sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Code
b47efc0f4f
samba-mirror/source4/scripting/bin/samba_kcc
Douglas Bagnall b47efc0f4f KCC: rewrite random intrasite connection addition for clarity 
And add debug messages. No change in results though.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:24 +02:00

3186 lines
124 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/env python
#
# Compute our KCC topology
#
# Copyright (C) Dave Craft 2011
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
import sys
import random
# ensure we get messages out immediately, so they get in the samba logs,
# and don't get swallowed by a timeout
os.environ['PYTHONUNBUFFERED'] = '1'
# forcing GMT avoids a problem in some timezones with kerberos. Both MIT
# heimdal can get mutual authentication errors due to the 24 second difference
# between UTC and GMT when using some zone files (eg. the PDT zone from
# the US)
os.environ["TZ"] = "GMT"
# Find right directory when running from source tree
sys.path.insert(0, "bin/python")
import optparse
import logging
import itertools
import heapq
import time
from samba import (
getopt as options,
Ldb,
ldb,
dsdb,
read_and_sub_file,
drs_utils,
nttime2unix)
from samba.auth import system_session
from samba.samdb import SamDB
from samba.dcerpc import drsuapi
from samba.kcc_utils import *
class KCC(object):
"""The Knowledge Consistency Checker class.
A container for objects and methods allowing a run of the KCC. Produces a
set of connections in the samdb for which the Distributed Replication
Service can then utilize to replicate naming contexts
"""
def __init__(self):
"""Initializes the partitions class which can hold
our local DCs partitions or all the partitions in
the forest
"""
self.part_table = {} # partition objects
self.site_table = {}
self.transport_table = {}
self.sitelink_table = {}
# TODO: These should be backed by a 'permanent' store so that when
# calling DRSGetReplInfo with DS_REPL_INFO_KCC_DSA_CONNECT_FAILURES,
# the failure information can be returned
self.kcc_failed_links = {}
self.kcc_failed_connections = set()
# Used in inter-site topology computation. A list
# of connections (by NTDSConnection object) that are
# to be kept when pruning un-needed NTDS Connections
self.keep_connection_list = []
self.my_dsa_dnstr = None # My dsa DN
self.my_dsa = None # My dsa object
self.my_site_dnstr = None
self.my_site_guid = None
self.my_site = None
self.samdb = None
def load_all_transports(self):
"""Loads the inter-site transport objects for Sites
::returns: Raises an Exception on error
"""
try:
res = self.samdb.search("CN=Inter-Site Transports,CN=Sites,%s" %
self.samdb.get_config_basedn(),
scope=ldb.SCOPE_SUBTREE,
expression="(objectClass=interSiteTransport)")
except ldb.LdbError, (enum, estr):
raise Exception("Unable to find inter-site transports - (%s)" %
estr)
for msg in res:
dnstr = str(msg.dn)
transport = Transport(dnstr)
transport.load_transport(self.samdb)
# already loaded
if str(transport.guid) in self.transport_table.keys():
continue
# Assign this transport to table
# and index by guid
self.transport_table[str(transport.guid)] = transport
def load_all_sitelinks(self):
"""Loads the inter-site siteLink objects
::returns: Raises an Exception on error
"""
try:
res = self.samdb.search("CN=Inter-Site Transports,CN=Sites,%s" %
self.samdb.get_config_basedn(),
scope=ldb.SCOPE_SUBTREE,
expression="(objectClass=siteLink)")
except ldb.LdbError, (enum, estr):
raise Exception("Unable to find inter-site siteLinks - (%s)" % estr)
for msg in res:
dnstr = str(msg.dn)
# already loaded
if dnstr in self.sitelink_table.keys():
continue
sitelink = SiteLink(dnstr)
sitelink.load_sitelink(self.samdb)
# Assign this siteLink to table
# and index by dn
self.sitelink_table[dnstr] = sitelink
def load_my_site(self):
"""Loads the Site class for the local DSA
::returns: Raises an Exception on error
"""
self.my_site_dnstr = "CN=%s,CN=Sites,%s" % (
self.samdb.server_site_name(),
self.samdb.get_config_basedn())
site = Site(self.my_site_dnstr, unix_now)
site.load_site(self.samdb)
self.site_table[str(site.site_guid)] = site
self.my_site_guid = site.site_guid
self.my_site = site
def load_all_sites(self):
"""Discover all sites and instantiate and load each
NTDS Site settings.
::returns: Raises an Exception on error
"""
try:
res = self.samdb.search("CN=Sites,%s" %
self.samdb.get_config_basedn(),
scope=ldb.SCOPE_SUBTREE,
expression="(objectClass=site)")
except ldb.LdbError, (enum, estr):
raise Exception("Unable to find sites - (%s)" % estr)
for msg in res:
sitestr = str(msg.dn)
site = Site(sitestr, unix_now)
site.load_site(self.samdb)
# already loaded
if str(site.site_guid) in self.site_table.keys():
continue
self.site_table[str(site.site_guid)] = site
def load_my_dsa(self):
"""Discover my nTDSDSA dn thru the rootDSE entry
::returns: Raises an Exception on error.
"""
dn = ldb.Dn(self.samdb, "<GUID=%s>" % self.samdb.get_ntds_GUID())
try:
res = self.samdb.search(base=dn, scope=ldb.SCOPE_BASE,
attrs=[])
except ldb.LdbError, (enum, estr):
raise Exception("Unable to find my nTDSDSA - (%s)" % estr)
self.my_dsa_dnstr = str(res[0].dn)
self.my_dsa = self.my_site.get_dsa(self.my_dsa_dnstr)
def load_all_partitions(self):
"""Discover all NCs thru the Partitions dn and
instantiate and load the NCs.
Each NC is inserted into the part_table by partition
dn string (not the nCName dn string)
::returns: Raises an Exception on error
"""
try:
res = self.samdb.search("CN=Partitions,%s" %
self.samdb.get_config_basedn(),
scope=ldb.SCOPE_SUBTREE,
expression="(objectClass=crossRef)")
except ldb.LdbError, (enum, estr):
raise Exception("Unable to find partitions - (%s)" % estr)
for msg in res:
partstr = str(msg.dn)
# already loaded
if partstr in self.part_table.keys():
continue
part = Partition(partstr)
part.load_partition(self.samdb)
self.part_table[partstr] = part
def should_be_present_test(self):
"""Enumerate all loaded partitions and DSAs in local
site and test if NC should be present as replica
"""
for partdn, part in self.part_table.items():
for dsadn, dsa in self.my_site.dsa_table.items():
needed, ro, partial = part.should_be_present(dsa)
logger.info("dsadn:%s\nncdn:%s\nneeded=%s:ro=%s:partial=%s\n" %
(dsadn, part.nc_dnstr, needed, ro, partial))
def refresh_failed_links_connections(self):
"""Instead of NULL link with failure_count = 0, the tuple is simply removed"""
# LINKS: Refresh failed links
self.kcc_failed_links = {}
current, needed = self.my_dsa.get_rep_tables()
for replica in current.values():
# For every possible connection to replicate
for reps_from in replica.rep_repsFrom:
failure_count = reps_from.consecutive_sync_failures
if failure_count <= 0:
continue
dsa_guid = str(reps_from.source_dsa_obj_guid)
time_first_failure = reps_from.last_success
last_result = reps_from.last_attempt
dns_name = reps_from.dns_name1
f = self.kcc_failed_links.get(dsa_guid)
if not f:
f = KCCFailedObject(dsa_guid, failure_count,
time_first_failure, last_result,
dns_name)
self.kcc_failed_links[dsa_guid] = f
#elif f.failure_count == 0:
# f.failure_count = failure_count
# f.time_first_failure = time_first_failure
# f.last_result = last_result
else:
f.failure_count = max(f.failure_count, failure_count)
f.time_first_failure = min(f.time_first_failure, time_first_failure)
f.last_result = last_result
# CONNECTIONS: Refresh failed connections
restore_connections = set()
for connection in self.kcc_failed_connections:
try:
drs_utils.drsuapi_connect(connection.dns_name, lp, creds)
# Failed connection is no longer failing
restore_connections.add(connection)
except drs_utils.drsException:
# Failed connection still failing
connection.failure_count += 1
# Remove the restored connections from the failed connections
self.kcc_failed_connections.difference_update(restore_connections)
def is_stale_link_connection(self, target_dsa):
"""Returns False if no tuple z exists in the kCCFailedLinks or
kCCFailedConnections variables such that z.UUIDDsa is the
objectGUID of the target dsa, z.FailureCount > 0, and
the current time - z.TimeFirstFailure > 2 hours.
"""
# Returns True if tuple z exists...
failed_link = self.kcc_failed_links.get(str(target_dsa.dsa_guid))
if failed_link:
# failure_count should be > 0, but check anyways
if failed_link.failure_count > 0:
unix_first_time_failure = nttime2unix(failed_link.time_first_failure)
# TODO guard against future
if unix_first_time_failure > unix_now:
logger.error("The last success time attribute for \
repsFrom is in the future!")
# Perform calculation in seconds
if (unix_now - unix_first_time_failure) > 60 * 60 * 2:
return True
# TODO connections
return False
# TODO: This should be backed by some form of local database
def remove_unneeded_failed_links_connections(self):
# Remove all tuples in kcc_failed_links where failure count = 0
# In this implementation, this should never happen.
# Remove all connections which were not used this run or connections
# that became active during this run.
pass
def remove_unneeded_ntdsconn(self, all_connected):
"""Removes unneeded NTDS Connections after computation
of KCC intra and inter-site topology has finished.
"""
mydsa = self.my_dsa
# Loop thru connections
for cn_dnstr, cn_conn in mydsa.connect_table.items():
s_dnstr = cn_conn.get_from_dnstr()
if s_dnstr is None:
cn_conn.to_be_deleted = True
continue
# Get the source DSA no matter what site
s_dsa = self.get_dsa(s_dnstr)
# Check if the DSA is in our site
if self.my_site.same_site(s_dsa):
same_site = True
else:
same_site = False
# Given an nTDSConnection object cn, if the DC with the
# nTDSDSA object dc that is the parent object of cn and
# the DC with the nTDSDA object referenced by cn!fromServer
# are in the same site, the KCC on dc deletes cn if all of
# the following are true:
#
# Bit NTDSCONN_OPT_IS_GENERATED is clear in cn!options.
#
# No site settings object s exists for the local DC's site, or
# bit NTDSSETTINGS_OPT_IS_TOPL_CLEANUP_DISABLED is clear in
# s!options.
#
# Another nTDSConnection object cn2 exists such that cn and
# cn2 have the same parent object, cn!fromServer = cn2!fromServer,
# and either
#
# cn!whenCreated < cn2!whenCreated
#
# cn!whenCreated = cn2!whenCreated and
# cn!objectGUID < cn2!objectGUID
#
# Bit NTDSCONN_OPT_RODC_TOPOLOGY is clear in cn!options
if same_site:
if not cn_conn.is_generated():
continue
if self.my_site.is_cleanup_ntdsconn_disabled():
continue
# Loop thru connections looking for a duplicate that
# fulfills the previous criteria
lesser = False
for cn2_dnstr, cn2_conn in mydsa.connect_table.items():
if cn2_conn is cn_conn:
continue
s2_dnstr = cn2_conn.get_from_dnstr()
if s2_dnstr is None:
continue
# If the NTDS Connections has a different
# fromServer field then no match
if s2_dnstr != s_dnstr:
continue
lesser = (cn_conn.whenCreated < cn2_conn.whenCreated or
(cn_conn.whenCreated == cn2_conn.whenCreated and
cmp(cn_conn.guid, cn2_conn.guid) < 0))
if lesser:
break
if lesser and not cn_conn.is_rodc_topology():
cn_conn.to_be_deleted = True
# Given an nTDSConnection object cn, if the DC with the nTDSDSA
# object dc that is the parent object of cn and the DC with
# the nTDSDSA object referenced by cn!fromServer are in
# different sites, a KCC acting as an ISTG in dc's site
# deletes cn if all of the following are true:
#
# Bit NTDSCONN_OPT_IS_GENERATED is clear in cn!options.
#
# cn!fromServer references an nTDSDSA object for a DC
# in a site other than the local DC's site.
#
# The keepConnections sequence returned by
# CreateIntersiteConnections() does not contain
# cn!objectGUID, or cn is "superseded by" (see below)
# another nTDSConnection cn2 and keepConnections
# contains cn2!objectGUID.
#
# The return value of CreateIntersiteConnections()
# was true.
#
# Bit NTDSCONN_OPT_RODC_TOPOLOGY is clear in
# cn!options
#
else: # different site
if not mydsa.is_istg():
continue
if not cn_conn.is_generated():
continue
# TODO
# We are directly using this connection in intersite or
# we are using a connection which can supersede this one.
#
# MS-ADTS 6.2.2.4 - Removing Unnecessary Connections does not
# appear to be correct.
#
# 1. cn!fromServer and cn!parent appear inconsistent with no cn2
# 2. The repsFrom do not imply each other
#
if self.keep_connection(cn_conn): # and not_superceded:
continue
# This is the result of create_intersite_connections
if not all_connected:
continue
if not cn_conn.is_rodc_topology():
cn_conn.to_be_deleted = True
if mydsa.is_ro() or opts.readonly:
for dnstr, connect in mydsa.connect_table.items():
if connect.to_be_deleted:
DEBUG_GREEN("TO BE DELETED:\n%s" % connect)
if connect.to_be_added:
DEBUG_GREEN("TO BE ADDED:\n%s" % connect)
# Peform deletion from our tables but perform
# no database modification
mydsa.commit_connections(self.samdb, ro=True)
else:
# Commit any modified connections
mydsa.commit_connections(self.samdb)
def get_dsa_by_guidstr(self, guidstr):
"""Given a DSA guid string, consule all sites looking
for the corresponding DSA and return it.
