2017-06-29 02:08:37 +03:00
#!/usr/bin/env python
# Generates samba network traffic
#
# Copyright (C) Catalyst IT Ltd. 2017
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
2018-04-13 06:00:01 +03:00
from __future__ import print_function
2017-06-29 02:08:37 +03:00
import sys
import os
import optparse
import tempfile
import shutil
2018-05-16 04:19:58 +03:00
import random
2017-06-29 02:08:37 +03:00
sys.path.insert(0, "bin/python")
2018-08-20 07:18:45 +03:00
from samba import gensec, get_debug_level
2017-06-29 02:08:37 +03:00
from samba.emulate import traffic
import samba.getopt as options
2018-08-20 05:13:33 +03:00
from samba.logger import get_samba_logger
2018-10-11 04:47:28 +03:00
from samba.samdb import SamDB
from samba.auth import system_session
2017-06-29 02:08:37 +03:00
2018-04-13 06:00:01 +03:00
def print_err(*args, **kwargs):
print(*args, file=sys.stderr, **kwargs)
2017-06-29 02:08:37 +03:00
def main():
desc = ("Generates network traffic 'conversations' based on <summary-file>"
2018-04-18 06:40:18 +03:00
" (which should be the output file produced by either traffic_learner"
2017-06-29 02:08:37 +03:00
" or traffic_summary.pl). This traffic is sent to <dns-hostname>,"
" which is the full DNS hostname of the DC being tested.")
parser = optparse.OptionParser(
"%prog [--help|options] <summary-file> <dns-hostname>",
description=desc)
parser.add_option('--dns-rate', type='float', default=0,
help='fire extra DNS packets at this rate')
parser.add_option('-B', '--badpassword-frequency',
type='float', default=0.0,
help='frequency of connections with bad passwords')
parser.add_option('-K', '--prefer-kerberos',
action="store_true",
help='prefer kerberos when authenticating test users')
parser.add_option('-I', '--instance-id', type='int', default=0,
help='Instance number, when running multiple instances')
parser.add_option('-t', '--timing-data',
help=('write individual message timing data here '
'(- for stdout)'))
parser.add_option('--preserve-tempdir', default=False, action="store_true",
help='do not delete temporary files')
parser.add_option('-F', '--fixed-password',
type='string', default=None,
help=('Password used for the test users created. '
'Required'))
parser.add_option('-c', '--clean-up',
action="store_true",
help='Clean up the generated groups and user accounts')
2018-05-16 04:19:58 +03:00
parser.add_option('--random-seed', type='int', default=0,
help='Use to keep randomness consistent across multiple runs')
2017-06-29 02:08:37 +03:00
model_group = optparse.OptionGroup(parser, 'Traffic Model Options',
'These options alter the traffic '
'generated when the summary-file is a '
'traffic-model (produced by '
'traffic_learner)')
model_group.add_option('-S', '--scale-traffic', type='float', default=1.0,
help='Increase the number of conversations by '
'this factor')
model_group.add_option('-D', '--duration', type='float', default=None,
help=('Run model for this long (approx). '
'Default 60s for models'))
model_group.add_option('-r', '--replay-rate', type='float', default=1.0,
help='Replay the traffic faster by this factor')
model_group.add_option('--traffic-summary',
help=('Generate a traffic summary file and write '
'it here (- for stdout)'))
parser.add_option_group(model_group)
user_gen_group = optparse.OptionGroup(parser, 'Generate User Options',
"Add extra user/groups on the DC to "
"increase the DB size. These extra "
"users aren't used for traffic "
"generation.")
