blBddlZddlZddlmZddlZddlZddlmZddl m Z ddl m Z ddl m Z mZmZmZddlmZddlmZddlmZmZdd lmZdd lmZmZmZddlZddlZdd lmZm Z dd l!m"Z"dd l#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+eddde,ddeddde,ddedddddedd d!"ed#d$gd%&ed'd(e-ej.&ed)d*d+d!d,-ed.d/d0d!d,-ed1d2d3d4d56g Z/ed7d8dd9ded:d;ddd?e Z2d@Z3dAZ4dBZ5GdCdDe2Z6GdEdFe7Z8GdGdHe2Z9GdIdJe2Z:GdKdLeZ;dS)MN) defaultdict)dsdb) nttime2unix)Command SuperCommand CommandErrorOption)SamDB) dot_graph)distance_matrix COLOUR_SETS) full_matrix) SCOPE_BASE SCOPE_SUBTREELdbError)KCCldif_import_export)KCCError)get_partition_maps get_partitionget_own_cursorget_utdvget_utdv_edgesget_utdv_distancesget_utdv_max_distanceget_kcc_and_dsasz-Hz--URLz%LDB URL for database or target serverURLH)helptypemetavardestz-oz--outputzwrite here (default stdout)FILE)rr r!defaultz --distancez&Distance matrix graph output (default)formatdistance store_const)rr"constactionz--utf8zUse utf-8 Unicode characters store_true)rr)z--colorzuse color (yes, no, auto))yesnoauto)rchoicesz--color-schemez,use this colour scheme (implies --color=yes)z-Sz--shorten-namesz don't print long common suffixesF)rr)r$z-rz--talk-to-remotezquery other DCs' databasesz--no-keyzomit the explanatory key store_falseTkey)rr)r$r"z--dotzGraphviz dot outputdotz--xdotzattempt to call Graphviz xdotxdot__temp__cneZdZdZdZejejejdZ e e zZ dZ dZd dZd Zd Zd ZdS) GraphCommandz Base class for graphing commandsz%prog [options]) sambaopts versionoptscredoptsc|}||d}t|||}|S)NTfallback_machine)url credentialslp) get_loadparmget_credentialsr )selfrr6r8r?credssamdbs 8/usr/lib/python3/dist-packages/samba/netcmd/visualize.pyget_dbzGraphCommand.get_db_sD  # # % %((d(CC!2666 N.dotcF||dkrt||jdS|tur>tjd|\}}t |d}t j|nt |d}||||S)aDecide whether we're dealing with a filename, a tempfile, or stdout, and write accordingly. :param s: the string to write :param fn: a destination :param suffix: suffix, if destination is a tempfile If fn is None or "-", write to stdout. If fn is visualize.TEMP_FILE, write to a temporary file Otherwise fn should be a filename to write to. N-filesamba-tool-visualise)prefixsuffixw) printoutf TEMP_FILEtempfilemkstempopenosclosewrite)rBsfnrOfdfs rErYzGraphCommand.writees :s !$) $ $ $ $ F ??%-C-3555FBR A HRLLLLR A     rGct|s-|r)|drdSdS|dkrdS|S)z5Heuristics to work out what output format was wanted.rHr1r&r2)lowerendswith)rBr%outputs rEcalc_output_formatzGraphCommand.calc_output_formatsN " "&,,..11&99 "u!z V  5 rGc|||t}n|||}tjdd}t j||gtj|dS)NSAMBA_TOOL_XDOT_PATHz /usr/bin/xdot)rYrSrWenvironget subprocesscallremove)rBrZrar[r2s rE call_xdotzGraphCommand.call_xdotsj >Ay))BBAv&&Bz~~4oFFr ### " rGc|dkrdS|dkrOt|tr|dkrdSt|jdsdS|jsdS|&dt jddvrd Sd S|S) zHeuristics to work out the colour scheme for distance matrices. Returning None means no colour, otherwise it sould be a colour from graph.COLOUR_SETSr,Nr-rJisatty256colorTERMzxterm-256color-heatmapansi) isinstancestrhasattrrRrlrWrerf)rBcolor color_schemeras rEcalc_distance_color_schemez'GraphCommand.calc_distance_color_schemes D==4 F??