IdlddlZddlZddlmZddlZddlZddlmZddl m Z ddl m Z ddl m Z mZmZmZddlmZddlmZddlmZmZdd lmZdd lmZdd lmZmZmZddlZddlZdd l m!Z!m"Z"dd l#m$Z$ddl%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-eddde.ddeddde.ddeddddded d!d"#ed$d%e/ej`&ed'd(d)d"d*+ed,d-d.d"d*+ed/d0d1d2d34gZ1ed5d6dd7ded8d9dd:dgZ2d;Z3Gd<d=e Z4d>Z5d?Z6d@Z7GdAdBe4Z8GdCdDe9Z:GdEdFe4Z;GdGdHe4Z<GdIdJeZ=y)KN) defaultdict)dsdb) nttime2unix)Command SuperCommand CommandErrorOption)SamDB) dot_graph)distance_matrix COLOUR_SETS) full_matrix)is_colour_wanted) SCOPE_BASE SCOPE_SUBTREELdbError)KCCldif_import_export)KCCError)get_partition_maps get_partitionget_own_cursorget_utdvget_utdv_edgesget_utdv_distancesget_utdv_max_distanceget_kcc_and_dsasz-Hz--URLz%LDB URL for database or target serverURLH)helptypemetavardestz-oz--outputzwrite here (default stdout)FILE)r r!r"defaultz --distancez&Distance matrix graph output (default)formatdistance store_const)r r#constactionz--utf8zUse utf-8 Unicode characters store_true)r r*z--color-schemez,use this colour scheme (implies --color=yes))r choicesz-Sz--shorten-namesz don't print long common suffixesF)r r*r%z-rz--talk-to-remotezquery other DCs' databasesz--no-keyzomit the explanatory key store_falseTkey)r r*r%r#z--dotzGraphviz dot outputdotz--xdotzattempt to call Graphviz xdotxdot__temp__ceZdZdZdZej ejejdZ e e zZ dZ dZd dZdZd Zd Zy) GraphCommandz Base class for graphing commandsz%prog [options]) sambaopts versionoptscredoptsch|j}|j|d}t|||}|S)NTfallback_machine)url credentialslp) get_loadparmget_credentialsr )selfrr4r6r=credssamdbs 8/usr/lib/python3/dist-packages/samba/netcmd/visualize.pyget_dbzGraphCommand.get_db^s8  # # %((d(C!26 Nc&||dk(rt||jy|turAy)BAv&Bzz~~4oFr # " rEc||S|dvr |j}t||j}|sydtjj ddvryy) zHeuristics to work out the colour scheme for distance matrices. Returning None means no colour, otherwise it should be a colour from graph.COLOUR_SETSN)rGN)hint256colorTERMzxterm-256color-heatmapansi)rOrrequested_colourrTrcrd)r@ color_schemer_ want_colours rCcalc_distance_color_schemez'GraphCommand.calc_distance_color_schemesX  #  [ YYF&vD4I4IJ  3 3+rE)Nr\)__name__ __module__ __qualname____doc__synopsisoptions SambaOptionsVersionOptionsCredentialsOptionstakes_optiongroupsCOMMON_OPTIONS DOT_OPTIONS takes_options takes_argsrDrVr`rhrrr7rErCr3r3RsW* H))--.. #[0MJ : rEr3cXtjd|}|r|jdS|S)zFHelper function for sorting and grouping DNs by site, if possible.z$CN=Servers,CN=\s*([^,]+)\s*,CN=Sites)researchgroup)dnms