[PATCH] fix samba-tool visualize ntdsconn titles

Thu Apr 19 23:39:54 UTC 2018

Samba-tool visualize ntdsconn is labelling its output makes with a title
claiming it represents the point of view of a random wrong DC.
This was discovered by Noel Power.

Douglas
-------------- next part --------------
From 59828e6bd4407d83983c7c9e196865635ef0a572 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri, 20 Apr 2018 10:52:31 +1200
Subject: [PATCH] samba-tool visualize: use correct DC in graph label

We have been using a random DC (depending to hash order, which was not
random enough on Python 2.7 to affect the tests).

Reported-by: Noel Power <nopower at suse.com>
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
---
 python/samba/netcmd/visualize.py           |  6 +++---
 python/samba/tests/samba_tool/visualize.py | 15 ++++++++++-----
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/python/samba/netcmd/visualize.py b/python/samba/netcmd/visualize.py
index b983e1891a9..6f880ae61e8 100644
--- a/python/samba/netcmd/visualize.py
+++ b/python/samba/netcmd/visualize.py
@@ -392,7 +392,7 @@ class cmd_ntdsconn(GraphCommand):
         lp = sambaopts.get_loadparm()
         creds = credopts.get_credentials(lp, fallback_machine=True)
         local_kcc, dsas = self.get_kcc_and_dsas(H, lp, creds)
-
+        local_dsa_dn = local_kcc.my_dsa_dnstr.split(',', 1)[1]
         vertices = set()
         attested_edges = []
         for dsa_dn in dsas:
@@ -452,7 +452,7 @@ class cmd_ntdsconn(GraphCommand):
                 # If we are not talking to remote servers, we list all
                 # the connections.
                 graph_edges = edges.keys()
-                title = 'NTDS Connections known to %s' % dsa_dn
+                title = 'NTDS Connections known to %s' % local_dsa_dn
                 epilog = ''
 
             else:
@@ -556,7 +556,7 @@ class cmd_ntdsconn(GraphCommand):
         if talk_to_remote:
             title = 'NTDS Connections'
         else:
-            title = 'NTDS Connections known to %s' % dsa_dn
+            title = 'NTDS Connections known to %s' % local_dsa_dn
 
         s = dot_graph(sorted(vertices), dot_edges,
                       directed=True,
diff --git a/python/samba/tests/samba_tool/visualize.py b/python/samba/tests/samba_tool/visualize.py
index c00c6ea63b0..a90c77364b7 100644
--- a/python/samba/tests/samba_tool/visualize.py
+++ b/python/samba/tests/samba_tool/visualize.py
@@ -205,12 +205,14 @@ class SambaToolVisualizeLdif(SambaToolCmdTest):
             self.assertTrue(c not in ascii, 'ASCII should not contain %s' % c)
 
     def test_forced_local_dsa(self):
-        # the forced_local_dsa shouldn't make any difference
+        # the forced_local_dsa shouldn't make any difference, except
+        # for the title line.
         result, target, err = self.runsubcmd("visualize", "ntdsconn",
                                              '-H', self.dburl,
                                              '--color=no', '-S')
         self.assertCmdSuccess(result, target, err)
         files = []
+        target = target.strip().split('\n', 1)[1]
         for cn, site in MULTISITE_LDIF_DSAS:
             dsa = DN_TEMPLATE % (cn, site)
             samdb, dbfile = samdb_from_ldif(MULTISITE_LDIF,
@@ -222,7 +224,10 @@ class SambaToolVisualizeLdif(SambaToolCmdTest):
                                               '-H', 'tdb://' + dbfile,
                                               '--color=no', '-S')
             self.assertCmdSuccess(result, out, err)
-            self.assertStringsEqual(target, out)
+            # Separate out the title line, which will differ in the DN.
+            title, body = out.strip().split('\n', 1)
+            self.assertStringsEqual(target, body)
+            self.assertIn(cn, title)
             files.append(dbfile)
         self.remove_files(*files)
 
@@ -342,7 +347,7 @@ class SambaToolVisualizeLdif(SambaToolCmdTest):
 
 EXPECTED_DOT_MULTISITE_NO_KEY = r"""/* generated by samba */
 digraph A_samba_tool_production {
-label="NTDS Connections known to CN=WIN07,CN=Servers,CN=Site-4,CN=Sites,CN=Configuration,DC=ad,DC=samba,DC=example,DC=com";
+label="NTDS Connections known to CN=WIN01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=samba,DC=example,DC=com";
 fontsize=10;
 
 node[fontname=Helvetica; fontsize=10];
@@ -382,7 +387,7 @@ node[fontname=Helvetica; fontsize=10];
 
 EXPECTED_DOT_NTDSCONN_DISCONNECTED = r"""/* generated by samba */
 digraph A_samba_tool_production {
-label="NTDS Connections known to CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=example,DC=com";
+label="NTDS Connections known to CN=LOCALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=example,DC=com";
 fontsize=10;
 
 node[fontname=Helvetica; fontsize=10];
@@ -435,7 +440,7 @@ key_0__label -> elision0 [style=invis; weight=9]
 """
 
 EXPECTED_DISTANCE_GRAPH_WITH_KEY = """
-NTDS Connections known to CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=example,DC=com
+NTDS Connections known to CN=LOCALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=example,DC=com
                             destination
                   ,-------- *,CN=CLIENT+
                   |,------- *,CN=LOCALDC+
-- 
2.14.1

