Univention Bugzilla – Attachment 7781 Details for
Bug 41659
unify computers/* code
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
41659.patch (text/plain), 144.37 KB, created by
Florian Best
on 2016-07-01 00:27 CEST
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Florian Best
Created:
2016-07-01 00:27 CEST
Size:
144.37 KB
patch
obsolete
>commit 22e3c4f80e86eac1d776d7de49375aec9dfc14fe >Author: Florian Best <best@univention.de> >Date: Fri Jul 1 00:25:51 2016 +0200 > > Bug #41659: introduce new file with python-support during upgrade > >diff --git a/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst b/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst >index efa1cb1..b070e6c 100644 >--- a/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst >+++ b/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst >@@ -32,6 +32,10 @@ > > #DEBHELPER# > >+if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 11.0.3-26; then >+ ln -s /usr/share/pyshared/univention/admin/handlers/computers/base.py /usr/lib/pymodules/python2.7/univention/admin/handlers/computers/base.py >+fi >+ > if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 10.0.29-53; then > ln -s /usr/share/pyshared/univention/admin/policy.py /usr/lib/pymodules/python2.7/univention/admin/policy.py > fi > >commit 8f67efe732886844b4a751be8a2d73e3091fff80 >Author: Florian Best <best@univention.de> >Date: Fri Jul 1 00:10:58 2016 +0200 > > Bug #41659: unify computers/* code > >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/base.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/base.py >new file mode 100644 >index 0000000..de2f6e3 >--- /dev/null >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/base.py >@@ -0,0 +1,358 @@ >+# -*- coding: utf-8 -*- >+# >+# Univention Admin Modules >+# admin module for generic computer objects >+# >+# Copyright 2016 Univention GmbH >+# >+# http://www.univention.de/ >+# >+# All rights reserved. >+# >+# The source code of this program is made available >+# under the terms of the GNU Affero General Public License version 3 >+# (GNU AGPL V3) as published by the Free Software Foundation. >+# >+# Binary versions of this program provided by Univention to you as >+# well as other copyrighted, protected or trademarked materials like >+# Logos, graphics, fonts, specific documentations and configurations, >+# cryptographic keys etc. are subject to a license agreement between >+# you and Univention and not subject to the GNU AGPL V3. >+# >+# In the case you use this program under the terms of the GNU AGPL V3, >+# the program is provided in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU Affero General Public License for more details. >+# >+# You should have received a copy of the GNU Affero General Public >+# License with the Debian GNU/Linux or Univention distribution in file >+# /usr/share/common-licenses/AGPL-3; if not, see >+# <http://www.gnu.org/licenses/>. >+ >+import time >+from ldap.filter import filter_format >+ >+import univention.admin.filter >+import univention.admin.handlers >+import univention.admin.password >+import univention.admin.allocators >+import univention.admin.localization >+import univention.admin.uldap >+import univention.admin.nagios as nagios >+import univention.admin.handlers.groups.group >+ >+translation=univention.admin.localization.translation('univention.admin.handlers.computers') >+_=translation.translate >+ >+ >+class computerBase(univention.admin.handlers.simpleComputer, nagios.Support): >+ CONFIG_NAME = None >+ SERVER_ROLE = None >+ SERVER_TYPE = None >+ SAMBA_ACCOUNT_FLAG = None >+ DEFAULT_OCS = [] >+ def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ): >+ univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >+ nagios.Support.__init__(self) >+ >+ def open(self): >+ univention.admin.handlers.simpleComputer.open( self ) >+ self.nagios_open() >+ >+ if self.exists(): >+ if 'posix' in self.options and not self.info.get( 'primaryGroup' ): >+ primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0] >+ univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >+ if primaryGroupNumber: >+ primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >+ if primaryGroupResult: >+ self['primaryGroup']=primaryGroupResult[0] >+ univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >+ else: >+ self['primaryGroup']=None >+ self.save() >+ raise univention.admin.uexceptions.primaryGroup >+ else: >+ self['primaryGroup']=None >+ self.save() >+ raise univention.admin.uexceptions.primaryGroup >+ if 'samba' in self.options: >+ sid = self.oldattr.get('sambaSID', [''])[0] >+ pos = sid.rfind('-') >+ self.info['sambaRID'] = sid[pos+1:] >+ >+ self.modifypassword=0 >+ if self.exists(): >+ userPassword=self.oldattr.get('userPassword',[''])[0] >+ if userPassword: >+ self.info['password']=userPassword >+ self.modifypassword=0 >+ self.save() >+ else: >+ self.modifypassword=0 >+ if 'posix' in self.options: >+ res=univention.admin.config.getDefaultValue(self.lo, self.CONFIG_NAME, position=self.position) >+ if res: >+ self['primaryGroup']=res >+ >+ def _ldap_pre_create(self): >+ super(object, self)._ldap_pre_create() >+ if not self['password']: >+ self['password']=self.oldattr.get('password',[''])[0] >+ self.modifypassword=0 >+ >+ def _ldap_addlist(self): >+ self.check_required_options() >+ ocs=list(self.DEFAULT_OCS) >+ al=[] >+ if 'kerberos' in self.options: >+ domain=univention.admin.uldap.domain(self.lo, self.position) >+ realm=domain.getKerberosRealm() >+ >+ if realm: >+ al.append(('krb5MaxLife', '86400')) >+ al.append(('krb5MaxRenew', '604800')) >+ al.append(('krb5KDCFlags', '126')) >+ krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >+ al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >+ else: >+ # can't do kerberos >+ self._remove_option( 'kerberos' ) >+ if 'posix' in self.options: >+ self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >+ self.alloc.append(('uidNumber',self.uidNum)) >+ gidNum = self.get_gid_for_primary_group() >+ al.append(('uidNumber', [self.uidNum])) >+ al.append(('gidNumber', [gidNum])) >+ >+ if self.modifypassword or self['password']: >+ if 'kerberos' in self.options: >+ krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >+ al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >+ if 'posix' in self.options: >+ password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >+ al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >+ if 'samba' in self.options: >+ password_nt, password_lm = univention.admin.password.ntlm(self['password']) >+ al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >+ al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >+ sambaPwdLastSetValue = str(long(time.time())) >+ al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >+ self.modifypassword=0 >+ if 'samba' in self.options: >+ acctFlags=univention.admin.samba.acctFlags(flags={self.SAMBA_ACCOUNT_FLAG:1}) >+ if self.s4connector_present: >+ # In this case Samba 4 must create the SID, the s4 connector will sync the >+ # new sambaSID back from Samba 4. >+ self.machineSid='S-1-4-%s' % self.uidNum >+ else: >+ self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >+ self.alloc.append(('sid',self.machineSid)) >+ al.append(('sambaSID', [self.machineSid])) >+ al.append(('sambaAcctFlags', [acctFlags.decode()])) >+ al.append(('displayName', self.info['name'])) >+ >+ al.insert(0, ('objectClass', ocs)) >+ if self.SERVER_ROLE: >+ al.append(('univentionServerRole', '', self.SERVER_ROLE)) >+ return al >+ >+ def check_required_options(self): >+ pass >+ >+ def _ldap_post_create(self): >+ if 'posix' in self.options: >+ if hasattr(self, 'uid') and self.uid: >+ univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >+ univention.admin.handlers.simpleComputer.primary_group( self ) >+ univention.admin.handlers.simpleComputer.update_groups( self ) >+ univention.admin.handlers.simpleComputer._ldap_post_create( self ) >+ self.nagios_ldap_post_create() >+ >+ def _ldap_pre_remove(self): >+ self.open() >+ if 'posix' in self.options and self.oldattr.get( 'uidNumber' ): >+ self.uidNum=self.oldattr['uidNumber'][0] >+ >+ def _ldap_post_remove(self): >+ if 'posix' in self.options: >+ univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >+ groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn])) >+ if groupObjects: >+ for i in range(0, len(groupObjects)): >+ groupObjects[i].open() >+ if self.dn in groupObjects[i]['users']: >+ groupObjects[i]['users'].remove(self.dn) >+ groupObjects[i].modify(ignore_license=1) >+ >+ self.nagios_ldap_post_remove() >+ univention.admin.handlers.simpleComputer._ldap_post_remove( self ) >+ # Need to clean up oldinfo. If remove was invoked, because the >+ # creation of the object has failed, the next try will result in >+ # a 'object class violation' (Bug #19343) >+ self.oldinfo = {} >+ >+ def krb5_principal(self): >+ domain=univention.admin.uldap.domain(self.lo, self.position) >+ realm=domain.getKerberosRealm() >+ if self.info.has_key('domain') and self.info['domain']: >+ kerberos_domain=self.info['domain'] >+ else: >+ kerberos_domain=domain.getKerberosRealm() >+ return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm >+ >+ def _ldap_post_modify(self): >+ univention.admin.handlers.simpleComputer.primary_group( self ) >+ univention.admin.handlers.simpleComputer.update_groups( self ) >+ univention.admin.handlers.simpleComputer._ldap_post_modify( self ) >+ self.nagios_ldap_post_modify() >+ >+ def _ldap_pre_modify(self): >+ if self.hasChanged('password'): >+ if not self['password']: >+ self['password']=self.oldattr.get('password',[''])[0] >+ self.modifypassword=0 >+ elif not self.info['password']: >+ self['password']=self.oldattr.get('password',[''])[0] >+ self.modifypassword=0 >+ else: >+ self.modifypassword=1 >+ self.nagios_ldap_pre_modify() >+ univention.admin.handlers.simpleComputer._ldap_pre_modify( self ) >+ >+ >+ def _ldap_modlist(self): >+ ml=univention.admin.handlers.simpleComputer._ldap_modlist( self ) >+ >+ self.nagios_ldap_modlist(ml) >+ >+ if self.hasChanged('name'): >+ if 'posix' in self.options: >+ if hasattr(self, 'uidNum'): >+ univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >+ requested_uid="%s$" % self['name'] >+ try: >+ self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >+ except Exception: >+ self.cancel() >+ raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid >+ >+ self.alloc.append(('uid',self.uid)) >+ >+ ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >+ >+ if 'samba' in self.options: >+ ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >+ >+ if 'kerberos' in self.options: >+ ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >+ >+ if self.modifypassword and self['password']: >+ if 'kerberos' in self.options: >+ krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >+ krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >+ ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >+ ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >+ if 'posix' in self.options: >+ password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >+ ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >+ if 'samba' in self.options: >+ password_nt, password_lm = univention.admin.password.ntlm(self['password']) >+ ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >+ ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >+ sambaPwdLastSetValue = str(long(time.time())) >+ ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >+ >+ # add samba option >+ if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >+ acctFlags=univention.admin.samba.acctFlags(flags={self.SAMBA_ACCOUNT_FLAG:1}) >+ if self.s4connector_present: >+ # In this case Samba 4 must create the SID, the s4 connector will sync the >+ # new sambaSID back from Samba 4. >+ self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0] >+ else: >+ self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >+ self.alloc.append(('sid',self.machineSid)) >+ ml.append(('sambaSID', '', [self.machineSid])) >+ ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >+ ml.append(('displayName', '', self.info['name'])) >+ sambaPwdLastSetValue = str(long(time.time())) >+ ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >+ if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >+ for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]: >+ if self.oldattr.get(key, []): >+ ml.insert(0, (key, self.oldattr.get(key, []), '')) >+ >+ if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >+ self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >+ ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >+ >+ return ml >+ >+ def cleanup(self): >+ self.open() >+ self.nagios_cleanup() >+ univention.admin.handlers.simpleComputer.cleanup( self ) >+ >+ def cancel(self): >+ for i,j in self.alloc: >+ univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) ) >+ univention.admin.allocators.release(self.lo, self.position, i, j) >+ >+ def link(self): >+ result = [] >+ if self['ip'] and len( self[ 'ip' ] ) > 0 and self['ip'][ 0 ]: >+ result = [{ 'url': 'https://%s/univention-management-console/' % self['ip'][ 0 ], >+ 'ipaddr': self['ip'][ 0 ], >+ }] >+ if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len( self['dnsEntryZoneForward' ] ) > 0: >+ zone = univention.admin.uldap.explodeDn( self['dnsEntryZoneForward'][0], 1)[0] >+ if not result: >+ result = [ { 'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone) }] >+ result[0]['fqdn'] = '%s.%s' % (self['name'], zone) >+ if result: >+ result[0]['name'] = _('Open Univention Management Console on this computer') >+ return result >+ return None >+ >+ @classmethod >+ def rewrite(cls, filter, mapping): >+ if filter.variable == 'ip': >+ filter.variable='aRecord' >+ else: >+ univention.admin.mapping.mapRewrite(filter, cls.mapping) >+ >+ @classmethod >+ def lookup_filter(cls, filter_s=None, lo=None): >+ filter_s = univention.admin.filter.replace_fqdn_filter( filter_s ) >+ if str(filter_s).find('(dnsAlias=') != -1: >+ filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) >+ if filter_s: >+ return cls.lookup_filter(filter_s, lo) >+ else: >+ return None >+ lookup_filter_obj = univention.admin.filter.conjunction('&', [x for x in [ >+ univention.admin.filter.expression('objectClass', 'univentionHost'), >+ univention.admin.filter.expression('objectClass', cls.SERVER_TYPE), >+ None if not cls.SERVER_ROLE else univention.admin.filter.expression('univentionServerRole', cls.SERVER_ROLE), >+ ] if x is not None]) >+ >+ # ATTENTION: has its own rewrite function. >+ lookup_filter_obj.append_unmapped_filter_string(filter_s, cls.rewrite, cls.mapping) >+ return lookup_filter_obj >+ >+ @classmethod >+ def lookup(cls, co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0): >+ >+ filter=cls.lookup_filter(filter_s, lo) >+ if filter is None: >+ return [] >+ res=[] >+ for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): >+ res.append( cls( co, lo, None, dn, attributes = attrs ) ) >+ return res >+ >+ @classmethod >+ def identify(cls, dn, attr, canonical=0): >+ return 'univentionHost' in attr.get('objectClass', []) and cls.SERVER_TYPE in attr.get('objectClass', []) and (True if not cls.SERVER_ROLE else cls.SERVER_ROLE in attr.get('univentionServerRole', [])) >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py >index dc4c1b0..640796b 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py >@@ -1,7 +1,7 @@ > # -*- coding: utf-8 -*- > # > # Univention Admin Modules >-# admin module for the DC Backup hosts >+# admin module for the DC Backup hosts > # > # Copyright 2004-2016 Univention GmbH > # >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation=univention.admin.localization.translation('univention.admin.handlers.computers') > _=translation.translate >@@ -402,304 +393,16 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module=module >- >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open( self ) >- self.nagios_open() >- >- self.modifypassword=0 >- if self.exists(): >- userPassword=self.oldattr.get('userPassword',[''])[0] >- if userPassword: >- self.info['password']=userPassword >- self.modifypassword=0 >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get( 