Attachment #7950 for bug #42201

View | Details | Raw Unified | Return to bug 42201
Collapse All | Expand All

Lines 21-27 Depends: ${python:Depends}, Link Here

(-)a/base/univention-lib/debian/control (-1 / +3 lines)
21	python-ldb,	21	python-ldb,
22	python-samba,	22	python-samba,
23	python-ldap,	23	python-ldap,
24	python-imaging	24	python-imaging,
		25	python-univention-lib-umc,
25	Provides: ${python:Provides}	26	Provides: ${python:Provides}
26	Description: UCS - common scripting functions for Python scripts	27	Description: UCS - common scripting functions for Python scripts
27	This package contains Python functions used by various	28	This package contains Python functions used by various
Lines 37-42 Architecture: all Link Here
37	Depends: ${misc:Depends},	38	Depends: ${misc:Depends},
38	python-univention-config-registry (>= 10.0.0-1),	39	python-univention-config-registry (>= 10.0.0-1),
39	python-univention-lib (= ${binary:Version}),	40	python-univention-lib (= ${binary:Version}),
		41	shell-univention-lib-umc,
40	pwgen	42	pwgen
41	Description: UCS - common scripting functions for shell scripts	43	Description: UCS - common scripting functions for shell scripts
42	This package contains shell functions used by various	44	This package contains shell functions used by various




#!/usr/bin/python2.7
# -*- coding: utf-8 -*-
#
# Univention Common Python Library
#  Connections to remote UMC Servers
#
# Copyright 2013-2016 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.

from httplib import HTTPSConnection, HTTPException
from json import loads, dumps
from socket import error as SocketError

from univention.config_registry import ConfigRegistry
ucr = ConfigRegistry()
ucr.load()


class UMCConnection(object):

	def __init__(self, host, username=None, password=None, error_handler=None):
		self._host = host
		self._headers = {
			'Content-Type': 'application/json; charset=UTF-8',
			'Accept': 'application/json; q=1, text/html; q=0.5; */*; q=0.1',
			'X-Requested-With': 'XMLHttpRequest',
		}
		self._error_handler=error_handler
		if username is not None:
			self.auth(username, password)

	def get_connection(self):
		'''Creates a new HTTPSConnection to the host'''
		# once keep-alive is over, the socket closes
		#   so create a new connection on every request
		return HTTPSConnection(self._host)

	@classmethod
	def get_machine_connection(cls, error_handler=None):
		'''Creates a connection with the credentials of the local host
		to the DC Master'''
		username = '%s$' % ucr.get('hostname')
		password = ''
		try:
			with open('/etc/machine.secret') as machine_file:
				password = machine_file.readline().strip()
		except (OSError, IOError) as e:
			if error_handler:
				error_handler('Could not read /etc/machine.secret: %s' % e)
		try:
			connection = cls(ucr.get('ldap/master'))
			connection.auth(username, password)
			return connection
		except (HTTPException, SocketError) as e:
			if error_handler:
				error_handler('Could not connect to UMC on %s: %s' % (ucr.get('ldap/master'), e))
		return None

	def auth(self, username, password, auth_type=None):
		'''Tries to authenticate against the host and preserves the
		cookie. Has to be done only once (but keep in mind that the
		session probably expires after 10 minutes of inactivity)'''
		data = self.build_data({'username' : username, 'password' : password, 'auth_type': auth_type})
		con = self.get_connection()
		try:
			con.request('POST', '/umcp/auth', data, headers=self._headers)
		except Exception as e:
			# probably unreachable
			if self._error_handler:
				self._error_handler(str(e))
			error_message = '%s: Authentication failed while contacting: %s' % (self._host, e)
			raise HTTPException(error_message)
		else:
			try:
				response = con.getresponse()
				cookie = response.getheader('set-cookie')
				if cookie is None:
					raise ValueError('No cookie')
				self._headers['Cookie'] = cookie  # FIXME: transform Set-Cookie to Cookie
			except Exception as e:
				if self._error_handler:
					self._error_handler(str(e))
				error_message = '%s: Authentication failed: %s' % (self._host, response.read())
				raise HTTPException(error_message)

	def build_data(self, data, flavor=None):
		'''Returns a dictionary as expected by the UMC Server'''
		data = {'options' : data}
		if flavor:
			data['flavor'] = flavor
		return dumps(data)

	def request(self, url, data=None, flavor=None, command='command'):
		'''Sends a request and returns the data from the response. url
		as in the XML file of that UMC module.
		command may be anything that UMCP understands, especially:
		 * command (default)
		 * get (and url could be 'ucr' then)
		 * set (and url would be '' and data could be {'locale':'de_DE'})
		 * upload (url could be 'udm/license/import')
		'''
		if data is None:
			data = {}
		data = self.build_data(data, flavor)
		con = self.get_connection()
		umcp_command = '/umcp/%s' % command
		if url:
			umcp_command = '%s/%s' % (umcp_command, url)
		con.request('POST', umcp_command, data, headers=self._headers)
		response = con.getresponse()
		if response.status != 200:
			error_message = '%s on %s (%s): %s' % (response.status, self._host, url, response.read())
			if response.status == 403:
				# 403 is either command is unknown
				#   or command is known but forbidden
				if self._error_handler:
					self._error_handler(error_message)
				raise NotImplementedError('command forbidden: %s' % url)
			raise HTTPException(error_message)
		content = response.read()
		content = loads(content)  # FIXME: inspect Content-Type response header
		if isinstance(content, dict):
			return content.get('result', content)
		return content