&#&& 6S==t49h// t9##%% t  RZ^^FB7777//6rG)NrH)__name__ __module__ __qualname____doc__synopsisoptions SambaOptionsVersionOptionsCredentialsOptionstakes_optiongroupsCOMMON_OPTIONS DOT_OPTIONS takes_options takes_argsrFrYrbrjrvr9rGrEr5r5Ss** H)-. #[0MJ :   rGr5c^tjd|}|r|dS|S)zFHelper function for sorting and grouping DNs by site, if possible.z$CN=Servers,CN=\s*([^,]+)\s*,CN=Sites)researchgroup)dnms rEget_dnstr_siters3 92>>Awwqzz IrGc,t|dS)z\Helper function for sorting and grouping lists of (DN, ...) tuples by site, if possible.r)r)ts rEget_dnstrlist_siters !A$  rGcddlm}t|}t|tr|d}t ||ddddz}d |zS) zQGenerate a randomish but consistent darkish colour based on the given object.r)md5utf8N)baseiz#%06x)hashlibrrrrqencodeint hexdigest)xrtmp_strcs rE colour_hashrs!ffG'3)..(( CCLL " " $ $RaR (r222X=A Q;rGcPeZdZdZeezeddddgzZ d d ZdS) cmd_repszrepsFrom/repsTo from every DSA-p --partitionrestrict to this partitionNrr$FTrBc T|}||d}t|||\}}|j}t |j| } t d}i}|D]}t|d}|r|j|tdg}t|ddd}td|d |d tj  |d |z||n9#t$r,}td |d |d tj Yd}~d}~wwxYw||||n0|||||||||t#|}||krtdtj ||z D] }td|ztj !td|ztj ||z D] }td|ztj !|D]}| dkr||kr| dkr||kr|d|z}||||t|j<|\} }!| D]0\}"}#| |"| kr#||"d||#f1|!D]0\}"}#| |"| kr#||"d||#f1ggdggdd}$t3|j\}%}&|D]\}'}"|$D]\}(})|"|(D]\}}#|&|'|'}*|#jD]8}+|)d||t|+j|*f9|#jD]8}+|)d|t|+j||*f9|||dkr|| | |} ddd},|$D]\}(})|)D]\}-}.t t@}/|.D]#\}0}1}"|/|"|0|1f$|/D]G\}"}2tCd|2| | ||tD}3d |,|-|"zd |3}3|#|3|HdSg}4g}5g}6t#}7i}8t#}9|$D]\}(}:|:D]\}-}.|.D]\}0}1}"|8$|"tK|"|-f};|(dkrd!nd"}<|-dkrd#nd$}=|7&|0|7&|1|6|0|1f|4|;d%|<d&|=}>|5|>|9&|"d'|-'z|;|>fg}?|rdtQ|9D]*\}"}-};}<|?d(d)|;d*|<|"d+|-f+|?d,|?d-tS|7|6d|4|5||?.}3|d/kr|*|3|dS|#|3|dS)0NTr;c*ttS)N)rlistr9rGrEzcmd_reps.run..sk$&7&7rG)readonly dNSHostNamescopeattrsrzAttempting to contact ldap:// ()rK ldap://%sCould not contact ldap://)forced_local_dsazfound extra DSAs:z %sz(missing DSAs (known locally, not by %s):othersrBCN=NTDS Settings,currentneeded)tofrom)rrrrr&zRepsFrom objects for %szRepsTo objects for %s)rr)rcolour shorten_names generate_keygrouping_function dottedsolidrVemptyzstyle="z "; arrowhead=repsFzcolor="z";  )Fz style="dotted"; arrowhead="open"zrepsFromTo is needed)Fzstyle="solid"; arrowhead="open"zrepsFromTo currently exists)directed edge_colors edge_stylesr key_itemsr2)+r@rArunix_nowrrDrrrrrrrQsysstderr load_samdbrrunset list_dsasget_dsatranslate_ntdsconndsa_guidget_rep_tablesitemsappendrrf