"""
for site in self.site_table.values():
dsa = site.get_dsa_by_guidstr(guidstr)
if dsa is not None:
return dsa
return None
def get_dsa(self, dnstr):
"""Given a DSA dn string, consule all sites looking
for the corresponding DSA and return it.
"""
for site in self.site_table.values():
dsa = site.get_dsa(dnstr)
if dsa is not None:
return dsa
return None
def modify_repsFrom(self, n_rep, t_repsFrom, s_rep, s_dsa, cn_conn):
"""Update t_repsFrom if necessary to satisfy requirements. Such
updates are typically required when the IDL_DRSGetNCChanges
server has moved from one site to another--for example, to
enable compression when the server is moved from the
client's site to another site.
:param n_rep: NC replica we need
:param t_repsFrom: repsFrom tuple to modify
:param s_rep: NC replica at source DSA
:param s_dsa: source DSA
:param cn_conn: Local DSA NTDSConnection child
::returns: (update) bit field containing which portion of the
repsFrom was modified. This bit field is suitable as input
to IDL_DRSReplicaModify ulModifyFields element, as it consists
of these bits:
drsuapi.DRSUAPI_DRS_UPDATE_SCHEDULE
drsuapi.DRSUAPI_DRS_UPDATE_FLAGS
drsuapi.DRSUAPI_DRS_UPDATE_ADDRESS
"""
s_dnstr = s_dsa.dsa_dnstr
update = 0x0
if self.my_site.same_site(s_dsa):
same_site = True
else:
same_site = False
times = cn_conn.convert_schedule_to_repltimes()
# if schedule doesn't match then update and modify
if times != t_repsFrom.schedule:
t_repsFrom.schedule = times
# Bit DRS_PER_SYNC is set in replicaFlags if and only
# if nTDSConnection schedule has a value v that specifies
# scheduled replication is to be performed at least once
# per week.
if cn_conn.is_schedule_minimum_once_per_week():
if (t_repsFrom.replica_flags &
drsuapi.DRSUAPI_DRS_PER_SYNC) == 0x0:
t_repsFrom.replica_flags |= drsuapi.DRSUAPI_DRS_PER_SYNC
# Bit DRS_INIT_SYNC is set in t.replicaFlags if and only
# if the source DSA and the local DC's nTDSDSA object are
# in the same site or source dsa is the FSMO role owner
# of one or more FSMO roles in the NC replica.
if same_site or n_rep.is_fsmo_role_owner(s_dnstr):
if (t_repsFrom.replica_flags &
drsuapi.DRSUAPI_DRS_INIT_SYNC) == 0x0:
t_repsFrom.replica_flags |= drsuapi.DRSUAPI_DRS_INIT_SYNC
# If bit NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT is set in
# cn!options, bit DRS_NEVER_NOTIFY is set in t.replicaFlags
# if and only if bit NTDSCONN_OPT_USE_NOTIFY is clear in
# cn!options. Otherwise, bit DRS_NEVER_NOTIFY is set in
# t.replicaFlags if and only if s and the local DC's
# nTDSDSA object are in different sites.
if (cn_conn.options & dsdb.NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT) != 0x0:
if (cn_conn.options & dsdb.NTDSCONN_OPT_USE_NOTIFY) == 0x0:
if (t_repsFrom.replica_flags &
drsuapi.DRSUAPI_DRS_NEVER_NOTIFY) == 0x0:
t_repsFrom.replica_flags |= drsuapi.DRSUAPI_DRS_NEVER_NOTIFY
elif not same_site:
if (t_repsFrom.replica_flags &
drsuapi.DRSUAPI_DRS_NEVER_NOTIFY) == 0x0:
t_repsFrom.replica_flags |= drsuapi.DRSUAPI_DRS_NEVER_NOTIFY
# Bit DRS_USE_COMPRESSION is set in t.replicaFlags if
# and only if s and the local DC's nTDSDSA object are
# not in the same site and the
# NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION bit is
# clear in cn!options
if (not same_site and
(cn_conn.options &
dsdb.NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION) == 0x0):
if (t_repsFrom.replica_flags &
drsuapi.DRSUAPI_DRS_USE_COMPRESSION) == 0x0:
t_repsFrom.replica_flags |= drsuapi.DRSUAPI_DRS_USE_COMPRESSION
# Bit DRS_TWOWAY_SYNC is set in t.replicaFlags if and only
# if bit NTDSCONN_OPT_TWOWAY_SYNC is set in cn!options.
if (cn_conn.options & dsdb.NTDSCONN_OPT_TWOWAY_SYNC) != 0x0:
if (t_repsFrom.replica_flags &
drsuapi.DRSUAPI_DRS_TWOWAY_SYNC) == 0x0:
t_repsFrom.replica_flags |= drsuapi.DRSUAPI_DRS_TWOWAY_SYNC
# Bits DRS_DISABLE_AUTO_SYNC and DRS_DISABLE_PERIODIC_SYNC are
# set in t.replicaFlags if and only if cn!enabledConnection = false.
if not cn_conn.is_enabled():
if (t_repsFrom.replica_flags &
drsuapi.DRSUAPI_DRS_DISABLE_AUTO_SYNC) == 0x0:
t_repsFrom.replica_flags |= \
drsuapi.DRSUAPI_DRS_DISABLE_AUTO_SYNC
if (t_repsFrom.replica_flags &
drsuapi.DRSUAPI_DRS_DISABLE_PERIODIC_SYNC) == 0x0:
t_repsFrom.replica_flags |= \
drsuapi.DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
# If s and the local DC's nTDSDSA object are in the same site,
# cn!transportType has no value, or the RDN of cn!transportType
# is CN=IP:
#
# Bit DRS_MAIL_REP in t.replicaFlags is clear.
#
# t.uuidTransport = NULL GUID.
#
# t.uuidDsa = The GUID-based DNS name of s.
#
# Otherwise:
#
# Bit DRS_MAIL_REP in t.replicaFlags is set.
#
# If x is the object with dsname cn!transportType,
# t.uuidTransport = x!objectGUID.
#
# Let a be the attribute identified by
# x!transportAddressAttribute. If a is
# the dNSHostName attribute, t.uuidDsa = the GUID-based
# DNS name of s. Otherwise, t.uuidDsa = (s!parent)!a.
#
# It appears that the first statement i.e.
#
# "If s and the local DC's nTDSDSA object are in the same
# site, cn!transportType has no value, or the RDN of
# cn!transportType is CN=IP:"
#
# could be a slightly tighter statement if it had an "or"
# between each condition. I believe this should
# be interpreted as:
#
# IF (same-site) OR (no-value) OR (type-ip)
#
# because IP should be the primary transport mechanism
# (even in inter-site) and the absense of the transportType
# attribute should always imply IP no matter if its multi-site
#
# NOTE MS-TECH INCORRECT:
#
# All indications point to these statements above being
# incorrectly stated:
#
# t.uuidDsa = The GUID-based DNS name of s.
#
# Let a be the attribute identified by
# x!transportAddressAttribute. If a is
# the dNSHostName attribute, t.uuidDsa = the GUID-based
# DNS name of s. Otherwise, t.uuidDsa = (s!parent)!a.
#
# because the uuidDSA is a GUID and not a GUID-base DNS
# name. Nor can uuidDsa hold (s!parent)!a if not
# dNSHostName. What should have been said is:
#
# t.naDsa = The GUID-based DNS name of s
#
# That would also be correct if transportAddressAttribute
# were "mailAddress" because (naDsa) can also correctly
# hold the SMTP ISM service address.
#
nastr = "%s._msdcs.%s" % (s_dsa.dsa_guid, self.samdb.forest_dns_name())
# We're not currently supporting SMTP replication
# so is_smtp_replication_available() is currently
# always returning False
if (same_site or
cn_conn.transport_dnstr is None or
cn_conn.transport_dnstr.find("CN=IP") == 0 or
not is_smtp_replication_available()):
if (t_repsFrom.replica_flags &
drsuapi.DRSUAPI_DRS_MAIL_REP) != 0x0:
t_repsFrom.replica_flags &= ~drsuapi.DRSUAPI_DRS_MAIL_REP
null_guid = misc.GUID()
if (t_repsFrom.transport_guid is None or
t_repsFrom.transport_guid != null_guid):
t_repsFrom.transport_guid = null_guid
# See (NOTE MS-TECH INCORRECT) above
if t_repsFrom.version == 0x1:
if t_repsFrom.dns_name1 is None or \
t_repsFrom.dns_name1 != nastr:
t_repsFrom.dns_name1 = nastr
else:
if t_repsFrom.dns_name1 is None or \
t_repsFrom.dns_name2 is None or \
t_repsFrom.dns_name1 != nastr or \
t_repsFrom.dns_name2 != nastr:
t_repsFrom.dns_name1 = nastr
t_repsFrom.dns_name2 = nastr
else:
if (t_repsFrom.replica_flags &
drsuapi.DRSUAPI_DRS_MAIL_REP) == 0x0:
t_repsFrom.replica_flags |= drsuapi.DRSUAPI_DRS_MAIL_REP
# We have a transport type but its not an
# object in the database
if cn_conn.transport_guid not in self.transport_table.keys():
raise Exception("Missing inter-site transport - (%s)" %
cn_conn.transport_dnstr)
x_transport = self.transport_table[str(cn_conn.transport_guid)]
if t_repsFrom.transport_guid != x_transport.guid:
t_repsFrom.transport_guid = x_transport.guid
# See (NOTE MS-TECH INCORRECT) above
if x_transport.address_attr == "dNSHostName":
if t_repsFrom.version == 0x1:
if t_repsFrom.dns_name1 is None or \
t_repsFrom.dns_name1 != nastr:
t_repsFrom.dns_name1 = nastr
else:
if t_repsFrom.dns_name1 is None or \
t_repsFrom.dns_name2 is None or \
t_repsFrom.dns_name1 != nastr or \
t_repsFrom.dns_name2 != nastr:
t_repsFrom.dns_name1 = nastr
t_repsFrom.dns_name2 = nastr
else:
# MS tech specification says we retrieve the named
# attribute in "transportAddressAttribute" from the parent of
# the DSA object
try:
pdnstr = s_dsa.get_parent_dnstr()
attrs = [ x_transport.address_attr ]
res = self.samdb.search(base=pdnstr, scope=ldb.SCOPE_BASE,
attrs=attrs)
except ldb.LdbError, (enum, estr):
raise Exception(
"Unable to find attr (%s) for (%s) - (%s)" %
(x_transport.address_attr, pdnstr, estr))
msg = res[0]
nastr = str(msg[x_transport.address_attr][0])
# See (NOTE MS-TECH INCORRECT) above
if t_repsFrom.version == 0x1:
if t_repsFrom.dns_name1 is None or \
t_repsFrom.dns_name1 != nastr:
t_repsFrom.dns_name1 = nastr
else:
if t_repsFrom.dns_name1 is None or \
t_repsFrom.dns_name2 is None or \
t_repsFrom.dns_name1 != nastr or \
t_repsFrom.dns_name2 != nastr:
t_repsFrom.dns_name1 = nastr
t_repsFrom.dns_name2 = nastr
if t_repsFrom.is_modified():
logger.debug("modify_repsFrom(): %s" % t_repsFrom)
def is_repsFrom_implied(self, n_rep, cn_conn):
"""Given a NC replica and NTDS Connection, determine if the connection
implies a repsFrom tuple should be present from the source DSA listed
in the connection to the naming context
:param n_rep: NC replica
:param conn: NTDS Connection
::returns (True || False), source DSA:
"""
# NTDS Connection must satisfy all the following criteria
# to imply a repsFrom tuple is needed:
#
# cn!enabledConnection = true.
# cn!options does not contain NTDSCONN_OPT_RODC_TOPOLOGY.
# cn!fromServer references an nTDSDSA object.
s_dsa = None
if cn_conn.is_enabled() and not cn_conn.is_rodc_topology():
s_dnstr = cn_conn.get_from_dnstr()
if s_dnstr is not None:
s_dsa = self.get_dsa(s_dnstr)
# No DSA matching this source DN string?
if s_dsa is None:
return False, None
# To imply a repsFrom tuple is needed, each of these
# must be True:
#
# An NC replica of the NC "is present" on the DC to
# which the nTDSDSA object referenced by cn!fromServer
# corresponds.
#
# An NC replica of the NC "should be present" on
# the local DC
s_rep = s_dsa.get_current_replica(n_rep.nc_dnstr)
if s_rep is None or not s_rep.is_present():
return False, None
# To imply a repsFrom tuple is needed, each of these
# must be True:
#
# The NC replica on the DC referenced by cn!fromServer is
# a writable replica or the NC replica that "should be
# present" on the local DC is a partial replica.
#
# The NC is not a domain NC, the NC replica that
# "should be present" on the local DC is a partial
# replica, cn!transportType has no value, or
# cn!transportType has an RDN of CN=IP.
#
implied = (not s_rep.is_ro() or n_rep.is_partial()) and \
(not n_rep.is_domain() or
n_rep.is_partial() or
cn_conn.transport_dnstr is None or
cn_conn.transport_dnstr.find("CN=IP") == 0)
if implied:
return True, s_dsa
else:
return False, None
def translate_ntdsconn(self):
"""This function adjusts values of repsFrom abstract attributes of NC
replicas on the local DC to match those implied by
nTDSConnection objects.
