from univention.s4connector.s4cache import S4Cache

		self.single_value=single_value

		s4cachedbfile='/etc/univention/%s/s4cache.sqlite' % self.CONFIGBASENAME

		self.s4cache = S4Cache(s4cachedbfile)

			entryUUID = new.get('entryUUID')[0]

			if entryUUID:

				if self.was_entryUUID_deleted(entryUUID):

					ud.debug(ud.LDAP, ud.PROCESS, "__sync_file_from_ucs: Object with entryUUID %s was already deleted. Don't recreate." % entryUUID)

					return True

		ud.debug(ud.LDAP, ud.INFO, '__set_values: object: %s' % object)

				con_attribute = self.property[property_type].attributes[attr_key].con_attribute

				con_other_attribute = self.property[property_type].attributes[attr_key].con_other_attribute

				if not object.get('changed_attributes') or con_attribute in object.get('changed_attributes') or (con_other_attribute and con_other_attribute in object.get('changed_attributes')):

					ud.debug(ud.LDAP, ud.INFO, '__set_values: Set: %s' % con_attribute)

					set_values(self.property[property_type].attributes[attr_key])

				else:

					ud.debug(ud.LDAP, ud.INFO, '__set_values: Skip: %s' % con_attribute)

	def _get_entryUUID(self, dn):

		try:

			result = self.search_ucs(base=dn, scope='base', attr=['entryUUID'], unique=True)

			if result:

				return result[0][1].get('entryUUID')[0]

			else:

				return None

		except univention.admin.uexceptions.noObject:

			return None

	def update_deleted_cache_after_removal_in_ucs(self, entryUUID, objectGUID):

		if not entryUUID:

			return

		# use a dummy value

		if not objectGUID:

			objectGUID='objectGUID'

		ud.debug(ud.LDAP, ud.INFO, "update_deleted_cache_after_removal_in_ucs: Save entryUUID %s as deleted to UCS deleted cache. ObjectGUUID: %s" % (entryUUID, objectGUID))

		self._set_config_option('UCS deleted', entryUUID, base64.encodestring(objectGUID))

	def was_entryUUID_deleted(self, entryUUID):

		objectGUID = self.config.get('UCS deleted', entryUUID)

		if objectGUID:

			return True

		else:

			return False

		objectGUID = object['attributes'].get('objectGUID')[0]

		entryUUID = self._get_entryUUID(object['dn'])

			self. update_deleted_cache_after_removal_in_ucs(entryUUID, objectGUID)

			guid = original_object.get('attributes').get('objectGUID')[0]

			object['changed_attributes'] = []

			if object['modtype'] == 'modify' and original_object:

				old_s4_object = self.s4cache.get_entry(guid)

				ud.debug(ud.LDAP, ud.INFO, "sync_to_ucs: old_s4_object: %s" % old_s4_object)

				ud.debug(ud.LDAP, ud.INFO, "sync_to_ucs: new_s4_object: %s" % original_object['attributes'])

				if old_s4_object:

					for attr in original_object['attributes']:

						if old_s4_object.get(attr) != original_object['attributes'].get(attr):

							object['changed_attributes'].append(attr)

					for attr in old_s4_object:

						if old_s4_object.get(attr) != original_object['attributes'].get(attr):

							if not attr in object['changed_attributes']:

								object['changed_attributes'].append(attr)

				else:

					object['changed_attributes'] = original_object['attributes'].keys()

			ud.debug(ud.LDAP, ud.INFO, "The following attributes have been changed: %s" % object['changed_attributes'])

					self.s4cache.add_entry(guid, original_object.get('attributes'))

					self.s4cache.remove_entry(guid)

					# Check S4cache

					self.s4cache.add_entry(guid, original_object.get('attributes'))

	def __has_attribute_value_changed(self, attribute, old_ucs_object, new_ucs_object):

		return not old_ucs_object.get(attribute) == new_ucs_object.get(attribute)

