From 1117c02bb22740a3cf50d91dd799b8bbcfaaf255 Mon Sep 17 00:00:00 2001 From: Lukas Oyen Date: Tue, 6 Jun 2017 18:32:56 +0200 Subject: [PATCH 1/2] Bug #35859: ucm-diagnostic: new check heimdal_on_samba4_dc --- .../diagnostic/plugins/heimdal_on_samba4_dc.py | 104 +++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100755 management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py diff --git a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py b/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py new file mode 100755 index 0000000..ff87f40 --- /dev/null +++ b/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py @@ -0,0 +1,104 @@ +#!/usr/bin/python2.7 +# coding: utf-8 +# +# Univention Management Console module: +# System Diagnosis UMC module +# +# Copyright 2017 Univention GmbH +# +# http://www.univention.de/ +# +# All rights reserved. +# +# The source code of this program is made available +# under the terms of the GNU Affero General Public License version 3 +# (GNU AGPL V3) as published by the Free Software Foundation. +# +# Binary versions of this program provided by Univention to you as +# well as other copyrighted, protected or trademarked materials like +# Logos, graphics, fonts, specific documentations and configurations, +# cryptographic keys etc. are subject to a license agreement between +# you and Univention and not subject to the GNU AGPL V3. +# +# In the case you use this program under the terms of the GNU AGPL V3, +# the program is provided in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public +# License with the Debian GNU/Linux or Univention distribution in file +# /usr/share/common-licenses/AGPL-3; if not, see +# . + +import ldap +import socket +import psutil + +import univention.uldap + +import univention.config_registry +from univention.management.console.modules.diagnostic import Critical + +from univention.lib.i18n import Translation +_ = Translation('univention-management-console-module-diagnostic').translate + +title = _('Check Heimdal KDC on Samba 4 DC') +description = _('Samba 4 KDC running.') +umc_modules = [{'module': 'services'}] + + +def is_service_active(service): + lo = univention.uldap.getMachineConnection() + raw_filter = '(&(univentionService=%s)(cn=%s))' + filter_expr = ldap.filter.filter_format(raw_filter, (service, socket.gethostname())) + for (dn, _attr) in lo.search(filter_expr, attr=['cn']): + if dn is not None: + return True + return False + + +def samba_kdc_running(): + try: + import samba.messaging + except ImportError: + return False + msg = samba.messaging.Messaging() + try: + ids = msg.irpc_servers_byname('kdc_server') + except KeyError: + return False + return bool(ids) + + +def is_heimdal_kdc_running(): + kdc_paths = ('/usr/lib/heimdal-servers/kdc', '/usr/lib/heimdal-servers/kpasswdd') + process_paths = (p.exe() for p in psutil.process_iter()) + return any(path in kdc_paths for path in process_paths) + + +def is_kerberos_autostart_disabled(): + configRegistry = univention.config_registry.ConfigRegistry() + configRegistry.load() + return configRegistry.is_false('kerberos/autostart') + + +def run(): + error = _('This is a Samba 4 DC, but `samba-tool processes` reports no `kdc_server`.') + heimdal_error = _('This may be, because Heimdal KDC seems to be running.') + autostart_error = _('This may be, because `kerberos/autostart` is not disabled.') + solution = _('You may want to stop Heimdal KDC and restart Samba via {services}') + + if is_service_active('Samba 4') and not samba_kdc_running(): + error_descriptions = [error] + if is_heimdal_kdc_running(): + error_descriptions.append(heimdal_error) + if not is_kerberos_autostart_disabled(): + error_descriptions.append(autostart_error) + error_descriptions.append(solution) + raise Critical('\n'.join(error_descriptions)) + + +if __name__ == '__main__': + from univention.management.console.modules.diagnostic import main + main() -- 2.7.4 From 52f91e7c4078db221b7e61d3143bee3952f8a55a Mon Sep 17 00:00:00 2001 From: Lukas Oyen Date: Tue, 6 Jun 2017 18:36:44 +0200 Subject: [PATCH 2/2] Bug #35859: ucm-diagnostic: new check heimdal_on_samba4_dc (po) --- .../umc/python/diagnostic/de.po | 33 ++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/de.po b/management/univention-management-console-module-diagnostic/umc/python/diagnostic/de.po index affad86..9ff3b19 100644 --- a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/de.po +++ b/management/univention-management-console-module-diagnostic/umc/python/diagnostic/de.po @@ -2,8 +2,8 @@ msgid "" msgstr "" "Project-Id-Version: univention-management-console-module-diagnostic\n" -"Report-Msgid-Bugs-To: packages@univention.de\n" -"POT-Creation-Date: 2016-01-14 12:19+0100\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2017-06-06 18:36+0200\n" "PO-Revision-Date: \n" "Last-Translator: Univention GmbH \n" "Language-Team: Univention GmbH \n" @@ -27,6 +27,10 @@ msgstr "" msgid "Adjust to suggested limits" msgstr "An vorgeschlagene Limits anpassen" +#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:46 +msgid "Check Heimdal KDC on Samba 4 DC" +msgstr "Überprüfe Heimdal KDC auf Samba 4 DC" + #: umc/python/diagnostic/plugins/gateway.py:11 msgid "Gateway is not reachable" msgstr "Gateway ist nicht erreichbar" @@ -133,6 +137,10 @@ msgstr "Proxy-Server-Fehler" msgid "SSH connection to UCS server failed!" msgstr "SSH-Verbindung zu anderem UCS Server fehlgeschlagen!" +#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:47 +msgid "Samba 4 KDC running." +msgstr "Samba 4 KDC läuft." + #: umc/python/diagnostic/plugins/security_limits.py:14 msgid "Security limits exceeded" msgstr "Sicherheitslimits überschritten" @@ -249,6 +257,22 @@ msgstr "" "an Samba-Servern unmöglich, Dateioperationen (Kopieren, Verschieben) auf " "Freigaben kann fehlschlagen, uvm.)" +#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:87 +msgid "" +"This is a Samba 4 DC, but `samba-tool processes` reports no `kdc_server`." +msgstr "" +"Dies ist ein Samba 4 DC, aber `samba-tool processes` zeigt keinen " +"`kdc_server` an." + +#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:88 +msgid "This may be, because Heimdal KDC seems to be running." +msgstr "Dies mag daher kommen, dass Heimdal KDC läuft." + +#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:89 +msgid "This may be, because `kerberos/autostart` is not disabled." +msgstr "" +"Dies mag daher kommen, dass `kerberos/autostart` nicht deaktiviert ist." + #: umc/python/diagnostic/plugins/proxy.py:83 #, python-format msgid "" @@ -260,6 +284,11 @@ msgstr "" "dass Authentifikations-Zugangsdaten (falls existierend) korrekt sind und die " "ACL's des Proxy-Servers nicht verbieten, Anfragen an %s zu stellen." +#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:90 +#, python-brace-format +msgid "You may want to stop Heimdal KDC and restart Samba via {services}" +msgstr "Sie können Heimdal KDC per {services} stoppen und Samba neu starten." + #: umc/python/diagnostic/plugins/package_status.py:28 msgid "some" msgstr "einigen" -- 2.7.4