commit 171f64ce0bca6d7033cd8ed80948aadc344ea9a2 Author: Florian Best Date: Mon Jul 3 19:16:16 2017 +0200 unifiy computer modules diff --git a/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst b/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst index 3e07c34..85d2356 100644 --- a/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst +++ b/management/univention-directory-manager-modules/debian/python-univention-directory-manager.preinst @@ -32,21 +32,8 @@ #DEBHELPER# -if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 10.0.29-53; then - ln -s /usr/share/pyshared/univention/admin/policy.py /usr/lib/pymodules/python2.7/univention/admin/policy.py -fi - -# Bug #38473: workaround only required up to UCS 4.1-0 -if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt-nl 10.0.30; then - FN="/usr/share/pyshared/univention/admin/handlers/policies/mailquota.py" - FN_BACKUP="${FN}.udm_backup" - if [ -f "$FN" ] ; then - CUR_MD5="$(md5sum "$FN" | cut -d' ' -f1)" - PKG_MD5="$(sed -nre 's,^([a-f0-9]+)\s+usr/share/pyshared/univention/admin/handlers/policies/mailquota.py,\1,p' /var/lib/dpkg/info/python-univention-directory-manager.md5sums)" - if [ -n "$PKG_MD5" -a -n "$CUR_MD5" -a ! "$PKG_MD5" = "$CUR_MD5" ] ; then - cp "$FN" "$FN_BACKUP" - fi - fi +if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 12.0.17-53; then + ln -s /usr/share/pyshared/univention/admin/handlers/computers/base.py /usr/lib/pymodules/python2.7/univention/admin/handlers/computers/base.py fi exit 0 diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/base.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/base.py new file mode 100644 index 0000000..f51f25f --- /dev/null +++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/base.py @@ -0,0 +1,351 @@ +# -*- coding: utf-8 -*- +# +# Univention Admin Modules +# admin module for generic computer objects +# +# Copyright 2016 Univention GmbH +# +# http://www.univention.de/ +# +# All rights reserved. +# +# The source code of this program is made available +# under the terms of the GNU Affero General Public License version 3 +# (GNU AGPL V3) as published by the Free Software Foundation. +# +# Binary versions of this program provided by Univention to you as +# well as other copyrighted, protected or trademarked materials like +# Logos, graphics, fonts, specific documentations and configurations, +# cryptographic keys etc. are subject to a license agreement between +# you and Univention and not subject to the GNU AGPL V3. +# +# In the case you use this program under the terms of the GNU AGPL V3, +# the program is provided in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public +# License with the Debian GNU/Linux or Univention distribution in file +# /usr/share/common-licenses/AGPL-3; if not, see +# . + +import time +from ldap.filter import filter_format + +import univention.admin.filter +import univention.admin.handlers +import univention.admin.password +import univention.admin.allocators +import univention.admin.localization +import univention.admin.uldap +import univention.admin.nagios as nagios +import univention.admin.handlers.groups.group +import univention.admin.handlers.dns.forward_zone +import univention.admin.handlers.dns.reverse_zone +import univention.admin.handlers.networks.network + +translation = univention.admin.localization.translation('univention.admin.handlers.computers') +_ = translation.translate + + +class computerBase(univention.admin.handlers.simpleComputer, nagios.Support): + CONFIG_NAME = None + SERVER_ROLE = None + SERVER_TYPE = None + SAMBA_ACCOUNT_FLAG = None + DEFAULT_OCS = [] + + def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): + univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) + nagios.Support.__init__(self) + + def open(self): + univention.admin.handlers.simpleComputer.open(self) + self.nagios_open() + + if self.exists(): + if 'posix' in self.options and not self.info.get('primaryGroup'): + primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] + univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) + if primaryGroupNumber: + primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) + if primaryGroupResult: + self['primaryGroup'] = primaryGroupResult[0] + univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) + else: + self['primaryGroup'] = None + self.save() + raise univention.admin.uexceptions.primaryGroup + else: + self['primaryGroup'] = None + self.save() + raise univention.admin.uexceptions.primaryGroup + if 'samba' in self.options: + sid = self.oldattr.get('sambaSID', [''])[0] + pos = sid.rfind('-') + self.info['sambaRID'] = sid[pos + 1:] + + self.modifypassword = 0 + if self.exists(): + userPassword = self.oldattr.get('userPassword', [''])[0] + if userPassword: + self.info['password'] = userPassword + self.modifypassword = 0 + self.save() + else: + self.modifypassword = 0 + if 'posix' in self.options: + res = univention.admin.config.getDefaultValue(self.lo, self.CONFIG_NAME, position=self.position) + if res: + self['primaryGroup'] = res + + def _ldap_pre_create(self): + super(object, self)._ldap_pre_create() + if not self['password']: + self['password'] = self.oldattr.get('password', [''])[0] + self.modifypassword = 0 + + def _ldap_addlist(self): + self.check_required_options() + ocs = list(self.DEFAULT_OCS) + al = [] + if 'kerberos' in self.options: + domain = univention.admin.uldap.domain(self.lo, self.position) + realm = domain.getKerberosRealm() + + if realm: + al.append(('krb5MaxLife', '86400')) + al.append(('krb5MaxRenew', '604800')) + al.append(('krb5KDCFlags', '126')) + krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) + al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) + else: + # can't do kerberos + self._remove_option('kerberos') + if 'posix' in self.options: + self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') + self.alloc.append(('uidNumber', self.uidNum)) + gidNum = self.get_gid_for_primary_group() + al.append(('uidNumber', [self.uidNum])) + al.append(('gidNumber', [gidNum])) + + if self.modifypassword or self['password']: + if 'kerberos' in self.options: + krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) + al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) + if 'posix' in self.options: + password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) + al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) + if 'samba' in self.options: + password_nt, password_lm = univention.admin.password.ntlm(self['password']) + al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) + al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) + sambaPwdLastSetValue = str(long(time.time())) + al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) + self.modifypassword = 0 + if 'samba' in self.options: + acctFlags = univention.admin.samba.acctFlags(flags={self.SAMBA_ACCOUNT_FLAG: 1}) + self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) + self.alloc.append(('sid', self.machineSid)) + al.append(('sambaSID', [self.machineSid])) + al.append(('sambaAcctFlags', [acctFlags.decode()])) + al.append(('displayName', self.info['name'])) + + al.insert(0, ('objectClass', ocs)) + if self.SERVER_ROLE: + al.append(('univentionServerRole', '', self.SERVER_ROLE)) + return al + + def check_required_options(self): + pass + + def _ldap_post_create(self): + if 'posix' in self.options: + if hasattr(self, 'uid') and self.uid: + univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) + univention.admin.handlers.simpleComputer.primary_group(self) + univention.admin.handlers.simpleComputer.update_groups(self) + univention.admin.handlers.simpleComputer._ldap_post_create(self) + self.nagios_ldap_post_create() + + def _ldap_pre_remove(self): + self.open() + if 'posix' in self.options and self.oldattr.get('uidNumber'): + self.uidNum = self.oldattr['uidNumber'][0] + + def _ldap_post_remove(self): + if 'posix' in self.options: + univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) + groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember', [self.dn])) + if groupObjects: + for i in range(0, len(groupObjects)): + groupObjects[i].open() + if self.dn in groupObjects[i]['users']: + groupObjects[i]['users'].remove(self.dn) + groupObjects[i].modify(ignore_license=1) + + self.nagios_ldap_post_remove() + univention.admin.handlers.simpleComputer._ldap_post_remove(self) + # Need to clean up oldinfo. If remove was invoked, because the + # creation of the object has failed, the next try will result in + # a 'object class violation' (Bug #19343) + self.oldinfo = {} + + def krb5_principal(self): + domain = univention.admin.uldap.domain(self.lo, self.position) + realm = domain.getKerberosRealm() + if 'domain' in self.info and self.info['domain']: + kerberos_domain = self.info['domain'] + else: + kerberos_domain = domain.getKerberosRealm() + return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm + + def _ldap_post_modify(self): + univention.admin.handlers.simpleComputer.primary_group(self) + univention.admin.handlers.simpleComputer.update_groups(self) + univention.admin.handlers.simpleComputer._ldap_post_modify(self) + self.nagios_ldap_post_modify() + + def _ldap_pre_modify(self): + if self.hasChanged('password'): + if not self['password']: + self['password'] = self.oldattr.get('password', [''])[0] + self.modifypassword = 0 + elif not self.info['password']: + self['password'] = self.oldattr.get('password', [''])[0] + self.modifypassword = 0 + else: + self.modifypassword = 1 + self.nagios_ldap_pre_modify() + univention.admin.handlers.simpleComputer._ldap_pre_modify(self) + + def _ldap_modlist(self): + ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) + + self.nagios_ldap_modlist(ml) + + if self.hasChanged('name'): + if 'posix' in self.options: + if hasattr(self, 'uidNum'): + univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) + requested_uid = "%s$" % self['name'] + try: + self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) + except Exception: + self.cancel() + raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) + + self.alloc.append(('uid', self.uid)) + + ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) + + if 'samba' in self.options: + ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) + + if 'kerberos' in self.options: + ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) + + if self.modifypassword and self['password']: + if 'kerberos' in self.options: + krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) + krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) + ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) + ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) + if 'posix' in self.options: + password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) + ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) + if 'samba' in self.options: + password_nt, password_lm = univention.admin.password.ntlm(self['password']) + ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) + ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) + sambaPwdLastSetValue = str(long(time.time())) + ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) + + # add samba option + if self.exists() and self.option_toggled('samba') and 'samba' in self.options: + acctFlags = univention.admin.samba.acctFlags(flags={self.SAMBA_ACCOUNT_FLAG: 1}) + self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) + self.alloc.append(('sid', self.machineSid)) + ml.append(('sambaSID', '', [self.machineSid])) + ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) + ml.append(('displayName', '', self.info['name'])) + sambaPwdLastSetValue = str(long(time.time())) + ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) + if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: + for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: + if self.oldattr.get(key, []): + ml.insert(0, (key, self.oldattr.get(key, []), '')) + + if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): + self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) + ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) + + return ml + + def cleanup(self): + self.open() + self.nagios_cleanup() + univention.admin.handlers.simpleComputer.cleanup(self) + + def cancel(self): + for i, j in self.alloc: + univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) + univention.admin.allocators.release(self.lo, self.position, i, j) + + def link(self): + result = [] + if self['ip'] and len(self['ip']) > 0 and self['ip'][0]: + result = [{ + 'url': 'https://%s/univention-management-console/' % self['ip'][0], + 'ipaddr': self['ip'][0], + }] + if 'dnsEntryZoneForward' in self and self['dnsEntryZoneForward'] and len(self['dnsEntryZoneForward']) > 0: + zone = univention.admin.uldap.explodeDn(self['dnsEntryZoneForward'][0], 1)[0] + if not result: + result = [{'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone)}] + result[0]['fqdn'] = '%s.