[MS-ADTS] 6.2.2.5
"""
if self.my_dsa.is_translate_ntdsconn_disabled():
logger.debug("skipping translate_ntdsconn() because disabling flag is set")
return
logger.debug("translate_ntdsconn(): enter")
current_rep_table, needed_rep_table = self.my_dsa.get_rep_tables()
# Filled in with replicas we currently have that need deleting
delete_reps = set()
# We're using the MS notation names here to allow
# correlation back to the published algorithm.
#
# n_rep - NC replica (n)
# t_repsFrom - tuple (t) in n!repsFrom
# s_dsa - Source DSA of the replica. Defined as nTDSDSA
# object (s) such that (s!objectGUID = t.uuidDsa)
# In our IDL representation of repsFrom the (uuidDsa)
# attribute is called (source_dsa_obj_guid)
# cn_conn - (cn) is nTDSConnection object and child of the local DC's
# nTDSDSA object and (cn!fromServer = s)
# s_rep - source DSA replica of n
#
# If we have the replica and its not needed
# then we add it to the "to be deleted" list.
for dnstr in current_rep_table:
if dnstr not in needed_rep_table:
delete_reps.add(dnstr)
if delete_reps:
DEBUG('current %d needed %d delete %d', len(current_rep_table),
len(needed_rep_table), len(delete_reps))
DEBUG('deleting these reps: %s', delete_reps)
for dnstr in delete_reps:
del current_rep_table[dnstr]
# Now perform the scan of replicas we'll need
# and compare any current repsFrom against the
# connections
for dnstr, n_rep in needed_rep_table.items():
# load any repsFrom and fsmo roles as we'll
# need them during connection translation
n_rep.load_repsFrom(self.samdb)
n_rep.load_fsmo_roles(self.samdb)
# Loop thru the existing repsFrom tupples (if any)
for i, t_repsFrom in enumerate(n_rep.rep_repsFrom):
# for each tuple t in n!repsFrom, let s be the nTDSDSA
# object such that s!objectGUID = t.uuidDsa
guidstr = str(t_repsFrom.source_dsa_obj_guid)
s_dsa = self.get_dsa_by_guidstr(guidstr)
# Source dsa is gone from config (strange)
# so cleanup stale repsFrom for unlisted DSA
if s_dsa is None:
logger.debug("repsFrom source DSA guid (%s) not found" %
guidstr)
t_repsFrom.to_be_deleted = True
continue
s_dnstr = s_dsa.dsa_dnstr
# Retrieve my DSAs connection object (if it exists)
# that specifies the fromServer equivalent to
# the DSA that is specified in the repsFrom source
cn_conn = self.my_dsa.get_connection_by_from_dnstr(s_dnstr)
# Let (cn) be the nTDSConnection object such that (cn)
# is a child of the local DC's nTDSDSA object and
# (cn!fromServer = s) and (cn!options) does not contain
# NTDSCONN_OPT_RODC_TOPOLOGY or NULL if no such (cn) exists.
if cn_conn and not cn_conn.is_rodc_topology():
cn_conn = None
# KCC removes this repsFrom tuple if any of the following
# is true:
# cn = NULL.
#
# No NC replica of the NC "is present" on DSA that
# would be source of replica
#
# A writable replica of the NC "should be present" on
# the local DC, but a partial replica "is present" on
# the source DSA
s_rep = s_dsa.get_current_replica(n_rep.nc_dnstr)
if cn_conn is None or \
s_rep is None or not s_rep.is_present() or \
(not n_rep.is_ro() and s_rep.is_partial()):
t_repsFrom.to_be_deleted = True
continue
# If the KCC did not remove t from n!repsFrom, it updates t
self.modify_repsFrom(n_rep, t_repsFrom, s_rep, s_dsa, cn_conn)
# Loop thru connections and add implied repsFrom tuples
# for each NTDSConnection under our local DSA if the
# repsFrom is not already present
for cn_dnstr, cn_conn in self.my_dsa.connect_table.items():
implied, s_dsa = self.is_repsFrom_implied(n_rep, cn_conn)
if not implied:
continue
# Loop thru the existing repsFrom tupples (if any) and
# if we already have a tuple for this connection then
# no need to proceed to add. It will have been changed
# to have the correct attributes above
for i, t_repsFrom in enumerate(n_rep.rep_repsFrom):
guidstr = str(t_repsFrom.source_dsa_obj_guid)
if s_dsa is self.get_dsa_by_guidstr(guidstr):
s_dsa = None
break
if s_dsa is None:
continue
# Create a new RepsFromTo and proceed to modify
# it according to specification
t_repsFrom = RepsFromTo(n_rep.nc_dnstr)
t_repsFrom.source_dsa_obj_guid = s_dsa.dsa_guid
s_rep = s_dsa.get_current_replica(n_rep.nc_dnstr)
self.modify_repsFrom(n_rep, t_repsFrom, s_rep, s_dsa, cn_conn)
# Add to our NC repsFrom as this is newly computed
if t_repsFrom.is_modified():
n_rep.rep_repsFrom.append(t_repsFrom)
if opts.readonly:
# Display any to be deleted or modified repsFrom
text = n_rep.dumpstr_to_be_deleted()
if text:
logger.info("TO BE DELETED:\n%s" % text)
text = n_rep.dumpstr_to_be_modified()
if text:
logger.info("TO BE MODIFIED:\n%s" % text)
# Peform deletion from our tables but perform
# no database modification
n_rep.commit_repsFrom(self.samdb, ro=True)
else:
# Commit any modified repsFrom to the NC replica
n_rep.commit_repsFrom(self.samdb)
def keep_connection(self, cn_conn):
"""Determines if the connection is meant to be kept during the
pruning of unneeded connections operation.
Consults the keep_connection_list[] which was built during
intersite NC replica graph computation.
::returns (True or False): if (True) connection should not be pruned
"""
if cn_conn in self.keep_connection_list:
return True
return False
def merge_failed_links(self):
"""Merge of kCCFailedLinks and kCCFailedLinks from bridgeheads.
The KCC on a writable DC attempts to merge the link and connection
failure information from bridgehead DCs in its own site to help it
identify failed bridgehead DCs.
"""
# MS-TECH Ref 6.2.2.3.2 Merge of kCCFailedLinks and kCCFailedLinks
# from Bridgeheads
# 1. Queries every bridgehead server in your site (other than yourself)
# 2. For every ntDSConnection that references a server in a different
# site merge all the failure info
#
# XXX - not implemented yet
def setup_graph(self, part):
"""Set up a GRAPH, populated with a VERTEX for each site
object, a MULTIEDGE for each siteLink object, and a
MUTLIEDGESET for each siteLinkBridge object (or implied
siteLinkBridge).
::returns: a new graph
"""
guid_to_vertex = {}
# Create graph
g = IntersiteGraph()
# Add vertices
for site_guid, site in self.site_table.items():
vertex = Vertex(site, part)
vertex.guid = site_guid
g.vertices.add(vertex)
if not guid_to_vertex.get(site_guid):
guid_to_vertex[site_guid] = []
guid_to_vertex[site_guid].append(vertex)
connected_vertices = set()
for transport_guid, transport in self.transport_table.items():
# Currently only ever "IP"
for site_link_dn, site_link in self.sitelink_table.items():
new_edge = create_edge(transport_guid, site_link, guid_to_vertex)
connected_vertices.update(new_edge.vertices)
g.edges.add(new_edge)
# If 'Bridge all site links' is enabled and Win2k3 bridges required is not set
# NTDSTRANSPORT_OPT_BRIDGES_REQUIRED 0x00000002
# No documentation for this however, ntdsapi.h appears to have listed:
# NTDSSETTINGS_OPT_W2K3_BRIDGES_REQUIRED = 0x00001000
if ((self.my_site.site_options & 0x00000002) == 0
and (self.my_site.site_options & 0x00001000) == 0):
g.edge_set.add(create_auto_edge_set(g, transport_guid))
else:
# TODO get all site link bridges
for site_link_bridge in []:
g.edge_set.add(create_edge_set(g, transport_guid,
site_link_bridge))
g.connected_vertices = connected_vertices
return g
def get_bridgehead(self, site, part, transport, partial_ok, detect_failed):
"""Get a bridghead DC.
:param site: site object representing for which a bridgehead
DC is desired.
:param part: crossRef for NC to replicate.
:param transport: interSiteTransport object for replication
traffic.
:param partial_ok: True if a DC containing a partial
replica or a full replica will suffice, False if only
a full replica will suffice.
:param detect_failed: True to detect failed DCs and route
replication traffic around them, False to assume no DC
has failed.
::returns: dsa object for the bridgehead DC or None
"""
bhs = self.get_all_bridgeheads(site, part, transport,
partial_ok, detect_failed)
if len(bhs) == 0:
logger.debug("get_bridgehead:\n\tsitedn=%s\n\tbhdn=None" %
site.site_dnstr)
return None
else:
logger.debug("get_bridgehead:\n\tsitedn=%s\n\tbhdn=%s" %
(site.site_dnstr, bhs[0].dsa_dnstr))
return bhs[0]
def get_all_bridgeheads(self, site, part, transport,
partial_ok, detect_failed):
"""Get all bridghead DCs satisfying the given criteria
:param site: site object representing the site for which
bridgehead DCs are desired.
:param part: partition for NC to replicate.
:param transport: interSiteTransport object for
replication traffic.
:param partial_ok: True if a DC containing a partial
replica or a full replica will suffice, False if
only a full replica will suffice.
:param detect_ok: True to detect failed DCs and route
replication traffic around them, FALSE to assume
no DC has failed.