import univention.admin.uexceptions
import bz2
import zlib
from PIL import Image
import StringIO
import magic
MIME_TYPE = magic.open(magic.MAGIC_MIME_TYPE)
MIME_TYPE.load()
MIME_DESCRIPTION = magic.open(magic.MAGIC_NONE)
MIME_DESCRIPTION.load()

UMC_ICON_BASEDIR = "/usr/share/univention-management-console-frontend/js/dijit/themes/umc/icons"

compression_mime_type_handlers = {
	"application/x-gzip": lambda x: zlib.decompress(x, 16+zlib.MAX_WBITS),
	"application/x-bzip2": bz2.decompress
}

def get_mime_type(data):
	return MIME_TYPE.buffer(data)

def get_mime_description(data):
	return MIME_DESCRIPTION.buffer(data)

def compression_mime_type_of_buffer(data):
	mime_type = get_mime_type(data)
	if mime_type in compression_mime_type_handlers:
		return (mime_type, compression_mime_type_handlers[mime_type])
	else:
		raise univention.admin.uexceptions.valueError( "Not a supported compression format: %s" % (mime_type,))

def uncompress_buffer(data):
	try:
		(mime_type, compression_mime_type_handler) = compression_mime_type_of_buffer(data)
		return (mime_type, compression_mime_type_handler(data))
	except univention.admin.uexceptions.valueError:
		return (None, data)

def uncompress_file(filename):
	with open(filename, 'r') as f:
		return uncompress_buffer(f.read())

def image_mime_type_of_buffer(data):
	mime_type = get_mime_type(data)
	if mime_type in ('image/jpeg', 'image/png', 'image/svg+xml', 'application/x-gzip'):
		return mime_type
	else:
		raise univention.admin.uexceptions.valueError( "Not a supported image format: %s" % (mime_type,))

def imagedimensions_of_buffer(data):
	fp = StringIO.StringIO(data)
	im=Image.open(fp)
	return im.size

def imagecategory_of_buffer(data):
 	(compression_mime_type, uncompressed_data) = uncompress_buffer(data)
	mime_type = image_mime_type_of_buffer(uncompressed_data)
	if mime_type in ('image/jpeg', 'image/png'):
		return (mime_type, compression_mime_type, "%sx%s" % imagedimensions_of_buffer(uncompressed_data))
	elif mime_type in ('image/svg+xml', 'application/x-gzip'):
		return (mime_type, compression_mime_type, "scalable")

def default_filename_suffix_for_mime_type(mime_type, compression_mime_type):
	if mime_type == 'image/svg+xml':
		if not compression_mime_type:
			return '.svg'
		elif compression_mime_type == 'application/x-gzip':
			return '.svgz'
	elif mime_type == 'image/png':
		return '.png'
	elif mime_type == 'image/jpeg':
		return '.jpg'
	return None




#!/bin/sh
# -*- coding: utf-8 -*-
#
# Univention Lib
#  shell function for creating UMC operation and acl objects
#
# Copyright 2011-2016 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.


eval "$(/usr/sbin/univention-config-registry shell ldap/base)"

BIND_ARGS="$@"

umc_frontend_new_hash () {
	# create new timestamps for index.html and debug.html in order to
	# avoid caching problems in browsers
	timestamp=$(date +'%Y%d%m%H%M%S')
	for ifile in index.html debug.html error.html js/umc/login.html; do
		f="/usr/share/univention-management-console-frontend/$ifile"
		[ -w "$f" ] && sed -i 's/\$\(.*\)\$/$'$timestamp'$/' "$f"
	done

	# update the symlinks to the js/css directories
	for idir in css js; do
		rm -f "/usr/share/univention-management-console-frontend/${idir}_\$"*\$ || true
		ln -s "$idir" "/usr/share/univention-management-console-frontend/${idir}_\$${timestamp}\$" || true
	done

	return 0
}

umc_init () {

	eval "$(/usr/sbin/univention-config-registry shell groups/default/domainadmins groups/default/domainusers)"

	# containers
	udm container/cn create $BIND_ARGS --ignore_exists --position "cn=univention,$ldap_base" --set name=UMC || exit $?
	udm container/cn create $BIND_ARGS --ignore_exists --position "cn=policies,$ldap_base" --set name=UMC --set policyPath=1 || exit $?
	udm container/cn create $BIND_ARGS --ignore_exists --position "cn=UMC,cn=univention,$ldap_base" --set name=operations || exit $?

	# default admin policy
	udm policies/umc create $BIND_ARGS --ignore_exists --set name=default-umc-all \
		--position "cn=UMC,cn=policies,$ldap_base" || exit $?

