def __init__(self, bind_dn, bind_pw, batch_mods=False,
sasl=False, ro=False):
"""Handler for bindings to CSH LDAP.
Keyword arguments:
batch_mods -- whether or not to batch LDAP writes (default False)
sasl -- whether or not to bypass bind_dn and bind_pw and use SASL bind
ro -- whether or not CSH LDAP is in read only mode (default False)
"""
if ro:
print("########################################\n"
"# #\n"
"# CSH LDAP IS IN READ ONLY MODE #\n"
"# #\n"
"########################################")
ldap_srvs = srvlookup.lookup("ldap", "tcp", self.__domain__)
ldap_uris = ""
for uri in ldap_srvs:
ldap_uris += "ldaps://"+uri.hostname+","
self.__con__ = ReconnectLDAPObject(ldap_uris)
# Allow connections with self-signed certs
self.__con__.set_option(self.__con__.OPT_X_TLS_REQUIRE_CERT, self.__con__.OPT_X_TLS_ALLOW)
if sasl:
self.__con__.sasl_non_interactive_bind_s('')
else:
self.__con__.simple_bind_s(bind_dn, bind_pw)
self.__mod_queue__ = {}
self.__pending_mod_dn__ = []
self.__batch_mods__ = batch_mods
self.__ro__ = ro
def passwd_reset(username, password):
"""
Use the password provided by the user to reset their account in FreeIPA
and then "change" their password to the same thing.
Keyword arguments:
username -- Username of the user to reset
password -- Desired password for the user
"""
# Create LDAP admin session to perform initial reset.
dn = "uid={},cn=users,cn=accounts,dc=csh,dc=rit,dc=edu".format(username)
# Find FreeIPA server
ldap_srvs = srvlookup.lookup("ldap", "tcp", "csh.rit.edu")
ldap_uri = ldap_srvs[0].hostname
l = ldap.initialize("ldaps://{}".format(ldap_uri))
l.simple_bind_s(app.config["LDAP_BIND_DN"], app.config["LDAP_BIND_PW"])
l.modify_s(dn, [(ldap.MOD_REPLACE, "userPassword", [password.encode()])])
l.modify_s(dn, [(ldap.MOD_REPLACE, "nsaccountlock", ["false".encode()])])
# FreeIPA automatically expires the password set through the previous
# method, so we need to use their password change API to get past that.
requests.post(
"https://{}/ipa/session/change_password".format(ldap_uri),
data={
"user": username,
"old_password": password,
"new_password": password
},
)
def lookup(s, skip_well_known=False):
if s[-1] == "]":
# ipv6 literal (with no port)
return s, 8448
if ":" in s:
out = s.rsplit(":", 1)
try:
port = int(out[1])
except ValueError:
raise ValueError("Invalid host:port '%s'" % s)
return out[0], port
# try a .well-known lookup
if not skip_well_known:
well_known = MatrixConnectionAdapter.get_well_known(s)
if well_known:
return MatrixConnectionAdapter.lookup(well_known,
skip_well_known=True)
try:
srv = srvlookup.lookup("matrix", "tcp", s)[0]
return srv.host, srv.port
except Exception:
return s, 8448
def srv_lookup(domain):
hosts = {}
for name in NAMES:
for thing in srvlookup.lookup(name, domain=domain):
host_ip = get_ip(thing.host)
if ldap_ping(host_ip):
hosts[thing.host] = host_ip
return hosts
def lookup(destination, path):
if ":" in destination:
return "https://%s%s" % (destination, path)
else:
try:
srv = srvlookup.lookup("matrix", "tcp", destination)[0]
return "https://%s:%d%s" % (srv.host, srv.port, path)
except:
return "https://%s:%d%s" % (destination, 8448, path)
def lookup(destination, path):
if ":" in destination:
return "https://%s%s" % (destination, path)
else:
try:
srv = srvlookup.lookup("matrix", "tcp", destination)[0]
return "https://%s:%d%s" % (srv.host, srv.port, path)
except:
return "https://%s:%d%s" % (destination, 8448, path)
def lookup():
res = srvlookup.lookup(sys.argv[1], sys.argv[2], sys.argv[3])
global ind
# r = res[1 + ind % 4]
# ind += 1
r = res[ind + 1]
ind = (ind + 1) % 4
print "[Thread %s]: %s:%d" % (
threading.currentThread().name, r.host, r.port)
def connect(domain):
try:
records = srvlookup.lookup('etcd-server', domain=domain)
except srvlookup.SRVQueryFailure as e:
raise RuntimeError("Failed to find etcd-server SRV record")
try:
return etcd.Client(host=records[0].host, port=2379)
except etcd.EtcdException as e:
raise RuntimeError("Failed to connect to etcd: {}".format(e))
def get_hegel_authority(facility):
try:
srv = srvlookup.lookup("grpc", domain=f"hegel.{facility}.packet.net")[0]
return f"{srv.hostname}:{srv.port}"
except:
authority = "hegel.packet.net:50060"
if facility == "lab1":
authority = "hegel-lab1.packet.net:50060"
return authority
def test_should_return_a_list_of_records(self):
with mock.patch('dns.resolver.query') as query:
query_name = name.from_text('foo.bar.baz.')
