source4/scripting/bin/samba_kcc

   1 #!/usr/bin/env python
   2 #
   3 # Compute our KCC topology
   4 #
   5 # Copyright (C) Dave Craft 2011
   6 # Copyright (C) Andrew Bartlett 2015
   7 #
   8 # Andrew Bartlett's alleged work performed by his underlings Douglas
   9 # Bagnall and Garming Sam.
  10 #
  11 # This program is free software; you can redistribute it and/or modify
  12 # it under the terms of the GNU General Public License as published by
  13 # the Free Software Foundation; either version 3 of the License, or
  14 # (at your option) any later version.
  15 #
  16 # This program is distributed in the hope that it will be useful,
  17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19 # GNU General Public License for more details.
  20 #
  21 # You should have received a copy of the GNU General Public License
  22 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  23
  24 import os
  25 import sys
  26 import random
  27
  28 # ensure we get messages out immediately, so they get in the samba logs,
  29 # and don't get swallowed by a timeout
  30 os.environ['PYTHONUNBUFFERED'] = '1'
  31
  32 # forcing GMT avoids a problem in some timezones with kerberos. Both MIT
  33 # heimdal can get mutual authentication errors due to the 24 second difference
  34 # between UTC and GMT when using some zone files (eg. the PDT zone from
  35 # the US)
  36 os.environ["TZ"] = "GMT"
  37
  38 # Find right directory when running from source tree
  39 sys.path.insert(0, "bin/python")
  40
  41 import optparse
  42 import time
  43
  44 from samba import getopt as options
  45
  46 from samba.kcc.graph_utils import verify_and_dot, list_verify_tests
  47 from samba.kcc.graph_utils import GraphError
  48
  49
  50 import logging
  51 from samba.kcc.debug import logger, DEBUG, DEBUG_FN
  52 from samba.kcc import KCC
  53
  54
  55 def test_all_reps_from(lp, creds, unix_now, rng_seed=None):
  56     # This implies readonly and attempt_live_connections
  57     kcc = KCC(unix_now, readonly=True,
  58               verify=opts.verify, debug=opts.debug,
  59               dot_file_dir=opts.dot_file_dir)
  60     kcc.load_samdb(opts.dburl, lp, creds)
  61     dsas = kcc.list_dsas()
  62     needed_parts = {}
  63     current_parts = {}
  64
  65     guid_to_dnstr = {}
  66     for site in kcc.site_table.values():
  67         guid_to_dnstr.update((str(dsa.dsa_guid), dnstr)
  68                              for dnstr, dsa in site.dsa_table.items())
  69
  70     dot_edges = []
  71     dot_vertices = []
  72     colours = []
  73     vertex_colours = []
  74
  75     for dsa_dn in dsas:
  76         if rng_seed:
  77             random.seed(rng_seed)
  78         kcc = KCC(unix_now, readonly=True,
  79                   verify=opts.verify, debug=opts.debug,
  80                   dot_file_dir=opts.dot_file_dir)
  81         kcc.run(opts.dburl, lp, creds, forced_local_dsa=dsa_dn,
  82                 forget_local_links=opts.forget_local_links,
  83                 forget_intersite_links=opts.forget_intersite_links,
  84                 attempt_live_connections=opts.attempt_live_connections)
  85
  86         current, needed = kcc.my_dsa.get_rep_tables()
  87
  88         for dsa in kcc.my_site.dsa_table.values():
  89             if dsa is kcc.my_dsa:
  90                 continue
  91             kcc.translate_ntdsconn(dsa)
  92             c, n = dsa.get_rep_tables()
  93             current.update(c)
  94             needed.update(n)
  95
  96         for name, rep_table, rep_parts in (
  97                 ('needed', needed, needed_parts),
  98                 ('current', current, current_parts)):
  99             for part, nc_rep in rep_table.items():
 100                 edges = rep_parts.setdefault(part, [])
 101                 for reps_from in nc_rep.rep_repsFrom:
 102                     source = guid_to_dnstr[str(reps_from.source_dsa_obj_guid)]