	# link default admin policy to the group "Domain Admins"
	group_admins="${groups_default_domainadmins:-Domain Admins}"
	udm groups/group modify $BIND_ARGS --ignore_exists --dn "cn=$group_admins,cn=groups,$ldap_base" \
		--policy-reference="cn=default-umc-all,cn=UMC,cn=policies,$ldap_base" || exit $?

	# default user policy
	udm policies/umc create $BIND_ARGS --ignore_exists --set name=default-umc-users \
		--position "cn=UMC,cn=policies,$ldap_base" || exit $?

	# link default user policy to the group "Domain Users"
	group_users="${groups_default_domainusers:-Domain Users}"
	udm groups/group modify $BIND_ARGS --ignore_exists --dn "cn=$group_users,cn=groups,$ldap_base" \
		--policy-reference="cn=default-umc-users,cn=UMC,cn=policies,$ldap_base" || exit $?
}

_umc_remove_old () {
	# removes an object and ignores all errors
	name=$1; shift
	module=$1; shift
	container=$1

	udm $module remove $BIND_ARGS --dn "cn=$name,$container,$ldap_base" 2>/dev/null || true
}

umc_operation_create () {
	# example: umc_operation_create "udm" "UDM" "users/user" "udm/*:objectType=users/*"
	name=$1; shift
	description=$1; shift
	flavor=$1; shift
	operations=""
	for oper in "$@"; do
		operations="$operations --append operation=$oper "
	done
	udm settings/umc_operationset create $BIND_ARGS --ignore_exists \
		--position "cn=operations,cn=UMC,cn=univention,$ldap_base" \
		--set name="$name" \
		--set description="$description" \
		--set flavor="$flavor" $operations || exit $?
}

umc_policy_append () {
	# example: umc_policy_append "default-umc-all" "udm-all" "udm-users"
	policy="$1"; shift

	ops=""
	for op in "$@"; do
		ops="$ops --append allow=cn=$op,cn=operations,cn=UMC,cn=univention,$ldap_base "
	done

	udm policies/umc modify $BIND_ARGS --ignore_exists \
		--dn "cn=$policy,cn=UMC,cn=policies,$ldap_base" $ops || exit $?
}




 an integrated, directory driven solution for managing
 corporate environments. For more information about UCS,
 refer to: http://www.univention.de/

Package: python-univention-lib-umc
Architecture: all
Depends: ${python:Depends},
 ${misc:Depends},
 python-univention-config-registry,
Provides: ${python:Provides}
Description: common UMC scripting functions for Python scripts
 This package contains Python functions used by various
 components of UCS.
 .
 It is part of Univention Corporate Server (UCS), an
 integrated, directory driven solution for managing
 corporate environments. For more information about UCS,
 refer to: http://www.univention.de/

Package: shell-univention-lib
Architecture: all
Depends: ${misc:Depends},
 python-univention-config-registry,
 python-univention-lib-umc,
Description: common UMC scripting functions for shell scripts
 This package contains shell functions used by various
 components of UCS.
 .
 It is part of Univention Corporate Server (UCS), an
 integrated, directory driven solution for managing
 corporate environments. For more information about UCS,
 refer to: http://www.univention.de/




#!/usr/bin/python2.7
# -*- coding: utf-8 -*-
#
# Univention Common Python Library
#  Connections to remote UMC Servers
#
# Copyright 2013-2016 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.

from httplib import HTTPSConnection, HTTPException
from json import loads, dumps
from socket import error as SocketError

from univention.config_registry import ConfigRegistry
ucr = ConfigRegistry()
ucr.load()


class UMCConnection(object):

	def __init__(self, host, username=None, password=None, error_handler=None):
		self._host = host
		self._headers = {
			'Content-Type': 'application/json; charset=UTF-8',
			'Accept': 'application/json; q=1, text/html; q=0.5; */*; q=0.1',
			'X-Requested-With': 'XMLHttpRequest',
		}
		self._error_handler=error_handler
		if username is not None:
			self.auth(username, password)

	def get_connection(self):
		'''Creates a new HTTPSConnection to the host'''
		# once keep-alive is over, the socket closes
		#   so create a new connection on every request
		return HTTPSConnection(self._host)

	@classmethod
	def get_machine_connection(cls, error_handler=None):
		'''Creates a connection with the credentials of the local host
		to the DC Master'''
		username = '%s$' % ucr.get('hostname')
		password = ''
		try:
			with open('/etc/machine.secret') as machine_file:
				password = machine_file.readline().strip()
		except (OSError, IOError) as e:
			if error_handler:
				error_handler('Could not read /etc/machine.secret: %s' % e)
		try:
			connection = cls(ucr.get('ldap/master'))
			connection.auth(username, password)
			return connection
		except (HTTPException, SocketError) as e:
			if error_handler:
				error_handler('Could not connect to UMC on %s: %s' % (ucr.get('ldap/master'), e))
		return None