::returns: list of dsa object for available bridgehead
DCs or None
"""
bhs = []
logger.debug("get_all_bridgeheads: %s" % transport)
logger.debug(site.dsa_table)
for key, dsa in site.dsa_table.items():
pdnstr = dsa.get_parent_dnstr()
# IF t!bridgeheadServerListBL has one or more values and
# t!bridgeheadServerListBL does not contain a reference
# to the parent object of dc then skip dc
if (len(transport.bridgehead_list) != 0 and
pdnstr not in transport.bridgehead_list):
continue
# IF dc is in the same site as the local DC
# IF a replica of cr!nCName is not in the set of NC replicas
# that "should be present" on dc or a partial replica of the
# NC "should be present" but partialReplicasOkay = FALSE
# Skip dc
if self.my_site.same_site(dsa):
needed, ro, partial = part.should_be_present(dsa)
if not needed or (partial and not partial_ok):
continue
# ELSE
# IF an NC replica of cr!nCName is not in the set of NC
# replicas that "are present" on dc or a partial replica of
# the NC "is present" but partialReplicasOkay = FALSE
# Skip dc
else:
rep = dsa.get_current_replica(part.nc_dnstr)
if rep is None or (rep.is_partial() and not partial_ok):
continue
# IF AmIRODC() and cr!nCName corresponds to default NC then
# Let dsaobj be the nTDSDSA object of the dc
# IF dsaobj.msDS-Behavior-Version < DS_DOMAIN_FUNCTION_2008
# Skip dc
if self.my_dsa.is_ro() and part.is_default():
if not dsa.is_minimum_behavior(dsdb.DS_DOMAIN_FUNCTION_2008):
continue
# IF t!name != "IP" and the parent object of dc has no value for
# the attribute specified by t!transportAddressAttribute
# Skip dc
if transport.name != "IP":
# MS tech specification says we retrieve the named
# attribute in "transportAddressAttribute" from the parent
# of the DSA object
try:
attrs = [ transport.address_attr ]
res = self.samdb.search(base=pdnstr, scope=ldb.SCOPE_BASE,
attrs=attrs)
except ldb.LdbError, (enum, estr):
continue
msg = res[0]
if transport.address_attr not in msg:
continue
nastr = str(msg[transport.address_attr][0])
# IF BridgeheadDCFailed(dc!objectGUID, detectFailedDCs) = TRUE
# Skip dc
if self.is_bridgehead_failed(dsa, detect_failed):
continue
logger.debug("get_all_bridgeheads: dsadn=%s" % dsa.dsa_dnstr)
bhs.append(dsa)
# IF bit NTDSSETTINGS_OPT_IS_RAND_BH_SELECTION_DISABLED is set in
# s!options
# SORT bhs such that all GC servers precede DCs that are not GC
# servers, and otherwise by ascending objectGUID
# ELSE
# SORT bhs in a random order
if site.is_random_bridgehead_disabled():
bhs.sort(sort_dsa_by_gc_and_guid)
else:
random.shuffle(bhs)
return bhs
def is_bridgehead_failed(self, dsa, detect_failed):
"""Determine whether a given DC is known to be in a failed state
::returns: True if and only if the DC should be considered failed
"""
# NTDSSETTINGS_OPT_IS_TOPL_DETECT_STALE_DISABLED = 0x00000008
# When DETECT_STALE_DISABLED, we can never know of if it's in a failed state
if self.my_site.site_options & 0x00000008:
return False
elif self.is_stale_link_connection(dsa):
return True
return detect_failed # TODO WHY?
def create_connection(self, part, rbh, rsite, transport,
lbh, lsite, link_opt, link_sched,
partial_ok, detect_failed):
"""Create an nTDSConnection object with the given parameters
if one does not already exist.
:param part: crossRef object for the NC to replicate.
:param rbh: nTDSDSA object for DC to act as the
IDL_DRSGetNCChanges server (which is in a site other
than the local DC's site).
:param rsite: site of the rbh
:param transport: interSiteTransport object for the transport
to use for replication traffic.
:param lbh: nTDSDSA object for DC to act as the
IDL_DRSGetNCChanges client (which is in the local DC's site).
:param lsite: site of the lbh
:param link_opt: Replication parameters (aggregated siteLink options, etc.)
:param link_sched: Schedule specifying the times at which
to begin replicating.
:partial_ok: True if bridgehead DCs containing partial
replicas of the NC are acceptable.
:param detect_failed: True to detect failed DCs and route
replication traffic around them, FALSE to assume no DC
has failed.
"""
rbhs_all = self.get_all_bridgeheads(rsite, part, transport,
partial_ok, False)
# MS-TECH says to compute rbhs_avail but then doesn't use it
# rbhs_avail = self.get_all_bridgeheads(rsite, part, transport,
# partial_ok, detect_failed)
lbhs_all = self.get_all_bridgeheads(lsite, part, transport,
partial_ok, False)
# MS-TECH says to compute lbhs_avail but then doesn't use it
# lbhs_avail = self.get_all_bridgeheads(lsite, part, transport,
# partial_ok, detect_failed)
# FOR each nTDSConnection object cn such that the parent of cn is
# a DC in lbhsAll and cn!fromServer references a DC in rbhsAll
for ldsa in lbhs_all:
for cn in ldsa.connect_table.values():
rdsa = None
for rdsa in rbhs_all:
if cn.from_dnstr == rdsa.dsa_dnstr:
break
if rdsa is None:
continue
# IF bit NTDSCONN_OPT_IS_GENERATED is set in cn!options and
# NTDSCONN_OPT_RODC_TOPOLOGY is clear in cn!options and
# cn!transportType references t
if (cn.is_generated() and not cn.is_rodc_topology() and
cn.transport_guid == transport.guid):
# IF bit NTDSCONN_OPT_USER_OWNED_SCHEDULE is clear in
# cn!options and cn!schedule != sch
# Perform an originating update to set cn!schedule to
# sched
if (not cn.is_user_owned_schedule() and
not cn.is_equivalent_schedule(link_sched)):
cn.schedule = link_sched
cn.set_modified(True)
# IF bits NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT and
# NTDSCONN_OPT_USE_NOTIFY are set in cn
if cn.is_override_notify_default() and \
cn.is_use_notify():
# IF bit NTDSSITELINK_OPT_USE_NOTIFY is clear in
# ri.Options
# Perform an originating update to clear bits
# NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT and
# NTDSCONN_OPT_USE_NOTIFY in cn!options
if (link_opt & dsdb.NTDSSITELINK_OPT_USE_NOTIFY) == 0:
cn.options &= \
~(dsdb.NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT |
dsdb.NTDSCONN_OPT_USE_NOTIFY)
cn.set_modified(True)
# ELSE
else:
# IF bit NTDSSITELINK_OPT_USE_NOTIFY is set in
# ri.Options
# Perform an originating update to set bits
# NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT and
# NTDSCONN_OPT_USE_NOTIFY in cn!options
if (link_opt & dsdb.NTDSSITELINK_OPT_USE_NOTIFY) != 0:
cn.options |= \
(dsdb.NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT |
dsdb.NTDSCONN_OPT_USE_NOTIFY)
cn.set_modified(True)
# IF bit NTDSCONN_OPT_TWOWAY_SYNC is set in cn!options
if cn.is_twoway_sync():
# IF bit NTDSSITELINK_OPT_TWOWAY_SYNC is clear in
# ri.Options
# Perform an originating update to clear bit
# NTDSCONN_OPT_TWOWAY_SYNC in cn!options
if (link_opt & dsdb.NTDSSITELINK_OPT_TWOWAY_SYNC) == 0:
cn.options &= ~dsdb.NTDSCONN_OPT_TWOWAY_SYNC
cn.set_modified(True)
# ELSE
else:
# IF bit NTDSSITELINK_OPT_TWOWAY_SYNC is set in
# ri.Options
# Perform an originating update to set bit
# NTDSCONN_OPT_TWOWAY_SYNC in cn!options
if (link_opt & dsdb.NTDSSITELINK_OPT_TWOWAY_SYNC) != 0:
cn.options |= dsdb.NTDSCONN_OPT_TWOWAY_SYNC
cn.set_modified(True)
# IF bit NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION is set
# in cn!options
if cn.is_intersite_compression_disabled():
# IF bit NTDSSITELINK_OPT_DISABLE_COMPRESSION is clear
# in ri.Options
# Perform an originating update to clear bit
# NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION in
# cn!options
if (link_opt &
dsdb.NTDSSITELINK_OPT_DISABLE_COMPRESSION) == 0:
cn.options &= \
~dsdb.NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION
cn.set_modified(True)
# ELSE
else:
# IF bit NTDSSITELINK_OPT_DISABLE_COMPRESSION is set in
# ri.Options
# Perform an originating update to set bit
# NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION in
# cn!options
if (link_opt &
dsdb.NTDSSITELINK_OPT_DISABLE_COMPRESSION) != 0:
cn.options |= \
dsdb.NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION
cn.set_modified(True)
# Display any modified connection
if opts.readonly:
if cn.to_be_modified:
logger.info("TO BE MODIFIED:\n%s" % cn)
ldsa.commit_connections(self.samdb, ro=True)
else:
ldsa.commit_connections(self.samdb)
# ENDFOR
valid_connections = 0
# FOR each nTDSConnection object cn such that cn!parent is
# a DC in lbhsAll and cn!fromServer references a DC in rbhsAll
for ldsa in lbhs_all:
for cn in ldsa.connect_table.values():
rdsa = None
for rdsa in rbhs_all:
if cn.from_dnstr == rdsa.dsa_dnstr:
break
if rdsa is None:
continue
# IF (bit NTDSCONN_OPT_IS_GENERATED is clear in cn!options or
# cn!transportType references t) and
# NTDSCONN_OPT_RODC_TOPOLOGY is clear in cn!options
if ((not cn.is_generated() or
cn.transport_guid == transport.guid) and
not cn.is_rodc_topology()):
# LET rguid be the objectGUID of the nTDSDSA object
# referenced by cn!fromServer
# LET lguid be (cn!parent)!objectGUID
# IF BridgeheadDCFailed(rguid, detectFailedDCs) = FALSE and
# BridgeheadDCFailed(lguid, detectFailedDCs) = FALSE
# Increment cValidConnections by 1
if (not self.is_bridgehead_failed(rdsa, detect_failed) and
not self.is_bridgehead_failed(ldsa, detect_failed)):
valid_connections += 1
# IF keepConnections does not contain cn!objectGUID
# APPEND cn!objectGUID to keepConnections
if not self.keep_connection(cn):
self.keep_connection_list.append(cn)
# ENDFOR
# IF cValidConnections = 0
if valid_connections == 0:
# LET opt be NTDSCONN_OPT_IS_GENERATED
opt = dsdb.NTDSCONN_OPT_IS_GENERATED
# IF bit NTDSSITELINK_OPT_USE_NOTIFY is set in ri.Options
# SET bits NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT and
# NTDSCONN_OPT_USE_NOTIFY in opt
if (link_opt & dsdb.NTDSSITELINK_OPT_USE_NOTIFY) != 0:
opt |= (dsdb.NTDSCONN_OPT_OVERRIDE_NOTIFY_DEFAULT |
dsdb.NTDSCONN_OPT_USE_NOTIFY)
# IF bit NTDSSITELINK_OPT_TWOWAY_SYNC is set in ri.Options
# SET bit NTDSCONN_OPT_TWOWAY_SYNC opt
if (link_opt & dsdb.NTDSSITELINK_OPT_TWOWAY_SYNC) != 0:
opt |= dsdb.NTDSCONN_OPT_TWOWAY_SYNC
# IF bit NTDSSITELINK_OPT_DISABLE_COMPRESSION is set in
# ri.Options
# SET bit NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION in opt
if (link_opt &
dsdb.NTDSSITELINK_OPT_DISABLE_COMPRESSION) != 0:
opt |= dsdb.NTDSCONN_OPT_DISABLE_INTERSITE_COMPRESSION
# Perform an originating update to create a new nTDSConnection
# object cn that is a child of lbh, cn!enabledConnection = TRUE,
# cn!options = opt, cn!transportType is a reference to t,
# cn!fromServer is a reference to rbh, and cn!schedule = sch
cn = lbh.new_connection(opt, 0, transport, lbh.dsa_dnstr, link_sched)
# Display any added connection
if opts.readonly:
if cn.to_be_added:
logger.info("TO BE ADDED:\n%s" % cn)
lbh.commit_connections(self.samdb, ro=True)
else:
lbh.commit_connections(self.samdb)
# APPEND cn!objectGUID to keepConnections
if not self.keep_connection(cn):
self.keep_connection_list.append(cn)
def add_transports(self, vertex, local_vertex, graph, detect_failed):
# The docs ([MS-ADTS] 6.2.2.3.4.3) say to use local_vertex
# here and in the, but using vertex seems to make more
# sense. That is, it wants this:
#
#bh = self.get_bridgehead(vertex.site, vertex.part, transport,
# local_vertex.is_black(), detect_failed)
#
# TODO WHY?????
vertex.accept_red_red = []
vertex.accept_black = []
found_failed = False
for t_guid, transport in self.transport_table.items():
if transport.name != 'IP':
continue
DEBUG_BLUE(t_guid)
# FLAG_CR_NTDS_DOMAIN 0x00000002
if (vertex.is_red() and transport.name != "IP" and
vertex.part.system_flags & 0x00000002):
continue
if vertex not in graph.connected_vertices:
continue
partial_replica_okay = vertex.is_black()
bh = self.get_bridgehead(vertex.site, vertex.part, transport,
partial_replica_okay, detect_failed)
if bh is None:
found_failed = True
continue
vertex.accept_red_red.append(t_guid)
vertex.accept_black.append(t_guid)
# Add additional transport to allow another run of Dijkstra
vertex.accept_red_red.append("EDGE_TYPE_ALL")
vertex.accept_black.append("EDGE_TYPE_ALL")
return found_failed
def create_connections(self, graph, part, detect_failed):
"""Construct an NC replica graph for the NC identified by
the given crossRef, then create any additional nTDSConnection
objects required.
:param graph: site graph.
:param part: crossRef object for NC.
:param detect_failed: True to detect failed DCs and route
replication traffic around them, False to assume no DC
has failed.
Modifies self.keep_connection_list by adding any connections
deemed to be "in use".
::returns: (all_connected, found_failed_dc)
(all_connected) True if the resulting NC replica graph
connects all sites that need to be connected.
(found_failed_dc) True if one or more failed DCs were
detected.
