if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 10.0.29-53; then

if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 12.0.17-53; then

	ln -s /usr/share/pyshared/univention/admin/policy.py /usr/lib/pymodules/python2.7/univention/admin/policy.py

	ln -s /usr/share/pyshared/univention/admin/handlers/computers/base.py /usr/lib/pymodules/python2.7/univention/admin/handlers/computers/base.py

fi

# Bug #38473: workaround only required up to UCS 4.1-0

if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt-nl 10.0.30; then

	FN="/usr/share/pyshared/univention/admin/handlers/policies/mailquota.py"

	FN_BACKUP="${FN}.udm_backup"

	if [ -f "$FN" ] ; then

		CUR_MD5="$(md5sum "$FN" | cut -d' ' -f1)"

		PKG_MD5="$(sed -nre 's,^([a-f0-9]+)\s+usr/share/pyshared/univention/admin/handlers/policies/mailquota.py,\1,p' /var/lib/dpkg/info/python-univention-directory-manager.md5sums)"

		if [ -n "$PKG_MD5" -a -n "$CUR_MD5" -a ! "$PKG_MD5" = "$CUR_MD5" ] ; then

			cp "$FN" "$FN_BACKUP"

		fi

	fi

import univention.admin.handlers.dns.forward_zone

from univention.admin.handlers.computers.base import computerBase

import univention.admin.handlers.dns.reverse_zone

import univention.admin.handlers.groups.group

import univention.admin.handlers.networks.network

import time

class object(univention.admin.handlers.simpleComputer, nagios.Support):

class object(computerBase):

	mapping = mapping

	def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]):

	CONFIG_NAME = 'univentionDefaultDomainControllerMasterGroup'

		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)

	DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController']

		nagios.Support.__init__(self)

	SAMBA_ACCOUNT_FLAG = 'S'

	SERVER_TYPE = 'univentionDomainController'

	def open(self):

	SERVER_ROLE = 'backup'

		univention.admin.handlers.simpleComputer.open(self)

		self.nagios_open()

rewrite = object.rewrite

		self.modifypassword = 0

lookup_filter = object.lookup_filter

		if self.exists():

lookup = object.lookup

			userPassword = self.oldattr.get('userPassword', [''])[0]

identify = object.identify

			if userPassword:

				self.info['password'] = userPassword

				self.modifypassword = 0

		if self.exists():

			if 'posix' in self.options and not self.info.get('primaryGroup'):

				primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0]

				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))

				if primaryGroupNumber:

					primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))

					if primaryGroupResult:

						self['primaryGroup'] = primaryGroupResult[0]

						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))

					else:

						self['primaryGroup'] = None

						self.save()

						raise univention.admin.uexceptions.primaryGroup

				else:

					self['primaryGroup'] = None

					self.save()

					raise univention.admin.uexceptions.primaryGroup

			if 'samba' in self.options:

				sid = self.oldattr.get('sambaSID', [''])[0]

				pos = sid.rfind('-')

				self.info['sambaRID'] = sid[pos + 1:]

			self.save()

		else:

			self.modifypassword = 0

			if 'posix' in self.options:

				res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerMasterGroup', position=self.position)

				if res:

					self['primaryGroup'] = res

					# self.save()

	def _ldap_pre_create(self):

		super(object, self)._ldap_pre_create()

		if not self['password']:

			self['password'] = self.oldattr.get('password', [''])[0]

			self.modifypassword = 0

	def _ldap_addlist(self):

		ocs = ['top', 'person', 'univentionHost', 'univentionDomainController']

		al = []

		if 'kerberos' in self.options:

			domain = univention.admin.uldap.domain(self.lo, self.position)

			realm = domain.getKerberosRealm()

			if realm:

				al.append(('krb5MaxLife', '86400'))

				al.append(('krb5MaxRenew', '604800'))

				al.append(('krb5KDCFlags', '126'))

				krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1)

				al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))

			else:

				# can't do kerberos

				self._remove_option('kerberos')

		if 'posix' in self.options:

			self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber')

			self.alloc.append(('uidNumber', self.uidNum))

			gidNum = self.get_gid_for_primary_group()

			al.append(('uidNumber', [self.uidNum]))

			al.append(('gidNumber', [gidNum]))

		if self.modifypassword or self['password']:

			if 'kerberos' in self.options:

				krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])

				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))

			if 'posix' in self.options:

				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))

				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))

			if 'samba' in self.options:

				password_nt, password_lm = univention.admin.password.ntlm(self['password'])

				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))

				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))

				sambaPwdLastSetValue = str(long(time.time()))

				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))

			self.modifypassword = 0

		if 'samba' in self.options:

			acctFlags = univention.admin.samba.acctFlags(flags={'S': 1})

			self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))

			self.alloc.append(('sid', self.machineSid))

			al.append(('sambaSID', [self.machineSid]))

			al.append(('sambaAcctFlags', [acctFlags.decode()]))

			al.append(('displayName', self.info['name']))

		al.insert(0, ('objectClass', ocs))

		al.append(('univentionServerRole', '', 'backup'))

		return al

	def _ldap_post_create(self):

		if 'posix' in self.options:

			if hasattr(self, 'uid') and self.uid:

				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)

			univention.admin.handlers.simpleComputer.primary_group(self)

			univention.admin.handlers.simpleComputer.update_groups(self)

		univention.admin.handlers.simpleComputer._ldap_post_create(self)

		self.nagios_ldap_post_create()

	def _ldap_pre_remove(self):

		self.open()

		if 'posix' in self.options and self.oldattr.get('uidNumber'):

			self.uidNum = self.oldattr['uidNumber'][0]

	def _ldap_post_remove(self):

		if 'posix' in self.options:

			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)

		groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn]))

		if groupObjects:

			for i in range(0, len(groupObjects)):

				groupObjects[i].open()

				if self.dn in groupObjects[i]['users']:

					groupObjects[i]['users'].remove(self.dn)

					groupObjects[i].modify(ignore_license=1)

		self.nagios_ldap_post_remove()

		univention.admin.handlers.simpleComputer._ldap_post_remove(self)

		# Need to clean up oldinfo. If remove was invoked, because the

		# creation of the object has failed, the next try will result in

		# a 'object class violation' (Bug #19343)

		self.oldinfo = {}

	def krb5_principal(self):

		domain = univention.admin.uldap.domain(self.lo, self.position)

		realm = domain.getKerberosRealm()

		if self.info.has_key('domain') and self.info['domain']:

			kerberos_domain = self.info['domain']

		else:

			kerberos_domain = domain.getKerberosRealm()

		return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm

	def _ldap_post_modify(self):

		univention.admin.handlers.simpleComputer.primary_group(self)

		univention.admin.handlers.simpleComputer.update_groups(self)

		univention.admin.handlers.simpleComputer._ldap_post_modify(self)

		self.nagios_ldap_post_modify()

	def _ldap_pre_modify(self):

		if self.hasChanged('password'):

			if not self['password']:

				self['password'] = self.oldattr.get('password', [''])[0]

				self.modifypassword = 0

			elif not self.info['password']:

				self['password'] = self.oldattr.get('password', [''])[0]

				self.modifypassword = 0

			else:

				self.modifypassword = 1

		self.nagios_ldap_pre_modify()

		univention.admin.handlers.simpleComputer._ldap_pre_modify(self)

	def _ldap_modlist(self):

		ml = univention.admin.handlers.simpleComputer._ldap_modlist(self)

		self.nagios_ldap_modlist(ml)

		if self.hasChanged('name'):

			if 'posix' in self.options:

				if hasattr(self, 'uidNum'):

					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)

				requested_uid = "%s$" % self['name']

				try:

					self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)

				except Exception:

					self.cancel()

					raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid)

					return []

				self.alloc.append(('uid', self.uid))

				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))

			if 'samba' in self.options:

				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))

			if 'kerberos' in self.options:

				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))

		if self.modifypassword and self['password']:

			if 'kerberos' in self.options:

				krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])

				krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1)

				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))

				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))

			if 'posix' in self.options:

				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))

				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))

			if 'samba' in self.options:

				password_nt, password_lm = univention.admin.password.ntlm(self['password'])

				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))

				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))

				sambaPwdLastSetValue = str(long(time.time()))

				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))

		# add samba option

		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:

			acctFlags = univention.admin.samba.acctFlags(flags={'S': 1})

			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))

			self.alloc.append(('sid', self.machineSid))

			ml.append(('sambaSID', '', [self.machineSid]))

			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))

			ml.append(('displayName', '', self.info['name']))

			sambaPwdLastSetValue = str(long(time.time()))

			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))

		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:

			for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']:

				if self.oldattr.get(key, []):

					ml.insert(0, (key, self.oldattr.get(key, []), ''))

		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):

			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))

			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))

		return ml

	def cleanup(self):

		self.open()

		self.nagios_cleanup()

		univention.admin.handlers.simpleComputer.cleanup(self)

	def cancel(self):

		for i, j in self.alloc:

			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j))

			univention.admin.allocators.release(self.lo, self.position, i, j)

	def link(self):

		result = []

		if self['ip'] and len(self['ip']) > 0 and self['ip'][0]:

			result = [{'url': 'https://%s/univention-management-console/' % self['ip'][0], 'ipaddr': self['ip'][0], }]

		if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len(self['dnsEntryZoneForward']) > 0:

			zone = univention.admin.uldap.explodeDn(self['dnsEntryZoneForward'][0], 1)[0]

			if not result:

				result = [{'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone)}]

			result[0]['fqdn'] = '%s.%s' % (self['name'], zone)

		if result:

			result[0]['name'] = _('Open Univention Management Console on this computer')

			return result

		return None

def rewrite(filter, mapping):

	if filter.variable == 'ip':

		filter.variable = 'aRecord'

	else:

		univention.admin.mapping.mapRewrite(filter, mapping)

def lookup_filter(filter_s=None, lo=None):

	filter_s = univention.admin.filter.replace_fqdn_filter(filter_s)

	if str(filter_s).find('(dnsAlias=') != -1:

		filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s)

		if filter_s:

			return lookup_filter(filter_s, lo)

		else:

			return None

	lookup_filter_obj = \

		univention.admin.filter.conjunction('&', [

			univention.admin.filter.expression('objectClass', 'univentionHost'),

			univention.admin.filter.expression('objectClass', 'univentionDomainController'),

			univention.admin.filter.expression('univentionServerRole', 'backup'),

		])