'primaryGroup' ): >- primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup']=primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos+1:] >- >- self.save() >- else: >- self.modifypassword=0 >- if 'posix' in self.options: >- res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerMasterGroup', position=self.position) >- if res: >- self['primaryGroup']=res >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- >- def _ldap_addlist(self): >- ocs=['top', 'person', 'univentionHost', 'univentionDomainController'] >- al=[] >- if 'kerberos' in self.options: >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- >- if realm: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option( 'kerberos' ) >- if 'posix' in self.options: >- self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber',self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword=0 >- if 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'S':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.uidNum >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- al.append(('univentionServerRole', '', 'backup')) >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_create( self ) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get( 'uidNumber' ): >- self.uidNum=self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove( self ) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain=self.info['domain'] >- else: >- kerberos_domain=domain.getKerberosRealm() >- return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_modify( self ) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- elif not self.info['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- else: >- self.modifypassword=1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify( self ) >- >- >- def _ldap_modlist(self): >- ml=univention.admin.handlers.simpleComputer._ldap_modlist( self ) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid="%s$" % self['name'] >- try: >- self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid >- return [] >- >- self.alloc.append(('uid',self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'S':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0] >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup( self ) >- >- def cancel(self): >- for i,j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) ) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- def link(self): >- result = [] >- if self['ip'] and len( self[ 'ip' ] ) > 0 and self['ip'][ 0 ]: >- result = [{ 'url': 'https://%s/univention-management-console/' % self['ip'][ 0 ], >- 'ipaddr': self['ip'][ 0 ], >- }] >- if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len( self['dnsEntryZoneForward' ] ) > 0: >- zone = univention.admin.uldap.explodeDn( self['dnsEntryZoneForward'][0], 1)[0] >- if not result: >- result = [ { 'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone) }] >- result[0]['fqdn'] = '%s.%s' % (self['name'], zone) >- if result: >- result[0]['name'] = _('Open Univention Management Console on this computer') >- return result >- return None >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable='aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >- >-def lookup_filter(filter_s=None, lo=None): >- filter_s = univention.admin.filter.replace_fqdn_filter( filter_s ) >- if str(filter_s).find('(dnsAlias=') != -1: >- filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) >- if filter_s: >- return lookup_filter(filter_s, lo) >- else: >- return None >- lookup_filter_obj = \ >- univention.admin.filter.conjunction('&', [ >- univention.admin.filter.expression('objectClass', 'univentionHost'), >- univention.admin.filter.expression('objectClass', 'univentionDomainController'), >- univention.admin.filter.expression('univentionServerRole', 'backup'), >- ]) >- >- # ATTENTION: has its own rewrite function. >- lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping) >- return lookup_filter_obj >- >-def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0): >- >- filter=lookup_filter(filter_s, lo) >- if filter is None: >- return [] >- res=[] >- for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): >- res.append( object( co, lo, None, dn, attributes = attrs ) ) >- return res >- >-def identify(dn, attr, canonical=0): >- return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'backup' in attr.get('univentionServerRole', []) >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultDomainControllerMasterGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController'] >+ SAMBA_ACCOUNT_FLAG = 'S' >+ SERVER_TYPE = 'univentionDomainController' >+ SERVER_ROLE = 'backup' >+ >+rewrite = object.rewrite >+lookup_filter = object.lookup_filter >+lookup = object.lookup >+identify = object.identify >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py >index 919d410..d6fe011 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation=univention.admin.localization.translation('univention.admin.handlers.computers') > _=translation.translate >@@ -402,298 +393,16 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module=module >- >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open( self ) >- self.nagios_open() >- >- self.modifypassword=0 >- if self.exists(): >- userPassword=self.oldattr.get('userPassword',[''])[0] >- if userPassword: >- self.info['password']=userPassword >- self.modifypassword=0 >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get( 'primaryGroup' ): >- primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup']=primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos+1:] >- >- self.save() >- else: >- self.modifypassword=0 >- if 'posix' in self.options: >- res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerMasterGroup', position=self.position) >- if res: >- self['primaryGroup']=res >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- >- def _ldap_addlist(self): >- ocs=['top', 'person', 'univentionHost', 'univentionDomainController'] >- al=[] >- if 'kerberos' in self.options: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- >- if 'posix' in self.options: >- self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber',self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword=0 >- if 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'S':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.uidNum >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- al.append(('univentionServerRole', '', 'master')) >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_create( self ) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get( 'uidNumber' ): >- self.uidNum=self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove( self ) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain=self.info['domain'] >- else: >- kerberos_domain=domain.getKerberosRealm() >- return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_modify( self ) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- elif not self.info['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- else: >- self.modifypassword=1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify( self ) >- >- >- def _ldap_modlist(self): >- ml=univention.admin.handlers.simpleComputer._ldap_modlist( self ) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid="%s$" % self['name'] >- try: >- self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid >- return [] >- >- self.alloc.append(('uid',self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'S':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0] >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup( self ) >- >- def cancel(self): >- for i,j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) ) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- def link(self): >- result = [] >- if self['ip'] and len( self[ 'ip' ] ) > 0 and self['ip'][ 0 ]: >- result = [{ 'url': 'https://%s/univention-management-console/' % self['ip'][ 0 ], >- 'ipaddr': self['ip'][ 0 ], >- }] >- if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len( self['dnsEntryZoneForward' ] ) > 0: >- zone = univention.admin.uldap.explodeDn( self['dnsEntryZoneForward'][0], 1)[0] >- if not result: >- result = [ { 'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone) }] >- result[0]['fqdn'] = '%s.