<span class="hl opt">=[</span><span class="hl str">&quot;relax:0&quot;</span><span class="hl opt">])</span>
        <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;aggregate_schema.ldif&quot;</span><span class="hl opt">),</span> 
                       <span class="hl opt">{</span><span class="hl str">&quot;SCHEMADN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>schemadn<span class="hl opt">})</span>

        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Reopening sam.ldb with new schema&quot;</span><span class="hl opt">)</span>
    <span class="hl kwa">except</span><span class="hl opt">:</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">transaction_cancel</span><span class="hl opt">()</span>
        <span class="hl kwa">raise</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">transaction_commit</span><span class="hl opt">()</span>

    samdb <span class="hl opt">=</span> <span class="hl kwd">SamDB</span><span class="hl opt">(</span>session_info<span class="hl opt">=</span>admin_session_info<span class="hl opt">,</span> auto_connect<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">,</span>
                credentials<span class="hl opt">=</span>provision_backend<span class="hl opt">.</span>credentials<span class="hl opt">,</span> lp<span class="hl opt">=</span>lp<span class="hl opt">,</span>
                global_schema<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">,</span> am_rodc<span class="hl opt">=</span>am_rodc<span class="hl opt">)</span>

    <span class="hl slc"># Set the NTDS settings DN manually - in order to have it already around</span>
    <span class="hl slc"># before the provisioned tree exists and we connect</span>
    samdb<span class="hl opt">.</span><span class="hl kwd">set_ntds_settings_dn</span><span class="hl opt">(</span><span class="hl str">&quot;CN=NTDS Settings,</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> names<span class="hl opt">.</span>serverdn<span class="hl opt">)</span>

    samdb<span class="hl opt">.</span><span class="hl kwd">connect</span><span class="hl opt">(</span>path<span class="hl opt">)</span>

    samdb<span class="hl opt">.</span><span class="hl kwd">transaction_start</span><span class="hl opt">()</span>
    <span class="hl kwa">try</span><span class="hl opt">:</span>
        samdb<span class="hl opt">.</span>invocation_id <span class="hl opt">=</span> invocationid

        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up sam.ldb configuration data&quot;</span><span class="hl opt">)</span>
        descr <span class="hl opt">=</span> <span class="hl kwd">b64encode</span><span class="hl opt">(</span><span class="hl kwd">get_sites_descriptor</span><span class="hl opt">(</span>domainsid<span class="hl opt">))</span>
        <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_configuration.ldif&quot;</span><span class="hl opt">), {</span>
            <span class="hl str">&quot;CONFIGDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>configdn<span class="hl opt">,</span>
            <span class="hl str">&quot;NETBIOSNAME&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>netbiosname<span class="hl opt">,</span>
            <span class="hl str">&quot;DEFAULTSITE&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>sitename<span class="hl opt">,</span>
            <span class="hl str">&quot;DNSDOMAIN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>dnsdomain<span class="hl opt">,</span>
            <span class="hl str">&quot;DOMAIN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domain<span class="hl opt">,</span>
            <span class="hl str">&quot;SCHEMADN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>schemadn<span class="hl opt">,</span>
            <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">,</span>
            <span class="hl str">&quot;SERVERDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>serverdn<span class="hl opt">,</span>
            <span class="hl str">&quot;FOREST_FUNCTIONALITY&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span>forestFunctionality<span class="hl opt">),</span>
            <span class="hl str">&quot;DOMAIN_FUNCTIONALITY&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainFunctionality<span class="hl opt">),</span>
            <span class="hl str">&quot;SITES_DESCRIPTOR&quot;</span><span class="hl opt">:</span> descr
            <span class="hl opt">})</span>

        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up display specifiers&quot;</span><span class="hl opt">)</span>
        display_specifiers_ldif <span class="hl opt">=</span> <span class="hl kwd">read_ms_ldif</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&#39;display-specifiers/DisplaySpecifiers-Win2k8R2.txt&#39;</span><span class="hl opt">))</span>
        display_specifiers_ldif <span class="hl opt">=</span> <span class="hl kwd">substitute_var</span><span class="hl opt">(</span>display_specifiers_ldif<span class="hl opt">, {</span><span class="hl str">&quot;CONFIGDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>configdn<span class="hl opt">})</span>
        <span class="hl kwd">check_all_substituted</span><span class="hl opt">(</span>display_specifiers_ldif<span class="hl opt">)</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">add_ldif</span><span class="hl opt">(</span>display_specifiers_ldif<span class="hl opt">)</span>

        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Adding users container&quot;</span><span class="hl opt">)</span>
        <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_users_add.ldif&quot;</span><span class="hl opt">), {</span>
                <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">})</span>
        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Modifying users container&quot;</span><span class="hl opt">)</span>
        <span class="hl kwd">setup_modify_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_users_modify.ldif&quot;</span><span class="hl opt">), {</span>
                <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">})</span>
        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Adding computers container&quot;</span><span class="hl opt">)</span>
        <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_computers_add.ldif&quot;</span><span class="hl opt">), {</span>
                <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">})</span>
        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Modifying computers container&quot;</span><span class="hl opt">)</span>
        <span class="hl kwd">setup_modify_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_computers_modify.ldif&quot;</span><span class="hl opt">), {</span>
                <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">})</span>
        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up sam.ldb data&quot;</span><span class="hl opt">)</span>
        <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision.ldif&quot;</span><span class="hl opt">), {</span>
            <span class="hl str">&quot;CREATTIME&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span><span class="hl kwb">int</span><span class="hl opt">(</span>time<span class="hl opt">.</span><span class="hl kwd">time</span><span class="hl opt">() *</span> <span class="hl num">1</span>e7<span class="hl opt">)),</span> <span class="hl slc"># seconds -&gt; ticks</span>
            <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">,</span>
            <span class="hl str">&quot;NETBIOSNAME&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>netbiosname<span class="hl opt">,</span>
            <span class="hl str">&quot;DEFAULTSITE&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>sitename<span class="hl opt">,</span>
            <span class="hl str">&quot;CONFIGDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>configdn<span class="hl opt">,</span>
            <span class="hl str">&quot;SERVERDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>serverdn<span class="hl opt">,</span>
            <span class="hl str">&quot;RIDAVAILABLESTART&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span>next_rid <span class="hl opt">+</span> <span class="hl num">600</span><span class="hl opt">),</span>
            <span class="hl str">&quot;POLICYGUID_DC&quot;</span><span class="hl opt">:</span> policyguid_dc
            <span class="hl opt">})</span>

        <span class="hl kwd">setup_modify_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_basedn_references.ldif&quot;</span><span class="hl opt">), {</span>
                <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">})</span>

        <span class="hl kwd">setup_modify_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_configuration_references.ldif&quot;</span><span class="hl opt">), {</span>
                <span class="hl str">&quot;CONFIGDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>configdn<span class="hl opt">,</span>
                <span class="hl str">&quot;SCHEMADN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>schemadn<span class="hl opt">})</span>
        <span class="hl kwa">if</span> fill <span class="hl opt">==</span> FILL_FULL<span class="hl opt">:</span>
            logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up sam.ldb users and groups&quot;</span><span class="hl opt">)</span>
            <span class="hl kwd">setup_add_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_users.ldif&quot;</span><span class="hl opt">), {</span>
                <span class="hl str">&quot;DOMAINDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">,</span>
                <span class="hl str">&quot;DOMAINSID&quot;</span><span class="hl opt">:</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">),</span>
                <span class="hl str">&quot;CONFIGDN&quot;</span><span class="hl opt">:</span> names<span class="hl opt">.</span>configdn<span class="hl opt">,</span>
                <span class="hl str">&quot;ADMINPASS_B64&quot;</span><span class="hl opt">:</span> <span class="hl kwd">b64encode</span><span class="hl opt">(</span>adminpass<span class="hl opt">),</span>
                <span class="hl str">&quot;KRBTGTPASS_B64&quot;</span><span class="hl opt">:</span> <span class="hl kwd">b64encode</span><span class="hl opt">(</span>krbtgtpass<span class="hl opt">),</span>
                <span class="hl opt">})</span>

            logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up self join&quot;</span><span class="hl opt">)</span>
            <span class="hl kwd">setup_self_join</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> names<span class="hl opt">=</span>names<span class="hl opt">,</span> invocationid<span class="hl opt">=</span>invocationid<span class="hl opt">,</span>
                            dnspass<span class="hl opt">=</span>dnspass<span class="hl opt">,</span>
                            machinepass<span class="hl opt">=</span>machinepass<span class="hl opt">,</span>
                            domainsid<span class="hl opt">=</span>domainsid<span class="hl opt">,</span>
                            next_rid<span class="hl opt">=</span>next_rid<span class="hl opt">,</span>
                            policyguid<span class="hl opt">=</span>policyguid<span class="hl opt">,</span>
                            policyguid_dc<span class="hl opt">=</span>policyguid_dc<span class="hl opt">,</span>
                            setup_path<span class="hl opt">=</span>setup_path<span class="hl opt">,</span>
                            domainControllerFunctionality<span class="hl opt">=</span>domainControllerFunctionality<span class="hl opt">,</span>
                            ntdsguid<span class="hl opt">=</span>ntdsguid<span class="hl opt">)</span>

            ntds_dn <span class="hl opt">=</span> <span class="hl str">&quot;CN=NTDS Settings,</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> names<span class="hl opt">.</span>serverdn
            names<span class="hl opt">.</span>ntdsguid <span class="hl opt">=</span> samdb<span class="hl opt">.</span><span class="hl kwd">searchone</span><span class="hl opt">(</span>basedn<span class="hl opt">=</span>ntds_dn<span class="hl opt">,</span>
                attribute<span class="hl opt">=</span><span class="hl str">&quot;objectGUID&quot;</span><span class="hl opt">,</span> expression<span class="hl opt">=</span><span class="hl str">&quot;&quot;</span><span class="hl opt">,</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_BASE<span class="hl opt">)</span>
            <span class="hl kwa">assert</span> <span class="hl kwb">isinstance</span><span class="hl opt">(</span>names<span class="hl opt">.</span>ntdsguid<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">)</span>
    <span class="hl kwa">except</span><span class="hl opt">:</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">transaction_cancel</span><span class="hl opt">()</span>
        <span class="hl kwa">raise</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        samdb<span class="hl opt">.</span><span class="hl kwd">transaction_commit</span><span class="hl opt">()</span>
        <span class="hl kwa">return</span> samdb


FILL_FULL <span class="hl opt">=</span> <span class="hl str">&quot;FULL&quot;</span>
FILL_NT4SYNC <span class="hl opt">=</span> <span class="hl str">&quot;NT4SYNC&quot;</span>
FILL_DRS <span class="hl opt">=</span> <span class="hl str">&quot;DRS&quot;</span>
SYSVOL_ACL <span class="hl opt">=</span> <span class="hl str">&quot;O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)&quot;</span>
POLICIES_ACL <span class="hl opt">=</span> <span class="hl str">&quot;O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001301bf;;;PA)&quot;</span>