	def auth(self, username, password, auth_type=None):
		'''Tries to authenticate against the host and preserves the
		cookie. Has to be done only once (but keep in mind that the
		session probably expires after 10 minutes of inactivity)'''
		data = self.build_data({'username' : username, 'password' : password, 'auth_type': auth_type})
		con = self.get_connection()
		try:
			con.request('POST', '/umcp/auth', data, headers=self._headers)
		except Exception as e:
			# probably unreachable
			if self._error_handler:
				self._error_handler(str(e))
			error_message = '%s: Authentication failed while contacting: %s' % (self._host, e)
			raise HTTPException(error_message)
		else:
			try:
				response = con.getresponse()
				cookie = response.getheader('set-cookie')
				if cookie is None:
					raise ValueError('No cookie')
				self._headers['Cookie'] = cookie  # FIXME: transform Set-Cookie to Cookie
			except Exception as e:
				if self._error_handler:
					self._error_handler(str(e))
				error_message = '%s: Authentication failed: %s' % (self._host, response.read())
				raise HTTPException(error_message)

	def build_data(self, data, flavor=None):
		'''Returns a dictionary as expected by the UMC Server'''
		data = {'options' : data}
		if flavor:
			data['flavor'] = flavor
		return dumps(data)

	def request(self, url, data=None, flavor=None, command='command'):
		'''Sends a request and returns the data from the response. url
		as in the XML file of that UMC module.
		command may be anything that UMCP understands, especially:
		 * command (default)
		 * get (and url could be 'ucr' then)
		 * set (and url would be '' and data could be {'locale':'de_DE'})
		 * upload (url could be 'udm/license/import')
		'''
		if data is None:
			data = {}
		data = self.build_data(data, flavor)
		con = self.get_connection()
		umcp_command = '/umcp/%s' % command
		if url:
			umcp_command = '%s/%s' % (umcp_command, url)
		con.request('POST', umcp_command, data, headers=self._headers)
		response = con.getresponse()
		if response.status != 200:
			error_message = '%s on %s (%s): %s' % (response.status, self._host, url, response.read())
			if response.status == 403:
				# 403 is either command is unknown
				#   or command is known but forbidden
				if self._error_handler:
					self._error_handler(error_message)
				raise NotImplementedError('command forbidden: %s' % url)
			raise HTTPException(error_message)
		content = response.read()
		content = loads(content)  # FIXME: inspect Content-Type response header
		if isinstance(content, dict):
			return content.get('result', content)
		return content




import univention.admin.uexceptions
import bz2
import zlib
from PIL import Image
import StringIO
import magic
MIME_TYPE = magic.open(magic.MAGIC_MIME_TYPE)
MIME_TYPE.load()
MIME_DESCRIPTION = magic.open(magic.MAGIC_NONE)
MIME_DESCRIPTION.load()

UMC_ICON_BASEDIR = "/usr/share/univention-management-console-frontend/js/dijit/themes/umc/icons"

compression_mime_type_handlers = {
	"application/x-gzip": lambda x: zlib.decompress(x, 16+zlib.MAX_WBITS),
	"application/x-bzip2": bz2.decompress
}

def get_mime_type(data):
	return MIME_TYPE.buffer(data)

def get_mime_description(data):
	return MIME_DESCRIPTION.buffer(data)

def compression_mime_type_of_buffer(data):
	mime_type = get_mime_type(data)
	if mime_type in compression_mime_type_handlers:
		return (mime_type, compression_mime_type_handlers[mime_type])
	else:
		raise univention.admin.uexceptions.valueError( "Not a supported compression format: %s" % (mime_type,))

def uncompress_buffer(data):
	try:
		(mime_type, compression_mime_type_handler) = compression_mime_type_of_buffer(data)
		return (mime_type, compression_mime_type_handler(data))
	except univention.admin.uexceptions.valueError:
		return (None, data)

def uncompress_file(filename):
	with open(filename, 'r') as f:
		return uncompress_buffer(f.read())

def image_mime_type_of_buffer(data):
	mime_type = get_mime_type(data)
	if mime_type in ('image/jpeg', 'image/png', 'image/svg+xml', 'application/x-gzip'):
		return mime_type
	else:
		raise univention.admin.uexceptions.valueError( "Not a supported image format: %s" % (mime_type,))

def imagedimensions_of_buffer(data):
	fp = StringIO.StringIO(data)
	im=Image.open(fp)
	return im.size

def imagecategory_of_buffer(data):
	(compression_mime_type, uncompressed_data) = uncompress_buffer(data)
	mime_type = image_mime_type_of_buffer(uncompressed_data)
	if mime_type in ('image/jpeg', 'image/png'):
		return (mime_type, compression_mime_type, "%sx%s" % imagedimensions_of_buffer(uncompressed_data))
	elif mime_type in ('image/svg+xml', 'application/x-gzip'):
		return (mime_type, compression_mime_type, "scalable")

def default_filename_suffix_for_mime_type(mime_type, compression_mime_type):
	if mime_type == 'image/svg+xml':
		if not compression_mime_type:
			return '.svg'
		elif compression_mime_type == 'application/x-gzip':
			return '.svgz'
	elif mime_type == 'image/png':
		return '.png'
	elif mime_type == 'image/jpeg':
		return '.jpg'
	return None




