Univention Bugzilla – Attachment 8993 Details for
Bug 41659
unify computers/* code
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch (rebased to r80805)
41659.patch (text/plain), 141.85 KB, created by
Florian Best
on 2017-07-03 19:31 CEST
(
hide
)
Description:
patch (rebased to r80805)
Filename:
MIME Type:
Creator:
Florian Best
Created:
2017-07-03 19:31 CEST
Size:
141.85 KB
patch
obsolete
>commit 171f64ce0bca6d7033cd8ed80948aadc344ea9a2 >Author: Florian Best <best@univention.de> >Date: Mon Jul 3 19:16:16 2017 +0200 > > unifiy computer modules > >diff --git a/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst b/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst >index 3e07c34..85d2356 100644 >--- a/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst >+++ b/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst >@@ -32,21 +32,8 @@ > > #DEBHELPER# > >-if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 10.0.29-53; then >- ln -s /usr/share/pyshared/univention/admin/policy.py /usr/lib/pymodules/python2.7/univention/admin/policy.py >-fi >- >-# Bug #38473: workaround only required up to UCS 4.1-0 >-if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt-nl 10.0.30; then >- FN="/usr/share/pyshared/univention/admin/handlers/policies/mailquota.py" >- FN_BACKUP="${FN}.udm_backup" >- if [ -f "$FN" ] ; then >- CUR_MD5="$(md5sum "$FN" | cut -d' ' -f1)" >- PKG_MD5="$(sed -nre 's,^([a-f0-9]+)\s+usr/share/pyshared/univention/admin/handlers/policies/mailquota.py,\1,p' /var/lib/dpkg/info/python-univention-directory-manager.md5sums)" >- if [ -n "$PKG_MD5" -a -n "$CUR_MD5" -a ! "$PKG_MD5" = "$CUR_MD5" ] ; then >- cp "$FN" "$FN_BACKUP" >- fi >- fi >+if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 12.0.17-53; then >+ ln -s /usr/share/pyshared/univention/admin/handlers/computers/base.py /usr/lib/pymodules/python2.7/univention/admin/handlers/computers/base.py > fi > > exit 0 >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/base.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/base.py >new file mode 100644 >index 0000000..f51f25f >--- /dev/null >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/base.py >@@ -0,0 +1,351 @@ >+# -*- coding: utf-8 -*- >+# >+# Univention Admin Modules >+# admin module for generic computer objects >+# >+# Copyright 2016 Univention GmbH >+# >+# http://www.univention.de/ >+# >+# All rights reserved. >+# >+# The source code of this program is made available >+# under the terms of the GNU Affero General Public License version 3 >+# (GNU AGPL V3) as published by the Free Software Foundation. >+# >+# Binary versions of this program provided by Univention to you as >+# well as other copyrighted, protected or trademarked materials like >+# Logos, graphics, fonts, specific documentations and configurations, >+# cryptographic keys etc. are subject to a license agreement between >+# you and Univention and not subject to the GNU AGPL V3. >+# >+# In the case you use this program under the terms of the GNU AGPL V3, >+# the program is provided in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU Affero General Public License for more details. >+# >+# You should have received a copy of the GNU Affero General Public >+# License with the Debian GNU/Linux or Univention distribution in file >+# /usr/share/common-licenses/AGPL-3; if not, see >+# <http://www.gnu.org/licenses/>. >+ >+import time >+from ldap.filter import filter_format >+ >+import univention.admin.filter >+import univention.admin.handlers >+import univention.admin.password >+import univention.admin.allocators >+import univention.admin.localization >+import univention.admin.uldap >+import univention.admin.nagios as nagios >+import univention.admin.handlers.groups.group >+import univention.admin.handlers.dns.forward_zone >+import univention.admin.handlers.dns.reverse_zone >+import univention.admin.handlers.networks.network >+ >+translation = univention.admin.localization.translation('univention.admin.handlers.computers') >+_ = translation.translate >+ >+ >+class computerBase(univention.admin.handlers.simpleComputer, nagios.Support): >+ CONFIG_NAME = None >+ SERVER_ROLE = None >+ SERVER_TYPE = None >+ SAMBA_ACCOUNT_FLAG = None >+ DEFAULT_OCS = [] >+ >+ def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): >+ univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >+ nagios.Support.__init__(self) >+ >+ def open(self): >+ univention.admin.handlers.simpleComputer.open(self) >+ self.nagios_open() >+ >+ if self.exists(): >+ if 'posix' in self.options and not self.info.get('primaryGroup'): >+ primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] >+ univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >+ if primaryGroupNumber: >+ primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >+ if primaryGroupResult: >+ self['primaryGroup'] = primaryGroupResult[0] >+ univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >+ else: >+ self['primaryGroup'] = None >+ self.save() >+ raise univention.admin.uexceptions.primaryGroup >+ else: >+ self['primaryGroup'] = None >+ self.save() >+ raise univention.admin.uexceptions.primaryGroup >+ if 'samba' in self.options: >+ sid = self.oldattr.get('sambaSID', [''])[0] >+ pos = sid.rfind('-') >+ self.info['sambaRID'] = sid[pos + 1:] >+ >+ self.modifypassword = 0 >+ if self.exists(): >+ userPassword = self.oldattr.get('userPassword', [''])[0] >+ if userPassword: >+ self.info['password'] = userPassword >+ self.modifypassword = 0 >+ self.save() >+ else: >+ self.modifypassword = 0 >+ if 'posix' in self.options: >+ res = univention.admin.config.getDefaultValue(self.lo, self.CONFIG_NAME, position=self.position) >+ if res: >+ self['primaryGroup'] = res >+ >+ def _ldap_pre_create(self): >+ super(object, self)._ldap_pre_create() >+ if not self['password']: >+ self['password'] = self.oldattr.get('password', [''])[0] >+ self.modifypassword = 0 >+ >+ def _ldap_addlist(self): >+ self.check_required_options() >+ ocs = list(self.DEFAULT_OCS) >+ al = [] >+ if 'kerberos' in self.options: >+ domain = univention.admin.uldap.domain(self.lo, self.position) >+ realm = domain.getKerberosRealm() >+ >+ if realm: >+ al.append(('krb5MaxLife', '86400')) >+ al.append(('krb5MaxRenew', '604800')) >+ al.append(('krb5KDCFlags', '126')) >+ krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >+ al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >+ else: >+ # can't do kerberos >+ self._remove_option('kerberos') >+ if 'posix' in self.options: >+ self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >+ self.alloc.append(('uidNumber', self.uidNum)) >+ gidNum = self.get_gid_for_primary_group() >+ al.append(('uidNumber', [self.uidNum])) >+ al.append(('gidNumber', [gidNum])) >+ >+ if self.modifypassword or self['password']: >+ if 'kerberos' in self.options: >+ krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >+ al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >+ if 'posix' in self.options: >+ password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >+ al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >+ if 'samba' in self.options: >+ password_nt, password_lm = univention.admin.password.ntlm(self['password']) >+ al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >+ al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >+ sambaPwdLastSetValue = str(long(time.time())) >+ al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >+ self.modifypassword = 0 >+ if 'samba' in self.options: >+ acctFlags = univention.admin.samba.acctFlags(flags={self.SAMBA_ACCOUNT_FLAG: 1}) >+ self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >+ self.alloc.append(('sid', self.machineSid)) >+ al.append(('sambaSID', [self.machineSid])) >+ al.append(('sambaAcctFlags', [acctFlags.decode()])) >+ al.append(('displayName', self.info['name'])) >+ >+ al.insert(0, ('objectClass', ocs)) >+ if self.SERVER_ROLE: >+ al.append(('univentionServerRole', '', self.SERVER_ROLE)) >+ return al >+ >+ def check_required_options(self): >+ pass >+ >+ def _ldap_post_create(self): >+ if 'posix' in self.options: >+ if hasattr(self, 'uid') and self.uid: >+ univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >+ univention.admin.handlers.simpleComputer.primary_group(self) >+ univention.admin.handlers.simpleComputer.update_groups(self) >+ univention.admin.handlers.simpleComputer._ldap_post_create(self) >+ self.nagios_ldap_post_create() >+ >+ def _ldap_pre_remove(self): >+ self.open() >+ if 'posix' in self.options and self.oldattr.get('uidNumber'): >+ self.uidNum = self.oldattr['uidNumber'][0] >+ >+ def _ldap_post_remove(self): >+ if 'posix' in self.options: >+ univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >+ groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn])) >+ if groupObjects: >+ for i in range(0, len(groupObjects)): >+ groupObjects[i].open() >+ if self.dn in groupObjects[i]['users']: >+ groupObjects[i]['users'].remove(self.dn) >+ groupObjects[i].modify(ignore_license=1) >+ >+ self.nagios_ldap_post_remove() >+ univention.admin.handlers.simpleComputer._ldap_post_remove(self) >+ # Need to clean up oldinfo. If remove was invoked, because the >+ # creation of the object has failed, the next try will result in >+ # a 'object class violation' (Bug #19343) >+ self.oldinfo = {} >+ >+ def krb5_principal(self): >+ domain = univention.admin.uldap.domain(self.lo, self.position) >+ realm = domain.getKerberosRealm() >+ if 'domain' in self.info and self.info['domain']: >+ kerberos_domain = self.info['domain'] >+ else: >+ kerberos_domain = domain.getKerberosRealm() >+ return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm >+ >+ def _ldap_post_modify(self): >+ univention.admin.handlers.simpleComputer.primary_group(self) >+ univention.admin.handlers.simpleComputer.update_groups(self) >+ univention.admin.handlers.simpleComputer._ldap_post_modify(self) >+ self.nagios_ldap_post_modify() >+ >+ def _ldap_pre_modify(self): >+ if self.hasChanged('password'): >+ if not self['password']: >+ self['password'] = self.oldattr.get('password', [''])[0] >+ self.modifypassword = 0 >+ elif not self.info['password']: >+ self['password'] = self.oldattr.get('password', [''])[0] >+ self.modifypassword = 0 >+ else: >+ self.modifypassword = 1 >+ self.nagios_ldap_pre_modify() >+ univention.admin.handlers.simpleComputer._ldap_pre_modify(self) >+ >+ def _ldap_modlist(self): >+ ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) >+ >+ self.nagios_ldap_modlist(ml) >+ >+ if self.hasChanged('name'): >+ if 'posix' in self.options: >+ if hasattr(self, 'uidNum'): >+ univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >+ requested_uid = "%s$" % self['name'] >+ try: >+ self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >+ except Exception: >+ self.cancel() >+ raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) >+ >+ self.alloc.append(('uid', self.uid)) >+ >+ ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >+ >+ if 'samba' in self.options: >+ ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >+ >+ if 'kerberos' in self.options: >+ ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >+ >+ if self.modifypassword and self['password']: >+ if 'kerberos' in self.options: >+ krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >+ krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >+ ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >+ ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >+ if 'posix' in self.options: >+ password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >+ ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >+ if 'samba' in self.options: >+ password_nt, password_lm = univention.admin.password.ntlm(self['password']) >+ ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >+ ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >+ sambaPwdLastSetValue = str(long(time.time())) >+ ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >+ >+ # add samba option >+ if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >+ acctFlags = univention.admin.samba.acctFlags(flags={self.SAMBA_ACCOUNT_FLAG: 1}) >+ self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >+ self.alloc.append(('sid', self.machineSid)) >+ ml.append(('sambaSID', '', [self.machineSid])) >+ ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >+ ml.append(('displayName', '', self.info['name'])) >+ sambaPwdLastSetValue = str(long(time.time())) >+ ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >+ if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >+ for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: >+ if self.oldattr.get(key, []): >+ ml.insert(0, (key, self.oldattr.get(key, []), '')) >+ >+ if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >+ self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >+ ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >+ >+ return ml >+ >+ def cleanup(self): >+ self.open() >+ self.nagios_cleanup() >+ univention.admin.handlers.simpleComputer.cleanup(self) >+ >+ def cancel(self): >+ for i, j in self.alloc: >+ univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) >+ univention.admin.allocators.release(self.lo, self.position, i, j) >+ >+ def link(self): >+ result = [] >+ if self['ip'] and len(self['ip']) > 0 and self['ip'][0]: >+ result = [{ >+ 'url': 'https://%s/univention-management-console/' % self['ip'][0], >+ 'ipaddr': self['ip'][0], >+ }] >+ if 'dnsEntryZoneForward' in self and self['dnsEntryZoneForward'] and len(self['dnsEntryZoneForward']) > 0: >+ zone = univention.admin.uldap.explodeDn(self['dnsEntryZoneForward'][0], 1)[0] >+ if not result: >+ result = [{'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone)}] >+ result[0]['fqdn'] = '%s.