Attachment #8908 for bug #35863

View | Details | Raw Unified | Return to bug 35863
Collapse All | Expand All




#!/usr/bin/python2.7
# coding: utf-8
#
# Univention Management Console module:
#  System Diagnosis UMC module
#
# Copyright 2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.

import ldap
import socket
import psutil

import univention.uldap

import univention.config_registry
from univention.management.console.modules.diagnostic import Critical

from univention.lib.i18n import Translation
_ = Translation('univention-management-console-module-diagnostic').translate

title = _('Check Heimdal KDC on Samba 4 DC')
description = _('Samba 4 KDC running.')
umc_modules = [{'module': 'services'}]


def is_service_active(service):
	lo = univention.uldap.getMachineConnection()
	raw_filter = '(&(univentionService=%s)(cn=%s))'
	filter_expr = ldap.filter.filter_format(raw_filter, (service, socket.gethostname()))
	for (dn, _attr) in lo.search(filter_expr, attr=['cn']):
		if dn is not None:
			return True
	return False


def samba_kdc_running():
	try:
		import samba.messaging
	except ImportError:
		return False
	msg = samba.messaging.Messaging()
	try:
		ids = msg.irpc_servers_byname('kdc_server')
	except KeyError:
		return False
	return bool(ids)


def is_heimdal_kdc_running():
	kdc_paths = ('/usr/lib/heimdal-servers/kdc', '/usr/lib/heimdal-servers/kpasswdd')
	process_paths = (p.exe() for p in psutil.process_iter())
	return any(path in kdc_paths for path in process_paths)


def is_kerberos_autostart_disabled():
	configRegistry = univention.config_registry.ConfigRegistry()
	configRegistry.load()
	return configRegistry.is_false('kerberos/autostart')


def run():
	error = _('This is a Samba 4 DC, but `samba-tool processes` reports no `kdc_server`.')
	heimdal_error = _('This may be, because Heimdal KDC seems to be running.')
	autostart_error = _('This may be, because `kerberos/autostart` is not disabled.')
	solution = _('You may want to stop Heimdal KDC and restart Samba via {services}')

	if is_service_active('Samba 4') and not samba_kdc_running():
		error_descriptions = [error]
		if is_heimdal_kdc_running():
			error_descriptions.append(heimdal_error)
			if not is_kerberos_autostart_disabled():
				error_descriptions.append(autostart_error)
			error_descriptions.append(solution)
		raise Critical('\n'.join(error_descriptions))


if __name__ == '__main__':
	from univention.management.console.modules.diagnostic import main
	main()
heimdal_on_samba4_dc (po)
--
.../umc/python/diagnostic/de.po                    | 33 ++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)

