|
|
|---|
| 35 |
|
35 |
|
| 36 |
import sys |
36 |
import sys |
| 37 |
import time |
37 |
import time |
|
|
38 |
import ldap |
| 38 |
from optparse import OptionParser |
39 |
from optparse import OptionParser |
| 39 |
import univention.debug as ud |
40 |
import univention.debug as ud |
| 40 |
ud.init('/var/log/univention/directory-manager-cmd.log', ud.FLUSH, ud.FUNCTION) |
41 |
ud.init('/var/log/univention/directory-manager-cmd.log', ud.FLUSH, ud.FUNCTION) |
|
|
|---|
| 69 |
''' # FIXME: OptionParser reformats this |
70 |
''' # FIXME: OptionParser reformats this |
| 70 |
global parser |
71 |
global parser |
| 71 |
parser = OptionParser(usage=usage, description=description) |
72 |
parser = OptionParser(usage=usage, description=description) |
| 72 |
parser.add_option('--ignore-missing-zone', |
73 |
parser.add_option( |
| 73 |
action='store_true', dest='ignore_missing_zone', |
74 |
'--ignore-missing-zone', |
| 74 |
help='Skip if zone does not exist') |
75 |
action='store_true', dest='ignore_missing_zone', |
| 75 |
parser.add_option('--ignore-exists', |
76 |
help='Skip if zone does not exist') |
| 76 |
action='store_true', dest='ignore_exists', |
77 |
parser.add_option( |
| 77 |
help='Skip if entry already exists') |
78 |
'--ignore-exists', |
| 78 |
parser.add_option('--quiet', |
79 |
action='store_true', dest='ignore_exists', |
| 79 |
action='store_true', dest='quiet', |
80 |
help='Skip if entry already exists') |
| 80 |
help='Turn off verbose messages') # not implemented |
81 |
parser.add_option( |
| 81 |
parser.add_option('--reverse', |
82 |
'--quiet', |
| 82 |
action='store_true', dest='reverse', |
83 |
action='store_true', dest='quiet', |
| 83 |
help='Modify revers zone instead of forward zone') |
84 |
help='Turn off verbose messages') # not implemented |
| 84 |
parser.add_option('--overwrite', |
85 |
parser.add_option( |
| 85 |
action='store_true', dest='overwrite', |
86 |
'--reverse', |
| 86 |
help='Overwrite exising record') |
87 |
action='store_true', dest='reverse', |
| 87 |
parser.add_option('--stoptls', |
88 |
help='Modify revers zone instead of forward zone') |
| 88 |
action='store_true', dest='stoptls', |
89 |
parser.add_option( |
| 89 |
help='Disable TLS') |
90 |
'--overwrite', |
| 90 |
parser.add_option('--binddn', |
91 |
action='store_true', dest='overwrite', |
| 91 |
action='store', dest='binddn', |
92 |
help='Overwrite exising record') |
| 92 |
help='bind DN') |
93 |
parser.add_option( |
| 93 |
parser.add_option('--bindpwd', |
94 |
'--stoptls', |
| 94 |
action='store', dest='bindpwd', |
95 |
action='store_true', dest='stoptls', |
| 95 |
help='bind password') |
96 |
help='Disable TLS') |
|
|
97 |
parser.add_option( |
| 98 |
'--binddn', |
| 99 |
action='store', dest='binddn', |
| 100 |
help='bind DN') |
| 101 |
parser.add_option( |
| 102 |
'--bindpwd', |
| 103 |
action='store', dest='bindpwd', |
| 104 |
help='bind password') |
| 96 |
|
105 |
|
| 97 |
options, arguments = parser.parse_args() |
106 |
options, arguments = parser.parse_args() |
| 98 |
msg = None |
107 |
msg = None |
|
|
|---|
| 118 |
ucr.load() |
127 |
ucr.load() |
| 119 |
timeout = time.time() + 120 # 2 minutes from now |
128 |
timeout = time.time() + 120 # 2 minutes from now |