#!/bin/sh
# -*- coding: utf-8 -*-
#
# Univention Lib
#  shell function for creating UMC operation and acl objects
#
# Copyright 2011-2016 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.


eval "$(/usr/sbin/univention-config-registry shell ldap/base)"

BIND_ARGS="$@"

umc_frontend_new_hash () {
	# create new timestamps for index.html and debug.html in order to
	# avoid caching problems in browsers
	timestamp=$(date +'%Y%d%m%H%M%S')
	for ifile in index.html debug.html error.html js/umc/login.html; do
		f="/usr/share/univention-management-console-frontend/$ifile"
		[ -w "$f" ] && sed -i 's/\$\(.*\)\$/$'$timestamp'$/' "$f"
	done

	# update the symlinks to the js/css directories
	for idir in css js; do
		rm -f "/usr/share/univention-management-console-frontend/${idir}_\$"*\$ || true
		ln -s "$idir" "/usr/share/univention-management-console-frontend/${idir}_\$${timestamp}\$" || true
	done

	return 0
}

umc_init () {

	eval "$(/usr/sbin/univention-config-registry shell groups/default/domainadmins groups/default/domainusers)"

	# containers
	udm container/cn create $BIND_ARGS --ignore_exists --position "cn=univention,$ldap_base" --set name=UMC || exit $?
	udm container/cn create $BIND_ARGS --ignore_exists --position "cn=policies,$ldap_base" --set name=UMC --set policyPath=1 || exit $?
	udm container/cn create $BIND_ARGS --ignore_exists --position "cn=UMC,cn=univention,$ldap_base" --set name=operations || exit $?

	# default admin policy
	udm policies/umc create $BIND_ARGS --ignore_exists --set name=default-umc-all \
		--position "cn=UMC,cn=policies,$ldap_base" || exit $?

	# link default admin policy to the group "Domain Admins"
	group_admins="${groups_default_domainadmins:-Domain Admins}"
	udm groups/group modify $BIND_ARGS --ignore_exists --dn "cn=$group_admins,cn=groups,$ldap_base" \
		--policy-reference="cn=default-umc-all,cn=UMC,cn=policies,$ldap_base" || exit $?

	# default user policy
	udm policies/umc create $BIND_ARGS --ignore_exists --set name=default-umc-users \
		--position "cn=UMC,cn=policies,$ldap_base" || exit $?

	# link default user policy to the group "Domain Users"
	group_users="${groups_default_domainusers:-Domain Users}"
	udm groups/group modify $BIND_ARGS --ignore_exists --dn "cn=$group_users,cn=groups,$ldap_base" \
		--policy-reference="cn=default-umc-users,cn=UMC,cn=policies,$ldap_base" || exit $?
}

_umc_remove_old () {
	# removes an object and ignores all errors
	name=$1; shift
	module=$1; shift
	container=$1

	udm $module remove $BIND_ARGS --dn "cn=$name,$container,$ldap_base" 2>/dev/null || true
}

umc_operation_create () {
	# example: umc_operation_create "udm" "UDM" "users/user" "udm/*:objectType=users/*"
	name=$1; shift
	description=$1; shift
	flavor=$1; shift
	operations=""
	for oper in "$@"; do
		operations="$operations --append operation=$oper "
	done
	udm settings/umc_operationset create $BIND_ARGS --ignore_exists \
		--position "cn=operations,cn=UMC,cn=univention,$ldap_base" \
		--set name="$name" \
		--set description="$description" \
		--set flavor="$flavor" $operations || exit $?
}

umc_policy_append () {
	# example: umc_policy_append "default-umc-all" "udm-all" "udm-users"
	policy="$1"; shift

	ops=""
	for op in "$@"; do
		ops="$ops --append allow=cn=$op,cn=operations,cn=UMC,cn=univention,$ldap_base "
	done

	udm policies/umc modify $BIND_ARGS --ignore_exists \
		--dn "cn=$policy,cn=UMC,cn=policies,$ldap_base" $ops || exit $?
}

Return to bug 42201

Lines 169-171 Description: UCS Management Console - Web server Link Here

(-)a/management/univention-management-console/debian/control (+29 lines)
169	an integrated, directory driven solution for managing	169	an integrated, directory driven solution for managing
170	corporate environments. For more information about UCS,	170	corporate environments. For more information about UCS,
171	refer to: http://www.univention.de/	171	refer to: http://www.univention.de/
		172
		173	Package: python-univention-lib-umc
		174	Architecture: all
		175	Depends: ${python:Depends},
		176	${misc:Depends},
		177	python-univention-config-registry,
		178	Provides: ${python:Provides}
		179	Description: common UMC scripting functions for Python scripts
		180	This package contains Python functions used by various
		181	components of UCS.
		182	.
		183	It is part of Univention Corporate Server (UCS), an
		184	integrated, directory driven solution for managing
		185	corporate environments. For more information about UCS,
		186	refer to: http://www.univention.de/
		187
		188	Package: shell-univention-lib
		189	Architecture: all
		190	Depends: ${misc:Depends},
		191	python-univention-config-registry,
		192	python-univention-lib-umc,
		193	Description: common UMC scripting functions for shell scripts
		194	This package contains shell functions used by various
		195	components of UCS.
		196	.
		197	It is part of Univention Corporate Server (UCS), an
		198	integrated, directory driven solution for managing
		199	corporate environments. For more information about UCS,
		200	refer to: http://www.univention.de/