rep_repsFromsource_dsa_obj_guid rep_repsTorbrvrr rrY setdefaultraddtitlesortedr rj)@rBrrarr0talk_to_remoter6r8r7mode partitionrtrurr%r2r?rC local_kccdsasrnc_reps guid_to_dnstrdsa_dnkccresdns_nameedsas_from_heredsa remote_dn remote_dsarnpartrep all_edgesshort_partitionslong_partitionspartnamestate edgelists short_namerheader_strings directionr part_edgessrcr"edgesrZ edge_coloursr dot_edges dot_vertices used_colourskey_setedgelistr linestylearrowstylers@ rErz cmd_reps.runs4  # # % %((d(CC*1b%88 4%!)/9== 7788 1 F1 FFh...C ?o,,V3=4A?-DDs1vm4Q788xx):''''NN;#92uEEEEE!!!L"z++++HHHH 2u%%%%q"e,,,2uv>>> 11N~%%) ;;;;*T1::C'C-cj99999@6I:'''' >1::C'C-cj99999+ F F 8## V(;(;V^^ V(;(; [[)L NNN+9*Cd*J*J*JAAN 1f---- . . F   uu  %%(00 1 1OE8$,NN$4$4 1 1 5', 1 1OCt)44d5@$BKBM6N6NOOF-2X,=,=7I&/4&7&7FFWE $$S))) $$T***$$c4[111 ''////:C))UUKE&&u---KKv 0A0A'A!'!01111 1 1   >6 > > lI#"."-$1 )  + + + V   NN1f % % % % % JJq& ! ! ! ! !s-D D>"D99D>)NNFTFNNNrBNNNNNF) rwrxryrzrrr rrr9rGrErrsw$$"[0t])E   4M 6;%*7;BF). i"i"i"i"i"i"rGrceZdZdZdZdZdS)NTDSConnzXCollects observation counts for NTDS connections, so we know whether all DSAs agree.cLd|_d|_d|_||_||_dS)NrF) observations src_attests dest_attestsrr")rBrr"s rE__init__zNTDSConn.__init__s, ! rGcr|xjdz c_||jkrd|_||jkr d|_dSdS)NrT)rrrr"r)rBattesters rEattestzNTDSConn.attestsN Q tx  #D  ty $D    ! rGN)rwrxryrzr r r9rGrErrs<%%%%%rGrcVeZdZdZeezedddgzZdZ d d Z dS) cmd_ntdsconnzDraw the NTDSConnection graphz --importldifz#graph from samba_kcc generated ldifNrctjd}tj|d}||_t j|||}|S)NrM)rNz imported.ldb)rTmkdtemprWpathjoin_tmp_fn_to_deleter ldif_to_samdb)rBldifr?dr[rDs rEimport_ldif_dbzcmd_ntdsconn.import_ldif_dbsL  $: ; ; ; W\\!^ , ,!#"0R>> rGFTc :|}| ||d}nd}|| |}t|||\}}|jddd}t }g}|D]}|r|j|tdg}|ddd} | d|z||}n9#t$r,}td |d |d tj Yd}~d}~wwxYw|}|}n| |||}d |z}|}||tdg}|ddddk}|||rdndf||t$ddgdg}|D]g}t'|j}||ddzd} |t'|dd| |fh| rP||jkrEt1j|t1jt0j|i}!|D]:\}"}#}$|"|#f}%|%|!vr |!|%}nt;|%}||!|%<||$;t?tA|\}}&|!| |dkr|"| | |} tF| }'|'$dd}(|'$dd})g}*d|&vr|*d|s|!%}+d|z},n+g}+g}-g}.g}/|!&D]p\}}0|0j'r2|+||0j(s|-|>|0j(r|.|[|/|qd},|/r2|*d|/D]}|*d|z|.r2|*d|.D]}|*d|z|-r2|*d|-D]}|*d|ztS||+| | ||tT|& }1d+|*}*|*r d!|(d"|)d!|*}*|,d!|,d#|1d!|*|dSg}2g}3g}4g}5t[|}6tA|!&D]\}%}|2|%|j.|6ks|s+|3d$|4dR|j'rH|4d|j(r|3d%|3d&|j(r+|3d'|4d(|3d'|4d)g}7|rc|7d*d+D]$\}8}9|8|3vr|7d,d-|8z|9f%d.D]$\}:}9|:|4vr|7d,d/|:z|9f%|rd0},nd|z},t_tA||2d|,|3|5|4||71 }1| d2kr|0|1|dS|,|1|dS)3NTr;,rrrrrrrrrKrz msDS-isRODCTRUERODCroz(objectClass=nTDSConnection) fromServerzsearch_options:0:2)r expressionrcontrolsr&headerresetz/No outbound connections are expected from RODCszNTDS Connections known to %sz-NTDS Connections known to each destination