%s' % (self['name'], zone) >+ if result: >+ result[0]['name'] = _('Open Univention Management Console on this computer') >+ return result >+ return None >+ >+ @classmethod >+ def rewrite(cls, filter, mapping): >+ if filter.variable == 'ip': >+ filter.variable = 'aRecord' >+ else: >+ univention.admin.mapping.mapRewrite(filter, cls.mapping) >+ >+ @classmethod >+ def lookup_filter(cls, filter_s=None, lo=None): >+ filter_s = univention.admin.filter.replace_fqdn_filter(filter_s) >+ if str(filter_s).find('(dnsAlias=') != -1: >+ filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) >+ if filter_s: >+ return cls.lookup_filter(filter_s, lo) >+ else: >+ return None >+ lookup_filter_obj = univention.admin.filter.conjunction('&', [x for x in [ >+ univention.admin.filter.expression('objectClass', 'univentionHost'), >+ univention.admin.filter.expression('objectClass', cls.SERVER_TYPE), >+ None if not cls.SERVER_ROLE else univention.admin.filter.expression('univentionServerRole', cls.SERVER_ROLE), >+ ] if x is not None]) >+ >+ # ATTENTION: has its own rewrite function. >+ lookup_filter_obj.append_unmapped_filter_string(filter_s, cls.rewrite, cls.mapping) >+ return lookup_filter_obj >+ >+ @classmethod >+ def lookup(cls, co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0): >+ filter = cls.lookup_filter(filter_s, lo) >+ if filter is None: >+ return [] >+ res = [] >+ for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): >+ res.append(cls(co, lo, None, dn, attributes=attrs)) >+ return res >+ >+ @classmethod >+ def identify(cls, dn, attr, canonical=0): >+ return 'univentionHost' in attr.get('objectClass', []) and cls.SERVER_TYPE in attr.get('objectClass', []) and (True if not cls.SERVER_ROLE else cls.SERVER_ROLE in attr.get('univentionServerRole', [])) >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py >index 2fd77c2..7f68805 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation = univention.admin.localization.translation('univention.admin.handlers.computers') > _ = translation.translate >@@ -401,298 +392,17 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module = module >- >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open(self) >- self.nagios_open() >- >- self.modifypassword = 0 >- if self.exists(): >- userPassword = self.oldattr.get('userPassword', [''])[0] >- if userPassword: >- self.info['password'] = userPassword >- self.modifypassword = 0 >- >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get('primaryGroup'): >- primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup'] = primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos + 1:] >- >- self.save() >- >- else: >- self.modifypassword = 0 >- if 'posix' in self.options: >- res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerMasterGroup', position=self.position) >- if res: >- self['primaryGroup'] = res >- # self.save() >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- >- def _ldap_addlist(self): >- ocs = ['top', 'person', 'univentionHost', 'univentionDomainController'] >- al = [] >- if 'kerberos' in self.options: >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- >- if realm: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option('kerberos') >- if 'posix' in self.options: >- self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber', self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword = 0 >- if 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- al.append(('univentionServerRole', '', 'backup')) >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_create(self) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get('uidNumber'): >- self.uidNum = self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove(self) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain = self.info['domain'] >- else: >- kerberos_domain = domain.getKerberosRealm() >- return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_modify(self) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- elif not self.info['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- else: >- self.modifypassword = 1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify(self) >- >- def _ldap_modlist(self): >- ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid = "%s$" % self['name'] >- try: >- self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) >- return [] >- >- self.alloc.append(('uid', self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup(self) >- >- def cancel(self): >- for i, j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- def link(self): >- result = [] >- if self['ip'] and len(self['ip']) > 0 and self['ip'][0]: >- result = [{'url': 'https://%s/univention-management-console/' % self['ip'][0], 'ipaddr': self['ip'][0], }] >- if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len(self['dnsEntryZoneForward']) > 0: >- zone = univention.admin.uldap.explodeDn(self['dnsEntryZoneForward'][0], 1)[0] >- if not result: >- result = [{'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone)}] >- result[0]['fqdn'] = '%s.%s' % (self['name'], zone) >- if result: >- result[0]['name'] = _('Open Univention Management Console on this computer') >- return result >- return None >- >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable = 'aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >- >- >-def lookup_filter(filter_s=None, lo=None): >- filter_s = univention.admin.filter.replace_fqdn_filter(filter_s) >- if str(filter_s).find('(dnsAlias=') != -1: >- filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) >- if filter_s: >- return lookup_filter(filter_s, lo) >- else: >- return None >- lookup_filter_obj = \ >- univention.admin.filter.conjunction('&', [ >- univention.admin.filter.expression('objectClass', 'univentionHost'), >- univention.admin.filter.expression('objectClass', 'univentionDomainController'), >- univention.admin.filter.expression('univentionServerRole', 'backup'), >- ]) >- >- # ATTENTION: has its own rewrite function. >- lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping) >- return lookup_filter_obj >- >- >-def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): >- >- filter = lookup_filter(filter_s, lo) >- if filter is None: >- return [] >- res = [] >- for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): >- res.append(object(co, lo, None, dn, attributes=attrs)) >- return res >- >- >-def identify(dn, attr, canonical=0): >- return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'backup' in attr.get('univentionServerRole', []) >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultDomainControllerMasterGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController'] >+ SAMBA_ACCOUNT_FLAG = 'S' >+ SERVER_TYPE = 'univentionDomainController' >+ SERVER_ROLE = 'backup' >+ >+ >+rewrite = object.rewrite >+lookup_filter = object.lookup_filter >+lookup = object.lookup >+identify = object.identify >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py >index 62de85a..d66e69a 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation = univention.admin.localization.translation('univention.admin.handlers.computers') > _ = translation.translate >@@ -401,292 +392,17 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module = module >- >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open(self) >- self.nagios_open() >- >- self.modifypassword = 0 >- if self.exists(): >- userPassword = self.oldattr.get('userPassword', [''])[0] >- if userPassword: >- self.info['password'] = userPassword >- self.modifypassword = 0 >- >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get('primaryGroup'): >- primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup'] = primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos + 1:] >- >- self.save() >- >- else: >- self.modifypassword = 0 >- if 'posix' in self.options: >- res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerMasterGroup', position=self.position) >- if res: >- self['primaryGroup'] = res >- # self.save() >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- >- def _ldap_addlist(self): >- ocs = ['top', 'person', 'univentionHost', 'univentionDomainController'] >- al = [] >- if 'kerberos' in self.options: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- >- if 'posix' in self.options: >- self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber', self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword = 0 >- if 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- al.append(('univentionServerRole', '', 'master')) >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_create(self) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get('uidNumber'): >- self.uidNum = self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove(self) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain = self.info['domain'] >- else: >- kerberos_domain = domain.getKerberosRealm() >- return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_modify(self) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- elif not self.info['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- else: >- self.modifypassword = 1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify(self) >- >- def _ldap_modlist(self): >- ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid = "%s$" % self['name'] >- try: >- self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) >- return [] >- >- self.alloc.append(('uid', self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup(self) >- >- def cancel(self): >- for i, j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- def link(self): >- result = [] >- if self['ip'] and len(self['ip']) > 0 and self['ip'][0]: >- result = [{'url': 'https://%s/univention-management-console/' % self['ip'][0], 'ipaddr': self['ip'][0], }] >- if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len(self['dnsEntryZoneForward']) > 0: >- zone = univention.admin.uldap.explodeDn(self['dnsEntryZoneForward'][0], 1)[0] >- if not result: >- result = [{'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone)}] >- result[0]['fqdn'] = '%s.%s' % (self['name'], zone) >- if result: >- result[0]['name'] = _('Open Univention Management Console on this computer') >- return result >- return None >- >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable = 'aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >- >- >-def lookup_filter(filter_s=None, lo=None): >- filter_s = univention.admin.filter.replace_fqdn_filter(filter_s) >- if str(filter_s).find('(dnsAlias=') != -1: >- filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) >- if filter_s: >- return lookup_filter(filter_s, lo) >- else: >- return None >- lookup_filter_obj = \ >- univention.admin.filter.conjunction('&', [ >- univention.admin.filter.expression('objectClass', 'univentionHost'), >- univention.admin.filter.expression('objectClass', 'univentionDomainController'), >- univention.admin.filter.expression('univentionServerRole', 'master'), >- ]) >- >- # ATTENTION: has its own rewrite function. >- lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping) >- return lookup_filter_obj >- >- >-def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): >- >- filter = lookup_filter(filter_s, lo) >- if filter is None: >- return [] >- res = [] >- for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): >- res.append(object(co, lo, None, dn, attributes=attrs)) >- return res >- >- >-def identify(dn, attr, canonical=0): >- return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'master' in attr.get('univentionServerRole', []) >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultDomainControllerMasterGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController'] >+ SAMBA_ACCOUNT_FLAG = 'S' >+ SERVER_TYPE = 'univentionDomainController' >+ SERVER_ROLE = 'master' >+ >+ >+rewrite = object.rewrite >+lookup_filter = object.lookup_filter >+lookup = object.lookup >+identify = object.identify >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py >index 1703ff1..e6435df 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation = univention.admin.localization.translation('univention.admin.handlers.computers') > _ = translation.translate >@@ -401,298 +392,17 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module = module >- >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open(self) >- self.nagios_open() >- >- self.modifypassword = 0 >- if self.exists(): >- userPassword = self.oldattr.get('userPassword', [''])[0] >- if userPassword: >- self.info['password'] = userPassword >- self.modifypassword = 0 >- >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get('primaryGroup'): >- primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup'] = primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos + 1:] >- >- self.save() >- >- else: >- self.modifypassword = 0 >- if 'posix' in self.options: >- res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerGroup', position=self.position) >- if res: >- self['primaryGroup'] = res >- # self.save() >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- >- def _ldap_addlist(self): >- ocs = ['top', 'person', 'univentionHost', 'univentionDomainController'] >- al = [] >- if 'kerberos' in self.options: >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- >- if realm: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option('kerberos') >- if 'posix' in self.options: >- self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber', self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword = 0 >- if 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- al.append(('univentionServerRole', '', 'slave')) >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_create(self) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get('uidNumber'): >- self.uidNum = self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove(self) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain = self.info['domain'] >- else: >- kerberos_domain = domain.getKerberosRealm() >- return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_modify(self) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- elif not self.info['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- else: >- self.modifypassword = 1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify(self) >- >- def _ldap_modlist(self): >- ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid = "%s$" % self['name'] >- try: >- self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) >- return [] >- >- self.alloc.append(('uid', self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup(self) >- >- def cancel(self): >- for i, j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- def link(self): >- result = [] >- if self['ip'] and len(self['ip']) > 0 and self['ip'][0]: >- result = [{'url': 'https://%s/univention-management-console/' % self['ip'][0], 'ipaddr': self['ip'][0], }] >- if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len(self['dnsEntryZoneForward']) > 0: >- zone = univention.admin.uldap.explodeDn(self['dnsEntryZoneForward'][0], 1)[0] >- if not result: >- result = [{'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone)}] >- result[0]['fqdn'] = '%s.