def run(_umc_instance, rerun=False, fix_log=''):
if not util.is_service_active('Samba 4'):
return
error_descriptions = list()
if rerun and fix_log:
error_descriptions.append(fix_log)
buttons = [{
'action': 'run_samba_tool_ntacl_sysvolreset',
'label': _('Run `samba-tool ntacl sysvolreset`'),
}]
cmd = ['samba-tool', 'ntacl', 'sysvolcheck']
(success, output) = util.run_with_output(cmd)
if not success or output:
error = _(
'`samba-tool ntacl sysvolcheck` returned a problem with the sysvol ACLs.'
)
error_descriptions.append(error)
error_descriptions.append(output)
if not rerun:
fix = _(
'You can run `samba-tool ntacl sysvolreset` to fix the issue.')
error_descriptions.append(fix)
raise Warning(description='\n'.join(error_descriptions),
buttons=buttons)
if rerun:
fixed = _('`samba-tool ntacl sysvolcheck` found no problems.')
error_descriptions.append(fixed)
error_descriptions.append(output)
raise ProblemFixed(description='\n'.join(error_descriptions))
def run(_umc_instance, retest=False):
buttons = []
try:
subprocess.check_call(["dpkg", "-s", "spamassassin"])
except subprocess.CalledProcessError:
raise Success('Spamassassin is not installed')
sa_version = subprocess.check_output(["spamassassin", "-V"])
sa_version = sa_version.split()[2]
sa_version = sa_version.split('.')
folder_name = '%s.%03d%03d' % (int(sa_version[0]), int(
sa_version[1]), int(sa_version[2]))
if not os.path.exists("/var/lib/spamassassin/" + folder_name):
buttons = [{
'action': 'update_and_restart',
'name': 'update_and_restart',
'label': 'update spamassassin rules'
}]
raise Critical('spamassassin rules could not be found',
buttons=buttons)
if not os.listdir('/var/lib/spamassassin/' + folder_name):
buttons = [{
'action': 'update_and_restart',
'name': 'update_and_restart',
'label': 'update spamassassin rules'
}]
raise Critical('spamassassin rules could not be found',
buttons=buttons)
if retest: raise ProblemFixed()
raise Success()
def run(_umc_instance, rerun=False, fix_log=''):
if not util.is_service_active('Samba 4'):
return
error_descriptions = list()
if rerun and fix_log:
error_descriptions.append(fix_log)
buttons = [{
'action': 'run_samba_tool_dbcheck_fix',
'label': _('Run `samba-tool dbcheck --fix --cross-ncs --yes`'),
}]
cmd = ['samba-tool', 'dbcheck']
(success, output) = util.run_with_output(cmd)
if [x for x in output.split('\n') if x.startswith("ERROR:")]:
error = _(
'`samba-tool dbcheck` found an error in the local AD database.')
error_descriptions.append(error)
error_descriptions.append(output)
if not rerun:
fix = _('You can run `samba-tool dbcheck --fix` to fix the issue.')
error_descriptions.append(fix)
raise Critical(description='\n'.join(error_descriptions),
buttons=buttons)
if rerun:
fixed = _(
'`samba-tool dbcheck` found no errors in the local AD database.')
error_descriptions.append(fixed)
MODULE.error('\n'.join(error_descriptions))
raise ProblemFixed(description='\n'.join(error_descriptions))
def run(_umc_instance, retest=False):
configRegistry = univention.config_registry.ConfigRegistry()
configRegistry.load()
error_descriptions = list()
buttons = [{
'action': 'fix_machine_password',
'label': _('Fix machine password'),
}]
is_master = configRegistry.get('server/role') == 'domaincontroller_master'
if not is_master and not check_machine_password(master=False):
error = _(
'Authentication against the local LDAP failed with the machine password.'
)
error_descriptions.append(error)
if not check_machine_password(master=True):
error = _(
'Authentication against the master LDAP failed with the machine password.'