<span class="hl kwa">def</span> <span class="hl kwd">set_dir_acl</span><span class="hl opt">(</span>path<span class="hl opt">,</span> acl<span class="hl opt">,</span> lp<span class="hl opt">,</span> domsid<span class="hl opt">):</span>
    <span class="hl kwd">setntacl</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> path<span class="hl opt">,</span> acl<span class="hl opt">,</span> domsid<span class="hl opt">)</span>
    <span class="hl kwa">for</span> root<span class="hl opt">,</span> dirs<span class="hl opt">,</span> files <span class="hl kwa">in</span> os<span class="hl opt">.</span><span class="hl kwd">walk</span><span class="hl opt">(</span>path<span class="hl opt">,</span> topdown<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">):</span>
        <span class="hl kwa">for</span> name <span class="hl kwa">in</span> files<span class="hl opt">:</span>
            <span class="hl kwd">setntacl</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>root<span class="hl opt">,</span> name<span class="hl opt">),</span> acl<span class="hl opt">,</span> domsid<span class="hl opt">)</span>
        <span class="hl kwa">for</span> name <span class="hl kwa">in</span> dirs<span class="hl opt">:</span>
            <span class="hl kwd">setntacl</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>root<span class="hl opt">,</span> name<span class="hl opt">),</span> acl<span class="hl opt">,</span> domsid<span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">set_gpos_acl</span><span class="hl opt">(</span>sysvol<span class="hl opt">,</span> dnsdomain<span class="hl opt">,</span> domainsid<span class="hl opt">,</span> domaindn<span class="hl opt">,</span> samdb<span class="hl opt">,</span> lp<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Set ACL on the sysvol/&lt;dnsname&gt;/Policies folder and the policy</span>
<span class="hl str">    folders beneath.</span>
<span class="hl str"></span>
<span class="hl str">    :param sysvol: Physical path for the sysvol folder</span>
<span class="hl str">    :param dnsdomain: The DNS name of the domain</span>
<span class="hl str">    :param domainsid: The SID of the domain</span>
<span class="hl str">    :param domaindn: The DN of the domain (ie. DC=...)</span>
<span class="hl str">    :param samdb: An LDB object on the SAM db</span>
<span class="hl str">    :param lp: an LP object</span>
<span class="hl str">    &quot;&quot;&quot;</span>

    <span class="hl slc"># Set ACL for GPO root folder</span>
    root_policy_path <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>sysvol<span class="hl opt">,</span> dnsdomain<span class="hl opt">,</span> <span class="hl str">&quot;Policies&quot;</span><span class="hl opt">)</span>
    <span class="hl kwd">setntacl</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> root_policy_path<span class="hl opt">,</span> POLICIES_ACL<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">))</span>

    res <span class="hl opt">=</span> samdb<span class="hl opt">.</span><span class="hl kwd">search</span><span class="hl opt">(</span>base<span class="hl opt">=</span><span class="hl str">&quot;CN=Policies,CN=System,</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span><span class="hl opt">%(domaindn),</span>
                        attrs<span class="hl opt">=[</span><span class="hl str">&quot;cn&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;nTSecurityDescriptor&quot;</span><span class="hl opt">],</span>
                        expression<span class="hl opt">=</span><span class="hl str">&quot;&quot;</span><span class="hl opt">,</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_ONELEVEL<span class="hl opt">)</span>

    <span class="hl kwa">for</span> policy <span class="hl kwa">in</span> res<span class="hl opt">:</span>
        acl <span class="hl opt">=</span> <span class="hl kwd">ndr_unpack</span><span class="hl opt">(</span>security<span class="hl opt">.</span>descriptor<span class="hl opt">,</span> 
                         <span class="hl kwb">str</span><span class="hl opt">(</span>policy<span class="hl opt">[</span><span class="hl str">&quot;nTSecurityDescriptor&quot;</span><span class="hl opt">])).</span><span class="hl kwd">as_sddl</span><span class="hl opt">()</span>
        policy_path <span class="hl opt">=</span> <span class="hl kwd">getpolicypath</span><span class="hl opt">(</span>sysvol<span class="hl opt">,</span> dnsdomain<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">(</span>policy<span class="hl opt">[</span><span class="hl str">&quot;cn&quot;</span><span class="hl opt">]))</span>
        <span class="hl kwd">set_dir_acl</span><span class="hl opt">(</span>policy_path<span class="hl opt">,</span> <span class="hl kwd">dsacl2fsacl</span><span class="hl opt">(</span>acl<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">)),</span> lp<span class="hl opt">,</span> 
                    <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">))</span>

<span class="hl kwa">def</span> <span class="hl kwd">setsysvolacl</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> netlogon<span class="hl opt">,</span> sysvol<span class="hl opt">,</span> gid<span class="hl opt">,</span> domainsid<span class="hl opt">,</span> dnsdomain<span class="hl opt">,</span> domaindn<span class="hl opt">,</span>
    lp<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Set the ACL for the sysvol share and the subfolders</span>
<span class="hl str"></span>
<span class="hl str">    :param samdb: An LDB object on the SAM db</span>
<span class="hl str">    :param netlogon: Physical path for the netlogon folder</span>
<span class="hl str">    :param sysvol: Physical path for the sysvol folder</span>
<span class="hl str">    :param gid: The GID of the &quot;Domain adminstrators&quot; group</span>
<span class="hl str">    :param domainsid: The SID of the domain</span>
<span class="hl str">    :param dnsdomain: The DNS name of the domain</span>
<span class="hl str">    :param domaindn: The DN of the domain (ie. DC=...)</span>
<span class="hl str">    &quot;&quot;&quot;</span>

    <span class="hl kwa">try</span><span class="hl opt">:</span>
        os<span class="hl opt">.</span><span class="hl kwd">chown</span><span class="hl opt">(</span>sysvol<span class="hl opt">,-</span><span class="hl num">1</span><span class="hl opt">,</span>gid<span class="hl opt">)</span>
    <span class="hl kwa">except</span><span class="hl opt">:</span>
        canchown <span class="hl opt">=</span> <span class="hl kwa">False</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        canchown <span class="hl opt">=</span> <span class="hl kwa">True</span>

    <span class="hl slc"># Set the SYSVOL_ACL on the sysvol folder and subfolder (first level)</span>
    <span class="hl kwd">setntacl</span><span class="hl opt">(</span>lp<span class="hl opt">,</span>sysvol<span class="hl opt">,</span> SYSVOL_ACL<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">))</span>
    <span class="hl kwa">for</span> root<span class="hl opt">,</span> dirs<span class="hl opt">,</span> files <span class="hl kwa">in</span> os<span class="hl opt">.</span><span class="hl kwd">walk</span><span class="hl opt">(</span>sysvol<span class="hl opt">,</span> topdown<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">):</span>
        <span class="hl kwa">for</span> name <span class="hl kwa">in</span> files<span class="hl opt">:</span>
            <span class="hl kwa">if</span> canchown<span class="hl opt">:</span>
                os<span class="hl opt">.</span><span class="hl kwd">chown</span><span class="hl opt">(</span>os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>root<span class="hl opt">,</span> name<span class="hl opt">), -</span><span class="hl num">1</span><span class="hl opt">,</span> gid<span class="hl opt">)</span>
            <span class="hl kwd">setntacl</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>root<span class="hl opt">,</span> name<span class="hl opt">),</span> SYSVOL_ACL<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">))</span>
        <span class="hl kwa">for</span> name <span class="hl kwa">in</span> dirs<span class="hl opt">:</span>
            <span class="hl kwa">if</span> canchown<span class="hl opt">:</span>
                os<span class="hl opt">.</span><span class="hl kwd">chown</span><span class="hl opt">(</span>os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>root<span class="hl opt">,</span> name<span class="hl opt">), -</span><span class="hl num">1</span><span class="hl opt">,</span> gid<span class="hl opt">)</span>
            <span class="hl kwd">setntacl</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>root<span class="hl opt">,</span> name<span class="hl opt">),</span> SYSVOL_ACL<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">))</span>

    <span class="hl slc"># Set acls on Policy folder and policies folders</span>
    <span class="hl kwd">set_gpos_acl</span><span class="hl opt">(</span>sysvol<span class="hl opt">,</span> dnsdomain<span class="hl opt">,</span> domainsid<span class="hl opt">,</span> domaindn<span class="hl opt">,</span> samdb<span class="hl opt">,</span> lp<span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">provision</span><span class="hl opt">(</span>setup_dir<span class="hl opt">,</span> logger<span class="hl opt">,</span> session_info<span class="hl opt">,</span> 
              credentials<span class="hl opt">,</span> smbconf<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> targetdir<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> samdb_fill<span class="hl opt">=</span>FILL_FULL<span class="hl opt">,</span>
              realm<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> 
              rootdn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> domaindn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> schemadn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> configdn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> 
              serverdn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
              domain<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> hostname<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> hostip<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> hostip6<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> 
              domainsid<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> next_rid<span class="hl opt">=</span><span class="hl num">1000</span><span class="hl opt">,</span>
              adminpass<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> ldapadminpass<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
              krbtgtpass<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> domainguid<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> 
              policyguid<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> policyguid_dc<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> invocationid<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
              machinepass<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> ntdsguid<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
              dnspass<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> root<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> nobody<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> users<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> 
              wheel<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> backup<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> aci<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> serverrole<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
              dom_for_fun_level<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
              ldap_backend_extra_port<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> ldap_backend_forced_uri<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> backend_type<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
              sitename<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
              ol_mmr_urls<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> ol_olc<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> 
              setup_ds_path<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> slapd_path<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> nosync<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">,</span>
              ldap_dryrun_mode<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">,</span> useeadb<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">,</span> am_rodc<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Provision samba4</span>
<span class="hl str">    </span>
<span class="hl str">    :note: caution, this wipes all existing data!</span>
<span class="hl str">    &quot;&quot;&quot;</span>

    <span class="hl kwa">def</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl kwb">file</span><span class="hl opt">):</span>
      <span class="hl kwa">return</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>setup_dir<span class="hl opt">,</span> <span class="hl kwb">file</span><span class="hl opt">)</span>

    <span class="hl kwa">if</span> domainsid <span class="hl kwa">is None</span><span class="hl opt">:</span>
      domainsid <span class="hl opt">=</span> security<span class="hl opt">.</span><span class="hl kwd">random_sid</span><span class="hl opt">()</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
      domainsid <span class="hl opt">=</span> security<span class="hl opt">.</span><span class="hl kwd">dom_sid</span><span class="hl opt">(</span>domainsid<span class="hl opt">)</span>

    <span class="hl slc"># create/adapt the group policy GUIDs</span>
    <span class="hl slc"># Default GUID for default policy are described at</span>
    <span class="hl slc"># &quot;How Core Group Policy Works&quot;</span>
    <span class="hl slc"># http://technet.microsoft.com/en-us/library/cc784268%28WS.10%29.aspx</span>
    <span class="hl kwa">if</span> policyguid <span class="hl kwa">is None</span><span class="hl opt">:</span>
        policyguid <span class="hl opt">=</span> DEFAULT_POLICY_GUID
    policyguid <span class="hl opt">=</span> policyguid<span class="hl opt">.</span><span class="hl kwd">upper</span><span class="hl opt">()</span>
    <span class="hl kwa">if</span> policyguid_dc <span class="hl kwa">is None</span><span class="hl opt">:</span>
        policyguid_dc <span class="hl opt">=</span> DEFAULT_DC_POLICY_GUID
    policyguid_dc <span class="hl opt">=</span> policyguid_dc<span class="hl opt">.</span><span class="hl kwd">upper</span><span class="hl opt">()</span>