		#

		# ADD

		#

		#

		# MODIFY

		#

			ud.debug(ud.LDAP, ud.INFO, "sync_from_ucs: old_object: %s" % old_ucs_object)

			ud.debug(ud.LDAP, ud.INFO, "sync_from_ucs: new_object: %s" % new_ucs_object)

			object['old_ucs_object'] = old_ucs_object

			object['new_ucs_object'] = new_ucs_object

			attribute_list = set(old_ucs_object.keys()).union(set(new_ucs_object.keys()))

										if not old_values:

											to_add = new_values

											to_remove = set([])

										elif not new_values:

											to_remove = old_values

											to_add = set([])

										else:

											to_add = new_values - old_values

											to_remove = old_values - new_values

										if s4_other_attribute:

											# in this case we need lists because sets are unorded and the order is important

											current_s4_values = set(s4_object.get(s4_attribute, []))

											ud.debug(ud.LDAP, ud.INFO, "sync_from_ucs: The current S4 values: %s" % current_s4_values)

											current_s4_other_values = set(s4_object.get(attribute_type[attribute].con_other_attribute, []))

											ud.debug(ud.LDAP, ud.INFO, "sync_from_ucs: The current S4 other values: %s" % current_s4_other_values)

											new_s4_values = current_s4_values - to_remove

											if not new_s4_values and to_add:

												for n_value in new_ucs_object.get(attr, []):

													if n_value in to_add:

														to_add = to_add - set([n_value])

														new_s4_values = [n_value]

														break

											new_s4_other_values = (current_s4_other_values | to_add) - to_remove

											if current_s4_values != new_s4_values:

												if new_s4_values:

													modlist.append((ldap.MOD_REPLACE, s4_attribute, new_s4_values))

												else:

													modlist.append((ldap.MOD_REPLACE, s4_attribute, []))

											if current_s4_other_values != new_s4_other_values:

												modlist.append((ldap.MOD_REPLACE, s4_other_attribute, new_s4_other_values))

										else:

											current_s4_values = set(s4_object.get(s4_attribute, []))

											ud.debug(ud.LDAP, ud.INFO, "sync_from_ucs: The current S4 values: %s" % current_s4_values)

											if (to_add or to_remove) and attribute_type[attribute].single_value:

												modify=False

												if not current_s4_values or not value:

													modify=True

												elif attribute_type[attribute].compare_function:

													if not attribute_type[attribute].compare_function(list(current_s4_values), list(value)):

														modify=True

												elif not univention.s4connector.compare_lowercase(list(current_s4_values), list(value)):

													modify=True

												if modify:

													modlist.append((ldap.MOD_REPLACE, s4_attribute, value))

											else:

												if to_remove:

													r = current_s4_values & to_remove

													if r:

														modlist.append((ldap.MOD_DELETE, s4_attribute, r))

												if to_add:

													a = to_add - current_s4_values

													if a:

														modlist.append((ldap.MOD_ADD, s4_attribute, a))

		#

		# DELETE

		#

		ud.debug(ud.LDAP, ud.ALL,"delete_in_s4: %s" % object)

	modify=False

	old_ucs_object = object.get('old_ucs_object', {})

	new_ucs_object = object.get('new_ucs_object', {})

	if old_ucs_object or new_ucs_object:

		for attr in ['sambaLMPassword', 'sambaNTPassword','sambaPwdLastSet','sambaPwdMustChange', 'krb5PrincipalName', 'krb5Key', 'shadowLastChange', 'shadowMax', 'krb5PasswordEnd', 'univentionService']:

			old_values = set(old_ucs_object.get(attr, []))

			new_values = set(new_ucs_object.get(attr, []))

			if old_values != new_values:

				modify=True

				break

	else:

		# add mode

		modify=True

	if not modify:

		ud.debug(ud.LDAP, ud.INFO, 'password_sync_ucs_to_s4: the password for %s has not been changed. Skipping password sync.' % (object['dn']))

		return

	if ucs_object['modtype'] == 'modify':

		if not 'pwdLastSet' in ucs_object.get('changed_attributes', []):

			ud.debug(ud.LDAP, ud.INFO, 'password_sync_s4_to_ucs: the password for %s has not been changed. Skipping password sync.' % (ucs_object['dn']))

			return

#!/usr/bin/python2.6

# -*- coding: utf-8 -*-

#

# Univention S4 Connector

#  s4 cache

#

# Copyright 2014 Univention GmbH

#

# http://www.univention.de/

#

# All rights reserved.

#

# The source code of this program is made available

# under the terms of the GNU Affero General Public License version 3

# (GNU AGPL V3) as published by the Free Software Foundation.

#

# Binary versions of this program provided by Univention to you as

# well as other copyrighted, protected or trademarked materials like

# Logos, graphics, fonts, specific documentations and configurations,

# cryptographic keys etc. are subject to a license agreement between

# you and Univention and not subject to the GNU AGPL V3.

#

# In the case you use this program under the terms of the GNU AGPL V3,

# the program is provided in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU Affero General Public License for more details.

