def createAddGroupIfNotExists(self, user_dn, user_name, gid_number):
if user_dn is None or user_name is None or gid_number is None:
return
index = PluginRegistry.getInstance("ObjectIndex")
res = index.search({
"_type": "PosixGroup",
"gidNumber": gid_number
}, {"dn": 1})
if len(res) == 0:
# create group
user = ObjectProxy(user_dn)
group = ObjectProxy(user.get_adjusted_parent_dn(), "PosixGroup")
group.cn = user_name
group.description = N_("Group of user %s" % user_name)
group.autoGid = False
group.gidNumber = gid_number
group.memberUid = [user_name]
group.commit()
elif len(res) == 1:
group = ObjectProxy(res[0]["dn"])
if user_name not in group.memberUid:
group.memberUid.append(user_name)
group.commit()
else:
raise GosaException(
C.make_error('GROUP_ID_IS_AMBIGUOUS', gid=gid_number))
def applyClientRights(self, device_uuid):
# check rights
acl = PluginRegistry.getInstance("ACLResolver")
if not acl.check(
device_uuid, "%s.%s.%s" %
(self.env.domain, "command", "preUserSession"), "x"):
role_name = "$$ClientDevices"
# create AclRole for joining if not exists
index = PluginRegistry.getInstance("ObjectIndex")
res = index.search({
"_type": "AclRole",
"name": role_name
}, {"dn": 1})
if len(res) == 0:
# create
role = ObjectProxy(self.env.base, "AclRole")
role.name = role_name
# create rule
aclentry = {
"priority":
0,
"scope":
"sub",
"actions": [{
"topic":
"%s\.command\.(joinClient|preUserSession|postUserSession|getMethods)"
% self.env.domain,
"acl":
"x",
"options": {}
}]
}
role.AclRoles = [aclentry]
role.commit()
# check if device has role
found = False
base = ObjectProxy(self.env.base)
if base.is_extended_by("Acl"):
for entry in base.AclSets:
if entry["rolename"] == role_name and device_uuid in entry[
"members"]:
found = True
break
else:
base.extend("Acl")
if found is False:
acl_entry = {
"priority": 0,
"members": [device_uuid],
"rolename": role_name
}
base.AclSets.append(acl_entry)
base.commit()
def create_container(self):
# create incoming ou if not exists
index = PluginRegistry.getInstance("ObjectIndex")
res = index.search({'_parent_dn': self.type_bases["ForemanHost"], '_type': 'IncomingDeviceContainer'}, {'dn': 1})
if len(res) == 0:
ou = ObjectProxy(self.type_bases["ForemanHost"], "IncomingDeviceContainer")
ou.commit()
res = index.search({'_parent_dn': self.type_bases["ForemanHostGroup"], '_type': 'GroupContainer'}, {'dn': 1})
if len(res) == 0:
ou = ObjectProxy(self.type_bases["ForemanHostGroup"], "GroupContainer")
ou.commit()
def saveUserPreferences(self, userid, name, value):
index = PluginRegistry.getInstance("ObjectIndex")
res = index.search({'_type': 'User', 'uid': userid}, {'dn': 1})
if len(res) == 0:
raise GOsaException(C.make_error("UNKNOWN_USER", target=userid))
user = ObjectProxy(res[0]['dn'])
if user.guiPreferences is None:
user.guiPreferences = {}
user.guiPreferences[name] = value
user.commit()
return True
def saveUserPreferences(self, userid, name, value):
index = PluginRegistry.getInstance("ObjectIndex")
res = index.search({'_type': 'User', 'uid': userid}, {'dn': 1})
if len(res) == 0:
raise GOsaException(C.make_error("UNKNOWN_USER", target=userid))
user = ObjectProxy(res[0]['dn'])
if user.guiPreferences is None:
user.guiPreferences = {}
user.guiPreferences[name] = value
user.commit()
return True
def create_test_data():
"""
Insert new data just for testing purposes
"""
index = PluginRegistry.getInstance("ObjectIndex")
res = index.search({"dn": "dc=test,dc=example,dc=net"}, {"dn": 1})
if len(res) > 0:
new_domain = ObjectProxy("dc=test,dc=example,dc=net")
new_domain.remove(True)
new_domain = ObjectProxy("dc=example,dc=net", "DomainComponent")
new_domain.dc = "test"
new_domain.description = "Domain for testing purposes"
new_domain.commit()
return "dc=test,dc=example,dc=net"