    <span class="hl kwa">if</span> adminpass <span class="hl kwa">is None</span><span class="hl opt">:</span>
        adminpass <span class="hl opt">=</span> samba<span class="hl opt">.</span><span class="hl kwd">generate_random_password</span><span class="hl opt">(</span><span class="hl num">12</span><span class="hl opt">,</span> <span class="hl num">32</span><span class="hl opt">)</span>
    <span class="hl kwa">if</span> krbtgtpass <span class="hl kwa">is None</span><span class="hl opt">:</span>
        krbtgtpass <span class="hl opt">=</span> samba<span class="hl opt">.</span><span class="hl kwd">generate_random_password</span><span class="hl opt">(</span><span class="hl num">128</span><span class="hl opt">,</span> <span class="hl num">255</span><span class="hl opt">)</span>
    <span class="hl kwa">if</span> machinepass <span class="hl kwa">is None</span><span class="hl opt">:</span>
        machinepass  <span class="hl opt">=</span> samba<span class="hl opt">.</span><span class="hl kwd">generate_random_password</span><span class="hl opt">(</span><span class="hl num">128</span><span class="hl opt">,</span> <span class="hl num">255</span><span class="hl opt">)</span>
    <span class="hl kwa">if</span> dnspass <span class="hl kwa">is None</span><span class="hl opt">:</span>
        dnspass <span class="hl opt">=</span> samba<span class="hl opt">.</span><span class="hl kwd">generate_random_password</span><span class="hl opt">(</span><span class="hl num">128</span><span class="hl opt">,</span> <span class="hl num">255</span><span class="hl opt">)</span>
    <span class="hl kwa">if</span> ldapadminpass <span class="hl kwa">is None</span><span class="hl opt">:</span>
        <span class="hl slc">#Make a new, random password between Samba and it&#39;s LDAP server</span>
        ldapadminpass<span class="hl opt">=</span>samba<span class="hl opt">.</span><span class="hl kwd">generate_random_password</span><span class="hl opt">(</span><span class="hl num">128</span><span class="hl opt">,</span> <span class="hl num">255</span><span class="hl opt">)</span>

    <span class="hl kwa">if</span> backend_type <span class="hl kwa">is None</span><span class="hl opt">:</span>
        backend_type <span class="hl opt">=</span> <span class="hl str">&quot;ldb&quot;</span>

    sid_generator <span class="hl opt">=</span> <span class="hl str">&quot;internal&quot;</span>
    <span class="hl kwa">if</span> backend_type <span class="hl opt">==</span> <span class="hl str">&quot;fedora-ds&quot;</span><span class="hl opt">:</span>
        sid_generator <span class="hl opt">=</span> <span class="hl str">&quot;backend&quot;</span>

    root_uid <span class="hl opt">=</span> <span class="hl kwd">findnss_uid</span><span class="hl opt">([</span>root <span class="hl kwa">or</span> <span class="hl str">&quot;root&quot;</span><span class="hl opt">])</span>
    nobody_uid <span class="hl opt">=</span> <span class="hl kwd">findnss_uid</span><span class="hl opt">([</span>nobody <span class="hl kwa">or</span> <span class="hl str">&quot;nobody&quot;</span><span class="hl opt">])</span>
    users_gid <span class="hl opt">=</span> <span class="hl kwd">findnss_gid</span><span class="hl opt">([</span>users <span class="hl kwa">or</span> <span class="hl str">&quot;users&quot;</span><span class="hl opt">,</span> <span class="hl str">&#39;users&#39;</span><span class="hl opt">,</span> <span class="hl str">&#39;other&#39;</span><span class="hl opt">,</span> <span class="hl str">&#39;staff&#39;</span><span class="hl opt">])</span>
    <span class="hl kwa">if</span> wheel <span class="hl kwa">is None</span><span class="hl opt">:</span>
        wheel_gid <span class="hl opt">=</span> <span class="hl kwd">findnss_gid</span><span class="hl opt">([</span><span class="hl str">&quot;wheel&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;adm&quot;</span><span class="hl opt">])</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        wheel_gid <span class="hl opt">=</span> <span class="hl kwd">findnss_gid</span><span class="hl opt">([</span>wheel<span class="hl opt">])</span>
    <span class="hl kwa">try</span><span class="hl opt">:</span>
        bind_gid <span class="hl opt">=</span> <span class="hl kwd">findnss_gid</span><span class="hl opt">([</span><span class="hl str">&quot;bind&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;named&quot;</span><span class="hl opt">])</span>
    <span class="hl kwa">except</span> <span class="hl kwc">KeyError</span><span class="hl opt">:</span>
        bind_gid <span class="hl opt">=</span> <span class="hl kwa">None</span>

    <span class="hl kwa">if</span> targetdir <span class="hl kwa">is not None</span><span class="hl opt">:</span>
        smbconf <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>targetdir<span class="hl opt">,</span> <span class="hl str">&quot;etc&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;smb.conf&quot;</span><span class="hl opt">)</span>
    <span class="hl kwa">elif</span> smbconf <span class="hl kwa">is None</span><span class="hl opt">:</span>
        smbconf <span class="hl opt">=</span> samba<span class="hl opt">.</span>param<span class="hl opt">.</span><span class="hl kwd">default_path</span><span class="hl opt">()</span>
    <span class="hl kwa">if not</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">dirname</span><span class="hl opt">(</span>smbconf<span class="hl opt">)):</span>
        os<span class="hl opt">.</span><span class="hl kwd">makedirs</span><span class="hl opt">(</span>os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">dirname</span><span class="hl opt">(</span>smbconf<span class="hl opt">))</span>

    <span class="hl slc"># only install a new smb.conf if there isn&#39;t one there already</span>
    <span class="hl kwa">if</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>smbconf<span class="hl opt">):</span>
        <span class="hl slc"># if Samba Team members can&#39;t figure out the weird errors</span>
        <span class="hl slc"># loading an empty smb.conf gives, then we need to be smarter.</span>
        <span class="hl slc"># Pretend it just didn&#39;t exist --abartlet</span>
        data <span class="hl opt">=</span> <span class="hl kwb">open</span><span class="hl opt">(</span>smbconf<span class="hl opt">,</span> <span class="hl str">&#39;r&#39;</span><span class="hl opt">).</span><span class="hl kwd">read</span><span class="hl opt">()</span>
        data <span class="hl opt">=</span> data<span class="hl opt">.</span><span class="hl kwd">lstrip</span><span class="hl opt">()</span>
        <span class="hl kwa">if</span> data <span class="hl kwa">is None or</span> data <span class="hl opt">==</span> <span class="hl str">&quot;&quot;</span><span class="hl opt">:</span>
            <span class="hl kwd">make_smbconf</span><span class="hl opt">(</span>smbconf<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> hostname<span class="hl opt">,</span> domain<span class="hl opt">,</span> realm<span class="hl opt">,</span>
                         serverrole<span class="hl opt">,</span> targetdir<span class="hl opt">,</span> sid_generator<span class="hl opt">,</span> useeadb<span class="hl opt">)</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span> 
        <span class="hl kwd">make_smbconf</span><span class="hl opt">(</span>smbconf<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> hostname<span class="hl opt">,</span> domain<span class="hl opt">,</span> realm<span class="hl opt">,</span> serverrole<span class="hl opt">,</span> 
                     targetdir<span class="hl opt">,</span> sid_generator<span class="hl opt">,</span> useeadb<span class="hl opt">)</span>

    lp <span class="hl opt">=</span> samba<span class="hl opt">.</span>param<span class="hl opt">.</span><span class="hl kwd">LoadParm</span><span class="hl opt">()</span>
    lp<span class="hl opt">.</span><span class="hl kwd">load</span><span class="hl opt">(</span>smbconf<span class="hl opt">)</span>

    names <span class="hl opt">=</span> <span class="hl kwd">guess_names</span><span class="hl opt">(</span>lp<span class="hl opt">=</span>lp<span class="hl opt">,</span> hostname<span class="hl opt">=</span>hostname<span class="hl opt">,</span> domain<span class="hl opt">=</span>domain<span class="hl opt">,</span>
                        dnsdomain<span class="hl opt">=</span>realm<span class="hl opt">,</span> serverrole<span class="hl opt">=</span>serverrole<span class="hl opt">,</span>
                        domaindn<span class="hl opt">=</span>domaindn<span class="hl opt">,</span> configdn<span class="hl opt">=</span>configdn<span class="hl opt">,</span> schemadn<span class="hl opt">=</span>schemadn<span class="hl opt">,</span>
                        serverdn<span class="hl opt">=</span>serverdn<span class="hl opt">,</span> sitename<span class="hl opt">=</span>sitename<span class="hl opt">)</span>

    paths <span class="hl opt">=</span> <span class="hl kwd">provision_paths_from_lp</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> names<span class="hl opt">.</span>dnsdomain<span class="hl opt">)</span>

    paths<span class="hl opt">.</span>bind_gid <span class="hl opt">=</span> bind_gid

    <span class="hl kwa">if</span> hostip <span class="hl kwa">is None</span><span class="hl opt">:</span>
        hostips <span class="hl opt">=</span> samba<span class="hl opt">.</span><span class="hl kwd">interface_ips</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> <span class="hl kwa">False</span><span class="hl opt">)</span>
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>hostips<span class="hl opt">) ==</span> <span class="hl num">0</span><span class="hl opt">:</span>
            logger<span class="hl opt">.</span><span class="hl kwd">warning</span><span class="hl opt">(</span><span class="hl str">&quot;No external IPv4 address has been found. Using loopback.&quot;</span><span class="hl opt">)</span>
            hostip <span class="hl opt">=</span> <span class="hl str">&#39;127.0.0.1&#39;</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            hostip <span class="hl opt">=</span> hostips<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">]</span>
            <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>hostips<span class="hl opt">) &gt;</span> <span class="hl num">1</span><span class="hl opt">:</span>
                logger<span class="hl opt">.</span><span class="hl kwd">warning</span><span class="hl opt">(</span><span class="hl str">&quot;More than one IPv4 address found. Using</span> <span class="hl ipl">%s</span><span class="hl str">.&quot;</span><span class="hl opt">,</span> hostip<span class="hl opt">)</span>