#

# You should have received a copy of the GNU Affero General Public

# License with the Debian GNU/Linux or Univention distribution in file

# /usr/share/common-licenses/AGPL-3; if not, see

# <http://www.gnu.org/licenses/>.

import univention.debug2 as ud

import sqlite3

import inspect

import base64

import binascii

def func_name():

	return inspect.currentframe().f_back.f_code.co_name

def _is_base64(val):

	try:

		# It is not sufficient to run base64.decodestring to detect a base64 string.

		# When the ascii decode is not possible, it is not a base4 string.

		val.decode('ascii')

	except UnicodeDecodeError:

		return False

	try:

		# The string must be casted as str otherwise we saw something like this:

		#	11.02.2014 03:53:44,141 LDAP        (INFO): _is_base64 returns True for: Í8^Ml%'<U+0097>A²ôâ/! ^RÃ

		#	11.02.2014 03:53:44,142 LDAP        (WARNING): S4Cache: sqlite: near "<U+0097>A²ôâ": syntax error. SQL command was: [u"SELECT id FROM GUIDS WHERE guid='\xcd8\rl%'\x97A\xb2\xf4\xe2/! \x12\xc3';"

		base64.decodestring(str(val))

		return True

	except binascii.Error:

		return False

def _decode_base64(val):

	return base64.decodestring(val)

def _encode_base64(val):

	return base64.encodestring(val)

def _encode_guid(guid):

	# guid may be unicode

	if _is_base64(guid):

		return guid

	if type(guid) == type(u''):

		return guid.encode('ISO-8859-1').encode('base64')

	else:

		return unicode(guid,'latin').encode('ISO-8859-1').encode('base64')

def _decode_guid(guid):

	try:

		return base64.decodestring(guid)

	except binascii.Error:

		return guid

class EntryDiff(object):

	def __init__(self, old, new):

		self.old = old

		self.new = new

		if not old:

			old = {}

		if not new:

			new = {}

		self.set_old = set(old.keys())

		self.set_new = set(new.keys())

		self.intersect = self.set_new.intersection(self.set_old)

	def added(self):

		return self.set_new - self.intersect

	def removed(self):

		return self.set_old - self.intersect

	def changed(self):

		return set(o for o in self.intersect if self.old[o] != self.new[o])

class S4Cache:

	"""

		Local cache for the current Samba 4 state of the s4connector.

		With this cache the connector has the possibility to create

		a diff between the new Samba 4 object and the old one from

		cache.

	"""

	def __init__ (self, filename):

		_d = ud.function('S4Cache.%s' % func_name())

		self.filename = filename

		self._dbcon = sqlite3.connect(self.filename)

		self.s4cache = {}

		self.__create_tables()

	def add_entry(self, guid, entry):

		_d = ud.function('S4Cache.%s' % func_name())

		guid = _encode_guid(guid).strip()

		if not self._guid_exists(guid):

			self._add_entry(guid, entry)

		else:

			self._update_entry(guid, entry)

		self.s4cache[guid] = entry

	def diff_entry(self, old_entry, new_entry):

		_d = ud.function('S4Cache.%s' % func_name())

		result = {'added': None, 'removed': None, 'changed': None}

		diff = EntryDiff(old_entry, new_entry)

		result['added'] = diff.added()

		result['removed'] = diff.removed()

		result['changed'] = diff.changed()

		return result

	def get_entry(self, guid):

		_d = ud.function('S4Cache.%s' % func_name())

		entry = {}

		guid = _encode_guid(guid)

		guid_id = self._get_guid_id(guid)

		if not guid_id:

			return None

		sql_commands = [

			"SELECT ATTRIBUTES.attribute,data.value from data \

					inner join ATTRIBUTES ON data.attribute_id=attributes.id where guid_id = %s;" % (guid_id)

