shell-univention-lib-umc,

Package: python-univention-lib-umc

Architecture: all

Depends: ${python:Depends},

 ${misc:Depends},

 python-univention-config-registry,

Provides: ${python:Provides}

Description: common UMC scripting functions for Python scripts

 This package contains Python functions used by various

 components of UCS.

 .

 It is part of Univention Corporate Server (UCS), an

 integrated, directory driven solution for managing

 corporate environments. For more information about UCS,

 refer to: http://www.univention.de/

Package: shell-univention-lib

Architecture: all

Depends: ${misc:Depends},

 python-univention-config-registry,

 python-univention-lib-umc,

Description: common UMC scripting functions for shell scripts

 This package contains shell functions used by various

 components of UCS.

 .

 It is part of Univention Corporate Server (UCS), an

 integrated, directory driven solution for managing

 corporate environments. For more information about UCS,

 refer to: http://www.univention.de/

#!/usr/bin/python2.7

# -*- coding: utf-8 -*-

#

# Univention Common Python Library

#  Connections to remote UMC Servers

#

# Copyright 2013-2016 Univention GmbH

#

# http://www.univention.de/

#

# All rights reserved.

#

# The source code of this program is made available

# under the terms of the GNU Affero General Public License version 3

# (GNU AGPL V3) as published by the Free Software Foundation.

#

# Binary versions of this program provided by Univention to you as

# well as other copyrighted, protected or trademarked materials like

# Logos, graphics, fonts, specific documentations and configurations,

# cryptographic keys etc. are subject to a license agreement between

# you and Univention and not subject to the GNU AGPL V3.

#

# In the case you use this program under the terms of the GNU AGPL V3,

# the program is provided in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU Affero General Public License for more details.

#

# You should have received a copy of the GNU Affero General Public

# License with the Debian GNU/Linux or Univention distribution in file

# /usr/share/common-licenses/AGPL-3; if not, see

# <http://www.gnu.org/licenses/>.

from httplib import HTTPSConnection, HTTPException

from json import loads, dumps

from socket import error as SocketError

from univention.config_registry import ConfigRegistry

ucr = ConfigRegistry()

ucr.load()

class UMCConnection(object):

	def __init__(self, host, username=None, password=None, error_handler=None):

		self._host = host

		self._headers = {

			'Content-Type': 'application/json; charset=UTF-8',

			'Accept': 'application/json; q=1, text/html; q=0.5; */*; q=0.1',

			'X-Requested-With': 'XMLHttpRequest',

		}

		self._error_handler=error_handler

		if username is not None:

			self.auth(username, password)

	def get_connection(self):

		'''Creates a new HTTPSConnection to the host'''

		# once keep-alive is over, the socket closes

		#   so create a new connection on every request

		return HTTPSConnection(self._host)

	@classmethod

	def get_machine_connection(cls, error_handler=None):

		'''Creates a connection with the credentials of the local host

		to the DC Master'''

		username = '%s$' % ucr.get('hostname')

		password = ''

		try:

			with open('/etc/machine.secret') as machine_file:

				password = machine_file.readline().strip()

		except (OSError, IOError) as e:

			if error_handler:

				error_handler('Could not read /etc/machine.secret: %s' % e)

		try:

			connection = cls(ucr.get('ldap/master'))

			connection.auth(username, password)

			return connection

		except (HTTPException, SocketError) as e:

			if error_handler:

				error_handler('Could not connect to UMC on %s: %s' % (ucr.get('ldap/master'), e))

		return None

	def auth(self, username, password, auth_type=None):

		'''Tries to authenticate against the host and preserves the

		cookie. Has to be done only once (but keep in mind that the

		session probably expires after 10 minutes of inactivity)'''

		data = self.build_data({'username' : username, 'password' : password, 'auth_type': auth_type})

		con = self.get_connection()

		try:

			con.request('POST', '/umcp/auth', data, headers=self._headers)

		except Exception as e:

			# probably unreachable

			if self._error_handler:

				self._error_handler(str(e))

			error_message = '%s: Authentication failed while contacting: %s' % (self._host, e)

			raise HTTPException(error_message)

		else:

			try:

				response = con.getresponse()

				cookie = response.getheader('set-cookie')

				if cookie is None:

					raise ValueError('No cookie')

				self._headers['Cookie'] = cookie  # FIXME: transform Set-Cookie to Cookie

			except Exception as e:

				if self._error_handler:

					self._error_handler(str(e))

				error_message = '%s: Authentication failed: %s' % (self._host, response.read())

				raise HTTPException(error_message)

	def build_data(self, data, flavor=None):

