def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
exc = None
if dns_container_exists(ldap):
try:
parts = keys[-1].split('.')
host = parts[0]
domain = unicode('.'.join(parts[1:]))
if options.get('ip_address'):
add_reverse = not options.get('no_reverse', False)
add_records_for_host(DNSName(host),
DNSName(domain).make_absolute(),
options['ip_address'],
add_forward=True,
add_reverse=add_reverse)
del options['ip_address']
update_sshfp_record(domain, unicode(parts[0]), entry_attrs)
except Exception as e:
exc = e
if options.get('random', False):
try:
entry_attrs['randompassword'] = unicode(getattr(context, 'randompassword'))
except AttributeError:
# On the off-chance some other extension deletes this from the
# context, don't crash.
pass
if exc:
raise errors.NonFatalError(
reason=_('The host was added but the DNS update failed with: %(exc)s') % dict(exc=exc)
)
set_certificate_attrs(entry_attrs)
set_kerberos_attrs(entry_attrs, options)
rename_ipaallowedtoperform_from_ldap(entry_attrs, options)
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(dn)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
# fetched anywhere.
entry_attrs['has_keytab'] = False
convert_sshpubkey_post(ldap, dn, entry_attrs)
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
exc = None
if dns_container_exists(ldap):
try:
parts = keys[-1].split('.')
host = parts[0]
domain = unicode('.'.join(parts[1:]))
if options.get('ip_address'):
add_reverse = not options.get('no_reverse', False)
add_records_for_host(DNSName(host),
DNSName(domain).make_absolute(),
options['ip_address'],
add_forward=True,
add_reverse=add_reverse)
del options['ip_address']
update_sshfp_record(domain, unicode(parts[0]), entry_attrs)
except Exception as e:
exc = e
if options.get('random', False):
try:
entry_attrs['randompassword'] = unicode(getattr(context, 'randompassword'))
except AttributeError:
# On the off-chance some other extension deletes this from the
# context, don't crash.
pass
if exc:
raise errors.NonFatalError(
reason=_('The host was added but the DNS update failed with: %(exc)s') % dict(exc=exc)
)
set_certificate_attrs(entry_attrs)
set_kerberos_attrs(entry_attrs, options)
rename_ipaallowedtoperform_from_ldap(entry_attrs, options)
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(dn)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
# fetched anywhere.
entry_attrs['has_keytab'] = False
convert_sshpubkey_post(ldap, dn, entry_attrs)
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
# fetched anywhere.
entry_attrs['has_keytab'] = False
set_certificate_attrs(entry_attrs)
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(dn)
self.obj.suppress_netgroup_memberof(ldap, entry_attrs)
convert_sshpubkey_post(ldap, dn, entry_attrs)
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
# fetched anywhere.
entry_attrs['has_keytab'] = False
set_certificate_attrs(entry_attrs)
set_kerberos_attrs(entry_attrs, options)
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(dn)
self.obj.suppress_netgroup_memberof(ldap, entry_attrs)
convert_sshpubkey_post(ldap, dn, entry_attrs)
return dn
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return truncated
for entry in entries:
(dn, entry_attrs) = entry
set_certificate_attrs(entry_attrs)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
self.obj.suppress_netgroup_memberof(ldap, entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
# fetched anywhere.
entry_attrs['has_keytab'] = False
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(entry[0])
convert_sshpubkey_post(ldap, dn, entry_attrs)
return truncated
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return truncated
for entry_attrs in entries:
set_certificate_attrs(entry_attrs)
set_kerberos_attrs(entry_attrs, options)
rename_ipaallowedtoperform_from_ldap(entry_attrs, options)
self.obj.suppress_netgroup_memberof(ldap, entry_attrs)
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(entry_attrs.dn)
convert_sshpubkey_post(entry_attrs)
remove_sshpubkey_from_output_post(self.context, entry_attrs)
convert_ipaassignedidview_post(entry_attrs, options)
remove_sshpubkey_from_output_list_post(self.context, entries)
return truncated
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return truncated
for entry in entries:
(dn, entry_attrs) = entry
set_certificate_attrs(entry_attrs)
set_kerberos_attrs(entry_attrs, options)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
self.obj.suppress_netgroup_memberof(ldap, entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
# fetched anywhere.
entry_attrs['has_keytab'] = False
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(entry[0])
convert_sshpubkey_post(ldap, dn, entry_attrs)
return truncated
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return truncated
for entry_attrs in entries:
set_certificate_attrs(entry_attrs)
set_kerberos_attrs(entry_attrs, options)
rename_ipaallowedtoperform_from_ldap(entry_attrs, options)
self.obj.get_password_attributes(ldap, entry_attrs.dn, entry_attrs)
self.obj.suppress_netgroup_memberof(ldap, entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
