From 805c234e33d5c49c66a07cefa006392f099fdb8a Mon Sep 17 00:00:00 2001 From: edgd1er Date: Thu, 14 Apr 2022 01:30:34 +0200 Subject: [PATCH 1/4] client: add -D to discover KMS server #51 --- py-kms/pykms_Client.py | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/py-kms/pykms_Client.py b/py-kms/pykms_Client.py index 5a47fb7..b203a6f 100644 --- a/py-kms/pykms_Client.py +++ b/py-kms/pykms_Client.py @@ -13,7 +13,13 @@ import logging import os import threading -import pykms_RpcBind, pykms_RpcRequest +import dns.message +import dns.rdataclass +import dns.rdatatype +import dns.query +import dns.resolver + +import pykms_RpcBind, pykms_RpcRequest from pykms_Filetimes import dt_to_filetime from pykms_Dcerpc import MSRPCHeader, MSRPCBindNak, MSRPCRequestHeader, MSRPCRespHeader from pykms_Base import kmsBase, UUID @@ -72,6 +78,7 @@ Type \"STDOUT\" to view log info on stdout. Type \"FILESTDOUT\" to combine previ Use \"STDOUTOFF\" to disable stdout messages. Use \"FILEOFF\" if you not want to create logfile.', 'def' : os.path.join('.', 'pykms_logclient.log'), 'des' : "logfile"}, 'lsize' : {'help' : 'Use this flag to set a maximum size (in MB) to the output log file. Deactivated by default.', 'def' : 0, 'des': "logsize"}, + 'discovery' : {'help': 'ask the client to perform a _vlmcs._tcp.domain.tld DNS request to set KMS server.', 'def': None , 'des': 'discovery' }, } def client_options(): @@ -99,6 +106,8 @@ def client_options(): default = clt_options['lfile']['def'], help = clt_options['lfile']['help'], type = str) client_parser.add_argument("-S", "--logsize", dest = clt_options['lsize']['des'], action = "store", default = clt_options['lsize']['def'], help = clt_options['lsize']['help'], type = float) + client_parser.add_argument("-D", "--discovery", dest = clt_options['discovery']['des'], action = "store", + default = clt_options['discovery']['def'], help = clt_options['discovery']['help'], type = str) client_parser.add_argument("-h", "--help", action = "help", help = "show this help message and exit") @@ -186,6 +195,15 @@ def client_update(): raise RuntimeError(f'Client failed to find machine configuration in kms database - make sure it contains an entry for "{clt_config["mode"]}"') def client_connect(): + + if clt_config['discovery'] is not None: + loggerclt.info(f'Using Domain: {clt_config["discovery"]}') + r = dns.resolver.query('_vlmcs._tcp.' + clt_config['discovery'], dns.rdatatype.SRV) + for a in r: + loggerclt.debug(f'answer KMS server: {a.target} , port: {a.port}') + clt_config['ip'] = socket.gethostbyname(r[0].target.to_text()) + clt_config['port'] = r[0].port + loggerclt.info("Connecting to %s on port %d" % (clt_config['ip'], clt_config['port'])) try: clt_sock = socket.create_connection((clt_config['ip'], clt_config['port']), timeout = clt_config['timeoutidle']) From ddb99ddc1ea18d3ccbdfda392f14d5c5d0d96227 Mon Sep 17 00:00:00 2001 From: edgd1er Date: Thu, 14 Apr 2022 01:48:06 +0200 Subject: [PATCH 2/4] add dnspython to docker image, add doc. #51 --- docker/docker-py3-kms-minimal/Dockerfile | 4 ++-- docker/docker-py3-kms/Dockerfile | 4 ++-- docs/Usage.md | 6 ++++++ 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/docker/docker-py3-kms-minimal/Dockerfile b/docker/docker-py3-kms-minimal/Dockerfile index 9d2b073..579e4ba 100644 --- a/docker/docker-py3-kms-minimal/Dockerfile +++ b/docker/docker-py3-kms-minimal/Dockerfile @@ -14,7 +14,7 @@ ENV LOGFILE STDOUT ENV LOGSIZE "" COPY ./py-kms /home/py-kms - +#hadolint ignore=DL3013,DL3018 RUN apk add --no-cache --update \ bash \ git \ @@ -28,7 +28,7 @@ RUN apk add --no-cache --update \ shadow \ netcat-openbsd \ build-base python3-dev \ - && pip3 install --no-cache peewee tzlocal pytz wheel \ + && pip3 install --no-cache-dir peewee tzlocal pytz wheel dnspython \ && apk del git build-base python3-dev \ && addgroup power_users \ && adduser -S py-kms -G users -s /bin/bash \ diff --git a/docker/docker-py3-kms/Dockerfile b/docker/docker-py3-kms/Dockerfile index 480328d..2a8689d 100644 --- a/docker/docker-py3-kms/Dockerfile +++ b/docker/docker-py3-kms/Dockerfile @@ -36,7 +36,7 @@ RUN apk add --no-cache --update \ && git clone --branch master --depth 1 https://github.com/coleifer/sqlite-web.git /tmp/sqlite_web \ && mv /tmp/sqlite_web/sqlite_web /home/ \ && rm -rf /tmp/sqlite_web \ - && pip3 install --no-cache-dir peewee tzlocal pytz pysqlite3 wheel \ + && pip3 install --no-cache-dir peewee tzlocal pytz pysqlite3 wheel dnspython \ && apk del git build-base python3-dev \ && mkdir /db/ \ && addgroup power_users \ @@ -52,7 +52,7 @@ COPY docker/start.py /usr/bin/start.py RUN chmod 755 /usr/bin/entrypoint.py WORKDIR /home/py-kms -#USER py-kms + EXPOSE ${PORT}/tcp EXPOSE 8080 diff --git a/docs/Usage.md b/docs/Usage.md index 59674b4..ab69d66 100644 --- a/docs/Usage.md +++ b/docs/Usage.md @@ -143,6 +143,12 @@ user@host ~/path/to/folder/py-kms $ python3 pykms_Server.py -V DEBUG user@host ~/path/to/folder/py-kms $ python3 pykms_Client.py -V DEBUG ``` +If you wish to get KMS server from DNS server: (ie perform a DNS resolution on _vlmcs._tcp.domain.tld). If ever there are several answers, only the first one is selected. +``` +user@host ~/path/to/folder/py-kms $ python3 pykms_Server.py -V DEBUG -F STDOUT -D contoso.com +user@host ~/path/to/folder/py-kms $ python3 pykms_Client.py -V DEBUG -F STDOUT -D contoso.com +``` + Or if you want better specify: ``` user@host ~/path/to/folder/py-kms $ python3 pykms_Server.py 1688 -V DEBUG From c74a64cc6722cfcdb72ee347cfe859a502b583d6 Mon Sep 17 00:00:00 2001 From: edgd1er Date: Thu, 14 Apr 2022 07:44:08 +0200 Subject: [PATCH 3/4] client: handle dns exceptions #51 --- docs/Usage.md | 4 ++-- py-kms/pykms_Client.py | 16 +++++++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/docs/Usage.md b/docs/Usage.md index ab69d66..2c26824 100644 --- a/docs/Usage.md +++ b/docs/Usage.md @@ -143,9 +143,9 @@ user@host ~/path/to/folder/py-kms $ python3 pykms_Server.py -V DEBUG user@host ~/path/to/folder/py-kms $ python3 pykms_Client.py -V DEBUG ``` -If you wish to get KMS server from DNS server: (ie perform a DNS resolution on _vlmcs._tcp.domain.tld). If ever there are several answers, only the first one is selected. +If you wish to get KMS server from DNS server: (ie perform a DNS resolution on _vlmcs._tcp.domain.tld, if ever there are several answers, only the first one is selected.) ``` -user@host ~/path/to/folder/py-kms $ python3 pykms_Server.py -V DEBUG -F STDOUT -D contoso.com +user@host ~/path/to/folder/py-kms $ python3 pykms_Client.py -V DEBUG -F STDOUT -D contoso.com user@host ~/path/to/folder/py-kms $ python3 