def __maintain_user_session(self, client_id, user_name):
# save login time and system<->user references
client = self.__open_device(client_id)
client.gotoLastUser = user_name
self.systemSetStatus(client, "+B")
index = PluginRegistry.getInstance("ObjectIndex")
res = index.search({"_type": "User", "uid": user_name}, {"dn": 1})
for u in res:
user = ObjectProxy(u["dn"])
if not user.is_extended_by("GosaAccount"):
user.extend("GosaAccount")
user.gotoLastSystemLogin = datetime.datetime.now()
user.gotoLastSystem = client.dn
user.commit()
def __maintain_user_session(self, client_id, user_name):
# save login time and system<->user references
client = self.__open_device(client_id)
client.gotoLastUser = user_name
self.systemSetStatus(client, "+B")
index = PluginRegistry.getInstance("ObjectIndex")
res = index.search({"_type": "User", "uid": user_name}, {"dn": 1})
for u in res:
user = ObjectProxy(u["dn"])
if not user.is_extended_by("GosaAccount"):
user.extend("GosaAccount")
user.gotoLastSystemLogin = datetime.datetime.now()
user.gotoLastSystem = client.dn
user.commit()
def create_test_data():
"""
Insert new data just for testing purposes
"""
index = PluginRegistry.getInstance("ObjectIndex")
res = index.search({"dn": "dc=test,dc=example,dc=net"}, {"dn": 1})
if len(res) > 0:
new_domain = ObjectProxy("dc=test,dc=example,dc=net")
new_domain.remove(True)
new_domain.commit()
new_domain = ObjectProxy("dc=example,dc=net", "DomainComponent")
new_domain.dc = "test"
new_domain.description = "Domain for testing purposes"
new_domain.commit()
return "dc=test,dc=example,dc=net"
def systemSetStatus(self, device_uuid, status):
"""
TODO
"""
# Write to backend
index = PluginRegistry.getInstance("ObjectIndex")
res = index.search({'_type': 'Device', 'deviceUUID': device_uuid}, {'_uuid': 1})
if len(res) != 1:
raise ValueError(C.make_error("CLIENT_NOT_FOUND", device_uuid))
device = ObjectProxy(res[0]['_uuid'])
r = re.compile(r"([+-].)")
for stat in r.findall(status):
if stat[1] not in mapping:
raise ValueError(C.make_error("CLIENT_STATUS_INVALID", device_uuid, status=stat[1]))
setattr(device, mapping[stat[1]], stat.startswith("+"))
device.commit()
def test_load_from_object_database(self):
# prepare some AclRoles
role = ObjectProxy('ou=aclroles,dc=example,dc=net', 'AclRole')
role.name = "tester"
role.AclRoles = []
aclentry = {
"priority": 0,
"rolename": "tester"
}
role.AclRoles.append(aclentry)
role.commit()
self.__remove_objects.append('name=tester,ou=aclroles,dc=example,dc=net')
with mock.patch("gosa.backend.acl.PluginRegistry.getInstance") as m_index:
m_index.return_value.search.side_effect = [[
{'dn': 'name=tester,ou=aclroles,dc=example,dc=net'}
],
[] # no ACLSets
]
self.resolver.load_from_object_database()
def createAddGroupIfNotExists(self, user_dn, user_name, gid_number):
if user_dn is None or user_name is None or gid_number is None:
return
index = PluginRegistry.getInstance("ObjectIndex")
res = index.search({"_type": "PosixGroup", "gidNumber": gid_number}, {"dn": 1})
if len(res) == 0:
# create group
user = ObjectProxy(user_dn)
group = ObjectProxy(user.get_adjusted_parent_dn(), "PosixGroup")
group.cn = user_name
group.description = N_("Group of user %s" % user_name)
group.autoGid = False
group.gidNumber = gid_number
group.memberUid = [user_name]
group.commit()
elif len(res) == 1:
group = ObjectProxy(res[0]["dn"])
if user_name not in group.memberUid:
group.memberUid.append(user_name)
group.commit()
else:
raise GosaException(C.make_error('GROUP_ID_IS_AMBIGUOUS', gid=gid_number))
def getDestinationIndicator(self, client_id, uid, cn_query, rotate=True):
"""
:param client_id: UUID of the client used to find the closest destinationIndicators
:param uid: uid of the user
:param cn_query: filter for destinationIndicator-cns (e.g. 'lts-% for wildcards)