)
error_descriptions.append(error)
password_change = configRegistry.is_true('server/password/change', True)
try:
change_interval = int(
configRegistry.get('server/password/interval', '21'))
except TypeError:
change_interval = 21
error_change = _(
'Note that password rotation is disabled via the UCR variable server/password/change.'
)
error_interval = _('Note that server/password/interval is set to {}.')
if error_descriptions:
note_sdb = _(
'See {sdb} for information on manual server password change.')
error_descriptions.append(note_sdb)
if not password_change:
error_descriptions.append(error_change)
buttons.append({
'action': 'reset_password_change',
'label': _('Set server/password/change=True'),
})
if change_interval < 1:
error_descriptions.append(error_interval.format(change_interval))
buttons.append({
'action': 'reset_password_interval',
'label': _('Set server/password/interval=21'),
})
MODULE.error('\n'.join(error_descriptions))
raise Critical(description=' '.join(error_descriptions),
buttons=buttons)
if retest:
raise ProblemFixed(buttons=[])
def migrate_users(_umc_instance):
process = Popen(['/usr/share/univention-directory-manager-tools/univention-migrate-users-to-ucs4.3'], stderr=STDOUT, stdout=PIPE)
stdout, stderr = process.communicate()
if process.returncode:
MODULE.error('Error running univention-migrate-users-to-ucs4.3:\n%s' % (stdout,))
raise Critical(_('The migration failed: %s') % (stdout,))
else:
MODULE.process('Output of univention-migrate-users-to-ucs4.3:\n%s' % (stdout,))
raise ProblemFixed(buttons=[])
def migrate_objects(_umc_instance):
lo, pos = getAdminConnection()
objs = udm_objects_without_ServerRole(lo)
for server_role in sorted(objs):
if not server_role:
continue
for dn in objs[server_role]:
changes = [('univentionServerRole', None, server_role)]
lo.modify(dn, changes)
raise ProblemFixed(buttons=[])
def migrate_objects(_umc_instance):
lo, pos = getAdminConnection()
objects = udm_objects_without_type(lo)
for dn, modules, object_classes in objects:
new_object_classes = object_classes[:]
if 'univentionObject' not in object_classes:
new_object_classes.append('univentionObject')
changes = [('objectClass', object_classes, new_object_classes), ('univentionObjectType', [], [module.module for module in modules])]
lo.modify(dn, changes)
raise ProblemFixed(buttons=[])
def register_schema(_umc_instance):
for fname in sorted(SCHEMA_FILES):
if not os.path.exists(fname):
continue
info = SCHEMA_FILES[fname]
if not udm_schema_obj_exists(fname):
try:
create_udm_schema_obj(info['package'], info['packageversion'], fname)
except Exception as exc:
raise Critical(_('The registration failed: %s') % (exc,))
raise ProblemFixed(buttons=[])
def migrate_users(_umc_instance):
process = Popen([SCRIPT], stderr=STDOUT, stdout=PIPE)
stdout, stderr = process.communicate()
stdout = stdout.decode('UTF-8', 'replace')
if process.returncode:
MODULE.error('Error running univention-migrate-users-to-ucs4.3:\n%s' %
(stdout, ))
raise Critical(_('The migration failed: %s') % (stdout, ))
else:
MODULE.process('Output of univention-migrate-users-to-ucs4.3:\n%s' %
(stdout, ))
raise ProblemFixed(buttons=[])
def run(_umc_instance, rerun=False, fix_log=''):
if not util.is_service_active('Samba 4'):
return
error_descriptions = list()
if rerun and fix_log:
error_descriptions.append(fix_log)
buttons = [{
'action': 'run_samba_tool_ntacl_sysvolreset',
'label': _('Run `samba-tool ntacl sysvolreset`'),
}]
cmd = ['samba-tool', 'ntacl', 'sysvolcheck']
(success, output) = util.run_with_output(cmd)
if not success or output:
error = _(
'`samba-tool ntacl sysvolcheck` returned a problem with the sysvol ACLs.'