		'''Returns a dictionary as expected by the UMC Server'''

		data = {'options' : data}

		if flavor:

			data['flavor'] = flavor

		return dumps(data)

	def request(self, url, data=None, flavor=None, command='command'):

		'''Sends a request and returns the data from the response. url

		as in the XML file of that UMC module.

		command may be anything that UMCP understands, especially:

		 * command (default)

		 * get (and url could be 'ucr' then)

		 * set (and url would be '' and data could be {'locale':'de_DE'})

		 * upload (url could be 'udm/license/import')

		'''

		if data is None:

			data = {}

		data = self.build_data(data, flavor)

		con = self.get_connection()

		umcp_command = '/umcp/%s' % command

		if url:

			umcp_command = '%s/%s' % (umcp_command, url)

		con.request('POST', umcp_command, data, headers=self._headers)

		response = con.getresponse()

		if response.status != 200:

			error_message = '%s on %s (%s): %s' % (response.status, self._host, url, response.read())

			if response.status == 403:

				# 403 is either command is unknown

				#   or command is known but forbidden

				if self._error_handler:

					self._error_handler(error_message)

				raise NotImplementedError('command forbidden: %s' % url)

			raise HTTPException(error_message)

		content = response.read()

		content = loads(content)  # FIXME: inspect Content-Type response header

		if isinstance(content, dict):

			return content.get('result', content)

		return content

import univention.admin.uexceptions

import bz2

import zlib

from PIL import Image

import StringIO

import magic

MIME_TYPE = magic.open(magic.MAGIC_MIME_TYPE)

MIME_TYPE.load()

MIME_DESCRIPTION = magic.open(magic.MAGIC_NONE)

MIME_DESCRIPTION.load()

UMC_ICON_BASEDIR = "/usr/share/univention-management-console-frontend/js/dijit/themes/umc/icons"

compression_mime_type_handlers = {

	"application/x-gzip": lambda x: zlib.decompress(x, 16+zlib.MAX_WBITS),

	"application/x-bzip2": bz2.decompress

}

def get_mime_type(data):

	return MIME_TYPE.buffer(data)

def get_mime_description(data):

	return MIME_DESCRIPTION.buffer(data)

def compression_mime_type_of_buffer(data):

	mime_type = get_mime_type(data)

	if mime_type in compression_mime_type_handlers:

		return (mime_type, compression_mime_type_handlers[mime_type])

	else:

		raise univention.admin.uexceptions.valueError( "Not a supported compression format: %s" % (mime_type,))

def uncompress_buffer(data):

	try:

		(mime_type, compression_mime_type_handler) = compression_mime_type_of_buffer(data)

		return (mime_type, compression_mime_type_handler(data))

	except univention.admin.uexceptions.valueError:

		return (None, data)

def uncompress_file(filename):

	with open(filename, 'r') as f:

		return uncompress_buffer(f.read())

def image_mime_type_of_buffer(data):

	mime_type = get_mime_type(data)

	if mime_type in ('image/jpeg', 'image/png', 'image/svg+xml', 'application/x-gzip'):

		return mime_type

	else:

		raise univention.admin.uexceptions.valueError( "Not a supported image format: %s" % (mime_type,))

def imagedimensions_of_buffer(data):

	fp = StringIO.StringIO(data)

	im=Image.open(fp)

	return im.size

def imagecategory_of_buffer(data):

	(compression_mime_type, uncompressed_data) = uncompress_buffer(data)

	mime_type = image_mime_type_of_buffer(uncompressed_data)

	if mime_type in ('image/jpeg', 'image/png'):

		return (mime_type, compression_mime_type, "%sx%s" % imagedimensions_of_buffer(uncompressed_data))

	elif mime_type in ('image/svg+xml', 'application/x-gzip'):

		return (mime_type, compression_mime_type, "scalable")

def default_filename_suffix_for_mime_type(mime_type, compression_mime_type):

	if mime_type == 'image/svg+xml':

		if not compression_mime_type:

			return '.svg'

		elif compression_mime_type == 'application/x-gzip':

			return '.svgz'

	elif mime_type == 'image/png':

		return '.png'

	elif mime_type == 'image/jpeg':

		return '.jpg'

	return None

#!/bin/sh

# -*- coding: utf-8 -*-

#

# Univention Lib

#  shell function for creating UMC operation and acl objects

#

# Copyright 2011-2016 Univention GmbH

#

# http://www.univention.de/

#

# All rights reserved.

#

# The source code of this program is made available

# under the terms of the GNU Affero General Public License version 3

# (GNU AGPL V3) as published by the Free Software Foundation.

#

# Binary versions of this program provided by Univention to you as

# well as other copyrighted, protected or trademarked materials like

# Logos, graphics, fonts, specific documentations and configurations,

# cryptographic keys etc. are subject to a license agreement between

# you and Univention and not subject to the GNU AGPL V3.

#

# In the case you use this program under the terms of the GNU AGPL V3,

# the program is provided in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU Affero General Public License for more details.

