def setSubnetStatement(self, subnet, option, value = None):
r = AF().log(PLUGIN_NAME, AA.NETWORK_SET_SUBNET_STMT, [(subnet, AT.SUBNET), (option, "OPTION")], value)
subnets = self.getSubnet(subnet)
if subnets:
subnetDN = subnets[0][0]
self.setObjectStatement(subnetDN, option, value)
r.commit()
def delBlacklist(self, elt):
"""Remove an element from the blacklist"""
r = AF().log(PLUGIN_NAME, AA.PROXY_DEL_BLACKLIST, [(elt, AT.BLACKLIST)])
if elt in self.contentArr:
self.contentArr.remove(elt)
self.saveBlacklist()
r.commit()
def delBlacklist(self, elt):
"""Remove an element from the blacklist"""
r = AF().log(PLUGIN_NAME, AA.PROXY_DEL_BLACKLIST, [(elt, AT.BLACKLIST)])
if elt in self.contentArr:
self.contentArr.remove(elt)
self.saveBlacklist()
r.commit()
def setSubnetAuthoritative(self, subnet, flag = True):
"""
Set the subnet as authoritative or 'not authoritative'
@param subnet: the network address of the subnet
@type subnet: str
@param flag: whether the subnet is authoritative or not
@type flag: bool
"""
r = AF().log(PLUGIN_NAME, AA.NETWORK_SET_SUBNET_AUTH, [(subnet, AT.SUBNET)], flag)
subnets = self.getSubnet(subnet)
if subnets:
subnetDN = subnets[0][0]
options = self.getObjectStatements(subnetDN)
newoptions = []
for option in options:
if not option in ["authoritative", "not authoritative"]:
newoptions.append(option)
if flag:
newoptions.append("authoritative")
else:
newoptions.append("not authoritative")
self.l.modify_s(subnetDN, [(ldap.MOD_REPLACE, "dhcpStatements", newoptions)])
r.commit()
def backupShare(share, media, login):
"""
Launch as a background process the backup of a share
"""
r = AF().log(PLUGIN_NAME, AA.SAMBA_BACKUP_SHARE, [(share, AT.SHARE), (login, AT.USER)], media)
config = BasePluginConfig("base")
cmd = os.path.join(config.backuptools, "backup.sh")
if share == "homes":
# FIXME: Maybe we should have a configuration directive to tell that
# all users home are stored into /home
savedir = "/home/"
else:
smbObj = SambaConf(SambaConfig("samba").samba_conf_file)
savedir = smbObj.getContent(share, "path")
# Run backup process in background
shlaunchBackground(
cmd
+ " "
+ share
+ " "
+ savedir
+ " "
+ config.backupdir
+ " "
+ login
+ " "
+ media
+ " "
+ config.backuptools,
"backup share " + share,
progressBackup,
)
r.commit()
return os.path.join(config.backupdir, "%s-%s-%s" % (login, share, strftime("%Y%m%d")))
def setPPolicyAttribute(self, nameattribute, value):
"""
Set the value of the given LDAP attribute.
Del the attribute if value is None
@param nameattribute: LDAP attribute name
@type nameattribute: str
@param value: LDAP attribute value
@type value: str
"""
if value != None:
r = AF().log(
PLUGIN_NAME, AA.PPOLICY_MOD_USER_ATTR, [(self.dn, AT.USER), (nameattribute, AT.ATTRIBUTE)], value
)
if type(value) == bool:
value = str(value).upper()
elif type(value) == int:
value = str(value)
mode = ldap.MOD_REPLACE
logging.getLogger().debug("Setting %s to %s" % (nameattribute, value))
else:
r = AF().log(
PLUGIN_NAME, AA.PPOLICY_DEL_USER_ATTR, [(self.dn, AT.USER), (nameattribute, AT.ATTRIBUTE)], value
)
mode = ldap.MOD_DELETE
logging.getLogger().debug("Removing %s" % nameattribute)
try:
self.l.modify_s(self.dn, [(mode, nameattribute, value)])
except ldap.UNDEFINED_TYPE:
logging.getLogger().error("Attribute %s isn't defined on LDAP" % nameattribute)
except ldap.INVALID_SYNTAX:
logging.getLogger().error("Invalid Syntax from the attribute value of %s on ldap" % nameattribute)
r.commit()
def setHostStatement(self, subnet, host, option, value):
r = AF().log(PLUGIN_NAME, AA.NETWORK_SET_HOST_STMT, [(subnet, AT.SUBNET),(host, AT.HOST), (option,"OPTION")], value)
hosts = self.getHost(subnet, host)
if hosts:
hostDN = hosts[0][0]
self.setObjectStatement(hostDN, option, value)
r.commit()
def setHostHWAddress(self, subnet, host, address):
r = AF().log(PLUGIN_NAME, AA.NETWORK_SET_HOST_HWADD, [(subnet, AT.SUBNET),(host, AT.HOST)], address)
hosts = self.getHost(subnet, host)
if hosts:
hostDN = hosts[0][0]
self.l.modify_s(hostDN, [(ldap.MOD_REPLACE, "dhcpHWAddress", ["ethernet " + address])])
r.commit()
def setPoolRange(self, pool, start, end):
r = AF().log(PLUGIN_NAME, AA.NETWORK_SET_POOLRANGE, [(pool, AT.POOL)])
pools = self.getPool(pool)
if pools:
poolDN = pools[0][0]
self.l.modify_s(poolDN, [(ldap.MOD_REPLACE, "dhcpRange", start + " " + end)])
r.commit()
def setZarafaGroup(self, group, value):
"""
@param group: group name
@type group: str
@param value: to set or unset the zarafa-group class
@type value: boolean
Set/unset zarafa-group object class to a user group
"""
if value:
event = AA.MAIL_ADD_ZARAFA_CLASS
else:
event = AA.MAIL_DEL_ZARAFA_CLASS
r = AF().log(PLUGIN_NAME, event, [(group, AT.MAIL_GROUP)], group)
group = group.encode("utf-8")
cn = 'cn=' + group + ', ' + self.baseGroupsDN
attrs = []
attrib = self.l.search_s(cn, ldap.SCOPE_BASE)
c, attrs = attrib[0]
newattrs = copy.deepcopy(attrs)
if value and not 'zarafa-group' in newattrs['objectClass']:
newattrs["objectClass"].append('zarafa-group')
elif not value and 'zarafa-group' in newattrs['objectClass']:
newattrs["objectClass"].remove('zarafa-group')
mlist = ldap.modlist.modifyModlist(attrs, newattrs)
if mlist:
self.l.modify_s(cn, mlist)
r.commit()
def setZarafaGroup(self, group, value):
"""
@param group: group name
@type group: str
@param value: to set or unset the zarafa-group class
@type value: boolean
Set/unset zarafa-group object class to a user group
"""
if value:
event = AA.MAIL_ADD_ZARAFA_CLASS
else:
event = AA.MAIL_DEL_ZARAFA_CLASS
r = AF().log(PLUGIN_NAME, event, [(group, AT.MAIL_GROUP)], group)
group = group.encode("utf-8")
cn = 'cn=' + group + ', ' + self.baseGroupsDN
attrs = []
attrib = self.l.search_s(cn, ldap.SCOPE_BASE)
c, attrs = attrib[0]
newattrs = copy.deepcopy(attrs)
if value and not 'zarafa-group' in newattrs['objectClass']:
newattrs["objectClass"].append('zarafa-group')
elif not value and 'zarafa-group' in newattrs['objectClass']:
newattrs["objectClass"].remove('zarafa-group')
mlist = ldap.modlist.modifyModlist(attrs, newattrs)
if mlist:
self.l.modify_s(cn, mlist)
r.commit()
def setSubnetAuthoritative(self, subnet, flag=True):
"""
Set the subnet as authoritative or 'not authoritative'
@param subnet: the network address of the subnet
@type subnet: str
@param flag: whether the subnet is authoritative or not
@type flag: bool
"""
r = AF().log(PLUGIN_NAME, AA.NETWORK_SET_SUBNET_AUTH,
[(subnet, AT.SUBNET)], flag)
subnets = self.getSubnet(subnet)
if subnets:
subnetDN = subnets[0][0]
options = self.getObjectStatements(subnetDN)
newoptions = []
for option in options:
if not option in ["authoritative", "not authoritative"]:
newoptions.append(option)
if flag:
newoptions.append("authoritative")
else:
newoptions.append("not authoritative")
self.l.modify_s(subnetDN,
[(ldap.MOD_REPLACE, "dhcpStatements", newoptions)])
r.commit()
def setVDomainQuota(self, domain, quota):
"""
Set the quota of a virtual mail domain name
@param domain: virtual mail domain name
@type domain: str
@param quota: created user quota in the virtual domain
@type description: unicode
"""
r = AF().log(PLUGIN_NAME, AA.MAIL_SET_DOMAIN_QUOTA,
[(domain, AT.VMDOMAIN)], quota)
dn = "virtualdomain=" + domain + ", " + self.conf.vDomainDN
try:
int(quota)
except ValueError:
quota = None
if quota:
self.l.modify_s(
dn,
[(ldap.MOD_REPLACE, self.conf.attrs['mailuserquota'], quota)])
else:
self.l.modify_s(
dn,
[(ldap.MOD_DELETE, self.conf.attrs['mailuserquota'], None)])
r.commit()
def setPasswdExpiration(self, uid, can_expire=False):
"""
Set password expiration flag on SAMBA user
"""
userdn = self.searchUserDN(uid)
action = AA.SAMBA_UNEXPIRE_USER_PASSWD
if can_expire:
action = AA.SAMBA_EXPIRE_USER_PASSWD
s = self.l.search_s(userdn, ldap.SCOPE_BASE)
c, old = s[0]
new = old.copy()
changed = False
flags = new["sambaAcctFlags"][0]
# flags should be something like "[U ]"
if can_expire and 'X' in flags:
flags = flags.strip("[]")
flags = flags.strip().replace('X', '')
flags = "[" + flags.ljust(11) + "]"
changed = True
elif not can_expire and not 'X' in flags:
flags = flags.strip("[]").strip()
flags = flags + "X"
flags = "[" + flags.ljust(11) + "]"
changed = True
# If the flag was changed
if changed:
r = AF().log(PLUGIN_NAME, action, [(userdn, AT.USER)])
new["sambaAcctFlags"] = [flags]
modlist = ldap.modlist.modifyModlist(old, new)
self.l.modify_s(userdn, modlist)
r.commit()
return True
def setAttribute(self, nameattribute, value, ppolicyName=None):
"""
Set value to the given attribute.