)
error_descriptions.append(error)
fix = _("Running 'samba-tool ntacl sysvolreset' may fix the issue")
#Filters an unhelpful error message from samba
if output.find("NT_STATUS_OBJECT_NAME_NOT_FOUND") != -1:
output_list = output.splitlines()
for x in output_list:
if x.find("NT_STATUS_OBJECT_NAME_NOT_FOUND") == -1:
error_descriptions.append(x)
else:
fix = ""
else:
error_descriptions.append(output)
if not rerun:
error_descriptions.append(fix)
raise Warning(description='\n'.join(error_descriptions),
buttons=buttons)
if rerun:
fixed = _('`samba-tool ntacl sysvolcheck` found no problems.')
error_descriptions.append(fixed)
error_descriptions.append(output)
raise ProblemFixed(description='\n'.join(error_descriptions))
def run(_umc_instance, retest=False):
configRegistry = univention.config_registry.ConfigRegistry()
configRegistry.load()
target_realm = configRegistry.get('kerberos/realm')
user_name = 'kdc-reachability-check'
kdc_fqds = configRegistry.get('kerberos/kdc', '').split()
dns_lookup_kdc = configRegistry.is_true('kerberos/defaults/dns_lookup_kdc',
True)
if not kdc_fqds or dns_lookup_kdc:
domainname = configRegistry.get('domainname')
kdc_to_check = list(resolve_kdc_record('tcp', domainname))
kdc_to_check.extend(resolve_kdc_record('udp', domainname))
else:
kdc_to_check = [(kdc, 88, 'tcp') for kdc in kdc_fqds]
kdc_to_check.extend((kdc, 88, 'udp') for kdc in kdc_fqds)
kdc_reachabe = [(probe_kdc(kdc, port, protocol, target_realm,
user_name), (kdc, port, protocol))
for (kdc, port, protocol) in kdc_to_check]
reachable_kdc = [(kdc, port, protocol)
for (reachable, (kdc, port, protocol)) in kdc_reachabe
if reachable]
unreachable_kdc = [(kdc, port, protocol)
for (reachable, (kdc, port, protocol)) in kdc_reachabe
if not reachable]
error_descriptions = list()
if unreachable_kdc:
error = _('The following KDCs were unreachable: {}')
unreach_string = ('{} {}:{}'.format(protocol, kdc, port)
for (kdc, port, protocol) in unreachable_kdc)
error_descriptions.append(error.format(', '.join(unreach_string)))
if not reachable_kdc:
is_dc = configRegistry.get('server/role') == 'domaincontroller_master'
is_s4_dc = is_dc and util.is_service_active('Samba 4')
if is_s4_dc and configRegistry.is_true('samba/interfaces/bindonly',
False):
local_included = False
for interface in configRegistry.get('samba/interfaces',
'').split():
try:
addr = ipaddr.IPAddress(interface)
except ValueError:
local_included |= interface == 'lo'
else:
local_included |= addr.is_loopback or addr.is_unspecified
error = _(
'samba/interfaces does not contain lo, 127.0.0.1 or 0.0.0.0.')
error_descriptions.append(error)
description = '\n'.join(error_descriptions)
buttons = [{
'action': 'add_lo_to_samba_interfaces',
'label': _('Add lo to samba/interfaces'),
}, {
'action': 'reset_kerberos_kdc',
'label': _('Reset kerberos/kdc to 127.0.0.1'),
}]
raise Critical(description=description, buttons=buttons)
error_descriptions.append(_('No reachable KDCs were found.'))
description = '\n'.join(error_descriptions)
raise Critical(description=description)
if error_descriptions:
error = '\n'.join(error_descriptions)
raise Warning(description=error)
if retest:
raise ProblemFixed()
def adjust(_umc_instance):
MODULE.process('Setting samba/max_open_files')
handler_set(['samba/max_open_files=%d' % (suggested_max_open_files, )])
raise ProblemFixed(
_('The limits have been adjusted to the suggested value.'), buttons=[])