%s' % (self['name'], zone) + if result: + result[0]['name'] = _('Open Univention Management Console on this computer') + return result + return None + + @classmethod + def rewrite(cls, filter, mapping): + if filter.variable == 'ip': + filter.variable = 'aRecord' + else: + univention.admin.mapping.mapRewrite(filter, cls.mapping) + + @classmethod + def lookup_filter(cls, filter_s=None, lo=None): + filter_s = univention.admin.filter.replace_fqdn_filter(filter_s) + if str(filter_s).find('(dnsAlias=') != -1: + filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) + if filter_s: + return cls.lookup_filter(filter_s, lo) + else: + return None + lookup_filter_obj = univention.admin.filter.conjunction('&', [x for x in [ + univention.admin.filter.expression('objectClass', 'univentionHost'), + univention.admin.filter.expression('objectClass', cls.SERVER_TYPE), + None if not cls.SERVER_ROLE else univention.admin.filter.expression('univentionServerRole', cls.SERVER_ROLE), + ] if x is not None]) + + # ATTENTION: has its own rewrite function. + lookup_filter_obj.append_unmapped_filter_string(filter_s, cls.rewrite, cls.mapping) + return lookup_filter_obj + + @classmethod + def lookup(cls, co, lo, filter_s, base='', superordinate=None, scope='sub', unique=0, required=0, timeout=-1, sizelimit=0): + filter = cls.lookup_filter(filter_s, lo) + if filter is None: + return [] + res = [] + for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): + res.append(cls(co, lo, None, dn, attributes=attrs)) + return res + + @classmethod + def identify(cls, dn, attr, canonical=0): + return 'univentionHost' in attr.get('objectClass', []) and cls.SERVER_TYPE in attr.get('objectClass', []) and (True if not cls.SERVER_ROLE else cls.SERVER_ROLE in attr.get('univentionServerRole', [])) diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py index 2fd77c2..7f68805 100644 --- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py +++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_backup.py @@ -30,21 +30,12 @@ # /usr/share/common-licenses/AGPL-3; if not, see # . -from ldap.filter import filter_format - from univention.admin.layout import Tab, Group import univention.admin.filter import univention.admin.handlers -import univention.admin.password -import univention.admin.allocators import univention.admin.localization -import univention.admin.uldap import univention.admin.nagios as nagios -import univention.admin.handlers.dns.forward_zone -import univention.admin.handlers.dns.reverse_zone -import univention.admin.handlers.groups.group -import univention.admin.handlers.networks.network -import time +from univention.admin.handlers.computers.base import computerBase translation = univention.admin.localization.translation('univention.admin.handlers.computers') _ = translation.translate @@ -401,298 +392,17 @@ nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) -class object(univention.admin.handlers.simpleComputer, nagios.Support): +class object(computerBase): module = module - - def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): - univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) - nagios.Support.__init__(self) - - def open(self): - univention.admin.handlers.simpleComputer.open(self) - self.nagios_open() - - self.modifypassword = 0 - if self.exists(): - userPassword = self.oldattr.get('userPassword', [''])[0] - if userPassword: - self.info['password'] = userPassword - self.modifypassword = 0 - - if self.exists(): - - if 'posix' in self.options and not self.info.get('primaryGroup'): - primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) - if primaryGroupNumber: - primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) - if primaryGroupResult: - self['primaryGroup'] = primaryGroupResult[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - if 'samba' in self.options: - sid = self.oldattr.get('sambaSID', [''])[0] - pos = sid.rfind('-') - self.info['sambaRID'] = sid[pos + 1:] - - self.save() - - else: - self.modifypassword = 0 - if 'posix' in self.options: - res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerMasterGroup', position=self.position) - if res: - self['primaryGroup'] = res - # self.save() - - def _ldap_pre_create(self): - super(object, self)._ldap_pre_create() - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - - def _ldap_addlist(self): - ocs = ['top', 'person', 'univentionHost', 'univentionDomainController'] - al = [] - if 'kerberos' in self.options: - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - - if realm: - al.append(('krb5MaxLife', '86400')) - al.append(('krb5MaxRenew', '604800')) - al.append(('krb5KDCFlags', '126')) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - else: - # can't do kerberos - self._remove_option('kerberos') - if 'posix' in self.options: - self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') - self.alloc.append(('uidNumber', self.uidNum)) - gidNum = self.get_gid_for_primary_group() - al.append(('uidNumber', [self.uidNum])) - al.append(('gidNumber', [gidNum])) - - if self.modifypassword or self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - self.modifypassword = 0 - if 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - al.append(('sambaSID', [self.machineSid])) - al.append(('sambaAcctFlags', [acctFlags.decode()])) - al.append(('displayName', self.info['name'])) - - al.insert(0, ('objectClass', ocs)) - al.append(('univentionServerRole', '', 'backup')) - return al - - def _ldap_post_create(self): - if 'posix' in self.options: - if hasattr(self, 'uid') and self.uid: - univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_create(self) - self.nagios_ldap_post_create() - - def _ldap_pre_remove(self): - self.open() - if 'posix' in self.options and self.oldattr.get('uidNumber'): - self.uidNum = self.oldattr['uidNumber'][0] - - def _ldap_post_remove(self): - if 'posix' in self.options: - univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) - groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) - if groupObjects: - for i in range(0, len(groupObjects)): - groupObjects[i].open() - if self.dn in groupObjects[i]['users']: - groupObjects[i]['users'].remove(self.dn) - groupObjects[i].modify(ignore_license=1) - - self.nagios_ldap_post_remove() - univention.admin.handlers.simpleComputer._ldap_post_remove(self) - # Need to clean up oldinfo. If remove was invoked, because the - # creation of the object has failed, the next try will result in - # a 'object class violation' (Bug #19343) - self.oldinfo = {} - - def krb5_principal(self): - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - if self.info.has_key('domain') and self.info['domain']: - kerberos_domain = self.info['domain'] - else: - kerberos_domain = domain.getKerberosRealm() - return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm - - def _ldap_post_modify(self): - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_modify(self) - self.nagios_ldap_post_modify() - - def _ldap_pre_modify(self): - if self.hasChanged('password'): - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - elif not self.info['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - else: - self.modifypassword = 1 - self.nagios_ldap_pre_modify() - univention.admin.handlers.simpleComputer._ldap_pre_modify(self) - - def _ldap_modlist(self): - ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) - - self.nagios_ldap_modlist(ml) - - if self.hasChanged('name'): - if 'posix' in self.options: - if hasattr(self, 'uidNum'): - univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) - requested_uid = "%s$" % self['name'] - try: - self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) - except Exception: - self.cancel() - raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) - return [] - - self.alloc.append(('uid', self.uid)) - - ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) - - if 'samba' in self.options: - ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) - - if 'kerberos' in self.options: - ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) - - if self.modifypassword and self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - - # add samba option - if self.exists() and self.option_toggled('samba') and 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - ml.append(('sambaSID', '', [self.machineSid])) - ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) - ml.append(('displayName', '', self.info['name'])) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: - for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: - if self.oldattr.get(key, []): - ml.insert(0, (key, self.oldattr.get(key, []), '')) - - if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) - - return ml - - def cleanup(self): - self.open() - self.nagios_cleanup() - univention.admin.handlers.simpleComputer.cleanup(self) - - def cancel(self): - for i, j in self.alloc: - univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) - univention.admin.allocators.release(self.lo, self.position, i, j) - - def link(self): - result = [] - if self['ip'] and len(self['ip']) > 0 and self['ip'][0]: - result = [{'url': 'https://%s/univention-management-console/' % self['ip'][0], 'ipaddr': self['ip'][0], }] - if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len(self['dnsEntryZoneForward']) > 0: - zone = univention.admin.uldap.explodeDn(self['dnsEntryZoneForward'][0], 1)[0] - if not result: - result = [{'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone)}] - result[0]['fqdn'] = '%s.%s' % (self['name'], zone) - if result: - result[0]['name'] = _('Open Univention Management Console on this computer') - return result - return None - - -def rewrite(filter, mapping): - if filter.variable == 'ip': - filter.variable = 'aRecord' - else: - univention.admin.mapping.mapRewrite(filter, mapping) - - -def lookup_filter(filter_s=None, lo=None): - filter_s = univention.admin.filter.replace_fqdn_filter(filter_s) - if str(filter_s).find('(dnsAlias=') != -1: - filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) - if filter_s: - return lookup_filter(filter_s, lo) - else: - return None - lookup_filter_obj = \ - univention.admin.filter.conjunction('&', [ - univention.admin.filter.expression('objectClass', 'univentionHost'), - univention.admin.filter.expression('objectClass', 'univentionDomainController'), - univention.admin.filter.expression('univentionServerRole', 'backup'), - ]) - - # ATTENTION: has its own rewrite function. - lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping) - return lookup_filter_obj - - -def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): - - filter = lookup_filter(filter_s, lo) - if filter is None: - return [] - res = [] - for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): - res.append(object(co, lo, None, dn, attributes=attrs)) - return res - - -def identify(dn, attr, canonical=0): - return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'backup' in attr.get('univentionServerRole', []) + mapping = mapping + CONFIG_NAME = 'univentionDefaultDomainControllerMasterGroup' + DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController'] + SAMBA_ACCOUNT_FLAG = 'S' + SERVER_TYPE = 'univentionDomainController' + SERVER_ROLE = 'backup' + + +rewrite = object.rewrite +lookup_filter = object.lookup_filter +lookup = object.lookup +identify = object.identify diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py index 62de85a..d66e69a 100644 --- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py +++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py @@ -30,21 +30,12 @@ # /usr/share/common-licenses/AGPL-3; if not, see # . -from ldap.filter import filter_format - from univention.admin.layout import Tab, Group import univention.admin.filter import univention.admin.handlers -import univention.admin.password -import univention.admin.allocators import univention.admin.localization -import univention.admin.uldap import univention.admin.nagios as nagios -import univention.admin.handlers.dns.forward_zone -import univention.admin.handlers.dns.reverse_zone -import univention.admin.handlers.groups.group -import univention.admin.handlers.networks.network -import time +from univention.admin.handlers.computers.base import computerBase translation = univention.admin.localization.translation('univention.admin.handlers.computers') _ = translation.translate @@ -401,292 +392,17 @@ nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) -class object(univention.admin.handlers.simpleComputer, nagios.Support): +class object(computerBase): module = module - - def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): - univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) - nagios.Support.