 103                     dest = guid_to_dnstr[str(nc_rep.rep_dsa_guid)]
 104                     edges.append((source, dest))
 105
 106         for site in kcc.site_table.values():
 107             for dsa in site.dsa_table.values():
 108                 if dsa.is_ro():
 109                     vertex_colours.append('#cc0000')
 110                 else:
 111                     vertex_colours.append('#0000cc')
 112                 dot_vertices.append(dsa.dsa_dnstr)
 113                 if dsa.connect_table:
 114                     DEBUG_FN("DSA %s %s connections:\n%s" %
 115                              (dsa.dsa_dnstr, len(dsa.connect_table),
 116                               [x.from_dnstr for x in
 117                                dsa.connect_table.values()]))
 118                 for con in dsa.connect_table.values():
 119                     if con.is_rodc_topology():
 120                         colours.append('red')
 121                     else:
 122                         colours.append('blue')
 123                     dot_edges.append((con.from_dnstr, dsa.dsa_dnstr))
 124
 125     verify_and_dot('all-dsa-connections', dot_edges, vertices=dot_vertices,
 126                    label="all dsa NTDSConnections", properties=(),
 127                    debug=DEBUG, verify=opts.verify,
 128                    dot_file_dir=opts.dot_file_dir,
 129                    directed=True, edge_colors=colours,
 130                    vertex_colors=vertex_colours)
 131
 132     for name, rep_parts in (('needed', needed_parts),
 133                             ('current', current_parts)):
 134         for part, edges in rep_parts.items():
 135             verify_and_dot('all-repsFrom_%s__%s' % (name, part), edges,
 136                            directed=True, label=part,
 137                            properties=(), debug=DEBUG, verify=opts.verify,
 138                            dot_file_dir=opts.dot_file_dir)
 139
 140 ##################################################
 141 # samba_kcc entry point
 142 ##################################################
 143
 144
 145 parser = optparse.OptionParser("samba_kcc [options]")
 146 sambaopts = options.SambaOptions(parser)
 147 credopts = options.CredentialsOptions(parser)
 148
 149 parser.add_option_group(sambaopts)
 150 parser.add_option_group(credopts)
 151 parser.add_option_group(options.VersionOptions(parser))
 152
 153 parser.add_option("--readonly", default=False,
 154                   help="compute topology but do not update database",
 155                   action="store_true")
 156
 157 parser.add_option("--debug",
 158                   help="debug output",
 159                   action="store_true")
 160
 161 parser.add_option("--verify",
 162                   help="verify that assorted invariants are kept",
 163                   action="store_true")
 164
 165 parser.add_option("--list-verify-tests",
 166                   help=("list what verification actions are available "
 167                         "and do nothing else"),
 168                   action="store_true")
 169
 170 parser.add_option("--dot-file-dir", default=None,
 171                   help="Write Graphviz .dot files to this directory")
 172
 173 parser.add_option("--seed",
 174                   help="random number seed",
 175                   type=int)
 176
 177 parser.add_option("--importldif",
 178                   help="import topology ldif file",
 179                   type=str, metavar="<file>")
 180
 181 parser.add_option("--exportldif",
 182                   help="export topology ldif file",
 183                   type=str, metavar="<file>")
 184
 185 parser.add_option("-H", "--URL",
 186                   help="LDB URL for database or target server",
 187                   type=str, metavar="<URL>", dest="dburl")
 188
 189 parser.add_option("--tmpdb",
 190                   help="schemaless database file to create for ldif import",
