def getLocalSysvolPath(): rc, networkConfig = config.network() if not rc: return False, None networkPath = f"//{networkConfig['serverHostname']}/sysvol" return getMountpointOfRemotePath(networkPath, True)
def _resolveVariables(fileData): # replace placeholders with values rc, networkConfig = config.network() if not rc: return False, None # network fileData = fileData.replace('@@serverHostname@@', networkConfig["serverHostname"]) fileData = fileData.replace('@@domain@@', networkConfig["domain"]) fileData = fileData.replace('@@realm@@', networkConfig["realm"]) # constants fileData = fileData.replace('@@userTemplateDir@@', constants.userTemplateDir) fileData = fileData.replace( '@@hiddenShareMountBasepath@@', constants.hiddenShareMountBasepath.format("%(USER)")) # hooks fileData = fileData.replace('@@hookScriptBoot@@', hooks.getLocalHookScript(hooks.Type.Boot)) fileData = fileData.replace('@@hookScriptShutdown@@', hooks.getLocalHookScript(hooks.Type.Shutdown)) fileData = fileData.replace( '@@hookScriptLoginLogoutAsRoot@@', hooks.getLocalHookScript(hooks.Type.LoginLogoutAsRoot)) fileData = fileData.replace( '@@hookScriptSessionStarted@@', hooks.getLocalHookScript(hooks.Type.SessionStarted)) return fileData
def serverUrl(): rc, networkConfig = config.network() if not rc: return False, None serverHostname = networkConfig["serverHostname"] return 'ldap://{0}'.format(serverHostname)
def baseDn(): rc, networkConfig = config.network() if not rc: return None domain = networkConfig["domain"] return "dc=" + domain.replace(".", ",dc=")
def patchKeytab(): """ Patches the `/etc/krb5.keytab` file. It inserts the correct hostname of the current computer. :return: True on success, False otherwise :rtype: bool """ krb5KeytabFilePath = "/etc/krb5.keytab" logging.info("Patching {}".format(krb5KeytabFilePath)) krb5KeytabUtil = Krb5KeytabUtil(krb5KeytabFilePath) try: krb5KeytabUtil.read() except: logging.error("Error reading {}".format(krb5KeytabFilePath)) return False for entry in krb5KeytabUtil.keytab.entries: oldData = entry.principal.components[-1].data if len(entry.principal.components) == 1: newData = computer.hostname().upper() + "$" entry.principal.components[0].data = newData elif len(entry.principal.components) == 2 and ( entry.principal.components[0].data == "host" or entry.principal.components[0].data == "RestrictedKrbHost"): rc, networkConfig = config.network() if not rc: continue newData = "" domain = networkConfig["domain"] if domain in entry.principal.components[1].data: newData = computer.hostname().lower() + "." + domain else: newData = computer.hostname().upper() entry.principal.components[1].data = newData logging.debug("{} was changed to {}".format( oldData, entry.principal.components[-1].data)) logging.info("Trying to overwrite {}".format(krb5KeytabFilePath)) try: result = krb5KeytabUtil.write() except: result = False if not result: logging.error("Error overwriting {}".format(krb5KeytabFilePath)) return result
def _getRemoteHookScripts(hookType): if not hookType in remoteScriptNames: return False, None rc, networkConfig = config.network() if not rc: logging.error( "Could not execute server hooks because the network config could not be read" ) return False, None if _remoteScriptInUserContext[hookType]: rc, attributes = user.readAttributes() if not rc: logging.error( "Could not execute server hooks because the user config could not be read" ) return False, None else: rc, attributes = computer.readAttributes() if not rc: logging.error( "Could not execute server hooks because the computer config could not be read" ) return False, None try: domain = networkConfig["domain"] school = attributes["sophomorixSchoolname"] scriptName = remoteScriptNames[hookType] except: logging.error( "Could not execute server hooks because the computer/user config is missing attributes" ) return False, None rc, sysvolPath = shares.getLocalSysvolPath() if not rc: logging.error( "Could not execute server hook {} because the sysvol could not be mounted!\n" ) return False, None hookScriptPathTemplate = "{0}/{1}/scripts/{2}/{3}/linux/{4}".format( sysvolPath, domain, school, "{}", scriptName) return True, [ hookScriptPathTemplate.format("lmn"), hookScriptPathTemplate.format("custom") ]
def serverUrl(): """ Returns the server URL :return: The server URL :rtype: str """ rc, networkConfig = config.network() if not rc: return False, None serverHostname = networkConfig["serverHostname"] return 'ldap://{0}'.format(serverHostname)
def baseDn(): """ Returns the base DN :return: The baseDN :rtype: str """ rc, networkConfig = config.network() if not rc: return None domain = networkConfig["domain"] return "dc=" + domain.replace(".", ",dc=")
def _prepareEnvironment(): dictsAndPrefixes = {} rc, networkConfig = config.network() if rc: dictsAndPrefixes["Network"] = networkConfig rc, userConfig = user.readAttributes() if rc: dictsAndPrefixes["User"] = userConfig rc, computerConfig = computer.readAttributes() if rc: dictsAndPrefixes["Computer"] = computerConfig environment = _dictsToEnv(dictsAndPrefixes) _writeEnvironment(environment)
def _mountShare(username, networkPath, shareName, hiddenShare, useCruidOfExecutingUser=False): mountpoint = _getShareMountpoint(networkPath, username, hiddenShare, shareName) mountCommandOptions = f"file_mode=0700,dir_mode=0700,sec=krb5,nodev,nosuid,mfsymlinks,nobrl,vers=3.0,user={username}" rc, networkConfig = config.network() domain = None if rc: domain = networkConfig["domain"] mountCommandOptions += f",domain={domain.upper()}" try: pwdInfo = pwd.getpwnam(username) uid = pwdInfo.pw_uid gid = pwdInfo.pw_gid mountCommandOptions += f",gid={gid},uid={uid}" if not useCruidOfExecutingUser: mountCommandOptions += f",cruid={uid}" except KeyError: uid = -1 gid = -1 logging.warning("Uid could not be found! Continuing anyway!") mountCommand = [ "/usr/sbin/mount.cifs", "-o", mountCommandOptions, networkPath, mountpoint ] logging.debug(f"Trying to mount '{networkPath}' to '{mountpoint}'") logging.debug("* Creating directory...") try: Path(mountpoint).mkdir(parents=True, exist_ok=False) except FileExistsError: # Test if a share is already mounted there if _directoryIsMountpoint(mountpoint): logging.debug("* The mountpoint is already mounted.") return True, mountpoint else: logging.warning( "* The target directory already exists, proceeding anyway!") logging.debug("* Executing '{}' ".format(" ".join(mountCommand))) logging.debug("* Trying to mount...") if not subprocess.call( mountCommand, stdout=subprocess.PIPE, stderr=subprocess.PIPE) == 0: logging.fatal( f"* Error mounting share {networkPath} to {mountpoint}!\n") return False, None logging.debug("* Success!") # hide the shares parent dir (/home/%user/media) in case it is not a hidden share if not hiddenShare: try: hiddenFilePath = f"{mountpoint}/../../.hidden" logging.debug(f"* hiding parent dir {hiddenFilePath}") hiddenFile = open(hiddenFilePath, "w+") hiddenFile.write(mountpoint.split("/")[-2]) hiddenFile.close() except: logging.warning(f"Could not hide parent dir of share {mountpoint}") return True, mountpoint