rCget_dnstr_siters+ 92>Awwqz IrEct|dS)z\Helper function for sorting and grouping lists of (DN, ...) tuples by site, if possible.r)r)ts rCget_dnstrlist_siters !A$ rEcddlm}t|}t|tr|j d}t ||j ddddz}d |zS) zQGenerate a randomish but consistent darkish colour based on the given object.r)md5utf8N)baseiz#%06x)hashlibrstr isinstanceencodeint hexdigest)xrtmp_strcs rC colour_hashrsW!fG'3..( CL " " $Ra (r2X=A Q;rEcHeZdZdZeezeddddgzZ ddZy) cmd_repszrepsFrom/repsTo from every DSA-p --partitionrestrict to this partitionNr r%c  |j}|j|d}t|||\}}|j}t |j | } t d}i}|D]D}t|d}|r|j j|tdg}t|ddd}td|d |d tj  |jd |z|||j!|||n(|j||||j!||||t#|j%}||k7rtdtj ||z D] }td|ztj "td|ztj ||z D] }td|ztj "|D]}| dk(r||k(r| dk(r||k7r|j'd|z}|j)|||t|j*<|j-\}} |j/D]&\}!}"| |!| k(s||!dj1||"f(| j/D]&\}!}"| |!| k(s||!dj1||"f(Gggdggdd}#t3|j \}$}%|j/D]\}&}!|#j/D]\}'}(|!|'D]\}}"|%j5|&|&})|"j6D]/}*|(dj1||t|*j8|)f1|"j:D]/}*|(dj1|t|*j8||)f1|j=| |dk(r|j?| |} ddd}+|#j/D]\}'}(|(j/D]\},}-t t@}.|-D]\}/}0}!|.|!j1|/|0f|.j/D];\}!}1tCd|1| | ||tD}2d |+|,|!zd |2}2|jG|2|=yg}3g}4g}5t#}6i}7t#}8|#j/D]\}'}9|9j/D]\},}-|-D]\}/}0}!|7jI|!tK|!|,f}:|'dk(rd!nd"};|,dk(rd#nd$}<|6jM|/|6jM|0|5j1|/|0f|3j1|:d%|;d&|<}=|4j1|=|8jM|!d'|,jOz|:|=fg}>|rVtQ|8D]&\}!},}:};|>j1d(d)|:d*|;|!d+|,f(|>j1d,|>j1d-tS|6|5d|3|4||>.}2| d/k(r|jU|2|y|jG|2|y#t$r-}td |d |d tj Yd}~d}~wwxYw)0NTr9c ttS)N)rlistr7rErCzcmd_reps.run..s k$&7rE)readonly dNSHostNamescopeattrsrzAttempting to contact ldap:// ()rH ldap://%sCould not contact ldap://)forced_local_dsazfound extra DSAs:z %sz(missing DSAs (known locally, not by %s):othersr@CN=NTDS Settings,currentneeded)tofrom)rrrrr'zRepsFrom objects for %szRepsTo objects for %s)rr)rcolour shorten_names generate_keygrouping_function dottedsolidrSemptyzstyle="z "; arrowhead=repsFzcolor="z";  )Fz style="dotted"; arrowhead="open"zrepsFromTo is needed)Fzstyle="solid"; arrowhead="open"zrepsFromTo currently exists)directed edge_colors edge_stylesr key_itemsr0)+r>r?runix_nowrrBrrrrrrNsysstderr load_samdbrrunset list_dsasget_dsatranslate_ntdsconndsa_guidget_rep_tablesitemsappendrrd rep_repsFromsource_dsa_obj_guid rep_repsTor`rrrr rrV setdefaultraddtitlesortedr rh)?r@rr_rr.talk_to_remoter4r6r5mode partitionrprr&r0r=rA local_kccdsasrnc_reps guid_to_dnstrdsa_dnkccresdns_nameedsas_from_heredsa remote_dn remote_dsarnpartrep all_edgesshort_partitionslong_partitionspartnamestate edgelists short_namerheader_strings directionr part_edgessrcr#edgesrW edge_coloursr dot_edges dot_vertices used_colourskey_setedgelistr linestylearrowstylers? rCrz cmd_reps.runs # # %((d(C*1b%8 4%%!)