DCzTThe following connections are alleged by DCs other than the source and destination: z %s -> %s zbThe following connections are alleged by DCs other than the destination but including the source: zRThe following connections (included in the chart) are not known to the source DC: )rrrrr row_commentsrNOTES z#000000#0000ff#cc00ffz#ff0000 style=dashed style=dotted)Fzcolor="#000000"zNTDS Connection))r$zmissing from some DCs)r%zmissing from source DCFz color="%s"))r&zunknown to destination)r'z!unknown to source and destinationzcolor="#ff0000; %s"zNTDS Connections)rrr edge_labelsrrrr2)1r@rArr my_dsa_dnstrsplitrrDrrrFrrQrrget_dsServiceName domain_dnrrrrrindexrrrWrirmdirrdirnamerr ziprrbrvr rfkeysrrrr rrrYlenrr rj);rBrrarr0rr6r8r7rtrurr% importldifr2r?rCrr local_dsa_dnverticesattested_edgesrrrrDrntds_dnris_rodcmsgmsgdndest_dnrrr"r k rodc_statuscoloursc_headerc_resetepilog graph_edgesr source_denies dest_denies both_denyconnrZrrrr( n_serversrrdescrs; rErzcmd_ntdsconn.runs # # % %  ,,R$,GGEEE##J33A*1b%88 4 -33C;;A> 55* :* :F o,,V3=4A?-DDq6-03 KK h(> (022EEE!!!L"z++++HHHH  1133__&& Ay(;;-6,,w%/&3_66C!f]+A.&8G LL'W#<66"= > > >,,r%2*H&2^*>(> !!C : :CF  C 0 01 4 5 56%%s3|+2222##I..."">2222  -   1 2 2 2!H K K \))$$e\F-BD%IJJJ G - - tK''$$e&;e&C&*&,---  B&EE2\AE fX&& #!"."-"-$1 ) + + + V   NN1f % % % % % JJq& ! ! ! ! !s C&& D0"DD)NNFTFNNNNNNNNF) rwrxryrzrrr rrrr9rGrErrs##"[0~$I   4M 6;%*7;%)/3 ^"^"^"^"^"^"rGrcheZdZdZeeddddedded gzZ dd ZdS)cmd_uptodatenesszvisualize uptodateness vectorsrrrNrz --max-digitsz,display this many digits of out-of-date-ness)r$r rFTc |std|jdS|}||d}t |||\}}|j|_t |j|}t|j\}}|| | |} | D]\}}||dfvr t|||||}t||}t|}t|tt|}|dkrd}d|z}t!|| | ||t"||dd }|d |d ||dS) Nz>this won't work without talking to the remote servers (use -r)rKTr;r DCzout-of-date-ness) rrrrr colour_scaledigitsylabelxlabelrr#)rQrRr@rArrDrrrvrrrrminr2rrrrrY)rBrrarr0rr6r8r7rtrurr%r3r2r max_digitsr?rCrrrr part_namepart_dn utdv_edges distances max_distancerPc_scalerZs rErzcmd_uptodateness.runs   #'9 . . . . F # # % %((d(CC*1b%88 4_ !$*i88 ,>tz,J,J)/66u7C7=?? #3"8"8":": > > Iw$//' 4"eLLJ*:t< >rG)NNFTFNNNNNFNNFNrK) rwrxryrzrr rrrr9rGrErJrJs(("t])E   ~qsB D D D&M6;%*7;%)0434 2>2>2>2>2>2>rGrJceZdZdZiZeD]/\ZZe dreeedd<0dS) cmd_visualizez:Produces graphical representations of Samba network state.cmd_N) rwrxryrz subcommandsglobalsrr<v startswithr9rGrEr\r\soDDK !!%%1 <<   %!"K!"" %%rGr\)rps( ######DDDDDDDDDDDD!!!!!!44444444######3333333333 --------((((((                     F4FU... F4"?VT333 F<F =BBB F88    F96(((*** F $;4( (**++--- F4"2/// F4#*F/// F:6E;;;'0 F7.X}... F89 ///   [[[[[7[[[|   q"q"q"q"q"|q"q"q"h%%%%%v%%%$l"l"l"l"l"<l"l"l"^<><><><><>|<><><>~%%%%%L%%%%%rG