:param rotate: rotate the destinationIndicators (do not use the last one twice in a row)
:return: FQDN of the server marked as destinationIndicator
"""
index = PluginRegistry.getInstance('ObjectIndex')
res = index.search({'_type': 'User', 'uid': uid}, {'dn': 1})
if len(res) == 0:
raise ValueError(C.make_error("USER_NOT_FOUND", user=uid, status_code=404))
user = ObjectProxy(res[0]['dn'])
if rotate is False and user.destinationIndicator is not None:
# nothing to rotate, take the stored one
return user.destinationIndicator
client = self.__open_device(client_id, read_only=True)
parent_dn = client.get_adjusted_parent_dn()
res = index.search({'_type': 'Device', 'extension': 'GoServer', 'cn': cn_query, '_adjusted_parent_dn': parent_dn}, {'dn': 1})
while len(res) == 0 and len(parent_dn) > len(self.env.base):
parent_dn = dn2str(str2dn(parent_dn, flags=ldap.DN_FORMAT_LDAPV3)[1:])
res = index.search({'_type': 'Device', 'cn': cn_query, '_adjusted_parent_dn': parent_dn}, {'dn': 1})
if len(res) > 0:
di_pool = sorted([x['dn'] for x in res])
if user.destinationIndicator is None:
# nothing to rotate, take the first one
user.destinationIndicator = di_pool[0]
user.commit()
elif rotate is True:
if user.destinationIndicator in di_pool:
# take the next one from list
position = di_pool.index(user.destinationIndicator)+1
if position >= len(di_pool):
position = 0
user.destinationIndicator = di_pool[position]
user.commit()
else:
# nothing to rotate, take the first one
user.destinationIndicator = di_pool[0]
user.commit()
return user.destinationIndicator
return None
def joinClient(self, user, device_uuid, mac, info=None):
"""
TODO
"""
index = PluginRegistry.getInstance("ObjectIndex")
uuid_check = re.compile(r"^[0-9a-f]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", re.IGNORECASE)
if not uuid_check.match(device_uuid):
raise ValueError(C.make_error("CLIENT_UUID_INVALID", device_uuid))
# Handle info, if present
more_info = []
if info:
# Check string entries
for entry in filter(lambda x: x in info, ["serialNumber", "ou", "o", "l", "description"]):
if not re.match(r"^[\w\s]+$", info[entry]):
raise ValueError(C.make_error("CLIENT_DATA_INVALID", device_uuid, entry=entry, data=info[entry]))
more_info.append((entry, info[entry]))
# Check desired device type if set
if "deviceType" in info:
if re.match(r"^(terminal|workstation|server|sipphone|switch|router|printer|scanner)$", info["deviceType"]):
more_info.append(("deviceType", info["deviceType"]))
else:
raise ValueError(C.make_error("CLIENT_TYPE_INVALID", device_uuid, type=info["deviceType"]))
# Check owner for presence
if "owner" in info:
# Take a look at the directory to see if there's such an owner DN
res = index.search({'_dn': info["owner"]}, {'_dn': 1})
if len(res) == 0:
raise ValueError(C.make_error("CLIENT_OWNER_NOT_FOUND", device_uuid, owner=info["owner"]))
more_info.append(("owner", info["owner"]))
# Generate random client key
random.seed()
key = ''.join(random.Random().sample(string.ascii_letters + string.digits, 32))
salt = os.urandom(4)
h = hashlib.sha1(key.encode('ascii'))
h.update(salt)
# Take a look at the directory to see if there's already a joined client with this uuid
res = index.search({'_type': 'Device', 'macAddress': mac},
{'_uuid': 1})
if len(res):
raise GOtoException(C.make_error("DEVICE_EXISTS", mac))
# While the client is going to be joined, generate a random uuid and an encoded join key
cn = str(uuid4())
device_key = self.__encrypt_key(device_uuid.replace("-", ""), cn + key)
# Resolve manager
res = index.search({'_type': 'User', 'uid': user},
{'dn': 1})
if len(res) != 1:
raise GOtoException(C.make_error("USER_NOT_UNIQUE" if res else "UNKNOWN_USER", target=user))
manager = res[0]['dn']