pykms_Client.py -V DEBUG -F STDOUT -D contoso.com ``` diff --git a/py-kms/pykms_Client.py b/py-kms/pykms_Client.py index b203a6f..109f83a 100644 --- a/py-kms/pykms_Client.py +++ b/py-kms/pykms_Client.py @@ -198,11 +198,17 @@ def client_connect(): if clt_config['discovery'] is not None: loggerclt.info(f'Using Domain: {clt_config["discovery"]}') - r = dns.resolver.query('_vlmcs._tcp.' + clt_config['discovery'], dns.rdatatype.SRV) - for a in r: - loggerclt.debug(f'answer KMS server: {a.target} , port: {a.port}') - clt_config['ip'] = socket.gethostbyname(r[0].target.to_text()) - clt_config['port'] = r[0].port + r= None + try: + r = dns.resolver.resolve('_vlmcs._tcp.' + clt_config['discovery'], dns.rdatatype.SRV) + for a in r: + loggerclt.debug(f'answer KMS server: {a.target} , port: {a.port}') + clt_config['ip'] = socket.gethostbyname(r[0].target.to_text()) + clt_config['port'] = r[0].port + except (dns.exception.Timeout, dns.resolver.NXDOMAIN) as e: + pretty_printer(log_obj = loggerclt.warning, + put_text = "{reverse}{red}{bold}Cannot resolve '%s'. Error: '%s'...{end}" %(clt_config['discovery'], + str(e))) loggerclt.info("Connecting to %s on port %d" % (clt_config['ip'], clt_config['port'])) try: From 248c144e7acd37fbea31e5d7e1cffa5fbd0e4196 Mon Sep 17 00:00:00 2001 From: edgd1er Date: Fri, 15 Apr 2022 22:47:09 +0200 Subject: [PATCH 4/4] client: request #51 add automatic discovery. changes after review. --- docker/docker-py3-kms-minimal/Dockerfile | 2 +- docker/docker-py3-kms/Dockerfile | 2 +- docs/Usage.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/docker-py3-kms-minimal/Dockerfile b/docker/docker-py3-kms-minimal/Dockerfile index 579e4ba..dc6b54b 100644 --- a/docker/docker-py3-kms-minimal/Dockerfile +++ b/docker/docker-py3-kms-minimal/Dockerfile @@ -14,7 +14,7 @@ ENV LOGFILE STDOUT ENV LOGSIZE "" COPY ./py-kms /home/py-kms -#hadolint ignore=DL3013,DL3018 + RUN apk add --no-cache --update \ bash \ git \ diff --git a/docker/docker-py3-kms/Dockerfile b/docker/docker-py3-kms/Dockerfile index 2a8689d..4075466 100644 --- a/docker/docker-py3-kms/Dockerfile +++ b/docker/docker-py3-kms/Dockerfile @@ -17,7 +17,7 @@ ENV LOGSIZE "" ENV TZ America/Chicago COPY py-kms /home/py-kms/ -#hadolint ignore=DL3013,DL3018 + RUN apk add --no-cache --update \ bash \ git \ diff --git a/docs/Usage.md b/docs/Usage.md index 2c26824..0a14598 100644 --- a/docs/Usage.md +++ b/docs/Usage.md @@ -143,7 +143,7 @@ user@host ~/path/to/folder/py-kms $ python3 pykms_Server.py -V DEBUG user@host ~/path/to/folder/py-kms $ python3 pykms_Client.py -V DEBUG ``` -If you wish to get KMS server from DNS server: (ie perform a DNS resolution on _vlmcs._tcp.domain.tld, if ever there are several answers, only the first one is selected.) +If you wish to get KMS server from DNS server: (ie perform a DNS resolution on _vlmcs._tcp.domain.tld, if ever there are several answers, only the first one is selected.). Althought that mode is supposed to be specific to devices connect to an Active Directory domain, setting a fully qualified name and a workgroup may help to use that automatic KMS discovery feature. ``` user@host ~/path/to/folder/py-kms $ python3 pykms_Client.py -V DEBUG -F STDOUT -D contoso.com user@host ~/path/to/folder/py-kms $ python3 pykms_Client.py -V DEBUG -F STDOUT -D contoso.com