__init__(self) - - def open(self): - univention.admin.handlers.simpleComputer.open(self) - self.nagios_open() - - self.modifypassword = 0 - if self.exists(): - userPassword = self.oldattr.get('userPassword', [''])[0] - if userPassword: - self.info['password'] = userPassword - self.modifypassword = 0 - - if self.exists(): - - if 'posix' in self.options and not self.info.get('primaryGroup'): - primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) - if primaryGroupNumber: - primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) - if primaryGroupResult: - self['primaryGroup'] = primaryGroupResult[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - if 'samba' in self.options: - sid = self.oldattr.get('sambaSID', [''])[0] - pos = sid.rfind('-') - self.info['sambaRID'] = sid[pos + 1:] - - self.save() - - else: - self.modifypassword = 0 - if 'posix' in self.options: - res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerMasterGroup', position=self.position) - if res: - self['primaryGroup'] = res - # self.save() - - def _ldap_pre_create(self): - super(object, self)._ldap_pre_create() - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - - def _ldap_addlist(self): - ocs = ['top', 'person', 'univentionHost', 'univentionDomainController'] - al = [] - if 'kerberos' in self.options: - al.append(('krb5MaxLife', '86400')) - al.append(('krb5MaxRenew', '604800')) - al.append(('krb5KDCFlags', '126')) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - - if 'posix' in self.options: - self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') - self.alloc.append(('uidNumber', self.uidNum)) - gidNum = self.get_gid_for_primary_group() - al.append(('uidNumber', [self.uidNum])) - al.append(('gidNumber', [gidNum])) - - if self.modifypassword or self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - self.modifypassword = 0 - if 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - al.append(('sambaSID', [self.machineSid])) - al.append(('sambaAcctFlags', [acctFlags.decode()])) - al.append(('displayName', self.info['name'])) - - al.insert(0, ('objectClass', ocs)) - al.append(('univentionServerRole', '', 'master')) - return al - - def _ldap_post_create(self): - if 'posix' in self.options: - if hasattr(self, 'uid') and self.uid: - univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_create(self) - self.nagios_ldap_post_create() - - def _ldap_pre_remove(self): - self.open() - if 'posix' in self.options and self.oldattr.get('uidNumber'): - self.uidNum = self.oldattr['uidNumber'][0] - - def _ldap_post_remove(self): - if 'posix' in self.options: - univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) - groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) - if groupObjects: - for i in range(0, len(groupObjects)): - groupObjects[i].open() - if self.dn in groupObjects[i]['users']: - groupObjects[i]['users'].remove(self.dn) - groupObjects[i].modify(ignore_license=1) - - self.nagios_ldap_post_remove() - univention.admin.handlers.simpleComputer._ldap_post_remove(self) - # Need to clean up oldinfo. If remove was invoked, because the - # creation of the object has failed, the next try will result in - # a 'object class violation' (Bug #19343) - self.oldinfo = {} - - def krb5_principal(self): - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - if self.info.has_key('domain') and self.info['domain']: - kerberos_domain = self.info['domain'] - else: - kerberos_domain = domain.getKerberosRealm() - return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm - - def _ldap_post_modify(self): - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_modify(self) - self.nagios_ldap_post_modify() - - def _ldap_pre_modify(self): - if self.hasChanged('password'): - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - elif not self.info['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - else: - self.modifypassword = 1 - self.nagios_ldap_pre_modify() - univention.admin.handlers.simpleComputer._ldap_pre_modify(self) - - def _ldap_modlist(self): - ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) - - self.nagios_ldap_modlist(ml) - - if self.hasChanged('name'): - if 'posix' in self.options: - if hasattr(self, 'uidNum'): - univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) - requested_uid = "%s$" % self['name'] - try: - self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) - except Exception: - self.cancel() - raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) - return [] - - self.alloc.append(('uid', self.uid)) - - ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) - - if 'samba' in self.options: - ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) - - if 'kerberos' in self.options: - ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) - - if self.modifypassword and self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - - # add samba option - if self.exists() and self.option_toggled('samba') and 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - ml.append(('sambaSID', '', [self.machineSid])) - ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) - ml.append(('displayName', '', self.info['name'])) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: - for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: - if self.oldattr.get(key, []): - ml.insert(0, (key, self.oldattr.get(key, []), '')) - - if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) - - return ml - - def cleanup(self): - self.open() - self.nagios_cleanup() - univention.admin.handlers.simpleComputer.cleanup(self) - - def cancel(self): - for i, j in self.alloc: - univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) - univention.admin.allocators.release(self.lo, self.position, i, j) - - def link(self): - result = [] - if self['ip'] and len(self['ip']) > 0 and self['ip'][0]: - result = [{'url': 'https://%s/univention-management-console/' % self['ip'][0], 'ipaddr': self['ip'][0], }] - if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len(self['dnsEntryZoneForward']) > 0: - zone = univention.admin.uldap.explodeDn(self['dnsEntryZoneForward'][0], 1)[0] - if not result: - result = [{'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone)}] - result[0]['fqdn'] = '%s.%s' % (self['name'], zone) - if result: - result[0]['name'] = _('Open Univention Management Console on this computer') - return result - return None - - -def rewrite(filter, mapping): - if filter.variable == 'ip': - filter.variable = 'aRecord' - else: - univention.admin.mapping.mapRewrite(filter, mapping) - - -def lookup_filter(filter_s=None, lo=None): - filter_s = univention.admin.filter.replace_fqdn_filter(filter_s) - if str(filter_s).find('(dnsAlias=') != -1: - filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) - if filter_s: - return lookup_filter(filter_s, lo) - else: - return None - lookup_filter_obj = \ - univention.admin.filter.conjunction('&', [ - univention.admin.filter.expression('objectClass', 'univentionHost'), - univention.admin.filter.expression('objectClass', 'univentionDomainController'), - univention.admin.filter.expression('univentionServerRole', 'master'), - ]) - - # ATTENTION: has its own rewrite function. - lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping) - return lookup_filter_obj - - -def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): - - filter = lookup_filter(filter_s, lo) - if filter is None: - return [] - res = [] - for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): - res.append(object(co, lo, None, dn, attributes=attrs)) - return res - - -def identify(dn, attr, canonical=0): - return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'master' in attr.get('univentionServerRole', []) + mapping = mapping + CONFIG_NAME = 'univentionDefaultDomainControllerMasterGroup' + DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController'] + SAMBA_ACCOUNT_FLAG = 'S' + SERVER_TYPE = 'univentionDomainController' + SERVER_ROLE = 'master' + + +rewrite = object.rewrite +lookup_filter = object.lookup_filter +lookup = object.lookup +identify = object.identify diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py index 1703ff1..e6435df 100644 --- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py +++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_slave.py @@ -30,21 +30,12 @@ # /usr/share/common-licenses/AGPL-3; if not, see # . -from ldap.filter import filter_format - from univention.admin.layout import Tab, Group import univention.admin.filter import univention.admin.handlers -import univention.admin.password -import univention.admin.allocators import univention.admin.localization -import univention.admin.uldap import univention.admin.nagios as nagios -import univention.admin.handlers.dns.forward_zone -import univention.admin.handlers.dns.reverse_zone -import univention.admin.handlers.groups.group -import univention.admin.handlers.networks.network -import time +from univention.admin.handlers.computers.base import computerBase translation = univention.admin.localization.translation('univention.admin.handlers.computers') _ = translation.translate @@ -401,298 +392,17 @@ nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) -class object(univention.admin.handlers.simpleComputer, nagios.Support): +class object(computerBase): module = module - - def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): - univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) - nagios.Support.__init__(self) - - def open(self): - univention.admin.handlers.simpleComputer.open(self) - self.nagios_open() - - self.modifypassword = 0 - if self.exists(): - userPassword = self.oldattr.get('userPassword', [''])[0] - if userPassword: - self.info['password'] = userPassword - self.modifypassword = 0 - - if self.exists(): - - if 'posix' in self.options and not self.info.get('primaryGroup'): - primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) - if primaryGroupNumber: - primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) - if primaryGroupResult: - self['primaryGroup'] = primaryGroupResult[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - if 'samba' in self.options: - sid = self.oldattr.get('sambaSID', [''])[0] - pos = sid.rfind('-') - self.info['sambaRID'] = sid[pos + 1:] - - self.save() - - else: - self.modifypassword = 0 - if 'posix' in self.options: - res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerGroup', position=self.position) - if res: - self['primaryGroup'] = res - # self.save() - - def _ldap_pre_create(self): - super(object, self)._ldap_pre_create() - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - - def _ldap_addlist(self): - ocs = ['top', 'person', 'univentionHost', 'univentionDomainController'] - al = [] - if 'kerberos' in self.options: - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - - if realm: - al.append(('krb5MaxLife', '86400')) - al.append(('krb5MaxRenew', '604800')) - al.append(('krb5KDCFlags', '126')) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - else: - # can't do kerberos - self._remove_option('kerberos') - if 'posix' in self.options: - self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') - self.alloc.append(('uidNumber', self.uidNum)) - gidNum = self.get_gid_for_primary_group() - al.append(('uidNumber', [self.uidNum])) - al.append(('gidNumber', [gidNum])) - - if self.modifypassword or self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - self.modifypassword = 0 - if 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - al.append(('sambaSID', [self.machineSid])) - al.append(('sambaAcctFlags', [acctFlags.decode()])) - al.append(('displayName', self.info['name'])) - - al.insert(0, ('objectClass', ocs)) - al.append(('univentionServerRole', '', 'slave')) - return al - - def _ldap_post_create(self): - if 'posix' in self.options: - if hasattr(self, 'uid') and self.uid: - univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_create(self) - self.nagios_ldap_post_create() - - def _ldap_pre_remove(self): - self.open() - if 'posix' in self.options and self.oldattr.get('uidNumber'): - self.uidNum = self.oldattr['uidNumber'][0] - - def _ldap_post_remove(self): - if 'posix' in self.options: - univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) - groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) - if groupObjects: - for i in range(0, len(groupObjects)): - groupObjects[i].open() - if self.dn in groupObjects[i]['users']: - groupObjects[i]['users'].remove(self.dn) - groupObjects[i].modify(ignore_license=1) - - self.nagios_ldap_post_remove() - univention.admin.handlers.simpleComputer._ldap_post_remove(self) - # Need to clean up oldinfo. If remove was invoked, because the - # creation of the object has failed, the next try will result in - # a 'object class violation' (Bug #19343) - self.oldinfo = {} - - def krb5_principal(self): - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - if self.info.has_key('domain') and self.info['domain']: - kerberos_domain = self.info['domain'] - else: - kerberos_domain = domain.getKerberosRealm() - return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm - - def _ldap_post_modify(self): - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_modify(self) - self.nagios_ldap_post_modify() - - def _ldap_pre_modify(self): - if self.hasChanged('password'): - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - elif not self.info['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - else: - self.modifypassword = 1 - self.nagios_ldap_pre_modify() - univention.admin.handlers.simpleComputer._ldap_pre_modify(self) - - def _ldap_modlist(self): - ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) - - self.nagios_ldap_modlist(ml) - - if self.hasChanged('name'): - if 'posix' in self.options: - if hasattr(self, 'uidNum'): - univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) - requested_uid = "%s$" % self['name'] - try: - self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) - except Exception: - self.cancel() - raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) - return [] - - self.alloc.append(('uid', self.uid)) - - ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) - - if 'samba' in self.options: - ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) - - if 'kerberos' in self.options: - ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) - - if self.modifypassword and self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - - # add samba option - if self.exists() and self.option_toggled('samba') and 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - ml.append(('sambaSID', '', [self.machineSid])) - ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) - ml.append(('displayName', '', self.info['name'])) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: - for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: - if self.oldattr.get(key, []): - ml.insert(0, (key, self.oldattr.get(key, []), '')) - - if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) - - return ml - - def cleanup(self): - self.open() - self.nagios_cleanup() - univention.admin.handlers.simpleComputer.cleanup(self) - - def cancel(self): - for i, j in self.alloc: - univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) - univention.admin.allocators.release(self.lo, self.position, i, j) - - def link(self): - result = [] - if self['ip'] and len(self['ip']) > 0 and self['ip'][0]: - result = [{'url': 'https://%s/univention-management-console/' % self['ip'][0], 'ipaddr': self['ip'][0], }] - if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len(self['dnsEntryZoneForward']) > 0: - zone = univention.admin.uldap.explodeDn(self['dnsEntryZoneForward'][0], 1)[0] - if not result: - result = [{'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone)}] - result[0]['fqdn'] = '%s.%s' % (self['name'], zone) - if result: - result[0]['name'] = _('Open Univention Management Console on this computer') - return result - return None - - -def rewrite(filter, mapping): - if filter.variable == 'ip': - filter.variable = 'aRecord' - else: - univention.admin.mapping.mapRewrite(filter, mapping) - - -def lookup_filter(filter_s=None, lo=None): - filter_s = univention.admin.filter.replace_fqdn_filter(filter_s) - if str(filter_s).find('(dnsAlias=') != -1: - filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) - if filter_s: - return lookup_filter(filter_s, lo) - else: - return None - lookup_filter_obj = \ - univention.admin.filter.conjunction('&', [ - univention.admin.filter.expression('objectClass', 'univentionHost'), - univention.admin.filter.expression('objectClass', 'univentionDomainController'), - univention.admin.filter.expression('univentionServerRole', 'slave'), - ]) - - # ATTENTION: has its own rewrite function. - lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping) - return lookup_filter_obj - - -def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): - - filter = lookup_filter(filter_s, lo) - if filter is None: - return [] - res = [] - for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): - res.append(object(co, lo, None, dn, attributes=attrs)) - return res - - -def identify(dn, attr, canonical=0): - return 'univentionHost' in attr.get('objectClass', []) and 'univentionDomainController' in attr.get('objectClass', []) and 'slave' in attr.get('univentionServerRole', []) + mapping = mapping + CONFIG_NAME = 'univentionDefaultDomainControllerGroup' + DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionDomainController'] + SAMBA_ACCOUNT_FLAG = 'S' + SERVER_TYPE = 'univentionDomainController' + SERVER_ROLE = 'slave' + + +rewrite = object.rewrite +lookup_filter = object.lookup_filter +lookup = object.lookup +identify = object.identify diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py index 91b1961..207bb67 100644 --- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py +++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/linux.py @@ -30,21 +30,12 @@ # /usr/share/common-licenses/AGPL-3; if not, see # . -from ldap.filter import filter_format - from univention.admin.layout import Tab, Group import univention.admin.filter import univention.admin.handlers -import univention.admin.password -import univention.admin.allocators import univention.admin.localization -import univention.admin.uldap import univention.admin.nagios as nagios -import univention.admin.handlers.dns.forward_zone -import univention.admin.handlers.dns.reverse_zone -import univention.admin.handlers.groups.group -import univention.admin.handlers.networks.network -import time +from univention.admin.handlers.computers.base import computerBase translation = univention.admin.localization.translation('univention.admin.handlers.computers') _ = translation.translate @@ -340,253 +331,21 @@ nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) -class object(univention.admin.handlers.simpleComputer, nagios.Support): +class object(computerBase): module = module + mapping = mapping + CONFIG_NAME = 'univentionDefaultClientGroup' + DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionLinuxClient'] + SAMBA_ACCOUNT_FLAG = 'W' + SERVER_TYPE = 'univentionLinuxClient' - def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): - univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) - nagios.Support.__init__(self) - - def open(self): - univention.admin.handlers.simpleComputer.open(self) - self.nagios_open() - - if self.exists(): - - if 'posix' in self.options and not self.info.get('primaryGroup'): - primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) - if primaryGroupNumber: - primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) - if primaryGroupResult: - self['primaryGroup'] = primaryGroupResult[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - if 'samba' in self.options: - sid = self.oldattr.get('sambaSID', [''])[0] - pos = sid.rfind('-') - self.info['sambaRID'] = sid[pos + 1:] - - self.modifypassword = 0 - if self.exists(): - userPassword = self.oldattr.get('userPassword', [''])[0] - if userPassword: - self.info['password'] = userPassword - self.modifypassword = 0 - self.save() - - else: - self.modifypassword = 0 - if 'posix' in self.options: - res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultClientGroup', position=self.position) - if res: - self['primaryGroup'] = res - - def _ldap_pre_create(self): - super(object, self)._ldap_pre_create() - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - - def _ldap_addlist(self): + def check_required_options(self): if not set(self.options) & set(['posix', 'kerberos']): - raise univention.admin.uexceptions.invalidOptions(_(' At least posix or kerberos is required.')) - - ocs = ['top', 'person', 'univentionHost', 'univentionLinuxClient'] - al = [] - if 'kerberos' in self.options: - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - - if realm: - al.append(('krb5MaxLife', '86400')) - al.append(('krb5MaxRenew', '604800')) - al.append(('krb5KDCFlags', '126')) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - else: - # can't do kerberos - self._remove_option('kerberos') - if 'posix' in self.options: - self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') - self.alloc.append(('uidNumber', self.uidNum)) - gidNum = self.get_gid_for_primary_group() - al.append(('uidNumber', [self.uidNum])) - al.append(('gidNumber', [gidNum])) - - if self.modifypassword or self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - self.modifypassword = 0 - if 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - al.append(('sambaSID', [self.machineSid])) - al.append(('sambaAcctFlags', [acctFlags.decode()])) - al.append(('displayName', self.info['name'])) - - al.insert(0, ('objectClass', ocs)) - - return al - - def _ldap_post_create(self): - if 'posix' in self.options: - if hasattr(self, 'uid') and self.uid: - univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_create(self) - self.nagios_ldap_post_create() - - def _ldap_pre_remove(self): - self.open() - if 'posix' in self.options and self.oldattr.get('uidNumber'): - self.uidNum = self.oldattr['uidNumber'][0] - - def _ldap_post_remove(self): - if 'posix' in self.options: - univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) - groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) - if groupObjects: - for i in range(0, len(groupObjects)): - groupObjects[i].open() - if self.dn in groupObjects[i]['users']: - groupObjects[i]['users'].remove(self.dn) - groupObjects[i].modify(ignore_license=1) - - self.nagios_ldap_post_remove() - univention.admin.handlers.simpleComputer._ldap_post_remove(self) - # Need to clean up oldinfo. If remove was invoked, because the - # creation of the object has failed, the next try will result in - # a 'object class violation' (Bug #19343) - self.oldinfo = {} + raise univention.admin.uexceptions.invalidOptions(_('At least posix or kerberos is required.')) - def krb5_principal(self): - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - if self.info.has_key('domain') and self.info['domain']: - kerberos_domain = self.info['domain'] - else: - kerberos_domain = domain.getKerberosRealm() - return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm - def _ldap_post_modify(self): - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_modify(self) - self.nagios_ldap_post_modify() - - def _ldap_pre_modify(self): - if self.hasChanged('password'): - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - elif not self.info['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - else: - self.modifypassword = 1 - self.nagios_ldap_pre_modify() - univention.admin.handlers.simpleComputer._ldap_pre_modify(self) - - def _ldap_modlist(self): - ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) - - self.nagios_ldap_modlist(ml) - - if