2009-12-28 01:04:33 +01:00
# Unix SMB/CIFS implementation.
2012-09-25 22:34:36 +02:00
# Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2009-2012
2011-05-19 16:17:07 -04:00
# Copyright (C) Theresa Halloran <theresahalloran@gmail.com> 2011
2009-12-28 01:04:33 +01:00
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
2023-05-16 14:35:41 +12:00
import json
2018-07-30 18:21:38 +12:00
import optparse
2023-05-16 14:24:27 +12:00
import sys
import textwrap
import traceback
2018-07-30 18:21:38 +12:00
import samba
2023-05-16 14:24:27 +12:00
from ldb import ERR_INVALID_CREDENTIALS , LdbError
2018-04-19 14:15:25 +12:00
from samba import colour
2023-05-16 13:54:59 +12:00
from samba . auth import system_session
2023-10-19 15:05:56 +13:00
from samba . getopt import Option , OptionParser
2018-08-21 12:08:59 +12:00
from samba . logger import get_samba_logger
2023-05-16 13:54:59 +12:00
from samba . samdb import SamDB
2023-10-27 13:16:56 +13:00
from samba . dcerpc . security import SDDLValueError
2009-12-28 13:53:18 +01:00
2023-05-16 14:35:41 +12:00
from . encoders import JSONEncoder
2023-05-16 11:47:45 +12:00
2018-07-30 18:20:39 +12:00
2011-11-02 10:33:12 -04:00
class PlainHelpFormatter ( optparse . IndentedHelpFormatter ) :
2023-10-05 13:42:14 +13:00
""" This help formatter does text wrapping and preserves newlines. """
2018-07-30 18:19:05 +12:00
def format_description ( self , description = " " ) :
2018-07-30 18:13:57 +12:00
desc_width = self . width - self . current_indent
2018-07-30 18:18:25 +12:00
indent = " " * self . current_indent
2018-07-30 18:13:57 +12:00
paragraphs = description . split ( ' \n ' )
wrapped_paragraphs = [
textwrap . fill ( p ,
2018-07-30 18:16:12 +12:00
desc_width ,
initial_indent = indent ,
subsequent_indent = indent )
2018-07-30 18:13:57 +12:00
for p in paragraphs ]
result = " \n " . join ( wrapped_paragraphs ) + " \n "
return result
2011-11-02 10:33:12 -04:00
2012-10-08 12:45:20 +02:00
def format_epilog ( self , epilog ) :
if epilog :
return " \n " + epilog + " \n "
else :
return " "
2009-12-28 13:53:18 +01:00
2018-07-30 18:20:39 +12:00
2009-12-28 01:04:33 +01:00
class Command ( object ) :
2011-07-18 18:34:45 -04:00
""" A samba-tool command. """
2011-10-13 23:08:32 +02:00
def _get_short_description ( self ) :
2009-12-28 16:05:04 +01:00
return self . __doc__ . splitlines ( ) [ 0 ] . rstrip ( " \n " )
2009-12-28 13:53:18 +01:00
2011-10-13 23:08:32 +02:00
short_description = property ( _get_short_description )
def _get_full_description ( self ) :
lines = self . __doc__ . split ( " \n " )
return lines [ 0 ] + " \n " + textwrap . dedent ( " \n " . join ( lines [ 1 : ] ) )
2009-12-28 13:53:18 +01:00
2011-10-13 23:08:32 +02:00
full_description = property ( _get_full_description )
2011-10-13 23:16:58 +02:00
def _get_name ( self ) :
name = self . __class__ . __name__
if name . startswith ( " cmd_ " ) :
return name [ 4 : ]
return name
name = property ( _get_name )
2011-10-13 23:08:32 +02:00
# synopsis must be defined in all subclasses in order to provide the
# command usage
synopsis = None
2011-07-28 14:21:40 -04:00
takes_args = [ ]
takes_options = [ ]
2012-02-06 16:33:38 +01:00
takes_optiongroups = { }
2011-11-02 16:39:47 +01:00
2012-09-25 22:34:36 +02:00
hidden = False
2022-09-09 14:48:29 +12:00
use_colour = True
2022-09-09 14:38:18 +12:00
requested_colour = None
2012-09-25 22:34:36 +02:00
2012-09-10 14:02:19 +02:00
raw_argv = None
raw_args = None
raw_kwargs = None
2022-09-07 16:33:33 +12:00
def _set_files ( self , outf = None , errf = None ) :
if outf is not None :
self . outf = outf
if errf is not None :
self . errf = errf
2011-11-02 16:39:47 +01:00
def __init__ ( self , outf = sys . stdout , errf = sys . stderr ) :
2022-09-07 16:33:33 +12:00
self . _set_files ( outf , errf )
2009-12-28 01:04:33 +01:00