"""
all_connected = True
found_failed = False
logger.debug("create_connections(): enter\n\tpartdn=%s\n\tdetect_failed=%s" %
(part.nc_dnstr, detect_failed))
# XXX - This is a highly abbreviated function from the MS-TECH
# ref. It creates connections between bridgeheads to all
# sites that have appropriate replicas. Thus we are not
# creating a minimum cost spanning tree but instead
# producing a fully connected tree. This should produce
# a full (albeit not optimal cost) replication topology.
my_vertex = Vertex(self.my_site, part)
my_vertex.color_vertex()
for v in graph.vertices:
v.color_vertex()
if self.add_transports(v, my_vertex, graph, False):
found_failed = True
# No NC replicas for this NC in the site of the local DC,
# so no nTDSConnection objects need be created
if my_vertex.is_white():
return all_connected, found_failed
edge_list, component_count = self.get_spanning_tree_edges(graph, label=part.partstr)
logger.debug("%s Number of components: %d" % (part.nc_dnstr, component_count))
if component_count > 1:
all_connected = False
# LET partialReplicaOkay be TRUE if and only if
# localSiteVertex.Color = COLOR.BLACK
if my_vertex.is_black():
partial_ok = True
else:
partial_ok = False
# Utilize the IP transport only for now
transport = None
for transport in self.transport_table.values():
if transport.name == "IP":
break
if transport is None:
raise Exception("Unable to find inter-site transport for IP")
for e in edge_list:
if e.directed and e.vertices[0].site is self.my_site: # more accurate comparison?
continue
if e.vertices[0].site is self.my_site:
rsite = e.vertices[1].site
else:
rsite = e.vertices[0].site
# We don't make connections to our own site as that
# is intrasite topology generator's job
if rsite is self.my_site:
continue
# Determine bridgehead server in remote site
rbh = self.get_bridgehead(rsite, part, transport,
partial_ok, detect_failed)
# RODC acts as an BH for itself
# IF AmIRODC() then
# LET lbh be the nTDSDSA object of the local DC
# ELSE
# LET lbh be the result of GetBridgeheadDC(localSiteVertex.ID,
# cr, t, partialReplicaOkay, detectFailedDCs)
if self.my_dsa.is_ro():
lsite = self.my_site
lbh = self.my_dsa
else:
lsite = self.my_site
lbh = self.get_bridgehead(lsite, part, transport,
partial_ok, detect_failed)
# TODO
if lbh is None:
return False, True
sitelink = e.site_link
if sitelink is None:
link_opt = 0x0
link_sched = None
else:
link_opt = sitelink.options
link_sched = sitelink.schedule
self.create_connection(part, rbh, rsite, transport,
lbh, lsite, link_opt, link_sched,
partial_ok, detect_failed)
return all_connected, found_failed
def create_intersite_connections(self):
"""Computes an NC replica graph for each NC replica that "should be
present" on the local DC or "is present" on any DC in the same site
as the local DC. For each edge directed to an NC replica on such a
DC from an NC replica on a DC in another site, the KCC creates an
nTDSConnection object to imply that edge if one does not already
exist.
Modifies self.keep_connection_list - A list of nTDSConnection
objects for edges that are directed
to the local DC's site in one or more NC replica graphs.
returns: True if spanning trees were created for all NC replica
graphs, otherwise False.
"""
all_connected = True
self.keep_connection_list = []
# LET crossRefList be the set containing each object o of class
# crossRef such that o is a child of the CN=Partitions child of the
# config NC
# FOR each crossRef object cr in crossRefList
# IF cr!enabled has a value and is false, or if FLAG_CR_NTDS_NC
# is clear in cr!systemFlags, skip cr.
# LET g be the GRAPH return of SetupGraph()
for part in self.part_table.values():
if not part.is_enabled():
continue
if part.is_foreign():
continue
graph = self.setup_graph(part)
# Create nTDSConnection objects, routing replication traffic
# around "failed" DCs.
found_failed = False
connected, found_failed = self.create_connections(graph, part, True)
if not connected:
all_connected = False
if found_failed:
# One or more failed DCs preclude use of the ideal NC
# replica graph. Add connections for the ideal graph.
self.create_connections(graph, part, False)
return all_connected
def get_spanning_tree_edges(self, graph, label=None):
# Phase 1: Run Dijkstra's to get a list of internal edges, which are
# just the shortest-paths connecting colored vertices
internal_edges = set()
for e_set in graph.edge_set:
edgeType = None
for v in graph.vertices:
v.edges = []
# All con_type in an edge set is the same
for e in e_set.edges:
edgeType = e.con_type
for v in e.vertices:
v.edges.append(e)
if opts.verify or opts.dot_files:
graph_edges = [(a.site.site_dnstr, b.site.site_dnstr)
for a, b in itertools.chain(*(itertools.combinations(edge.vertices, 2)
for edge in e_set.edges))]
graph_nodes = [v.site.site_dnstr for v in graph.vertices]
verify_properties = ('complete', 'connected', 'multi_edge_forest', 'forest',
'directed_double_ring')
if opts.dot_files:
write_dot_file('edgeset_%s' % (edgeType,), graph_edges, vertices=graph_nodes,
label=label)
if opts.verify:
verify_graph('spanning tree edge set %s' % edgeType, graph_edges, vertices=graph_nodes,
properties=verify_properties, debug=DEBUG)
# Run dijkstra's algorithm with just the red vertices as seeds
# Seed from the full replicas
dijkstra(graph, edgeType, False)
# Process edge set
process_edge_set(graph, e_set, internal_edges)
# Run dijkstra's algorithm with red and black vertices as the seeds
# Seed from both full and partial replicas
dijkstra(graph, edgeType, True)
# Process edge set
process_edge_set(graph, e_set, internal_edges)
# All vertices have root/component as itself
setup_vertices(graph)
process_edge_set(graph, None, internal_edges)
if opts.verify or opts.dot_files:
graph_edges = [(e.v1.site.site_dnstr, e.v2.site.site_dnstr) for e in internal_edges]
graph_nodes = [v.site.site_dnstr for v in graph.vertices]
verify_properties = ('complete', 'connected', 'multi_edge_forest', 'forest',
'directed_double_ring')
verify_and_dot('prekruskal', graph_edges, graph_nodes, label=label,
properties=verify_properties, debug=DEBUG, verify=opts.verify,
dot_files=opts.dot_files)
# Phase 2: Run Kruskal's on the internal edges
output_edges, components = kruskal(graph, internal_edges)
# This recalculates the cost for the path connecting the closest red vertex
# Ignoring types is fine because NO suboptimal edge should exist in the graph
dijkstra(graph, "EDGE_TYPE_ALL", False) # TODO rename
# Phase 3: Process the output
for v in graph.vertices:
if v.is_red():
v.dist_to_red = 0
else:
v.dist_to_red = v.repl_info.cost
if opts.verify or opts.dot_files:
graph_edges = [(e.v1.site.site_dnstr, e.v2.site.site_dnstr) for e in internal_edges]
graph_nodes = [v.site.site_dnstr for v in graph.vertices]
verify_properties = ('complete', 'connected', 'multi_edge_forest', 'forest', 'directed_double_ring')
verify_and_dot('postkruskal', graph_edges, graph_nodes, label=label,
properties=verify_properties, debug=DEBUG, verify=opts.verify,
dot_files=opts.dot_files)
# count the components
return self.copy_output_edges(graph, output_edges), components
# This ensures only one-way connections for partial-replicas
def copy_output_edges(self, graph, output_edges):
edge_list = []
vid = self.my_site # object guid for the local dc's site
for edge in output_edges:
# Three-way edges are no problem here since these were created by
# add_out_edge which only has two endpoints
v = edge.vertices[0]
w = edge.vertices[1]
if v.site is vid or w.site is vid:
if (v.is_black() or w.is_black()) and not v.dist_to_red == MAX_DWORD:
edge.directed = True
if w.dist_to_red < v.dist_to_red:
edge.vertices[0] = w
edge.vertices[1] = v
edge_list.append(edge)
return edge_list
def intersite(self):
"""The head method for generating the inter-site KCC replica
connection graph and attendant nTDSConnection objects
in the samdb.
Produces self.keep_connection_list[] of NTDS Connections
that should be kept during subsequent pruning process.
::return (True or False): (True) if the produced NC replica
graph connects all sites that need to be connected
"""
# Retrieve my DSA
mydsa = self.my_dsa
mysite = self.my_site
all_connected = True
logger.debug("intersite(): enter")
# Determine who is the ISTG
if opts.readonly:
mysite.select_istg(self.samdb, mydsa, ro=True)
else:
mysite.select_istg(self.samdb, mydsa, ro=False)
# Test whether local site has topology disabled
if mysite.is_intersite_topology_disabled():
logger.debug("intersite(): exit disabled all_connected=%d" %
all_connected)
return all_connected
if not mydsa.is_istg():
logger.debug("intersite(): exit not istg all_connected=%d" %
all_connected)
return all_connected
self.merge_failed_links()
# For each NC with an NC replica that "should be present" on the
# local DC or "is present" on any DC in the same site as the
# local DC, the KCC constructs a site graph--a precursor to an NC
# replica graph. The site connectivity for a site graph is defined
# by objects of class interSiteTransport, siteLink, and
# siteLinkBridge in the config NC.
all_connected = self.create_intersite_connections()
logger.debug("intersite(): exit all_connected=%d" % all_connected)
return all_connected
def update_rodc_connection(self):
"""Runs when the local DC is an RODC and updates the RODC NTFRS
connection object.
"""
# Given an nTDSConnection object cn1, such that cn1.options contains
# NTDSCONN_OPT_RODC_TOPOLOGY, and another nTDSConnection object cn2,
# does not contain NTDSCONN_OPT_RODC_TOPOLOGY, modify cn1 to ensure
# that the following is true:
#
# cn1.fromServer = cn2.fromServer
# cn1.schedule = cn2.schedule
#
# If no such cn2 can be found, cn1 is not modified.
# If no such cn1 can be found, nothing is modified by this task.
if not self.my_dsa.is_ro():
return
cn2 = None
# Find cn2 - the DRS NTDSConnection
for con in self.my_dsa.connect_table.values():
if not con.is_rodc_topology():
cn2 = con
break
# Find cn1 - the FRS NTDSConnection
if cn2 is not None:
for con in self.my_dsa.connect_table.values():
if con.is_rodc_topology():
con.from_dnstr = cn2.from_dnstr
con.schedule = cn2.schedule
con.to_be_modified = True
# Commit changes to the database
self.my_dsa.commit_connections(self.samdb, ro=opts.readonly)
def intrasite_max_node_edges(self, node_count):
"""Returns the maximum number of edges directed to a node in
the intrasite replica graph.
The KCC does not create more
than 50 edges directed to a single DC. To optimize replication,
we compute that each node should have n+2 total edges directed
to it such that (n) is the smallest non-negative integer
satisfying (node_count <= 2*(n*n) + 6*n + 7)
edges n nodecount
2 0 7
3 1 15
4 2 27
5 3 43
...
50 48 4903
:param node_count: total number of nodes in the replica graph
"""
n = 0
while True:
if node_count <= (2 * (n * n) + (6 * n) + 7):
break
n = n + 1
n = n + 2
if n < 50:
return n
return 50
def construct_intrasite_graph(self, site_local, dc_local,
nc_x, gc_only, detect_stale):
# [MS-ADTS] 6.2.2.2
# We're using the MS notation names here to allow
# correlation back to the published algorithm.
#
# nc_x - naming context (x) that we are testing if it
# "should be present" on the local DC
# f_of_x - replica (f) found on a DC (s) for NC (x)
# dc_s - DC where f_of_x replica was found
# dc_local - local DC that potentially needs a replica
# (f_of_x)
# r_list - replica list R
# p_of_x - replica (p) is partial and found on a DC (s)
# for NC (x)
# l_of_x - replica (l) is the local replica for NC (x)
# that should appear on the local DC
# r_len = is length of replica list |R|
#
# If the DSA doesn't need a replica for this
# partition (NC x) then continue
needed, ro, partial = nc_x.should_be_present(dc_local)
DEBUG_YELLOW("construct_intrasite_graph(): enter" +
"\n\tgc_only=%d" % gc_only +
"\n\tdetect_stale=%d" % detect_stale +
"\n\tneeded=%s" % needed +
"\n\tro=%s" % ro +
"\n\tpartial=%s" % partial +
"\n%s" % nc_x)
if not needed:
DEBUG_RED("%s lacks 'should be present' status, aborting construct_intersite_graph!" %
nc_x.nc_dnstr)
return
# Create a NCReplica that matches what the local replica
# should say. We'll use this below in our r_list
l_of_x = NCReplica(dc_local.dsa_dnstr, dc_local.dsa_guid,
nc_x.nc_dnstr)
l_of_x.identify_by_basedn(self.samdb)
l_of_x.rep_partial = partial
l_of_x.rep_ro = ro
# Add this replica that "should be present" to the
# needed replica table for this DSA
dc_local.add_needed_replica(l_of_x)