user_gen_group.add_option('-G', '--generate-users-only',
action="store_true",
help='Generate the users, but do not replay '
'the traffic')
user_gen_group.add_option('-n', '--number-of-users', type='int', default=0,
help='Total number of test users to create')
user_gen_group.add_option('--number-of-groups', type='int', default=0,
help='Create this many groups')
user_gen_group.add_option('--average-groups-per-user',
type='int', default=0,
help='Assign the test users to this '
'many groups on average')
user_gen_group.add_option('--group-memberships', type='int', default=0,
help='Total memberships to assign across all '
'test users and all groups')
2018-11-27 03:50:32 +03:00
user_gen_group.add_option('--max-members', type='int', default=None,
help='Max users to add to any one group')
2017-06-29 02:08:37 +03:00
parser.add_option_group(user_gen_group)
sambaopts = options.SambaOptions(parser)
parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
# the --no-password credential doesn't make sense for this tool
if parser.has_option('-N'):
parser.remove_option('-N')
opts, args = parser.parse_args()
# First ensure we have reasonable arguments
if len(args) == 1:
summary = None
host = args[0]
elif len(args) == 2:
summary, host = args
else:
parser.print_usage()
return
2018-10-23 00:19:38 +03:00
lp = sambaopts.get_loadparm()
2018-08-20 07:18:45 +03:00
debuglevel = get_debug_level()
2018-08-20 05:13:33 +03:00
logger = get_samba_logger(name=__name__,
verbose=debuglevel > 3,
quiet=debuglevel < 1)
2018-08-20 07:18:45 +03:00
traffic.DEBUG_LEVEL = debuglevel
2018-08-20 05:13:33 +03:00
# pass log level down to traffic module to make sure level is controlled
traffic.LOGGER.setLevel(logger.getEffectiveLevel())
2018-08-20 07:18:45 +03:00
2017-06-29 02:08:37 +03:00
if opts.clean_up:
2018-08-20 05:13:33 +03:00
logger.info("Removing user and machine accounts")
2017-06-29 02:08:37 +03:00
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
2018-04-18 06:31:12 +03:00
creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
2017-06-29 02:08:37 +03:00
ldb = traffic.openLdb(host, creds, lp)
traffic.clean_up_accounts(ldb, opts.instance_id)
exit(0)
if summary:
if not os.path.exists(summary):
2018-08-20 05:13:33 +03:00
logger.error("Summary file %s doesn't exist" % summary)
2017-06-29 02:08:37 +03:00
sys.exit(1)
# the summary-file can be ommitted for --generate-users-only and
# --cleanup-up, but it should be specified in all other cases
elif not opts.generate_users_only:
2018-08-20 05:13:33 +03:00
logger.error("No summary-file specified to replay traffic from")
2017-06-29 02:08:37 +03:00
sys.exit(1)
if not opts.fixed_password:
2018-08-20 05:13:33 +03:00
logger.error(("Please use --fixed-password to specify a password"
" for the users created as part of this test"))
2017-06-29 02:08:37 +03:00
sys.exit(1)
2018-05-16 04:19:58 +03:00
if opts.random_seed:
random.seed(opts.random_seed)
2017-06-29 02:08:37 +03:00
creds = credopts.get_credentials(lp)
2018-04-18 06:31:12 +03:00
creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
2017-06-29 02:08:37 +03:00
2018-05-07 01:18:42 +03:00
domain = creds.get_domain()
2017-06-29 02:08:37 +03:00
if domain:
lp.set("workgroup", domain)
else:
domain = lp.get("workgroup")
if domain == "WORKGROUP":
2018-08-20 05:13:33 +03:00
logger.error(("NETBIOS domain does not appear to be "
"specified, use the --workgroup option"))
2017-06-29 02:08:37 +03:00
sys.exit(1)
if not opts.realm and not lp.get('realm'):
2018-08-20 05:13:33 +03:00
logger.error("Realm not specified, use the --realm option")
2017-06-29 02:08:37 +03:00
sys.exit(1)
if opts.generate_users_only and not (opts.number_of_users or
opts.number_of_groups):
2018-08-20 05:13:33 +03:00
logger.error(("Please specify the number of users and/or groups "
"to generate."))