self.hasChanged('name'): - if 'posix' in self.options: - if hasattr(self, 'uidNum'): - univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) - requested_uid = "%s$" % self['name'] - try: - self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) - except Exception: - self.cancel() - raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) - return [] - - self.alloc.append(('uid', self.uid)) - - ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) - - if 'samba' in self.options: - ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) - - if 'kerberos' in self.options: - ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) - - if self.modifypassword and self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - - # add samba option - if self.exists() and self.option_toggled('samba') and 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - ml.append(('sambaSID', '', [self.machineSid])) - ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) - ml.append(('displayName', '', self.info['name'])) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: - for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: - if self.oldattr.get(key, []): - ml.insert(0, (key, self.oldattr.get(key, []), '')) - - if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) - - return ml - - def cleanup(self): - self.open() - self.nagios_cleanup() - univention.admin.handlers.simpleComputer.cleanup(self) - - def cancel(self): - for i, j in self.alloc: - univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) - univention.admin.allocators.release(self.lo, self.position, i, j) - - -def rewrite(filter, mapping): - if filter.variable == 'ip': - filter.variable = 'aRecord' - else: - univention.admin.mapping.mapRewrite(filter, mapping) +del object.link +rewrite = object.rewrite def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py index e2c15c4..1c5d753 100644 --- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py +++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/macos.py @@ -30,21 +30,12 @@ # /usr/share/common-licenses/AGPL-3; if not, see # . -from ldap.filter import filter_format - from univention.admin.layout import Tab, Group import univention.admin.filter import univention.admin.handlers -import univention.admin.password -import univention.admin.allocators import univention.admin.localization -import univention.admin.uldap import univention.admin.nagios as nagios -import univention.admin.handlers.dns.forward_zone -import univention.admin.handlers.dns.reverse_zone -import univention.admin.handlers.groups.group -import univention.admin.handlers.networks.network -import time +from univention.admin.handlers.computers.base import computerBase translation = univention.admin.localization.translation('univention.admin.handlers.computers') _ = translation.translate @@ -328,267 +319,31 @@ mapping = univention.admin.mapping.mapping() mapping.register('name', 'cn', None, univention.admin.mapping.ListToString) mapping.register('description', 'description', None, univention.admin.mapping.ListToString) -mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString) -mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString) mapping.register('domain', 'associatedDomain', None, univention.admin.mapping.ListToString) mapping.register('inventoryNumber', 'univentionInventoryNumber') mapping.register('mac', 'macAddress') mapping.register('network', 'univentionNetworkLink', None, univention.admin.mapping.ListToString) mapping.register('unixhome', 'homeDirectory', None, univention.admin.mapping.ListToString) mapping.register('shell', 'loginShell', None, univention.admin.mapping.ListToString) +mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString) +mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString) # add Nagios extension nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) -# WARNING: do not change class order if there are still super() calls - -class object(univention.admin.handlers.simpleComputer, nagios.Support): +class object(computerBase): module = module + mapping = mapping + CONFIG_NAME = 'univentionDefaultClientGroup' + DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionMacOSClient'] + SAMBA_ACCOUNT_FLAG = 'W' + SERVER_TYPE = 'univentionMacOSClient' - def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): - univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) - nagios.Support.__init__(self) - - def open(self): - univention.admin.handlers.simpleComputer.open(self) - self.nagios_open() - - self.modifypassword = 0 - if self.exists(): - userPassword = self.oldattr.get('userPassword', [''])[0] - if userPassword: - self.info['password'] = userPassword - self.modifypassword = 0 - - if self.exists(): - - if 'posix' in self.options and not self.info.get('primaryGroup'): - primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) - if primaryGroupNumber: - primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) - if primaryGroupResult: - self['primaryGroup'] = primaryGroupResult[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - if 'samba' in self.options: - sid = self.oldattr.get('sambaSID', [''])[0] - pos = sid.rfind('-') - self.info['sambaRID'] = sid[pos + 1:] - - self.save() - - else: - self.modifypassword = 0 - if 'posix' in self.options: - res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultClientGroup', position=self.position) - if res: - self['primaryGroup'] = res - # self.save() - - def _ldap_pre_create(self): - super(object, self)._ldap_pre_create() - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - - def _ldap_addlist(self): - ocs = ['top', 'person', 'univentionHost', 'univentionMacOSClient'] - al = [] - if 'kerberos' in self.options: - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - - if realm: - al.append(('krb5MaxLife', '86400')) - al.append(('krb5MaxRenew', '604800')) - al.append(('krb5KDCFlags', '126')) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - else: - # can't do kerberos - self._remove_option('kerberos') - if 'posix' in self.options: - self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') - self.alloc.append(('uidNumber', self.uidNum)) - gidNum = self.get_gid_for_primary_group() - al.append(('uidNumber', [self.uidNum])) - al.append(('gidNumber', [gidNum])) - - if self.modifypassword or self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - self.modifypassword = 0 - if 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - al.append(('sambaSID', [self.machineSid])) - al.append(('sambaAcctFlags', [acctFlags.decode()])) - al.append(('displayName', self.info['name'])) - - al.insert(0, ('objectClass', ocs)) - - return al - - def _ldap_post_create(self): - if 'posix' in self.options: - if hasattr(self, 'uid') and self.uid: - univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_create(self) - self.nagios_ldap_post_create() - - def _ldap_pre_remove(self): - self.open() - if 'posix' in self.options and self.oldattr.get('uidNumber'): - self.uidNum = self.oldattr['uidNumber'][0] - def _ldap_post_remove(self): - if 'posix' in self.options: - univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) - groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) - if groupObjects: - for i in range(0, len(groupObjects)): - groupObjects[i].open() - if self.dn in groupObjects[i]['users']: - groupObjects[i]['users'].remove(self.dn) - groupObjects[i].modify(ignore_license=1) - - self.nagios_ldap_post_remove() - univention.admin.handlers.simpleComputer._ldap_post_remove(self) - # Need to clean up oldinfo. If remove was invoked, because the - # creation of the object has failed, the next try will result in - # a 'object class violation' (Bug #19343) - self.oldinfo = {} - - def krb5_principal(self): - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - if self.info.has_key('domain') and self.info['domain']: - kerberos_domain = self.info['domain'] - else: - kerberos_domain = domain.getKerberosRealm() - return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm - - def _ldap_post_modify(self): - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_modify(self) - self.nagios_ldap_post_modify() - - def _ldap_pre_modify(self): - if self.hasChanged('password'): - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - elif not self.info['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - else: - self.modifypassword = 1 - self.nagios_ldap_pre_modify() - univention.admin.handlers.simpleComputer._ldap_pre_modify(self) - - def _ldap_modlist(self): - ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) - - self.nagios_ldap_modlist(ml) - - if self.hasChanged('name'): - if 'posix' in self.options: - if hasattr(self, 'uidNum'): - univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) - requested_uid = "%s$" % self['name'] - try: - self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) - except Exception: - self.cancel() - raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) - return [] - - self.alloc.append(('uid', self.uid)) - - ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) - - if 'samba' in self.options: - ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) - - if 'kerberos' in self.options: - ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) - - if self.modifypassword and self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - - # add samba option - if self.exists() and self.option_toggled('samba') and 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - ml.append(('sambaSID', '', [self.machineSid])) - ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) - ml.append(('displayName', '', self.info['name'])) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: - for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: - if self.oldattr.get(key, []): - ml.insert(0, (key, self.oldattr.get(key, []), '')) - - if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) - - return ml - - def cleanup(self): - self.open() - self.nagios_cleanup() - univention.admin.handlers.simpleComputer.cleanup(self) - - def cancel(self): - for i, j in self.alloc: - univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) - univention.admin.allocators.release(self.lo, self.position, i, j) - - -def rewrite(filter, mapping): - if filter.variable == 'ip': - filter.variable = 'aRecord' - else: - univention.admin.mapping.mapRewrite(filter, mapping) +del object.link +rewrite = object.rewrite +identify = object.identify def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py index 7ff4d1f..d563055 100644 --- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py +++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py @@ -30,21 +30,12 @@ # /usr/share/common-licenses/AGPL-3; if not, see # . -from ldap.filter import filter_format - from univention.admin.layout import Tab, Group import univention.admin.filter import univention.admin.handlers -import univention.admin.password -import univention.admin.allocators import univention.admin.localization -import univention.admin.uldap import univention.admin.nagios as nagios -import univention.admin.handlers.dns.forward_zone -import univention.admin.handlers.dns.reverse_zone -import univention.admin.handlers.groups.group -import univention.admin.handlers.networks.network -import time +from univention.admin.handlers.computers.base import computerBase translation = univention.admin.localization.translation('univention.admin.handlers.computers') _ = translation.translate @@ -385,9 +376,9 @@ mapping.register('name', 'cn', None, univention.admin.mapping.ListToString) mapping.register('description', 'description', None, univention.admin.mapping.ListToString) mapping.register('domain', 'associatedDomain', None, univention.admin.mapping.ListToString) -mapping.register('inventoryNumber', 'univentionInventoryNumber') mapping.register('serverRole', 'univentionServerRole') mapping.register('mac', 'macAddress') +mapping.register('inventoryNumber', 'univentionInventoryNumber') mapping.register('reinstall', 'univentionServerReinstall', None, univention.admin.mapping.ListToString) mapping.register('instprofile', 'univentionServerInstallationProfile', None, univention.admin.mapping.ListToString) mapping.register('reinstalloption', 'univentionServerInstallationOption', None, univention.admin.mapping.ListToString) @@ -402,297 +393,17 @@ nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) -class object(univention.admin.handlers.simpleComputer, nagios.Support): +class object(computerBase): module = module - - def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): - univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) - nagios.Support.