%s' % (self['name'], zone) >- if result: >- result[0]['name'] = _('Open Univention Management Console on this computer') >- return result >- return None >- >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable = 'aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >- >- >-def lookup_filter(filter_s=None, lo=None): >- filter_s = univention.admin.filter.replace_fqdn_filter(filter_s) >- if str(filter_s).find('(dnsAlias=') != -1: >- filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) >- if filter_s: >- return lookup_filter(filter_s, lo) >- else: >- return None >- lookup_filter_obj = \ >- univention.admin.filter.conjunction('&', [ >- univention.admin.filter.expression('objectClass', 'univentionHost'), >- univention.admin.filter.expression('objectClass', 'univentionDomainController'), >- univention.admin.filter.expression('univentionServerRole', 'slave'), >- ]) >- >- # ATTENTION: has its own rewrite function. >- lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping) >- return lookup_filter_obj >- >- >-def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): >- >- filter = lookup_filter(filter_s, lo) >- if filter is None: >- return [] >- res = [] >- for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): >- res.append(object(co, lo, None, dn, attributes=attrs)) >- return res >- >- >-def identify(dn, attr, canonical=0): >- return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'slave' in attr.get('univentionServerRole', []) >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultDomainControllerGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController'] >+ SAMBA_ACCOUNT_FLAG = 'S' >+ SERVER_TYPE = 'univentionDomainController' >+ SERVER_ROLE = 'slave' >+ >+ >+rewrite = object.rewrite >+lookup_filter = object.lookup_filter >+lookup = object.lookup >+identify = object.identify >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py >index 91b1961..207bb67 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation = univention.admin.localization.translation('univention.admin.handlers.computers') > _ = translation.translate >@@ -340,253 +331,21 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module = module >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultClientGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionLinuxClient'] >+ SAMBA_ACCOUNT_FLAG = 'W' >+ SERVER_TYPE = 'univentionLinuxClient' > >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open(self) >- self.nagios_open() >- >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get('primaryGroup'): >- primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup'] = primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos + 1:] >- >- self.modifypassword = 0 >- if self.exists(): >- userPassword = self.oldattr.get('userPassword', [''])[0] >- if userPassword: >- self.info['password'] = userPassword >- self.modifypassword = 0 >- self.save() >- >- else: >- self.modifypassword = 0 >- if 'posix' in self.options: >- res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultClientGroup', position=self.position) >- if res: >- self['primaryGroup'] = res >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- >- def _ldap_addlist(self): >+ def check_required_options(self): > if not set(self.options) & set(['posix', 'kerberos']): >- raise univention.admin.uexceptions.invalidOptions(_(' At least posix or kerberos is required.')) >- >- ocs = ['top', 'person', 'univentionHost', 'univentionLinuxClient'] >- al = [] >- if 'kerberos' in self.options: >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- >- if realm: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option('kerberos') >- if 'posix' in self.options: >- self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber', self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword = 0 >- if 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_create(self) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get('uidNumber'): >- self.uidNum = self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove(self) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >+ raise univention.admin.uexceptions.invalidOptions(_('At least posix or kerberos is required.')) > >- def krb5_principal(self): >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain = self.info['domain'] >- else: >- kerberos_domain = domain.getKerberosRealm() >- return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm > >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_modify(self) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- elif not self.info['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- else: >- self.modifypassword = 1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify(self) >- >- def _ldap_modlist(self): >- ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid = "%s$" % self['name'] >- try: >- self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) >- return [] >- >- self.alloc.append(('uid', self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup(self) >- >- def cancel(self): >- for i, j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable = 'aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >+del object.link >+rewrite = object.rewrite > > > def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py >index e2c15c4..1c5d753 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation = univention.admin.localization.translation('univention.admin.handlers.computers') > _ = translation.translate >@@ -328,267 +319,31 @@ > mapping = univention.admin.mapping.mapping() > mapping.register('name', 'cn', None, univention.admin.mapping.ListToString) > mapping.register('description', 'description', None, univention.admin.mapping.ListToString) >-mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString) >-mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString) > mapping.register('domain', 'associatedDomain', None, univention.admin.mapping.ListToString) > mapping.register('inventoryNumber', 'univentionInventoryNumber') > mapping.register('mac', 'macAddress') > mapping.register('network', 'univentionNetworkLink', None, univention.admin.mapping.ListToString) > mapping.register('unixhome', 'homeDirectory', None, univention.admin.mapping.ListToString) > mapping.register('shell', 'loginShell', None, univention.admin.mapping.ListToString) >+mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString) >+mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString) > > # add Nagios extension > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > >-# WARNING: do not change class order if there are still super() calls > >- >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module = module >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultClientGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionMacOSClient'] >+ SAMBA_ACCOUNT_FLAG = 'W' >+ SERVER_TYPE = 'univentionMacOSClient' > >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open(self) >- self.nagios_open() >- >- self.modifypassword = 0 >- if self.exists(): >- userPassword = self.oldattr.get('userPassword', [''])[0] >- if userPassword: >- self.info['password'] = userPassword >- self.modifypassword = 0 >- >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get('primaryGroup'): >- primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup'] = primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos + 1:] >- >- self.save() >- >- else: >- self.modifypassword = 0 >- if 'posix' in self.options: >- res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultClientGroup', position=self.position) >- if res: >- self['primaryGroup'] = res >- # self.save() >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- >- def _ldap_addlist(self): >- ocs = ['top', 'person', 'univentionHost', 'univentionMacOSClient'] >- al = [] >- if 'kerberos' in self.options: >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- >- if realm: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option('kerberos') >- if 'posix' in self.options: >- self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber', self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword = 0 >- if 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_create(self) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get('uidNumber'): >- self.uidNum = self.oldattr['uidNumber'][0] > >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove(self) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain = self.info['domain'] >- else: >- kerberos_domain = domain.getKerberosRealm() >- return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_modify(self) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- elif not self.info['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- else: >- self.modifypassword = 1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify(self) >- >- def _ldap_modlist(self): >- ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid = "%s$" % self['name'] >- try: >- self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) >- return [] >- >- self.alloc.append(('uid', self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup(self) >- >- def cancel(self): >- for i, j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable = 'aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >+del object.link >+rewrite = object.rewrite >+identify = object.identify > > > def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py >index 7ff4d1f..d563055 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation = univention.admin.localization.translation('univention.admin.handlers.computers') > _ = translation.translate >@@ -385,9 +376,9 @@ > mapping.register('name', 'cn', None, univention.admin.mapping.ListToString) > mapping.register('description', 'description', None, univention.admin.mapping.ListToString) > mapping.register('domain', 'associatedDomain', None, univention.admin.mapping.ListToString) >-mapping.register('inventoryNumber', 'univentionInventoryNumber') > mapping.register('serverRole', 'univentionServerRole') > mapping.register('mac', 'macAddress') >+mapping.register('inventoryNumber', 'univentionInventoryNumber') > mapping.register('reinstall', 'univentionServerReinstall', None, univention.admin.mapping.ListToString) > mapping.register('instprofile', 'univentionServerInstallationProfile', None, univention.admin.mapping.ListToString) > mapping.register('reinstalloption', 'univentionServerInstallationOption', None, univention.admin.mapping.ListToString) >@@ -402,297 +393,17 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module = module >- >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open(self) >- self.nagios_open() >- >- self.modifypassword = 0 >- >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get('primaryGroup'): >- primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup'] = primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos + 1:] >- >- if self.exists(): >- userPassword = self.oldattr.get('userPassword', [''])[0] >- if userPassword: >- self.info['password'] = userPassword >- self.modifypassword = 0 >- self.save() >- >- else: >- self.modifypassword = 0 >- if 'posix' in self.options: >- res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultMemberserverGroup', position=self.position) >- if res: >- self['primaryGroup'] = res >- # self.save() >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- >- def _ldap_addlist(self): >- ocs = ['top', 'person', 'univentionHost', 'univentionMemberServer'] >- al = [] >- if 'kerberos' in self.options: >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- >- if realm: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option('kerberos') >- if 'posix' in self.options: >- self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber', self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword = 0 >- if 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- al.append(('univentionServerRole', '', 'member')) >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_create(self) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get('uidNumber'): >- self.uidNum = self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove(self) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain = self.info['domain'] >- else: >- kerberos_domain = domain.getKerberosRealm() >- return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_modify(self) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- elif not self.info['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- else: >- self.modifypassword = 1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify(self) >- >- def _ldap_modlist(self): >- ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid = "%s$" % self['name'] >- try: >- self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) >- return [] >- >- self.alloc.append(('uid', self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup(self) >- >- def cancel(self): >- for i, j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- def link(self): >- result = [] >- if self['ip'] and len(self['ip']) > 0 and self['ip'][0]: >- result = [{'url': 'https://%s/univention-management-console/' % self['ip'][0], 'ipaddr': self['ip'][0], }] >- if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len(self['dnsEntryZoneForward']) > 0: >- zone = univention.admin.uldap.explodeDn(self['dnsEntryZoneForward'][0], 1)[0] >- if not result: >- result = [{'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone)}] >- result[0]['fqdn'] = '%s.