o

�/a�l�@s@dd
lZdd
l
Z
ddlmZ
dd
lZdd
lZdd
lmZ
ddl	m
Z

ddl	mZ
ddlm
Z
mZmZmZ
ddlmZ
ddlmZ
ddlmZmZ
dd	lmZ
dd
lmZmZmZ
dd
lZdd
lZddlmZm Z 
ddl!m"Z"
dd
l#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+
eddde,ddd�eddde,dd
d�edddddd�edd d!d"�ed#d$gd%�
d&�ed'd(e-e�.��
d&�ed)d*d+d!d,d-�ed.d/d0d!d,d-�ed1d2d3d4d5d6�g	Z/ed7d8dd9dd�ed:d;dd<dd�gZ0d=Z1Gd>d?�d?e
�Z2d@dA�Z3dBdC�Z4dDdE�Z5GdFdG�dGe2�Z6GdHdI�dIe7�Z8GdJdK�dKe2�Z9GdLdM�dMe2�Z:GdNdO�dOe�Z;d
S)P�N)
�defaultdict)
�dsdb)
�nttime2unix)�Command�SuperCommand�CommandError�Option)
�SamDB)
�	dot_graph)�distance_matrix�COLOUR_SETS)
�full_matrix)�
SCOPE_BASE�
SCOPE_SUBTREE�LdbError)�KCC�ldif_import_export)
�KCCError)�get_partition_maps�
get_partition�get_own_cursor�get_utdv�get_utdv_edges�get_utdv_distances�get_utdv_max_distance�get_kcc_and_dsasz-Hz--URLz%LDB URL for database or target server�URL�
H)�help�type�metavar�destz-oz--outputzwrite here (default stdout)�FILE)rrr �defaultz
--distancez&Distance matrix graph output (default)�format�distance�store_const)rr!�const�actionz--utf8zUse utf-8 Unicode characters�
store_true)rr(z--colorzuse color (yes, no, auto))�yes�no�auto)r�choicesz--color-schemez,use this colour scheme (implies --color=yes)z-Sz--shorten-namesz don't print long common suffixesF)rr(r#z-rz--talk-to-remotezquery other DCs' databasesz--no-keyzomit the explanatory key�store_falseT�key)rr(r#r!z--dotzGraphviz dot output�dotz--xdotzattempt to call Graphviz xdot�xdot�__temp__c@s\eZ
dZd
ZdZejejejd�Z	e
eZdZ
dd�Zdd	d
�
Zdd�Zd
d�Zdd�ZdS)�GraphCommandz Base class for graphing commandsz%prog [options])�	sambaopts�versionopts�credopts�cCs(|��}|j
|d
d�}t|
||d�}|S)NT�
�fallback_machine)�url�credentials�lp)�get_loadparm�get_credentialsr	)�selfrr4r6r<�creds�samdbr7r7�8/usr/lib/python3/dist-packages/samba/netcmd/visualize.py�get_db_s



zGraphCommand.get_dbN�.dotcCsr|d
us|dkrt|
|j
d�
d
S|tur)tjd|d�\}}t|d�}t�|�

nt|d�}|�|
�

|��
|S)a�
Decide whether we're dealing with a filename, a tempfile, or
        stdout, and write accordingly.

        :param s: the string to write
        :param fn: a destination
        :param suffix: suffix, if destination is a tempfile

        If fn is None or "-", write to stdout.
        If fn is visualize.TEMP_FILE, write to a temporary file
        Otherwise fn should be a filename to write to.
        N�
-�
�file�samba-tool-visualise)�prefix�suffix�
w)	�print�outf�	TEMP_FILE�tempfile�mkstemp�open�os�close�write)r?�
s�fnrJ�fd�
fr7r7rBrTes



�





zGraphCommand.writecCs.|
s|r
|���
d
�
r
dSdS|
dkrdS|
S)z5Heuristics to work out what output format was wanted.rDr0r%r1)�lower�endswith)r?r$�outputr7r7rB�calc_output_format�s

zGraphCommand.calc_output_formatcCsL|dur|�|
t
�}n|�|
|�}tj�d
d�}t�||g�

t�|�

dS)N�SAMBA_TOOL_XDOT_PATHz
/usr/bin/xdot)rTrNrR�environ�get�
subprocess�call�remove)r?rUr[rVr1r7r7rB�	call_xdot�s




zGraphCommand.call_xdotcCsn|
d
krdS|
dkr$t|t
�r|dkrdSt|jd�sdS|j��s$dS|dur5dtj�dd�vr3d	Sd
S|S)z�Heuristics to work out the colour scheme for distance matrices.
        Returning None means no colour, otherwise it sould be a colour
        from graph.COLOUR_SETSr+Nr,rE�isatty�256color�TERM�zxterm-256color-heatmap�ansi)�
isinstance�str�hasattrrMrdrRr^r_)r?�color�color_schemer[r7r7rB�calc_distance_color_scheme�s









z'GraphCommand.calc_distance_color_scheme)NrD)�__name__�
__module__�__qualname__�__doc__�synopsis�options�SambaOptions�VersionOptions�CredentialsOptions�takes_optiongroups�COMMON_OPTIONS�DOT_OPTIONS�
takes_options�
takes_argsrCrTr\rcrnr7r7r7rBr3Ss