@param nameattribute: LDAP attribute name
@type nameattribute: str
@param value: LDAP attribute value
@type value: str
"""
if not ppolicyName:
ppolicyDN = self.configPPolicy.ppolicydefaultdn
else:
ppolicyDN = "cn=" + ppolicyName + "," + self.configPPolicy.ppolicydn
r = AF().log(PLUGIN_NAME, AA.PPOLICY_MOD_ATTR, [(ppolicyDN, AT.PPOLICY), (nameattribute, AT.ATTRIBUTE)], value)
if value != None:
if type(value) == bool:
value = str(value).upper()
elif type(value) == int:
value = str(value)
try:
self.l.modify_s(ppolicyDN, [(ldap.MOD_REPLACE, nameattribute, value)])
except ldap.UNDEFINED_TYPE:
logging.getLogger().error("Attribute %s isn't defined on ldap" % nameattribute)
except ldap.INVALID_SYNTAX:
logging.getLogger().error("Invalid Syntax from the attribute value of %s on ldap" % nameattribute)
r.commit()
def delZone(self, zone):
"""
Delete a DNS zone with all its reverse zones
@param name: the zone name to delete
"""
r = AF().log(PLUGIN_NAME, AA.NETWORK_DEL_DNS_ZONE, [(zone, AT.ZONE)])
if self.pdns:
zoneDN = "dc=" + zone + "," + self.configDns.dnsDN
self.delRecursiveEntry(zoneDN)
reverseDN = self.getReverseZone(zone)
if reverseDN[0]:
self.delRecursiveEntry("dc=" + reverseDN[0] + "," +
self.configDns.dnsDN)
else:
zoneDN = "ou=" + zone + "," + self.configDns.dnsDN
self.delRecursiveEntry(zoneDN)
os.unlink(os.path.join(self.configDns.bindLdapDir, zone))
newcontent = []
f = open(self.configDns.bindLdap, "r")
for line in f:
if not "/" + zone + '";' in line:
newcontent.append(line)
f.close()
f = open(self.configDns.bindLdap, "w+")
for line in newcontent:
f.write(line)
f.close()
r.commit()
def disableUser(self, uid):
"""
Disable the SAMBA user
"""
userdn = self.searchUserDN(uid)
r = AF().log(PLUGIN_NAME, AA.SAMBA_DISABLE_USER, [(userdn, AT.USER)])
s = self.l.search_s(userdn, ldap.SCOPE_BASE)
c, old = s[0]
new = old.copy()
flags = new["sambaAcctFlags"][0]
# flags should be something like "[U ]"
flags = flags.strip("[]")
flags = flags.strip()
if flags.startswith("D"):
# Huh ? User has been already disabled
# Do nothing
pass
else:
flags = "D" + flags
flags = "[" + flags.ljust(11) + "]"
new["sambaAcctFlags"] = [flags]
modlist = ldap.modlist.modifyModlist(old, new)
self.l.modify_s(userdn, modlist)
r.commit()
return 0
def changeUserPasswd(self, uid, passwd, oldpasswd = None, bind = False):
"""
change SAMBA user password
@param uid: user name
@type uid: str
@param passwd: non encrypted password
@type passwd: str
"""
# Don't update the password if we are using smbk5passwd
conf = SambaConf()
if conf.isValueTrue(conf.getContent("global", "ldap passwd sync")) in (0, 1):
userdn = self.searchUserDN(uid)
r = AF().log(PLUGIN_NAME, AA.SAMBA_CHANGE_USER_PASS, [(userdn,AT.USER)])
# If the passwd has been encoded in the XML-RPC stream, decode it
if isinstance(passwd, xmlrpclib.Binary):
passwd = str(passwd)
s = self.l.search_s(userdn, ldap.SCOPE_BASE)
c, old = s[0]
new = old.copy()
new['sambaLMPassword'] = [smbpasswd.lmhash(passwd)]
new['sambaNTPassword'] = [smbpasswd.nthash(passwd)]
new['sambaPwdLastSet'] = [str(int(time()))]
# Update LDAP
modlist = ldap.modlist.modifyModlist(old, new)
self.l.modify_s(userdn, modlist)
self.runHook("samba.changeuserpasswd", uid, passwd)
r.commit()
return 0
def addSmbAttr(self, uid, password):
"""
Add SAMBA password and attributes on a new user
"""
# Get domain info
domainInfo = self.getDomain()
# Get current user entry
userdn = self.searchUserDN(uid)
r = AF().log(PLUGIN_NAME, AA.SAMBA_ADD_SAMBA_CLASS, [(userdn,AT.USER)])
s = self.l.search_s(userdn, ldap.SCOPE_BASE)
c, old = s[0]
new = self._applyUserDefault(old.copy(), self.configSamba.userDefault)
if not "sambaSamAccount" in new['objectClass']:
new['objectClass'].append("sambaSamAccount")
new["sambaAcctFlags"] = ["[U ]"]
new["sambaSID"] = [domainInfo['sambaSID'][0] + '-' + str(int(domainInfo['sambaNextRid'][0]) + 1)]
# If the passwd has been encoded in the XML-RPC stream, decode it
if isinstance(password, xmlrpclib.Binary):
password = str(password)
# If the passwd is in a dict
# {'scalar': 'thepassword', 'xmlrpc_type': 'base64'}
# take scalar
if isinstance(password, dict):
password = password['scalar']
new['sambaLMPassword'] = [smbpasswd.lmhash(password)]
new['sambaNTPassword'] = [smbpasswd.nthash(password)]
new['sambaPwdLastSet'] = [str(int(time()))]
# Update LDAP
modlist = ldap.modlist.modifyModlist(old, new)
self.l.modify_s(userdn, modlist)
self.updateDomainNextRID()
self.runHook("samba.addsmbattr", uid, password)
r.commit()
def setNSRecords(self, zoneName, nameservers):
"""
Update the nSRecord fields of the @ LDAP entry of the given zone.
The nsRecord corresponding to the name server containted into the
SOARecord field won't be deleted. Use the setSOANSRecord to update it.
"""
r = AF().log(PLUGIN_NAME, AA.NETWORK_SET_NS, [(zoneName, AT.ZONE)],
nameservers)
soaDN, soaData = self.getZoneSOA(zoneName)
if soaDN:
if self.pdns:
soaRecord = self.getSOARecord(zoneName)
nameservers.append(soaRecord["nameserver"])
self.l.modify_s(soaDN,
[(ldap.MOD_REPLACE, "nSRecord", nameservers)])
else:
soaNameServer = soaData["sOARecord"][0].split()[0]
# Assert that the name server contained into the SOA record won't
# be deleted
if soaNameServer not in nameservers:
nameservers.append(soaNameServer)
self.l.modify_s(soaDN,
[(ldap.MOD_REPLACE, "nSRecord", nameservers)])
self.updateZoneSerial(zoneName)
r.commit()
def setAttribute(self, nameattribute, value, ppolicyName = None):
"""
Set value to the given attribute.