2017-06-29 02:08:37 +03:00
sys.exit(1)
if opts.group_memberships and opts.average_groups_per_user:
2018-08-20 05:13:33 +03:00
logger.error(("--group-memberships and --average-groups-per-user"
" are incompatible options - use one or the other"))
2017-06-29 02:08:37 +03:00
sys.exit(1)
if not opts.number_of_groups and opts.average_groups_per_user:
2018-08-20 05:13:33 +03:00
logger.error(("--average-groups-per-user requires "
"--number-of-groups"))
2017-06-29 02:08:37 +03:00
sys.exit(1)
2018-08-07 05:09:03 +03:00
if opts.number_of_groups and opts.average_groups_per_user:
if opts.number_of_groups < opts.average_groups_per_user:
2018-08-20 05:13:33 +03:00
logger.error(("--average-groups-per-user can not be more than "
"--number-of-groups"))
2018-08-07 05:09:03 +03:00
sys.exit(1)
2017-06-29 02:08:37 +03:00
if not opts.number_of_groups and opts.group_memberships:
2018-08-20 05:13:33 +03:00
logger.error("--group-memberships requires --number-of-groups")
2017-06-29 02:08:37 +03:00
sys.exit(1)
if opts.timing_data not in ('-', None):
try:
open(opts.timing_data, 'w').close()
2018-08-20 05:13:33 +03:00
except IOError:
# exception info will be added to log automatically
logger.exception(("the supplied timing data destination "
"(%s) is not writable" % opts.timing_data))
2017-06-29 02:08:37 +03:00
sys.exit()
if opts.traffic_summary not in ('-', None):
try:
open(opts.traffic_summary, 'w').close()
2018-08-20 05:13:33 +03:00
except IOError:
# exception info will be added to log automatically
logger.exception(("the supplied traffic summary destination "
"(%s) is not writable" % opts.traffic_summary))
2017-06-29 02:08:37 +03:00
sys.exit()
duration = opts.duration
if duration is None:
duration = 60.0
# ingest the model or traffic summary
if summary:
try:
conversations, interval, duration, dns_counts = \
traffic.ingest_summaries([summary])
2018-08-20 05:13:33 +03:00
logger.info(("Using conversations from the traffic summary "
"file specified"))
2017-06-29 02:08:37 +03:00
# honour the specified duration if it's different to the
# capture duration
if opts.duration is not None:
duration = opts.duration
except ValueError as e:
2018-10-28 00:49:24 +03:00
if not str(e).startswith('need more than'):
2017-06-29 02:08:37 +03:00
raise
model = traffic.TrafficModel()
try:
model.load(summary)
except ValueError:
2018-08-20 05:13:33 +03:00
logger.error(("Could not parse %s. The summary file "
"should be the output from either the "
"traffic_summary.pl or "
"traffic_learner scripts.") % summary)
2017-06-29 02:08:37 +03:00
sys.exit()
2018-08-20 05:13:33 +03:00
logger.info(("Using the specified model file to "
"generate conversations"))
2017-06-29 02:08:37 +03:00
conversations = model.generate_conversations(opts.scale_traffic,
duration,
opts.replay_rate)
else:
conversations = []
2018-08-20 07:18:45 +03:00
if debuglevel > 5:
2017-06-29 02:08:37 +03:00
for c in conversations:
for p in c.packets:
2018-08-20 07:31:32 +03:00
print(" ", p, file=sys.stderr)
2017-06-29 02:08:37 +03:00
2018-08-20 07:31:32 +03:00
print('=' * 72, file=sys.stderr)
2017-06-29 02:08:37 +03:00
if opts.number_of_users and opts.number_of_users < len(conversations):
2018-08-20 05:13:33 +03:00
logger.error(("--number-of-users (%d) is less than the "
"number of conversations to replay (%d)"
% (opts.number_of_users, len(conversations))))
2017-06-29 02:08:37 +03:00
sys.exit(1)
number_of_users = max(opts.number_of_users, len(conversations))
max_memberships = number_of_users * opts.number_of_groups
if not opts.group_memberships and opts.average_groups_per_user:
opts.group_memberships = opts.average_groups_per_user * number_of_users
2018-08-20 05:13:33 +03:00
logger.info(("Using %d group-memberships based on %u average "
"memberships for %d users"
% (opts.group_memberships,
opts.average_groups_per_user, number_of_users)))
2017-06-29 02:08:37 +03:00
if opts.group_memberships > max_memberships:
2018-08-20 05:13:33 +03:00
logger.error(("The group memberships specified (%d) exceeds "
"the total users (%d) * total groups (%d)"
% (opts.group_memberships, number_of_users,
opts.number_of_groups)))
2017-06-29 02:08:37 +03:00
sys.exit(1)