%s' % (self['name'], zone) >- if result: >- result[0]['name'] = _('Open Univention Management Console on this computer') >- return result >- return None >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable='aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >- >-def lookup_filter(filter_s=None, lo=None): >- filter_s = univention.admin.filter.replace_fqdn_filter( filter_s ) >- if str(filter_s).find('(dnsAlias=') != -1: >- filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) >- if filter_s: >- return lookup_filter(filter_s, lo) >- else: >- return None >- lookup_filter_obj = \ >- univention.admin.filter.conjunction('&', [ >- univention.admin.filter.expression('objectClass', 'univentionHost'), >- univention.admin.filter.expression('objectClass', 'univentionDomainController'), >- univention.admin.filter.expression('univentionServerRole', 'master'), >- ]) >- >- # ATTENTION: has its own rewrite function. >- lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping) >- return lookup_filter_obj >- >-def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0): >- >- filter=lookup_filter(filter_s, lo) >- if filter is None: >- return [] >- res=[] >- for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): >- res.append( object( co, lo, None, dn, attributes = attrs ) ) >- return res >- >-def identify(dn, attr, canonical=0): >- return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'master' in attr.get('univentionServerRole', []) >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultDomainControllerMasterGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController'] >+ SAMBA_ACCOUNT_FLAG = 'S' >+ SERVER_TYPE = 'univentionDomainController' >+ SERVER_ROLE = 'master' >+ >+rewrite = object.rewrite >+lookup_filter = object.lookup_filter >+lookup = object.lookup >+identify = object.identify >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py >index 43efc7e..d983362 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation=univention.admin.localization.translation('univention.admin.handlers.computers') > _=translation.translate >@@ -402,304 +393,16 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module=module >- >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open( self ) >- self.nagios_open() >- >- self.modifypassword=0 >- if self.exists(): >- userPassword=self.oldattr.get('userPassword',[''])[0] >- if userPassword: >- self.info['password']=userPassword >- self.modifypassword=0 >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get( 'primaryGroup' ): >- primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup']=primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos+1:] >- >- self.save() >- else: >- self.modifypassword=0 >- if 'posix' in self.options: >- res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerGroup', position=self.position) >- if res: >- self['primaryGroup']=res >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- >- def _ldap_addlist(self): >- ocs=['top', 'person', 'univentionHost', 'univentionDomainController'] >- al=[] >- if 'kerberos' in self.options: >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- >- if realm: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option( 'kerberos' ) >- if 'posix' in self.options: >- self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber',self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword=0 >- if 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'S':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.uidNum >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- al.append(('univentionServerRole', '', 'slave')) >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_create( self ) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get( 'uidNumber' ): >- self.uidNum=self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove( self ) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain=self.info['domain'] >- else: >- kerberos_domain=domain.getKerberosRealm() >- return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_modify( self ) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- elif not self.info['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- else: >- self.modifypassword=1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify( self ) >- >- >- def _ldap_modlist(self): >- ml=univention.admin.handlers.simpleComputer._ldap_modlist( self ) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid="%s$" % self['name'] >- try: >- self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid >- return [] >- >- self.alloc.append(('uid',self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'S':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0] >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup( self ) >- >- def cancel(self): >- for i,j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) ) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- def link(self): >- result = [] >- if self['ip'] and len( self[ 'ip' ] ) > 0 and self['ip'][ 0 ]: >- result = [{ 'url': 'https://%s/univention-management-console/' % self['ip'][ 0 ], >- 'ipaddr': self['ip'][ 0 ], >- }] >- if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len( self['dnsEntryZoneForward' ] ) > 0: >- zone = univention.admin.uldap.explodeDn( self['dnsEntryZoneForward'][0], 1)[0] >- if not result: >- result = [ { 'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone) }] >- result[0]['fqdn'] = '%s.%s' % (self['name'], zone) >- if result: >- result[0]['name'] = _('Open Univention Management Console on this computer') >- return result >- return None >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable='aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >- >-def lookup_filter(filter_s=None, lo=None): >- filter_s = univention.admin.filter.replace_fqdn_filter( filter_s ) >- if str(filter_s).find('(dnsAlias=') != -1: >- filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) >- if filter_s: >- return lookup_filter(filter_s, lo) >- else: >- return None >- lookup_filter_obj = \ >- univention.admin.filter.conjunction('&', [ >- univention.admin.filter.expression('objectClass', 'univentionHost'), >- univention.admin.filter.expression('objectClass', 'univentionDomainController'), >- univention.admin.filter.expression('univentionServerRole', 'slave'), >- ]) >- >- # ATTENTION: has its own rewrite function. >- lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping) >- return lookup_filter_obj >- >-def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0): >- >- filter=lookup_filter(filter_s, lo) >- if filter is None: >- return [] >- res=[] >- for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): >- res.append( object( co, lo, None, dn, attributes = attrs ) ) >- return res >- >-def identify(dn, attr, canonical=0): >- return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'slave' in attr.get('univentionServerRole', []) >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultDomainControllerGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController'] >+ SAMBA_ACCOUNT_FLAG = 'S' >+ SERVER_TYPE = 'univentionDomainController' >+ SERVER_ROLE = 'slave' >+ >+rewrite = object.rewrite >+lookup_filter = object.lookup_filter >+lookup = object.lookup >+identify = object.identify >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py >index a4d4951..5490cd7 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation=univention.admin.localization.translation('univention.admin.handlers.computers') > _=translation.translate >@@ -341,263 +332,21 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module=module >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultClientGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionLinuxClient'] >+ SAMBA_ACCOUNT_FLAG = 'W' >+ SERVER_TYPE = 'univentionLinuxClient' > >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open( self ) >- self.nagios_open() >- >- self.modifypassword=0 >- if