 191                   type=str, metavar="<file>")
 192
 193 parser.add_option("--now",
 194                   help=("assume current time is this ('YYYYmmddHHMMSS[tz]',"
 195                         " default: system time)"),
 196                   type=str, metavar="<date>")
 197
 198 parser.add_option("--forced-local-dsa",
 199                   help="run calculations assuming the DSA is this DN",
 200                   type=str, metavar="<DSA>")
 201
 202 parser.add_option("--attempt-live-connections", default=False,
 203                   help="Attempt to connect to other DSAs to test links",
 204                   action="store_true")
 205
 206 parser.add_option("--list-valid-dsas", default=False,
 207                   help=("Print a list of DSA dnstrs that could be"
 208                         " used in --forced-local-dsa"),
 209                   action="store_true")
 210
 211 parser.add_option("--test-all-reps-from", default=False,
 212                   help="Create and verify a graph of reps-from for every DSA",
 213                   action="store_true")
 214
 215 parser.add_option("--forget-local-links", default=False,
 216                   help="pretend not to know the existing local topology",
 217                   action="store_true")
 218
 219 parser.add_option("--forget-intersite-links", default=False,
 220                   help="pretend not to know the existing intersite topology",
 221                   action="store_true")
 222
 223
 224 opts, args = parser.parse_args()
 225
 226
 227 if opts.list_verify_tests:
 228     list_verify_tests()
 229     sys.exit(0)
 230
 231 if opts.debug:
 232     logger.setLevel(logging.DEBUG)
 233 elif opts.readonly:
 234     logger.setLevel(logging.INFO)
 235 else:
 236     logger.setLevel(logging.WARNING)
 237
 238 # initialize seed from optional input parameter
 239 if opts.seed:
 240     random.seed(opts.seed)
 241 else:
 242     random.seed(0xACE5CA11)
 243
 244 if opts.now:
 245     for timeformat in ("%Y%m%d%H%M%S%Z", "%Y%m%d%H%M%S"):
 246         try:
 247             now_tuple = time.strptime(opts.now, timeformat)
 248             break
 249         except ValueError:
 250             pass
 251     else:
 252         # else happens if break doesn't --> no match
 253         print >> sys.stderr, "could not parse time '%s'" % opts.now
 254         sys.exit(1)
 255     unix_now = int(time.mktime(now_tuple))
 256 else:
 257     unix_now = int(time.time())
 258
 259 lp = sambaopts.get_loadparm()
 260 creds = credopts.get_credentials(lp, fallback_machine=True)
 261
 262 if opts.dburl is None:
 263     opts.dburl = lp.samdb_url()
 264
 265 if opts.test_all_reps_from:
 266     opts.readonly = True
 267     rng_seed = opts.seed or 0xACE5CA11
 268     test_all_reps_from(lp, creds, unix_now, rng_seed=rng_seed)
 269     sys.exit()
 270
 271 # Instantiate Knowledge Consistency Checker and perform run
 272 kcc = KCC(unix_now, readonly=opts.readonly, verify=opts.verify,
 273           debug=opts.debug, dot_file_dir=opts.dot_file_dir)
 274
 275
 276 if opts.exportldif:
 277     rc = kcc.export_ldif(opts.dburl, lp, creds, opts.exportldif)
 278     sys.exit(rc)
 279
 280 if opts.importldif:
 281     if opts.tmpdb is None or opts.tmpdb.startswith('ldap'):
 282         logger.error("Specify a target temp database file with --tmpdb option")
 283         sys.exit(1)
 284
 285     rc = kcc.import_ldif(opts.tmpdb, lp, creds, opts.importldif)
 286     if rc != 0:
 287         sys.exit(rc)
 288
 289 if opts.list_valid_dsas:
 290     kcc.load_samdb(opts.dburl, lp, creds)
 291     print '\n'.join(kcc.list_dsas())
 292     sys.exit()
 293
 294 try:
 295     rc = kcc.run(opts.dburl, lp, creds, opts.forced_local_dsa,
 296                  opts.forget_local_links, opts.forget_intersite_links,
 297                  attempt_live_connections=opts.attempt_live_connections)
 298     sys.exit(rc)
 299
 300 except GraphError, e:
 301     print e
 302     sys.exit(1)