@param nameattribute: LDAP attribute name
@type nameattribute: str
@param value: LDAP attribute value
@type value: str
"""
if not ppolicyName:
ppolicyDN = self.configPPolicy.ppolicydefaultdn
else:
ppolicyDN = "cn=" + ppolicyName + "," + self.configPPolicy.ppolicydn
r = AF().log(PLUGIN_NAME, AA.PPOLICY_MOD_ATTR, [(ppolicyDN, AT.PPOLICY), (nameattribute, AT.ATTRIBUTE)], value)
if value != None:
if type(value) == bool:
value = str(value).upper()
elif type(value) == int:
value = str(value)
try:
self.l.modify_s(ppolicyDN, [(ldap.MOD_REPLACE,nameattribute,value)])
except ldap.UNDEFINED_TYPE:
logging.getLogger().error("Attribute %s isn't defined on ldap" % nameattribute)
except ldap.INVALID_SYNTAX:
logging.getLogger().error("Invalid Syntax from the attribute value of %s on ldap" % nameattribute)
r.commit()
def addBlacklist(self, elt):
"""Add an element to the blacklist"""
r = AF().log(PLUGIN_NAME, AA.PROXY_ADD_BLACKLIST, [(elt, AT.BLACKLIST)])
if not elt in self.contentArr:
self.contentArr.append(elt)
self.saveBlacklist()
r.commit()
def setSubnetNetmask(self, subnet, netmask):
r = AF().log(PLUGIN_NAME, AA.NETWORK_SET_SUBNET_NTMSK, [(subnet, AT.SUBNET)], netmask)
subnets = self.getSubnet(subnet)
if subnets:
subnetDN = subnets[0][0]
self.l.modify_s(subnetDN, [(ldap.MOD_REPLACE, "dhcpNetMask", netmask)])
r.commit()
def updatePPolicy(self, ppolicyName):
"""
Update the pwdPolicySubentry attribute of the current user
"""
if self.hasPPolicy():
if not ppolicyName:
return self.removePPolicy()
else:
# get the ppolicy dn
ppolicyDN = PPolicy().getPPolicy(ppolicyName)[0]
r = AF().log(PLUGIN_NAME, AA.PPOLICY_MOD_USER_PPOLICY,
[(self.dn, AT.USER)])
try:
self.l.modify_s(
self.dn,
[(ldap.MOD_REPLACE, 'pwdPolicySubentry', ppolicyDN)])
ppolicy_applied.send(sender=self, ppolicy_name=ppolicyName)
r.commit()
except ldap.UNDEFINED_TYPE:
logger.error("Attribute %s isn't defined on ldap" %
'pwdPolicySubentry')
except ldap.INVALID_SYNTAX:
logger.error(
"Invalid Syntax from the attribute value of %s on ldap"
% 'pwdPolicySubentry')
return True
else:
return self.addPPolicy(ppolicyName)
return False
def setPPolicyAttribute(self, nameattribute, value):
"""
Set the value of the given LDAP attribute.
Del the attribute if value is None
@param nameattribute: LDAP attribute name
@type nameattribute: str
@param value: LDAP attribute value
@type value: str
"""
if value != None:
r = AF().log(PLUGIN_NAME, AA.PPOLICY_MOD_USER_ATTR, [(self.dn, AT.USER), (nameattribute, AT.ATTRIBUTE)], value)
if type(value) == bool:
value = str(value).upper()
elif type(value) == int:
value = str(value)
mode = ldap.MOD_REPLACE
logging.getLogger().debug('Setting %s to %s' % (nameattribute, value))
else:
r = AF().log(PLUGIN_NAME, AA.PPOLICY_DEL_USER_ATTR, [(self.dn, AT.USER), (nameattribute, AT.ATTRIBUTE)], value)
mode = ldap.MOD_DELETE
logging.getLogger().debug('Removing %s' % nameattribute)
try:
self.l.modify_s(self.dn, [(mode, nameattribute, value)])
except ldap.UNDEFINED_TYPE:
logging.getLogger().error("Attribute %s isn't defined on LDAP" % nameattribute)
except ldap.INVALID_SYNTAX:
logging.getLogger().error("Invalid Syntax from the attribute value of %s on ldap" % nameattribute)
r.commit()
def addBlacklist(self, elt):
"""Add an element to the blacklist"""
r = AF().log(PLUGIN_NAME, AA.PROXY_ADD_BLACKLIST, [(elt, AT.BLACKLIST)])
if not elt in self.contentArr:
self.contentArr.append(elt)
self.saveBlacklist()
r.commit()
def updatePPolicy(self, ppolicyName):
"""
Update the pwdPolicySubentry attribute of the current user
"""
if self.hasPPolicy():
if not ppolicyName:
return self.removePPolicy()
else:
# get the ppolicy dn
ppolicyDN = PPolicy().getPPolicy(ppolicyName)[0]
r = AF().log(PLUGIN_NAME, AA.PPOLICY_MOD_USER_PPOLICY, [(self.dn, AT.USER)])
try:
self.l.modify_s(self.dn, [(ldap.MOD_REPLACE, "pwdPolicySubentry", ppolicyDN)])
except ldap.UNDEFINED_TYPE:
logging.getLogger().error("Attribute %s isn't defined on ldap" % "pwdPolicySubentry")
except ldap.INVALID_SYNTAX:
logging.getLogger().error(
"Invalid Syntax from the attribute value of %s on ldap" % "pwdPolicySubentry"
)
r.commit()
return True
else:
return self.addPPolicy(ppolicyName)
return False
def delZone(self, zone):
"""
Delete a DNS zone with all its reverse zones
@param name: the zone name to delete
"""
r = AF().log(PLUGIN_NAME, AA.NETWORK_DEL_DNS_ZONE, [(zone, AT.ZONE)])
if self.pdns:
zoneDN = "dc=" + zone + "," + self.configDns.dnsDN
self.delRecursiveEntry(zoneDN)
reverseDN = self.getReverseZone(zone)
if reverseDN[0]:
self.delRecursiveEntry("dc=" + reverseDN[0] + "," + self.configDns.dnsDN)
else:
zoneDN = "ou=" + zone + "," + self.configDns.dnsDN
self.delRecursiveEntry(zoneDN)
os.unlink(os.path.join(self.configDns.bindLdapDir, zone))
newcontent = []
f = open(self.configDns.bindLdap, "r")
for line in f:
if not "/" + zone + '";' in line:
newcontent.append(line)
f.close()
f = open(self.configDns.bindLdap, "w+")
for line in newcontent:
f.write(line)
f.close()
r.commit()
def setSubnetStatement(self, subnet, option, value=None):
r = AF().log(PLUGIN_NAME, AA.NETWORK_SET_SUBNET_STMT,
[(subnet, AT.SUBNET), (option, "OPTION")], value)
subnets = self.getSubnet(subnet)
if subnets:
subnetDN = subnets[0][0]
self.setObjectStatement(subnetDN, option, value)
r.commit()
def delHost(self, subnet, hostname):
r = AF().log(PLUGIN_NAME, AA.NETWORK_DEL_HOST, [(subnet, AT.SUBNET)], hostname)
hosts = self.getHost(subnet, hostname)
for host in hosts:
if host[1]["cn"][0] == hostname:
self.delRecursiveEntry(host[0])
break
r.commit()
def delSubnet(self, network):
r = AF().log(PLUGIN_NAME, AA.NETWORK_DEL_SUBNET, [(network, AT.SUBNET)])
subnets = self.getSubnet()
for subnet in subnets:
if subnet[1]["cn"][0] == network:
self.delRecursiveEntry(subnet[0])
break
r.commit()
def setPoolRange(self, pool, start, end):
r = AF().log(PLUGIN_NAME, AA.NETWORK_SET_POOLRANGE, [(pool, AT.POOL)])
pools = self.getPool(pool)
if pools:
poolDN = pools[0][0]
self.l.modify_s(
