a Wa5m@sXddlmZddlZddlZddlmZddlZddlZddlm Z ddl m Z ddl m Z ddlmZmZmZmZddlmZddlmZdd lmZmZdd lmZdd lmZmZmZddlZddlZdd l m!Z!m"Z"dd l#m$Z$ddl%m&Z&ddl'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/eddde0dddeddde0dddedddddd ed!d"d#d$ed%d&gd'd(ed)d*e1e2d(ed+d,d-d#d.d/ed0d1d2d#d.d/ed3d4d5d6d7d8g Z3ed9d:dd;dd eddd gZ4d?Z5Gd@dAdAeZ6dBdCZ7dDdEZ8dFdGZ9GdHdIdIe6Z:GdJdKdKe;ZGdPdQdQeZ?dS)R)print_functionN) defaultdict)dsdb) nttime2unix)Command SuperCommand CommandErrorOption)SamDB) dot_graph)distance_matrix COLOUR_SETS) full_matrix) SCOPE_BASE SCOPE_SUBTREELdbError)KCCldif_import_export)KCCError) text_type)get_partition_maps get_partitionget_own_cursorget_utdvget_utdv_edgesget_utdv_distancesget_utdv_max_distanceget_kcc_and_dsasz-Hz--URLz%LDB URL for database or target serverZURLH)helptypemetavardestz-oz--outputzwrite here (default stdout)ZFILE)rr r!defaultz --distancez&Distance matrix graph output (default)formatdistanceZ store_const)rr"Zconstactionz--utf8zUse utf-8 Unicode characters store_true)rr&z--colorzuse color (yes, no, auto))Zyesnoauto)rchoicesz--color-schemez,use this colour scheme (implies --color=yes)z-Sz--shorten-namesz don't print long common suffixesF)rr&r#z-rz--talk-to-remotezquery other DCs' databasesz--no-keyzomit the explanatory keyZ store_falseTkey)rr&r#r"z--dotzGraphviz dot outputdotz--xdotzattempt to call Graphviz xdotxdotZ__temp__c@s\eZdZdZdZejejejdZ e e Z dZ ddZdd d Zd d Zd dZddZdS) GraphCommandz Base class for graphing commandsz%prog [options]) sambaopts versionoptscredoptscCs(|}|j|dd}t|||d}|S)NTZfallback_machine)ZurlZ credentialslp) get_loadparmget_credentialsr )selfrr/r1r4credssamdbr2r28/usr/lib/python3/dist-packages/samba/netcmd/visualize.pyget_dbbszGraphCommand.get_dbN.dotcCsr|dus|dkr"t||jddS|turRtjd|d\}}t|d}t|n t|d}||||S)aDecide whether we're dealing with a filename, a tempfile, or stdout, and write accordingly. :param s: the string to write :param fn: a destination :param suffix: suffix, if destination is a tempfile If fn is None or "-", write to stdout. If fn is visualize.TEMP_FILE, write to a temporary file Otherwise fn should be a filename to write to. N-filesamba-tool-visualise)prefixsuffixw) printoutf TEMP_FILEtempfileZmkstempopenosclosewrite)r7sfnrBfdfr2r2r:rKhs      zGraphCommand.writecCs.|s|r|drdSdS|dkr*dS|S)z5Heuristics to work out what output format was wanted.r<r,r%r-)lowerendswith)r7r$outputr2r2r:calc_output_formatszGraphCommand.calc_output_formatcCsL|dur||t}n |||}tjdd}t||gt|dS)NZSAMBA_TOOL_XDOT_PATHz /usr/bin/xdot)rKrFrIenvironget subprocessZcallremove)r7rLrRrMr-r2r2r: call_xdots  zGraphCommand.call_xdotcCsn|dkr dS|dkrHt|tr*|dkr*dSt|jds:dS|jsHdS|durjdtjddvrfd Sd S|S) zHeuristics to work out the colour scheme for distance matrices. Returning None means no colour, otherwise it sould be a colour from graph.COLOUR_SETSr(Nr)r=isattyZ256colorZTERMzxterm-256color-heatmapansi) isinstancestrhasattrrErYrIrTrU)r7color color_schemerRr2r2r:calc_distance_color_schemes  z'GraphCommand.calc_distance_color_scheme)Nr<)__name__ __module__ __qualname____doc__ZsynopsisoptionsZ SambaOptionsZVersionOptionsZCredentialsOptionsZtakes_optiongroupsCOMMON_OPTIONS DOT_OPTIONS takes_optionsZ takes_argsr;rKrSrXrar2r2r2r:r.Vs  r.cCstd|}|r|dS|S)zFHelper