| 120 |
if time.time() > timeout: |
129 |
if time.time() > timeout: |
| 121 |
err = '%s: LDAP server %s unreachable, aborting' % \ |
130 |
err = '%s: LDAP server %s unreachable, aborting' % (sys.argv[0], ucr['ldap/master']) |
| 122 |
(sys.argv[0], ucr['ldap/master']) |
|
|
| 123 |
ud.debug(ud.ADMIN, ud.WARN, err) |
131 |
ud.debug(ud.ADMIN, ud.WARN, err) |
| 124 |
print >> sys.stderr, err |
132 |
print >> sys.stderr, err |
| 125 |
sys.exit(1) |
133 |
sys.exit(1) |
| 126 |
if options.stoptls: |
134 |
|
| 127 |
start_tls = 0 |
135 |
start_tls = 0 if options.stoptls else 2 |
| 128 |
else: |
|
|
| 129 |
start_tls = 2 |
| 130 |
try: |
136 |
try: |
| 131 |
if options.binddn and options.bindpwd: |
137 |
if options.binddn and options.bindpwd: |
| 132 |
lo = uldap.access( |
138 |
lo = uldap.access( |
|
|
|---|
| 145 |
ud.debug(ud.ADMIN, ud.WARN, msg) |
151 |
ud.debug(ud.ADMIN, ud.WARN, msg) |
| 146 |
print >> sys.stderr, msg |
152 |
print >> sys.stderr, msg |
| 147 |
sys.exit(1) |
153 |
sys.exit(1) |
| 148 |
except (univention.admin.uexceptions.ldapError, |
154 |
except (univention.admin.uexceptions.ldapError, ldap.LDAPError): |
| 149 |
uldap.ldap.LDAPError): |
155 |
msg = '%s: timeout while trying to contact LDAP server %s' % (sys.argv[0], ucr['ldap/master']) |
| 150 |
msg = '%s: timeout while trying to contact LDAP server %s' % \ |
|
|
| 151 |
(sys.argv[0], ucr['ldap/master']) |
| 152 |
ud.debug(ud.ADMIN, ud.WARN, msg) |
156 |
ud.debug(ud.ADMIN, ud.WARN, msg) |
| 153 |
print >> sys.stderr, msg |
157 |
print >> sys.stderr, msg |
| 154 |
time.sleep(10) |
158 |
time.sleep(10) |
| 155 |
return bind() # recursion |
159 |
return bind(timeout) # recursion |
| 156 |
|
160 |
|
| 157 |
|
161 |
|
| 158 |
def lookup_zone(zone_name): |
162 |
def lookup_zone(zone_name): |
| 159 |
"""Lookup zone and return UDM object.""" |
163 |
"""Lookup zone and return UDM object.""" |
| 160 |
if not options.reverse: |
164 |
if not options.reverse: |
| 161 |
zones = forward_zone.lookup(co, lo, '(zone=%s)' % (zone_name,), |
165 |
zones = forward_zone.lookup(co, lo, '(zone=%s)' % (zone_name,), scope='domain', base=position.getDomain(), unique=True) |
| 162 |
scope='domain', base=position.getDomain(), unique=True) |
|
|
| 163 |
else: |
166 |
else: |
| 164 |
zones = reverse_zone.lookup(co, lo, '(subnet=%s)' % (zone_name,), |
167 |
zones = reverse_zone.lookup(co, lo, '(subnet=%s)' % (zone_name,), scope='domain', base=position.getDomain(), unique=True) |
| 165 |
scope='domain', base=position.getDomain(), unique=True) |
|
|
| 166 |
if not zones: |
168 |
if not zones: |
| 167 |
if options.ignore_missing_zone: |
169 |
if options.ignore_missing_zone: |
| 168 |
sys.exit(0) |
170 |
sys.exit(0) |
|
Lines 178-185
def add_srv_record(service, protocol, priority, weight, port, host):
|
Link Here
|
|---|
|
|---|
| 178 |
location = [priority, weight, port, host] |
180 |
location = [priority, weight, port, host] |
| 179 |
filt = univention.admin.filter.expression('name', name) |
181 |
filt = univention.admin.filter.expression('name', name) |
| 180 |
|
182 |
|
| 181 |
records = srv_record.lookup(co, lo, filt, scope='domain', |
183 |