__init__(self) - - def open(self): - univention.admin.handlers.simpleComputer.open(self) - self.nagios_open() - - self.modifypassword = 0 - - if self.exists(): - - if 'posix' in self.options and not self.info.get('primaryGroup'): - primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) - if primaryGroupNumber: - primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) - if primaryGroupResult: - self['primaryGroup'] = primaryGroupResult[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - if 'samba' in self.options: - sid = self.oldattr.get('sambaSID', [''])[0] - pos = sid.rfind('-') - self.info['sambaRID'] = sid[pos + 1:] - - if self.exists(): - userPassword = self.oldattr.get('userPassword', [''])[0] - if userPassword: - self.info['password'] = userPassword - self.modifypassword = 0 - self.save() - - else: - self.modifypassword = 0 - if 'posix' in self.options: - res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultMemberserverGroup', position=self.position) - if res: - self['primaryGroup'] = res - # self.save() - - def _ldap_pre_create(self): - super(object, self)._ldap_pre_create() - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - - def _ldap_addlist(self): - ocs = ['top', 'person', 'univentionHost', 'univentionMemberServer'] - al = [] - if 'kerberos' in self.options: - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - - if realm: - al.append(('krb5MaxLife', '86400')) - al.append(('krb5MaxRenew', '604800')) - al.append(('krb5KDCFlags', '126')) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - else: - # can't do kerberos - self._remove_option('kerberos') - if 'posix' in self.options: - self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') - self.alloc.append(('uidNumber', self.uidNum)) - gidNum = self.get_gid_for_primary_group() - al.append(('uidNumber', [self.uidNum])) - al.append(('gidNumber', [gidNum])) - - if self.modifypassword or self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - self.modifypassword = 0 - if 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - al.append(('sambaSID', [self.machineSid])) - al.append(('sambaAcctFlags', [acctFlags.decode()])) - al.append(('displayName', self.info['name'])) - - al.insert(0, ('objectClass', ocs)) - al.append(('univentionServerRole', '', 'member')) - return al - - def _ldap_post_create(self): - if 'posix' in self.options: - if hasattr(self, 'uid') and self.uid: - univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_create(self) - self.nagios_ldap_post_create() - - def _ldap_pre_remove(self): - self.open() - if 'posix' in self.options and self.oldattr.get('uidNumber'): - self.uidNum = self.oldattr['uidNumber'][0] - - def _ldap_post_remove(self): - if 'posix' in self.options: - univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) - groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) - if groupObjects: - for i in range(0, len(groupObjects)): - groupObjects[i].open() - if self.dn in groupObjects[i]['users']: - groupObjects[i]['users'].remove(self.dn) - groupObjects[i].modify(ignore_license=1) - - self.nagios_ldap_post_remove() - univention.admin.handlers.simpleComputer._ldap_post_remove(self) - # Need to clean up oldinfo. If remove was invoked, because the - # creation of the object has failed, the next try will result in - # a 'object class violation' (Bug #19343) - self.oldinfo = {} - - def krb5_principal(self): - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - if self.info.has_key('domain') and self.info['domain']: - kerberos_domain = self.info['domain'] - else: - kerberos_domain = domain.getKerberosRealm() - return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm - - def _ldap_post_modify(self): - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_modify(self) - self.nagios_ldap_post_modify() - - def _ldap_pre_modify(self): - if self.hasChanged('password'): - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - elif not self.info['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - else: - self.modifypassword = 1 - self.nagios_ldap_pre_modify() - univention.admin.handlers.simpleComputer._ldap_pre_modify(self) - - def _ldap_modlist(self): - ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) - - self.nagios_ldap_modlist(ml) - - if self.hasChanged('name'): - if 'posix' in self.options: - if hasattr(self, 'uidNum'): - univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) - requested_uid = "%s$" % self['name'] - try: - self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) - except Exception: - self.cancel() - raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) - return [] - - self.alloc.append(('uid', self.uid)) - - ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) - - if 'samba' in self.options: - ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) - - if 'kerberos' in self.options: - ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) - - if self.modifypassword and self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - - # add samba option - if self.exists() and self.option_toggled('samba') and 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - ml.append(('sambaSID', '', [self.machineSid])) - ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) - ml.append(('displayName', '', self.info['name'])) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: - for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: - if self.oldattr.get(key, []): - ml.insert(0, (key, self.oldattr.get(key, []), '')) - - if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) - - return ml - - def cleanup(self): - self.open() - self.nagios_cleanup() - univention.admin.handlers.simpleComputer.cleanup(self) - - def cancel(self): - for i, j in self.alloc: - univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) - univention.admin.allocators.release(self.lo, self.position, i, j) - - def link(self): - result = [] - if self['ip'] and len(self['ip']) > 0 and self['ip'][0]: - result = [{'url': 'https://%s/univention-management-console/' % self['ip'][0], 'ipaddr': self['ip'][0], }] - if self.has_key('dnsEntryZoneForward') and self['dnsEntryZoneForward'] and len(self['dnsEntryZoneForward']) > 0: - zone = univention.admin.uldap.explodeDn(self['dnsEntryZoneForward'][0], 1)[0] - if not result: - result = [{'url': 'https://%s.%s/univention-management-console/' % (self['name'], zone)}] - result[0]['fqdn'] = '%s.%s' % (self['name'], zone) - if result: - result[0]['name'] = _('Open Univention Management Console on this computer') - return result - return None - - -def rewrite(filter, mapping): - if filter.variable == 'ip': - filter.variable = 'aRecord' - else: - univention.admin.mapping.mapRewrite(filter, mapping) - - -def lookup_filter(filter_s=None, lo=None): - filter_s = univention.admin.filter.replace_fqdn_filter(filter_s) - if str(filter_s).find('(dnsAlias=') != -1: - filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s) - if filter_s: - return lookup_filter(filter_s, lo) - else: - return None - lookup_filter_obj = \ - univention.admin.filter.conjunction('&', [ - univention.admin.filter.expression('objectClass', 'univentionHost'), - univention.admin.filter.expression('objectClass', 'univentionMemberServer'), - ]) - - # ATTENTION: has its own rewrite function. - lookup_filter_obj.append_unmapped_filter_string(filter_s, rewrite, mapping) - return lookup_filter_obj - - -def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): - - filter = lookup_filter(filter_s, lo) - if filter is None: - return [] - res = [] - for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): - res.append(object(co, lo, None, dn, attributes=attrs)) - return res - - -def identify(dn, attr, canonical=0): - return 'univentionHost' in attr.get('objectClass', []) and 'univentionMemberServer' in attr.get('objectClass', []) + mapping = mapping + CONFIG_NAME = 'univentionDefaultMemberserverGroup' + DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionMemberServer'] + SAMBA_ACCOUNT_FLAG = 'W' + SERVER_TYPE = 'univentionMemberServer' + SERVER_ROLE = 'member' + + +rewrite = object.rewrite +lookup_filter = object.lookup_filter +lookup = object.lookup +identify = object.identify diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py index e30c3f6..64e915f 100644 --- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py +++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/ubuntu.py @@ -30,21 +30,12 @@ # /usr/share/common-licenses/AGPL-3; if not, see # . -from ldap.filter import filter_format - from univention.admin.layout import Tab, Group import univention.admin.filter import univention.admin.handlers -import univention.admin.password -import univention.admin.allocators import univention.admin.localization -import univention.admin.uldap import univention.admin.nagios as nagios -import univention.admin.handlers.dns.forward_zone -import univention.admin.handlers.dns.reverse_zone -import univention.admin.handlers.groups.group -import univention.admin.handlers.networks.network -import time +from univention.admin.handlers.computers.base import computerBase translation = univention.admin.localization.translation('univention.admin.handlers.computers') _ = translation.translate @@ -340,255 +331,21 @@ nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) -class object(univention.admin.handlers.simpleComputer, nagios.Support): +class object(computerBase): module = module + mapping = mapping + CONFIG_NAME = 'univentionDefaultClientGroup' + DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionUbuntuClient'] + SAMBA_ACCOUNT_FLAG = 'W' + SERVER_TYPE = 'univentionUbuntuClient' - def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): - univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) - nagios.Support.__init__(self) - - def open(self): - global options - univention.admin.handlers.simpleComputer.open(self) - self.nagios_open() - - self.modifypassword = 0 - - if self.exists(): - - if 'posix' in self.options and not self.info.get('primaryGroup'): - primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) - if primaryGroupNumber: - primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) - if primaryGroupResult: - self['primaryGroup'] = primaryGroupResult[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - if 'samba' in self.options: - sid = self.oldattr.get('sambaSID', [''])[0] - pos = sid.rfind('-') - self.info['sambaRID'] = sid[pos + 1:] - - if self.exists(): - userPassword = self.oldattr.get('userPassword', [''])[0] - if userPassword: - self.info['password'] = userPassword - self.modifypassword = 0 - self.save() - - else: - self.modifypassword = 0 - if 'posix' in self.options: - res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultClientGroup', position=self.position) - if res: - self['primaryGroup'] = res - - def _ldap_pre_create(self): - super(object, self)._ldap_pre_create() - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - - def _ldap_addlist(self): + def check_required_options(self): if not set(self.options) & set(['posix', 'kerberos']): - raise univention.admin.uexceptions.invalidOptions(_(' At least posix or kerberos is required.')) - - ocs = ['top', 'person', 'univentionHost', 'univentionUbuntuClient'] - al = [] - if 'kerberos' in self.options: - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - - if realm: - al.append(('krb5MaxLife', '86400')) - al.append(('krb5MaxRenew', '604800')) - al.append(('krb5KDCFlags', '126')) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - else: - # can't do kerberos - self._remove_option('kerberos') - if 'posix' in self.options: - self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') - self.alloc.append(('uidNumber', self.uidNum)) - gidNum = self.get_gid_for_primary_group() - al.append(('uidNumber', [self.uidNum])) - al.append(('gidNumber', [gidNum])) - - if self.modifypassword or self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - self.modifypassword = 0 - if 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - al.append(('sambaSID', [self.machineSid])) - al.append(('sambaAcctFlags', [acctFlags.decode()])) - al.append(('displayName', self.info['name'])) - - al.insert(0, ('objectClass', ocs)) - - return