%s' % (self['name'], zone) >- if result: >- result[0]['name'] = _('Open Univention Management Console on this computer') >- return result >- return None >- >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable = 'aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >- >- >-def lookup_filter(filter_s=None, lo=None): >- filter_s = univention.admin.filter.replace_fqdn_filter(filter_s) >- if str(filter_s).find('(dnsAlias=') != -1: >- filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) >- if filter_s: >- return lookup_filter(filter_s, lo) >- else: >- return None >- lookup_filter_obj = \ >- univention.admin.filter.conjunction('&', [ >- univention.admin.filter.expression('objectClass', 'univentionHost'), >- univention.admin.filter.expression('objectClass', 'univentionMemberServer'), >- ]) >- >- # ATTENTION: has its own rewrite function. >- lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping) >- return lookup_filter_obj >- >- >-def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): >- >- filter = lookup_filter(filter_s, lo) >- if filter is None: >- return [] >- res = [] >- for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): >- res.append(object(co, lo, None, dn, attributes=attrs)) >- return res >- >- >-def identify(dn, attr, canonical=0): >- return 'univentionHost' in attr.get('objectClass', []) and 'univentionMemberServer' in attr.get('objectClass', []) >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultMemberserverGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionMemberServer'] >+ SAMBA_ACCOUNT_FLAG = 'W' >+ SERVER_TYPE = 'univentionMemberServer' >+ SERVER_ROLE = 'member' >+ >+ >+rewrite = object.rewrite >+lookup_filter = object.lookup_filter >+lookup = object.lookup >+identify = object.identify >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py >index e30c3f6..64e915f 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation = univention.admin.localization.translation('univention.admin.handlers.computers') > _ = translation.translate >@@ -340,255 +331,21 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module = module >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultClientGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionUbuntuClient'] >+ SAMBA_ACCOUNT_FLAG = 'W' >+ SERVER_TYPE = 'univentionUbuntuClient' > >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- global options >- univention.admin.handlers.simpleComputer.open(self) >- self.nagios_open() >- >- self.modifypassword = 0 >- >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get('primaryGroup'): >- primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup'] = primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos + 1:] >- >- if self.exists(): >- userPassword = self.oldattr.get('userPassword', [''])[0] >- if userPassword: >- self.info['password'] = userPassword >- self.modifypassword = 0 >- self.save() >- >- else: >- self.modifypassword = 0 >- if 'posix' in self.options: >- res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultClientGroup', position=self.position) >- if res: >- self['primaryGroup'] = res >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- >- def _ldap_addlist(self): >+ def check_required_options(self): > if not set(self.options) & set(['posix', 'kerberos']): >- raise univention.admin.uexceptions.invalidOptions(_(' At least posix or kerberos is required.')) >- >- ocs = ['top', 'person', 'univentionHost', 'univentionUbuntuClient'] >- al = [] >- if 'kerberos' in self.options: >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- >- if realm: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option('kerberos') >- if 'posix' in self.options: >- self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber', self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword = 0 >- if 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_create(self) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get('uidNumber'): >- self.uidNum = self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove(self) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >+ raise univention.admin.uexceptions.invalidOptions(_('At least posix or kerberos is required.')) > >- def krb5_principal(self): >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain = self.info['domain'] >- else: >- kerberos_domain = domain.getKerberosRealm() >- return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm > >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_modify(self) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- elif not self.info['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- else: >- self.modifypassword = 1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify(self) >- >- def _ldap_modlist(self): >- ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid = "%s$" % self['name'] >- try: >- self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) >- return [] >- >- self.alloc.append(('uid', self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup(self) >- >- def cancel(self): >- for i, j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable = 'aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >+del object.link >+rewrite = object.rewrite > > > def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py >index 501243d..e666985 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation = univention.admin.localization.translation('univention.admin.handlers.computers') > _ = translation.translate >@@ -342,277 +333,38 @@ > mapping = univention.admin.mapping.mapping() > mapping.register('name', 'cn', None, univention.admin.mapping.ListToString) > mapping.register('description', 'description', None, univention.admin.mapping.ListToString) >-mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString) >-mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString) > mapping.register('domain', 'associatedDomain', None, univention.admin.mapping.ListToString) > mapping.register('inventoryNumber', 'univentionInventoryNumber') > mapping.register('mac', 'macAddress') > mapping.register('network', 'univentionNetworkLink', None, univention.admin.mapping.ListToString) > mapping.register('unixhome', 'homeDirectory', None, univention.admin.mapping.ListToString) > mapping.register('shell', 'loginShell', None, univention.admin.mapping.ListToString) >+mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString) >+mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString) > > # add Nagios extension > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module = module >- >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open(self) >- self.nagios_open() >- >- self.modifypassword = 0 >- if self.exists(): >- userPassword = self.oldattr.get('userPassword', [''])[0] >- if userPassword: >- self.info['password'] = userPassword >- self.modifypassword = 0 >- >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get('primaryGroup'): >- primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup'] = primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos + 1:] >- >- self.save() >- >- else: >- self.modifypassword = 0 >- if 'posix' in self.options: >- res = univention.admin.config.getDefaultValue(self.lo, 'computerGroup', position=self.position) >- if res: >- self['primaryGroup'] = res >- # self.save() >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- >- def _ldap_addlist(self): >- ocs = ['top', 'person', 'univentionHost', 'univentionWindows'] >- al = [] >- if 'kerberos' in self.options: >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- >- if realm: >- ocs.extend(['krb5Principal', 'krb5KDCEntry']) >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option('kerberos') >- if 'posix' in self.options: >- self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber', self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- ocs.extend(['posixAccount', 