# Create new machine entry
# dn = ",".join([self.env.config.get("goto.machine-rdn", default="ou=systems"), self.env.base])
# container = ObjectProxy(dn, "DeviceContainer")
# container.commit()
dn = ",".join([self.env.config.get("goto.machine-rdn", default="ou=devices,ou=systems"), self.env.base])
record = ObjectProxy(dn, "Device")
record.extend("RegisteredDevice")
record.extend("ieee802Device")
record.extend("simpleSecurityObject")
record.deviceUUID = cn
record.deviceKey = Binary(device_key)
record.cn = cn
record.manager = manager
record.status_Offline = True
record.macAddress = mac.encode("ascii", "ignore")
record.userPassword = "******" + encode(h.digest() + salt).decode()
for key, value in more_info:
setattr(record, key, value)
record.commit()
self.log.info("UUID '%s' joined as %s" % (device_uuid, record.dn))
return [key, cn]
return None
async def test_provision_host(self, m_get, m_del, m_put, m_post):
""" convert a discovered host to a 'real' host """
self._test_dn = GosaTestCase.create_test_data()
container = ObjectProxy(self._test_dn, "IncomingDeviceContainer")
container.commit()
mocked_foreman = MockForeman()
m_get.side_effect = mocked_foreman.get
m_del.side_effect = mocked_foreman.delete
m_put.side_effect = mocked_foreman.put
m_post.side_effect = mocked_foreman.post
# create the discovered host + foremanHostgroup
d_host = ObjectProxy(container.dn, "Device")
d_host.cn = "mac00262df16a2c"
d_host.extend("ForemanHost")
d_host.status = "discovered"
d_host.extend("ieee802Device")
d_host.macAddress = "00:26:2d:f1:6a:2c"
d_host.extend("IpHost")
d_host.ipHostNumber = "192.168.0.1"
d_host.commit()
hostgroup = ObjectProxy("%s" % self._test_dn, "GroupOfNames")
hostgroup.extend("ForemanHostGroup")
hostgroup.cn = "Test"
hostgroup.foremanGroupId = "4"
hostgroup.commit()
# add host to group
logging.getLogger("test.foreman-integration").info("########### START: Add Host to group ############# %s" % AsyncHTTPTestCase.get_url(self, "/hooks/"))
d_host = ObjectProxy("cn=mac00262df16a2c,%s" % container.dn)
def check():
logging.getLogger("test.foreman-integration").info("check condition: %s, %s" % (d_host.cn, d_host.status))
return d_host.cn == "mac00262df16a2c" and d_host.status == "discovered"
def check2():
logging.getLogger("test.foreman-integration").info("check2 condition: %s" % d_host.cn)
return d_host.cn == "Testhost"
base_dir = os.path.join(os.path.dirname(os.path.realpath(__file__)), "data")
with open(os.path.join(base_dir, "discovered_hosts", "mac00262df16a2c.json")) as f:
mocked_foreman.register_conditional_response("http://localhost:8000/api/v2/discovered_hosts/mac00262df16a2c",
"get",
check,
f.read())
with open(os.path.join(base_dir, "conditional", "Testhost.json")) as f:
mocked_foreman.register_conditional_response("http://localhost:8000/api/v2/hosts/Testhost",
"get",
check2,
f.read())
def activate(**kwargs):
return True
mocked_foreman.register_trigger("http://localhost:8000/api/v2/discovered_hosts/mac00262df16a2c",
"put",
activate,
self.execute)
with make_session() as session:
assert session.query(ObjectInfoIndex.dn)\
.join(ObjectInfoIndex.properties)\
.filter(and_(KeyValueIndex.key == "cn", KeyValueIndex.value == "Testhost"))\
.count() == 0
d_host.cn = "Testhost"
d_host.groupMembership = hostgroup.dn
d_host.commit()
logging.getLogger("test.foreman-integration").info("waiting for 2 seconds")
await asyncio.sleep(2)
logging.getLogger("test.foreman-integration").info("########### END: Add Host to group #############")
# now move the host to the final destination
d_host = ObjectProxy("cn=Testhost,ou=incoming,%s" % self._test_dn)
assert d_host.status != "discovered"
assert d_host.name == "Testhost"
assert d_host.hostgroup_id == "4"
assert d_host.is_extended_by("RegisteredDevice") is True
assert len(d_host.userPassword[0]) > 0
assert d_host.deviceUUID is not None