    <span class="hl kwa">if</span> hostip6 <span class="hl kwa">is None</span><span class="hl opt">:</span>
        <span class="hl kwa">try</span><span class="hl opt">:</span>
            <span class="hl kwa">for</span> ip <span class="hl kwa">in</span> socket<span class="hl opt">.</span><span class="hl kwd">getaddrinfo</span><span class="hl opt">(</span>names<span class="hl opt">.</span>hostname<span class="hl opt">,</span> <span class="hl kwa">None</span><span class="hl opt">,</span> socket<span class="hl opt">.</span>AF_INET6<span class="hl opt">,</span> socket<span class="hl opt">.</span>AI_CANONNAME<span class="hl opt">,</span> socket<span class="hl opt">.</span>IPPROTO_IP<span class="hl opt">):</span>
                <span class="hl kwa">if</span> hostip6 <span class="hl kwa">is None</span><span class="hl opt">:</span>
                    hostip6 <span class="hl opt">=</span> ip<span class="hl opt">[-</span><span class="hl num">1</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">]</span>
                <span class="hl kwa">if</span> hostip6 <span class="hl opt">==</span> <span class="hl str">&#39;::1&#39;</span> <span class="hl kwa">and</span> ip<span class="hl opt">[-</span><span class="hl num">1</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">] !=</span> <span class="hl str">&#39;::1&#39;</span><span class="hl opt">:</span>
                    hostip6 <span class="hl opt">=</span> ip<span class="hl opt">[-</span><span class="hl num">1</span><span class="hl opt">][</span><span class="hl num">0</span><span class="hl opt">]</span>
        <span class="hl kwa">except</span> socket<span class="hl opt">.</span>gaierror<span class="hl opt">, (</span>socket<span class="hl opt">.</span>EAI_NODATA<span class="hl opt">,</span> msg<span class="hl opt">):</span> 
            hostip6 <span class="hl opt">=</span> <span class="hl kwa">None</span>

    <span class="hl kwa">if</span> serverrole <span class="hl kwa">is None</span><span class="hl opt">:</span>
        serverrole <span class="hl opt">=</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;server role&quot;</span><span class="hl opt">)</span>

    <span class="hl kwa">assert</span> serverrole <span class="hl kwa">in</span> <span class="hl opt">(</span><span class="hl str">&quot;domain controller&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;member server&quot;</span><span class="hl opt">,</span> <span class="hl str">&quot;standalone&quot;</span><span class="hl opt">)</span>
    <span class="hl kwa">if</span> invocationid <span class="hl kwa">is None</span><span class="hl opt">:</span>
        invocationid <span class="hl opt">=</span> <span class="hl kwb">str</span><span class="hl opt">(</span>uuid<span class="hl opt">.</span><span class="hl kwd">uuid4</span><span class="hl opt">())</span>

    <span class="hl kwa">if not</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">):</span>
        os<span class="hl opt">.</span><span class="hl kwd">mkdir</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">)</span>
    <span class="hl kwa">if not</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> <span class="hl str">&quot;tls&quot;</span><span class="hl opt">)):</span>
        os<span class="hl opt">.</span><span class="hl kwd">mkdir</span><span class="hl opt">(</span>os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> <span class="hl str">&quot;tls&quot;</span><span class="hl opt">))</span>

    ldapi_url <span class="hl opt">=</span> <span class="hl str">&quot;ldapi://</span><span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> urllib<span class="hl opt">.</span><span class="hl kwd">quote</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>s4_ldapi_path<span class="hl opt">,</span> safe<span class="hl opt">=</span><span class="hl str">&quot;&quot;</span><span class="hl opt">)</span>
 
    schema <span class="hl opt">=</span> <span class="hl kwd">Schema</span><span class="hl opt">(</span>setup_path<span class="hl opt">,</span> domainsid<span class="hl opt">,</span> invocationid<span class="hl opt">=</span>invocationid<span class="hl opt">,</span> schemadn<span class="hl opt">=</span>names<span class="hl opt">.</span>schemadn<span class="hl opt">)</span>

    <span class="hl kwa">if</span> backend_type <span class="hl opt">==</span> <span class="hl str">&quot;ldb&quot;</span><span class="hl opt">:</span>
        provision_backend <span class="hl opt">=</span> <span class="hl kwd">LDBBackend</span><span class="hl opt">(</span>backend_type<span class="hl opt">,</span>
                                       paths<span class="hl opt">=</span>paths<span class="hl opt">,</span> setup_path<span class="hl opt">=</span>setup_path<span class="hl opt">,</span>
                                       lp<span class="hl opt">=</span>lp<span class="hl opt">,</span> credentials<span class="hl opt">=</span>credentials<span class="hl opt">,</span> 
                                       names<span class="hl opt">=</span>names<span class="hl opt">,</span>
                                       logger<span class="hl opt">=</span>logger<span class="hl opt">)</span>
    <span class="hl kwa">elif</span> backend_type <span class="hl opt">==</span> <span class="hl str">&quot;existing&quot;</span><span class="hl opt">:</span>
        provision_backend <span class="hl opt">=</span> <span class="hl kwd">ExistingBackend</span><span class="hl opt">(</span>backend_type<span class="hl opt">,</span>
                                            paths<span class="hl opt">=</span>paths<span class="hl opt">,</span> setup_path<span class="hl opt">=</span>setup_path<span class="hl opt">,</span>
                                            lp<span class="hl opt">=</span>lp<span class="hl opt">,</span> credentials<span class="hl opt">=</span>credentials<span class="hl opt">,</span> 
                                            names<span class="hl opt">=</span>names<span class="hl opt">,</span>
                                            logger<span class="hl opt">=</span>logger<span class="hl opt">,</span>
                                            ldap_backend_forced_uri<span class="hl opt">=</span>ldap_backend_forced_uri<span class="hl opt">)</span>
    <span class="hl kwa">elif</span> backend_type <span class="hl opt">==</span> <span class="hl str">&quot;fedora-ds&quot;</span><span class="hl opt">:</span>
        provision_backend <span class="hl opt">=</span> <span class="hl kwd">FDSBackend</span><span class="hl opt">(</span>backend_type<span class="hl opt">,</span>
                                       paths<span class="hl opt">=</span>paths<span class="hl opt">,</span> setup_path<span class="hl opt">=</span>setup_path<span class="hl opt">,</span>
                                       lp<span class="hl opt">=</span>lp<span class="hl opt">,</span> credentials<span class="hl opt">=</span>credentials<span class="hl opt">,</span> 
                                       names<span class="hl opt">=</span>names<span class="hl opt">,</span>
                                       logger<span class="hl opt">=</span>logger<span class="hl opt">,</span>
                                       domainsid<span class="hl opt">=</span>domainsid<span class="hl opt">,</span>
                                       schema<span class="hl opt">=</span>schema<span class="hl opt">,</span>
                                       hostname<span class="hl opt">=</span>hostname<span class="hl opt">,</span>
                                       ldapadminpass<span class="hl opt">=</span>ldapadminpass<span class="hl opt">,</span>
                                       slapd_path<span class="hl opt">=</span>slapd_path<span class="hl opt">,</span>
                                       ldap_backend_extra_port<span class="hl opt">=</span>ldap_backend_extra_port<span class="hl opt">,</span>
                                       ldap_dryrun_mode<span class="hl opt">=</span>ldap_dryrun_mode<span class="hl opt">,</span>
                                       root<span class="hl opt">=</span>root<span class="hl opt">,</span>
                                       setup_ds_path<span class="hl opt">=</span>setup_ds_path<span class="hl opt">,</span>
                                       ldap_backend_forced_uri<span class="hl opt">=</span>ldap_backend_forced_uri<span class="hl opt">)</span>
    <span class="hl kwa">elif</span> backend_type <span class="hl opt">==</span> <span class="hl str">&quot;openldap&quot;</span><span class="hl opt">:</span>
        provision_backend <span class="hl opt">=</span> <span class="hl kwd">OpenLDAPBackend</span><span class="hl opt">(</span>backend_type<span class="hl opt">,</span>
                                            paths<span class="hl opt">=</span>paths<span class="hl opt">,</span> setup_path<span class="hl opt">=</span>setup_path<span class="hl opt">,</span>
                                            lp<span class="hl opt">=</span>lp<span class="hl opt">,</span> credentials<span class="hl opt">=</span>credentials<span class="hl opt">,</span> 
                                            names<span class="hl opt">=</span>names<span class="hl opt">,</span>
                                            logger<span class="hl opt">=</span>logger<span class="hl opt">,</span>
                                            domainsid<span class="hl opt">=</span>domainsid<span class="hl opt">,</span>
                                            schema<span class="hl opt">=</span>schema<span class="hl opt">,</span>
                                            hostname<span class="hl opt">=</span>hostname<span class="hl opt">,</span>
                                            ldapadminpass<span class="hl opt">=</span>ldapadminpass<span class="hl opt">,</span>
                                            slapd_path<span class="hl opt">=</span>slapd_path<span class="hl opt">,</span>
                                            ldap_backend_extra_port<span class="hl opt">=</span>ldap_backend_extra_port<span class="hl opt">,</span>
                                            ldap_dryrun_mode<span class="hl opt">=</span>ldap_dryrun_mode<span class="hl opt">,</span>
                                            ol_mmr_urls<span class="hl opt">=</span>ol_mmr_urls<span class="hl opt">,</span> 
                                            nosync<span class="hl opt">=</span>nosync<span class="hl opt">,</span>
                                            ldap_backend_forced_uri<span class="hl opt">=</span>ldap_backend_forced_uri<span class="hl opt">)</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwc">ValueError</span><span class="hl opt">(</span><span class="hl str">&quot;Unknown LDAP backend type selected&quot;</span><span class="hl opt">)</span>

    provision_backend<span class="hl opt">.</span><span class="hl kwd">init</span><span class="hl opt">()</span>
    provision_backend<span class="hl opt">.</span><span class="hl kwd">start</span><span class="hl opt">()</span>

    <span class="hl slc"># only install a new shares config db if there is none</span>
    <span class="hl kwa">if not</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>shareconf<span class="hl opt">):</span>
        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up share.ldb&quot;</span><span class="hl opt">)</span>
        share_ldb <span class="hl opt">=</span> <span class="hl kwd">Ldb</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>shareconf<span class="hl opt">,</span> session_info<span class="hl opt">=</span>session_info<span class="hl opt">,</span> 
                        lp<span class="hl opt">=</span>lp<span class="hl opt">)</span>
        share_ldb<span class="hl opt">.</span><span class="hl kwd">load_ldif_file_add</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;share.ldif&quot;</span><span class="hl opt">))</span>

    logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up secrets.ldb&quot;</span><span class="hl opt">)</span>
    secrets_ldb <span class="hl opt">=</span> <span class="hl kwd">setup_secretsdb</span><span class="hl opt">(</span>paths<span class="hl opt">,</span> setup_path<span class="hl opt">,</span>
        session_info<span class="hl opt">=</span>session_info<span class="hl opt">,</span>
        backend_credentials<span class="hl opt">=</span>provision_backend<span class="hl opt">.</span>secrets_credentials<span class="hl opt">,</span> lp<span class="hl opt">=</span>lp<span class="hl opt">)</span>

    <span class="hl kwa">try</span><span class="hl opt">:</span>
        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up the registry&quot;</span><span class="hl opt">)</span>
        <span class="hl kwd">setup_registry</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>hklm<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> session_info<span class="hl opt">,</span> 
                       lp<span class="hl opt">=</span>lp<span class="hl opt">)</span>

        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up the privileges database&quot;</span><span class="hl opt">)</span>
        <span class="hl kwd">setup_privileges</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>privilege<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> session_info<span class="hl opt">,</span> lp<span class="hl opt">=</span>lp<span class="hl opt">)</span>