self.exists(): >- userPassword=self.oldattr.get('userPassword',[''])[0] >- if userPassword: >- self.info['password']=userPassword >- self.modifypassword=0 >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get( 'primaryGroup' ): >- primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup']=primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos+1:] >- >- self.save() >- else: >- self.modifypassword=0 >- if 'posix' in self.options: >- res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultClientGroup', position=self.position) >- if res: >- self['primaryGroup']=res >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- >- def _ldap_addlist(self): >+ def check_required_options(self): > if not set(self.options) & set(['posix', 'kerberos']): > raise univention.admin.uexceptions.invalidOptions(_(' At least posix or kerberos is required.')) >+del object.link > >- ocs=['top', 'person', 'univentionHost', 'univentionLinuxClient'] >- al=[] >- if 'kerberos' in self.options: >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- >- if realm: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option( 'kerberos' ) >- if 'posix' in self.options: >- self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber',self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword=0 >- if 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'W':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.uidNum >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_create( self ) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get( 'uidNumber' ): >- self.uidNum=self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove( self ) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain=self.info['domain'] >- else: >- kerberos_domain=domain.getKerberosRealm() >- return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_modify( self ) >- self.nagios_ldap_post_modify() >+rewrite = object.rewrite > >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- elif not self.info['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- else: >- self.modifypassword=1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify( self ) >- >- >- def _ldap_modlist(self): >- ml=univention.admin.handlers.simpleComputer._ldap_modlist( self ) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid="%s$" % self['name'] >- try: >- self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid >- return [] >- >- self.alloc.append(('uid',self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'W':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0] >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup( self ) >- >- def cancel(self): >- for i,j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) ) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable='aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) > > def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0): > >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py >index 328758c..c98ae5d 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation=univention.admin.localization.translation('univention.admin.handlers.computers') > _=translation.translate >@@ -329,272 +320,30 @@ > mapping=univention.admin.mapping.mapping() > mapping.register('name', 'cn', None, univention.admin.mapping.ListToString) > mapping.register('description', 'description', None, univention.admin.mapping.ListToString) >-mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString) >-mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString) > mapping.register('domain', 'associatedDomain', None, univention.admin.mapping.ListToString) > mapping.register('inventoryNumber', 'univentionInventoryNumber') > mapping.register('mac', 'macAddress' ) > mapping.register('network', 'univentionNetworkLink', None, univention.admin.mapping.ListToString) > mapping.register('unixhome', 'homeDirectory', None, univention.admin.mapping.ListToString) > mapping.register('shell', 'loginShell', None, univention.admin.mapping.ListToString) >+mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString) >+mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString) > > # add Nagios extension > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module=module >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultClientGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionMacOSClient'] >+ SAMBA_ACCOUNT_FLAG = 'W' >+ SERVER_TYPE = 'univentionMacOSClient' >+del object.link > >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open( self ) >- self.nagios_open() >- >- self.modifypassword=0 >- if self.exists(): >- userPassword=self.oldattr.get('userPassword',[''])[0] >- if userPassword: >- self.info['password']=userPassword >- self.modifypassword=0 >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get( 'primaryGroup' ): >- primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup']=primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos+1:] >- >- self.save() >- else: >- self.modifypassword=0 >- if 'posix' in self.options: >- res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultClientGroup', position=self.position) >- if res: >- self['primaryGroup']=res >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- >- def _ldap_addlist(self): >- ocs=['top', 'person', 'univentionHost', 'univentionMacOSClient'] >- al=[] >- if 'kerberos' in self.options: >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- >- if realm: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option( 'kerberos' ) >- if 'posix' in self.options: >- self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber',self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword=0 >- if 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'W':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.uidNum >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_create( self ) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get( 'uidNumber' ): >- self.uidNum=self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove( self ) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain=self.info['domain'] >- else: >- kerberos_domain=domain.getKerberosRealm() >- return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_modify( self ) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- elif not self.info['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- else: >- self.modifypassword=1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify( self ) >- >- >- def _ldap_modlist(self): >- ml=univention.admin.handlers.simpleComputer._ldap_modlist( self ) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid="%s$" % self['name'] >- try: >- self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid >- return [] >- >- self.alloc.append(('uid',self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'W':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0] >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup( self ) >- >- def cancel(self): >- for i,j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) ) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable='aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >+rewrite = object.rewrite >+identify = object.identify > > def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0): > >@@ -618,8 +367,3 @@ def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, > for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): > res.append( object( co, lo, None, dn, attributes = attrs ) ) > return res >- >-def identify(dn, attr, canonical=0): >- >- return 'univentionHost' in attr.get('objectClass', []) and 'univentionMacOSClient' in attr.get('objectClass', []) >- >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py >index 2665135..ac17b7e 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation=univention.admin.localization.translation('univention.admin.handlers.computers') > _=translation.translate >@@ -386,9 +377,9 @@ > mapping.register('name', 'cn', None, univention.admin.mapping.ListToString) > mapping.register('description', 'description', None, univention.admin.mapping.ListToString) > mapping.register('domain', 