Lines 1-148 Link Here

(-)a/base/univention-lib/python/umc_connection.py (-148 lines)
1	#!/usr/bin/python2.7
2	# -- coding: utf-8 --
3	#
4	# Univention Common Python Library
5	# Connections to remote UMC Servers
6	#
7	# Copyright 2013-2016 Univention GmbH
8	#
9	# http://www.univention.de/
10	#
11	# All rights reserved.
12	#
13	# The source code of this program is made available
14	# under the terms of the GNU Affero General Public License version 3
15	# (GNU AGPL V3) as published by the Free Software Foundation.
16	#
17	# Binary versions of this program provided by Univention to you as
18	# well as other copyrighted, protected or trademarked materials like
19	# Logos, graphics, fonts, specific documentations and configurations,
20	# cryptographic keys etc. are subject to a license agreement between
21	# you and Univention and not subject to the GNU AGPL V3.
22	#
23	# In the case you use this program under the terms of the GNU AGPL V3,
24	# the program is provided in the hope that it will be useful,
25	# but WITHOUT ANY WARRANTY; without even the implied warranty of
26	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27	# GNU Affero General Public License for more details.
28	#
29	# You should have received a copy of the GNU Affero General Public
30	# License with the Debian GNU/Linux or Univention distribution in file
31	# /usr/share/common-licenses/AGPL-3; if not, see
32	# <http://www.gnu.org/licenses/>.
33
34	from httplib import HTTPSConnection, HTTPException
35	from json import loads, dumps
36	from socket import error as SocketError
37
38	from univention.config_registry import ConfigRegistry
39	ucr = ConfigRegistry()
40	ucr.load()
41
42
43	class UMCConnection(object):
44
45	def __init__(self, host, username=None, password=None, error_handler=None):
46	self._host = host
47	self._headers = {
48	'Content-Type': 'application/json; charset=UTF-8',
49	'Accept': 'application/json; q=1, text/html; q=0.5; /; q=0.1',
50	'X-Requested-With': 'XMLHttpRequest',
51	}
52	self._error_handler=error_handler
53	if username is not None:
54	self.auth(username, password)
55
56	def get_connection(self):
57	'''Creates a new HTTPSConnection to the host'''
58	# once keep-alive is over, the socket closes
59	# so create a new connection on every request
60	return HTTPSConnection(self._host)
61
62	@classmethod
63	def get_machine_connection(cls, error_handler=None):
64	'''Creates a connection with the credentials of the local host
65	to the DC Master'''
66	username = '%s$' % ucr.get('hostname')
67	password = ''
68	try:
69	with open('/etc/machine.secret') as machine_file:
70	password = machine_file.readline().strip()
71	except (OSError, IOError) as e:
72	if error_handler:
73	error_handler('Could not read /etc/machine.secret: %s' % e)
74	try:
75	connection = cls(ucr.get('ldap/master'))
76	connection.auth(username, password)
77	return connection
78	except (HTTPException, SocketError) as e:
79	if error_handler:
80	error_handler('Could not connect to UMC on %s: %s' % (ucr.get('ldap/master'), e))
81	return None
82
83	def auth(self, username, password, auth_type=None):
84	'''Tries to authenticate against the host and preserves the
85	cookie. Has to be done only once (but keep in mind that the
86	session probably expires after 10 minutes of inactivity)'''
87	data = self.build_data({'username' : username, 'password' : password, 'auth_type': auth_type})
88	con = self.get_connection()
89	try:
90	con.request('POST', '/umcp/auth', data, headers=self._headers)
91	except Exception as e:
92	# probably unreachable
93	if self._error_handler:
94	self._error_handler(str(e))
95	error_message = '%s: Authentication failed while contacting: %s' % (self._host, e)
96	raise HTTPException(error_message)
97	else:
98	try:
99	response = con.getresponse()
100	cookie = response.getheader('set-cookie')
101	if cookie is None:
102	raise ValueError('No cookie')
103	self._headers['Cookie'] = cookie # FIXME: transform Set-Cookie to Cookie
104	except Exception as e:
105	if self._error_handler:
106	self._error_handler(str(e))
107	error_message = '%s: Authentication failed: %s' % (self._host, response.read())
108	raise HTTPException(error_message)
109
110	def build_data(self, data, flavor=None):
111	'''Returns a dictionary as expected by the UMC Server'''
112	data = {'options' : data}
113	if flavor:
114	data['flavor'] = flavor
115	return dumps(data)
116
117	def request(self, url, data=None, flavor=None, command='command'):
118	'''Sends a request and returns the data from the response. url
119	as in the XML file of that UMC module.
120	command may be anything that UMCP understands, especially:
121	* command (default)
122	* get (and url could be 'ucr' then)
123	* set (and url would be '' and data could be {'locale':'de_DE'})
124	* upload (url could be 'udm/license/import')
125	'''
126	if data is None:
127	data = {}
128	data = self.build_data(data, flavor)
129	con = self.get_connection()
130	umcp_command = '/umcp/%s' % command
131	if url:
132	umcp_command = '%s/%s' % (umcp_command, url)
133	con.request('POST', umcp_command, data, headers=self._headers)
134	response = con.getresponse()
135	if response.status != 200:
136	error_message = '%s on %s (%s): %s' % (response.status, self._host, url, response.read())
137	if response.status == 403:
138	# 403 is either command is unknown
139	# or command is known but forbidden
140	if self._error_handler:
141	self._error_handler(error_message)
142	raise NotImplementedError('command forbidden: %s' % url)
143	raise HTTPException(error_message)
144	content = response.read()
145	content = loads(content) # FIXME: inspect Content-Type response header
146	if isinstance(content, dict):
147	return content.get('result', content)
148	return content