records = srv_record.lookup(co, lo, filt, scope='domain', base=position.getDomain(), superordinate=zone, unique=True) |
| 182 |
base=position.getDomain(), superordinate=zone, unique=True) |
|
|
| 183 |
if records: |
184 |
if records: |
| 184 |
record = records[0] |
185 |
record = records[0] |
| 185 |
else: |
186 |
else: |
|
Lines 204-211
def remove_srv_record(service, protocol, priority, weight, port, host):
|
Link Here
|
|---|
|
|---|
| 204 |
location = [priority, weight, port, host] |
205 |
location = [priority, weight, port, host] |
| 205 |
filt = univention.admin.filter.expression('name', name) |
206 |
filt = univention.admin.filter.expression('name', name) |
| 206 |
|
207 |
|
| 207 |
records = srv_record.lookup(co, lo, filt, scope='domain', |
208 |
records = srv_record.lookup(co, lo, filt, scope='domain', base=position.getDomain(), superordinate=zone, unique=True) |
| 208 |
base=position.getDomain(), superordinate=zone, unique=True) |
|
|
| 209 |
if records: |
209 |
if records: |
| 210 |
record = records[0] |
210 |
record = records[0] |
| 211 |
else: |
211 |
else: |
|
Lines 225-232
def remove_srv_record(service, protocol, priority, weight, port, host):
|
Link Here
|
|---|
|
|---|
| 225 |
def add_txt_record(name, text): |
225 |
def add_txt_record(name, text): |
| 226 |
"""Add DNS text record.""" |
226 |
"""Add DNS text record.""" |
| 227 |
filt = univention.admin.filter.expression('name', name) |
227 |
filt = univention.admin.filter.expression('name', name) |
| 228 |
records = txt_record.lookup(co, lo, filt, scope='domain', |
228 |
records = txt_record.lookup(co, lo, filt, scope='domain', base=position.getDomain(), superordinate=zone, unique=True) |
| 229 |
base=position.getDomain(), superordinate=zone, unique=True) |
|
|
| 230 |
if records: |
229 |
if records: |
| 231 |
record = records[0] |
230 |
record = records[0] |
| 232 |
else: |
231 |
else: |
|
Lines 249-256
def add_txt_record(name, text):
|
Link Here
|
|---|
|
|---|
| 249 |
def add_a_record(name, *adresses): |
248 |
def add_a_record(name, *adresses): |
| 250 |
"""Add DNS IPv4 address records.""" |
249 |
"""Add DNS IPv4 address records.""" |
| 251 |
filt = univention.admin.filter.expression('name', name) |
250 |
filt = univention.admin.filter.expression('name', name) |
| 252 |
records = host_record.lookup(co, lo, filt, scope='domain', |
251 |
records = host_record.lookup(co, lo, filt, scope='domain', base=position.getDomain(), superordinate=zone, unique=True) |
| 253 |
base=position.getDomain(), superordinate=zone, unique=True) |
|
|
| 254 |
if records: |
252 |
if records: |
| 255 |
record = records[0] |
253 |
record = records[0] |
| 256 |
else: |
254 |
else: |
|
Lines 273-280
def add_a_record(name, *adresses):
|
Link Here
|
|---|
|
|---|
| 273 |
def add_cname_record(name, cname): |
271 |
def add_cname_record(name, cname): |
| 274 |
"""Add DNS canonical name record.""" |
272 |
"""Add DNS canonical name record.""" |
| 275 |
filt = univention.admin.filter.expression('name', name) |
273 |
filt = univention.admin.filter.expression('name', name) |
| 276 |
records = alias.lookup(co, lo, filt, scope='domain', |
274 |
records = alias.lookup(co, lo, filt, scope='domain', base=position.getDomain(), superordinate=zone, unique=True) |
| 277 |