function for sorting and grouping DNs by site, if possible.z$CN=Servers,CN=\s*([^,]+)\s*,CN=Sites)researchgroup)dnmr2r2r:get_dnstr_sites  rpcCs t|dS)z\Helper function for sorting and grouping lists of (DN, ...) tuples by site, if possible.r)rp)tr2r2r:get_dnstrlist_sitesrrcCsPddlm}t|}t|tr(|d}t||ddddd@}d |S) zQGenerate a randomish but consistent darkish colour based on the given object.r)md5utf8N)baseiz#%06x)Zhashlibrsr]r\rencodeintZ hexdigest)xrsZtmp_strcr2r2r: colour_hashs     r|c@s4eZdZdZeeedddddgZd d d ZdS) cmd_repszrepsFrom/repsTo from every DSA-p --partitionrestrict to this partitionNrr#FTr7c@ Cs|}|j|dd}t|||\}}|j}t|j| } tdd}i}|D]H}t|dd}|r|jj|t dgd}t |ddd}t d ||ft j d z|d |||WnFty}z.t d ||ft j d WYd}~qLWYd}~n d}~00||||n |||||j||||d t|}||krt dt j d ||D]}t d|t j d q\t d|t j d ||D]}t d|t j d q|D]}| dkr||kr̐qn| dkr||krq|d|}||||t |j<|\} }!| D]4\}"}#| dus:|"| kr||"d||#fq|!D]4\}"}#| dusx|"| kr\||"d||#fq\qqLggdggdd}$t|j\}%}&|D]\}'}"|$D]\}(})|"|(D]n\}}#|&|'|'}*|#jD]$}+|)d||t |+j|*fq|#jD]$}+|)d|t |+j||*fq*qqԐq|||dkr(|| | |} ddd},|$D]\}(})|)D]\}-}.tt }/|.D]\}0}1}"|/|"|0|1fq|/D]@\}"}2t!d|2| | ||t"d}3d|,|-|"|3f}3|#|3|qڐqqdSg}4g}5g}6t}7i}8t}9|$D]\}(}:|:D]\}-}.|.D]\}0}1}"|8$|"t%|"|-f};|(dkrd nd!}<|-dkrd"nd#}=|7&|0|7&|1|6|0|1f|4|;d$|<|=f}>|5|>|9&|"d%|-'|;|>fqhq\qLg}?|rht(|9D].\}"}-};}<|?d&d'|;|zcmd_reps.run..)readonly dNSHostNamescopeattrsrz$Attempting to contact ldap://%s (%s)r> ldap://%s Could not contact ldap://%s (%s))Zforced_local_dsazfound extra DSAs:z %sz(missing DSAs (known locally, not by %s):Zothersr7CN=NTDS Settings,currentneeded)tofrom)rrrrr%zRepsFrom objects for %szRepsTo objects for %s)rr)rtcolour shorten_names generate_keygrouping_functionz %s %sZdottedZsolidrHemptyzstyle="%s"; arrowhead=%sZrepsFzcolor="%s"; %sz%s %s)Fz style="dotted"; arrowhead="open"zrepsFromTo is needed)Fzstyle="solid"; arrowhead="open"zrepsFromTo currently exists)directed edge_colors edge_stylesr key_itemsr-)+r5r6runix_nowrr9rrrlrr]rDsysstderrZ load_samdbrrunsetZ list_dsasZget_dsaZtranslate_ntdsconnZdsa_guidZget_rep_tablesitemsappendrrUZ rep_repsFromZsource_dsa_obj_guidZ rep_repsTorSrarr rprK setdefaultr|addtitlesortedr rX)@r7rrRrr+talk_to_remoter/r1r0mode partitionr_r`rtr$r-r4r8 local_kccdsasrZnc_repsZ guid_to_dnstrdsa_dnZkccresdns_nameeZdsas_from_hereZdsaZ remote_dnZ remote_dsar{npartZrepZ all_edgesshort_partitionslong_partitionsZpartnamestateZ edgelistsZ short_namerZheader_strings directionrZ part_edgessrcr"edgesrL edge_coloursr dot_edgesZ dot_verticesZ used_coloursZkey_setZedgelistrZ linestyleZarrowstylerr2r2r:rs"     "                      z cmd_reps.run)NNFTFNNNr7NNNNNF) rbrcrdrergrhr rirr2r2r2r:r}sr}c@s eZdZdZddZddZdS)NTDSConnzXCollects observation counts for NTDS connections, so we know whether all DSAs agree.cCs"d|_d|_d|_||_||_dS)NrF) observations src_attests dest_attestsrr")r7rr"r2r2r:__init__s zNTDSConn.__init__cCs2|jd7_||jkrd|_||jkr.d|_dS)NrjT)rrrr"r)r7attesterr2r2r:attests   zNTDSConn.attestN)rbrcrdrerrr2r2r2r:rsrc@s:eZdZdZeeeddddgZddZd d d Z dS) cmd_ntdsconnzDraw the NTDSConnection graphz --importldifz#graph from samba_kcc generated ldifNrcCs2tjdd}tj|d}||_t|||}|S)Nr@)rAz imported.ldb)rGZmkdtemprIpathjoin_tmp_fn_to_deleterZ ldif_to_samdb)r7Zldifr4drMr9r2r2r:import_ldif_dbs  zcmd_ntdsconn.import_ldif_dbFTc; Cs||}| dur |j|dd}nd}|| |}t|||\}}|jddd}t}g}|D]T}|r|jj|t dgd}|ddd}z| d|||}WnFt y}z.t d ||ft jd WYd}~q`WYd}~n d}~00|}|}n| |||}d |}|}|j|t d gd}|dd dd k}|||rNdndf|j|tddgdgd}|D]B}t|j}||ddd} |t|dd| |fqrq`| r||jkrt|ttj|i}!