diff --git a/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/directory_logger.py b/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/directory_logger.py index d4adbb6..8f5cae0 100755 --- a/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/directory_logger.py +++ b/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/directory_logger.py @@ -42,7 +42,6 @@ import grp import subprocess import os import fcntl -import copy import univention.debug import univention.misc @@ -171,12 +170,7 @@ def process_dellog(dn): return (timestamp, dellog_id, modifier, action) -def handler(dn, new, old): - # Copy dictonaries because they will be modified - # see https://forge.univention.org/bugzilla/show_bug.cgi?id=22564 for details - new_copy = copy.deepcopy(new) - old_copy = copy.deepcopy(old) - - if listener.configRegistry['ldap/logging'] != 'yes': +def handler(dn, new_copy, old_copy): + if not listener.configRegistry.is_true('ldap/logging'): return @@ -142,17 +142,14 @@ def handler(dn, new_copy, old_copy): if not listener.configRegistry.is_true('ldap/logging'): return - # check for exclusion - skip = 0 - excludeKeys = [key for key in listener.configRegistry.keys() if excludeKeyPattern.search(key)] - exclude = [listener.configRegistry[key] for key in excludeKeys] - for base in exclude: - if dn.rfind(base) != -1: - skip = 1 - listener.setuid(0) try: - if skip == 1: + # check for exclusion + if any( + value in dn + for key, value in listener.configRegistry.iteritems() + if excludeKeyPattern.match(key) + ): if not new_copy: # there should be a dellog entry to remove process_dellog(dn) # important: don't return a thing, otherwise this dn @@ -168,14 +168,13 @@ def handler(dn, new_copy, old_copy): previoushash = cachefile.read() # get ID - f = open(notifier_id, 'r') - id = int(f.read()) + 1 + with open(notifier_id, 'r') as f: + id = int(f.read()) + 1 # matches notifier transaction id. Tested for UCS 1.3-2 and 2.0. # Note about 1.3-2: # For user removal this matches with ++last_id as seen by the dellog overlay, # but for user create dellog sees id-1, i.e. last_id has already been incremented before # we see it here - f.close() # 2. generate log record if new_copy: @@ -209,11 +208,8 @@ def handler(dn, new_copy, old_copy): record += endtag # 3. write log file record - try: - logfile = open(logname, 'a') # append + with open(logname, 'a') as logfile: # append logfile.write(record) - finally: - logfile.close() # 4. calculate nexthash, omitting the final line break to make validation of the # record more intituive nexthash = hashlib.new(digest, record[:-1]).hexdigest() @@ -279,12 +275,8 @@ def initialize(): record += endtag # 3. write log file record - try: - logfile = open(logname, 'a') # append + with open(logname, 'a') as logfile: # append logfile.write(record) - finally: - logfile.close() - # 4. calculate initial hash nexthash = hashlib.new(digest, record).hexdigest() # 5. cache nexthash (the actual logfile might be logrotated away..) @@ -222,10 +222,8 @@ def handler(dn, new_copy, old_copy): listener.unsetuid() -def createFile(filename, withdirs=False): +def createFile(filename): - global uidNumber global gidNumber - global preferedGroup if gidNumber == 0: try: diff --git a/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/debian/univention-directory-logger.univention-config-registry-variables b/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/debian/univention-directory-logger.univention-config-registry-variables index d7d6e02..9d4ec09 100644 --- a/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/debian/univention-directory-logger.univention-config-registry-variables +++ b/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/debian/univention-directory-logger.univention-config-registry-variables @@ -1,7 +1,7 @@ [ldap/logging] Description[de]=Ist das Paket univention-directory-logger installiert und diese Variable auf 'yes' gesetzt, werden alle Änderungen im LDAP-Verzeichnisdienst protokolliert. Eine integrierte Hash-Summe stellt zusätzlich sicher, dass keine Änderungen unbemerkt aus der Logdatei entfernt werden können. Die Protokollierung erfolgt in die Datei /var/log/univention/directory-logger.log. Description[en]=If univention-directory-logger package is installed and this variable is set to 'yes', all changes in the LDAP directory service are logged. An integrated hash sum ensures that no changes can be deleted without traces from the log file. Changes are logged to the /var/log/univention/directory-logger.log file. -Type=str +Type=bool Categories=service-ldap [ldap/logging/exclude.*] @@ -15,3 +15,9 @@ Description[de]=Legt den Namen des Hash-Algorithmus fest. Standard ist 'md5'. Description[en]=Defines the name of the hash algorithm. Default is 'md5'. Type=str Categories=service-ldap + +[ldap/logging/dellogdir] +Description[de]=Aktiviert und legt den Namen des Verzeichnis fest, in das OpenLDAP das sog. "delete log" schreibt. +Description[en]=Activates and defines the name of the directory, into which OpenLDAP writes the so called "delete log". +Type=str +Categories=service-ldap