# Replica list
#
# Let R be a sequence containing each writable replica f of x
# such that f "is present" on a DC s satisfying the following
# criteria:
#
# * s is a writable DC other than the local DC.
#
# * s is in the same site as the local DC.
#
# * If x is a read-only full replica and x is a domain NC,
# then the DC's functional level is at least
# DS_BEHAVIOR_WIN2008.
#
# * Bit NTDSSETTINGS_OPT_IS_TOPL_DETECT_STALE_DISABLED is set
# in the options attribute of the site settings object for
# the local DC's site, or no tuple z exists in the
# kCCFailedLinks or kCCFailedConnections variables such
# that z.UUIDDsa is the objectGUID of the nTDSDSA object
# for s, z.FailureCount > 0, and the current time -
# z.TimeFirstFailure > 2 hours.
r_list = []
# We'll loop thru all the DSAs looking for
# writeable NC replicas that match the naming
# context dn for (nc_x)
#
for dc_s in self.my_site.dsa_table.values():
# If this partition (nc_x) doesn't appear as a
# replica (f_of_x) on (dc_s) then continue
if not nc_x.nc_dnstr in dc_s.current_rep_table:
continue
# Pull out the NCReplica (f) of (x) with the dn
# that matches NC (x) we are examining.
f_of_x = dc_s.current_rep_table[nc_x.nc_dnstr]
# Replica (f) of NC (x) must be writable
if f_of_x.is_ro():
continue
# Replica (f) of NC (x) must satisfy the
# "is present" criteria for DC (s) that
# it was found on
if not f_of_x.is_present():
continue
# DC (s) must be a writable DSA other than
# my local DC. In other words we'd only replicate
# from other writable DC
if dc_s.is_ro() or dc_s is dc_local:
continue
# Certain replica graphs are produced only
# for global catalogs, so test against
# method input parameter
# XXX can't see this in the KCC docs, though it sounds convincing
if gc_only and not dc_s.is_gc():
continue
# DC (s) must be in the same site as the local DC
# as this is the intra-site algorithm. This is
# handled by virtue of placing DSAs in per
# site objects (see enclosing for() loop)
# If NC (x) is intended to be read-only full replica
# for a domain NC on the target DC then the source
# DC should have functional level at minimum WIN2008
#
# Effectively we're saying that in order to replicate
# to a targeted RODC (which was introduced in Windows 2008)
# then we have to replicate from a DC that is also minimally
# at that level.
#
# You can also see this requirement in the MS special
# considerations for RODC which state that to deploy
# an RODC, at least one writable domain controller in
# the domain must be running Windows Server 2008
if ro and not partial and nc_x.nc_type == NCType.domain:
if not dc_s.is_minimum_behavior(dsdb.DS_DOMAIN_FUNCTION_2008):
continue
# If we haven't been told to turn off stale connection
# detection and this dsa has a stale connection then
# continue
if detect_stale and self.is_stale_link_connection(dc_s):
continue
# Replica meets criteria. Add it to table indexed
# by the GUID of the DC that it appears on
r_list.append(f_of_x)
# If a partial (not full) replica of NC (x) "should be present"
# on the local DC, append to R each partial replica (p of x)
# such that p "is present" on a DC satisfying the same
# criteria defined above for full replica DCs.
#
# XXX This loop and the previous one differ only in whether
# the replica is partial or not. here we only accept partial
# (because we're partial); before we only accepted full. Order
# doen't matter (the list is sorted a few lines down) so these
# loops could easily be merged. Or this could be a helper
# function.
if partial:
# Now we loop thru all the DSAs looking for
# partial NC replicas that match the naming
# context dn for (NC x)
for dc_s in self.my_site.dsa_table.values():
# If this partition NC (x) doesn't appear as a
# replica (p) of NC (x) on the dsa DC (s) then
# continue
if not nc_x.nc_dnstr in dc_s.current_rep_table:
continue
# Pull out the NCReplica with the dn that
# matches NC (x) we are examining.
p_of_x = dc_s.current_rep_table[nc_x.nc_dnstr]
# Replica (p) of NC (x) must be partial
if not p_of_x.is_partial():
continue
# Replica (p) of NC (x) must satisfy the
# "is present" criteria for DC (s) that
# it was found on
if not p_of_x.is_present():
continue
# DC (s) must be a writable DSA other than
# my DSA. In other words we'd only replicate
# from other writable DSA
if dc_s.is_ro() or dc_s is dc_local:
continue
# Certain replica graphs are produced only
# for global catalogs, so test against
# method input parameter
if gc_only and not dc_s.is_gc():
continue
# DC (s) must be in the same site as the local DC
# as this is the intra-site algorithm. This is
# handled by virtue of placing DSAs in per
# site objects (see enclosing for() loop)
# This criteria is moot (a no-op) for this case
# because we are scanning for (partial = True). The
# MS algorithm statement says partial replica scans
# should adhere to the "same" criteria as full replica
# scans so the criteria doesn't change here...its just
# rendered pointless.
#
# The case that is occurring would be a partial domain
# replica is needed on a local DC global catalog. There
# is no minimum windows behavior for those since GCs
# have always been present.
if ro and not partial and nc_x.nc_type == NCType.domain:
if not dc_s.is_minimum_behavior(dsdb.DS_DOMAIN_FUNCTION_2008):
continue
# If we haven't been told to turn off stale connection
# detection and this dsa has a stale connection then
# continue
if detect_stale and self.is_stale_link_connection(dc_s):
continue
# Replica meets criteria. Add it to table indexed
# by the GUID of the DSA that it appears on
r_list.append(p_of_x)
# Append to R the NC replica that "should be present"
# on the local DC
r_list.append(l_of_x)
r_list.sort(sort_replica_by_dsa_guid)
r_len = len(r_list)
max_node_edges = self.intrasite_max_node_edges(r_len)
# Add a node for each r_list element to the replica graph
graph_list = []
for rep in r_list:
node = GraphNode(rep.rep_dsa_dnstr, max_node_edges)
graph_list.append(node)
# For each r(i) from (0 <= i < |R|-1)
i = 0
while i < (r_len-1):
# Add an edge from r(i) to r(i+1) if r(i) is a full
# replica or r(i+1) is a partial replica
if not r_list[i].is_partial() or r_list[i+1].is_partial():
graph_list[i+1].add_edge_from(r_list[i].rep_dsa_dnstr)
# Add an edge from r(i+1) to r(i) if r(i+1) is a full
# replica or ri is a partial replica.
if not r_list[i+1].is_partial() or r_list[i].is_partial():
graph_list[i].add_edge_from(r_list[i+1].rep_dsa_dnstr)
i = i + 1
# Add an edge from r|R|-1 to r0 if r|R|-1 is a full replica
# or r0 is a partial replica.
if not r_list[r_len-1].is_partial() or r_list[0].is_partial():
graph_list[0].add_edge_from(r_list[r_len-1].rep_dsa_dnstr)
# Add an edge from r0 to r|R|-1 if r0 is a full replica or
# r|R|-1 is a partial replica.
if not r_list[0].is_partial() or r_list[r_len-1].is_partial():
graph_list[r_len-1].add_edge_from(r_list[0].rep_dsa_dnstr)
if opts.verify or opts.dot_files:
dot_edges = []
dot_vertices = set()
for v1 in graph_list:
dot_vertices.add(v1.dsa_dnstr)
for v2 in v1.edge_from:
dot_edges.append((v2, v1.dsa_dnstr))
dot_vertices.add(v2)
verify_properties = ('connected', 'directed_double_ring')
verify_and_dot('intrasite_pre_ntdscon', dot_edges, dot_vertices,
label='%s__%s__%s' % (site_local.site_dnstr, nc_x.nc_type, nc_x.nc_dnstr),
properties=verify_properties, debug=DEBUG, verify=opts.verify,
dot_files=opts.dot_files, directed=True)
# For each existing nTDSConnection object implying an edge
# from rj of R to ri such that j != i, an edge from rj to ri
# is not already in the graph, and the total edges directed
# to ri is less than n+2, the KCC adds that edge to the graph.
i = 0
while i < r_len:
dsa = self.my_site.dsa_table[graph_list[i].dsa_dnstr]
DEBUG_REV_RED(dsa.dsa_dnstr)
graph_list[i].add_edges_from_connections(dsa)
i = i + 1
DEBUG([x.rep_dsa_dnstr for x in r_list])
DEBUG_YELLOW([x.dsa_dnstr for x in graph_list])
for tnode in graph_list:
# To optimize replication latency in sites with many NC replicas, the
# KCC adds new edges directed to ri to bring the total edges to n+2,
# where the NC replica rk of R from which the edge is directed
# is chosen at random such that k != i and an edge from rk to ri
# is not already in the graph.
#
# Note that the KCC tech ref does not give a number for the definition
# of "sites with many NC replicas". At a bare minimum to satisfy
# n+2 edges directed at a node we have to have at least three replicas
# in |R| (i.e. if n is zero then at least replicas from two other graph
# nodes may direct edges to us).
if r_len >= 3:
candidates = [x for x in graph_list if (x is not tnode and
x.dsa_dnstr not in tnode.edge_from)]
DEBUG_BLUE("looking for random link for %s. r_len %d, graph len %d candidates %d"
% (tnode.dsa_dnstr, r_len, len(graph_list), len(candidates)))
DEBUG("candidates %s" % [x.dsa_dnstr for x in candidates])
while candidates and not tnode.has_sufficient_edges():
other = random.choice(candidates)
if not tnode.add_edge_from(other):
DEBUG_RED("could not add remote %s" % other.dsa_dstr)
candidates.remove(other)
# Print the graph node in debug mode
logger.debug("%s" % tnode)
# For each edge directed to the local DC, ensure a nTDSConnection
# points to us that satisfies the KCC criteria
if tnode.dsa_dnstr == dc_local.dsa_dnstr:
tnode.add_connections_from_edges(dc_local)
if opts.verify or opts.dot_files:
dot_edges = []
dot_vertices = set()
for v1 in graph_list:
dot_vertices.add(v1.dsa_dnstr)
for v2 in v1.edge_from:
dot_edges.append((v2, v1.dsa_dnstr))
dot_vertices.add(v2)
verify_properties = ('complete', 'connected', 'multi_edge_forest', 'forest', 'directed_double_ring')
verify_and_dot('intrasite_post_ntdscon', dot_edges, dot_vertices,
label='%s__%s__%s' % (site_local.site_dnstr, nc_x.nc_type, nc_x.nc_dnstr),
properties=verify_properties, debug=DEBUG, verify=opts.verify,
dot_files=opts.dot_files, directed=True)
def intrasite(self):
"""The head method for generating the intra-site KCC replica
connection graph and attendant nTDSConnection objects
in the samdb
"""
# Retrieve my DSA
mydsa = self.my_dsa
logger.debug("intrasite(): enter")
# Test whether local site has topology disabled
mysite = self.site_table[str(self.my_site_guid)]
if mysite.is_intrasite_topology_disabled():
return
detect_stale = (not mysite.is_detect_stale_disabled())
# Loop thru all the partitions.
for partdn, part in self.part_table.items():
self.construct_intrasite_graph(mysite, mydsa, part, False,
detect_stale)
# If the DC is a GC server, the KCC constructs an additional NC
# replica graph (and creates nTDSConnection objects) for the
# config NC as above, except that only NC replicas that "are present"
# on GC servers are added to R.
for partdn, part in self.part_table.items():
if part.is_config():
self.construct_intrasite_graph(mysite, mydsa, part, True,
detect_stale)
# The DC repeats the NC replica graph computation and nTDSConnection
# creation for each of the NC replica graphs, this time assuming
# that no DC has failed. It does so by re-executing the steps as
# if the bit NTDSSETTINGS_OPT_IS_TOPL_DETECT_STALE_DISABLED were
# set in the options attribute of the site settings object for
# the local DC's site. (ie. we set "detec_stale" flag to False)
# Loop thru all the partitions.
for partdn, part in self.part_table.items():