poolDN, [(ldap.MOD_REPLACE, "dhcpRange", start + " " + end)])
r.commit()
def cleanUp(self):
"""
function call before shutdown of reactor
"""
logger.info('mmc-agent shutting down, cleaning up...')
l = AuditFactory().log(u'MMC-AGENT', u'MMC_AGENT_SERVICE_STOP')
l.commit()
self.cleanPid()
def cleanUp(self):
"""
function call before shutdown of reactor
"""
logger.info('mmc-agent shutting down, cleaning up...')
l = AuditFactory().log(u'MMC-AGENT', u'MMC_AGENT_SERVICE_STOP')
l.commit()
self.cleanPid()
def delSubnet(self, network):
r = AF().log(PLUGIN_NAME, AA.NETWORK_DEL_SUBNET,
[(network, AT.SUBNET)])
subnets = self.getSubnet()
for subnet in subnets:
if subnet[1]["cn"][0] == network:
self.delRecursiveEntry(subnet[0])
break
r.commit()
def delHost(self, subnet, hostname):
r = AF().log(PLUGIN_NAME, AA.NETWORK_DEL_HOST, [(subnet, AT.SUBNET)],
hostname)
hosts = self.getHost(subnet, hostname)
for host in hosts:
if host[1]["cn"][0] == hostname:
self.delRecursiveEntry(host[0])
break
r.commit()
def setSubnetNetmask(self, subnet, netmask):
r = AF().log(PLUGIN_NAME, AA.NETWORK_SET_SUBNET_NTMSK,
[(subnet, AT.SUBNET)], netmask)
subnets = self.getSubnet(subnet)
if subnets:
subnetDN = subnets[0][0]
self.l.modify_s(subnetDN,
[(ldap.MOD_REPLACE, "dhcpNetMask", netmask)])
r.commit()
def setPPolicyAttribute(self, nameattribute, value):
"""
Set the value of the given LDAP attribute.
Del the attribute if value is None
@param nameattribute: LDAP attribute name
@type nameattribute: str
@param value: LDAP attribute value
@type value: str
"""
if value is not None:
r = AF().log(PLUGIN_NAME, AA.PPOLICY_MOD_USER_ATTR,
[(self.dn, AT.USER),
(nameattribute, AT.ATTRIBUTE)], value)
if type(value) == bool:
value = str(value).upper()
elif type(value) == int:
value = str(value)
mode = ldap.MOD_REPLACE
logger.debug('Setting %s to %s' % (nameattribute, value))
else:
r = AF().log(PLUGIN_NAME, AA.PPOLICY_DEL_USER_ATTR,
[(self.dn, AT.USER),
(nameattribute, AT.ATTRIBUTE)], value)
mode = ldap.MOD_DELETE
logger.debug('Removing %s' % nameattribute)
try:
self.l.modify_s(self.dn, [(mode, nameattribute, value)])
except ldap.UNDEFINED_TYPE:
logger.error("Attribute %s isn't defined on LDAP" % nameattribute)
except ldap.INVALID_SYNTAX:
logger.error(
"Invalid Syntax from the attribute value of %s on ldap" %
nameattribute)
r.commit()
# if password reset request, we set sambaPwdLastSet to time()-24hours
if nameattribute == 'pwdReset' and value == 'TRUE':
userpolicy = self.getPPolicy()
if not userpolicy:
userpolicy = 'default'
pwd_minage = PPolicy().listPPolicy(
userpolicy)[0][1]['pwdMinAge'][0]
try:
from mmc.plugins import samba
if samba.isSmbUser(self.userUid):
samba.changeSambaAttributes(self.userUid, {
'sambaPwdLastSet':
str(int(time.time()) - int(pwd_minage))
})
else:
logger.debug('sambaPwdLastSet failed to set \
beause %s is not a samba user (pwdReset workaround)' %
self.userUid)
except ImportError:
pass
def modifyRecord(self, zone, hostname, ip):
"""
Change the IP address of a host in a zone.