base=position.getDomain(), superordinate=zone, unique=True) |
|
|
| 278 |
if records: |
275 |
if records: |
| 279 |
record = records[0] |
276 |
record = records[0] |
| 280 |
else: |
277 |
else: |
|
Lines 282-289
def add_cname_record(name, cname):
|
Link Here
|
|---|
|
|---|
| 282 |
record['name'] = name |
279 |
record['name'] = name |
| 283 |
record['zonettl'] = ['80600'] |
280 |
record['zonettl'] = ['80600'] |
| 284 |
|
281 |
|
| 285 |
if record['cname'] and not (record['cname'] == cname or |
282 |
if record['cname'] and not (record['cname'] == cname or options.overwrite or options.ignore_exists): |
| 286 |
options.overwrite or options.ignore_exists): |
|
|
| 287 |
print >> sys.stderr, 'E: Record exists and points to different address' |
283 |
print >> sys.stderr, 'E: Record exists and points to different address' |
| 288 |
sys.exit(1) |
284 |
sys.exit(1) |
| 289 |
if record['cname'] == cname: |
285 |
if record['cname'] == cname: |
|
Lines 299-314
def add_cname_record(name, cname):
|
Link Here
|
|---|
|
|---|
| 299 |
def add_ptr_record(address, ptr): |
295 |
def add_ptr_record(address, ptr): |
| 300 |
"""Add DNS pointer record.""" |
296 |
"""Add DNS pointer record.""" |
| 301 |
filt = univention.admin.filter.expression('address', address) |
297 |
filt = univention.admin.filter.expression('address', address) |
| 302 |
records = ptr_record.lookup(co, lo, filt, scope='domain', |
298 |
records = ptr_record.lookup(co, lo, filt, scope='domain', base=position.getDomain(), superordinate=zone, unique=True) |
| 303 |
base=position.getDomain(), superordinate=zone, unique=True) |
|
|
| 304 |
if records: |
299 |
if records: |
| 305 |
record = records[0] |
300 |
record = records[0] |
| 306 |
else: |
301 |
else: |
| 307 |
record = ptr_record.object(co, lo, position, superordinate=zone) |
302 |
record = ptr_record.object(co, lo, position, superordinate=zone) |
| 308 |
record['address'] = address |
303 |
record['address'] = address |
| 309 |
|
304 |
|
| 310 |
if record['ptr_record'] and not (record['ptr_record'] == ptr or ptr in record['ptr_record'] or |
305 |
if record['ptr_record'] and not (record['ptr_record'] == ptr or ptr in record['ptr_record'] or options.overwrite): |
| 311 |
options.overwrite): |
|
|
| 312 |
print >> sys.stderr, 'E: Record exists and points to different address' |
306 |
print >> sys.stderr, 'E: Record exists and points to different address' |
| 313 |
sys.exit(1) |
307 |
sys.exit(1) |
| 314 |
if record['ptr_record'] == ptr: |
308 |
if record['ptr_record'] == ptr: |
|
|
|---|
| 391 |
print >> sys.stderr, 'E: Object "%s" exists' % (ex,) |
385 |
print >> sys.stderr, 'E: Object "%s" exists' % (ex,) |
| 392 |
raise |
386 |
raise |
| 393 |
sys.exit(1) |
387 |
sys.exit(1) |
| 394 |
except (ValueError, TypeError, |
388 |
except (ValueError, TypeError, univention.admin.uexceptions.valueInvalidSyntax, univention.admin.uexceptions.valueRequired) as ex: |
| 395 |
univention.admin.uexceptions.valueInvalidSyntax, |
|
|
| 396 |
univention.admin.uexceptions.valueRequired) as ex: |
| 397 |
print >> sys.stderr, 'E: failed %s' % (ex,) |
389 |
print >> sys.stderr, 'E: failed %s' % (ex,) |
| 398 |
raise |
390 |
raise |
| 399 |
sys.exit(1) |
391 |
sys.exit(1) |