Lines 1-73 Link Here

(-)a/base/univention-lib/python/umc_module.py (-73 lines)
1	import univention.admin.uexceptions
2	import bz2
3	import zlib
4	from PIL import Image
5	import StringIO
6	import magic
7	MIME_TYPE = magic.open(magic.MAGIC_MIME_TYPE)
8	MIME_TYPE.load()
9	MIME_DESCRIPTION = magic.open(magic.MAGIC_NONE)
10	MIME_DESCRIPTION.load()
11
12	UMC_ICON_BASEDIR = "/usr/share/univention-management-console-frontend/js/dijit/themes/umc/icons"
13
14	compression_mime_type_handlers = {
15	"application/x-gzip": lambda x: zlib.decompress(x, 16+zlib.MAX_WBITS),
16	"application/x-bzip2": bz2.decompress
17	}
18
19	def get_mime_type(data):
20	return MIME_TYPE.buffer(data)
21
22	def get_mime_description(data):
23	return MIME_DESCRIPTION.buffer(data)
24
25	def compression_mime_type_of_buffer(data):
26	mime_type = get_mime_type(data)
27	if mime_type in compression_mime_type_handlers:
28	return (mime_type, compression_mime_type_handlers[mime_type])
29	else:
30	raise univention.admin.uexceptions.valueError( "Not a supported compression format: %s" % (mime_type,))
31
32	def uncompress_buffer(data):
33	try:
34	(mime_type, compression_mime_type_handler) = compression_mime_type_of_buffer(data)
35	return (mime_type, compression_mime_type_handler(data))
36	except univention.admin.uexceptions.valueError:
37	return (None, data)
38
39	def uncompress_file(filename):
40	with open(filename, 'r') as f:
41	return uncompress_buffer(f.read())
42
43	def image_mime_type_of_buffer(data):
44	mime_type = get_mime_type(data)
45	if mime_type in ('image/jpeg', 'image/png', 'image/svg+xml', 'application/x-gzip'):
46	return mime_type
47	else:
48	raise univention.admin.uexceptions.valueError( "Not a supported image format: %s" % (mime_type,))
49
50	def imagedimensions_of_buffer(data):
51	fp = StringIO.StringIO(data)
52	im=Image.open(fp)
53	return im.size
54
55	def imagecategory_of_buffer(data):
56	(compression_mime_type, uncompressed_data) = uncompress_buffer(data)
57	mime_type = image_mime_type_of_buffer(uncompressed_data)
58	if mime_type in ('image/jpeg', 'image/png'):
59	return (mime_type, compression_mime_type, "%sx%s" % imagedimensions_of_buffer(uncompressed_data))
60	elif mime_type in ('image/svg+xml', 'application/x-gzip'):
61	return (mime_type, compression_mime_type, "scalable")
62
63	def default_filename_suffix_for_mime_type(mime_type, compression_mime_type):
64	if mime_type == 'image/svg+xml':
65	if not compression_mime_type:
66	return '.svg'
67	elif compression_mime_type == 'application/x-gzip':
68	return '.svgz'
69	elif mime_type == 'image/png':
70	return '.png'
71	elif mime_type == 'image/jpeg':
72	return '.jpg'
73	return None