2018-10-26 20:20:55 +13:00
def usage ( self , prog = None ) :
2011-10-13 23:27:22 +02:00
parser , _ = self . _create_parser ( prog )
2009-12-28 16:48:07 +01:00
parser . print_usage ( )
2009-12-28 01:21:27 +01:00
2022-09-09 15:08:30 +12:00
def _print_error ( self , msg , evalue = None , klass = None ) :
err = colour . c_DARK_RED ( " ERROR " )
klass = ' ' if klass is None else f ' ( { klass } ) '
if evalue is None :
print ( f " { err } { klass } : { msg } " , file = self . errf )
else :
print ( f " { err } { klass } : { msg } - { evalue } " , file = self . errf )
2023-10-27 13:16:56 +13:00
def _print_sddl_value_error ( self , e ) :
generic_msg , specific_msg , position , sddl = e . args
print ( f " { colour . c_DARK_RED ( ' ERROR ' ) } : { generic_msg } \n " ,
file = self . errf )
print ( f ' { sddl } ' , file = self . errf )
# If the SDDL contains non-ascii characters, the byte offset
# provided by the exception won't agree with the visual offset
# because those characters will be encoded as multiple bytes.
#
# To account for this we'll attempt to measure the string
# length of the specified number of bytes. That is not quite
# the same as the visual length, because the SDDL could
# contain zero-width, full-width, or combining characters, but
# it is closer.
try :
position = len ( ( sddl . encode ( ) [ : position ] ) . decode ( ) )
except ValueError :
# use the original position
pass
print ( f " { colour . c_DARK_YELLOW ( ' ^ ' ) : > { position + 2 } } " , file = self . errf )
print ( f ' { specific_msg } ' , file = self . errf )
2023-10-06 15:49:27 +13:00
def ldb_connect ( self , hostopts , sambaopts , credopts ) :
2023-05-16 13:54:59 +12:00
""" Helper to connect to Ldb database using command line opts. """
lp = sambaopts . get_loadparm ( )
creds = credopts . get_credentials ( lp )
2023-10-06 15:49:27 +13:00
return SamDB ( hostopts . H , credentials = creds ,
2023-05-16 13:54:59 +12:00
session_info = system_session ( lp ) , lp = lp )
2023-05-16 14:35:41 +12:00
def print_json ( self , data ) :
""" Print json on the screen using consistent formatting and sorting.
A custom JSONEncoder class is used to help with serializing unknown
objects such as Dn for example .
"""
json . dump ( data , self . outf , cls = JSONEncoder , indent = 2 , sort_keys = True )
self . outf . write ( " \n " )
2010-11-29 14:11:57 +11:00
def show_command_error ( self , e ) :
2023-05-16 13:39:12 +12:00
""" display a command error """
2010-11-29 14:11:57 +11:00
if isinstance ( e , CommandError ) :
( etype , evalue , etraceback ) = e . exception_info
inner_exception = e . inner_exception
message = e . message
force_traceback = False
else :
( etype , evalue , etraceback ) = sys . exc_info ( )
inner_exception = e
message = " uncaught exception "
force_traceback = True
2023-10-06 12:39:30 +13:00
if isinstance ( e , optparse . OptParseError ) :
2022-09-01 15:32:07 +12:00
print ( evalue , file = self . errf )
self . usage ( )
force_traceback = False
elif isinstance ( inner_exception , LdbError ) :
2018-05-04 11:28:46 +01:00
( ldb_ecode , ldb_emsg ) = inner_exception . args
samba-tool: reduce repetitious jargon on credentials failure
We already print the following due to DBG_ERR()s:
cli_credentials_failed_kerberos_login: krb5_cc_get_principal failed: No such file or directory
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
Failed to connect to 'ldap://10.53.57.30' with backend 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
We don't *really* need to follow that with:
ERROR(ldb): LDAP connection to ldap://10.53.57.30 failed - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
rather we can say:
Bad username or password.
Also, we don't really need to print a traceback, which we seem to do
for some commands and not others.
