def get_user_ldap_connection(self):
if not self._user_dn:
return # local user (probably root)
try:
lo, po = get_user_connection(bind=self.bind_user_connection, write=False, follow_referral=True)
return lo
except (ldap.LDAPError, udm_errors.base) as exc:
CORE.warn('Failed to open LDAP connection for user %s: %s' % (self._user_dn, exc))
def get_user_ldap_connection(self, no_cache=False, **kwargs):
if not self._user_dn:
return # local user (probably root)
try:
lo, po = get_user_connection(bind=self.bind_user_connection, write=kwargs.pop('write', False), follow_referral=True, no_cache=no_cache, **kwargs)
if not no_cache:
self._user_connections.add(lo)
return lo
except (ldap.LDAPError, udm_errors.base) as exc:
CORE.warn('Failed to open LDAP connection for user %s: %s' % (self._user_dn, exc))
def update_language(self, locales):
for _locale in locales:
language = None
try:
CORE.info("Setting locale %r" % (_locale, ))
_locale = Locale(_locale)
language = '%s-%s' % (_locale.language, _locale.territory
) if _locale.territory else '%s' % (
_locale.language, )
if language != self.__current_language:
self.set_locale(str(_locale))
self.__current_language = language
return
except (locale.Error, I18N_Error) as exc:
if language in (
'en', 'en-US'): # the system is missing english locale
self.set_locale('C')
if not self.__current_language: # only log once!
CORE.error(
'Missing "en_US.UTF-8:UTF-8" in UCR variable "locale"'
)
self.__current_language = language
return
CORE.warn("Locale %r is not available: %s" %
(str(_locale), exc))
CORE.warn('Could not set language. Resetting locale.')
self.set_locale('C')
self.__current_language = None
raise NotAcceptable(self._('Specified locale is not available'))
def run(self, args):
# locale must be set before importing UDM!
log_init('/dev/stdout', args.debug)
language = str(Locale(args.language))
locale.setlocale(locale.LC_MESSAGES, language)
os.umask(
0o077) # FIXME: should probably be changed, this is what UMC sets
# The UMC-Server and module processes are clearing environment variables
os.environ.clear()
os.environ['PATH'] = '/bin:/sbin:/usr/bin:/usr/sbin'
os.environ['LANG'] = language
import univention.admin.modules as udm_modules
udm_modules.update()
from univention.admin.rest.module import Application
application = Application(serve_traceback=ucr.is_true(
'directory/manager/rest/show-tracebacks', True))
server = HTTPServer(application)
if args.port:
server.bind(args.port)
server.start(args.cpus)
if args.unix_socket:
socket = bind_unix_socket(args.unix_socket)
server.add_socket(socket)
signal.signal(signal.SIGTERM, partial(self.signal_handler_stop,
server))
signal.signal(signal.SIGINT, partial(self.signal_handler_stop, server))
signal.signal(signal.SIGHUP, self.signal_handler_reload)
channel = logging.StreamHandler()
channel.setFormatter(
tornado.log.LogFormatter(
fmt=
'%(color)s%(asctime)s %(levelname)10s (%(process)9d) :%(end_color)s %(message)s',
datefmt='%d.%m.%y %H:%M:%S'))
logger = logging.getLogger()
logger.setLevel(logging.INFO)
logger.addHandler(channel)
try:
tornado.ioloop.IOLoop.current().start()
except (SystemExit, KeyboardInterrupt):
raise
except:
CORE.error(traceback.format_exc())
raise
def run(self, args):
# locale must be set before importing UDM!
log_init('/dev/stdout', args.debug)
language = str(Locale(args.language))
locale.setlocale(locale.LC_MESSAGES, language)
os.umask(
0o077) # FIXME: should probably be changed, this is what UMC sets
# The UMC-Server and module processes are clearing environment variables
os.environ.clear()
os.environ['PATH'] = '/bin:/sbin:/usr/bin:/usr/sbin'
os.environ['LANG'] = language
import univention.admin.modules as udm_modules
udm_modules.update()
from univention.admin.rest.module import Application
application = Application(serve_traceback=ucr.is_true(
'directory/manager/rest/show-tracebacks', True))
server = HTTPServer(application)
server.start(args.cpus)
if args.port:
server.listen(args.port)
if args.unix_socket:
socket = bind_unix_socket(args.unix_socket)
server.add_socket(socket)
signal.signal(signal.SIGTERM, partial(self.signal_handler_stop,
server))
signal.signal(signal.SIGINT, partial(self.signal_handler_stop, server))
signal.signal(signal.SIGHUP, self.signal_handler_reload)
tornado.log.enable_pretty_logging()
try:
tornado.ioloop.IOLoop.current().start()
except (SystemExit, KeyboardInterrupt):
raise
except:
CORE.error(traceback.format_exc())
raise
def update_language(self, locales):
for _locale in locales:
try:
CORE.info("Setting locale %r" % (_locale,))
_locale = Locale(_locale)
language = '%s-%s' % (_locale.language, _locale.territory) if _locale.territory else '%s' % (_locale.language,)
if language != self.__current_language:
self.set_locale(str(_locale))
self.__current_language = language
return
except (locale.Error, I18N_Error) as exc:
CORE.warn("Locale %r is not available: %s" % (str(_locale), exc))
CORE.warn('Could not set language. Resetting locale.')
self.set_locale('C')
self.__current_language = None
raise NotAcceptable(self._('Specified locale is not available'))
def bind_user_connection(self, lo):
CORE.process('LDAP bind for user %r.' % (self._user_dn, ))
try:
if self.auth_type == 'SAML':
lo.lo.bind_saml(self._password)
if not lo.lo.compare_dn(lo.binddn, self._user_dn):
CORE.warn('SAML binddn does not match: %r != %r' %
(lo.binddn, self._user_dn))
self._user_dn = lo.binddn
else:
try:
lo.lo.bind(self._user_dn, self._password)
except ldap.INVALID_CREDENTIALS: # workaround for Bug #44382: the password might be a SAML message, try to authenticate via SAML
etype, exc, etraceback = sys.exc_info()
CORE.error('LDAP authentication for %r failed: %s' %
(self._user_dn, exc))
if self._password < 25:
raise
CORE.warn('Trying to authenticate via SAML.')
try:
lo.lo.bind_saml(self._password)
except ldap.OTHER:
CORE.error('SAML authentication failed.')
six.reraise(etype, exc, etraceback)
CORE.error('Wrong authentication type. Resetting.')
self.auth_type = 'SAML'
except ldap.INVALID_CREDENTIALS:
etype, exc, etraceback = sys.exc_info()
exc = etype(
'An error during LDAP authentication happened. Auth type: %s; SAML message length: %s; DN length: %s; Original Error: %s'
% (self.auth_type, len(self._password or '')
if len(self._password or '') > 25 else False,
len(self._user_dn or ''), exc))
six.reraise(etype, exc, etraceback)