        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up idmap db&quot;</span><span class="hl opt">)</span>
        idmap <span class="hl opt">=</span> <span class="hl kwd">setup_idmapdb</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>idmapdb<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> session_info<span class="hl opt">=</span>session_info<span class="hl opt">,</span>
                              lp<span class="hl opt">=</span>lp<span class="hl opt">)</span>

        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up SAM db&quot;</span><span class="hl opt">)</span>
        samdb <span class="hl opt">=</span> <span class="hl kwd">setup_samdb</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>samdb<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> session_info<span class="hl opt">,</span> 
                            provision_backend<span class="hl opt">,</span> lp<span class="hl opt">,</span> names<span class="hl opt">,</span>
                            logger<span class="hl opt">=</span>logger<span class="hl opt">,</span> 
                            domainsid<span class="hl opt">=</span>domainsid<span class="hl opt">,</span> 
                            schema<span class="hl opt">=</span>schema<span class="hl opt">,</span> domainguid<span class="hl opt">=</span>domainguid<span class="hl opt">,</span>
                            policyguid<span class="hl opt">=</span>policyguid<span class="hl opt">,</span> policyguid_dc<span class="hl opt">=</span>policyguid_dc<span class="hl opt">,</span>
                            fill<span class="hl opt">=</span>samdb_fill<span class="hl opt">,</span> 
                            adminpass<span class="hl opt">=</span>adminpass<span class="hl opt">,</span> krbtgtpass<span class="hl opt">=</span>krbtgtpass<span class="hl opt">,</span>
                            invocationid<span class="hl opt">=</span>invocationid<span class="hl opt">,</span> 
                            machinepass<span class="hl opt">=</span>machinepass<span class="hl opt">,</span> dnspass<span class="hl opt">=</span>dnspass<span class="hl opt">,</span> 
                            ntdsguid<span class="hl opt">=</span>ntdsguid<span class="hl opt">,</span> serverrole<span class="hl opt">=</span>serverrole<span class="hl opt">,</span>
                            dom_for_fun_level<span class="hl opt">=</span>dom_for_fun_level<span class="hl opt">,</span>
                            am_rodc<span class="hl opt">=</span>am_rodc<span class="hl opt">,</span> next_rid<span class="hl opt">=</span>next_rid<span class="hl opt">)</span>

        <span class="hl kwa">if</span> serverrole <span class="hl opt">==</span> <span class="hl str">&quot;domain controller&quot;</span><span class="hl opt">:</span>
            <span class="hl kwa">if</span> paths<span class="hl opt">.</span>netlogon <span class="hl kwa">is None</span><span class="hl opt">:</span>
                logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Existing smb.conf does not have a [netlogon] share, but you are configuring a DC.&quot;</span><span class="hl opt">)</span>
                logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Please either remove</span> <span class="hl ipl">%s</span> <span class="hl str">or see the template at</span> <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> 
                        <span class="hl opt">(</span>paths<span class="hl opt">.</span>smbconf<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision.smb.conf.dc&quot;</span><span class="hl opt">)))</span>
                <span class="hl kwa">assert</span> paths<span class="hl opt">.</span>netlogon <span class="hl kwa">is not None</span>

            <span class="hl kwa">if</span> paths<span class="hl opt">.</span>sysvol <span class="hl kwa">is None</span><span class="hl opt">:</span>
                logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Existing smb.conf does not have a [sysvol] share, but you&quot;</span>
                        <span class="hl str">&quot; are configuring a DC.&quot;</span><span class="hl opt">)</span>
                logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Please either remove</span> <span class="hl ipl">%s</span> <span class="hl str">or see the template at</span> <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> 
                        <span class="hl opt">(</span>paths<span class="hl opt">.</span>smbconf<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision.smb.conf.dc&quot;</span><span class="hl opt">)))</span>
                <span class="hl kwa">assert</span> paths<span class="hl opt">.</span>sysvol <span class="hl kwa">is not None</span>

            <span class="hl kwa">if not</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">isdir</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>netlogon<span class="hl opt">):</span>
                os<span class="hl opt">.</span><span class="hl kwd">makedirs</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>netlogon<span class="hl opt">,</span> <span class="hl num">0755</span><span class="hl opt">)</span>

        <span class="hl kwa">if</span> samdb_fill <span class="hl opt">==</span> FILL_FULL<span class="hl opt">:</span>
            <span class="hl kwd">setup_name_mappings</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> idmap<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">),</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">,</span>
                                root_uid<span class="hl opt">=</span>root_uid<span class="hl opt">,</span> nobody_uid<span class="hl opt">=</span>nobody_uid<span class="hl opt">,</span>
                                users_gid<span class="hl opt">=</span>users_gid<span class="hl opt">,</span> wheel_gid<span class="hl opt">=</span>wheel_gid<span class="hl opt">)</span>

            <span class="hl kwa">if</span> serverrole <span class="hl opt">==</span> <span class="hl str">&quot;domain controller&quot;</span><span class="hl opt">:</span>
                <span class="hl slc"># Set up group policies (domain policy and domain controller policy)</span>
                <span class="hl kwd">create_default_gpo</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>sysvol<span class="hl opt">,</span> names<span class="hl opt">.</span>dnsdomain<span class="hl opt">,</span> policyguid<span class="hl opt">,</span> policyguid_dc<span class="hl opt">)</span>
                <span class="hl kwd">setsysvolacl</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> paths<span class="hl opt">.</span>netlogon<span class="hl opt">,</span> paths<span class="hl opt">.</span>sysvol<span class="hl opt">,</span> wheel_gid<span class="hl opt">,</span> 
                             domainsid<span class="hl opt">,</span> names<span class="hl opt">.</span>dnsdomain<span class="hl opt">,</span> names<span class="hl opt">.</span>domaindn<span class="hl opt">,</span> lp<span class="hl opt">)</span>

            logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Setting up sam.ldb rootDSE marking as synchronized&quot;</span><span class="hl opt">)</span>
            <span class="hl kwd">setup_modify_ldif</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision_rootdse_modify.ldif&quot;</span><span class="hl opt">))</span>

            <span class="hl kwd">secretsdb_self_join</span><span class="hl opt">(</span>secrets_ldb<span class="hl opt">,</span> domain<span class="hl opt">=</span>names<span class="hl opt">.</span>domain<span class="hl opt">,</span>
                                realm<span class="hl opt">=</span>names<span class="hl opt">.</span>realm<span class="hl opt">,</span>
                                dnsdomain<span class="hl opt">=</span>names<span class="hl opt">.</span>dnsdomain<span class="hl opt">,</span>
                                netbiosname<span class="hl opt">=</span>names<span class="hl opt">.</span>netbiosname<span class="hl opt">,</span>
                                domainsid<span class="hl opt">=</span>domainsid<span class="hl opt">,</span> 
                                machinepass<span class="hl opt">=</span>machinepass<span class="hl opt">,</span>
                                secure_channel_type<span class="hl opt">=</span>SEC_CHAN_BDC<span class="hl opt">)</span>

            <span class="hl slc"># Now set up the right msDS-SupportedEncryptionTypes into the DB</span>
            <span class="hl slc"># In future, this might be determined from some configuration</span>
            kerberos_enctypes <span class="hl opt">=</span> <span class="hl kwb">str</span><span class="hl opt">(</span>ENC_ALL_TYPES<span class="hl opt">)</span>

            <span class="hl kwa">try</span><span class="hl opt">:</span>
                msg <span class="hl opt">=</span> ldb<span class="hl opt">.</span><span class="hl kwd">Message</span><span class="hl opt">(</span>ldb<span class="hl opt">.</span><span class="hl kwd">Dn</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> samdb<span class="hl opt">.</span><span class="hl kwd">searchone</span><span class="hl opt">(</span><span class="hl str">&quot;distinguishedName&quot;</span><span class="hl opt">,</span> expression<span class="hl opt">=</span><span class="hl str">&quot;samAccountName=</span><span class="hl ipl">%s</span><span class="hl str">$&quot;</span> <span class="hl opt">%</span> names<span class="hl opt">.</span>netbiosname<span class="hl opt">,</span> scope<span class="hl opt">=</span>ldb<span class="hl opt">.</span>SCOPE_SUBTREE<span class="hl opt">)))</span>
                msg<span class="hl opt">[</span><span class="hl str">&quot;msDS-SupportedEncryptionTypes&quot;</span><span class="hl opt">] =</span> ldb<span class="hl opt">.</span><span class="hl kwd">MessageElement</span><span class="hl opt">(</span>elements<span class="hl opt">=</span>kerberos_enctypes<span class="hl opt">,</span> 
                                                                          flags<span class="hl opt">=</span>ldb<span class="hl opt">.</span>FLAG_MOD_REPLACE<span class="hl opt">,</span> 
                                                                          name<span class="hl opt">=</span><span class="hl str">&quot;msDS-SupportedEncryptionTypes&quot;</span><span class="hl opt">)</span>
                samdb<span class="hl opt">.</span><span class="hl kwd">modify</span><span class="hl opt">(</span>msg<span class="hl opt">)</span>
            <span class="hl kwa">except</span> ldb<span class="hl opt">.</span>LdbError<span class="hl opt">, (</span>ldb<span class="hl opt">.</span>ERR_NO_SUCH_ATTRIBUTE<span class="hl opt">,</span> _<span class="hl opt">):</span>
                <span class="hl slc"># It might be that this attribute does not exist in this schema</span>
                <span class="hl kwa">pass</span>


            <span class="hl kwa">if</span> serverrole <span class="hl opt">==</span> <span class="hl str">&quot;domain controller&quot;</span><span class="hl opt">:</span>
                <span class="hl kwd">secretsdb_setup_dns</span><span class="hl opt">(</span>secrets_ldb<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> names<span class="hl opt">,</span>
                                    paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span>
                                    realm<span class="hl opt">=</span>names<span class="hl opt">.</span>realm<span class="hl opt">,</span> dnsdomain<span class="hl opt">=</span>names<span class="hl opt">.</span>dnsdomain<span class="hl opt">,</span>
                                    dns_keytab_path<span class="hl opt">=</span>paths<span class="hl opt">.</span>dns_keytab<span class="hl opt">,</span>
                                    dnspass<span class="hl opt">=</span>dnspass<span class="hl opt">)</span>

                domainguid <span class="hl opt">=</span> samdb<span class="hl opt">.</span><span class="hl kwd">searchone</span><span class="hl opt">(</span>basedn<span class="hl opt">=</span>domaindn<span class="hl opt">,</span> attribute<span class="hl opt">=</span><span class="hl str">&quot;objectGUID&quot;</span><span class="hl opt">)</span>
                <span class="hl kwa">assert</span> <span class="hl kwb">isinstance</span><span class="hl opt">(</span>domainguid<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">)</span>