msg = self.get_message()
answer = resolver.Answer(query_name, 33, 1, msg, msg.answer[0])
query.return_value = answer
self.assertEqual(srvlookup.lookup('foo', 'bar', 'baz'), [
srvlookup.SRV('1.2.3.5', 11212, 1, 0),
srvlookup.SRV('1.2.3.4', 11211, 2, 0)
])
def test_should_return_a_list_of_records(self):
with mock.patch('dns.resolver.query') as query:
query_name = name.from_text('foo.bar.baz.')
msg = message.from_text(self.MESSAGE)
answer = resolver.Answer(query_name,
33, 1, msg,
msg.answer[0])
query.return_value = answer
self.assertEqual(srvlookup.lookup('foo', 'bar', 'baz'),
[srvlookup.SRV('1.2.3.5', 11211, 1, 0),
srvlookup.SRV('1.2.3.4', 11211, 2, 0)])
def test_should_include_local_domain_when_omitted(self):
with mock.patch('dns.resolver.query') as query:
with mock.patch('socket.getfqdn') as getfqdn:
getfqdn.return_value = 'baz'
query_name = name.from_text('foo.bar.baz.')
msg = self.get_message()
answer = resolver.Answer(query_name, 33, 1, msg, msg.answer[0])
query.return_value = answer
self.assertEqual(srvlookup.lookup('foo', 'bar'), [
srvlookup.SRV('1.2.3.5', 11212, 1, 0),
srvlookup.SRV('1.2.3.4', 11211, 2, 0)
])
def test_should_return_name_when_addt_record_is_missing(self):
with mock.patch('dns.resolver.query') as query:
query_name = name.from_text('foo.bar.baz.')
msg = self.get_message(additional_answers=[
'foo.bar.baz. 0 IN SRV 3 0 11213 foo3.bar.baz.'])
answer = resolver.Answer(query_name,
33, 1, msg,
msg.answer[0])
query.return_value = answer
self.assertEqual(srvlookup.lookup('foo', 'bar', 'baz'),
[srvlookup.SRV('1.2.3.5', 11212, 1, 0),
srvlookup.SRV('1.2.3.4', 11211, 2, 0),
srvlookup.SRV('foo3.bar.baz', 11213, 3, 0)])
def test_should_return_name_when_addt_record_is_missing(self):
with mock.patch('dns.resolver.query') as query:
query_name = name.from_text('foo.bar.baz.')
msg = self.get_message(additional_answers=[
'foo.bar.baz. 0 IN SRV 3 0 11213 foo3.bar.baz.'