Lines 2-9 Link Here

(-)a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/de.po (-3 / +31 lines)
2	msgid ""	2	msgid ""
3	msgstr ""	3	msgstr ""
4	"Project-Id-Version: univention-management-console-module-diagnostic\n"	4	"Project-Id-Version: univention-management-console-module-diagnostic\n"
5	"Report-Msgid-Bugs-To: packages@univention.de\n"	5	"Report-Msgid-Bugs-To: \n"
6	"POT-Creation-Date: 2016-01-14 12:19+0100\n"	6	"POT-Creation-Date: 2017-06-06 18:36+0200\n"
7	"PO-Revision-Date: \n"	7	"PO-Revision-Date: \n"
8	"Last-Translator: Univention GmbH <packages@univention.de>\n"	8	"Last-Translator: Univention GmbH <packages@univention.de>\n"
9	"Language-Team: Univention GmbH <packages@univention.de>\n"	9	"Language-Team: Univention GmbH <packages@univention.de>\n"
Lines 27-32 msgstr "" Link Here
27	msgid "Adjust to suggested limits"	27	msgid "Adjust to suggested limits"
28	msgstr "An vorgeschlagene Limits anpassen"	28	msgstr "An vorgeschlagene Limits anpassen"
29		29
		30	#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:46
		31	msgid "Check Heimdal KDC on Samba 4 DC"
		32	msgstr "Überprüfe Heimdal KDC auf Samba 4 DC"
		33
30	#: umc/python/diagnostic/plugins/gateway.py:11	34	#: umc/python/diagnostic/plugins/gateway.py:11
31	msgid "Gateway is not reachable"	35	msgid "Gateway is not reachable"
32	msgstr "Gateway ist nicht erreichbar"	36	msgstr "Gateway ist nicht erreichbar"
Lines 133-138 msgstr "Proxy-Server-Fehler" Link Here
133	msgid "SSH connection to UCS server failed!"	137	msgid "SSH connection to UCS server failed!"
134	msgstr "SSH-Verbindung zu anderem UCS Server fehlgeschlagen!"	138	msgstr "SSH-Verbindung zu anderem UCS Server fehlgeschlagen!"
135		139
		140	#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:47
		141	msgid "Samba 4 KDC running."
		142	msgstr "Samba 4 KDC läuft."
		143
136	#: umc/python/diagnostic/plugins/security_limits.py:14	144	#: umc/python/diagnostic/plugins/security_limits.py:14
137	msgid "Security limits exceeded"	145	msgid "Security limits exceeded"
138	msgstr "Sicherheitslimits überschritten"	146	msgstr "Sicherheitslimits überschritten"
Lines 249-254 msgstr "" Link Here
249	"an Samba-Servern unmöglich, Dateioperationen (Kopieren, Verschieben) auf "	257	"an Samba-Servern unmöglich, Dateioperationen (Kopieren, Verschieben) auf "
250	"Freigaben kann fehlschlagen, uvm.)"	258	"Freigaben kann fehlschlagen, uvm.)"
251		259
		260	#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:87
		261	msgid ""
		262	"This is a Samba 4 DC, but `samba-tool processes` reports no `kdc_server`."
		263	msgstr ""
		264	"Dies ist ein Samba 4 DC, aber `samba-tool processes` zeigt keinen "
		265	"`kdc_server` an."
		266
		267	#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:88
		268	msgid "This may be, because Heimdal KDC seems to be running."
		269	msgstr "Dies mag daher kommen, dass Heimdal KDC läuft."
		270
		271	#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:89
		272	msgid "This may be, because `kerberos/autostart` is not disabled."
		273	msgstr ""
		274	"Dies mag daher kommen, dass `kerberos/autostart` nicht deaktiviert ist."
		275
252	#: umc/python/diagnostic/plugins/proxy.py:83	276	#: umc/python/diagnostic/plugins/proxy.py:83
253	#, python-format	277	#, python-format
254	msgid ""	278	msgid ""
Lines 260-265 msgstr "" Link Here
260	"dass Authentifikations-Zugangsdaten (falls existierend) korrekt sind und die "	284	"dass Authentifikations-Zugangsdaten (falls existierend) korrekt sind und die "
261	"ACL's des Proxy-Servers nicht verbieten, Anfragen an %s zu stellen."	285	"ACL's des Proxy-Servers nicht verbieten, Anfragen an %s zu stellen."
262		286
		287	#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:90
		288	#, python-brace-format
		289	msgid "You may want to stop Heimdal KDC and restart Samba via {services}"
		290	msgstr "Sie können Heimdal KDC per {services} stoppen und Samba neu starten."
		291
263	#: umc/python/diagnostic/plugins/package_status.py:28	292	#: umc/python/diagnostic/plugins/package_status.py:28
264	msgid "some"	293	msgid "some"
265	msgstr "einigen"	294	msgstr "einigen"
266	-