self.construct_intrasite_graph(mysite, mydsa, part, False,
False) # don't detect stale
# If the DC is a GC server, the KCC constructs an additional NC
# replica graph (and creates nTDSConnection objects) for the
# config NC as above, except that only NC replicas that "are present"
# on GC servers are added to R.
for partdn, part in self.part_table.items():
if part.is_config():
self.construct_intrasite_graph(mysite, mydsa, part, True,
False) # don't detect stale
if opts.readonly:
# Display any to be added or modified repsFrom
for dnstr, connect in mydsa.connect_table.items():
if connect.to_be_deleted:
logger.info("TO BE DELETED:\n%s" % connect)
if connect.to_be_modified:
logger.info("TO BE MODIFIED:\n%s" % connect)
if connect.to_be_added:
DEBUG_GREEN("TO BE ADDED:\n%s" % connect)
mydsa.commit_connections(self.samdb, ro=True)
else:
# Commit any newly created connections to the samdb
mydsa.commit_connections(self.samdb)
def run(self, dburl, lp, creds, forced_local_dsa=None):
"""Method to perform a complete run of the KCC and
produce an updated topology for subsequent NC replica
syncronization between domain controllers
"""
# We may already have a samdb setup if we are
# currently importing an ldif for a test run
if self.samdb is None:
try:
self.samdb = SamDB(url=dburl,
session_info=system_session(),
credentials=creds, lp=lp)
except ldb.LdbError, (num, msg):
logger.error("Unable to open sam database %s : %s" %
(dburl, msg))
return 1
if forced_local_dsa:
self.samdb.set_ntds_settings_dn("CN=NTDS Settings,%s" % forced_local_dsa)
try:
# Setup
self.load_my_site()
self.load_my_dsa()
self.load_all_sites()
self.load_all_partitions()
self.load_all_transports()
self.load_all_sitelinks()
if opts.verify or opts.dot_files:
dot_edges = []
for site in self.site_table.values():
for dsa in site.dsa_table.values():
for con in dsa.connect_table.values():
dot_edges.append((dsa.dsa_dnstr, con.from_dnstr))
verify_and_dot('dsa_initial', dot_edges, label=self.my_dsa_dnstr,
properties=(), debug=DEBUG, verify=opts.verify,
dot_files=opts.dot_files)
dot_edges = []
for site in self.site_table.values():
for dsa in site.dsa_table.values():
c_rep = get_dsa_config_rep(dsa)
c_rep.load_repsFrom(self.samdb)
for x in c_rep.rep_repsFrom:
#print dir(x)
dot_edges.append((c_rep.rep_dsa_dnstr, x.nc_dnstr))
verify_and_dot('config_repsFrom_initial', dot_edges, directed=True, label=self.my_dsa_dnstr,
properties=(), debug=DEBUG, verify=opts.verify,
dot_files=opts.dot_files)
dot_edges = []
for site in self.site_table.values():
for dsa in site.dsa_table.values():
for x in dsa.current_rep_table:
dot_edges.append((dsa.dsa_dnstr, x))
verify_and_dot('dsa_repsFrom_initial', dot_edges, directed=True, label=self.my_dsa_dnstr,
properties=(), debug=DEBUG, verify=opts.verify,
dot_files=opts.dot_files)
dot_edges = []
for link in self.sitelink_table.values():
for a, b in itertools.combinations(link.site_list, 2):
dot_edges.append((str(a), str(b)))
verify_properties = ('connected',)
verify_and_dot('dsa_sitelink_initial', dot_edges, directed=False, label=self.my_dsa_dnstr,
properties=verify_properties, debug=DEBUG, verify=opts.verify,
dot_files=opts.dot_files)
# These are the published steps (in order) for the
# MS-TECH description of the KCC algorithm ([MS-ADTS] 6.2.2)
# Step 1
self.refresh_failed_links_connections()
# Step 2
self.intrasite()
# Step 3
all_connected = self.intersite()
# Step 4
self.remove_unneeded_ntdsconn(all_connected)
# Step 5
self.translate_ntdsconn()
# Step 6
self.remove_unneeded_failed_links_connections()
# Step 7
self.update_rodc_connection()
if opts.verify or opts.dot_files:
dot_edges = []
for site in self.site_table.values():
for dsa in site.dsa_table.values():
for con in dsa.connect_table.values():
dot_edges.append((dsa.dsa_dnstr, con.from_dnstr))
verify_properties = ('complete', 'connected', 'multi_edge_forest', 'forest', 'directed_double_ring')
verify_and_dot('dsa_final', dot_edges, label=self.my_dsa_dnstr,
properties=verify_properties, debug=DEBUG, verify=opts.verify,
dot_files=opts.dot_files)
except:
raise
return 0
def import_ldif(self, dburl, lp, creds, ldif_file):
"""Routine to import all objects and attributes that are relevent
to the KCC algorithms from a previously exported LDIF file.
The point of this function is to allow a programmer/debugger to
import an LDIF file with non-security relevent information that
was previously extracted from a DC database. The LDIF file is used
to create a temporary abbreviated database. The KCC algorithm can
then run against this abbreviated database for debug or test
verification that the topology generated is computationally the
same between different OSes and algorithms.
:param dburl: path to the temporary abbreviated db to create
:param ldif_file: path to the ldif file to import
"""
if os.path.exists(dburl):
logger.error("Specify a database (%s) that doesn't already exist." %
dburl)
return 1
# Use ["modules:"] as we are attempting to build a sam
# database as opposed to start it here.
self.samdb = Ldb(url=dburl, session_info=system_session(),
lp=lp, options=["modules:"])
self.samdb.transaction_start()
try:
data = read_and_sub_file(ldif_file, None)
self.samdb.add_ldif(data, None)
except Exception, estr:
logger.error("%s" % estr)
self.samdb.transaction_cancel()
return 1
else:
self.samdb.transaction_commit()
self.samdb = None
# We have an abbreviated list of options here because we have built
# an abbreviated database. We use the rootdse and extended-dn
# modules only during this re-open
self.samdb = SamDB(url=dburl, session_info=system_session(),
credentials=creds, lp=lp,
options=["modules:rootdse,extended_dn_out_ldb"])
return 0
def export_ldif(self, dburl, lp, creds, ldif_file):
"""Routine to extract all objects and attributes that are relevent
to the KCC algorithms from a DC database.
The point of this function is to allow a programmer/debugger to
extract an LDIF file with non-security relevent information from
a DC database. The LDIF file can then be used to "import" via
the import_ldif() function this file into a temporary abbreviated
database. The KCC algorithm can then run against this abbreviated
database for debug or test verification that the topology generated
is computationally the same between different OSes and algorithms.
:param dburl: LDAP database URL to extract info from
:param ldif_file: output LDIF file name to create
"""
try:
self.samdb = SamDB(url=dburl,
session_info=system_session(),
credentials=creds, lp=lp)
except ldb.LdbError, (enum, estr):
logger.error("Unable to open sam database (%s) : %s" %
(dburl, estr))
return 1
if os.path.exists(ldif_file):
logger.error("Specify a file (%s) that doesn't already exist." %
ldif_file)
return 1
try:
f = open(ldif_file, "w")
except IOError as ioerr:
logger.error("Unable to open (%s) : %s" % (ldif_file, str(ioerr)))
return 1
try:
# Query Partitions
attrs = [ "objectClass",
"objectGUID",
"cn",
"whenChanged",
"objectSid",
"Enabled",
"systemFlags",
"dnsRoot",
"nCName",
"msDS-NC-Replica-Locations",
"msDS-NC-RO-Replica-Locations" ]
sstr = "CN=Partitions,%s" % self.samdb.get_config_basedn()
res = self.samdb.search(base=sstr, scope=ldb.SCOPE_SUBTREE,
attrs=attrs,
expression="(objectClass=crossRef)")
# Write partitions output
write_search_result(self.samdb, f, res)
# Query cross reference container
attrs = [ "objectClass",
"objectGUID",
"cn",
"whenChanged",
"fSMORoleOwner",
"systemFlags",
"msDS-Behavior-Version",
"msDS-EnabledFeature" ]
sstr = "CN=Partitions,%s" % self.samdb.get_config_basedn()
res = self.samdb.search(base=sstr, scope=ldb.SCOPE_SUBTREE,
attrs=attrs,
expression="(objectClass=crossRefContainer)")
# Write cross reference container output
write_search_result(self.samdb, f, res)
# Query Sites
attrs = [ "objectClass",
"objectGUID",
"cn",
"whenChanged",
"systemFlags" ]
sstr = "CN=Sites,%s" % self.samdb.get_config_basedn()
sites = self.samdb.search(base=sstr, scope=ldb.SCOPE_SUBTREE,
attrs=attrs,
expression="(objectClass=site)")
# Write sites output
write_search_result(self.samdb, f, sites)
# Query NTDS Site Settings
for msg in sites:
sitestr = str(msg.dn)
attrs = [ "objectClass",
"objectGUID",
"cn",
"whenChanged",
"interSiteTopologyGenerator",
"interSiteTopologyFailover",
"schedule",
"options" ]
sstr = "CN=NTDS Site Settings,%s" % sitestr
res = self.samdb.search(base=sstr, scope=ldb.SCOPE_BASE,
attrs=attrs)
# Write Site Settings output
write_search_result(self.samdb, f, res)
# Naming context list
nclist = []
# Query Directory Service Agents
for msg in sites:
sstr = str(msg.dn)
ncattrs = [ "hasMasterNCs",
"msDS-hasMasterNCs",
"hasPartialReplicaNCs",
"msDS-HasDomainNCs",
"msDS-hasFullReplicaNCs",
"msDS-HasInstantiatedNCs" ]
attrs = [ "objectClass",
"objectGUID",
"cn",
"whenChanged",
"invocationID",
"options",
"msDS-isRODC",
"msDS-Behavior-Version" ]
res = self.samdb.search(base=sstr, scope=ldb.SCOPE_SUBTREE,
attrs=attrs + ncattrs,
expression="(objectClass=nTDSDSA)")
# Spin thru all the DSAs looking for NC replicas
# and build a list of all possible Naming Contexts
# for subsequent retrieval below
for msg in res:
for k in msg.keys():
if k in ncattrs:
for value in msg[k]:
# Some of these have binary DNs so
# use dsdb_Dn to split out relevent parts
dsdn = dsdb_Dn(self.samdb, value)
dnstr = str(dsdn.dn)
if dnstr not in nclist:
nclist.append(dnstr)
# Write DSA output
write_search_result(self.samdb, f, res)
# Query NTDS Connections
for msg in sites:
sstr = str(msg.dn)
attrs = [ "objectClass",
"objectGUID",
"cn",
"whenChanged",
"options",
"whenCreated",
"enabledConnection",
"schedule",
"transportType",
"fromServer",
"systemFlags" ]
res = self.samdb.search(base=sstr, scope=ldb.SCOPE_SUBTREE,
attrs=attrs,
expression="(objectClass=nTDSConnection)")
# Write NTDS Connection output
write_search_result(self.samdb, f, res)
# Query Intersite transports
attrs = [ "objectClass",
"objectGUID",
"cn",
"whenChanged",
"options",
"name",
"bridgeheadServerListBL",
"transportAddressAttribute" ]
sstr = "CN=Inter-Site Transports,CN=Sites,%s" % \
self.samdb.get_config_basedn()
res = self.samdb.search(sstr, scope=ldb.SCOPE_SUBTREE,
attrs=attrs,
expression="(objectClass=interSiteTransport)")
# Write inter-site transport output
write_search_result(self.samdb, f, res)
# Query siteLink
attrs = [ "objectClass",
"objectGUID",
"cn",
"whenChanged",
"systemFlags",
"options",
"schedule",
"replInterval",
"siteList",
"cost" ]
sstr = "CN=Sites,%s" % \
self.samdb.get_config_basedn()
res = self.samdb.search(sstr, scope=ldb.SCOPE_SUBTREE,
attrs=attrs,
expression="(objectClass=siteLink)",
controls=['extended_dn:0'])
# Write siteLink output
write_search_result(self.samdb, f, res)
# Query siteLinkBridge
attrs = [ "objectClass",
"objectGUID",
"cn",
"whenChanged",
"siteLinkList" ]
sstr = "CN=Sites,%s" % self.samdb.get_config_basedn()
res = self.samdb.search(sstr, scope=ldb.SCOPE_SUBTREE,
attrs=attrs,
expression="(objectClass=siteLinkBridge)")
# Write siteLinkBridge output
write_search_result(self.samdb, f, res)
# Query servers containers
# Needed for samdb.server_site_name()
attrs = [ "objectClass",
"objectGUID",
"cn",
"whenChanged",
"systemFlags" ]
sstr = "CN=Sites,%s" % self.samdb.get_config_basedn()
res = self.samdb.search(sstr, scope=ldb.SCOPE_SUBTREE,
attrs=attrs,
expression="(objectClass=serversContainer)")
# Write servers container output
write_search_result(self.samdb, f, res)
# Query servers
# Needed because some transport interfaces refer back to
# attributes found in the server object. Also needed
# so extended-dn will be happy with dsServiceName in rootDSE
attrs = [ "objectClass",
"objectGUID",
"cn",
"whenChanged",
"systemFlags",
"dNSHostName",
"mailAddress" ]
sstr = "CN=Sites,%s" % self.samdb.get_config_basedn()
res = self.samdb.search(sstr, scope=ldb.SCOPE_SUBTREE,
attrs=attrs,
expression="(objectClass=server)")
# Write server output
write_search_result(self.samdb, f, res)
# Query Naming Context replicas
attrs = [ "objectClass",
"objectGUID",
"cn",
"whenChanged",
"objectSid",
"fSMORoleOwner",
"msDS-Behavior-Version",
"repsFrom",
"repsTo" ]
for sstr in nclist:
res = self.samdb.search(sstr, scope=ldb.SCOPE_BASE,
attrs=attrs)
# Write naming context output
write_search_result(self.samdb, f, res)
# Query rootDSE replicas
attrs=[ "objectClass",
"objectGUID",
"cn",
"whenChanged",
"rootDomainNamingContext",
"configurationNamingContext",
"schemaNamingContext",
"defaultNamingContext",
"dsServiceName" ]
sstr = ""
res = self.samdb.search(sstr, scope=ldb.SCOPE_BASE,
attrs=attrs)