])
answer = resolver.Answer(query_name, 33, 1, msg, msg.answer[0])
query.return_value = answer
self.assertEqual(srvlookup.lookup('foo', 'bar', 'baz'), [
srvlookup.SRV('1.2.3.5', 11212, 1, 0),
srvlookup.SRV('1.2.3.4', 11211, 2, 0),
srvlookup.SRV('foo3.bar.baz', 11213, 3, 0)
])
def __init__(self, config):
domain = config.get('discovery-srv', None)
if not domain:
raise RuntimeError('No discovery domain specified')
try:
records = srvlookup.lookup('etcd-server', domain=domain)
except srvlookup.SRVQueryFailure as e:
raise ProviderError("Failed to find etcd-server SRV record")
try:
self.client = etcd.Client(host=records[0].host, port=2379)
except etcd.EtcdException as e:
raise ProviderError("Failed to connect to etcd: {}".format(e))
def test_should_include_local_domain_when_omitted(self):
with mock.patch('dns.resolver.query') as query:
with mock.patch('socket.getfqdn') as getfqdn:
getfqdn.return_value = 'baz'
query_name = name.from_text('foo.bar.baz.')
msg = message.from_text(self.MESSAGE)
answer = resolver.Answer(query_name,
33, 1, msg,
msg.answer[0])
query.return_value = answer
self.assertEqual(srvlookup.lookup('foo', 'bar'),
[srvlookup.SRV('1.2.3.5', 11211, 1, 0),
srvlookup.SRV('1.2.3.4', 11211, 2, 0)])
def test_should_sort_records_by_priority_weight_and_host(self):
with mock.patch('dns.resolver.query') as query:
query_name = name.from_text('foo.bar.baz.')
msg = self.get_message(additional_answers=[
'foo.bar.baz. 0 IN SRV 0 0 11213 foo3.bar.baz.'
])
answer = resolver.Answer(query_name, 33, 1, msg, msg.answer[0])
query.return_value = answer
self.assertEqual(srvlookup.lookup('foo', 'bar'), [
srvlookup.SRV('foo3.bar.baz', 11213, 0, 0),
srvlookup.SRV('1.2.3.5', 11212, 1, 0),
srvlookup.SRV('1.2.3.4', 11211, 2, 0)
])
def dns_discovered(self):
if isinstance(self._dns_discovery, str):
_domain = self._dns_discovery
elif self._dns_discovery:
_domain = socket.getfqdn()
else:
raise FreeIPAError('neither host specified, not dns_discovery enabled')
while True:
try:
return srvlookup.lookup('ldap', 'tcp', _domain)
except srvlookup.SRVQueryFailure:
try:
_domain = _domain.split('.', 1)[1]
except IndexError:
raise FreeIPAError('could not find any IPA Server using DNS lookup')
def _refresh_addr(self):
"""
Gets current list of SRV records from DNS server and use the first one.
TODO: Check if we can assume that server returns records in random order.
"""
try:
srvs = srvlookup.lookup(self._service, self._protocol,
self._domain)
except srvlookup.SRVQueryFailure:
logger.debug('SRV query failed')
return
assert len(srvs) > 0
srv = srvs[0]
self._addr = (srv.host, srv.port)
self._last_refresh_at = datetime.now()
def lookup(s):
if s[-1] == ']':
# ipv6 literal (with no port)
return s, 8448
if ":" in s:
out = s.rsplit(":",1)
try:
port = int(out[1])
except ValueError:
raise ValueError("Invalid host:port '%s'" % s)
return out[0], port
try:
srv = srvlookup.lookup("matrix", "tcp", s)[0]
return srv.host, srv.port
except:
return s, 8448
def __init__(self, *args, **kwargs):
self.protocol = kwargs.pop('protocol', 'http')
self.server = kwargs.pop('server', "inventory")
self.api = kwargs.pop('api', '/api/v1')
self.domain = kwargs.pop('domain', 'local')
self.useragent = kwargs.pop('useragent', 'AnsibleInventory/0.0.1 (ansible 2.2.1.0)')
try:
servers = srvlookup.lookup(
name='ansibleinventory',
protocol='http',
domain=self.domain)
server = servers[randrange(0, len(servers), 1)]
self.node = "{}:{}".format(server.name, server.port)
except srvlookup.SRVQueryFailure as error:
sys.stderr.write("Error: {}\n".format(error))
super(CmdbapiDriver, self).__init__(*args, **kwargs)
node = {}
try:
results = self.devices()
for host in results:
node[host.node_name] = dict(
hosts=[ip_address for ip_address in host.ip_addresses],
vars=dict(