Lines 1-121 Link Here

(-)a/base/univention-lib/shell/umc.sh (-121 lines)
1	#!/bin/sh
2	# -- coding: utf-8 --
3	#
4	# Univention Lib
5	# shell function for creating UMC operation and acl objects
6	#
7	# Copyright 2011-2016 Univention GmbH
8	#
9	# http://www.univention.de/
10	#
11	# All rights reserved.
12	#
13	# The source code of this program is made available
14	# under the terms of the GNU Affero General Public License version 3
15	# (GNU AGPL V3) as published by the Free Software Foundation.
16	#
17	# Binary versions of this program provided by Univention to you as
18	# well as other copyrighted, protected or trademarked materials like
19	# Logos, graphics, fonts, specific documentations and configurations,
20	# cryptographic keys etc. are subject to a license agreement between
21	# you and Univention and not subject to the GNU AGPL V3.
22	#
23	# In the case you use this program under the terms of the GNU AGPL V3,
24	# the program is provided in the hope that it will be useful,
25	# but WITHOUT ANY WARRANTY; without even the implied warranty of
26	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27	# GNU Affero General Public License for more details.
28	#
29	# You should have received a copy of the GNU Affero General Public
30	# License with the Debian GNU/Linux or Univention distribution in file
31	# /usr/share/common-licenses/AGPL-3; if not, see
32	# <http://www.gnu.org/licenses/>.
33
34
35	eval "$(/usr/sbin/univention-config-registry shell ldap/base)"
36
37	BIND_ARGS="$@"
38
39	umc_frontend_new_hash () {
40	# create new timestamps for index.html and debug.html in order to
41	# avoid caching problems in browsers
42	timestamp=$(date +'%Y%d%m%H%M%S')
43	for ifile in index.html debug.html error.html js/umc/login.html; do
44	f="/usr/share/univention-management-console-frontend/$ifile"
45	[ -w "$f" ] && sed -i 's/\$\(.*\)\$/$'$timestamp'$/' "$f"
46	done
47
48	# update the symlinks to the js/css directories
49	for idir in css js; do
50	rm -f "/usr/share/univention-management-console-frontend/${idir}_\$"*\$ \|\| true
51	ln -s "$idir" "/usr/share/univention-management-console-frontend/${idir}_\$${timestamp}\$" \|\| true
52	done
53
54	return 0
55	}
56
57	umc_init () {
58
59	eval "$(/usr/sbin/univention-config-registry shell groups/default/domainadmins groups/default/domainusers)"
60
61	# containers
62	udm container/cn create $BIND_ARGS --ignore_exists --position "cn=univention,$ldap_base" --set name=UMC \|\| exit $?
63	udm container/cn create $BIND_ARGS --ignore_exists --position "cn=policies,$ldap_base" --set name=UMC --set policyPath=1 \|\| exit $?
64	udm container/cn create $BIND_ARGS --ignore_exists --position "cn=UMC,cn=univention,$ldap_base" --set name=operations \|\| exit $?
65
66	# default admin policy
67	udm policies/umc create $BIND_ARGS --ignore_exists --set name=default-umc-all \
68	--position "cn=UMC,cn=policies,$ldap_base" \|\| exit $?
69
70	# link default admin policy to the group "Domain Admins"
71	group_admins="${groups_default_domainadmins:-Domain Admins}"
72	udm groups/group modify $BIND_ARGS --ignore_exists --dn "cn=$group_admins,cn=groups,$ldap_base" \
73	--policy-reference="cn=default-umc-all,cn=UMC,cn=policies,$ldap_base" \|\| exit $?
74
75	# default user policy
76	udm policies/umc create $BIND_ARGS --ignore_exists --set name=default-umc-users \
77	--position "cn=UMC,cn=policies,$ldap_base" \|\| exit $?
78
79	# link default user policy to the group "Domain Users"
80	group_users="${groups_default_domainusers:-Domain Users}"
81	udm groups/group modify $BIND_ARGS --ignore_exists --dn "cn=$group_users,cn=groups,$ldap_base" \
82	--policy-reference="cn=default-umc-users,cn=UMC,cn=policies,$ldap_base" \|\| exit $?
83	}
84
85	_umc_remove_old () {
86	# removes an object and ignores all errors
87	name=$1; shift
88	module=$1; shift
89	container=$1
90
91	udm $module remove $BIND_ARGS --dn "cn=$name,$container,$ldap_base" 2>/dev/null \|\| true
92	}
93
94	umc_operation_create () {
95	# example: umc_operation_create "udm" "UDM" "users/user" "udm/:objectType=users/"
96	name=$1; shift
97	description=$1; shift
98	flavor=$1; shift
99	operations=""
100	for oper in "$@"; do
101	operations="$operations --append operation=$oper "
102	done
103	udm settings/umc_operationset create $BIND_ARGS --ignore_exists \
104	--position "cn=operations,cn=UMC,cn=univention,$ldap_base" \
105	--set name="$name" \
106	--set description="$description" \
107	--set flavor="$flavor" $operations \|\| exit $?
108	}
109
110	umc_policy_append () {
111	# example: umc_policy_append "default-umc-all" "udm-all" "udm-users"
112	policy="$1"; shift
113
114	ops=""
115	for op in "$@"; do
116	ops="$ops --append allow=cn=$op,cn=operations,cn=UMC,cn=univention,$ldap_base "
117	done
118
119	udm policies/umc modify $BIND_ARGS --ignore_exists \
120	--dn "cn=$policy,cn=UMC,cn=policies,$ldap_base" $ops \|\| exit $?
121	}