Maybe *sometimes* "bad username or password" might be technically
incorrect (e.g. --simple-bind-dn), but in those cases the user is
already behaving strangely, and they will still see the
LDAP_INVALID_CREDENTIALS twice. Kerberos failures don't come this way.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9608
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-08-19 10:12:07 +12:00
if ldb_ecode == ERR_INVALID_CREDENTIALS :
print ( " Invalid username or password " , file = self . errf )
force_traceback = False
2022-08-19 17:06:48 +12:00
elif ldb_emsg == ' LDAP client internal error: NT_STATUS_NETWORK_UNREACHABLE ' :
print ( " Could not reach remote server " , file = self . errf )
force_traceback = False
2022-09-09 16:13:12 +12:00
elif ldb_emsg . startswith ( " Unable to open tdb " ) :
self . _print_error ( message , ldb_emsg , ' ldb ' )
force_traceback = False
samba-tool: reduce repetitious jargon on credentials failure
We already print the following due to DBG_ERR()s:
cli_credentials_failed_kerberos_login: krb5_cc_get_principal failed: No such file or directory
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
Failed to connect to 'ldap://10.53.57.30' with backend 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
We don't *really* need to follow that with:
ERROR(ldb): LDAP connection to ldap://10.53.57.30 failed - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
rather we can say:
Bad username or password.
Also, we don't really need to print a traceback, which we seem to do
for some commands and not others.
Maybe *sometimes* "bad username or password" might be technically
incorrect (e.g. --simple-bind-dn), but in those cases the user is
already behaving strangely, and they will still see the
LDAP_INVALID_CREDENTIALS twice. Kerberos failures don't come this way.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9608
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-08-19 10:12:07 +12:00
else :
2022-09-09 15:08:30 +12:00
self . _print_error ( message , ldb_emsg , ' ldb ' )
2022-09-09 16:13:12 +12:00
2023-10-27 13:16:56 +13:00
elif isinstance ( inner_exception , SDDLValueError ) :
self . _print_sddl_value_error ( inner_exception )
force_traceback = False
2010-11-29 14:11:57 +11:00
elif isinstance ( inner_exception , AssertionError ) :
2022-09-09 15:08:30 +12:00
self . _print_error ( message , klass = ' assert ' )
2010-11-29 14:11:57 +11:00
force_traceback = True
elif isinstance ( inner_exception , RuntimeError ) :
2022-09-09 15:08:30 +12:00
self . _print_error ( message , evalue , ' runtime ' )
2010-11-29 14:11:57 +11:00
elif type ( inner_exception ) is Exception :
2022-09-09 15:08:30 +12:00
self . _print_error ( message , evalue , ' exception ' )
2010-11-29 14:11:57 +11:00
force_traceback = True
elif inner_exception is None :
2022-09-09 15:08:30 +12:00
self . _print_error ( message )
2010-11-29 14:11:57 +11:00
else :
2022-09-09 15:08:30 +12:00
self . _print_error ( message , evalue , str ( etype ) )
2010-11-29 14:11:57 +11:00
if force_traceback or samba . get_debug_level ( ) > = 3 :
2016-11-28 14:30:43 +13:00
traceback . print_tb ( etraceback , file = self . errf )
2010-11-29 14:11:57 +11:00
2018-10-26 20:20:55 +13:00
def _create_parser ( self , prog = None , epilog = None ) :
2023-10-19 15:05:56 +13:00
parser = OptionParser (
2011-10-13 23:27:22 +02:00
usage = self . synopsis ,
description = self . full_description ,
2011-11-02 10:33:12 -04:00
formatter = PlainHelpFormatter ( ) ,
2023-10-05 12:05:17 +13:00
prog = prog ,
epilog = epilog ,
option_class = Option )
2009-12-28 16:48:07 +01:00
parser . add_options ( self . takes_options )
optiongroups = { }
2018-10-17 18:06:34 +01:00
for name in sorted ( self . takes_optiongroups . keys ( ) ) :
optiongroup = self . takes_optiongroups [ name ]
2009-12-28 16:48:07 +01:00
optiongroups [ name ] = optiongroup ( parser )
parser . add_option_group ( optiongroups [ name ] )
2022-09-09 14:48:29 +12:00