                <span class="hl slc"># Only make a zone file on the first DC, it should be replicated</span>
                <span class="hl slc"># with DNS replication</span>
                <span class="hl kwd">create_zone_file</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> logger<span class="hl opt">,</span> paths<span class="hl opt">,</span> targetdir<span class="hl opt">,</span> setup_path<span class="hl opt">,</span>
                    dnsdomain<span class="hl opt">=</span>names<span class="hl opt">.</span>dnsdomain<span class="hl opt">,</span> hostip<span class="hl opt">=</span>hostip<span class="hl opt">,</span> hostip6<span class="hl opt">=</span>hostip6<span class="hl opt">,</span>
                    hostname<span class="hl opt">=</span>names<span class="hl opt">.</span>hostname<span class="hl opt">,</span> realm<span class="hl opt">=</span>names<span class="hl opt">.</span>realm<span class="hl opt">,</span> 
                    domainguid<span class="hl opt">=</span>domainguid<span class="hl opt">,</span> ntdsguid<span class="hl opt">=</span>names<span class="hl opt">.</span>ntdsguid<span class="hl opt">)</span>

                <span class="hl kwd">create_named_conf</span><span class="hl opt">(</span>paths<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> realm<span class="hl opt">=</span>names<span class="hl opt">.</span>realm<span class="hl opt">,</span>
                                  dnsdomain<span class="hl opt">=</span>names<span class="hl opt">.</span>dnsdomain<span class="hl opt">,</span> private_dir<span class="hl opt">=</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">)</span>

                <span class="hl kwd">create_named_txt</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>namedtxt<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> realm<span class="hl opt">=</span>names<span class="hl opt">.</span>realm<span class="hl opt">,</span>
                                  dnsdomain<span class="hl opt">=</span>names<span class="hl opt">.</span>dnsdomain<span class="hl opt">,</span> private_dir<span class="hl opt">=</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span>
                                  keytab_name<span class="hl opt">=</span>paths<span class="hl opt">.</span>dns_keytab<span class="hl opt">)</span>
                logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;See</span> <span class="hl ipl">%s</span> <span class="hl str">for an example configuration include file for BIND&quot;</span><span class="hl opt">,</span> paths<span class="hl opt">.</span>namedconf<span class="hl opt">)</span>
                logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;and</span> <span class="hl ipl">%s</span> <span class="hl str">for further documentation required for secure DNS &quot;</span>
                        <span class="hl str">&quot;updates&quot;</span><span class="hl opt">,</span> paths<span class="hl opt">.</span>namedtxt<span class="hl opt">)</span>

            lastProvisionUSNs <span class="hl opt">=</span> <span class="hl kwd">get_last_provision_usn</span><span class="hl opt">(</span>samdb<span class="hl opt">)</span>
            maxUSN <span class="hl opt">=</span> <span class="hl kwd">get_max_usn</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">(</span>names<span class="hl opt">.</span>rootdn<span class="hl opt">))</span>
            <span class="hl kwa">if</span> lastProvisionUSNs <span class="hl kwa">is not None</span><span class="hl opt">:</span>
                <span class="hl kwd">update_provision_usn</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl num">0</span><span class="hl opt">,</span> maxUSN<span class="hl opt">,</span> <span class="hl num">1</span><span class="hl opt">)</span>
            <span class="hl kwa">else</span><span class="hl opt">:</span>
                <span class="hl kwd">set_provision_usn</span><span class="hl opt">(</span>samdb<span class="hl opt">,</span> <span class="hl num">0</span><span class="hl opt">,</span> maxUSN<span class="hl opt">)</span>

        <span class="hl kwd">create_krb5_conf</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>krb5conf<span class="hl opt">,</span> setup_path<span class="hl opt">,</span>
                         dnsdomain<span class="hl opt">=</span>names<span class="hl opt">.</span>dnsdomain<span class="hl opt">,</span> hostname<span class="hl opt">=</span>names<span class="hl opt">.</span>hostname<span class="hl opt">,</span>
                         realm<span class="hl opt">=</span>names<span class="hl opt">.</span>realm<span class="hl opt">)</span>
        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;A Kerberos configuration suitable for Samba 4 has been &quot;</span>
                    <span class="hl str">&quot;generated at</span> <span class="hl ipl">%s</span><span class="hl str">&quot;</span><span class="hl opt">,</span> paths<span class="hl opt">.</span>krb5conf<span class="hl opt">)</span>

        <span class="hl kwa">if</span> serverrole <span class="hl opt">==</span> <span class="hl str">&quot;domain controller&quot;</span><span class="hl opt">:</span>
            <span class="hl kwd">create_dns_update_list</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> logger<span class="hl opt">,</span> paths<span class="hl opt">,</span> setup_path<span class="hl opt">)</span>

        provision_backend<span class="hl opt">.</span><span class="hl kwd">post_setup</span><span class="hl opt">()</span>
        provision_backend<span class="hl opt">.</span><span class="hl kwd">shutdown</span><span class="hl opt">()</span>

        <span class="hl kwd">create_phpldapadmin_config</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>phpldapadminconfig<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> 
                                   ldapi_url<span class="hl opt">)</span>
    <span class="hl kwa">except</span><span class="hl opt">:</span>
        secrets_ldb<span class="hl opt">.</span><span class="hl kwd">transaction_cancel</span><span class="hl opt">()</span>
        <span class="hl kwa">raise</span>

    <span class="hl slc">#Now commit the secrets.ldb to disk</span>
    secrets_ldb<span class="hl opt">.</span><span class="hl kwd">transaction_commit</span><span class="hl opt">()</span>

    <span class="hl slc"># the commit creates the dns.keytab, now chown it</span>
    dns_keytab_path <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>private_dir<span class="hl opt">,</span> paths<span class="hl opt">.</span>dns_keytab<span class="hl opt">)</span>
    <span class="hl kwa">if</span> <span class="hl opt">(</span>os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">isfile</span><span class="hl opt">(</span>dns_keytab_path<span class="hl opt">)</span> <span class="hl kwa">and</span> paths<span class="hl opt">.</span>bind_gid <span class="hl kwa">is not None</span><span class="hl opt">):</span>
        <span class="hl kwa">try</span><span class="hl opt">:</span>
            os<span class="hl opt">.</span><span class="hl kwd">chmod</span><span class="hl opt">(</span>dns_keytab_path<span class="hl opt">,</span> <span class="hl num">0640</span><span class="hl opt">)</span>
            os<span class="hl opt">.</span><span class="hl kwd">chown</span><span class="hl opt">(</span>dns_keytab_path<span class="hl opt">, -</span><span class="hl num">1</span><span class="hl opt">,</span> paths<span class="hl opt">.</span>bind_gid<span class="hl opt">)</span>
        <span class="hl kwa">except</span> <span class="hl kwc">OSError</span><span class="hl opt">:</span>
            <span class="hl kwa">if not</span> os<span class="hl opt">.</span>environ<span class="hl opt">.</span><span class="hl kwd">has_key</span><span class="hl opt">(</span><span class="hl str">&#39;SAMBA_SELFTEST&#39;</span><span class="hl opt">):</span>
                logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Failed to chown</span> <span class="hl ipl">%s</span> <span class="hl str">to bind gid</span> <span class="hl ipl">%u</span><span class="hl str">&quot;</span><span class="hl opt">,</span> dns_keytab_path<span class="hl opt">,</span>
                            paths<span class="hl opt">.</span>bind_gid<span class="hl opt">)</span>


    logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Please install the phpLDAPadmin configuration located at</span> <span class="hl ipl">%s</span> <span class="hl str">into /etc/phpldapadmin/config.php&quot;</span><span class="hl opt">,</span>
            paths<span class="hl opt">.</span>phpldapadminconfig<span class="hl opt">)</span>

    logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Once the above files are installed, your Samba4 server will be ready to use&quot;</span><span class="hl opt">)</span>
    logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Server Role:</span>           <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> serverrole<span class="hl opt">)</span>
    logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Hostname:</span>              <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> names<span class="hl opt">.</span>hostname<span class="hl opt">)</span>
    logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;NetBIOS Domain:</span>        <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> names<span class="hl opt">.</span>domain<span class="hl opt">)</span>
    logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;DNS Domain:</span>            <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> names<span class="hl opt">.</span>dnsdomain<span class="hl opt">)</span>
    logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;DOMAIN SID:</span>            <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> <span class="hl kwb">str</span><span class="hl opt">(</span>domainsid<span class="hl opt">))</span>
    <span class="hl kwa">if</span> samdb_fill <span class="hl opt">==</span> FILL_FULL<span class="hl opt">:</span>
        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Admin password:</span>        <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> adminpass<span class="hl opt">)</span>
    <span class="hl kwa">if</span> provision_backend<span class="hl opt">.</span><span class="hl kwb">type</span> <span class="hl kwa">is not</span> <span class="hl str">&quot;ldb&quot;</span><span class="hl opt">:</span>
        <span class="hl kwa">if</span> provision_backend<span class="hl opt">.</span>credentials<span class="hl opt">.</span><span class="hl kwd">get_bind_dn</span><span class="hl opt">()</span> <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;LDAP Backend Admin DN:</span> <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> provision_backend<span class="hl opt">.</span>credentials<span class="hl opt">.</span><span class="hl kwd">get_bind_dn</span><span class="hl opt">())</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;LDAP Admin User:</span>       <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> provision_backend<span class="hl opt">.</span>credentials<span class="hl opt">.</span><span class="hl kwd">get_username</span><span class="hl opt">())</span>

        logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;LDAP Admin Password:</span>   <span class="hl ipl">%s</span><span class="hl str">&quot;</span> <span class="hl opt">%</span> provision_backend<span class="hl opt">.</span>credentials<span class="hl opt">.</span><span class="hl kwd">get_password</span><span class="hl opt">())</span>

        <span class="hl kwa">if</span> provision_backend<span class="hl opt">.</span>slapd_command_escaped <span class="hl kwa">is not None</span><span class="hl opt">:</span>
            <span class="hl slc"># now display slapd_command_file.txt to show how slapd must be started next time</span>
            logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;Use later the following commandline to start slapd, then Samba:&quot;</span><span class="hl opt">)</span>
            logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span>provision_backend<span class="hl opt">.</span>slapd_command_escaped<span class="hl opt">)</span>
            logger<span class="hl opt">.</span><span class="hl kwd">info</span><span class="hl opt">(</span><span class="hl str">&quot;This slapd-Commandline is also stored under:</span> <span class="hl ipl">%s</span><span class="hl str">/ldap_backend_startup.sh&quot;</span><span class="hl opt">,</span> 
                    provision_backend<span class="hl opt">.</span>ldapdir<span class="hl opt">)</span>

    result <span class="hl opt">=</span> <span class="hl kwd">ProvisionResult</span><span class="hl opt">()</span>
    result<span class="hl opt">.</span>domaindn <span class="hl opt">=</span> domaindn
    result<span class="hl opt">.</span>paths <span class="hl opt">=</span> paths
    result<span class="hl opt">.</span>lp <span class="hl opt">=</span> lp
    result<span class="hl opt">.</span>samdb <span class="hl opt">=</span> samdb
    <span class="hl kwa">return</span> result