Return to bug 35863

Line 0 Link Here

(-)a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py (-2 / +104 lines)
0	-	1	#!/usr/bin/python2.7
		2	# coding: utf-8
		3	#
		4	# Univention Management Console module:
		5	# System Diagnosis UMC module
		6	#
		7	# Copyright 2017 Univention GmbH
		8	#
		9	# http://www.univention.de/
		10	#
		11	# All rights reserved.
		12	#
		13	# The source code of this program is made available
		14	# under the terms of the GNU Affero General Public License version 3
		15	# (GNU AGPL V3) as published by the Free Software Foundation.
		16	#
		17	# Binary versions of this program provided by Univention to you as
		18	# well as other copyrighted, protected or trademarked materials like
		19	# Logos, graphics, fonts, specific documentations and configurations,
		20	# cryptographic keys etc. are subject to a license agreement between
		21	# you and Univention and not subject to the GNU AGPL V3.
		22	#
		23	# In the case you use this program under the terms of the GNU AGPL V3,
		24	# the program is provided in the hope that it will be useful,
		25	# but WITHOUT ANY WARRANTY; without even the implied warranty of
		26	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		27	# GNU Affero General Public License for more details.
		28	#
		29	# You should have received a copy of the GNU Affero General Public
		30	# License with the Debian GNU/Linux or Univention distribution in file
		31	# /usr/share/common-licenses/AGPL-3; if not, see
		32	# <http://www.gnu.org/licenses/>.
		33
		34	import ldap
		35	import socket
		36	import psutil
		37
		38	import univention.uldap
		39
		40	import univention.config_registry
		41	from univention.management.console.modules.diagnostic import Critical
		42
		43	from univention.lib.i18n import Translation
		44	_ = Translation('univention-management-console-module-diagnostic').translate
		45
		46	title = _('Check Heimdal KDC on Samba 4 DC')
		47	description = _('Samba 4 KDC running.')
		48	umc_modules = [{'module': 'services'}]
		49
		50
		51	def is_service_active(service):
		52	lo = univention.uldap.getMachineConnection()
		53	raw_filter = '(&(univentionService=%s)(cn=%s))'
		54	filter_expr = ldap.filter.filter_format(raw_filter, (service, socket.gethostname()))
		55	for (dn, _attr) in lo.search(filter_expr, attr=['cn']):
		56	if dn is not None:
		57	return True
		58	return False
		59
		60
		61	def samba_kdc_running():
		62	try:
		63	import samba.messaging
		64	except ImportError:
		65	return False
66	msg = samba.messaging.Messaging()
67	try:
68	ids = msg.irpc_servers_byname('kdc_server')
69	except KeyError:
70	return False
71	return bool(ids)
72
73
74	def is_heimdal_kdc_running():
75	kdc_paths = ('/usr/lib/heimdal-servers/kdc', '/usr/lib/heimdal-servers/kpasswdd')
76	process_paths = (p.exe() for p in psutil.process_iter())
77	return any(path in kdc_paths for path in process_paths)
78
79
80	def is_kerberos_autostart_disabled():
81	configRegistry = univention.config_registry.ConfigRegistry()
82	configRegistry.load()
83	return configRegistry.is_false('kerberos/autostart')
84
85
86	def run():
87	error = _('This is a Samba 4 DC, but `samba-tool processes` reports no `kdc_server`.')
88	heimdal_error = _('This may be, because Heimdal KDC seems to be running.')
89	autostart_error = _('This may be, because `kerberos/autostart` is not disabled.')
90	solution = _('You may want to stop Heimdal KDC and restart Samba via {services}')
91
92	if is_service_active('Samba 4') and not samba_kdc_running():
93	error_descriptions = [error]
94	if is_heimdal_kdc_running():
95	error_descriptions.append(heimdal_error)
96	if not is_kerberos_autostart_disabled():
97	error_descriptions.append(autostart_error)
98	error_descriptions.append(solution)
99	raise Critical('\n'.join(error_descriptions))
100
101
102	if __name__ == '__main__':
103	from univention.management.console.modules.diagnostic import main
104	main()
1	heimdal_on_samba4_dc (po)	105	heimdal_on_samba4_dc (po)
2	--
3	.../umc/python/diagnostic/de.po \| 33 ++++++++++++++++++++--	106	.../umc/python/diagnostic/de.po \| 33 ++++++++++++++++++++--
4	1 file changed, 31 insertions(+), 2 deletions(-)	107	1 file changed, 31 insertions(+), 2 deletions(-)