If the new IP already exists, an exception is raised.
"""
r = AF().log(PLUGIN_NAME, AA.NETWORK_MODIFY_RECORD, [(zone, AT.ZONE), (hostname, AT.RECORD_A)], ip)
if self.ipExists(zone, ip): raise "The IP %s has been already registered in zone %s" % (ip, zone)
self.delRecord(zone, hostname)
self.addRecordA(zone, hostname, ip)
r.commit()
def setHostStatement(self, subnet, host, option, value):
r = AF().log(PLUGIN_NAME,
AA.NETWORK_SET_HOST_STMT, [(subnet, AT.SUBNET),
(host, AT.HOST),
(option, "OPTION")], value)
hosts = self.getHost(subnet, host)
if hosts:
hostDN = hosts[0][0]
self.setObjectStatement(hostDN, option, value)
r.commit()
def setHostHWAddress(self, subnet, host, address):
r = AF().log(PLUGIN_NAME, AA.NETWORK_SET_HOST_HWADD,
[(subnet, AT.SUBNET), (host, AT.HOST)], address)
hosts = self.getHost(subnet, host)
if hosts:
hostDN = hosts[0][0]
self.l.modify_s(
hostDN,
[(ldap.MOD_REPLACE, "dhcpHWAddress", ["ethernet " + address])])
r.commit()
def setSubnetDescription(self, subnet, description):
r = AF().log(PLUGIN_NAME, AA.NETWORK_SET_SUBNET_DESC, [(subnet, AT.SUBNET)], description)
subnets = self.getSubnet(subnet)
if subnets:
subnetDN = subnets[0][0]
if description:
self.l.modify_s(subnetDN, [(ldap.MOD_REPLACE, "dhcpComments", description)])
else:
self.l.modify_s(subnetDN, [(ldap.MOD_DELETE, "dhcpComments", None)])
r.commit()
def addHostToSubnet(self, subnet, hostname):
r = AF().log(PLUGIN_NAME, AA.NETWORK_ADD_HOST_TO_SUB, [(subnet, AT.SUBNET)], hostname)
subnets = self.getSubnet(subnet)
dn = "cn=" + hostname + "," + subnets[0][0]
entry = {
"cn" : hostname,
"objectClass" : ["top", "dhcpHost", "dhcpOptions"]
}
attributes=[ (k,v) for k,v in entry.items() ]
self.l.add_s(dn, attributes)
r.commit()
def dnsService(command):
if command != 'status':
event = { 'start' : AA.NETWORK_START_DNS_SERVICE,
'stop' : AA.NETWORK_STOP_DNS_SERVICE,
'restart' : AA.NETWORK_RESTART_DNS_SERVICE,
'reload' : AA.NETWORK_RELOAD_DNS_SERVICE }
r = AF().log(PLUGIN_NAME, event[command])
ret = DnsService().command(command)
if command != 'status':
r.commit()
return ret
def delVDomain(self, domain):
"""
Del a virtual mail domain name entry from directory
@param domain: virtual mail domain name
@type domain: str
"""
r = AF().log(PLUGIN_NAME, AA.MAIL_DEL_VDOMAIN, [(domain, AT.VMDOMAIN)])
dn = "virtualdomain=" + domain + ", " + self.conf.vDomainDN
self.delRecursiveEntry(dn)
r.commit()
def delVDomain(self, domain):
"""
Del a virtual mail domain name entry from directory
@param domain: virtual mail domain name
@type domain: str
"""
r = AF().log(PLUGIN_NAME, AA.MAIL_DEL_VDOMAIN, [(domain, AT.VMDOMAIN)])
dn = "virtualdomain=" + domain + ", " + self.conf.vDomainDN
self.delRecursiveEntry(dn)
r.commit()
def delSmbAttr(self, uid):
"""
Remove SAMBA attributes
@param uid: username
@type uid: str
@return: boolean
"""
userdn = self.searchUserDN(uid)
r = AF().log(PLUGIN_NAME, AA.SAMBA_DEL_SAMBA_CLASS, [(userdn,AT.USER)])
r.commit()
return self.removeUserObjectClass(uid, "sambaSamAccount")
def addHostToSubnet(self, subnet, hostname):
r = AF().log(PLUGIN_NAME, AA.NETWORK_ADD_HOST_TO_SUB,
[(subnet, AT.SUBNET)], hostname)
subnets = self.getSubnet(subnet)
dn = "cn=" + hostname + "," + subnets[0][0]
entry = {
"cn": hostname,
"objectClass": ["top", "dhcpHost", "dhcpOptions"]
}
attributes = [(k, v) for k, v in entry.items()]
self.l.add_s(dn, attributes)
r.commit()
def delMachine(self, uid):
"""
Remove a computer account from LDAP
@param uid: computer name
@type uid: str
"""
name='uid=' + uid + ',' + self.baseComputersDN
r = AF().log(PLUGIN_NAME, AA.SAMBA_DEL_MACHINE, [(name, AT.MACHINE)])
uid = uid + "$"
self.l.delete_s('uid=' + uid + ',' + self.baseComputersDN)
r.commit()
return 0
def modifyRecord(self, zone, hostname, ip):
"""
Change the IP address of a host in a zone.