#

# You should have received a copy of the GNU Affero General Public

# License with the Debian GNU/Linux or Univention distribution in file

# /usr/share/common-licenses/AGPL-3; if not, see

# <http://www.gnu.org/licenses/>.

eval "$(/usr/sbin/univention-config-registry shell ldap/base)"

BIND_ARGS="$@"

umc_frontend_new_hash () {

	# create new timestamps for index.html and debug.html in order to

	# avoid caching problems in browsers

	timestamp=$(date +'%Y%d%m%H%M%S')

	for ifile in index.html debug.html error.html js/umc/login.html; do

		f="/usr/share/univention-management-console-frontend/$ifile"

		[ -w "$f" ] && sed -i 's/\$\(.*\)\$/$'$timestamp'$/' "$f"

	done

	# update the symlinks to the js/css directories

	for idir in css js; do

		rm -f "/usr/share/univention-management-console-frontend/${idir}_\$"*\$ || true

		ln -s "$idir" "/usr/share/univention-management-console-frontend/${idir}_\$${timestamp}\$" || true

	done

	return 0

}

umc_init () {

	eval "$(/usr/sbin/univention-config-registry shell groups/default/domainadmins groups/default/domainusers)"

	# containers

	udm container/cn create $BIND_ARGS --ignore_exists --position "cn=univention,$ldap_base" --set name=UMC || exit $?

	udm container/cn create $BIND_ARGS --ignore_exists --position "cn=policies,$ldap_base" --set name=UMC --set policyPath=1 || exit $?

	udm container/cn create $BIND_ARGS --ignore_exists --position "cn=UMC,cn=univention,$ldap_base" --set name=operations || exit $?

	# default admin policy

	udm policies/umc create $BIND_ARGS --ignore_exists --set name=default-umc-all \

		--position "cn=UMC,cn=policies,$ldap_base" || exit $?

	# link default admin policy to the group "Domain Admins"

	group_admins="${groups_default_domainadmins:-Domain Admins}"

	udm groups/group modify $BIND_ARGS --ignore_exists --dn "cn=$group_admins,cn=groups,$ldap_base" \

		--policy-reference="cn=default-umc-all,cn=UMC,cn=policies,$ldap_base" || exit $?

	# default user policy

	udm policies/umc create $BIND_ARGS --ignore_exists --set name=default-umc-users \

		--position "cn=UMC,cn=policies,$ldap_base" || exit $?

	# link default user policy to the group "Domain Users"

	group_users="${groups_default_domainusers:-Domain Users}"

	udm groups/group modify $BIND_ARGS --ignore_exists --dn "cn=$group_users,cn=groups,$ldap_base" \

		--policy-reference="cn=default-umc-users,cn=UMC,cn=policies,$ldap_base" || exit $?

}

_umc_remove_old () {

	# removes an object and ignores all errors

	name=$1; shift

	module=$1; shift

	container=$1

	udm $module remove $BIND_ARGS --dn "cn=$name,$container,$ldap_base" 2>/dev/null || true

}

umc_operation_create () {

	# example: umc_operation_create "udm" "UDM" "users/user" "udm/*:objectType=users/*"

	name=$1; shift

	description=$1; shift

	flavor=$1; shift

	operations=""

	for oper in "$@"; do

		operations="$operations --append operation=$oper "

	done

	udm settings/umc_operationset create $BIND_ARGS --ignore_exists \

		--position "cn=operations,cn=UMC,cn=univention,$ldap_base" \

		--set name="$name" \

		--set description="$description" \

		--set flavor="$flavor" $operations || exit $?

}

umc_policy_append () {

	# example: umc_policy_append "default-umc-all" "udm-all" "udm-users"

	policy="$1"; shift

	ops=""

	for op in "$@"; do

		ops="$ops --append allow=cn=$op,cn=operations,cn=UMC,cn=univention,$ldap_base "

	done

	udm policies/umc modify $BIND_ARGS --ignore_exists \

		--dn "cn=$policy,cn=UMC,cn=policies,$ldap_base" $ops || exit $?

}