ansible_python_interpreter="/usr/bin/python2",
ansible_ssh_user="******".format("admin")))
self.add_inventory(node)
except RequestException as error:
sys.stderr.write(error.message)
print(self._render())
def __init__(self, *args, **kwargs):
self.protocol = kwargs.pop('protocol', 'http')
self.server = kwargs.pop('server', "inventory")
self.api = kwargs.pop('api', '/api/v1')
self.domain = kwargs.pop('domain', 'local')
self.useragent = kwargs.pop(
'useragent', 'AnsibleInventory/0.0.1 (ansible 2.2.1.0)')
try:
servers = srvlookup.lookup(name='ansibleinventory',
protocol='http',
domain=self.domain)
server = servers[randrange(0, len(servers), 1)]
self.node = "{}:{}".format(server.name, server.port)
except srvlookup.SRVQueryFailure as error:
sys.stderr.write("Error: {}\n".format(error))
super(CmdbapiDriver, self).__init__(*args, **kwargs)
node = {}
try:
results = self.devices()
for host in results:
node[host.node_name] = dict(
hosts=[ip_address for ip_address in host.ip_addresses],
vars=dict(ansible_python_interpreter="/usr/bin/python2",
ansible_ssh_user="******".format("admin")))
self.add_inventory(node)
except RequestException as error:
sys.stderr.write(error.message)
print(self._render())
def passwd_change(username, old_pw, new_pw):
"""
Change a user's password when the previous one is know.
Keyword arguments:
username -- Username of the user to alter
old_pw -- Current password for the account
new_pw -- Desired new password.
"""
# Find FreeIPA server
ldap_srvs = srvlookup.lookup("ldap", "tcp", "csh.rit.edu")
ldap_uri = ldap_srvs[0].hostname
change = requests.post(
"https://{}/ipa/session/change_password".format(ldap_uri),
data={
"user": username,
"old_password": old_pw,
"new_password": new_pw
},
)
if change.headers.get("X-IPA-Pwchange-Result") == "invalid-password":
raise PasswordChangeFailed
def wrapper(*method_args, **method_kwargs):
"""
Wrapper for method, calls method and returns the result if successful,
otherwise tries reconnecting.
:param method_args: method's arguments
:param method_kwargs: method's keyword arguments
:return: result of method call
"""
max_reconnects = MAX_RECONNECTS
is_cshldap = lambda arg: any(
filter(lambda t: t.__name__ == 'CSHLDAP',
type(arg).__mro__))
ldap_obj = next(filter(is_cshldap, method_args)) \
if any(filter(is_cshldap, method_args)) \
else method_args[0].__lib__
while max_reconnects:
try:
result = method(*method_args, **method_kwargs)
return result
except (ldap.SERVER_DOWN, ldap.TIMEOUT):
ldap_srvs = srvlookup.lookup("ldap", "tcp",
ldap_obj.__domain__)
ldap_obj.ldap_uris = [
'ldaps://' + uri.hostname for uri in ldap_srvs
]
for uri in ldap_obj.ldap_uris:
try:
ldap_obj.__con__.reconnect(uri)
ldap_obj.server_uri = uri
result = method(*method_args, **method_kwargs)
return result
except (ldap.SERVER_DOWN, ldap.TIMEOUT):
continue
max_reconnects -= 1
if max_reconnects == 0:
raise
def print_srv(domain):
output = []
for srv in lookup_records:
with suppress(Exception):
try:
res = srvlookup.lookup(
name=srv[0], protocol=srv[1], domain=domain)
except Exception as e:
pass
if res:
for r in res:
recdict = {
'record': '_{0}._{1}.{2}'.format(srv[0], srv[1], domain),
'priority': r.priority,
'weight': r.weight,
'port': r.port,
'hostname': r.hostname
}
output.append(recdict)
res = None
return print(tabulate(output, headers='keys', tablefmt="pipe"))
def resolve_srv(hostname):
"""Get delegated hostname and port from DNS SRV record
Try and look up the DNS SRV record for a hostname, then if this exists return
the delegated hostname, port and srv, or return an empty string if no well known server file exists.
Args:
hostname: A hostname as found in the Matrix ID.
Returns:
Delegated hostname and port in the format sub.domain.tld:port:srv
Or an empty string if no luck.