		]

		rows = self.__execute_sql_commands(sql_commands, fetch_result=True)

		if not rows:

			return None

		for line in rows:

			if not entry.get(line[0]):

				entry[str(line[0])] = []

			entry[line[0]].append(_decode_base64(line[1]))

		return entry

	def remove_entry(self, guid):

		_d = ud.function('S4Cache.%s' % func_name())

		guid = _encode_guid(guid)

		guid_id = self._get_guid_id(guid)

		if not guid_id:

			return None

		sql_commands = [

			"DELETE FROM data WHERE guid_id = '%(guid_id)s';" % ({'guid_id': guid_id}),

			"DELETE FROM guids WHERE id = '%(guid_id)s';" % ({'guid_id': guid_id})

		]

		self.__execute_sql_commands(sql_commands, fetch_result=False)

	def __execute_sql_commands(self, sql_commands, fetch_result=False):

		for i in [1, 2]:

			try:

				cur = self._dbcon.cursor()

				for sql_command in sql_commands:

					if isinstance(sql_command, tuple):

						ud.debug(ud.LDAP, ud.INFO, "S4Cache: Execute SQL command: '%s', '%s'" % (sql_command[0], sql_command[1]))

						cur.execute(sql_command[0], sql_command[1])

					else:

						ud.debug(ud.LDAP, ud.INFO, "S4Cache: Execute SQL command: '%s'" % sql_command)

						cur.execute(sql_command)

				self._dbcon.commit()

				if fetch_result:

					rows = cur.fetchall()

				cur.close()

				if fetch_result:

					ud.debug(ud.LDAP, ud.INFO, "S4Cache: Return SQL result: '%s'" % rows)

					return rows

				return None

			except sqlite3.Error, exp:

				ud.debug(ud.LDAP, ud.WARN, "S4Cache: sqlite: %s. SQL command was: %s" % (exp, sql_commands))

				if self._dbcon:

					self._dbcon.close()

				self._dbcon = sqlite3.connect(self.filename)

	def __create_tables(self):

		_d = ud.function('S4Cache.%s' % func_name())

		sql_commands = [

			"CREATE TABLE IF NOT EXISTS GUIDS (id INTEGER PRIMARY KEY, guid TEXT);",

			"CREATE TABLE IF NOT EXISTS ATTRIBUTES (id INTEGER PRIMARY KEY, attribute TEXT);",

			"CREATE TABLE IF NOT EXISTS DATA (id INTEGER PRIMARY KEY, guid_id INTEGER, attribute_id INTEGER, value TEXT);"

		]

		self.__execute_sql_commands(sql_commands, fetch_result=False)

	def _guid_exists(self, guid):

		_d = ud.function('S4Cache.%s' % func_name())

		return self._get_guid_id(guid.strip()) != None

	def _get_guid_id(self, guid):

		_d = ud.function('S4Cache.%s' % func_name())

		sql_commands = [

			"SELECT id FROM GUIDS WHERE guid='%s';" % (_encode_guid(guid).strip())

		]

		rows = self.__execute_sql_commands(sql_commands, fetch_result=True)

		if rows:

			return rows[0][0]

		return None

	def _append_guid(self, guid):

		_d = ud.function('S4Cache.%s' % func_name())

		sql_commands = [

			"INSERT INTO GUIDS(guid) VALUES('%s');" % (_encode_guid(guid).strip())

		]

		rows = self.__execute_sql_commands(sql_commands, fetch_result=False)

	def _get_attr_id(self, attr):

		_d = ud.function('S4Cache.%s' % func_name())

		sql_commands = [

			"SELECT id FROM ATTRIBUTES WHERE attribute='%s';" % (attr)

		]

		rows = self.__execute_sql_commands(sql_commands, fetch_result=True)

		if rows:

			return rows[0][0]

		return None

	def _attr_exists(self, guid):

		_d = ud.function('S4Cache.%s' % func_name())

		return self._get_attr_id(guid) != None

	def _create_attr(self, attr):

		_d = ud.function('S4Cache.%s' % func_name())

		sql_commands = [

			"INSERT INTO ATTRIBUTES(attribute) VALUES('%s');" % (attr)

		]

		self.__execute_sql_commands(sql_commands, fetch_result=False)

	def _get_attr_id_and_create_if_not_exists(self, attr):