with make_session() as session:
assert session.query(ObjectInfoIndex.dn) \
.join(ObjectInfoIndex.properties) \
.filter(and_(KeyValueIndex.key == "cn", KeyValueIndex.value == "Testhost")) \
.count() == 1
logging.getLogger("test.foreman-integration").info("########### START: moving host #############")
d_host.move("%s" % self._test_dn)
logging.getLogger("test.foreman-integration").info("########### END: moving host #############")
# lets check if everything is fine in the database
d_host = ObjectProxy("cn=Testhost,ou=devices,%s" % self._test_dn, read_only=True)
assert d_host is not None
assert d_host.status == "unknown"
assert d_host.groupMembership == hostgroup.dn
def remove_test_data(dn):
if dn is not None:
new_domain = ObjectProxy(dn)
new_domain.remove(True)
new_domain.commit()
def add_host(self, hostname, base=None):
# create dn
if base is None:
index = PluginRegistry.getInstance("ObjectIndex")
# get the IncomingDevice-Container
res = index.search({"_type": "IncomingDeviceContainer", "_parent_dn": self.type_bases["ForemanHost"]}, {"dn": 1})
if len(res) > 0:
base = res[0]["dn"]
else:
base = self.type_bases["ForemanHost"]
ForemanBackend.modifier = "foreman"
device = self.get_object("ForemanHost", hostname, create=False)
if device is None:
self.log.debug("Realm request: creating new host with hostname: %s" % hostname)
device = ObjectProxy(base, "Device")
device.extend("ForemanHost")
device.cn = hostname
# commit now to get a uuid
device.commit()
# re-open to get a clean object
device = ObjectProxy(device.dn)
else:
self.log.debug("Realm request: use existing host with hostname: %s" % hostname)
try:
if not device.is_extended_by("ForemanHost"):
device.extend("ForemanHost")
# Generate random client key
h, key, salt = generate_random_key()
# While the client is going to be joined, generate a random uuid and an encoded join key
if not device.is_extended_by("RegisteredDevice"):
device.extend("RegisteredDevice")
if not device.is_extended_by("simpleSecurityObject"):
device.extend("simpleSecurityObject")
if device.deviceUUID is None:
cn = str(uuid.uuid4())
device.deviceUUID = cn
else:
cn = device.deviceUUID
device.status = "pending"
device.status_InstallationInProgress = True
if device.userPassword is None:
device.userPassword = []
elif device.otp is not None:
device.userPassword.remove(device.otp)
device.userPassword.append("{SSHA}" + encode(h.digest() + salt).decode())
# make sure the client has the access rights he needs
client_service = PluginRegistry.getInstance("ClientService")
client_service.applyClientRights(device.deviceUUID)
device.commit()
self.mark_for_parameter_setting(hostname, {"status": "added"})
return "%s|%s" % (key, cn)
except Exception as e:
# remove created device again because something went wrong
# self.remove_type("ForemanHost", hostname)
self.log.error(str(e))
raise e
finally:
ForemanBackend.modifier = None
def joinClient(self, user, device_uuid, mac, info=None):
"""
TODO
"""
index = PluginRegistry.getInstance("ObjectIndex")
uuid_check = re.compile(
r"^[0-9a-f]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$",
re.IGNORECASE)
if not uuid_check.match(device_uuid):
raise ValueError(C.make_error("CLIENT_UUID_INVALID", device_uuid))
# Handle info, if present
more_info = []
if info:
# Check string entries
for entry in filter(
lambda x: x in info,
["serialNumber", "ou", "o", "l", "description"]):
if not re.match(r"^[\w\s]+$", info[entry]):
raise ValueError(
C.make_error("CLIENT_DATA_INVALID",
device_uuid,
entry=entry,
data=info[entry]))
more_info.append((entry, info[entry]))
# Check desired device type if set
if "deviceType" in info:
if re.match(
r"^(terminal|workstation|server|sipphone|switch|router|printer|scanner)$",
info["deviceType"]):