	# ATTENTION: has its own rewrite function.

	lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping)

	return lookup_filter_obj

def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0):

	filter = lookup_filter(filter_s, lo)

	if filter is None:

		return []

	res = []

	for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):

		res.append(object(co, lo, None, dn, attributes=attrs))

	return res

def identify(dn, attr, canonical=0):

	return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'backup' in attr.get('univentionServerRole', [])

import univention.admin.handlers.dns.forward_zone

from univention.admin.handlers.computers.base import computerBase

import univention.admin.handlers.dns.reverse_zone

import univention.admin.handlers.groups.group

import univention.admin.handlers.networks.network

import time

class object(univention.admin.handlers.simpleComputer, nagios.Support):

class object(computerBase):

	mapping = mapping

	def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]):

	CONFIG_NAME = 'univentionDefaultDomainControllerMasterGroup'

		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)

	DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController']

		nagios.Support.__init__(self)

	SAMBA_ACCOUNT_FLAG = 'S'

	SERVER_TYPE = 'univentionDomainController'

	def open(self):

	SERVER_ROLE = 'master'

		univention.admin.handlers.simpleComputer.open(self)

		self.nagios_open()

rewrite = object.rewrite

		self.modifypassword = 0

lookup_filter = object.lookup_filter

		if self.exists():

lookup = object.lookup

			userPassword = self.oldattr.get('userPassword', [''])[0]

identify = object.identify

			if userPassword:

				self.info['password'] = userPassword

				self.modifypassword = 0

		if self.exists():

			if 'posix' in self.options and not self.info.get('primaryGroup'):

				primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0]

				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))

				if primaryGroupNumber:

					primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))

					if primaryGroupResult:

						self['primaryGroup'] = primaryGroupResult[0]

						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))

					else:

						self['primaryGroup'] = None

						self.save()

						raise univention.admin.uexceptions.primaryGroup

				else:

					self['primaryGroup'] = None

					self.save()

					raise univention.admin.uexceptions.primaryGroup

			if 'samba' in self.options:

				sid = self.oldattr.get('sambaSID', [''])[0]

				pos = sid.rfind('-')

				self.info['sambaRID'] = sid[pos + 1:]

			self.save()

		else:

			self.modifypassword = 0

			if 'posix' in self.options:

				res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerMasterGroup', position=self.position)

				if res:

					self['primaryGroup'] = res

					# self.save()

	def _ldap_pre_create(self):

		super(object, self)._ldap_pre_create()

		if not self['password']:

			self['password'] = self.oldattr.get('password', [''])[0]

			self.modifypassword = 0

	def _ldap_addlist(self):

		ocs = ['top', 'person', 'univentionHost', 'univentionDomainController']

		al = []

		if 'kerberos' in self.options:

			al.append(('krb5MaxLife', '86400'))

			al.append(('krb5MaxRenew', '604800'))

			al.append(('krb5KDCFlags', '126'))

			krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1)

			al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))

		if 'posix' in self.options:

			self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber')

			self.alloc.append(('uidNumber', self.uidNum))

			gidNum = self.get_gid_for_primary_group()

			al.append(('uidNumber', [self.uidNum]))

			al.append(('gidNumber', [gidNum]))

		if self.modifypassword or self['password']:

			if 'kerberos' in self.options:

				krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])

				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))

			if 'posix' in self.options:

				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))

				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))

			if 'samba' in self.options:

				password_nt, password_lm = univention.admin.password.ntlm(self['password'])

				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))

				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))

				sambaPwdLastSetValue = str(long(time.time()))

				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))

			self.modifypassword = 0

		if 'samba' in self.options:

			acctFlags = univention.admin.samba.acctFlags(flags={'S': 1})

			self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))

			self.alloc.append(('sid', self.machineSid))

			al.append(('sambaSID', [self.machineSid]))

			al.append(('sambaAcctFlags', [acctFlags.decode()]))

			al.append(('displayName', self.info['name']))

		al.insert(0, ('objectClass', ocs))

		al.append(('univentionServerRole', '', 'master'))

		return al

	def _ldap_post_create(self):

		if 'posix' in self.options:

			if hasattr(self, 'uid') and self.uid:

				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)

			univention.admin.handlers.simpleComputer.primary_group(self)

			univention.admin.handlers.simpleComputer.update_groups(self)

		univention.admin.handlers.simpleComputer._ldap_post_create(self)

		self.nagios_ldap_post_create()

	def _ldap_pre_remove(self):

		self.open()

		if 'posix' in self.options and self.oldattr.get('uidNumber'):

			self.uidNum = self.oldattr['uidNumber'][0]

	def _ldap_post_remove(self):

		if 'posix' in self.options:

			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)

		groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn]))

		if groupObjects:

			for i in range(0, len(groupObjects)):

				groupObjects[i].open()

				if self.dn in groupObjects[i]['users']:

					groupObjects[i]['users'].remove(self.dn)

					groupObjects[i].modify(ignore_license=1)

		self.nagios_ldap_post_remove()

		univention.admin.handlers.simpleComputer._ldap_post_remove(self)

		# Need to clean up oldinfo. If remove was invoked, because the

		# creation of the object has failed, the next try will result in

		# a 'object class violation' (Bug #19343)

		self.oldinfo = {}

	def krb5_principal(self):

		domain = univention.admin.uldap.domain(self.lo, self.position)

		realm = domain.getKerberosRealm()

		if self.info.has_key('domain') and self.info['domain']:

			kerberos_domain = self.info['domain']

		else:

			kerberos_domain = domain.getKerberosRealm()

		return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm

	def _ldap_post_modify(self):

		univention.admin.handlers.simpleComputer.primary_group(self)

		univention.admin.handlers.simpleComputer.update_groups(self)

		univention.admin.handlers.simpleComputer._ldap_post_modify(self)

		self.nagios_ldap_post_modify()

	def _ldap_pre_modify(self):

		if self.hasChanged('password'):

			if not self['password']:

				self['password'] = self.oldattr.get('password', [''])[0]

				self.modifypassword = 0

			elif not self.info['password']:

				self['password'] = self.oldattr.get('password', [''])[0]

				self.modifypassword = 0

			else:

				self.modifypassword = 1

		self.nagios_ldap_pre_modify()

		univention.admin.handlers.simpleComputer._ldap_pre_modify(self)

	def _ldap_modlist(self):

		ml = univention.admin.handlers.simpleComputer._ldap_modlist(self)

		self.nagios_ldap_modlist(ml)

		if self.hasChanged('name'):

			if 'posix' in self.options:

				if hasattr(self, 'uidNum'):

					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)

				requested_uid = "%s$" % self['name']

				try:

					self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)

				except Exception:

					self.cancel()

					raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid)

					return []

				self.alloc.append(('uid', self.uid))

				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))

			if 'samba' in self.options:

				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))

			if 'kerberos' in self.options:

				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))

		if self.modifypassword and self['password']:

			if 'kerberos' in self.options:

				krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])

				krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1)

				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))

				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))

			if 'posix' in self.options:

				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))

				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))

			if 'samba' in self.options:

				password_nt, password_lm = univention.admin.password.ntlm(self['password'])

				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))

				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))

				sambaPwdLastSetValue = str(long(time.time()))

				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))

		# add samba option

		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:

			acctFlags = univention.admin.samba.acctFlags(flags={'S': 1})

			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))

			self.alloc.append(('sid', self.machineSid))

			ml.append(('sambaSID', '', [self.machineSid]))

			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))

			ml.append(('displayName', '', self.info['name']))

			sambaPwdLastSetValue = str(long(time.time()))

			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))

		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:

			for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']:

				if self.oldattr.get(key, []):

					ml.insert(0, (key, self.oldattr.get(key, []), ''))

		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):

			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))

			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))

		return ml

	def cleanup(self):

		self.open()

		self.nagios_cleanup()

		univention.admin.handlers.simpleComputer.cleanup(self)

	def cancel(self):

		for i, j in self.alloc:

			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j))

			univention.admin.allocators.release(self.lo, self.position, i, j)

	def link(self):

		result = []

		if self['ip'] and len(self['ip']) > 0 and self['ip'][0]:

			result = [{'url': 'https://%s/univention-management-console/' % self['ip'][0], 'ipaddr': self['ip'][0], }]

		if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len(self['dnsEntryZoneForward']) > 0:

			zone = univention.admin.uldap.explodeDn(self['dnsEntryZoneForward'][0], 1)[0]

			if not result:

				result = [{'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone)}]

			result[0]['fqdn'] = '%s.%s' % (self['name'], zone)

		if result:

			result[0]['name'] = _('Open Univention Management Console on this computer')

			return result

		return None

def rewrite(filter, mapping):

	if filter.variable == 'ip':

		filter.variable = 'aRecord'

	else:

		univention.admin.mapping.mapRewrite(filter, mapping)

def lookup_filter(filter_s=None, lo=None):

	filter_s = univention.admin.filter.replace_fqdn_filter(filter_s)

	if str(filter_s).find('(dnsAlias=') != -1:

		filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s)

		if filter_s:

			return lookup_filter(filter_s, lo)

		else:

			return None

	lookup_filter_obj = \

		univention.admin.filter.conjunction('&', [

			univention.admin.filter.expression('objectClass', 'univentionHost'),

			univention.admin.filter.expression('objectClass', 'univentionDomainController'),

			univention.admin.filter.expression('univentionServerRole', 'master'),

		])

