Attachment #10609 for bug #52738

View | Details | Raw Unified | Return to bug 52738
Collapse All | Expand All

(-)a/services/univention-ad-connector/umc/python/adconnector/__init__.py (-12 / +26 lines)

Lines 41-46 from univention.management.console.modules.mixins import ProgressMixin	Link Here

from univention.management.console.modules.sanitizers import StringSanitizer, ChoicesSanitizer

from univention.management.console.modules.sanitizers import StringSanitizer, ChoicesSanitizer

from contextlib import contextmanager

from contextlib import contextmanager

from cryptography import x509

from cryptography.hazmat.backends import default_backend

import os.path

import os.path

import re

import re

import subprocess

import subprocess

Lines 289-307 class Instance(Base, ProgressMixin):	Link Here

289

			bufstdout = [ x.decode('UTF-8', 'replace') for x in bufstdout ]

291

			bufstdout = [ x.decode('UTF-8', 'replace') for x in bufstdout ]

290

			bufstderr = [ x.decode('UTF-8', 'replace') for x in bufstderr ]

292

			bufstderr = [ x.decode('UTF-8', 'replace') for x in bufstderr ]

291

			success = True

293

			success = True

292

			if status == 0:

294

			if status != 0:

293

				message = _('Certificate has been uploaded successfully.')

294

				MODULE.info('Certificate has been uploaded successfully. status=%s\nSTDOUT:\n%s\n\nSTDERR:\n%s' % (status, '\n'.join(bufstdout), '\n'.join(bufstderr)))

295

				try:

296

					self._enable_ssl_and_test_connection(fn)

297

				except UMC_Error:

298

					message = _('Could not establish connection. Either the certificate is wrong, the Active Directory server is unreachable or it does not support SSL.')

299

					success = False

300

			else:

301

				success = False

295

				success = False

302

				message = _('Certificate upload or conversion failed.')

296

				message = _('Certificate upload or conversion failed.')

303

				MODULE.process('Certificate upload or conversion failed. status=%s\nSTDOUT:\n%s\n\nSTDERR:\n%s' % (status, '\n'.join(bufstdout), '\n'.join(bufstderr)))

297

				MODULE.process('Certificate upload or conversion failed. status=%s\nSTDOUT:\n%s\n\nSTDERR:\n%s' % (status, '\n'.join(bufstdout), '\n'.join(bufstderr)))

298

			else:

299

				with open(fn, 'rb') as f:

300

					pem_data = f.read()

301

					cert = x509.load_pem_x509_certificate(pem_data, default_backend())

302

					x509_keyusage_extension = [x.value.key_cert_sign for x in cert.extensions if isinstance(x.value, x509.extensions.KeyUsage)]

303

					if not any(x509_keyusage_extension):

304

						success = False

305

						message = _('Certificate is not a CA certificate.')

306

307

				if success:

308

					message = _('Certificate has been uploaded successfully.')

309

					MODULE.info('Certificate has been uploaded successfully. status=%s\nSTDOUT:\n%s\n\nSTDERR:\n%s' % (status, '\n'.join(bufstdout), '\n'.join(bufstderr)))

310

					try:

311

						self._enable_ssl_and_test_connection(fn)

312

					except UMC_Error:

313

						message = _('Could not establish connection. Either the certificate is wrong, the Active Directory server is unreachable or it does not support SSL.')

314

						success = False

304

315

316

			if success:

317

				subprocess.call(['systemctl', 'restart', 'univention-ad-connector'])

305

			self.finished(request.id, [{'success': success, 'message': message}])

318

			self.finished(request.id, [{'success': success, 'message': message}])

306

319

307

		upload = request.options[0]['tmpfile']

320

		upload = request.options[0]['tmpfile']

Lines 337-343 class Instance(Base, ProgressMixin):	Link Here

337

			return

350

			return

338

351

339

		def _run_it(action):

352

		def _run_it(action):

340

			return subprocess.call(('service', 'univention-ad-connector', action))

353

			return subprocess.call(('systemctl', action, 'univention-ad-connector'))

341

354

342

		def _return(thread, result, request):

355

		def _return(thread, result, request):

343

			success = not result

356

			success = not result

Lines 578-583 class Instance(Base, ProgressMixin):	Link Here

578

					try:

591

					try:

579

						success = test_connection()

592

						success = test_connection()

580

					except ADNotAvailable:

593

					except ADNotAvailable:

594

						admember.disable_ssl()

581

						success = False

595

						success = False

582

				if not success:

596

				if not success:

583

					raise UMC_Error(_('Could not establish an encrypted connection. Either "%r" is not reachable or does not support encryption.') % server)

597

					raise UMC_Error(_('Could not establish an encrypted connection. Either "%r" is not reachable or does not support encryption.') % server)

Lines 587-593 class Instance(Base, ProgressMixin):	Link Here

587

	@simple_response

601

	@simple_response

588

	def enable_ssl(self):

602

	def enable_ssl(self):

589

		self._enable_ssl_and_test_connection()

603

		self._enable_ssl_and_test_connection()

590

		return subprocess.call(['service', 'univention-ad-connector', 'restart'])

604

		return subprocess.call(['systemctl', 'restart', 'univention-ad-connector'])

591

605

592

	@simple_response

606

	@simple_response

593

	def password_sync_service(self, enable=True):

607

	def password_sync_service(self, enable=True):

Lines 595-601 class Instance(Base, ProgressMixin):	Link Here

595

		# kinit=false -> sync passwords

609

		# kinit=false -> sync passwords

596

		value = str(not enable).lower()

610

		value = str(not enable).lower()

597

		univention.config_registry.handler_set(['connector/ad/mapping/user/password/kinit=%s' % value])

611

		univention.config_registry.handler_set(['connector/ad/mapping/user/password/kinit=%s' % value])

598

		return subprocess.call(['service', 'univention-ad-connector', 'restart'])

612

		return subprocess.call(['systemctl', 'restart', 'univention-ad-connector'])

599

613

600

	@simple_response

614

	@simple_response

601

	def check_dcmaster_srv_rec(self):

615

	def check_dcmaster_srv_rec(self):

Return to bug 52738