more_info.append(("deviceType", info["deviceType"]))
else:
raise ValueError(
C.make_error("CLIENT_TYPE_INVALID",
device_uuid,
type=info["deviceType"]))
# Check owner for presence
if "owner" in info:
# Take a look at the directory to see if there's such an owner DN
res = index.search({'_dn': info["owner"]}, {'_dn': 1})
if len(res) == 0:
raise ValueError(
C.make_error("CLIENT_OWNER_NOT_FOUND",
device_uuid,
owner=info["owner"]))
more_info.append(("owner", info["owner"]))
# Generate random client key
h, key, salt = generate_random_key()
# Take a look at the directory to see if there's already a joined client with this uuid
res = index.search(
{
'_type': 'Device',
'macAddress': mac,
'extension': 'RegisteredDevice'
}, {'dn': 1})
if len(res) > 0:
record = ObjectProxy(res[0]['dn'])
for ext in ["simpleSecurityObject", "ieee802Device"]:
if not record.is_extended_by(ext):
record.extend(ext)
if record.is_extended_by("ForemanHost") and record.otp is not None:
record.otp = None
record.userPassword = [
"{SSHA}" + encode(h.digest() + salt).decode()
]
for k, value in more_info:
setattr(record, k, value)
cn = record.deviceUUID
record.status_Online = False
record.status_Offline = True
record.status_InstallationInProgress = False
record.commit()
self.log.info("UUID '%s' joined as %s" % (device_uuid, record.dn))
else:
# While the client is going to be joined, generate a random uuid and an encoded join key
cn = str(uuid4())
device_key = encrypt_key(device_uuid.replace("-", ""), cn + key)
# Resolve manager
res = index.search({'_type': 'User', 'uid': user}, {'dn': 1})
if len(res) != 1:
raise GOtoException(
C.make_error("USER_NOT_UNIQUE" if res else "UNKNOWN_USER",
target=user))
manager = res[0]['dn']
# Create new machine entry
dn = ",".join([
self.env.config.get("goto.machine-rdn", default="ou=systems"),
self.env.base
])
record = ObjectProxy(dn, "Device")
record.extend("RegisteredDevice")
record.extend("ieee802Device")
record.extend("simpleSecurityObject")
record.deviceUUID = cn
record.deviceKey = Binary(device_key)
record.cn = "mac%s" % mac.replace(":", "")
record.manager = manager
record.status_Offline = True
record.macAddress = mac.encode("ascii", "ignore")
record.userPassword = [
"{SSHA}" + encode(h.digest() + salt).decode()
]
for k, value in more_info:
setattr(record, k, value)
record.commit()
self.log.info("UUID '%s' joined as %s" % (device_uuid, record.dn))
# make sure the client has the access rights he needs
self.applyClientRights(cn)
return [key, cn]
def joinClient(self, user, device_uuid, mac, info=None):
"""
TODO
"""
index = PluginRegistry.getInstance("ObjectIndex")
uuid_check = re.compile(r"^[0-9a-f]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", re.IGNORECASE)
if not uuid_check.match(device_uuid):
raise ValueError(C.make_error("CLIENT_UUID_INVALID", uuid=device_uuid))
# Handle info, if present
more_info = []
extensions = ["simpleSecurityObject", "ieee802Device"]
if info:
# Check string entries
for entry in filter(lambda x: x in info, ["serialNumber", "ou", "o", "l", "description"]):
if not re.match(r"^[\w\s]+$", info[entry]):
raise ValueError(C.make_error("CLIENT_DATA_INVALID", client=device_uuid, entry=entry, data=info[entry]))
more_info.append((entry, info[entry]))
if "ipHostNumber" in info:
if re.match(r"^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}", info["ipHostNumber"]):
more_info.append(("ipHostNumber", info["ipHostNumber"]))
extensions.append("IpHost")
else:
raise ValueError(C.make_error("CLIENT_DATA_INVALID", client=device_uuid, entry="ipHostNumber", data=info["ipHostNumber"]))
if "hostname" in info:
allowed = re.compile("(?!-)[A-Z\d-]{1,63}(?<!-)$", re.IGNORECASE)
if all(allowed.match(x) for x in info["hostname"].split(".")):
more_info.append(("description", info["hostname"]))