"""
# Turn off annoying logging to terminal from srv lookup
logger = logging.getLogger('srvlookup').setLevel(logging.CRITICAL)
logger = logger
# Try and look up SRV record
try:
srv = srvlookup.lookup('matrix', 'TCP', hostname)
# SRV lookup fail (except no record found)
except (srvlookup.SRVQueryFailure, UnicodeError, dns.name.LabelTooLong):
return(None)
# SRV lookup returns something
else:
# Successful SRV lookup
if 'Error querying SRV' not in srv[0]:
delegated_hostname = srv[0].hostname
delegated_port = srv[0].port
return(f'{delegated_hostname}:{delegated_port}:srv')
# Error quering
else:
return(None)
def __init__(self, bind_dn, bind_pw, batch_mods=False,
sasl=False, ro=False):
"""Handler for bindings to CSH LDAP.
Keyword arguments:
batch_mods -- whether or not to batch LDAP writes (default False)
sasl -- whether or not to bypass bind_dn and bind_pw and use SASL bind
ro -- whether or not CSH LDAP is in read only mode (default False)
"""
if ro:
print("########################################\n"
"# #\n"
"# CSH LDAP IS IN READ ONLY MODE #\n"
"# #\n"
"########################################")
ldap_srvs = srvlookup.lookup("ldap", "tcp", self.__domain__)
self.ldap_uris = ['ldaps://' + uri.hostname for uri in ldap_srvs]
self.server_uri = None
self.__con__ = None
for uri in self.ldap_uris:
try:
self.__con__ = ReconnectLDAPObject(uri)
self.server_uri = uri
except (ldap.SERVER_DOWN, ldap.TIMEOUT):
continue
if self.__con__ is None:
raise ldap.SERVER_DOWN
if sasl:
self.__con__.sasl_non_interactive_bind_s('')
else:
self.__con__.simple_bind_s(bind_dn, bind_pw)
self.__mod_queue__ = {}
self.__pending_mod_dn__ = []
self.__batch_mods__ = batch_mods
self.__ro__ = ro
def lookup_backends(name):
try:
return srvlookup.lookup(name, 'tcp', 'marathon.mesos')
except e:
print >> sys.stderr, e
return []
def get_client(domain='manager.luk.ai'):
records = srvlookup.lookup('grpclb', domain=domain)
server = random.choice(records)
addr = '{}:{}'.format(server.hostname, server.port)
channel = grpc.secure_channel(addr, grpc.ssl_channel_credentials())
return manager_pb2_grpc.ManagerStub(channel)
help='The value of max_blank of the on_blank function in seconds',
)
parser.add_argument(
'--threshold',
default=-40.0,
type=float,
help='The value of threshold of the on_blank function in decibels',
)
args = parser.parse_args()
print(args)
import srvlookup
rr = srvlookup.lookup('pushgateway', domain='consul')
if len(rr) == 0:
raise RuntimeError('no pushgateway found')
rr = rr[0]
addr = '%s:%s' % (rr.host, rr.port)
from prometheus_client import Gauge, CollectorRegistry, push_to_gateway
registry = CollectorRegistry()
g = Gauge('silent_check_stream_noise',
'Result of liquidsoap stream blank detection',
['source', 'min_noise', 'max_blank', 'threshold'],
def lookup(service):
record = srvlookup.lookup(service, domain=domain)[0]
return (record.host, record.port)
def lookup_backends():
return srvlookup.lookup('example_dcos_backend_user', 'tcp', 'marathon.mesos')
import srvlookup
myapp_locations = srvlookup.lookup('myapp', 'tcp', 'marathon.mesos')
print "locations for myapp running on marathon:"
for location in myapp_locations:
print "%s:%s" % (location.host, location.port)
import asyncio
import os
import weakref
import aiohttp
import aioredis
import srvlookup
from aiohttp import web, ClientSession
REDIS_HOST = os.environ['REDIS_HOST']
try:
results = srvlookup.lookup('http', 'tcp', 'django')
DJANGO_HOST = results[0].host
DJANGO_PORT = results[0].port
except srvlookup.SRVQueryFailure:
DJANGO_HOST = os.environ['DJANGO_HOST']
DJANGO_PORT = os.environ['DJANGO_PORT']