'associatedDomain', None, univention.admin.mapping.ListToString) >-mapping.register('inventoryNumber', 'univentionInventoryNumber') > mapping.register('serverRole', 'univentionServerRole') > mapping.register('mac', 'macAddress' ) >+mapping.register('inventoryNumber', 'univentionInventoryNumber') > mapping.register('reinstall', 'univentionServerReinstall', None, univention.admin.mapping.ListToString) > mapping.register('instprofile', 'univentionServerInstallationProfile', None, univention.admin.mapping.ListToString) > mapping.register('reinstalloption', 'univentionServerInstallationOption', None, univention.admin.mapping.ListToString) >@@ -403,303 +394,16 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module=module >- >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open( self ) >- self.nagios_open() >- >- self.modifypassword=0 >- if self.exists(): >- userPassword=self.oldattr.get('userPassword',[''])[0] >- if userPassword: >- self.info['password']=userPassword >- self.modifypassword=0 >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get( 'primaryGroup' ): >- primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup']=primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos+1:] >- >- self.save() >- else: >- self.modifypassword=0 >- if 'posix' in self.options: >- res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultMemberserverGroup', position=self.position) >- if res: >- self['primaryGroup']=res >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- >- def _ldap_addlist(self): >- ocs=['top', 'person', 'univentionHost', 'univentionMemberServer'] >- al=[] >- if 'kerberos' in self.options: >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- >- if realm: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option( 'kerberos' ) >- if 'posix' in self.options: >- self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber',self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword=0 >- if 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'W':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.uidNum >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- al.append(('univentionServerRole', '', 'member')) >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_create( self ) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get( 'uidNumber' ): >- self.uidNum=self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove( self ) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain=self.info['domain'] >- else: >- kerberos_domain=domain.getKerberosRealm() >- return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_modify( self ) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- elif not self.info['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- else: >- self.modifypassword=1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify( self ) >- >- >- def _ldap_modlist(self): >- ml=univention.admin.handlers.simpleComputer._ldap_modlist( self ) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid="%s$" % self['name'] >- try: >- self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid >- return [] >- >- self.alloc.append(('uid',self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'W':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0] >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup( self ) >- >- def cancel(self): >- for i,j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) ) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- def link(self): >- result = [] >- if self['ip'] and len( self[ 'ip' ] ) > 0 and self['ip'][ 0 ]: >- result = [{ 'url': 'https://%s/univention-management-console/' % self['ip'][ 0 ], >- 'ipaddr': self['ip'][ 0 ], >- }] >- if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len( self['dnsEntryZoneForward' ] ) > 0: >- zone = univention.admin.uldap.explodeDn( self['dnsEntryZoneForward'][0], 1)[0] >- if not result: >- result = [ { 'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone) }] >- result[0]['fqdn'] = '%s.%s' % (self['name'], zone) >- if result: >- result[0]['name'] = _('Open Univention Management Console on this computer') >- return result >- return None >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable='aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >- >-def lookup_filter(filter_s=None, lo=None): >- filter_s = univention.admin.filter.replace_fqdn_filter( filter_s ) >- if str(filter_s).find('(dnsAlias=') != -1: >- filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) >- if filter_s: >- return lookup_filter(filter_s, lo) >- else: >- return None >- lookup_filter_obj = \ >- univention.admin.filter.conjunction('&', [ >- univention.admin.filter.expression('objectClass', 'univentionHost'), >- univention.admin.filter.expression('objectClass', 'univentionMemberServer'), >- ]) >- >- # ATTENTION: has its own rewrite function. >- lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping) >- return lookup_filter_obj >- >-def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0): >- >- filter=lookup_filter(filter_s, lo) >- if filter is None: >- return [] >- res=[] >- for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): >- res.append( object( co, lo, None, dn, attributes = attrs ) ) >- return res >- >-def identify(dn, attr, canonical=0): >- return 'univentionHost' in attr.get('objectClass', []) and 'univentionMemberServer' in attr.get('objectClass', []) >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultMemberserverGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionMemberServer'] >+ SAMBA_ACCOUNT_FLAG = 'W' >+ SERVER_TYPE = 'univentionMemberServer' >+ SERVER_ROLE = 'member' >+ >+rewrite = object.rewrite >+lookup_filter = object.lookup_filter >+lookup = object.lookup >+identify = object.identify >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py >index f891fc0..1c4908c 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation=univention.admin.localization.translation('univention.admin.handlers.computers') > _=translation.translate >@@ -341,263 +332,20 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module=module >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultClientGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionUbuntuClient'] >+ SAMBA_ACCOUNT_FLAG = 'W' >+ SERVER_TYPE = 'univentionUbuntuClient' > >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open( self ) >- self.nagios_open() >- >- self.modifypassword=0 >- if self.exists(): >- userPassword=self.oldattr.get('userPassword',[''])[0] >- if userPassword: >- self.info['password']=userPassword >- self.modifypassword=0 >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get( 'primaryGroup' ): >- primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup']=primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos+1:] >- >- self.save() >- else: >- self.modifypassword=0 >- if 'posix' in self.options: >- res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultClientGroup', position=self.position) >- if res: >- self['primaryGroup']=res >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- >- def _ldap_addlist(self): >+ def check_required_options(self): > if not set(self.options) & set(['posix', 'kerberos']): > raise univention.admin.uexceptions.invalidOptions(_(' At least posix or kerberos is required.')) >- >- ocs=['top', 'person', 'univentionHost', 'univentionUbuntuClient'] >- al=[] >- if 'kerberos' in self.options: >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- >- if realm: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option( 'kerberos' ) >- if 'posix' in self.options: >- self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber',self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword=0 >- if 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'W':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.uidNum >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_create( self ) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get( 'uidNumber' ): >- self.uidNum=self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove( self ) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain=self.info['domain'] >- else: >- kerberos_domain=domain.getKerberosRealm() >- return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_modify( self ) >- self.nagios_ldap_post_modify() >+del object.link > >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- elif not self.info['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- else: >- self.modifypassword=1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify( self ) >- >- >- def _ldap_modlist(self): >- ml=univention.admin.handlers.simpleComputer._ldap_modlist( self ) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid="%s$" % self['name'] >- try: >- self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid >- return [] >- >- self.alloc.append(('uid',self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'W':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0] >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup( self ) >- >- def cancel(self): >- for i,j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) ) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable='aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >+rewrite = object.rewrite > > def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0): > >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py >index 014cf72..9c11908 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation=univention.admin.localization.translation('univention.admin.handlers.computers') > _=translation.translate >@@ -346,278 +337,37 @@ > mapping=univention.admin.mapping.mapping() > mapping.register('name', 'cn', None, univention.admin.mapping.ListToString) > mapping.register('description', 'description', None, univention.admin.mapping.ListToString) >-mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString) >-mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString) > mapping.register('domain', 'associatedDomain', None, univention.admin.mapping.ListToString) > mapping.register('inventoryNumber', 'univentionInventoryNumber') > mapping.register('mac', 'macAddress' ) > mapping.register('network', 'univentionNetworkLink', None, univention.admin.mapping.ListToString) > mapping.register('unixhome', 'homeDirectory', None, univention.admin.mapping.ListToString) > mapping.register('shell', 'loginShell', None, univention.admin.mapping.ListToString) >+mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString) >+mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString) > > # add Nagios extension > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module=module >- >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open( self ) >- self.nagios_open() >- >- self.modifypassword=0 >- if self.exists(): >- userPassword=self.oldattr.get('userPassword',[''])[0] >- if userPassword: >- self.info['password']=userPassword >- self.modifypassword=0 >- >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get( 'primaryGroup' ): >- primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup']=primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos+1:] >- >- self.save() >- else: >- self.modifypassword=0 >- if 'posix' in self.options: >- res=univention.admin.config.getDefaultValue(self.lo, 'computerGroup', position=self.position) >- if res: >- self['primaryGroup']=res >- >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- >- def _ldap_addlist(self): >- ocs=['top', 'person', 'univentionHost', 'univentionWindows'] >- al=[] >- if 'kerberos' in self.options: >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- >- if realm: >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- else: >- # can't do kerberos >- self._remove_option( 'kerberos' ) >- if 'posix' in self.options: >- self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber',self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword=0 >- if 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'W':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.uidNum >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- al.append(('univentionServerRole', '', 'windows_client')) >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_create( self ) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get( 'uidNumber' ): >- self.uidNum=self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove( self ) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain=self.info['domain'] >- else: >- kerberos_domain=domain.getKerberosRealm() >- return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_modify( self ) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- elif not self.info['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- else: >- self.modifypassword=1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify( self ) >- >+ mapping = mapping >+ CONFIG_NAME = 'computerGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionWindows'] >+ SAMBA_ACCOUNT_FLAG = 'W' >+ SERVER_TYPE = 'univentionWindows' >+ SERVER_ROLE = 'windows_client' > > def _ldap_modlist(self): >- ml=univention.admin.handlers.simpleComputer._ldap_modlist( self ) >- >- self.nagios_ldap_modlist(ml) >- >+ ml = super(object, self)._ldap_modlist() > if self.hasChanged('ntCompatibility') and self['ntCompatibility'] == '1': > self['password'] = self['name'].replace('$','').lower() > self.modifypassword = 1 >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid="%s$" % self['name'] >- try: >- self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid >- return [] >- >- self.alloc.append(('uid',self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'W':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0] >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- > return ml >+del object.link > >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup( self ) >- >- def cancel(self): >- for i,j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) ) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable='aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >+rewrite = object.rewrite > > def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0): > >diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py >index fb8999d..3c8cdab 100644 >--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py >+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py >@@ -30,21 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-from ldap.filter import filter_format >- > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >-import univention.admin.password >-import univention.admin.allocators > import univention.admin.localization >-import univention.admin.uldap > import univention.admin.nagios as nagios >-import univention.admin.handlers.dns.forward_zone >-import univention.admin.handlers.dns.reverse_zone >-import univention.admin.handlers.groups.group >-import univention.admin.handlers.networks.network >-import time >+from univention.admin.handlers.computers.base import computerBase > > translation=univention.admin.localization.translation('univention.admin.handlers.computers') > _=translation.translate >@@ -368,257 +359,17 @@ > nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) > > >-class object(univention.admin.handlers.simpleComputer, nagios.Support): >+class object(computerBase): > module=module >+ mapping = mapping >+ CONFIG_NAME = 'univentionDefaultDomainControllerGroup' >+ DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionWindows'] >+ SAMBA_ACCOUNT_FLAG = 'S' >+ SERVER_TYPE = 'univentionWindows' >+ SERVER_ROLE = 'windows_domaincontroller' > >- def __init__(self, co, lo, position, dn='', superordinate=None, attributes = [] ): >- univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) >- nagios.Support.