	# ATTENTION: has its own rewrite function.

	lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping)

	return lookup_filter_obj

def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0):

	filter = lookup_filter(filter_s, lo)

	if filter is None:

		return []

	res = []

	for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):

		res.append(object(co, lo, None, dn, attributes=attrs))

	return res

def identify(dn, attr, canonical=0):

	return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'master' in attr.get('univentionServerRole', [])

import univention.admin.handlers.dns.forward_zone

from univention.admin.handlers.computers.base import computerBase

import univention.admin.handlers.dns.reverse_zone

import univention.admin.handlers.groups.group

import univention.admin.handlers.networks.network

import time

class object(univention.admin.handlers.simpleComputer, nagios.Support):

class object(computerBase):

	mapping = mapping

	def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]):

	CONFIG_NAME = 'univentionDefaultDomainControllerGroup'

		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)

	DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController']

		nagios.Support.__init__(self)

	SAMBA_ACCOUNT_FLAG = 'S'

	SERVER_TYPE = 'univentionDomainController'

	def open(self):

	SERVER_ROLE = 'slave'

		univention.admin.handlers.simpleComputer.open(self)

		self.nagios_open()

rewrite = object.rewrite

		self.modifypassword = 0

lookup_filter = object.lookup_filter

		if self.exists():

lookup = object.lookup

			userPassword = self.oldattr.get('userPassword', [''])[0]

identify = object.identify

			if userPassword:

				self.info['password'] = userPassword

				self.modifypassword = 0

		if self.exists():

			if 'posix' in self.options and not self.info.get('primaryGroup'):

				primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0]

				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))

				if primaryGroupNumber:

					primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))

					if primaryGroupResult:

						self['primaryGroup'] = primaryGroupResult[0]

						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))

					else:

						self['primaryGroup'] = None

						self.save()

						raise univention.admin.uexceptions.primaryGroup

				else:

					self['primaryGroup'] = None

					self.save()

					raise univention.admin.uexceptions.primaryGroup

			if 'samba' in self.options:

				sid = self.oldattr.get('sambaSID', [''])[0]

				pos = sid.rfind('-')

				self.info['sambaRID'] = sid[pos + 1:]

			self.save()

		else:

			self.modifypassword = 0

			if 'posix' in self.options:

				res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerGroup', position=self.position)

				if res:

					self['primaryGroup'] = res

					# self.save()

	def _ldap_pre_create(self):

		super(object, self)._ldap_pre_create()

		if not self['password']:

			self['password'] = self.oldattr.get('password', [''])[0]

			self.modifypassword = 0

	def _ldap_addlist(self):

		ocs = ['top', 'person', 'univentionHost', 'univentionDomainController']

		al = []

		if 'kerberos' in self.options:

			domain = univention.admin.uldap.domain(self.lo, self.position)

			realm = domain.getKerberosRealm()

			if realm:

				al.append(('krb5MaxLife', '86400'))

				al.append(('krb5MaxRenew', '604800'))

				al.append(('krb5KDCFlags', '126'))

				krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1)

				al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))

			else:

				# can't do kerberos

				self._remove_option('kerberos')

		if 'posix' in self.options:

			self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber')

			self.alloc.append(('uidNumber', self.uidNum))

			gidNum = self.get_gid_for_primary_group()

			al.append(('uidNumber', [self.uidNum]))

			al.append(('gidNumber', [gidNum]))

		if self.modifypassword or self['password']:

			if 'kerberos' in self.options:

				krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])

				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))

			if 'posix' in self.options:

				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))

				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))

			if 'samba' in self.options:

				password_nt, password_lm = univention.admin.password.ntlm(self['password'])

				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))

				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))

				sambaPwdLastSetValue = str(long(time.time()))

				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))

			self.modifypassword = 0

		if 'samba' in self.options:

			acctFlags = univention.admin.samba.acctFlags(flags={'S': 1})

			self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))

			self.alloc.append(('sid', self.machineSid))

			al.append(('sambaSID', [self.machineSid]))

			al.append(('sambaAcctFlags', [acctFlags.decode()]))

			al.append(('displayName', self.info['name']))

		al.insert(0, ('objectClass', ocs))

		al.append(('univentionServerRole', '', 'slave'))

		return al

	def _ldap_post_create(self):

		if 'posix' in self.options:

			if hasattr(self, 'uid') and self.uid:

				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)

			univention.admin.handlers.simpleComputer.primary_group(self)

			univention.admin.handlers.simpleComputer.update_groups(self)

		univention.admin.handlers.simpleComputer._ldap_post_create(self)

		self.nagios_ldap_post_create()

	def _ldap_pre_remove(self):

		self.open()

		if 'posix' in self.options and self.oldattr.get('uidNumber'):

			self.uidNum = self.oldattr['uidNumber'][0]

	def _ldap_post_remove(self):

		if 'posix' in self.options:

			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)

		groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn]))

		if groupObjects:

			for i in range(0, len(groupObjects)):

				groupObjects[i].open()

				if self.dn in groupObjects[i]['users']:

					groupObjects[i]['users'].remove(self.dn)

					groupObjects[i].modify(ignore_license=1)

		self.nagios_ldap_post_remove()

		univention.admin.handlers.simpleComputer._ldap_post_remove(self)

		# Need to clean up oldinfo. If remove was invoked, because the

		# creation of the object has failed, the next try will result in

		# a 'object class violation' (Bug #19343)

		self.oldinfo = {}

	def krb5_principal(self):

		domain = univention.admin.uldap.domain(self.lo, self.position)

		realm = domain.getKerberosRealm()

		if self.info.has_key('domain') and self.info['domain']:

			kerberos_domain = self.info['domain']

		else:

			kerberos_domain = domain.getKerberosRealm()

		return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm

	def _ldap_post_modify(self):

		univention.admin.handlers.simpleComputer.primary_group(self)

		univention.admin.handlers.simpleComputer.update_groups(self)

		univention.admin.handlers.simpleComputer._ldap_post_modify(self)

		self.nagios_ldap_post_modify()

	def _ldap_pre_modify(self):

		if self.hasChanged('password'):

			if not self['password']:

				self['password'] = self.oldattr.get('password', [''])[0]

				self.modifypassword = 0

			elif not self.info['password']:

				self['password'] = self.oldattr.get('password', [''])[0]

				self.modifypassword = 0

			else:

				self.modifypassword = 1

		self.nagios_ldap_pre_modify()

		univention.admin.handlers.simpleComputer._ldap_pre_modify(self)

	def _ldap_modlist(self):

		ml = univention.admin.handlers.simpleComputer._ldap_modlist(self)

		self.nagios_ldap_modlist(ml)

		if self.hasChanged('name'):

			if 'posix' in self.options:

				if hasattr(self, 'uidNum'):

					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)

				requested_uid = "%s$" % self['name']

				try:

					self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)

				except Exception:

					self.cancel()

					raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid)

					return []

				self.alloc.append(('uid', self.uid))

				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))

			if 'samba' in self.options:

				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))

			if 'kerberos' in self.options:

				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))

		if self.modifypassword and self['password']:

			if 'kerberos' in self.options:

				krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])

				krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1)

				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))

				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))

			if 'posix' in self.options:

				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))

				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))

			if 'samba' in self.options:

				password_nt, password_lm = univention.admin.password.ntlm(self['password'])

				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))

				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))

				sambaPwdLastSetValue = str(long(time.time()))

				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))

		# add samba option

		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:

			acctFlags = univention.admin.samba.acctFlags(flags={'S': 1})

			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))

			self.alloc.append(('sid', self.machineSid))

			ml.append(('sambaSID', '', [self.machineSid]))

			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))

			ml.append(('displayName', '', self.info['name']))

			sambaPwdLastSetValue = str(long(time.time()))

			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))

		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:

			for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']:

				if self.oldattr.get(key, []):

					ml.insert(0, (key, self.oldattr.get(key, []), ''))

		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):

			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))

			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))

		return ml

	def cleanup(self):

		self.open()

		self.nagios_cleanup()

		univention.admin.handlers.simpleComputer.cleanup(self)

	def cancel(self):

		for i, j in self.alloc:

			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j))

			univention.admin.allocators.release(self.lo, self.position, i, j)

	def link(self):

		result = []

		if self['ip'] and len(self['ip']) > 0 and self['ip'][0]:

			result = [{'url': 'https://%s/univention-management-console/' % self['ip'][0], 'ipaddr': self['ip'][0], }]

		if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len(self['dnsEntryZoneForward']) > 0:

			zone = univention.admin.uldap.explodeDn(self['dnsEntryZoneForward'][0], 1)[0]

			if not result:

				result = [{'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone)}]

			result[0]['fqdn'] = '%s.%s' % (self['name'], zone)

		if result:

			result[0]['name'] = _('Open Univention Management Console on this computer')

			return result

		return None

def rewrite(filter, mapping):

	if filter.variable == 'ip':

		filter.variable = 'aRecord'

	else:

		univention.admin.mapping.mapRewrite(filter, mapping)

def lookup_filter(filter_s=None, lo=None):

	filter_s = univention.admin.filter.replace_fqdn_filter(filter_s)

	if str(filter_s).find('(dnsAlias=') != -1:

		filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s)

		if filter_s:

			return lookup_filter(filter_s, lo)

		else:

			return None

	lookup_filter_obj = \

		univention.admin.filter.conjunction('&', [

			univention.admin.filter.expression('objectClass', 'univentionHost'),

			univention.admin.filter.expression('objectClass', 'univentionDomainController'),

			univention.admin.filter.expression('univentionServerRole', 'slave'),

		])