if self . use_colour :
parser . add_option ( " --color " ,
help = " use colour if available (default: auto) " ,
metavar = " always|never|auto " ,
default = " auto " )
2009-12-28 16:48:07 +01:00
return parser , optiongroups
2009-12-28 16:05:04 +01:00
def message ( self , text ) :
2018-07-30 18:18:25 +12:00
self . outf . write ( text + " \n " )
2009-12-28 13:53:18 +01:00
2022-09-07 16:33:33 +12:00
def _resolve ( self , path , * argv , outf = None , errf = None ) :
2022-09-07 15:34:23 +12:00
""" This is a leaf node, the command that will actually run. """
2022-09-07 16:33:33 +12:00
self . _set_files ( outf , errf )
2022-09-07 15:34:23 +12:00
self . command_name = path
return ( self , argv )
2009-12-28 13:53:18 +01:00
def _run ( self , * argv ) :
2022-09-07 15:34:23 +12:00
parser , optiongroups = self . _create_parser ( self . command_name )
2023-10-05 14:03:14 +13:00
# Handle possible validation errors raised by parser
try :
opts , args = parser . parse_args ( list ( argv ) )
except Exception as e :
self . show_command_error ( e )
return - 1
2009-12-28 16:48:07 +01:00
# Filter out options from option groups
kwargs = dict ( opts . __dict__ )
for option_group in parser . option_groups :
for option in option_group . option_list :
2023-10-10 23:31:33 +13:00
if option . dest is not None and option . dest in kwargs :
2010-04-09 02:37:20 +02:00
del kwargs [ option . dest ]
2009-12-28 16:48:07 +01:00
kwargs . update ( optiongroups )
2011-07-18 16:48:03 -04:00
2022-09-09 14:48:29 +12:00
if self . use_colour :
self . apply_colour_choice ( kwargs . pop ( ' color ' , ' auto ' ) )
2011-07-18 16:48:03 -04:00
# Check for a min a max number of allowed arguments, whenever possible
2023-06-06 13:17:58 +02:00
# The suffix "?" means zero or one occurrence
# The suffix "+" means at least one occurrence
# The suffix "*" means zero or more occurrences
2009-12-30 20:40:11 +01:00
min_args = 0
max_args = 0
2011-07-18 16:48:03 -04:00
undetermined_max_args = False
2009-12-30 19:53:05 +01:00
for i , arg in enumerate ( self . takes_args ) :
2016-02-25 12:42:09 +13:00
if arg [ - 1 ] != " ? " and arg [ - 1 ] != " * " :
2018-07-30 18:13:57 +12:00
min_args + = 1
2016-02-25 12:42:09 +13:00
if arg [ - 1 ] == " + " or arg [ - 1 ] == " * " :
2018-07-30 18:13:57 +12:00
undetermined_max_args = True
2011-07-18 16:48:03 -04:00
else :
2018-07-30 18:13:57 +12:00
max_args + = 1
2012-09-27 09:30:47 -07:00
if ( len ( args ) < min_args ) or ( not undetermined_max_args and len ( args ) > max_args ) :
2011-07-18 16:48:03 -04:00
parser . print_usage ( )
2009-12-28 16:48:07 +01:00
return - 1
2011-07-18 16:48:03 -04:00
2012-09-10 14:02:19 +02:00
self . raw_argv = list ( argv )
self . raw_args = args
self . raw_kwargs = kwargs
2009-12-28 20:37:48 +01:00
try :
return self . run ( * args , * * kwargs )
2018-02-14 10:07:23 +13:00
except Exception as e :
2010-11-29 14:11:57 +11:00
self . show_command_error ( e )
2009-12-28 20:37:48 +01:00
return - 1
2009-12-28 13:53:18 +01:00
2022-08-16 13:43:54 +12:00
def run ( self , * args , * * kwargs ) :
2017-02-18 08:47:12 +13:00
""" Run the command. This should be overridden by all subclasses. """
2022-08-16 13:43:54 +12:00
raise NotImplementedError ( f " ' { self . command_name } ' run method not implemented " )
2009-12-28 01:04:33 +01:00
2018-08-21 12:08:59 +12:00
def get_logger ( self , name = " " , verbose = False , quiet = False , * * kwargs ) :
2011-10-12 23:21:52 +02:00
""" Get a logger object. """
2018-08-21 12:08:59 +12:00
return get_samba_logger (
name = name or self . name , stream = self . errf ,
verbose = verbose , quiet = quiet ,
* * kwargs )
2009-12-28 01:04:33 +01:00
2018-04-19 14:15:25 +12:00
def apply_colour_choice ( self , requested ) :
""" Heuristics to work out whether the user wants colour output, from a
- - color = yes | no | auto option . This alters the ANSI 16 bit colour
" constants " in the colour module to be either real colours or empty
strings .