__init__(self) >- >- def open(self): >- univention.admin.handlers.simpleComputer.open( self ) >- self.nagios_open() >- >- self.modifypassword=0 >- if self.exists(): >- userPassword=self.oldattr.get('userPassword',[''])[0] >- if userPassword: >- self.info['password']=userPassword >- self.modifypassword=0 >- >- if self.exists(): >- >- if 'posix' in self.options and not self.info.get( 'primaryGroup' ): >- primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) >- if primaryGroupNumber: >- primaryGroupResult=self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) >- if primaryGroupResult: >- self['primaryGroup']=primaryGroupResult[0] >- univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- else: >- self['primaryGroup']=None >- self.save() >- raise univention.admin.uexceptions.primaryGroup >- if 'samba' in self.options: >- sid = self.oldattr.get('sambaSID', [''])[0] >- pos = sid.rfind('-') >- self.info['sambaRID'] = sid[pos+1:] >- >- self.save() >- >- else: >- self.modifypassword=0 >- if 'posix' in self.options: >- res=univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerGroup', position=self.position) >- if res: >- self['primaryGroup']=res >- >- def _ldap_pre_create(self): >- super(object, self)._ldap_pre_create() >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- >- def _ldap_addlist(self): >- ocs=['top', 'person', 'univentionHost', 'univentionWindows'] >- al=[] >- if 'kerberos' in self.options: >- >- ocs.extend(['krb5Principal', 'krb5KDCEntry']) >- al.append(('krb5MaxLife', '86400')) >- al.append(('krb5MaxRenew', '604800')) >- al.append(('krb5KDCFlags', '126')) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- >- if 'posix' in self.options: >- self.uidNum=univention.admin.allocators.request(self.lo, self.position, 'uidNumber') >- self.alloc.append(('uidNumber',self.uidNum)) >- gidNum = self.get_gid_for_primary_group() >- al.append(('uidNumber', [self.uidNum])) >- al.append(('gidNumber', [gidNum])) >- >- if self.modifypassword or self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- self.modifypassword=0 >- if 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'S':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.uidNum >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- al.append(('sambaSID', [self.machineSid])) >- al.append(('sambaAcctFlags', [acctFlags.decode()])) >- al.append(('displayName', self.info['name'])) >- >- al.insert(0, ('objectClass', ocs)) >- al.append(('univentionServerRole', '', 'windows_domaincontroller')) >- return al >- >- def _ldap_post_create(self): >- if 'posix' in self.options: >- if hasattr(self, 'uid') and self.uid: >- univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_create( self ) >- self.nagios_ldap_post_create() >- >- def _ldap_pre_remove(self): >- self.open() >- if 'posix' in self.options and self.oldattr.get( 'uidNumber' ): >- self.uidNum=self.oldattr['uidNumber'][0] >- >- def _ldap_post_remove(self): >- if 'posix' in self.options: >- univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) >- groupObjects=univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn])) >- if groupObjects: >- for i in range(0, len(groupObjects)): >- groupObjects[i].open() >- if self.dn in groupObjects[i]['users']: >- groupObjects[i]['users'].remove(self.dn) >- groupObjects[i].modify(ignore_license=1) >- >- self.nagios_ldap_post_remove() >- univention.admin.handlers.simpleComputer._ldap_post_remove( self ) >- # Need to clean up oldinfo. If remove was invoked, because the >- # creation of the object has failed, the next try will result in >- # a 'object class violation' (Bug #19343) >- self.oldinfo = {} >- >- def krb5_principal(self): >- domain=univention.admin.uldap.domain(self.lo, self.position) >- realm=domain.getKerberosRealm() >- if self.info.has_key('domain') and self.info['domain']: >- kerberos_domain=self.info['domain'] >- else: >- kerberos_domain=domain.getKerberosRealm() >- return 'host/' + self['name']+'.'+kerberos_domain.lower()+'@'+realm >- >- def _ldap_post_modify(self): >- univention.admin.handlers.simpleComputer.primary_group( self ) >- univention.admin.handlers.simpleComputer.update_groups( self ) >- univention.admin.handlers.simpleComputer._ldap_post_modify( self ) >- self.nagios_ldap_post_modify() >- >- def _ldap_pre_modify(self): >- if self.hasChanged('password'): >- if not self['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- elif not self.info['password']: >- self['password']=self.oldattr.get('password',[''])[0] >- self.modifypassword=0 >- else: >- self.modifypassword=1 >- self.nagios_ldap_pre_modify() >- univention.admin.handlers.simpleComputer._ldap_pre_modify( self ) >- >- >- def _ldap_modlist(self): >- ml=univention.admin.handlers.simpleComputer._ldap_modlist( self ) >- >- self.nagios_ldap_modlist(ml) >- >- if self.hasChanged('name'): >- if 'posix' in self.options: >- if hasattr(self, 'uidNum'): >- univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) >- requested_uid="%s$" % self['name'] >- try: >- self.uid=univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) >- except Exception: >- self.cancel() >- raise univention.admin.uexceptions.uidAlreadyUsed, ': %s' % requested_uid >- return [] >- >- self.alloc.append(('uid',self.uid)) >- >- ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) >- >- if 'samba' in self.options: >- ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) >- >- if 'kerberos' in self.options: >- ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) >- >- if self.modifypassword and self['password']: >- if 'kerberos' in self.options: >- krb_keys=univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) >- krb_key_version=str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0])+1) >- ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) >- ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) >- if 'posix' in self.options: >- password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) >- ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) >- if 'samba' in self.options: >- password_nt, password_lm = univention.admin.password.ntlm(self['password']) >- ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) >- ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- >- # add samba option >- if self.exists() and self.option_toggled('samba') and 'samba' in self.options: >- acctFlags=univention.admin.samba.acctFlags(flags={'S':1}) >- if self.s4connector_present: >- # In this case Samba 4 must create the SID, the s4 connector will sync the >- # new sambaSID back from Samba 4. >- self.machineSid='S-1-4-%s' % self.oldattr['uidNumber'][0] >- else: >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- self.alloc.append(('sid',self.machineSid)) >- ml.append(('sambaSID', '', [self.machineSid])) >- ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) >- ml.append(('displayName', '', self.info['name'])) >- sambaPwdLastSetValue = str(long(time.time())) >- ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) >- if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: >- for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]: >- if self.oldattr.get(key, []): >- ml.insert(0, (key, self.oldattr.get(key, []), '')) >- >- if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): >- self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) >- ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) >- >- return ml >- >- def cleanup(self): >- self.open() >- self.nagios_cleanup() >- univention.admin.handlers.simpleComputer.cleanup( self ) >- >- def cancel(self): >- for i,j in self.alloc: >- univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i,j) ) >- univention.admin.allocators.release(self.lo, self.position, i, j) >- >-def rewrite(filter, mapping): >- if filter.variable == 'ip': >- filter.variable='aRecord' >- else: >- univention.admin.mapping.mapRewrite(filter, mapping) >+rewrite = object.rewrite >+identify = object.identify > > def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0): > >@@ -643,6 +394,3 @@ def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, > for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): > res.append( object( co, lo, None, dn, attributes = attrs ) ) > return res >- >-def identify(dn, attr, canonical=0): >- return 'univentionHost' in attr.get('objectClass', []) and 'univentionWindows' in attr.get('objectClass', []) and 'windows_domaincontroller' in attr.get('univentionServerRole', [])
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7781">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 41659
: 7781 |
8993