//9= 78 1 FFh.Coo,,V3=4A?-Ds1vm4Q78)::'NN;#92uE 2u%q"e,2uv> 1N~%) ;*T1:C'C-cjj9:@6I::' >1:C'C-cjj9:, F 8# V(;V^ V(; [[)L N+9*Cd*JAN 1f- . . .    u  %(0 1OE8$,NN$4 1 5', 1OCt)44d5@$BKBM6NOF-2X,=7I&/4&7FWE $$S) $$T*$$c4[1 ''/:CUKE&&u-KKv 0A'A!'!01 1 1 1" 6 lI#"."-$1 )  + V  NN1f % JJq& !I !L"zz+sX Y""Y  Y)NNFTFNNNr@NNNNF) rsrtrurvr}r~r rrr7rErCrrsB$"[0t])E 4M 6;%*7;6:). h"rErceZdZdZdZdZy)NTDSConnzXCollects observation counts for NTDS connections, so we know whether all DSAs agree.cJd|_d|_d|_||_||_y)NrF) observations src_attests dest_attestsrr#)r@rr#s rC__init__zNTDSConn.__init__s( ! rEc|xjdz c_||jk(rd|_||jk(rd|_yy)NrT)rrrr#r)r@attesters rCattestzNTDSConn.attests@ Q txx #D  tyy $D  !rEN)rsrtrurvrr r7rErCrr}s%rErcNeZdZdZeezedddgzZdZ ddZ y) cmd_ntdsconnzDraw the NTDSConnection graphz --importldifz#graph from samba_kcc generated ldifNrctjd}tjj |d}||_t j|||}|S)NrJ)rKz imported.ldb)rQmkdtemprTpathjoin_tmp_fn_to_deleter ldif_to_samdb)r@ldifr=drXrBs rCimport_ldif_dbzcmd_ntdsconn.import_ldif_dbsH   $: ; WW\\!^ ,!#"00R> rEc  |j}| |j|d}nd}|j| |}t|||\}}|jj ddd}t }g}|D]5}|rf|jj|tdg}|ddd} |jd|z||}|j}|j!}n|j|||}d |z}|}|j|tdg}|ddddk(}|j#||rdndf|j|t$ddgdg}|D]Q}t'|j(}||j+ddzd}|j-t'|dd||fS8| rV||j.k(rGt1j2|t1j4t0j6j9|i} |D]2\}!}"}#|!|"f}$|$| vr| |$}n t;|$}|| |$<|j=|#4t?tA|\}}%|jC| |dk(r|jE| |} tF| }&|&jIdd}'|&jIdd}(g})d|%vr|)j-d|s| jK}*d|z}+ng}*g},g}-g}.| jMD]p\}}/|/jNr0|*j-||/jPr0|,j-|B|/jPr|-j-|`|.j-|rd}+|.r,|)j-d|.D]}|)j-d|z|-r,|)j-d|-D]}|)j-d|z|,r,|)j-d|,D]}|)j-d|ztS||*| | ||tT|% }0djW|)})|)r d!|'d"|(d!|)})|jYd!|+d#|0d!|)|yg}1g}2g}3g}4t[|}5tA| jMD]\}$}|1j-|$|j\|5k(s|s#|2j-d$|3j-dK|jNrA|3j-d|jPr|2j-d%|2j-d&|jPr#|2j-d'|3j-d(|2j-d'|3j-d)g}6|r]|6j-d*d+D]!\}7}8|7|2vs |6j-d,d-|7z|8f#d.D]!\}9}8|9|3vs |6j-d,d/|9z|8f#|rd0}+nd|z}+t_tA||1d|+|2|4|3||61 }0| d2k(r|ja|0|y|jY|0|y#t$r-}td |d |d tj Yd}~d}~wwxYw)3NTr9,rrrrrrrrrHrz msDS-isRODCTRUERODCrmz(objectClass=nTDSConnection) fromServerzsearch_options:0:2)r expressionrcontrolsr'headerresetz/No outbound connections are expected from RODCszNTDS Connections known to %sz-NTDS Connections known to each destination DCzTThe following connections are alleged by DCs other than the source and destination: z %s -> %s zbThe following connections are alleged by DCs other than the destination but