# Check desired device type if set
if "deviceType" in info:
if re.match(r"^(terminal|workstation|server|sipphone|switch|router|printer|scanner)$", info["deviceType"]):
more_info.append(("deviceType", info["deviceType"]))
else:
raise ValueError(C.make_error("CLIENT_TYPE_INVALID", client=device_uuid, type=info["deviceType"]))
# Check owner for presence
if "owner" in info:
# Take a look at the directory to see if there's such an owner DN
res = index.search({'_dn': info["owner"]}, {'_dn': 1})
if len(res) == 0:
raise ValueError(C.make_error("CLIENT_OWNER_NOT_FOUND", client=device_uuid, owner=info["owner"]))
more_info.append(("owner", info["owner"]))
# Generate random client key
h, key, salt = generate_random_key()
# Take a look at the directory to see if there's already a joined client with this uuid
res = index.search({'_type': 'Device', 'macAddress': mac, 'extension': 'RegisteredDevice'},
{'dn': 1})
if len(res) > 0:
record = ObjectProxy(res[0]['dn'])
for ext in extensions:
if not record.is_extended_by(ext):
record.extend(ext)
if record.is_extended_by("ForemanHost") and record.otp is not None:
record.otp = None
record.userPassword = ["{SSHA}" + encode(h.digest() + salt).decode()]
for k, value in more_info:
setattr(record, k, value)
cn = record.deviceUUID
record.status_Online = False
record.status_Offline = True
record.status_InstallationInProgress = False
record.commit()
self.log.info("UUID '%s' joined as %s" % (device_uuid, record.dn))
else:
# While the client is going to be joined, generate a random uuid and an encoded join key
cn = str(uuid4())
device_key = encrypt_key(device_uuid.replace("-", ""), cn + key)
# Resolve manager
res = index.search({'_type': 'User', 'uid': user},
{'dn': 1})
if len(res) != 1:
raise GOtoException(C.make_error("USER_NOT_UNIQUE" if res else "UNKNOWN_USER", user=user))
manager = res[0]['dn']
# Create new machine entry
dn = ",".join([self.env.config.get("goto.machine-rdn", default="ou=systems"), self.env.base])
record = ObjectProxy(dn, "Device")
record.extend("RegisteredDevice")
for ext in extensions:
record.extend(ext)
record.deviceUUID = cn
record.deviceKey = Binary(device_key)
record.cn = "mac%s" % mac.replace(":", "")
record.manager = manager
record.status_Offline = True
record.macAddress = mac.encode("ascii", "ignore")
record.userPassword = ["{SSHA}" + encode(h.digest() + salt).decode()]
for k, value in more_info:
setattr(record, k, value)
record.commit()
self.log.info("UUID '%s' joined as %s" % (device_uuid, record.dn))
# make sure the client has the access rights he needs
self.applyClientRights(cn)
return [key, cn]
def applyClientRights(self, device_uuid):
# check rights
acl = PluginRegistry.getInstance("ACLResolver")
allowed_commands = [
'joinClient',
'preUserSession',
'postUserSession',
'getMethods',
'getDestinationIndicator'
]
missing = [x for x in allowed_commands if not acl.check(device_uuid, "%s.%s.%s" % (self.env.domain, "command", x), "x")]
reload = False
role_name = "$$ClientDevices"
if len(missing) > 0:
# create AclRole for joining if not exists
index = PluginRegistry.getInstance("ObjectIndex")
res = index.search({"_type": "AclRole", "name": role_name}, {"dn": 1})
if len(res) == 0:
# create
role = ObjectProxy(self.env.base, "AclRole")
role.name = role_name
else:
role = ObjectProxy(res[0]['dn'])
# create rule
aclentry = {
"priority": 0,
"scope": "sub",
"actions": [
{
"topic": "%s\.command\.(%s)" % (self.env.domain, "|".join(allowed_commands)),
"acl": "x",
"options": {}
}
]}
role.AclRoles = [aclentry]
role.commit()
reload = True
# check if device has role
found = False
base = ObjectProxy(self.env.base)
if base.is_extended_by("Acl"):
for entry in base.AclSets:
if entry["rolename"] == role_name and device_uuid in entry["members"]:
found = True
break
else:
base.extend("Acl")