If the new IP already exists, an exception is raised.
"""
r = AF().log(PLUGIN_NAME, AA.NETWORK_MODIFY_RECORD,
[(zone, AT.ZONE), (hostname, AT.RECORD_A)], ip)
if self.ipExists(zone, ip):
raise "The IP %s has been already registered in zone %s" % (ip,
zone)
self.delRecord(zone, hostname)
self.addRecordA(zone, hostname, ip)
r.commit()
def dnsService(command):
if command != 'status':
event = {
'start': AA.NETWORK_START_DNS_SERVICE,
'stop': AA.NETWORK_STOP_DNS_SERVICE,
'restart': AA.NETWORK_RESTART_DNS_SERVICE,
'reload': AA.NETWORK_RELOAD_DNS_SERVICE
}
r = AF().log(PLUGIN_NAME, event[command])
ret = DnsService().command(command)
if command != 'status':
r.commit()
return ret
def resetUsersVDomainQuota(self, domain):
"""
Reset the quota of all users in the given virtual mail domain
@param domain: virtual mail domain name
@type domain: str
"""
r = AF().log(PLUGIN_NAME, AA.MAIL_RESET_DOMAIN_QUOTA, [(domain, AT.VMDOMAIN)])
vdomain = self.getVDomain(domain)
mailuserquota = vdomain[0][1][self.conf.attrs['mailuserquota']][0]
for user in self.getVDomainUsers(domain):
self.changeUserAttributes(user[1]["uid"][0], self.conf.attrs['mailuserquota'], mailuserquota, False)
r.commit()
def addPool(self, subnet, poolname, start, end):
r = AF().log(PLUGIN_NAME, AA.NETWORK_ADD_POOL, [(subnet, AT.SUBNET),(poolname, AT.POOL)])
dhcprange = start + " " + end
subnets = self.getSubnet(subnet)
dn = "cn=" + poolname + "," + subnets[0][0]
entry = {
"cn" : poolname,
"dhcpRange" : dhcprange,
"objectClass" : ["top", "dhcpPool", "dhcpOptions"]
}
attributes=[ (k,v) for k,v in entry.items() ]
self.l.add_s(dn, attributes)
r.commit()
def addVDomain(self, domain):
"""
Add a virtual mail domain name entry in directory
@param domain: virtual mail domain name
@type domain: str
"""
r = AF().log(PLUGIN_NAME, AA.MAIL_ADD_VDOMAIN, [(domain, AT.VMDOMAIN)])
dn = "virtualdomain=" + domain + ", " + self.conf.vDomainDN
entry = {"virtualdomain": domain, "objectClass": ("mailDomain", "top")}
modlist = ldap.modlist.addModlist(entry)
self.l.add_s(dn, modlist)
r.commit()
def resetUsersVDomainQuota(self, domain):
"""
Reset the quota of all users in the given virtual mail domain
@param domain: virtual mail domain name
@type domain: str
"""
r = AF().log(PLUGIN_NAME, AA.MAIL_RESET_DOMAIN_QUOTA, [(domain, AT.VMDOMAIN)])
vdomain = self.getVDomain(domain)
mailuserquota = vdomain[0][1][self.conf.attrs['mailuserquota']][0]
for user in self.getVDomainUsers(domain):
self.changeUserAttributes(user[1]["uid"][0], self.conf.attrs['mailuserquota'], mailuserquota, False)
r.commit()