From f24bc25781169cdf023255179f3d25d57c120089 Mon Sep 17 00:00:00 2001 From: Lukas Oyen Date: Tue, 27 Jun 2017 17:38:31 +0200 Subject: [PATCH 1/2] Bug #xxx: umc-diagnostic: new check `samba_tool_sysvolcheck.py` --- .../diagnostic/plugins/samba_tool_sysvolcheck.py | 85 ++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100755 management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/samba_tool_sysvolcheck.py diff --git a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/samba_tool_sysvolcheck.py b/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/samba_tool_sysvolcheck.py new file mode 100755 index 0000000..95326d6 --- /dev/null +++ b/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/samba_tool_sysvolcheck.py @@ -0,0 +1,85 @@ +#!/usr/bin/python2.7 +# coding: utf-8 +# +# Univention Management Console module: +# System Diagnosis UMC module +# +# Copyright 2017 Univention GmbH +# +# http://www.univention.de/ +# +# All rights reserved. +# +# The source code of this program is made available +# under the terms of the GNU Affero General Public License version 3 +# (GNU AGPL V3) as published by the Free Software Foundation. +# +# Binary versions of this program provided by Univention to you as +# well as other copyrighted, protected or trademarked materials like +# Logos, graphics, fonts, specific documentations and configurations, +# cryptographic keys etc. are subject to a license agreement between +# you and Univention and not subject to the GNU AGPL V3. +# +# In the case you use this program under the terms of the GNU AGPL V3, +# the program is provided in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public +# License with the Debian GNU/Linux or Univention distribution in file +# /usr/share/common-licenses/AGPL-3; if not, see +# . + +import ldap +import socket +import subprocess + +import univention.uldap +from univention.management.console.modules.diagnostic import Warning + +from univention.lib.i18n import Translation +_ = Translation('univention-management-console-module-diagnostic').translate + +title = _('Check Samba sysvol ACLs for errors') +description = _('No errors found.'), + + +def is_service_active(service): + lo = univention.uldap.getMachineConnection() + raw_filter = '(&(univentionService=%s)(cn=%s))' + filter_expr = ldap.filter.filter_format(raw_filter, (service, socket.gethostname())) + for (dn, _attr) in lo.search(filter_expr, attr=['cn']): + if dn is not None: + return True + return False + + +def run_with_output(cmd): + output = list() + process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + (stdout, stderr) = process.communicate() + if stdout: + output.append('\nSTDOUT:\n{}'.format(stdout)) + if stderr: + output.append('\nSTDERR:\n{}'.format(stderr)) + return (process.returncode == 0, '\n'.join(output)) + + +def run(): + if not is_service_active('Samba 4'): + return + + error_descriptions = list() + cmd = ['samba-tool', 'ntacl', 'sysvolcheck'] + (success, output) = run_with_output(cmd) + if not success or output: + error = _('`samba-tool ntacl sysvolcheck` returned a problem with the sysvol ACLs.') + error_descriptions.append(error) + error_descriptions.append(output) + raise Warning(description='\n'.join(error_descriptions)) + + +if __name__ == '__main__': + from univention.management.console.modules.diagnostic import main + main() -- 2.7.4 From 1c41cd7683c157ba21045492ef102b51a25d8cf2 Mon Sep 17 00:00:00 2001 From: Lukas Oyen Date: Tue, 27 Jun 2017 17:49:14 +0200 Subject: [PATCH 2/2] Bug #xxx: umc-diagnostic: new check `samba_tool_sysvolcheck.py` (po) --- .../umc/python/diagnostic/de.po | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/de.po b/management/univention-management-console-module-diagnostic/umc/python/diagnostic/de.po index affad86..ed46026 100644 --- a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/de.po +++ b/management/univention-management-console-module-diagnostic/umc/python/diagnostic/de.po @@ -2,8 +2,8 @@ msgid "" msgstr "" "Project-Id-Version: univention-management-console-module-diagnostic\n" -"Report-Msgid-Bugs-To: packages@univention.de\n" -"POT-Creation-Date: 2016-01-14 12:19+0100\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2017-06-27 17:48+0200\n" "PO-Revision-Date: \n" "Last-Translator: Univention GmbH \n" "Language-Team: Univention GmbH \n" @@ -27,6 +27,10 @@ msgstr "" msgid "Adjust to suggested limits" msgstr "An vorgeschlagene Limits anpassen" +#: umc/python/diagnostic/plugins/samba_tool_sysvolcheck.py:44 +msgid "Check Samba sysvol ACLs for errors" +msgstr "Überprüfe die Samba SYSVOL ACL Einträge auf Fehler" + #: umc/python/diagnostic/plugins/gateway.py:11 msgid "Gateway is not reachable" msgstr "Gateway ist nicht erreichbar" @@ -97,6 +101,10 @@ msgstr "" msgid "Nameserver(s) are not responsive" msgstr "Nameserver sind nicht ansprechbar" +#: umc/python/diagnostic/plugins/samba_tool_sysvolcheck.py:45 +msgid "No errors found." +msgstr "Keine Fehler gefunden." + #: umc/python/diagnostic/plugins/package_status.py:11 msgid "Package status corrupt" msgstr "Paketstatus korrupt" @@ -260,6 +268,12 @@ msgstr "" "dass Authentifikations-Zugangsdaten (falls existierend) korrekt sind und die " "ACL's des Proxy-Servers nicht verbieten, Anfragen an %s zu stellen." +#: umc/python/diagnostic/plugins/samba_tool_sysvolcheck.py:77 +msgid "`samba-tool ntacl sysvolcheck` returned a problem with the sysvol ACLs." +msgstr "" +"`samba-tool ntacl sysvolcheck` meldet ein Problem mit den SYSVOL ACL " +"Einträgen." + #: umc/python/diagnostic/plugins/package_status.py:28 msgid "some" msgstr "einigen" -- 2.7.4