|
35 |
|
35 |
|
36 |
import sys |
36 |
import sys |
37 |
import time |
37 |
import time |
|
|
38 |
import ldap |
38 |
from optparse import OptionParser |
39 |
from optparse import OptionParser |
39 |
import univention.debug as ud |
40 |
import univention.debug as ud |
40 |
ud.init('/var/log/univention/directory-manager-cmd.log', ud.FLUSH, ud.FUNCTION) |
41 |
ud.init('/var/log/univention/directory-manager-cmd.log', ud.FLUSH, ud.FUNCTION) |
|
69 |
''' # FIXME: OptionParser reformats this |
70 |
''' # FIXME: OptionParser reformats this |
70 |
global parser |
71 |
global parser |
71 |
parser = OptionParser(usage=usage, description=description) |
72 |
parser = OptionParser(usage=usage, description=description) |
72 |
parser.add_option('--ignore-missing-zone', |
73 |
parser.add_option( |
73 |
action='store_true', dest='ignore_missing_zone', |
74 |
'--ignore-missing-zone', |
74 |
help='Skip if zone does not exist') |
75 |
action='store_true', dest='ignore_missing_zone', |
75 |
parser.add_option('--ignore-exists', |
76 |
help='Skip if zone does not exist') |
76 |
action='store_true', dest='ignore_exists', |
77 |
parser.add_option( |
77 |
help='Skip if entry already exists') |
78 |
'--ignore-exists', |
78 |
parser.add_option('--quiet', |
79 |
action='store_true', dest='ignore_exists', |
79 |
action='store_true', dest='quiet', |
80 |
help='Skip if entry already exists') |
80 |
help='Turn off verbose messages') # not implemented |
81 |
parser.add_option( |
81 |
parser.add_option('--reverse', |
82 |
'--quiet', |
82 |
action='store_true', dest='reverse', |
83 |
action='store_true', dest='quiet', |
83 |
help='Modify revers zone instead of forward zone') |
84 |
help='Turn off verbose messages') # not implemented |
84 |
parser.add_option('--overwrite', |
85 |
parser.add_option( |
85 |
action='store_true', dest='overwrite', |
86 |
'--reverse', |
86 |
help='Overwrite exising record') |
87 |
action='store_true', dest='reverse', |
87 |
parser.add_option('--stoptls', |
88 |
help='Modify revers zone instead of forward zone') |
88 |
action='store_true', dest='stoptls', |
89 |
parser.add_option( |
89 |
help='Disable TLS') |
90 |
'--overwrite', |
90 |
parser.add_option('--binddn', |
91 |
action='store_true', dest='overwrite', |
91 |
action='store', dest='binddn', |
92 |
help='Overwrite exising record') |
92 |
help='bind DN') |
93 |
parser.add_option( |
93 |
parser.add_option('--bindpwd', |
94 |
'--stoptls', |
94 |
action='store', dest='bindpwd', |
95 |
action='store_true', dest='stoptls', |
95 |
help='bind password') |
96 |
help='Disable TLS') |
|
|
97 |
parser.add_option( |
98 |
'--binddn', |
99 |
action='store', dest='binddn', |
100 |
help='bind DN') |
101 |
parser.add_option( |
102 |
'--bindpwd', |
103 |
action='store', dest='bindpwd', |
104 |
help='bind password') |
96 |
|
105 |
|
97 |
options, arguments = parser.parse_args() |
106 |
options, arguments = parser.parse_args() |
98 |
msg = None |
107 |
msg = None |
|
118 |
ucr.load() |
127 |
ucr.load() |
119 |
timeout = time.time() + 120 # 2 minutes from now |
128 |
timeout = time.time() + 120 # 2 minutes from now |
120 |
if time.time() > timeout: |
129 |
if time.time() > timeout: |
121 |
err = '%s: LDAP server %s unreachable, aborting' % \ |
130 |
err = '%s: LDAP server %s unreachable, aborting' % (sys.argv[0], ucr['ldap/master']) |
122 |
(sys.argv[0], ucr['ldap/master']) |
|
|
123 |
ud.debug(ud.ADMIN, ud.WARN, err) |
131 |
ud.debug(ud.ADMIN, ud.WARN, err) |
124 |
print >> sys.stderr, err |
132 |
print >> sys.stderr, err |
125 |
sys.exit(1) |
133 |
sys.exit(1) |
126 |
if options.stoptls: |
134 |
|
127 |
start_tls = 0 |
135 |
start_tls = 0 if options.stoptls else 2 |
128 |
else: |
|
|
129 |
start_tls = 2 |
130 |
try: |
136 |
try: |
131 |
if options.binddn and options.bindpwd: |
137 |
if options.binddn and options.bindpwd: |
132 |
lo = uldap.access( |
138 |
lo = uldap.access( |
|
145 |
ud.debug(ud.ADMIN, ud.WARN, msg) |
151 |
ud.debug(ud.ADMIN, ud.WARN, msg) |
146 |
print >> sys.stderr, msg |
152 |
print >> sys.stderr, msg |
147 |
sys.exit(1) |
153 |
sys.exit(1) |
148 |
except (univention.admin.uexceptions.ldapError, |
154 |