�

	r3c
Cst�
d
|�}
|
r
|
�d�
S|S)zFHelper function for sorting and grouping DNs by site, if
    possible.z$CN=Servers,CN=\s*([^,]+)\s*,CN=Sites�
)�re�search�group)�dn�
mr7r7rB�get_dnstr_site�s


r�c

Cst|d
�
S)z\Helper function for sorting and grouping lists of (DN, ...) tuples
    by site, if possible.r
)
r�)
�
tr7r7rB�get_dnstrlist_site�sr�c
CsPd
dlm
}

t|�
}t|t�r|�d�
}t|
|�
��dd�dd�d@}d	|S)
zQGenerate a randomish but consistent darkish colour based on the
    given object.r
)
�md5�utf8N��)
�baseiz#%06x)�hashlibr�rjri�encode�int�	hexdigest)�
xr��tmp_str�
cr7r7rB�colour_hash�s




 

r�c@s>eZ
dZd
Zeeeddddd�g
Z					dd
d�
ZdS)
�cmd_repszrepsFrom/repsTo from every DSA�-p�--partition�restrict to this partitionN�rr#FTr?c@Cs�|��}|j
|d
d�}t|
||�\}}|j}t|j|
�}
tdd��
}i}|D�
]}t|d
d�}|r�|jj|t	dg
d�}t
|ddd�
}td	||ftj
d
�
z|�d|||�
Wntyx
}
ztd||ftj
d
�
WYd}~q&d}~w
w|�|
||�
n|�|
||�
|j|
|||d
�
t|���
}||kr�tdtj
d
�
||D]}td|tj
d
�
q�td|tj
d
�
||D]}td|tj
d
�
q�|D]j}|	dkr�||kr�q�|	dkr�||kr�q�|�d|�
}|�|�

||t
|j�
<|��\} }!| ��D]\}"}#|
du�
s|"|
k�
r||"d�||#f�

q�|!��D]\}"}#|
du�
s*|"|
k�
r5||"d�||#f�

�
qq�q&ggd�ggd�d�}$t|j�
\}%}&|��D]K\}'}"|$��D]A\}(})|"|(D]7\}}#|&�|'|'�}*|#jD]}+|)d�||t
|+j�
|*f�

�
ql|#jD]}+|)d�|t
|+j�
||*f�

�
q��
q_�
qW�
qO|�||�dk�r
|�|||�}ddd�},|$��D]J\}(})|)��D]@\}-}.tt �
}/|.D]\}0}1}"|/|"�|0|1f�

�
q�|/��D] \}"}2t!d|2|
|||t"d�}3d|,|-|"|3f}3|�#|3|�
�
qڐ
q��
q�dSg}4g}5g}6t�}7i}8t�}9|$��D]b\}(}:|:��D]X\}-}.|.D]P\}0}1}"|8�$|"t%|"|-f�
�};|(dk�r7d n
d!}<|-dk�r@d"n
d#}=|7�&|0�

|7�&|1�

|6�|0|1f�

|4�|;�

d$|<|=f}>|5�|>�

|9�&|"d%|-�'�|;|>f�

�q!�q�qg}?|�r�t(|9�
D]\}"}-};}<|?�d&d'|;|<fd(|"|-ff�

�q|?�d)�

|?�d*�

t)|7|6d
|4|5||?d+�}3|d,k�r�|�*|3|�
dS|�#|3|�
dS)-NTr8cSstt
�
S)
N)r�listr7r7r7rB�<lambda>�szcmd_reps.run.<locals>.<lambda>)
�readonly�dNSHostName��scope�attrsr
z$Attempting to contact ldap://%s (%s)rF�	ldap://%s� Could not contact ldap://%s (%s))
�forced_local_dsazfound extra DSAs:z   %sz(missing DSAs (known locally, not by %s):�othersr?�CN=NTDS Settings,�current�needed)�to�from)r�r�r�r�r%zRepsFrom objects for %szRepsTo objects for %s)r�r�)r��colour�
shorten_names�generate_key�grouping_functionz
%s
%s�dotted�solidrQ�emptyzstyle="%s"; arrowhead=%s�repsFzcolor="%s"; %sz%s %s)Fz style="dotted"; arrowhead="open"zrepsFromTo is needed)Fzstyle="solid"; arrowhead="open"zrepsFromTo currently exists)�directed�edge_colors�edge_stylesr��	key_itemsr1)+r=r>r�unix_nowrrArrrrrjrL�sys�stderr�
load_samdbr�run�set�	list_dsas�get_dsa�translate_ntdsconn�dsa_guid�get_rep_tables�items�appendrr_�rep_repsFrom�source_dsa_obj_guid�
rep_repsTor\rnr�rr�rT�
setdefaultr��add�title�sortedr
rc)@r?rr[r�r/�talk_to_remoter4r6r5�mode�	partitionrlrmr�r$r1r<r@�	local_kcc�dsasr��nc_reps�
guid_to_dnstr�dsa_dn�kcc�res�dns_name�
e�dsas_from_here�dsa�	remote_dn�
remote_dsar��
n�part�rep�	all_edges�short_partitions�long_partitions�partname�state�	edgelists�
short_name�
r�header_strings�	directionr��
part_edges�srcr!�edgesrU�edge_coloursr��	dot_edges�dot_vertices�used_colours�key_set�edgelistr��	linestyle�arrow�styler�r7r7rBr��s<









�

��



���






�










�


���
�








��




�����


�
�










�
��










��













���







�






�

zcmd_reps.run)NNFTFNNNr?NNNNNF)	rorprqrrryrzrr{r�r7r7r7rBr��s


��



�r�c@s eZ
dZd
Zdd�Zdd�ZdS)�NTDSConnzXCollects observation counts for NTDS connections, so we know
    whether all DSAs agree.cCs"d
|_d|_
d|_|
|_||_dS)Nr
F)�observations�src_attests�dest_attestsr�r!)r?r�r!r7r7rB�__init__�
s






zNTDSConn.__init__cCs6|jd
7_|
|j
krd|_|
|jkrd|_dSdS)Nr}T)r�r�r�r!r�)r?�attesterr7r7rB�attest�
s







�zNTDSConn.attestN)rorprqrrr�r�r7r7r7rBr��
s
r�c@sFeZ
dZd
Zeeedddd�g
Zdd�Z						dd
d�
Z	dS)
�cmd_ntdsconnzDraw the NTDSConnection graphz--importldifz#graph from samba_kcc generated ldifNr�cCs2tj
d
d�
}tj�|d�}||_t�|||
�}|S)NrH)
rIzimported.ldb)rO�mkdtemprR�path�join�_tmp_fn_to_deleter�
ldif_to_samdb)r?�ldifr<�
drVrAr7r7rB�import_ldif_db�
s





zcmd_ntdsconn.import_ldif_dbFTc;Csp|��}|
dur|j
|d
d�}nd}|�|
|�}
t|
||�\}}|j�dd�d}t�}g}|D]�}|rx|jj|t	dg
d�}|ddd}z|�
d|||�}Wntyn
}
ztd	||ft
jd
�
WYd}~q0d}~w
w|��}|��}n
|�
|
||�}d|}|}|j|t	dg
d�}|dddd
k}|�||r�dn
df�

|j|tddg
dg
d�}|D] }t|j�
}||�d�
dd�} |�t|dd�
| |f�

q�q0|
r�|
|jkr�t�|
�

t�tj�|
�
�

i}!|D]\}"}#}$|"|#f}%|%|!vr�|!|%}nt|%�}||!|%<|�|$�

q�tt |�
�\}}&|�!||�dk�
r�|�"|	|
|�}
t#|
}'|'�$dd�}(|'�$dd�})g}*d|&v�
r@|*�d�

|�
sL|!�%�}+d|},nwg}+g}-g}.g}/|!�&�D])\}}0|0j'�
rp|+�|�

|0j(�
sn|-�|�

�
qX|0j(�
r{|.�|�

�
qX|/�|�

�
qXd},|/�
r�|*�d�

|/D]
}|*�d|�

�
q�|.�
r�|*�d�

|.D]
}|*�d|�

�
q�|-�
r�|*�d�

|-D]
}|*�d|�

�
q�t)||+||
||t*|&d�}1d�+|*�
}*|*�
r�d|(|)|*f}*|�,d |,|1|*f|�
dSg}2g}3g}4g}5t-|�
}6t |!�&��
D]T\}%}|2�|%�

|j.|6k�s|�s|3�d!�

|4�d�

�
q�|j'�r6|4�d�

|j(�r/|3�d"�

�
q�|3�d#�

�
q�|j(�rF|3�d$�

|4�d%�

�
q�|3�d$�

|4�d&�

�
q�g}7|�r�|7�d'�

d(D]\}8}9|8|3v�rq|7�d)d*|8|9f�

�q^d+D]\}:}9|:|4v�r�|7�d)d,|:|9f�

�qu|�r�d-},nd|},t/t |�
|2d
|,|3|5|4||7d.�	}1|d/k�r�|�0|1|�
dS|�,|1|�
dS)0NTr8�
,r}r�r�r
r�r�rFr�zmsDS-isRODC�TRUE�RODCrgz(objectClass=nTDSConnection)�
fromServerzsearch_options:0:2)r��
expressionr��controlsr%�header�resetz/No outbound connections are expected from RODCszNTDS Connections known to %sz-NTDS Connections known to each destination DCzTThe following connections are alleged by DCs other than the source and destination:
z  %s -> %s
zbThe following connections are alleged by DCs other than the destination but including the source:
zRThe following connections (included in the chart) are not known to the source DC:
)r�r�r�r�r��row_commentsz
%sNOTES%s
%sz

%s

%s
%sz#000000�#0000ff�#cc00ffz#ff0000�style=dashed�style=dotted)Fzcolor="#000000"zNTDS Connection))r

zmissing from some DCs)r
zmissing from source DCFz
color="%s"))r
zunknown to destination)r

z!unknown to source and destinationzcolor="#ff0000; %s"zNTDS Connections)r�r�r��edge_labelsr�r�r�r1)1r=r>r
r�my_dsa_dnstr�splitr�rArrrCrrLr�r��get_dsServiceName�	domain_dnr�rrjr��indexr�r�rRrb�rmdirr��dirnamer�r��zipr�r\rnrr_�keysr�r�r�rr�r�rT�lenr�r
rc);r?rr[r�r/r�r4r6r5rlrmr�r$�
importldifr1r<r@r�r��local_dsa_dn�vertices�attested_edgesr�r�r�rAr��ntds_dnr��is_rodc�msg�msgdn�dest_dnr�r�r!r��
k�rodc_status�colours�c_header�c_reset�epilog�graph_edgesr��
source_denies�dest_denies�	both_deny�connrUr�r�r�r
�	n_serversr�r��descr�r7r7rBr��
sZ











�


�

���





�


�	




��












�

















�


















�




�

��


























�



��








�
	
zcmd_ntdsconn.run)NNFTFNNNNNNNNF)
rorprqrrryrzrr{r
r�r7r7r7rBr��
s



��




�r�c@sJeZ
dZd
Zeeddddd�edded	d
�gZ						dd
d�
ZdS)�cmd_uptodatenesszvisualize uptodateness vectorsr�r�r�Nr�z--max-digits�z,display this many digits of out-of-date-ness)r#rrFTc
Cs
|std
|j
d�
dS|��}|j|dd�}t|
||�\}}|j|_t|j|�}t|j�
\}}|�|	|
|�}
|�	�D]G\}}||dfv
rEq:t
|||||�}t||�}t|�
}t
|tt|�
�
�}|dkred}d|}t|||
||t||ddd	�
}|�d
||f|�
q:dS)Nz>this won't work without talking to the remote servers (use -r)rFTr8r}�
�DCzout-of-date-ness)	r�r�r�r�r��colour_scale�digits�ylabel�xlabelz
%s

%s)rLrMr=r>rrArrrnr�rrr�minr
rjr
r�rT)r?rr[r�r/r�r4r6r5rlrmr�r$r
r1r��
max_digitsr<r@r�r�r�r��	part_name�part_dn�
utdv_edges�	distances�max_distancer4
�c_scalerUr7r7rBr��sL

�






�














��zcmd_uptodateness.run)NNFTFNNNNNFNNFNr0
)	rorprqrrryrr�r{r�r7r7r7rBr/
�s"


�
��




�r/
c@sDeZ
dZd
ZiZe���D]\ZZe�	d�
re�eedd�<q
dS)�
cmd_visualizez:Produces graphical representations of Samba network state.�cmd_�N)
rorprqrr�subcommands�globalsr�r"
�
v�
startswithr7r7r7rBr?
�s




��r?
)<rRr��collectionsrr`rO�samba.getopt�getoptrt�sambarr�samba.netcmdrrrr�samba.samdbr	�samba.graphr
rrr
�ldbrrr�timer~�	samba.kccrr�samba.kcc.kcc_utilsr�samba.uptodatenessrrrrrrrrrjr�r
ryrzrNr3r�r�r�r��objectr�r�r/
r?
r7r7r7rB�<module>
s�















(

�
�
�
�
�
�

�
�
��
�
��^
5p?