# Record the rootDSE object as a dn as it
# would appear in the base ldb file. We have
# to save it this way because we are going to
# be importing as an abbreviated database.
res[0].dn = ldb.Dn(self.samdb, "@ROOTDSE")
# Write rootdse output
write_search_result(self.samdb, f, res)
except ldb.LdbError, (enum, estr):
logger.error("Error processing (%s) : %s" % (sstr, estr))
return 1
f.close()
return 0
##################################################
# Global Functions
##################################################
def sort_replica_by_dsa_guid(rep1, rep2):
return cmp(rep1.rep_dsa_guid, rep2.rep_dsa_guid)
def sort_dsa_by_gc_and_guid(dsa1, dsa2):
if dsa1.is_gc() and not dsa2.is_gc():
return -1
if not dsa1.is_gc() and dsa2.is_gc():
return +1
return cmp(dsa1.dsa_guid, dsa2.dsa_guid)
def is_smtp_replication_available():
"""Currently always returns false because Samba
doesn't implement SMTP transfer for NC changes
between DCs
"""
return False
def write_search_result(samdb, f, res):
for msg in res:
lstr = samdb.write_ldif(msg, ldb.CHANGETYPE_NONE)
f.write("%s" % lstr)
def create_edge(con_type, site_link, guid_to_vertex):
e = MultiEdge()
e.site_link = site_link
e.vertices = []
for site_guid in site_link.site_list:
if str(site_guid) in guid_to_vertex:
e.vertices.extend(guid_to_vertex.get(str(site_guid)))
e.repl_info.cost = site_link.cost
e.repl_info.options = site_link.options
e.repl_info.interval = site_link.interval
e.repl_info.schedule = site_link.schedule
e.con_type = con_type
e.directed = False
return e
def create_auto_edge_set(graph, transport):
e_set = MultiEdgeSet()
e_set.guid = misc.GUID() # NULL guid, not associated with a SiteLinkBridge object
for site_link in graph.edges:
if site_link.con_type == transport:
e_set.edges.append(site_link)
return e_set
def create_edge_set(graph, transport, site_link_bridge):
# TODO not implemented - need to store all site link bridges
e_set = MultiEdgeSet()
# e_set.guid = site_link_bridge
return e_set
def setup_vertices(graph):
for v in graph.vertices:
if v.is_white():
v.repl_info.cost = MAX_DWORD
v.root = None
v.component_id = None
else:
v.repl_info.cost = 0
v.root = v
v.component_id = v
v.repl_info.interval = 0
v.repl_info.options = 0xFFFFFFFF
v.repl_info.schedule = None # TODO highly suspicious
v.demoted = False
def dijkstra(graph, edge_type, include_black):
queue = []
setup_dijkstra(graph, edge_type, include_black, queue)
while len(queue) > 0:
cost, guid, vertex = heapq.heappop(queue)
for edge in vertex.edges:
for v in edge.vertices:
if v is not vertex:
# add new path from vertex to v
try_new_path(graph, queue, vertex, edge, v)
def setup_dijkstra(graph, edge_type, include_black, queue):
setup_vertices(graph)
for vertex in graph.vertices:
if vertex.is_white():
continue
if ((vertex.is_black() and not include_black)
or edge_type not in vertex.accept_black
or edge_type not in vertex.accept_red_red):
vertex.repl_info.cost = MAX_DWORD
vertex.root = None # NULL GUID
vertex.demoted = True # Demoted appears not to be used
else:
heapq.heappush(queue, (vertex.repl_info.cost, vertex.guid, vertex))
def try_new_path(graph, queue, vfrom, edge, vto):
newRI = ReplInfo()
# What this function checks is that there is a valid time frame for
# which replication can actually occur, despite being adequately
# connected
intersect = combine_repl_info(vfrom.repl_info, edge.repl_info, newRI)
# If the new path costs more than the current, then ignore the edge
if newRI.cost > vto.repl_info.cost:
return
if newRI.cost < vto.repl_info.cost and not intersect:
return
new_duration = total_schedule(newRI.schedule)
old_duration = total_schedule(vto.repl_info.schedule)
# Cheaper or longer schedule
if newRI.cost < vto.repl_info.cost or new_duration > old_duration:
vto.root = vfrom.root
vto.component_id = vfrom.component_id
vto.repl_info = newRI
heapq.heappush(queue, (vto.repl_info.cost, vto.guid, vto))
def check_demote_vertex(vertex, edge_type):
if vertex.is_white():
return
# Accepts neither red-red nor black edges, demote
if edge_type not in vertex.accept_black and edge_type not in vertex.accept_red_red:
vertex.repl_info.cost = MAX_DWORD
vertex.root = None
vertex.demoted = True # Demoted appears not to be used
def undemote_vertex(vertex):
if vertex.is_white():
return
vertex.repl_info.cost = 0
vertex.root = vertex
vertex.demoted = False
def process_edge_set(graph, e_set, internal_edges):
if e_set is None:
for edge in graph.edges:
for vertex in edge.vertices:
check_demote_vertex(vertex, edge.con_type)
process_edge(graph, edge, internal_edges)
for vertex in edge.vertices:
undemote_vertex(vertex)
else:
for edge in e_set.edges:
process_edge(graph, edge, internal_edges)
def process_edge(graph, examine, internal_edges):
# Find the set of all vertices touches the edge to examine
vertices = []
for v in examine.vertices:
# Append a 4-tuple of color, repl cost, guid and vertex
vertices.append((v.color, v.repl_info.cost, v.guid, v))
# Sort by color, lower
vertices.sort()
color, cost, guid, bestv = vertices[0]
# Add to internal edges an edge from every colored vertex to bestV
for v in examine.vertices:
if v.component_id is None or v.root is None:
continue
# Only add edge if valid inter-tree edge - needs a root and
# different components
if (bestv.component_id is not None and bestv.root is not None
and v.component_id is not None and v.root is not None and
bestv.component_id != v.component_id):
add_int_edge(graph, internal_edges, examine, bestv, v)
# Add internal edge, endpoints are roots of the vertices to pass in and are always colored
def add_int_edge(graph, internal_edges, examine, v1, v2):
root1 = v1.root
root2 = v2.root
red_red = False
if root1.is_red() and root2.is_red():
red_red = True
if red_red:
if (examine.con_type not in root1.accept_red_red
or examine.con_type not in root2.accept_red_red):
return
else:
if (examine.con_type not in root1.accept_black
or examine.con_type not in root2.accept_black):
return
ri = ReplInfo()
ri2 = ReplInfo()
# Create the transitive replInfo for the two trees and this edge
if not combine_repl_info(v1.repl_info, v2.repl_info, ri):
return
# ri is now initialized
if not combine_repl_info(ri, examine.repl_info, ri2):
return
newIntEdge = InternalEdge(root1, root2, red_red, ri2, examine.con_type)
# Order by vertex guid
if newIntEdge.v1.guid > newIntEdge.v2.guid:
newIntEdge.v1 = root2
newIntEdge.v2 = root1
internal_edges.add(newIntEdge)
def kruskal(graph, edges):
for v in graph.vertices:
v.edges = []
components = set([x for x in graph.vertices if not x.is_white()])
edges = list(edges)
# Sorted based on internal comparison function of internal edge
edges.sort()
expected_num_tree_edges = 0 # TODO this value makes little sense
count_edges = 0
output_edges = []
index = 0
while index < len(edges): # TODO and num_components > 1
e = edges[index]
parent1 = find_component(e.v1)
parent2 = find_component(e.v2)
if parent1 is not parent2:
count_edges += 1
add_out_edge(graph, output_edges, e)
parent1.component_id = parent2
components.discard(parent1)
index += 1
return output_edges, len(components)
def find_component(vertex):
if vertex.component_id is vertex:
return vertex
current = vertex
while current.component_id is not current:
current = current.component_id
root = current
current = vertex
while current.component_id is not root:
n = current.component_id
current.component_id = root
current = n
return root
def add_out_edge(graph, output_edges, e):
v1 = e.v1
v2 = e.v2
# This multi-edge is a 'real' edge with no GUID
ee = MultiEdge()
ee.directed = False
ee.vertices.append(v1)
ee.vertices.append(v2)
ee.con_type = e.e_type
ee.repl_info = e.repl_info
output_edges.append(ee)
v1.edges.append(ee)
v2.edges.append(ee)
##################################################
# samba_kcc entry point
##################################################
parser = optparse.OptionParser("samba_kcc [options]")
sambaopts = options.SambaOptions(parser)
credopts = options.CredentialsOptions(parser)
parser.add_option_group(sambaopts)
parser.add_option_group(credopts)
parser.add_option_group(options.VersionOptions(parser))
parser.add_option("--readonly", default=False,
help="compute topology but do not update database",
action="store_true")
parser.add_option("--debug",
help="debug output",
action="store_true")
parser.add_option("--verify",
help="verify that assorted invariants are kept",
action="store_true")
parser.add_option("--list-verify-tests",
help="list what verification actions are available and do nothing else",
action="store_true")
parser.add_option("--no-dot-files", dest='dot_files',
help="Don't write dot graph files in /tmp",
default=True, action="store_false")
parser.add_option("--seed",
help="random number seed",
type=int)
parser.add_option("--importldif",
help="import topology ldif file",
type=str, metavar="<file>")
parser.add_option("--exportldif",
help="export topology ldif file",
type=str, metavar="<file>")
parser.add_option("-H", "--URL" ,
help="LDB URL for database or target server",
type=str, metavar="<URL>", dest="dburl")
parser.add_option("--tmpdb",
help="schemaless database file to create for ldif import",
type=str, metavar="<file>")
parser.add_option("--now",
help="assume current time is this ('YYYYmmddHHMMSS[tz]', default: system time)",
type=str, metavar="<date>")
parser.add_option("--forced-local-dsa",
help="run calculations assuming the DSA is this DN",
type=str, metavar="<DSA>")
logger = logging.getLogger("samba_kcc")
logger.addHandler(logging.StreamHandler(sys.stdout))
DEBUG = logger.debug
from functools import partial
def _colour_debug(*args, **kwargs):
DEBUG('%s%s%s' % (kwargs['colour'], args[0], C_NORMAL), *args[1:])
_globals = globals()
for _colour in ('DARK_RED', 'RED', 'DARK_GREEN', 'GREEN', 'YELLOW',
'DARK_YELLOW', 'DARK_BLUE', 'BLUE', 'PURPLE', 'MAGENTA',
'DARK_CYAN', 'CYAN', 'GREY', 'WHITE', 'REV_RED'):
_globals['DEBUG_' + _colour] = partial(_colour_debug, colour=_globals[_colour])
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
opts, args = parser.parse_args()
if opts.list_verify_tests:
list_verify_tests()
sys.exit(0)
if opts.debug:
logger.setLevel(logging.DEBUG)
elif opts.readonly:
logger.setLevel(logging.INFO)
else:
logger.setLevel(logging.WARNING)
# initialize seed from optional input parameter
if opts.seed:
random.seed(opts.seed)
else:
random.seed(0xACE5CA11)
if opts.dburl is None:
opts.dburl = lp.samdb_url()
if opts.now:
for timeformat in ("%Y%m%d%H%M%S%Z", "%Y%m%d%H%M%S"):
try:
now_tuple = time.strptime(opts.now, timeformat)
break
except ValueError:
pass
else:
# else happens if break doesn't --> no match
print >> sys.stderr, "could not parse time '%s'" % opts.now
sys.exit(1)
unix_now = int(time.mktime(now_tuple))
else:
unix_now = int(time.time())
# Instantiate Knowledge Consistency Checker and perform run
kcc = KCC()
if opts.exportldif:
rc = kcc.export_ldif(opts.dburl, lp, creds, opts.exportldif)
sys.exit(rc)
if opts.importldif:
if opts.tmpdb is None or opts.tmpdb.startswith('ldap'):
logger.error("Specify a target temp database file with --tmpdb option.")
sys.exit(1)
rc = kcc.import_ldif(opts.tmpdb, lp, creds, opts.importldif)
if rc != 0:
sys.exit(rc)
rc = kcc.run(opts.dburl, lp, creds, opts.forced_local_dsa)
sys.exit(rc)
View Git Blame Copy Permalink