<span class="hl kwa">def</span> <span class="hl kwd">provision_become_dc</span><span class="hl opt">(</span>setup_dir<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
                        smbconf<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> targetdir<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> realm<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> 
                        rootdn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> domaindn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> schemadn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
                        configdn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> serverdn<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
                        domain<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> hostname<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> domainsid<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> 
                        adminpass<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> krbtgtpass<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> domainguid<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> 
                        policyguid<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> policyguid_dc<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> invocationid<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
                        machinepass<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> 
                        dnspass<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> root<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> nobody<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> users<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> 
                        wheel<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> backup<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> serverrole<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> 
                        ldap_backend<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> ldap_backend_type<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span>
                        sitename<span class="hl opt">=</span><span class="hl kwa">None</span><span class="hl opt">,</span> debuglevel<span class="hl opt">=</span><span class="hl num">1</span><span class="hl opt">):</span>

    logger <span class="hl opt">=</span> logging<span class="hl opt">.</span><span class="hl kwd">getLogger</span><span class="hl opt">(</span><span class="hl str">&quot;provision&quot;</span><span class="hl opt">)</span>
    samba<span class="hl opt">.</span><span class="hl kwd">set_debug_level</span><span class="hl opt">(</span>debuglevel<span class="hl opt">)</span>

    res <span class="hl opt">=</span> <span class="hl kwd">provision</span><span class="hl opt">(</span>setup_dir<span class="hl opt">,</span> logger<span class="hl opt">,</span> <span class="hl kwd">system_session</span><span class="hl opt">(),</span> <span class="hl kwa">None</span><span class="hl opt">,</span>
                    smbconf<span class="hl opt">=</span>smbconf<span class="hl opt">,</span> targetdir<span class="hl opt">=</span>targetdir<span class="hl opt">,</span> samdb_fill<span class="hl opt">=</span>FILL_DRS<span class="hl opt">,</span>
                    realm<span class="hl opt">=</span>realm<span class="hl opt">,</span> rootdn<span class="hl opt">=</span>rootdn<span class="hl opt">,</span> domaindn<span class="hl opt">=</span>domaindn<span class="hl opt">,</span> schemadn<span class="hl opt">=</span>schemadn<span class="hl opt">,</span>
                    configdn<span class="hl opt">=</span>configdn<span class="hl opt">,</span> serverdn<span class="hl opt">=</span>serverdn<span class="hl opt">,</span> domain<span class="hl opt">=</span>domain<span class="hl opt">,</span>
                    hostname<span class="hl opt">=</span>hostname<span class="hl opt">,</span> hostip<span class="hl opt">=</span><span class="hl str">&quot;127.0.0.1&quot;</span><span class="hl opt">,</span> domainsid<span class="hl opt">=</span>domainsid<span class="hl opt">,</span>
                    machinepass<span class="hl opt">=</span>machinepass<span class="hl opt">,</span> serverrole<span class="hl opt">=</span><span class="hl str">&quot;domain controller&quot;</span><span class="hl opt">,</span>
                    sitename<span class="hl opt">=</span>sitename<span class="hl opt">)</span>
    res<span class="hl opt">.</span>lp<span class="hl opt">.</span><span class="hl kwb">set</span><span class="hl opt">(</span><span class="hl str">&quot;debuglevel&quot;</span><span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">(</span>debuglevel<span class="hl opt">))</span>
    <span class="hl kwa">return</span> res


<span class="hl kwa">def</span> <span class="hl kwd">create_phpldapadmin_config</span><span class="hl opt">(</span>path<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> ldapi_uri<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Create a PHP LDAP admin configuration file.</span>
<span class="hl str"></span>
<span class="hl str">    :param path: Path to write the configuration to.</span>
<span class="hl str">    :param setup_path: Function to generate setup paths.</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwd">setup_file</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;phpldapadmin-config.php&quot;</span><span class="hl opt">),</span> path<span class="hl opt">,</span> 
            <span class="hl opt">{</span><span class="hl str">&quot;S4_LDAPI_URI&quot;</span><span class="hl opt">:</span> ldapi_uri<span class="hl opt">})</span>


<span class="hl kwa">def</span> <span class="hl kwd">create_zone_file</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> logger<span class="hl opt">,</span> paths<span class="hl opt">,</span> targetdir<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> dnsdomain<span class="hl opt">,</span>
                     hostip<span class="hl opt">,</span> hostip6<span class="hl opt">,</span> hostname<span class="hl opt">,</span> realm<span class="hl opt">,</span> domainguid<span class="hl opt">,</span>
                     ntdsguid<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Write out a DNS zone file, from the info in the current database.</span>
<span class="hl str"></span>
<span class="hl str">    :param paths: paths object</span>
<span class="hl str">    :param setup_path: Setup path function.</span>
<span class="hl str">    :param dnsdomain: DNS Domain name</span>
<span class="hl str">    :param domaindn: DN of the Domain</span>
<span class="hl str">    :param hostip: Local IPv4 IP</span>
<span class="hl str">    :param hostip6: Local IPv6 IP</span>
<span class="hl str">    :param hostname: Local hostname</span>
<span class="hl str">    :param realm: Realm name</span>
<span class="hl str">    :param domainguid: GUID of the domain.</span>
<span class="hl str">    :param ntdsguid: GUID of the hosts nTDSDSA record.</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">assert</span> <span class="hl kwb">isinstance</span><span class="hl opt">(</span>domainguid<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">)</span>

    <span class="hl kwa">if</span> hostip6 <span class="hl kwa">is not None</span><span class="hl opt">:</span>
        hostip6_base_line <span class="hl opt">=</span> <span class="hl str">&quot;            IN AAAA    &quot;</span> <span class="hl opt">+</span> hostip6
        hostip6_host_line <span class="hl opt">=</span> hostname <span class="hl opt">+</span> <span class="hl str">&quot;        IN AAAA    &quot;</span> <span class="hl opt">+</span> hostip6
        gc_msdcs_ip6_line <span class="hl opt">=</span> <span class="hl str">&quot;gc._msdcs               IN AAAA    &quot;</span> <span class="hl opt">+</span> hostip6
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        hostip6_base_line <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>
        hostip6_host_line <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>
        gc_msdcs_ip6_line <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>

    <span class="hl kwa">if</span> hostip <span class="hl kwa">is not None</span><span class="hl opt">:</span>
        hostip_base_line <span class="hl opt">=</span> <span class="hl str">&quot;            IN A    &quot;</span> <span class="hl opt">+</span> hostip
        hostip_host_line <span class="hl opt">=</span> hostname <span class="hl opt">+</span> <span class="hl str">&quot;        IN A    &quot;</span> <span class="hl opt">+</span> hostip
        gc_msdcs_ip_line <span class="hl opt">=</span> <span class="hl str">&quot;gc._msdcs               IN A    &quot;</span> <span class="hl opt">+</span> hostip
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        hostip_base_line <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>
        hostip_host_line <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>
        gc_msdcs_ip_line <span class="hl opt">=</span> <span class="hl str">&quot;&quot;</span>

    dns_dir <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">dirname</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>dns<span class="hl opt">)</span>

    <span class="hl kwa">try</span><span class="hl opt">:</span>
        shutil<span class="hl opt">.</span><span class="hl kwd">rmtree</span><span class="hl opt">(</span>dns_dir<span class="hl opt">,</span> <span class="hl kwa">True</span><span class="hl opt">)</span>
    <span class="hl kwa">except</span> <span class="hl kwc">OSError</span><span class="hl opt">:</span>
        <span class="hl kwa">pass</span>

    os<span class="hl opt">.</span><span class="hl kwd">mkdir</span><span class="hl opt">(</span>dns_dir<span class="hl opt">,</span> <span class="hl num">0775</span><span class="hl opt">)</span>

    <span class="hl slc"># we need to freeze the zone while we update the contents</span>
    <span class="hl kwa">if</span> targetdir <span class="hl kwa">is None</span><span class="hl opt">:</span>
        rndc <span class="hl opt">=</span> <span class="hl str">&#39; &#39;</span><span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;rndc command&quot;</span><span class="hl opt">))</span>
        os<span class="hl opt">.</span><span class="hl kwd">system</span><span class="hl opt">(</span>rndc <span class="hl opt">+</span> <span class="hl str">&quot; freeze &quot;</span> <span class="hl opt">+</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;realm&quot;</span><span class="hl opt">))</span>

    <span class="hl kwd">setup_file</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;provision.zone&quot;</span><span class="hl opt">),</span> paths<span class="hl opt">.</span>dns<span class="hl opt">, {</span>
            <span class="hl str">&quot;HOSTNAME&quot;</span><span class="hl opt">:</span> hostname<span class="hl opt">,</span>
            <span class="hl str">&quot;DNSDOMAIN&quot;</span><span class="hl opt">:</span> dnsdomain<span class="hl opt">,</span>
            <span class="hl str">&quot;REALM&quot;</span><span class="hl opt">:</span> realm<span class="hl opt">,</span>
            <span class="hl str">&quot;HOSTIP_BASE_LINE&quot;</span><span class="hl opt">:</span> hostip_base_line<span class="hl opt">,</span>
            <span class="hl str">&quot;HOSTIP_HOST_LINE&quot;</span><span class="hl opt">:</span> hostip_host_line<span class="hl opt">,</span>
            <span class="hl str">&quot;DOMAINGUID&quot;</span><span class="hl opt">:</span> domainguid<span class="hl opt">,</span>
            <span class="hl str">&quot;DATESTRING&quot;</span><span class="hl opt">:</span> time<span class="hl opt">.</span><span class="hl kwd">strftime</span><span class="hl opt">(</span><span class="hl str">&quot;%Y%m</span><span class="hl ipl">%d%</span><span class="hl str">H&quot;</span><span class="hl opt">),</span>
            <span class="hl str">&quot;DEFAULTSITE&quot;</span><span class="hl opt">:</span> DEFAULTSITE<span class="hl opt">,</span>
            <span class="hl str">&quot;NTDSGUID&quot;</span><span class="hl opt">:</span> ntdsguid<span class="hl opt">,</span>
            <span class="hl str">&quot;HOSTIP6_BASE_LINE&quot;</span><span class="hl opt">:</span> hostip6_base_line<span class="hl opt">,</span>
            <span class="hl str">&quot;HOSTIP6_HOST_LINE&quot;</span><span class="hl opt">:</span> hostip6_host_line<span class="hl opt">,</span>
            <span class="hl str">&quot;GC_MSDCS_IP_LINE&quot;</span><span class="hl opt">:</span> gc_msdcs_ip_line<span class="hl opt">,</span>
            <span class="hl str">&quot;GC_MSDCS_IP6_LINE&quot;</span><span class="hl opt">:</span> gc_msdcs_ip6_line<span class="hl opt">,</span>
        <span class="hl opt">})</span>

    <span class="hl slc"># note that we use no variable substitution on this file</span>
    <span class="hl slc"># the substitution is done at runtime by samba_dnsupdate</span>
    <span class="hl kwd">setup_file</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;dns_update_list&quot;</span><span class="hl opt">),</span> paths<span class="hl opt">.</span>dns_update_list<span class="hl opt">,</span> <span class="hl kwa">None</span><span class="hl opt">)</span>

    <span class="hl slc"># and the SPN update list</span>
    <span class="hl kwd">setup_file</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;spn_update_list&quot;</span><span class="hl opt">),</span> paths<span class="hl opt">.</span>spn_update_list<span class="hl opt">,</span> <span class="hl kwa">None</span><span class="hl opt">)</span>