al - - def _ldap_post_create(self): - if 'posix' in self.options: - if hasattr(self, 'uid') and self.uid: - univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_create(self) - self.nagios_ldap_post_create() - - def _ldap_pre_remove(self): - self.open() - if 'posix' in self.options and self.oldattr.get('uidNumber'): - self.uidNum = self.oldattr['uidNumber'][0] - - def _ldap_post_remove(self): - if 'posix' in self.options: - univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) - groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) - if groupObjects: - for i in range(0, len(groupObjects)): - groupObjects[i].open() - if self.dn in groupObjects[i]['users']: - groupObjects[i]['users'].remove(self.dn) - groupObjects[i].modify(ignore_license=1) - - self.nagios_ldap_post_remove() - univention.admin.handlers.simpleComputer._ldap_post_remove(self) - # Need to clean up oldinfo. If remove was invoked, because the - # creation of the object has failed, the next try will result in - # a 'object class violation' (Bug #19343) - self.oldinfo = {} + raise univention.admin.uexceptions.invalidOptions(_('At least posix or kerberos is required.')) - def krb5_principal(self): - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - if self.info.has_key('domain') and self.info['domain']: - kerberos_domain = self.info['domain'] - else: - kerberos_domain = domain.getKerberosRealm() - return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm - def _ldap_post_modify(self): - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_modify(self) - self.nagios_ldap_post_modify() - - def _ldap_pre_modify(self): - if self.hasChanged('password'): - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - elif not self.info['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - else: - self.modifypassword = 1 - self.nagios_ldap_pre_modify() - univention.admin.handlers.simpleComputer._ldap_pre_modify(self) - - def _ldap_modlist(self): - ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) - - self.nagios_ldap_modlist(ml) - - if self.hasChanged('name'): - if 'posix' in self.options: - if hasattr(self, 'uidNum'): - univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) - requested_uid = "%s$" % self['name'] - try: - self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) - except Exception: - self.cancel() - raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) - return [] - - self.alloc.append(('uid', self.uid)) - - ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) - - if 'samba' in self.options: - ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) - - if 'kerberos' in self.options: - ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) - - if self.modifypassword and self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - - # add samba option - if self.exists() and self.option_toggled('samba') and 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - ml.append(('sambaSID', '', [self.machineSid])) - ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) - ml.append(('displayName', '', self.info['name'])) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: - for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: - if self.oldattr.get(key, []): - ml.insert(0, (key, self.oldattr.get(key, []), '')) - - if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) - - return ml - - def cleanup(self): - self.open() - self.nagios_cleanup() - univention.admin.handlers.simpleComputer.cleanup(self) - - def cancel(self): - for i, j in self.alloc: - univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) - univention.admin.allocators.release(self.lo, self.position, i, j) - - -def rewrite(filter, mapping): - if filter.variable == 'ip': - filter.variable = 'aRecord' - else: - univention.admin.mapping.mapRewrite(filter, mapping) +del object.link +rewrite = object.rewrite def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py index 501243d..e666985 100644 --- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py +++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py @@ -30,21 +30,12 @@ # /usr/share/common-licenses/AGPL-3; if not, see # . -from ldap.filter import filter_format - from univention.admin.layout import Tab, Group import univention.admin.filter import univention.admin.handlers -import univention.admin.password -import univention.admin.allocators import univention.admin.localization -import univention.admin.uldap import univention.admin.nagios as nagios -import univention.admin.handlers.dns.forward_zone -import univention.admin.handlers.dns.reverse_zone -import univention.admin.handlers.groups.group -import univention.admin.handlers.networks.network -import time +from univention.admin.handlers.computers.base import computerBase translation = univention.admin.localization.translation('univention.admin.handlers.computers') _ = translation.translate @@ -342,277 +333,38 @@ mapping = univention.admin.mapping.mapping() mapping.register('name', 'cn', None, univention.admin.mapping.ListToString) mapping.register('description', 'description', None, univention.admin.mapping.ListToString) -mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString) -mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString) mapping.register('domain', 'associatedDomain', None, univention.admin.mapping.ListToString) mapping.register('inventoryNumber', 'univentionInventoryNumber') mapping.register('mac', 'macAddress') mapping.register('network', 'univentionNetworkLink', None, univention.admin.mapping.ListToString) mapping.register('unixhome', 'homeDirectory', None, univention.admin.mapping.ListToString) mapping.register('shell', 'loginShell', None, univention.admin.mapping.ListToString) +mapping.register('operatingSystem', 'univentionOperatingSystem', None, univention.admin.mapping.ListToString) +mapping.register('operatingSystemVersion', 'univentionOperatingSystemVersion', None, univention.admin.mapping.ListToString) # add Nagios extension nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) -class object(univention.admin.handlers.simpleComputer, nagios.Support): +class object(computerBase): module = module - - def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): - univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) - nagios.Support.__init__(self) - - def open(self): - univention.admin.handlers.simpleComputer.open(self) - self.nagios_open() - - self.modifypassword = 0 - if self.exists(): - userPassword = self.oldattr.get('userPassword', [''])[0] - if userPassword: - self.info['password'] = userPassword - self.modifypassword = 0 - - if self.exists(): - - if 'posix' in self.options and not self.info.get('primaryGroup'): - primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) - if primaryGroupNumber: - primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) - if primaryGroupResult: - self['primaryGroup'] = primaryGroupResult[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - if 'samba' in self.options: - sid = self.oldattr.get('sambaSID', [''])[0] - pos = sid.rfind('-') - self.info['sambaRID'] = sid[pos + 1:] - - self.save() - - else: - self.modifypassword = 0 - if 'posix' in self.options: - res = univention.admin.config.getDefaultValue(self.lo, 'computerGroup', position=self.position) - if res: - self['primaryGroup'] = res - # self.save() - - def _ldap_pre_create(self): - super(object, self)._ldap_pre_create() - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - - def _ldap_addlist(self): - ocs = ['top', 'person', 'univentionHost', 'univentionWindows'] - al = [] - if 'kerberos' in self.options: - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - - if realm: - ocs.extend(['krb5Principal', 'krb5KDCEntry']) - al.append(('krb5MaxLife', '86400')) - al.append(('krb5MaxRenew', '604800')) - al.append(('krb5KDCFlags', '126')) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - else: - # can't do kerberos - self._remove_option('kerberos') - if 'posix' in self.options: - self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') - self.alloc.append(('uidNumber', self.uidNum)) - gidNum = self.get_gid_for_primary_group() - ocs.extend(['posixAccount', 'shadowAccount']) - al.append(('uidNumber', [self.uidNum])) - al.append(('gidNumber', [gidNum])) - - if self.modifypassword or self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - self.modifypassword = 0 - if 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - ocs.append('sambaSamAccount') - al.append(('sambaSID', [self.machineSid])) - al.append(('sambaAcctFlags', [acctFlags.decode()])) - al.append(('displayName', self.info['name'])) - - al.insert(0, ('objectClass', ocs)) - # new since UCS 3.0, old Windows clients don't have this attribute - al.append(('univentionServerRole', '', 'windows_client')) - return al - - def _ldap_post_create(self): - if 'posix' in self.options: - if hasattr(self, 'uid') and self.uid: - univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_create(self) - self.nagios_ldap_post_create() - - def _ldap_pre_remove(self): - self.open() - if 'posix' in self.options and self.oldattr.get('uidNumber'): - self.uidNum = self.oldattr['uidNumber'][0] - - def _ldap_post_remove(self): - if 'posix' in self.options: - univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) - groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) - if groupObjects: - for i in range(0, len(groupObjects)): - groupObjects[i].open() - if self.dn in groupObjects[i]['users']: - groupObjects[i]['users'].remove(self.dn) - groupObjects[i].modify(ignore_license=1) - - self.nagios_ldap_post_remove() - univention.admin.handlers.simpleComputer._ldap_post_remove(self) - # Need to clean up oldinfo. If remove was invoked, because the - # creation of the object has failed, the next try will result in - # a 'object class violation' (Bug #19343) - self.oldinfo = {} - - def krb5_principal(self): - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - if self.info.has_key('domain') and self.info['domain']: - kerberos_domain = self.info['domain'] - else: - kerberos_domain = domain.getKerberosRealm() - return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm - - def _ldap_post_modify(self): - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_modify(self) - self.nagios_ldap_post_modify() - - def _ldap_pre_modify(self): - if self.hasChanged('password'): - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - elif not self.info['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - else: - self.modifypassword = 1 - self.nagios_ldap_pre_modify() - univention.admin.handlers.simpleComputer._ldap_pre_modify(self) + mapping = mapping + CONFIG_NAME = 'computerGroup' + DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionWindows'] + SAMBA_ACCOUNT_FLAG = 'W' + SERVER_TYPE = 'univentionWindows' + SERVER_ROLE = 'windows_client' def _ldap_modlist(self): - ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) - - self.nagios_ldap_modlist(ml) - + ml = super(object, self)._ldap_modlist() if self.hasChanged('ntCompatibility') and self['ntCompatibility'] == '1': self['password'] = self['name'].replace('$', '').lower() self.modifypassword = 1 - - if self.hasChanged('name'): - if 'posix' in self.options: - if hasattr(self, 'uidNum'): - univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) - requested_uid = "%s$" % self['name'] - try: - self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) - except Exception: - self.cancel() - raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) - return [] - - self.alloc.append(('uid', self.uid)) - - ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) - - if 'samba' in self.options: - ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) - - if 'kerberos' in self.options: - ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) - - if self.modifypassword and self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - - # add samba option - if self.exists() and self.option_toggled('samba') and 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'W': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - ml.insert(0, ('objectClass', '', 'sambaSamAccount')) - ml.append(('sambaSID', '', [self.machineSid])) - ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) - ml.append(('displayName', '', self.info['name'])) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: - ocs = self.oldattr.get('objectClass', []) - if 'sambaSamAccount' in ocs: - ml.insert(0, ('objectClass', 'sambaSamAccount', '')) - for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: - if self.oldattr.get(key, []): - ml.insert(0, (key, self.oldattr.get(key, []), '')) - - if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) - return ml - def cleanup(self): - self.open() - self.nagios_cleanup() - univention.admin.handlers.simpleComputer.cleanup(self) - - def cancel(self): - for i, j in self.alloc: - univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) - univention.admin.allocators.release(self.lo, self.position, i, j) - -def rewrite(filter, mapping): - if filter.variable == 'ip': - filter.variable = 'aRecord' - else: - univention.admin.mapping.mapRewrite(filter, mapping) +del object.link +rewrite = object.rewrite def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py index a46469d..1b6ff55 100644 --- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py +++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows_domaincontroller.py @@ -30,21 +30,12 @@ # /usr/share/common-licenses/AGPL-3; if not, see # . -from ldap.filter import filter_format - from univention.admin.layout import Tab, Group import univention.admin.filter import univention.admin.handlers -import univention.admin.password -import univention.admin.allocators import univention.admin.localization -import univention.admin.uldap import univention.admin.nagios as nagios -import univention.admin.handlers.dns.forward_zone -import univention.admin.handlers.dns.reverse_zone -import univention.admin.handlers.groups.group -import univention.admin.handlers.networks.network -import time +from univention.admin.handlers.computers.base import computerBase translation = univention.admin.localization.translation('univention.admin.handlers.computers') _ = translation.translate @@ -364,254 +355,18 @@ nagios.addPropertiesMappingOptionsAndLayout(property_descriptions, mapping, options, layout) -class object(univention.admin.handlers.simpleComputer, nagios.Support): +class object(computerBase): module = module + mapping = mapping + CONFIG_NAME = 'univentionDefaultDomainControllerGroup' + DEFAULT_OCS = ['top', 'person', 'univentionHost', 'univentionWindows'] + SAMBA_ACCOUNT_FLAG = 'S' + SERVER_TYPE = 'univentionWindows' + SERVER_ROLE = 'windows_domaincontroller' - def __init__(self, co, lo, position, dn='', superordinate=None, attributes=[]): - univention.admin.handlers.simpleComputer.__init__(self, co, lo, position, dn, superordinate, attributes) - nagios.Support.__init__(self) - - def open(self): - univention.admin.handlers.simpleComputer.open(self) - self.nagios_open() - - self.modifypassword = 0 - if self.exists(): - userPassword = self.oldattr.get('userPassword', [''])[0] - if userPassword: - self.info['password'] = userPassword - self.modifypassword = 0 - - if self.exists(): - - if 'posix' in self.options and not self.info.get('primaryGroup'): - primaryGroupNumber = self.oldattr.get('gidNumber', [''])[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'primary group number = %s' % (primaryGroupNumber)) - if primaryGroupNumber: - primaryGroupResult = self.lo.searchDn(filter_format('(&(objectClass=posixGroup)(gidNumber=%s))', [primaryGroupNumber])) - if primaryGroupResult: - self['primaryGroup'] = primaryGroupResult[0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Set primary group = %s' % (self['primaryGroup'])) - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - else: - self['primaryGroup'] = None - self.save() - raise univention.admin.uexceptions.primaryGroup - if 'samba' in self.options: - sid = self.oldattr.get('sambaSID', [''])[0] - pos = sid.rfind('-') - self.info['sambaRID'] = sid[pos + 1:] - - self.save() - - else: - self.modifypassword = 0 - if 'posix' in self.options: - res = univention.admin.config.getDefaultValue(self.lo, 'univentionDefaultDomainControllerGroup', position=self.position) - if res: - self['primaryGroup'] = res - # self.save() - - def _ldap_pre_create(self): - super(object, self)._ldap_pre_create() - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - - def _ldap_addlist(self): - ocs = ['top', 'person', 'univentionHost', 'univentionWindows'] - al = [] - if 'kerberos' in self.options: - - ocs.extend(['krb5Principal', 'krb5KDCEntry']) - al.append(('krb5MaxLife', '86400')) - al.append(('krb5MaxRenew', '604800')) - al.append(('krb5KDCFlags', '126')) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - al.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - - if 'posix' in self.options: - self.uidNum = univention.admin.allocators.request(self.lo, self.position, 'uidNumber') - self.alloc.append(('uidNumber', self.uidNum)) - gidNum = self.get_gid_for_primary_group() - ocs.extend(['posixAccount', 'shadowAccount']) - al.append(('uidNumber', [self.uidNum])) - al.append(('gidNumber', [gidNum])) - - if self.modifypassword or self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - al.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - al.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - al.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - al.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - al.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - self.modifypassword = 0 - if 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.uidNum, self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - ocs.append('sambaSamAccount') - al.append(('sambaSID', [self.machineSid])) - al.append(('sambaAcctFlags', [acctFlags.decode()])) - al.append(('displayName', self.info['name'])) - - al.insert(0, ('objectClass', ocs)) - al.append(('univentionServerRole', '', 'windows_domaincontroller')) - return al - - def _ldap_post_create(self): - if 'posix' in self.options: - if hasattr(self, 'uid') and self.uid: - univention.admin.allocators.confirm(self.lo, self.position, 'uid', self.uid) - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_create(self) - self.nagios_ldap_post_create() - - def _ldap_pre_remove(self): - self.open() - if 'posix' in self.options and self.oldattr.get('uidNumber'): - self.uidNum = self.oldattr['uidNumber'][0] - - def _ldap_post_remove(self): - if 'posix' in self.options: - univention.admin.allocators.release(self.lo, self.position, 'uidNumber', self.uidNum) - groupObjects = univention.admin.handlers.groups.group.lookup(self.co, self.lo, filter_s=filter_format('uniqueMember=%s', [self.dn])) - if groupObjects: - for i in range(0, len(groupObjects)): - groupObjects[i].open() - if self.dn in groupObjects[i]['users']: - groupObjects[i]['users'].remove(self.dn) - groupObjects[i].modify(ignore_license=1) - - self.nagios_ldap_post_remove() - univention.admin.handlers.simpleComputer._ldap_post_remove(self) - # Need to clean up oldinfo. If remove was invoked, because the - # creation of the object has failed, the next try will result in - # a 'object class violation' (Bug #19343) - self.oldinfo = {} - - def krb5_principal(self): - domain = univention.admin.uldap.domain(self.lo, self.position) - realm = domain.getKerberosRealm() - if self.info.has_key('domain') and self.info['domain']: - kerberos_domain = self.info['domain'] - else: - kerberos_domain = domain.getKerberosRealm() - return 'host/' + self['name'] + '.' + kerberos_domain.lower() + '@' + realm - - def _ldap_post_modify(self): - univention.admin.handlers.simpleComputer.primary_group(self) - univention.admin.handlers.simpleComputer.update_groups(self) - univention.admin.handlers.simpleComputer._ldap_post_modify(self) - self.nagios_ldap_post_modify() - def _ldap_pre_modify(self): - if self.hasChanged('password'): - if not self['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - elif not self.info['password']: - self['password'] = self.oldattr.get('password', [''])[0] - self.modifypassword = 0 - else: - self.modifypassword = 1 - self.nagios_ldap_pre_modify() - univention.admin.handlers.simpleComputer._ldap_pre_modify(self) - - def _ldap_modlist(self): - ml = univention.admin.handlers.simpleComputer._ldap_modlist(self) - - self.nagios_ldap_modlist(ml) - - if self.hasChanged('name'): - if 'posix' in self.options: - if hasattr(self, 'uidNum'): - univention.admin.allocators.confirm(self.lo, self.position, 'uidNumber', self.uidNum) - requested_uid = "%s$" % self['name'] - try: - self.uid = univention.admin.allocators.request(self.lo, self.position, 'uid', value=requested_uid) - except Exception: - self.cancel() - raise univention.admin.uexceptions.uidAlreadyUsed(': %s' % requested_uid) - return [] - - self.alloc.append(('uid', self.uid)) - - ml.append(('uid', self.oldattr.get('uid', [None])[0], self.uid)) - - if 'samba' in self.options: - ml.append(('displayName', self.oldattr.get('displayName', [None])[0], self['name'])) - - if 'kerberos' in self.options: - ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) - - if self.modifypassword and self['password']: - if 'kerberos' in self.options: - krb_keys = univention.admin.password.krb5_asn1(self.krb5_principal(), self['password']) - krb_key_version = str(int(self.oldattr.get('krb5KeyVersionNumber', ['0'])[0]) + 1) - ml.append(('krb5Key', self.oldattr.get('password', ['1']), krb_keys)) - ml.append(('krb5KeyVersionNumber', self.oldattr.get('krb5KeyVersionNumber', []), krb_key_version)) - if 'posix' in self.options: - password_crypt = "{crypt}%s" % (univention.admin.password.crypt(self['password'])) - ml.append(('userPassword', self.oldattr.get('userPassword', [''])[0], password_crypt)) - if 'samba' in self.options: - password_nt, password_lm = univention.admin.password.ntlm(self['password']) - ml.append(('sambaNTPassword', self.oldattr.get('sambaNTPassword', [''])[0], password_nt)) - ml.append(('sambaLMPassword', self.oldattr.get('sambaLMPassword', [''])[0], password_lm)) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - - # add samba option - if self.exists() and self.option_toggled('samba') and 'samba' in self.options: - acctFlags = univention.admin.samba.acctFlags(flags={'S': 1}) - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - self.alloc.append(('sid', self.machineSid)) - ml.insert(0, ('objectClass', '', 'sambaSamAccount')) - ml.append(('sambaSID', '', [self.machineSid])) - ml.append(('sambaAcctFlags', '', [acctFlags.decode()])) - ml.append(('displayName', '', self.info['name'])) - sambaPwdLastSetValue = str(long(time.time())) - ml.append(('sambaPwdLastSet', self.oldattr.get('sambaPwdLastSet', [''])[0], sambaPwdLastSetValue)) - if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: - ocs = self.oldattr.get('objectClass', []) - if 'sambaSamAccount' in ocs: - ml.insert(0, ('objectClass', 'sambaSamAccount', '')) - for key in ['sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName']: - if self.oldattr.get(key, []): - ml.insert(0, (key, self.oldattr.get(key, []), '')) - - if self.hasChanged('sambaRID') and not hasattr(self, 'machineSid'): - self.machineSid = self.getMachineSid(self.lo, self.position, self.oldattr['uidNumber'][0], self.get('sambaRID')) - ml.append(('sambaSID', self.oldattr.get('sambaSID', ['']), [self.machineSid])) - - return ml - - def cleanup(self): - self.open() - self.nagios_cleanup() - univention.admin.handlers.simpleComputer.cleanup(self) - - def cancel(self): - for i, j in self.alloc: - univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'cancel: release (%s): %s' % (i, j)) - univention.admin.allocators.release(self.lo, self.position, i, j) - - -def rewrite(filter, mapping): - if filter.variable == 'ip': - filter.variable = 'aRecord' - else: - univention.admin.mapping.mapRewrite(filter, mapping) +rewrite = object.rewrite +identify = object.identify def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=False, required=False, timeout=-1, sizelimit=0): @@ -637,7 +392,3 @@ def lookup(co, lo, filter_s, base='', superordinate=None, scope='sub', unique=Fa for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): res.append(object(co, lo, None, dn, attributes=attrs)) return res - - -def identify(dn, attr, canonical=0): - return 'univentionHost' in attr.get('objectClass', []) and 'univentionWindows' in attr.get('objectClass', []) and 'windows_domaincontroller' in attr.get('univentionServerRole', [])