		_d = ud.function('S4Cache.%s' % func_name())

		if not self._get_attr_id(attr):

			self._create_attr(attr)

		return self._get_attr_id(attr)

	def _add_entry(self, guid, entry):

		_d = ud.function('S4Cache.%s' % func_name())

		guid = guid.strip()

		self._append_guid(guid)

		guid_id = self._get_guid_id(guid)

		sql_commands = []

		for attr in entry.keys():

			attr_id = self._get_attr_id_and_create_if_not_exists(attr)

			for value in entry[attr]:

				sql_commands.append(

					(

						"INSERT INTO DATA(guid_id,attribute_id,value) VALUES(%s,%s,?);" % (guid_id, attr_id),

						[_encode_base64(value)]

					)

				)

		if sql_commands:

			self.__execute_sql_commands(sql_commands, fetch_result=False)

	def _update_entry(self, guid, entry):

		_d = ud.function('S4Cache.%s' % func_name())

		guid = guid.strip()

		guid_id = self._get_guid_id(guid)

		old_entry = self.get_entry(guid)

		diff = self.diff_entry(old_entry, entry)

		sql_commands = []

		for attribute in diff['removed']:

			sql_commands.append(

				"DELETE FROM data WHERE data.id IN (\

				SELECT data.id FROM DATA INNER JOIN ATTRIBUTES ON data.attribute_id=attributes.id \

					where attributes.attribute='%(attribute)s' and guid_id = '%(guid_id)s' \

				);" % ({'guid_id': guid_id, 'attribute': attribute})

			)

		for attribute in diff['added']:

			attr_id = self._get_attr_id_and_create_if_not_exists(attribute)

			for value in entry[attribute]:

				sql_commands.append(

					(

						"INSERT INTO DATA(guid_id,attribute_id,value) VALUES(%s,%s,?);" % (guid_id, attr_id),

						[_encode_base64(value)]

					)

				)

		for attribute in diff['changed']:

			attr_id = self._get_attr_id_and_create_if_not_exists(attribute)

			for value in set(old_entry.get(attribute)) - set(entry.get(attribute)):

				sql_commands.append(

					(

						"DELETE FROM data WHERE data.id IN (\

							SELECT data.id FROM DATA INNER JOIN ATTRIBUTES ON data.attribute_id=attributes.id \

							where attributes.id='%(attr_id)s' and guid_id = '%(guid_id)s' and value = ? \

						);" % ({'guid_id': guid_id, 'attr_id': attr_id}),

						[_encode_base64(value)]

					)

				)

			for value in set(entry.get(attribute)) - set(old_entry.get(attribute)):

				sql_commands.append(

					(

						"INSERT INTO DATA(guid_id,attribute_id,value) VALUES(%s,%s,?);" % (guid_id, attr_id),

						[_encode_base64(value)]

					)

				)

		if sql_commands:

			self.__execute_sql_commands(sql_commands, fetch_result=False)

if __name__ == '__main__':

	print 'Starting S4cache test example ',

	s4cache = S4Cache('cache.sqlite')

	guid = '1234'

	entry = {

		'attr1': ['foobar'],

		'attr2': [ 'val1', 'val2', 'val3']

	}

	s4cache.add_entry(guid, entry)

	entry_old = s4cache.get_entry(guid)

	diff_entry = s4cache.diff_entry(entry_old, entry)

	if diff_entry.get('changed') or diff_entry.get('removed') or diff_entry.get('added'):

		raise Exception('Test 1 failed: %s' % diff_entry)

	print '.',

	entry['attr3'] = ['val2']

	entry['attr2'] = ['val1', 'val3']

	diff_entry = s4cache.diff_entry(entry_old, entry)

	if diff_entry.get('changed') != set(['attr2']) or diff_entry.get('removed') or diff_entry.get('added') != set(['attr3']):

		raise Exception('Test 2 failed: %s' % diff_entry)

	print '.',

	s4cache.add_entry(guid, entry)

	entry_old = s4cache.get_entry(guid)

	diff_entry = s4cache.diff_entry(entry_old, entry)

	if diff_entry.get('changed') or diff_entry.get('removed') or diff_entry.get('added'):

		raise Exception('Test 3 failed: %s' % diff_entry)

	print '.',

	print ' done'