if found is False:
acl_entry = {"priority": 0,
"members": [device_uuid],
"rolename": role_name}
base.AclSets.append(acl_entry)
if self.env.mode != "proxy":
self.__acl_change_checks.append({"role": role_name, "member": device_uuid})
base.commit()
reload = True
if reload is True:
# reload acls to make sure that they are applied in the current instance
acl.load_acls()
def test_sync_type(self, m_get, m_del, m_put, m_post):
mocked_foreman = MockForeman()
m_get.side_effect = mocked_foreman.get
m_del.side_effect = mocked_foreman.delete
m_put.side_effect = mocked_foreman.put
m_post.side_effect = mocked_foreman.post
# check that there are not Objects yet
index = PluginRegistry.getInstance("ObjectIndex")
host_query = {
'_type': 'Device',
'cn': {
'in_': [
'smitty.intranet.gonicus.de',
'gosa.test.intranet.gonicus.de'
]
},
'extension': 'ForemanHost'
}
hostgroup_query = {
'_type': 'GroupOfNames',
'extension': 'ForemanHostGroup',
'cn': {
'in_':
['Bereitstellen von smitty.intranet.gonicus.de', 'VM', 'Test']
},
}
discovered_host_query = {
'_type': 'Device',
'extension': 'ForemanHost',
'status': 'discovered'
}
res = index.search(host_query, {'dn': 1})
assert len(res) == 0
res = index.search(hostgroup_query, {'dn': 1})
assert len(res) == 0
res = index.search(discovered_host_query, {'dn': 1})
assert len(res) == 0
self.foreman.sync_type("ForemanHostGroup")
logging.getLogger("gosa.backend.objects.index").info(
"waiting for index update")
logging.getLogger("gosa.backend.objects.index").info("checking index")
res = index.search(hostgroup_query, {'dn': 1})
self.dns_to_delete.extend([x['dn'] for x in res])
assert len(res) == 3
res = index.search(host_query, {'dn': 1})
assert len(res) == 0
res = index.search(discovered_host_query, {'dn': 1})
assert len(res) == 0
self.foreman.sync_type("ForemanHost")
res = index.search(host_query, {'dn': 1})
self.dns_to_delete = [x['dn'] for x in res]
assert len(res) == 2
res = index.search(hostgroup_query, {'dn': 1})
self.dns_to_delete.extend([x['dn'] for x in res])
assert len(res) == 3
res = index.search(discovered_host_query, {'dn': 1})
assert len(res) == 0
self.foreman.sync_type("ForemanHost", "discovered_hosts")
res = index.search(host_query, {'dn': 1})
assert len(res) == 2
host_dns = [x['dn'] for x in res]
self.dns_to_delete = host_dns
res = index.search(hostgroup_query, {'dn': 1})
assert len(res) == 3
# delete the groups first
self.dns_to_delete = [x['dn'] for x in res] + self.dns_to_delete
res = index.search(discovered_host_query, {'dn': 1})
assert len(res) == 1
self.dns_to_delete.extend([x['dn'] for x in res])
# testing relationships: delete host from group
group = ObjectProxy("cn=VM,ou=groups,dc=example,dc=net")
assert len(group.member) == 2
group.member = host_dns[0:1]
group.commit()
time.sleep(0.1)
# check if the change has been send to foreman
assert m_put.called is True
args, kwargs = m_put.call_args
data = loads(kwargs["data"])
assert "hostgroup_id" in data["host"]
assert data["host"]["hostgroup_id"] is None
m_put.reset_mock()
# add it back
group = ObjectProxy("cn=VM,ou=groups,dc=example,dc=net")
assert len(group.member) == 1
group.member.append(host_dns[1])
group.commit()
# as the mocked foreman backend still sends the original hostgroup_id, there is no change here
# and therefore nothing is changed to the backend
assert m_put.called is False
# args, kwargs = m_put.call_args
# data = loads(kwargs["data"])
# assert "hostgroup_id" in data["host"]
# assert data["host"]["hostgroup_id"] == "2"
# now delete from the host side
host = ObjectProxy(host_dns[1])
host.groupMembership = None
host.commit()
time.sleep(0.1)
assert m_put.called is True
args, kwargs = m_put.call_args
data = loads(kwargs["data"])
assert "hostgroup_id" in data["host"]
assert data["host"]["hostgroup_id"] is None