"""
2022-09-09 14:38:18 +12:00
self . requested_colour = requested
2021-07-07 10:43:59 +12:00
try :
2022-09-09 15:24:29 +12:00
colour . colour_if_wanted ( self . outf ,
self . errf ,
hint = requested )
2021-07-07 10:43:59 +12:00
except ValueError as e :
raise CommandError ( f " Unknown --color option: { requested } "
" please choose from always|never|auto " )
2018-04-19 14:15:25 +12:00
2011-07-18 11:30:23 -04:00
2009-12-28 13:53:18 +01:00
class SuperCommand ( Command ) :
2011-07-18 18:34:45 -04:00
""" A samba-tool command with subcommands. """
2009-12-28 13:53:18 +01:00
2011-10-13 23:47:45 +02:00
synopsis = " % prog <subcommand> "
2009-12-28 13:53:18 +01:00
subcommands = { }
2022-09-07 16:33:33 +12:00
def _resolve ( self , path , * args , outf = None , errf = None ) :
2022-09-07 15:34:23 +12:00
""" This is an internal node. We need to consume one of the args and
find the relevant child , returning an instance of that Command .
If there are no children , this SuperCommand will be returned
and its _run ( ) will do a - - help like thing .
"""
self . command_name = path
2022-09-07 16:33:33 +12:00
self . _set_files ( outf , errf )
2022-09-07 15:34:23 +12:00
# We collect up certain option arguments and pass them to the
# leaf, which is why we iterate over args, though we really
# expect to return in the first iteration.
deferred_args = [ ]
for i , a in enumerate ( args ) :
if a in self . subcommands :
sub_args = args [ i + 1 : ] + tuple ( deferred_args )
sub_path = f ' { path } { a } '
sub = self . subcommands [ a ]
2022-09-07 16:33:33 +12:00
return sub . _resolve ( sub_path , * sub_args , outf = outf , errf = errf )
2017-08-11 16:39:33 +12:00
2023-10-05 13:47:11 +13:00
elif a in [ ' --help ' , ' help ' , None , ' -h ' , ' -V ' , ' --version ' ] :
2022-09-07 15:34:23 +12:00
# we pass these to the leaf node.
if a == ' help ' :
a = ' --help '
deferred_args . append ( a )
continue
# they are talking nonsense
print ( " %s : no such subcommand: %s \n " % ( path , a ) , file = self . outf )
return ( self , [ ] )
# We didn't find a subcommand, but maybe we found e.g. --version
print ( " %s : missing subcommand \n " % ( path ) , file = self . outf )
return ( self , deferred_args )
def _run ( self , * argv ) :
2012-10-08 12:47:47 +02:00
epilog = " \n Available subcommands: \n "
2022-09-07 15:41:17 +12:00
subcmds = sorted ( self . subcommands . keys ( ) )
2011-10-13 00:36:44 +02:00
max_length = max ( [ len ( c ) for c in subcmds ] )
2012-09-25 22:34:36 +02:00
for cmd_name in subcmds :
cmd = self . subcommands [ cmd_name ]
2022-09-07 15:34:23 +12:00
if cmd . hidden :
continue
epilog + = " %*s - %s \n " % (
- max_length , cmd_name , cmd . short_description )
epilog + = ( " For more help on a specific subcommand, please type: "
f " { self . command_name } <subcommand> (-h|--help) \n " )
parser , optiongroups = self . _create_parser ( self . command_name , epilog = epilog )
2022-09-07 15:07:43 +12:00
opts , args = parser . parse_args ( list ( argv ) )
2012-10-08 12:47:47 +02:00
2022-09-07 15:41:17 +12:00
# note: if argv had --help, parser.parse_args() will have
# already done the .print_help() and attempted to exit with
# return code 0, so we won't get here.
2012-10-08 12:47:47 +02:00
parser . print_help ( )
return - 1
2009-12-30 21:06:21 +01:00
2009-12-28 13:53:18 +01:00
2009-12-28 16:05:04 +01:00
class CommandError ( Exception ) :
2011-10-13 23:27:22 +02:00
""" An exception class for samba-tool Command errors. """
2010-11-29 14:11:57 +11:00
def __init__ ( self , message , inner_exception = None ) :
self . message = message
self . inner_exception = inner_exception
self . exception_info = sys . exc_info ( )
2018-01-24 19:14:53 +01:00
def __repr__ ( self ) :
return " CommandError( %s ) " % self . message