|D]B\}"}#}$|"|#f}%|%|!vr|!|%}nt|%}||!|%<||$qtt |\}}&|!| |dkr|"| | |} t#| }'|'$dd}(|'$dd})g}*d|&vr|*d|s|!%}+d|},ng}+g}-g}.g}/|!&D]N\}}0|0j'r|+||0j(s|-|n|0j(r |.|n |/|qd},|/rH|*d|/D]}|*d|q2|.rr|*d|.D]}|*d|q\|-r|*d|-D]}|*d|qt)||+| | ||t*|&d}1d+|*}*|*rd|(|)|*f}*|,d |,|1|*f|dSg}2g}3g}4g}5t-|}6t |!&D]\}%}|2|%|j.|6ks4|sJ|3d!|4dnd|j'r||4d|j(rp|3d"n |3d#n2|j(r|3d$|4d%n|3d$|4d&qg}7|r"|7d'd(D](\}8}9|8|3vr|7d)d*|8|9fqd+D](\}:}9|:|4vr|7d)d,|:|9fq|r.d-},nd|},t/t ||2d|,|3|5|4||7d. }1| d/krl|0|1|n |,|1|dS)0NTr3,rjrrrrrr>rz msDS-isRODCZTRUEZRODCrZz(objectClass=nTDSConnection)Z fromServerzsearch_options:0:2)rZ expressionrZcontrolsr%headerresetz/No outbound connections are expected from RODCszNTDS Connections known to %sz-NTDS Connections known to each destination DCzTThe following connections are alleged by DCs other than the source and destination: z %s -> %s zbThe following connections are alleged by DCs other than the destination but including the source: zRThe following connections (included in the chart) are not known to the source DC: )rtrrrrZ row_commentsz %sNOTES%s %sz %s %s %sz#000000#0000ff#cc00ffz#ff0000 style=dashed style=dotted)Fzcolor="#000000"zNTDS Connection))rzmissing from some DCs)rzmissing from source DCFz color="%s"))rzunknown to destination)rz!unknown to source and destinationzcolor="#ff0000; %s"zNTDS Connections)rrr edge_labelsrrrr-)1r5r6rrZ my_dsa_dnstrsplitrr9rlrr;rrDrrZget_dsServiceNameZ domain_dnrrr]rnindexrrrIrWrmdirrdirnamerrziprrSrar rUkeysrrrr rrrrKlenrr rX);r7rrRrr+rr/r1r0r_r`rtr$ importldifr-r4r8rrZ local_dsa_dnZverticesZattested_edgesrrrr9rZntds_dnrnZis_rodcmsgZmsgdnZdest_dnrrr"rkZ rodc_statusZcoloursZc_headerZc_resetZepilogZ graph_edgesrZ source_deniesZ dest_deniesZ both_denyZconnrLrrrrZ n_serversrrZdescrr2r2r:rsN    "                                    zcmd_ntdsconn.run)NNFTFNNNNNNNNF) rbrcrdrergrhr rirrr2r2r2r:rsrc@s>eZdZdZeedddddedded d gZdd dZdS)cmd_uptodatenesszvisualize uptodateness vectorsr~rrNrz --max-digitsz,display this many digits of out-of-date-ness)r#r rFTc Cs|std|jddS|}|j|dd}t|||\}}|j|_t|j|}t|j\}}|| | |} | D]\}}||dfvrqtt |||||}t ||}t |}t |tt|}|dkrd}d|}t|| | ||t||ddd }|d ||f|qtdS) Nz>this won't work without talking to the remote servers (use -r)r>Tr3rj ZDCzout-of-date-ness) rtrrrrZ colour_scaledigitsZylabelZxlabelz %s %s)rDrEr5r6rr9rrrarrrrminrr]rrprK)r7rrRrr+rr/r1r0r_r`rtr$rr-rZ max_digitsr4r8rrrrZ part_nameZpart_dnZ utdv_edgesZ distancesZ max_distancerZc_scalerLr2r2r:rsJ    zcmd_uptodateness.run)NNFTFNNNNNFNNFNr) rbrcrdrergr ryrirr2r2r2r:rs rc@sDeZdZdZiZeD]$\ZZe dreeedd<qdS) cmd_visualizez:Produces graphical representations of Samba network state.Zcmd_N) rbrcrdreZ subcommandsglobalsrrv startswithr2r2r2r:rs  r)@Z __future__rrIr collectionsrrVrGZ samba.getoptZgetoptrfZsambarrZ samba.netcmdrrrr Z samba.samdbr Z samba.graphr r r rZldbrrrtimerkZ samba.kccrrZsamba.kcc.kcc_utilsrZ samba.compatrZsamba.uptodatenessrrrrrrrrr]rrrgrhrFr.rprrr|r}objectrrrrr2r2r2r:s          (  ^  5p?