Lines 41-46
from univention.management.console.modules.mixins import ProgressMixin
|
Link Here
|
---|
|
41 |
from univention.management.console.modules.sanitizers import StringSanitizer, ChoicesSanitizer |
41 |
from univention.management.console.modules.sanitizers import StringSanitizer, ChoicesSanitizer |
42 |
|
42 |
|
43 |
from contextlib import contextmanager |
43 |
from contextlib import contextmanager |
|
|
44 |
from cryptography import x509 |
45 |
from cryptography.hazmat.backends import default_backend |
44 |
import os.path |
46 |
import os.path |
45 |
import re |
47 |
import re |
46 |
import subprocess |
48 |
import subprocess |
Lines 289-307
class Instance(Base, ProgressMixin):
|
Link Here
|
---|
|
289 |
bufstdout = [ x.decode('UTF-8', 'replace') for x in bufstdout ] |
291 |
bufstdout = [ x.decode('UTF-8', 'replace') for x in bufstdout ] |
290 |
bufstderr = [ x.decode('UTF-8', 'replace') for x in bufstderr ] |
292 |
bufstderr = [ x.decode('UTF-8', 'replace') for x in bufstderr ] |
291 |
success = True |
293 |
success = True |
292 |
if status == 0: |
294 |
if status != 0: |
293 |
message = _('Certificate has been uploaded successfully.') |
|
|
294 |
MODULE.info('Certificate has been uploaded successfully. status=%s\nSTDOUT:\n%s\n\nSTDERR:\n%s' % (status, '\n'.join(bufstdout), '\n'.join(bufstderr))) |
295 |
try: |
296 |
self._enable_ssl_and_test_connection(fn) |
297 |
except UMC_Error: |
298 |
message = _('Could not establish connection. Either the certificate is wrong, the Active Directory server is unreachable or it does not support SSL.') |
299 |
success = False |
300 |
else: |
301 |
success = False |
295 |
success = False |
302 |
message = _('Certificate upload or conversion failed.') |
296 |
message = _('Certificate upload or conversion failed.') |
303 |
MODULE.process('Certificate upload or conversion failed. status=%s\nSTDOUT:\n%s\n\nSTDERR:\n%s' % (status, '\n'.join(bufstdout), '\n'.join(bufstderr))) |
297 |
MODULE.process('Certificate upload or conversion failed. status=%s\nSTDOUT:\n%s\n\nSTDERR:\n%s' % (status, '\n'.join(bufstdout), '\n'.join(bufstderr))) |
|
|
298 |
else: |
299 |
with open(fn, 'rb') as f: |
300 |
pem_data = f.read() |
301 |
cert = x509.load_pem_x509_certificate(pem_data, default_backend()) |
302 |
x509_keyusage_extension = [x.value.key_cert_sign for x in cert.extensions if isinstance(x.value, x509.extensions.KeyUsage)] |
303 |
if not any(x509_keyusage_extension): |
304 |
success = False |
305 |
message = _('Certificate is not a CA certificate.') |
306 |
|
307 |
if success: |
308 |
message = _('Certificate has been uploaded successfully.') |
309 |
MODULE.info('Certificate has been uploaded successfully. status=%s\nSTDOUT:\n%s\n\nSTDERR:\n%s' % (status, '\n'.join(bufstdout), '\n'.join(bufstderr))) |
310 |
try: |
311 |
self._enable_ssl_and_test_connection(fn) |
312 |
except UMC_Error: |
313 |
message = _('Could not establish connection. Either the certificate is wrong, the Active Directory server is unreachable or it does not support SSL.') |
314 |
success = False |
304 |
|
315 |
|
|
|
316 |
if success: |
317 |
subprocess.call(['systemctl', 'restart', 'univention-ad-connector']) |
305 |
self.finished(request.id, [{'success': success, 'message': message}]) |
318 |
self.finished(request.id, [{'success': success, 'message': message}]) |
306 |
|
319 |
|
307 |
upload = request.options[0]['tmpfile'] |
320 |
upload = request.options[0]['tmpfile'] |
Lines 337-343
class Instance(Base, ProgressMixin):
|
Link Here
|
---|
|
337 |
return |
350 |
return |
338 |
|
351 |
|
339 |
def _run_it(action): |
352 |
def _run_it(action): |
340 |
return subprocess.call(('service', 'univention-ad-connector', action)) |
353 |
return subprocess.call(('systemctl', action, 'univention-ad-connector')) |
341 |
|
354 |
|
342 |
def _return(thread, result, request): |
355 |
def _return(thread, result, request): |
343 |
success = not result |
356 |
success = not result |
Lines 578-583
class Instance(Base, ProgressMixin):
|
Link Here
|
---|
|
578 |
try: |
591 |
try: |
579 |
success = test_connection() |
592 |
success = test_connection() |
580 |
except ADNotAvailable: |
593 |
except ADNotAvailable: |
|
|
594 |
admember.disable_ssl() |
581 |
success = False |
595 |
success = False |
582 |
if not success: |
596 |
if not success: |
583 |
raise UMC_Error(_('Could not establish an encrypted connection. Either "%r" is not reachable or does not support encryption.') % server) |
597 |
raise UMC_Error(_('Could not establish an encrypted connection. Either "%r" is not reachable or does not support encryption.') % server) |
Lines 587-593
class Instance(Base, ProgressMixin):
|
Link Here
|
---|
|
587 |
@simple_response |
601 |
@simple_response |
588 |
def enable_ssl(self): |
602 |
def enable_ssl(self): |
589 |
self._enable_ssl_and_test_connection() |
603 |
self._enable_ssl_and_test_connection() |
590 |
return subprocess.call(['service', 'univention-ad-connector', 'restart']) |
604 |
return subprocess.call(['systemctl', 'restart', 'univention-ad-connector']) |
591 |
|
605 |
|
592 |
@simple_response |
606 |
@simple_response |
593 |
def password_sync_service(self, enable=True): |
607 |
def password_sync_service(self, enable=True): |
Lines 595-601
class Instance(Base, ProgressMixin):
|
Link Here
|
---|
|
595 |
# kinit=false -> sync passwords |
609 |
# kinit=false -> sync passwords |
596 |
value = str(not enable).lower() |
610 |
value = str(not enable).lower() |
597 |
univention.config_registry.handler_set(['connector/ad/mapping/user/password/kinit=%s' % value]) |
611 |
univention.config_registry.handler_set(['connector/ad/mapping/user/password/kinit=%s' % value]) |
598 |
return subprocess.call(['service', 'univention-ad-connector', 'restart']) |
612 |
return subprocess.call(['systemctl', 'restart', 'univention-ad-connector']) |
599 |
|
613 |
|
600 |
@simple_response |
614 |
@simple_response |
601 |
def check_dcmaster_srv_rec(self): |
615 |
def check_dcmaster_srv_rec(self): |