including the source: zRThe following connections (included in the chart) are not known to the source DC: )rrrrr row_commentsrNOTES z#000000#0000ff#cc00ffz#ff0000 style=dashed style=dotted)Fzcolor="#000000"zNTDS Connection))r"zmissing from some DCs)r#zmissing from source DCFz color="%s"))r$zunknown to destination)r%z!unknown to source and destinationzcolor="#ff0000; %s"zNTDS Connections)rrr edge_labelsrrrr0)1r>r?rr my_dsa_dnstrsplitrrBrrrDrrNrrget_dsServiceName domain_dnrrrrindexrrrTrgrmdirrdirnamerr ziprr`rrr rdkeysrrrr rrrVlenrr rh):r@rr_rr.rr4r6r5rprr& importldifr0r=rArr local_dsa_dnverticesattested_edgesrrrrBrntds_dnris_rodcmsgmsgdndest_dnrrr#r k rodc_statuscoloursc_headerc_resetepilog graph_edgesr source_denies dest_denies both_denyconnrWrrrr& n_serversrrdescrs: rCrzcmd_ntdsconn.runs # # %  ,,R$,GEE##J3A*1b%8 4 --33C;A> 5* :Foo,,V3=4A?-Dq6-03 KK h(> (02E 113__& Ay(;-6,,w%/&3_6C!f]+A.&8G LL'W6"= >,,r%2*H&2^*>(> !C :CFF  C 01 4 56%%s3|+2##I."">2! 3$    1 2!H K \)$$e\F-BD%IJ K  G - tK'$$e&;e&C&*&,-  - &E2\AE fX& #!"."-"-$1 ) + V  NN1f % JJq& !E !L"zz+s-X  Y"X>>Y) NNFTFNNNNNNNF) rsrtrurvr}r~r rrrr7rErCr r sH#"[0~$I 4M 6;%*7;/3 ]"rEr cZeZdZdZeeddddedded gzZ d d Zy) cmd_uptodatenesszvisualize uptodateness vectorsrrrNrz --max-digitsz,display this many digits of out-of-date-ness)r%r!r c |std|jy|j}|j|d}t |||\}}|j |_t |j |}t|j \}}|j| |} |jD]\}}||dfvr t|||||}t||}t|}t|tt|}|dkrd}d|z}t!|| | ||t"||dd }|j%d |d ||y) Nz>this won't work without talking to the remote servers (use -r)rHTr9r DCzout-of-date-ness) rrrrr colour_scaledigitsylabelxlabelrr!)rNrOr>r?rrBrrrrrrrrminr0rrrrV)r@rr_rr.rr4r6r5rprr&r1r0r max_digitsr=rArrrr part_namepart_dn utdv_edges distances max_distancerNc_scalerWs rCrzcmd_uptodateness.runsV  #'99 .  # # %((d(C*1b%8 4__ !$**i8 ,>tzz,J)/66|7=? #3"8"8": > Iw$/' 4"eLJ*:trE)NNFTFNNNNFNNFNrI) rsrtrurvr}r rrrr7rErCrHrH}sQ("t])E ~qsB D&M6;%*7;0434 1>rErHceZdZdZiZej D]$\ZZejdseeedd<&y) cmd_visualizez:Produces graphical representations of Samba network state.cmd_N) rsrtrurv subcommandsglobalsrr:v startswithr7rErCrZrZsDDK !%1 << !"K!" %rErZ)>rTr collectionsrrerQ samba.getoptgetoptrxsambarr samba.netcmdrrrr samba.samdbr samba.graphr r r r samba.colourrldbrrrtimer samba.kccrrsamba.kcc.kcc_utilsrsamba.uptodatenessrrrrrrrrrrr/r}r~rPr3rrrrobjectrr rHrZr7rErCros( #DD!4#)33 -(    4FU. 4"?VT3 <F =B 88  $;( ((*+- 4"2/ 4#*F/ :6E;#, 7.X}. 89 /   Z7Zz p"|p"f%v%$k"<k"\;>|;>|%L%rE