'shadowAccount']) >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword = 0 >- if 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- ocs.append('sambaSamAccount') >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- # new since UCS 3.0, old Windows clients don't have this attribute >- al.append(('univentionServerRole', '', 'windows_client')) >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_create(self) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get('uidNumber'): >- self.uidNum = self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove(self) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain = self.info['domain'] >- else: >- kerberos_domain = domain.getKerberosRealm() >- return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_modify(self) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- elif not self.info['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- else: >- self.modifypassword = 1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify(self) >+ mapping = mapping >+ CONFIG_NAME = 'computerGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionWindows'] >+ SAMBA_ACCOUNT_FLAG = 'W' >+ SERVER_TYPE = 'univentionWindows' >+ SERVER_ROLE = 'windows_client' > > def _ldap_modlist(self): >- ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) >- >- self.nagios_ldap_modlist(ml) >- >+ ml = super(object, self)._ldap_modlist() > if self.hasChanged('ntCompatibility') and self['ntCompatibility'] == '1': > self['password'] = self['name'].replace('$', '').lower() > self.modifypassword = 1 >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid = "%s$" % self['name'] >- try: >- self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) >- return [] >- >- self.alloc.append(('uid', self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- ml.insert(0, ('objectClass', '', 'sambaSamAccount')) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- ocs = self.oldattr.get('objectClass', []) >- if 'sambaSamAccount' in ocs: >- ml.insert(0, ('objectClass', 'sambaSamAccount', '')) >- for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- > return ml > >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup(self) >- >- def cancel(self): >- for i, j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) >- univention.admin.allocators.release(self.lo, self.position, i, j) > >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable = 'aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >+del object.link >+rewrite = object.rewrite > > > def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py >index a46469d..1b6ff55 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation = univention.admin.localization.translation('univention.admin.handlers.computers') > _ = translation.translate >@@ -364,254 +355,18 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module = module >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultDomainControllerGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionWindows'] >+ SAMBA_ACCOUNT_FLAG = 'S' >+ SERVER_TYPE = 'univentionWindows' >+ SERVER_ROLE = 'windows_domaincontroller' > >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open(self) >- self.nagios_open() >- >- self.modifypassword = 0 >- if self.exists(): >- userPassword = self.oldattr.get('userPassword', [''])[0] >- if userPassword: >- self.info['password'] = userPassword >- self.modifypassword = 0 >- >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get('primaryGroup'): >- primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup'] = primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup'] = None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos + 1:] >- >- self.save() >- >- else: >- self.modifypassword = 0 >- if 'posix' in self.options: >- res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerGroup', position=self.position) >- if res: >- self['primaryGroup'] = res >- # self.save() >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- >- def _ldap_addlist(self): >- ocs = ['top', 'person', 'univentionHost', 'univentionWindows'] >- al = [] >- if 'kerberos' in self.options: >- >- ocs.extend(['krb5Principal', 'krb5KDCEntry']) >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- >- if 'posix' in self.options: >- self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber', self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- ocs.extend(['posixAccount', 'shadowAccount']) >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword = 0 >- if 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- ocs.append('sambaSamAccount') >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- al.append(('univentionServerRole', '', 'windows_domaincontroller')) >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_create(self) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get('uidNumber'): >- self.uidNum = self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove(self) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain = univention.admin.uldap.domain(self.lo, self.position) >- realm = domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain = self.info['domain'] >- else: >- kerberos_domain = domain.getKerberosRealm() >- return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group(self) >- univention.admin.handlers.simpleComputer.update_groups(self) >- univention.admin.handlers.simpleComputer._ldap_post_modify(self) >- self.nagios_ldap_post_modify() > >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- elif not self.info['password']: >- self['password'] = self.oldattr.get('password', [''])[0] >- self.modifypassword = 0 >- else: >- self.modifypassword = 1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify(self) >- >- def _ldap_modlist(self): >- ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid = "%s$" % self['name'] >- try: >- self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) >- return [] >- >- self.alloc.append(('uid', self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid', self.machineSid)) >- ml.insert(0, ('objectClass', '', 'sambaSamAccount')) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- ocs = self.oldattr.get('objectClass', []) >- if 'sambaSamAccount' in ocs: >- ml.insert(0, ('objectClass', 'sambaSamAccount', '')) >- for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup(self) >- >- def cancel(self): >- for i, j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable = 'aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >+rewrite = object.rewrite >+identify = object.identify > > > def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): >@@ -637,7 +392,3 @@ def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=Fa > for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): > res.append(object(co, lo, None, dn, attributes=attrs)) > return res >- >- >-def identify(dn, attr, canonical=0): >- return 'univentionHost' in attr.get('objectClass', []) and 'univentionWindows' in attr.get('objectClass', []) and 'windows_domaincontroller' in attr.get('univentionServerRole', [])
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Actions:
View
|
Diff
Attachments on
bug 41659
:
7781
| 8993