2018-10-11 04:47:28 +03:00
# Get an LDB connection.
2017-06-29 02:08:37 +03:00
try:
2018-10-11 04:47:28 +03:00
# if we're only adding users, then it's OK to pass a sam.ldb filepath
# as the host, which creates the users much faster. In all other cases
# we should be connecting to a remote DC
if opts.generate_users_only and os.path.isfile(host):
ldb = SamDB(url="ldb://{0}".format(host),
session_info=system_session(), lp=lp)
else:
ldb = traffic.openLdb(host, creds, lp)
2017-06-29 02:08:37 +03:00
except:
2018-08-20 05:13:33 +03:00
logger.error(("\nInitial LDAP connection failed! Did you supply "
"a DNS host name and the correct credentials?"))
2017-06-29 02:08:37 +03:00
sys.exit(1)
if opts.generate_users_only:
2018-11-06 00:52:38 +03:00
# generate computer accounts for added realism. Assume there will be
# some overhang with more computer accounts than users
computer_accounts = int(1.25 * number_of_users)
2017-06-29 02:08:37 +03:00
traffic.generate_users_and_groups(ldb,
opts.instance_id,
opts.fixed_password,
opts.number_of_users,
opts.number_of_groups,
2018-11-06 00:52:38 +03:00
opts.group_memberships,
2018-11-27 03:50:32 +03:00
opts.max_members,
2018-11-06 00:58:56 +03:00
machine_accounts=computer_accounts,
traffic_accounts=False)
2017-06-29 02:08:37 +03:00
sys.exit()
tempdir = tempfile.mkdtemp(prefix="samba_tg_")
2018-08-20 05:13:33 +03:00
logger.info("Using temp dir %s" % tempdir)
2017-06-29 02:08:37 +03:00
traffic.generate_users_and_groups(ldb,
opts.instance_id,
opts.fixed_password,
number_of_users,
opts.number_of_groups,
2018-11-06 00:58:56 +03:00
opts.group_memberships,
2018-11-27 03:50:32 +03:00
opts.max_members,
2018-11-06 01:27:42 +03:00
machine_accounts=len(conversations),
2018-11-06 00:58:56 +03:00
traffic_accounts=True)
2017-06-29 02:08:37 +03:00
accounts = traffic.generate_replay_accounts(ldb,
opts.instance_id,
len(conversations),
opts.fixed_password)
statsdir = traffic.mk_masked_dir(tempdir, 'stats')
if opts.traffic_summary:
if opts.traffic_summary == '-':
summary_dest = sys.stdout
else:
summary_dest = open(opts.traffic_summary, 'w')
2018-08-20 05:13:33 +03:00
logger.info("Writing traffic summary")
2017-06-29 02:08:37 +03:00
summaries = []
for c in conversations:
summaries += c.replay_as_summary_lines()
summaries.sort()
for (time, line) in summaries:
2018-04-13 06:00:01 +03:00
print(line, file=summary_dest)
2017-06-29 02:08:37 +03:00
exit(0)
traffic.replay(conversations, host,
lp=lp,
creds=creds,
accounts=accounts,
dns_rate=opts.dns_rate,
duration=duration,
badpassword_frequency=opts.badpassword_frequency,
prefer_kerberos=opts.prefer_kerberos,
statsdir=statsdir,
domain=domain,
base_dn=ldb.domain_dn(),
ou=traffic.ou_name(ldb, opts.instance_id),
tempdir=tempdir,
domain_sid=ldb.get_domain_sid())
if opts.timing_data == '-':
timing_dest = sys.stdout
elif opts.timing_data is None:
timing_dest = None
else:
timing_dest = open(opts.timing_data, 'w')
2018-08-20 05:13:33 +03:00
logger.info("Generating statistics")
2017-06-29 02:08:37 +03:00
traffic.generate_stats(statsdir, timing_dest)
if not opts.preserve_tempdir:
2018-08-20 05:13:33 +03:00
logger.info("Removing temporary directory")
2017-06-29 02:08:37 +03:00
shutil.rmtree(tempdir)
main()