	# ATTENTION: has its own rewrite function.

	lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping)

	return lookup_filter_obj

def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0):

	filter = lookup_filter(filter_s, lo)

	if filter is None:

		return []

	res = []

	for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):

		res.append(object(co, lo, None, dn, attributes=attrs))

	return res

def identify(dn, attr, canonical=0):

	return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'slave' in attr.get('univentionServerRole', [])

import univention.admin.handlers.dns.forward_zone

from univention.admin.handlers.computers.base import computerBase

import univention.admin.handlers.dns.reverse_zone

import univention.admin.handlers.groups.group

import univention.admin.handlers.networks.network

import time

class object(univention.admin.handlers.simpleComputer, nagios.Support):

class object(computerBase):

	def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]):

	def check_required_options(self):

		univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes)

		nagios.Support.__init__(self)

	def open(self):

		univention.admin.handlers.simpleComputer.open(self)

		self.nagios_open()

		if self.exists():

			if 'posix' in self.options and not self.info.get('primaryGroup'):

				primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0]

				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber))

				if primaryGroupNumber:

					primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber]))

					if primaryGroupResult:

						self['primaryGroup'] = primaryGroupResult[0]

						univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup']))

					else:

						self['primaryGroup'] = None

						self.save()

						raise univention.admin.uexceptions.primaryGroup

				else:

					self['primaryGroup'] = None

					self.save()

					raise univention.admin.uexceptions.primaryGroup

			if 'samba' in self.options:

				sid = self.oldattr.get('sambaSID', [''])[0]

				pos = sid.rfind('-')

				self.info['sambaRID'] = sid[pos + 1:]

		self.modifypassword = 0

		if self.exists():

			userPassword = self.oldattr.get('userPassword', [''])[0]

			if userPassword:

				self.info['password'] = userPassword

				self.modifypassword = 0

			self.save()

		else:

			self.modifypassword = 0

			if 'posix' in self.options:

				res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultClientGroup', position=self.position)

				if res:

					self['primaryGroup'] = res

	def _ldap_pre_create(self):

		super(object, self)._ldap_pre_create()

		if not self['password']:

			self['password'] = self.oldattr.get('password', [''])[0]

			self.modifypassword = 0

	def _ldap_addlist(self):

			raise univention.admin.uexceptions.invalidOptions(_(' At least posix or kerberos is required.'))

			raise univention.admin.uexceptions.invalidOptions(_('At least posix or kerberos is required.'))

		ocs = ['top', 'person', 'univentionHost', 'univentionLinuxClient']

		al = []

		if 'kerberos' in self.options:

			domain = univention.admin.uldap.domain(self.lo, self.position)

			realm = domain.getKerberosRealm()

			if realm:

				al.append(('krb5MaxLife', '86400'))

				al.append(('krb5MaxRenew', '604800'))

				al.append(('krb5KDCFlags', '126'))

				krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1)

				al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))

			else:

				# can't do kerberos

				self._remove_option('kerberos')

		if 'posix' in self.options:

			self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber')

			self.alloc.append(('uidNumber', self.uidNum))

			gidNum = self.get_gid_for_primary_group()

			al.append(('uidNumber', [self.uidNum]))

			al.append(('gidNumber', [gidNum]))

		if self.modifypassword or self['password']:

			if 'kerberos' in self.options:

				krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])

				al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))

			if 'posix' in self.options:

				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))

				al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))

			if 'samba' in self.options:

				password_nt, password_lm = univention.admin.password.ntlm(self['password'])

				al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))

				al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))

				sambaPwdLastSetValue = str(long(time.time()))

				al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))

			self.modifypassword = 0

		if 'samba' in self.options:

			acctFlags = univention.admin.samba.acctFlags(flags={'W': 1})

			self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID'))

			self.alloc.append(('sid', self.machineSid))

			al.append(('sambaSID', [self.machineSid]))

			al.append(('sambaAcctFlags', [acctFlags.decode()]))

			al.append(('displayName', self.info['name']))

		al.insert(0, ('objectClass', ocs))

		return al

	def _ldap_post_create(self):

		if 'posix' in self.options:

			if hasattr(self, 'uid') and self.uid:

				univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid)

			univention.admin.handlers.simpleComputer.primary_group(self)

			univention.admin.handlers.simpleComputer.update_groups(self)

		univention.admin.handlers.simpleComputer._ldap_post_create(self)

		self.nagios_ldap_post_create()

	def _ldap_pre_remove(self):

		self.open()

		if 'posix' in self.options and self.oldattr.get('uidNumber'):

			self.uidNum = self.oldattr['uidNumber'][0]

	def _ldap_post_remove(self):

		if 'posix' in self.options:

			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)

		groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn]))

		if groupObjects:

			for i in range(0, len(groupObjects)):

				groupObjects[i].open()

				if self.dn in groupObjects[i]['users']:

					groupObjects[i]['users'].remove(self.dn)

					groupObjects[i].modify(ignore_license=1)

		self.nagios_ldap_post_remove()

		univention.admin.handlers.simpleComputer._ldap_post_remove(self)