except (univention.admin.uexceptions.ldapError, ldap.LDAPError): |
149 |
uldap.ldap.LDAPError): |
155 |
msg = '%s: timeout while trying to contact LDAP server %s' % (sys.argv[0], ucr['ldap/master']) |
150 |
msg = '%s: timeout while trying to contact LDAP server %s' % \ |
|
|
151 |
(sys.argv[0], ucr['ldap/master']) |
152 |
ud.debug(ud.ADMIN, ud.WARN, msg) |
156 |
ud.debug(ud.ADMIN, ud.WARN, msg) |
153 |
print >> sys.stderr, msg |
157 |
print >> sys.stderr, msg |
154 |
time.sleep(10) |
158 |
time.sleep(10) |
155 |
return bind() # recursion |
159 |
return bind(timeout) # recursion |
156 |
|
160 |
|
157 |
|
161 |
|
158 |
def lookup_zone(zone_name): |
162 |
def lookup_zone(zone_name): |
159 |
"""Lookup zone and return UDM object.""" |
163 |
"""Lookup zone and return UDM object.""" |
160 |
if not options.reverse: |
164 |
if not options.reverse: |
161 |
zones = forward_zone.lookup(co, lo, '(zone=%s)' % (zone_name,), |
165 |
zones = forward_zone.lookup(co, lo, '(zone=%s)' % (zone_name,), scope='domain', base=position.getDomain(), unique=True) |
162 |
scope='domain', base=position.getDomain(), unique=True) |
|
|
163 |
else: |
166 |
else: |
164 |
zones = reverse_zone.lookup(co, lo, '(subnet=%s)' % (zone_name,), |
167 |
zones = reverse_zone.lookup(co, lo, '(subnet=%s)' % (zone_name,), scope='domain', base=position.getDomain(), unique=True) |
165 |
scope='domain', base=position.getDomain(), unique=True) |
|
|
166 |
if not zones: |
168 |
if not zones: |
167 |
if options.ignore_missing_zone: |
169 |
if options.ignore_missing_zone: |
168 |
sys.exit(0) |
170 |
sys.exit(0) |
Lines 178-185
def add_srv_record(service, protocol, priority, weight, port, host):
|
Link Here
|
---|
|
178 |
location = [priority, weight, port, host] |
180 |
location = [priority, weight, port, host] |
179 |
filt = univention.admin.filter.expression('name', name) |
181 |
filt = univention.admin.filter.expression('name', name) |
180 |
|
182 |
|
181 |
records = srv_record.lookup(co, lo, filt, scope='domain', |
183 |
records = srv_record.lookup(co, lo, filt, scope='domain', base=position.getDomain(), superordinate=zone, unique=True) |
182 |
base=position.getDomain(), superordinate=zone, unique=True) |
|
|
183 |
if records: |
184 |
if records: |
184 |
record = records[0] |
185 |
record = records[0] |
185 |
else: |
186 |
else: |
Lines 204-211
def remove_srv_record(service, protocol, priority, weight, port, host):
|
Link Here
|
---|
|
204 |
location = [priority, weight, port, host] |
205 |
location = [priority, weight, port, host] |
205 |
filt = univention.admin.filter.expression('name', name) |
206 |
filt = univention.admin.filter.expression('name', name) |
206 |
|
207 |
|
207 |
records = srv_record.lookup(co, lo, filt, scope='domain', |
208 |
records = srv_record.lookup(co, lo, filt, scope='domain', base=position.getDomain(), superordinate=zone, unique=True) |
208 |
base=position.getDomain(), superordinate=zone, unique=True) |
|
|
209 |
if records: |
209 |
if records: |
210 |
record = records[0] |
210 |
record = records[0] |
211 |
else: |
211 |
else: |
Lines 225-232
def remove_srv_record(service, protocol, priority, weight, port, host):
|
Link Here
|
---|
|
225 |
def add_txt_record(name, text): |
225 |
def add_txt_record(name, text): |
226 |
"""Add DNS text record.""" |
226 |
"""Add DNS text record.""" |
227 |
filt = univention.admin.filter.expression('name', name) |
227 |
filt = univention.admin.filter.expression('name', name) |
228 |
records = txt_record.lookup(co, lo, filt, scope='domain', |
228 |
records = txt_record.lookup(co, lo, filt, scope='domain', base=position.getDomain(), superordinate=zone, unique=True) |
229 |
base=position.getDomain(), superordinate=zone, unique=True) |
|
|
230 |
if records: |
229 |
if records: |
231 |
record = records[0] |
230 |
record = records[0] |
232 |
else: |
231 |
else: |
Lines 249-256
def add_txt_record(name, text):
|
Link Here
|
---|
|
249 |
def add_a_record(name, *adresses): |
248 |
def add_a_record(name, *adresses): |
250 |
"""Add DNS IPv4 address records.""" |
249 |
"""Add DNS IPv4 address records.""" |
251 |
filt = univention.admin.filter.expression('name', name) |