# fetched anywhere.
entry_attrs['has_keytab'] = False
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(entry_attrs.dn)
convert_sshpubkey_post(ldap, entry_attrs.dn, entry_attrs)
convert_ipaassignedidview_post(entry_attrs, options)
return truncated
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
if options.get('random', False):
entry_attrs['randompassword'] = unicode(getattr(context, 'randompassword'))
set_certificate_attrs(entry_attrs)
set_kerberos_attrs(entry_attrs, options)
rename_ipaallowedtoperform_from_ldap(entry_attrs, options)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
# fetched anywhere.
entry_attrs['has_keytab'] = False
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(dn)
self.obj.suppress_netgroup_memberof(ldap, entry_attrs)
convert_sshpubkey_post(ldap, dn, entry_attrs)
convert_ipaassignedidview_post(entry_attrs, options)
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
if options.get('random', False):
entry_attrs['randompassword'] = unicode(getattr(context, 'randompassword'))
set_certificate_attrs(entry_attrs)
set_kerberos_attrs(entry_attrs, options)
rename_ipaallowedtoperform_from_ldap(entry_attrs, options)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
# fetched anywhere.
entry_attrs['has_keytab'] = False
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(dn)
self.obj.suppress_netgroup_memberof(ldap, entry_attrs)
convert_sshpubkey_post(ldap, dn, entry_attrs)
convert_ipaassignedidview_post(entry_attrs, options)
return dn
class host_add(LDAPCreate):
__doc__ = _('Add a new host.')
has_output_params = LDAPCreate.has_output_params + host_output_params
msg_summary = _('Added host "%(value)s"')
member_attributes = ['managedby']
takes_options = LDAPCreate.takes_options + (
Flag('force',
label=_('Force'),
doc=_('force host name even if not in DNS'),
),
Flag('no_reverse',
doc=_('skip reverse DNS detection'),
),
Str('ip_address?', validate_ipaddr,
doc=_('Add the host to DNS with this IP address'),
label=_('IP Address'),
),
)
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
if options.get('ip_address') and dns_container_exists(ldap):
parts = keys[-1].split('.')
host = parts[0]
domain = unicode('.'.join(parts[1:]))
check_reverse = not options.get('no_reverse', False)
add_records_for_host_validation('ip_address', host, domain,
options['ip_address'],
check_forward=True,
check_reverse=check_reverse)
if not options.get('force', False) and not 'ip_address' in options:
util.validate_host_dns(self.log, keys[-1])
if 'locality' in entry_attrs:
entry_attrs['l'] = entry_attrs['locality']
del entry_attrs['locality']
entry_attrs['cn'] = keys[-1]
entry_attrs['serverhostname'] = keys[-1].split('.', 1)[0]
if 'userpassword' not in entry_attrs and not options.get('random', False):
entry_attrs['krbprincipalname'] = 'host/%s@%s' % (
keys[-1], self.api.env.realm
)
if 'krbprincipalaux' not in entry_attrs['objectclass']:
entry_attrs['objectclass'].append('krbprincipalaux')
if 'krbprincipal' not in entry_attrs['objectclass']:
entry_attrs['objectclass'].append('krbprincipal')
else:
if 'krbprincipalaux' in entry_attrs['objectclass']:
entry_attrs['objectclass'].remove('krbprincipalaux')
if 'krbprincipal' in entry_attrs['objectclass']:
entry_attrs['objectclass'].remove('krbprincipal')
if options.get('random'):
entry_attrs['userpassword'] = ipa_generate_password(characters=host_pwd_chars)
# save the password so it can be displayed in post_callback
setattr(context, 'randompassword', entry_attrs['userpassword'])
cert = options.get('usercertificate')
if cert:
cert = x509.normalize_certificate(cert)
x509.verify_cert_subject(ldap, keys[-1], cert)
entry_attrs['usercertificate'] = cert
entry_attrs['managedby'] = dn
entry_attrs['objectclass'].append('ieee802device')
entry_attrs['objectclass'].append('ipasshhost')
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
exc = None
if dns_container_exists(ldap):
try:
parts = keys[-1].split('.')
host = parts[0]
domain = unicode('.'.join(parts[1:]))
if options.get('ip_address'):
add_reverse = not options.get('no_reverse', False)
add_records_for_host(host, domain, options['ip_address'],
add_forward=True,
add_reverse=add_reverse)
del options['ip_address']
update_sshfp_record(domain, unicode(parts[0]), entry_attrs)
except Exception, e:
exc = e
if options.get('random', False):
try:
entry_attrs['randompassword'] = unicode(getattr(context, 'randompassword'))
except AttributeError:
# On the off-chance some other extension deletes this from the
# context, don't crash.
pass
if exc:
raise errors.NonFatalError(
reason=_('The host was added but the DNS update failed with: %(exc)s') % dict(exc=exc)
)
set_certificate_attrs(entry_attrs)
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(dn)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
# fetched anywhere.
entry_attrs['has_keytab'] = False
convert_sshpubkey_post(ldap, dn, entry_attrs)
return dn