		# Need to clean up oldinfo. If remove was invoked, because the

		# creation of the object has failed, the next try will result in

		# a 'object class violation' (Bug #19343)

		self.oldinfo = {}

	def _ldap_post_modify(self):

del object.link

		univention.admin.handlers.simpleComputer.primary_group(self)

rewrite = object.rewrite

		univention.admin.handlers.simpleComputer.update_groups(self)

		univention.admin.handlers.simpleComputer._ldap_post_modify(self)

		self.nagios_ldap_post_modify()

	def _ldap_pre_modify(self):

		if self.hasChanged('password'):

			if not self['password']:

				self['password'] = self.oldattr.get('password', [''])[0]

				self.modifypassword = 0

			elif not self.info['password']:

				self['password'] = self.oldattr.get('password', [''])[0]

				self.modifypassword = 0

			else:

				self.modifypassword = 1

		self.nagios_ldap_pre_modify()

		univention.admin.handlers.simpleComputer._ldap_pre_modify(self)

	def _ldap_modlist(self):

		ml = univention.admin.handlers.simpleComputer._ldap_modlist(self)

		self.nagios_ldap_modlist(ml)

		if self.hasChanged('name'):

			if 'posix' in self.options:

				if hasattr(self, 'uidNum'):

					univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum)

				requested_uid = "%s$" % self['name']

				try:

					self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid)

				except Exception:

					self.cancel()

					raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid)

					return []

				self.alloc.append(('uid', self.uid))

				ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid))

			if 'samba' in self.options:

				ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name']))

			if 'kerberos' in self.options:

				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))

		if self.modifypassword and self['password']:

			if 'kerberos' in self.options:

				krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password'])

				krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1)

				ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys))

				ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version))

			if 'posix' in self.options:

				password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password']))

				ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt))

			if 'samba' in self.options:

				password_nt, password_lm = univention.admin.password.ntlm(self['password'])

				ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt))

				ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm))

				sambaPwdLastSetValue = str(long(time.time()))

				ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))

		# add samba option

		if self.exists() and self.option_toggled('samba') and 'samba' in self.options:

			acctFlags = univention.admin.samba.acctFlags(flags={'W': 1})

			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))

			self.alloc.append(('sid', self.machineSid))

			ml.append(('sambaSID', '', [self.machineSid]))

			ml.append(('sambaAcctFlags', '', [acctFlags.decode()]))

			ml.append(('displayName', '', self.info['name']))

			sambaPwdLastSetValue = str(long(time.time()))

			ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue))

		if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:

			for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']:

				if self.oldattr.get(key, []):

					ml.insert(0, (key, self.oldattr.get(key, []), ''))

		if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'):

			self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID'))

			ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid]))

		return ml

	def cleanup(self):

		self.open()

		self.nagios_cleanup()

		univention.admin.handlers.simpleComputer.cleanup(self)

	def cancel(self):

		for i, j in self.alloc:

			univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j))

			univention.admin.allocators.release(self.lo, self.position, i, j)

def rewrite(filter, mapping):

	if filter.variable == 'ip':

		filter.variable = 'aRecord'

	else:

		univention.admin.mapping.mapRewrite(filter, mapping)

import univention.admin.handlers.dns.forward_zone

from univention.admin.handlers.computers.base import computerBase

import univention.admin.handlers.dns.reverse_zone

import univention.admin.handlers.groups.group

import univention.admin.handlers.networks.network

import time

class object(computerBase):

class object(univention.admin.handlers.simpleComputer, nagios.Support):

	def _ldap_post_remove(self):

del object.link

		if 'posix' in self.options:

rewrite = object.rewrite

			univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum)

identify = object.identify

		groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn]))

		if groupObjects:

			for i in range(0, len(groupObjects)):

				groupObjects[i].open()

				if self.dn in groupObjects[i]['users']:

					groupObjects[i]['users'].remove(self.dn)

					groupObjects[i].modify(ignore_license=1)

		self.nagios_ldap_post_remove()

		univention.admin.handlers.simpleComputer._ldap_post_remove(self)

		# Need to clean up oldinfo. If remove was invoked, because the

		# creation of the object has failed, the next try will result in

		# a 'object class violation' (Bug #19343)

		self.oldinfo = {}

	def krb5_principal(self):

		domain = univention.admin.uldap.domain(self.lo, self.position)

		realm = domain.getKerberosRealm()

		if self.info.has_key('domain') and self.info['domain']:

			kerberos_domain = self.info['domain']

		else:

			kerberos_domain = domain.getKerberosRealm()

		return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm

	def _ldap_post_modify(self):

		univention.admin.handlers.simpleComputer.primary_group(self)

		univention.admin.handlers.simpleComputer.update_groups(self)

		univention.admin.handlers.simpleComputer._ldap_post_modify(self)

		self.nagios_ldap_post_modify()

	def _ldap_pre_modify(self):

		if self.hasChanged('password'):

			if not self['password']:

				self['password'] = self.oldattr.get('password', [''])[0]

				self.modifypassword = 0

			elif not self.info['password']:

				self['password'] = self.oldattr.get('password', [''])[0]

				self.modifypassword = 0