250 |
filt = univention.admin.filter.expression('name', name) |
252 |
records = host_record.lookup(co, lo, filt, scope='domain', |
251 |
records = host_record.lookup(co, lo, filt, scope='domain', base=position.getDomain(), superordinate=zone, unique=True) |
253 |
base=position.getDomain(), superordinate=zone, unique=True) |
|
|
254 |
if records: |
252 |
if records: |
255 |
record = records[0] |
253 |
record = records[0] |
256 |
else: |
254 |
else: |
Lines 273-280
def add_a_record(name, *adresses):
|
Link Here
|
---|
|
273 |
def add_cname_record(name, cname): |
271 |
def add_cname_record(name, cname): |
274 |
"""Add DNS canonical name record.""" |
272 |
"""Add DNS canonical name record.""" |
275 |
filt = univention.admin.filter.expression('name', name) |
273 |
filt = univention.admin.filter.expression('name', name) |
276 |
records = alias.lookup(co, lo, filt, scope='domain', |
274 |
records = alias.lookup(co, lo, filt, scope='domain', base=position.getDomain(), superordinate=zone, unique=True) |
277 |
base=position.getDomain(), superordinate=zone, unique=True) |
|
|
278 |
if records: |
275 |
if records: |
279 |
record = records[0] |
276 |
record = records[0] |
280 |
else: |
277 |
else: |
Lines 282-289
def add_cname_record(name, cname):
|
Link Here
|
---|
|
282 |
record['name'] = name |
279 |
record['name'] = name |
283 |
record['zonettl'] = ['80600'] |
280 |
record['zonettl'] = ['80600'] |
284 |
|
281 |
|
285 |
if record['cname'] and not (record['cname'] == cname or |
282 |
if record['cname'] and not (record['cname'] == cname or options.overwrite or options.ignore_exists): |
286 |
options.overwrite or options.ignore_exists): |
|
|
287 |
print >> sys.stderr, 'E: Record exists and points to different address' |
283 |
print >> sys.stderr, 'E: Record exists and points to different address' |
288 |
sys.exit(1) |
284 |
sys.exit(1) |
289 |
if record['cname'] == cname: |
285 |
if record['cname'] == cname: |
Lines 299-314
def add_cname_record(name, cname):
|
Link Here
|
---|
|
299 |
def add_ptr_record(address, ptr): |
295 |
def add_ptr_record(address, ptr): |
300 |
"""Add DNS pointer record.""" |
296 |
"""Add DNS pointer record.""" |
301 |
filt = univention.admin.filter.expression('address', address) |
297 |
filt = univention.admin.filter.expression('address', address) |
302 |
records = ptr_record.lookup(co, lo, filt, scope='domain', |
298 |
records = ptr_record.lookup(co, lo, filt, scope='domain', base=position.getDomain(), superordinate=zone, unique=True) |
303 |
base=position.getDomain(), superordinate=zone, unique=True) |
|
|
304 |
if records: |
299 |
if records: |
305 |
record = records[0] |
300 |
record = records[0] |
306 |
else: |
301 |
else: |
307 |
record = ptr_record.object(co, lo, position, superordinate=zone) |
302 |
record = ptr_record.object(co, lo, position, superordinate=zone) |
308 |
record['address'] = address |
303 |
record['address'] = address |
309 |
|
304 |
|
310 |
if record['ptr_record'] and not (record['ptr_record'] == ptr or ptr in record['ptr_record'] or |
305 |
if record['ptr_record'] and not (record['ptr_record'] == ptr or ptr in record['ptr_record'] or options.overwrite): |
311 |
options.overwrite): |
|
|
312 |
print >> sys.stderr, 'E: Record exists and points to different address' |
306 |
print >> sys.stderr, 'E: Record exists and points to different address' |
313 |
sys.exit(1) |
307 |
sys.exit(1) |
314 |
if record['ptr_record'] == ptr: |
308 |
if record['ptr_record'] == ptr: |
|
391 |
print >> sys.stderr, 'E: Object "%s" exists' % (ex,) |
385 |
print >> sys.stderr, 'E: Object "%s" exists' % (ex,) |
392 |
raise |
386 |
raise |
393 |
sys.exit(1) |
387 |
sys.exit(1) |
394 |
except (ValueError, TypeError, |
388 |
except (ValueError, TypeError, univention.admin.uexceptions.valueInvalidSyntax, univention.admin.uexceptions.valueRequired) as ex: |
395 |
univention.admin.uexceptions.valueInvalidSyntax, |
|
|
396 |
univention.admin.uexceptions.valueRequired) as ex: |
397 |
print >> sys.stderr, 'E: failed %s' % (ex,) |
389 |
print >> sys.stderr, 'E: failed %s' % (ex,) |
398 |
raise |
390 |
raise |
399 |
sys.exit(1) |
391 |
sys.exit(1) |