routes = web.RouteTableDef()
@routes.get('/ws')
async def websocket_handler(request):
ws = web.WebSocketResponse()
await ws.prepare(request)
session = ClientSession()
request.app['websockets'].add(ws)
try:
async for msg in ws:
if msg.type == aiohttp.WSMsgType.TEXT:
import socket,subprocess,os,pyasn1,ldap,srvlookup,sys
from struct import *
from pyasn1.type import univ, tag
from pyasn1.codec.der.encoder import encode
from pyasn1.codec.der.decoder import decode
#Force Suppress errors to DevNull
class DevNull:
def write(self, msg):
pass
#sys.stderr = DevNull()
domaininput=sys.argv[1]
srvrecord=srvlookup.lookup("ldap",protocol="tcp",domain=domaininput)
print(srvrecord)
for srec in range(0, len(srvrecord)):
testdc=srvrecord[srec].hostname
testport=srvrecord[srec].port
testip=srvrecord[srec].host
ntver = "%c%c%c%c" % (6,0,0,0)
cldap=ldap.LDAPMessage()
cldap['messageID'] = 0
search=ldap.SearchRequest()
search['baseObject'] = ""
search['scope'] = 0
search['derefAliases'] = 0
search['sizeLimit'] = 0
search['timeLimit'] = 0
recaptcha = ReCaptcha()
recaptcha.init_app(app)
# OIDC Initialization
OIDC_PROVIDER = "csh"
client_info = ClientMetadata(**app.config["OIDC_CLIENT_CONFIG"])
provider = ProviderConfiguration(issuer=app.config["OIDC_ISSUER"],
client_metadata=client_info)
auth = OIDCAuthentication(app=app,
provider_configurations={OIDC_PROVIDER: provider})
# Connect to LDAP
ldap = CSHLDAP(app.config["LDAP_BIND_DN"], app.config["LDAP_BIND_PW"])
# Find FreeIPA server
ldap_srvs = srvlookup.lookup("ldap", "tcp", "csh.rit.edu")
ldap_uri = ldap_srvs[0].hostname
# FreeIPA API Connection
ipa = Client(ldap_uri, version="2.215")
# Configure rate limiting
if not app.config["DEBUG"]:
limiter = Limiter(app,
key_func=get_remote_address,
default_limits=["50 per day", "10 per hour"])
# Initialize QR Code Generator
qr = QRcode(app)
# Import blueprints
def find_etcd_server(domain):
assert domain, '--discovery-srv flag needs to be set'
records = srvlookup.lookup('etcd-server', domain=domain)
return etcd.Client(host=records[0].host, port=2379)
from kafka import SimpleProducer, KafkaClient
import srvlookup
# Kafka may not always run on the same port, so we need to perform
# an SRV record lookup in order to find it.
kafka_location = srvlookup.lookup('broker-0', 'tcp', 'kafka.mesos')[0]
kafka = KafkaClient("%s:%s" % (kafka_location.host, kafka_location.port))
# Real-world Kafka workloads will gain an order of magnitude++
# more throughput when using async mode. The trade-off is your
# requests may have higher latency (the cli will instantly return
# however.) This is the classic throughput-latency trade-off at play.
producer = SimpleProducer(kafka, async=True)
producer.send_messages(b'my-topic', b'some message')
import srvlookup
import dns.resolver
import argparse
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument("--host")
parser.add_argument("--full", default=False, action="store_true")
parser.add_argument("--txt", default=False, action="store_true")
args = parser.parse_args()
if args.host:
services = srvlookup.lookup("mongodb", domain=args.host)
for i in services:
if args.full:
print(i)
else:
print("%s:%i" % (i.hostname, i.port))
if args.txt:
for txtrecord in dns.resolver.query(args.host, 'TXT'):
print("%s=%s" % (args.host, txtrecord))
else:
print("No host specified")
def __init__(self, bind_dn, bind_pw):
uris = ''.join(['ldaps://' + srv.hostname + "," for srv in srvlookup.lookup('ldap', 'tcp', 'csh.rit.edu')])
self._ldap = ldap.ldapobject.ReconnectLDAPObject(uris)
self._ldap.simple_bind_s(bind_dn, bind_pw)