    <span class="hl kwa">if</span> paths<span class="hl opt">.</span>bind_gid <span class="hl kwa">is not None</span><span class="hl opt">:</span>
        <span class="hl kwa">try</span><span class="hl opt">:</span>
            os<span class="hl opt">.</span><span class="hl kwd">chown</span><span class="hl opt">(</span>dns_dir<span class="hl opt">, -</span><span class="hl num">1</span><span class="hl opt">,</span> paths<span class="hl opt">.</span>bind_gid<span class="hl opt">)</span>
            os<span class="hl opt">.</span><span class="hl kwd">chown</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>dns<span class="hl opt">, -</span><span class="hl num">1</span><span class="hl opt">,</span> paths<span class="hl opt">.</span>bind_gid<span class="hl opt">)</span>
            <span class="hl slc"># chmod needed to cope with umask</span>
            os<span class="hl opt">.</span><span class="hl kwd">chmod</span><span class="hl opt">(</span>dns_dir<span class="hl opt">,</span> <span class="hl num">0775</span><span class="hl opt">)</span>
            os<span class="hl opt">.</span><span class="hl kwd">chmod</span><span class="hl opt">(</span>paths<span class="hl opt">.</span>dns<span class="hl opt">,</span> <span class="hl num">0664</span><span class="hl opt">)</span>
        <span class="hl kwa">except</span> <span class="hl kwc">OSError</span><span class="hl opt">:</span>
            <span class="hl kwa">if not</span> os<span class="hl opt">.</span>environ<span class="hl opt">.</span><span class="hl kwd">has_key</span><span class="hl opt">(</span><span class="hl str">&#39;SAMBA_SELFTEST&#39;</span><span class="hl opt">):</span>
                logger<span class="hl opt">.</span><span class="hl kwd">error</span><span class="hl opt">(</span><span class="hl str">&quot;Failed to chown</span> <span class="hl ipl">%s</span> <span class="hl str">to bind gid</span> <span class="hl ipl">%u</span><span class="hl str">&quot;</span> <span class="hl opt">% (</span>dns_dir<span class="hl opt">,</span> paths<span class="hl opt">.</span>bind_gid<span class="hl opt">))</span>

    <span class="hl kwa">if</span> targetdir <span class="hl kwa">is None</span><span class="hl opt">:</span>
        os<span class="hl opt">.</span><span class="hl kwd">system</span><span class="hl opt">(</span>rndc <span class="hl opt">+</span> <span class="hl str">&quot; unfreeze &quot;</span> <span class="hl opt">+</span> lp<span class="hl opt">.</span><span class="hl kwd">get</span><span class="hl opt">(</span><span class="hl str">&quot;realm&quot;</span><span class="hl opt">))</span>


<span class="hl kwa">def</span> <span class="hl kwd">create_dns_update_list</span><span class="hl opt">(</span>lp<span class="hl opt">,</span> logger<span class="hl opt">,</span> paths<span class="hl opt">,</span> setup_path<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Write out a dns_update_list file&quot;&quot;&quot;</span>
    <span class="hl slc"># note that we use no variable substitution on this file</span>
    <span class="hl slc"># the substitution is done at runtime by samba_dnsupdate</span>
    <span class="hl kwd">setup_file</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;dns_update_list&quot;</span><span class="hl opt">),</span> paths<span class="hl opt">.</span>dns_update_list<span class="hl opt">,</span> <span class="hl kwa">None</span><span class="hl opt">)</span>
    <span class="hl kwd">setup_file</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;spn_update_list&quot;</span><span class="hl opt">),</span> paths<span class="hl opt">.</span>spn_update_list<span class="hl opt">,</span> <span class="hl kwa">None</span><span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">create_named_conf</span><span class="hl opt">(</span>paths<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> realm<span class="hl opt">,</span> dnsdomain<span class="hl opt">,</span>
                      private_dir<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Write out a file containing zone statements suitable for inclusion in a</span>
<span class="hl str">    named.conf file (including GSS-TSIG configuration).</span>
<span class="hl str">    </span>
<span class="hl str">    :param paths: all paths</span>
<span class="hl str">    :param setup_path: Setup path function.</span>
<span class="hl str">    :param realm: Realm name</span>
<span class="hl str">    :param dnsdomain: DNS Domain name</span>
<span class="hl str">    :param private_dir: Path to private directory</span>
<span class="hl str">    :param keytab_name: File name of DNS keytab file</span>
<span class="hl str">    &quot;&quot;&quot;</span>

    <span class="hl kwd">setup_file</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;named.conf&quot;</span><span class="hl opt">),</span> paths<span class="hl opt">.</span>namedconf<span class="hl opt">, {</span>
            <span class="hl str">&quot;DNSDOMAIN&quot;</span><span class="hl opt">:</span> dnsdomain<span class="hl opt">,</span>
            <span class="hl str">&quot;REALM&quot;</span><span class="hl opt">:</span> realm<span class="hl opt">,</span>
            <span class="hl str">&quot;ZONE_FILE&quot;</span><span class="hl opt">:</span> paths<span class="hl opt">.</span>dns<span class="hl opt">,</span>
            <span class="hl str">&quot;REALM_WC&quot;</span><span class="hl opt">:</span> <span class="hl str">&quot;*.&quot;</span> <span class="hl opt">+</span> <span class="hl str">&quot;.&quot;</span><span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>realm<span class="hl opt">.</span><span class="hl kwd">split</span><span class="hl opt">(</span><span class="hl str">&quot;.&quot;</span><span class="hl opt">)[</span><span class="hl num">1</span><span class="hl opt">:]),</span>
            <span class="hl str">&quot;NAMED_CONF&quot;</span><span class="hl opt">:</span> paths<span class="hl opt">.</span>namedconf<span class="hl opt">,</span>
            <span class="hl str">&quot;NAMED_CONF_UPDATE&quot;</span><span class="hl opt">:</span> paths<span class="hl opt">.</span>namedconf_update
            <span class="hl opt">})</span>

    <span class="hl kwd">setup_file</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;named.conf.update&quot;</span><span class="hl opt">),</span> paths<span class="hl opt">.</span>namedconf_update<span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">create_named_txt</span><span class="hl opt">(</span>path<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> realm<span class="hl opt">,</span> dnsdomain<span class="hl opt">,</span>
                      private_dir<span class="hl opt">,</span> keytab_name<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Write out a file containing zone statements suitable for inclusion in a</span>
<span class="hl str">    named.conf file (including GSS-TSIG configuration).</span>
<span class="hl str">    </span>
<span class="hl str">    :param path: Path of the new named.conf file.</span>
<span class="hl str">    :param setup_path: Setup path function.</span>
<span class="hl str">    :param realm: Realm name</span>
<span class="hl str">    :param dnsdomain: DNS Domain name</span>
<span class="hl str">    :param private_dir: Path to private directory</span>
<span class="hl str">    :param keytab_name: File name of DNS keytab file</span>
<span class="hl str">    &quot;&quot;&quot;</span>

    <span class="hl kwd">setup_file</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;named.txt&quot;</span><span class="hl opt">),</span> path<span class="hl opt">, {</span>
            <span class="hl str">&quot;DNSDOMAIN&quot;</span><span class="hl opt">:</span> dnsdomain<span class="hl opt">,</span>
            <span class="hl str">&quot;REALM&quot;</span><span class="hl opt">:</span> realm<span class="hl opt">,</span>
            <span class="hl str">&quot;DNS_KEYTAB&quot;</span><span class="hl opt">:</span> keytab_name<span class="hl opt">,</span>
            <span class="hl str">&quot;DNS_KEYTAB_ABS&quot;</span><span class="hl opt">:</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>private_dir<span class="hl opt">,</span> keytab_name<span class="hl opt">),</span>
            <span class="hl str">&quot;PRIVATE_DIR&quot;</span><span class="hl opt">:</span> private_dir
        <span class="hl opt">})</span>


<span class="hl kwa">def</span> <span class="hl kwd">create_krb5_conf</span><span class="hl opt">(</span>path<span class="hl opt">,</span> setup_path<span class="hl opt">,</span> dnsdomain<span class="hl opt">,</span> hostname<span class="hl opt">,</span> realm<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;Write out a file containing zone statements suitable for inclusion in a</span>
<span class="hl str">    named.conf file (including GSS-TSIG configuration).</span>
<span class="hl str">    </span>
<span class="hl str">    :param path: Path of the new named.conf file.</span>
<span class="hl str">    :param setup_path: Setup path function.</span>
<span class="hl str">    :param dnsdomain: DNS Domain name</span>
<span class="hl str">    :param hostname: Local hostname</span>
<span class="hl str">    :param realm: Realm name</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwd">setup_file</span><span class="hl opt">(</span><span class="hl kwd">setup_path</span><span class="hl opt">(</span><span class="hl str">&quot;krb5.conf&quot;</span><span class="hl opt">),</span> path<span class="hl opt">, {</span>
            <span class="hl str">&quot;DNSDOMAIN&quot;</span><span class="hl opt">:</span> dnsdomain<span class="hl opt">,</span>
            <span class="hl str">&quot;HOSTNAME&quot;</span><span class="hl opt">:</span> hostname<span class="hl opt">,</span>
            <span class="hl str">&quot;REALM&quot;</span><span class="hl opt">:</span> realm<span class="hl opt">,</span>
        <span class="hl opt">})</span>


<span class="hl kwa">class</span> <span class="hl kwd">ProvisioningError</span><span class="hl opt">(</span><span class="hl kwc">Exception</span><span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;A generic provision error.&quot;&quot;&quot;</span>

    <span class="hl kwa">def</span> <span class="hl kwd">__init__</span><span class="hl opt">(</span>self<span class="hl opt">,</span> value<span class="hl opt">):</span>
        self<span class="hl opt">.</span>value <span class="hl opt">=</span> value

    <span class="hl kwa">def</span> <span class="hl kwd">__str__</span><span class="hl opt">(</span>self<span class="hl opt">):</span>
        <span class="hl kwa">return</span> <span class="hl str">&quot;ProvisioningError: &quot;</span> <span class="hl opt">+</span> self<span class="hl opt">.</span>value


<span class="hl kwa">class</span> <span class="hl kwd">InvalidNetbiosName</span><span class="hl opt">(</span><span class="hl kwc">Exception</span><span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;A specified name was not a valid NetBIOS name.&quot;&quot;&quot;</span>
    <span class="hl kwa">def</span> <span class="hl kwd">__init__</span><span class="hl opt">(</span>self<span class="hl opt">,</span> name<span class="hl opt">):</span>
        <span class="hl kwb">super</span><span class="hl opt">(</span>InvalidNetbiosName<span class="hl opt">,</span> self<span class="hl opt">)</span><span class="hl num">.__</span>init<span class="hl num">__</span><span class="hl opt">(</span><span class="hl str">&quot;The name &#39;</span><span class="hl ipl">%r</span><span class="hl str">&#39; is not a valid NetBIOS name&quot;</span> <span class="hl opt">%</span> name<span class="hl opt">)</span>
</code></pre></td></tr></table>
</div> <!-- class=content -->
<div class='footer'>generated by <a href='https://git.zx2c4.com/cgit/about/'>cgit </a> (<a href='https://git-scm.com/'>git 2.34.1</a>) at 2025-07-10 08:32:22 +0000</div>
</div> <!-- id=cgit -->
</body>
</html>