def askName():
print 'The current hostname is \'%s\'\n' % functions.getlocalhostname()
while True:
raw = raw_input("please give the FULL QUALIFIED DOMAIN NAME for this host (leave empty to use current) : ")
if raw == '':
return functions.getlocalhostname()
elif raw.count('.') < 1:
print 'you want register a top level domain? Try again\n'
else:
return raw
def askName():
print 'The current hostname is \'%s\'\n' % functions.getlocalhostname()
while True:
raw = raw_input(
"please give the FULL QUALIFIED DOMAIN NAME for this host (leave empty to use current) : "
)
if raw == '':
return functions.getlocalhostname()
elif raw.count('.') < 1:
print 'you want register a top level domain? Try again\n'
else:
return raw
def get_service_name(self, service='host', host=getlocalhostname()):
"""
@see UniDomain.Classes.Author#get_service_name
"""
if '@' in service: service = service.split('@', 1)[0]
if '/' in service: service, host = service.split('/', 1)
return '%s/%s@%s' % (service, host, self.config.krb5realm)
def get_service_keytab(self,
service='host',
host=getlocalhostname(),
options="",
keytab=None):
""" get a keytab for service <service>/<fqdn>@<realm>"""
if not self.kadm: self.kadmin()
if not keytab: keytab = self.config.krb5keytab
service = self.get_service_name(service, host)
logging.debug('adding keytab for %s', service)
sess = subprocess.Popen(
self.kadm +
['-q', 'ktadd -k %s %s %s' % (keytab, options, service)],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
env=self.env)
(sout, serr) = sess.communicate()
if serr == '\n\x07\x07\x07Administration credentials NOT DESTROYED.\n':
logging.info('keytab for %s written to %s', service, keytab)
logging.debug('removing old keys in keytab')
sess = subprocess.Popen(
self.kadm +
['-q', 'ktremove -k %s %s old' % (keytab, service)],
env=self.env)
sess.communicate()
return True
logging.error(
'Writing keytab for %s failed!\nkadmin stderr:\n %s\nkadmin stdout:\n%s',
service, serr, sout)
return False
def get_service_name(self, service = 'host', host = getlocalhostname()):
"""
@see UniDomain.Classes.Author#get_service_name
"""
if '@' in service: service = service.split('@', 1)[0]
if '/' in service: service, host = service.split('/', 1)
return '%s/%s@%s' % (service, host, self.config.krb5realm)
def delete_service(self, service='host', host=getlocalhostname()):
"""
@see UniDomain.Classes.Author#delete_service
"""
if not self.kadm: self.kadmin()
logging.debug('delete_service_principal %s %s', service, host)
if len(self.list_service(service, host)) == 0:
logging.warning('%s does not exist in kerberos, nothing changed',
host)
return False
service = self.get_service_name(service, host)
logging.debug('%s will be removed from KDC.', service)
sess = subprocess.Popen(self.kadm +
['-q', 'delete_principal -force ' + service],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
env=self.env)
(sout, serr) = sess.communicate()
if sout.find('Principal "%s" deleted.' % service) > -1:
logging.info('%s deleted from KDC', service)
return True
logging.error(
'%s not deleted in KDC.\nkadmin stderr:\n %s\nkadmin stdout:\n%s',
service, serr, sout)
return False
def add_service(self, service='host', host=getlocalhostname()):
"""
@see UniDomain.Classes.Author#add_service
"""
if not self.kadm: self.kadmin()
logging.debug("add_service %s %s", service, host)
if len(self.list_service(service, host)) > 0:
logging.warning('Service %s %s already exists. Nothing changed.',
service, host)
return True
service = self.get_service_name(service, host)
logging.debug('%s will be added to KDC', service)
sess = subprocess.Popen(self.kadm + [
'-q',
'add_principal -policy service -pwexpire never -expire never -randkey %s'
% (service)
],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE,
env=self.env)
(sout, serr) = sess.communicate(None)
if sout.find('Principal "%s" created.' % service) == -1:
logging.error(
'%s %s not created in KDC.\nkadmin stderr:\n %s\nkadmin stdout:\n%s',
service, host, serr, sout)
return False
return True
def add_host(self, hostname=None, target=None, classes=None, **args):
"""
@see UniDomain.Classes.db#add_host
"""
# some prechecks
if not classes: classes = []
if not target: target = self.home[0]
if not hostname: hostname = func.getlocalhostname()
shortname = hostname.split('.')[0]
if len(self.home) == 0:
logging.warning(
'%s does not have enough rights to add hosts to the database',
self.userID)
return False
# setup host object
host_dn = 'cn=%s,%s' % (shortname, target
) # we use first home dn as target container
#FIXME: I dont like this krb5-dependancy...
host_usid = 'host/%s@%s' % (hostname, self.config.krb5realm)
logging.debug('using %s as usid', host_usid)
if len(self.list_hosts(hostname)) > 0:
logging.warning('Host %s already exists. Not changing.', hostname)
return True
logging.debug('Looks good. Adding %s to %s', hostname, target)
host_data = [
('cn', shortname),
('udSerial', '%i' % self.next_udSerial()),
('lastSeen', nowstr()),
('objectClass', ['top', 'dNSZone', 'udHost']),
('relativeDomainName', shortname),
('zoneName', self.config.dnszone),
('dNSTTL', '3600'),
('dNSClass', 'IN'),
('ARecord', func.get_local_ip()),
('FQDN', hostname),
('USID', host_usid),
('description', 'new registered host object'),
]
ipv6 = func.get_local_ipv6()
if ipv6:
host_data.append(('aAAARecord', ipv6))
if len(classes) > 0:
host_data.append(('udGroup', classes))
try:
self.conn.result(self.conn.add(host_dn, host_data))
# add policies
queries = [
self.conn.add(
'cn=%s,%s' % (policy, host_dn),
[('objectClass', ['top', 'udPolicy']), args[policy]])
for policy in args
]
[self.conn.result(query) for query in queries]
except Exception, err:
logging.warning('add_host(): Trouble adding to ldap.\n%s',
str(err))
return False
def add_host(self, hostname = None, target = None, classes = None, **args):
"""
@see UniDomain.Classes.db#add_host
"""
# some prechecks
if not classes: classes = []
if not target: target = self.home[0]
if not hostname: hostname = func.getlocalhostname()
shortname = hostname.split('.')[0]
if len(self.home) == 0:
logging.warning('%s does not have enough rights to add hosts to the database', self.userID)
return False
# setup host object
host_dn = 'cn=%s,%s' % (shortname, target) # we use first home dn as target container
#FIXME: I dont like this krb5-dependancy...
host_usid = 'host/%s@%s' % (hostname, self.config.krb5realm)
logging.debug('using %s as usid', host_usid)
if len(self.list_hosts(hostname)) > 0:
logging.warning('Host %s already exists. Not changing.', hostname)
return True
logging.debug('Looks good. Adding %s to %s', hostname, target)
host_data = [
('cn', shortname),
('udSerial', '%i' % self.next_udSerial()),
('lastSeen', nowstr()),
('objectClass', ['top', 'dNSZone', 'udHost']),
('relativeDomainName', shortname),
('zoneName', self.config.dnszone),
('dNSTTL', '3600'),
('dNSClass', 'IN'),
('ARecord', func.get_local_ip()),
('FQDN', hostname),
('USID', host_usid),
('description', 'new registered host object'),
]
ipv6 = func.get_local_ipv6()
if ipv6:
host_data.append(('aAAARecord', ipv6))
if len(classes) > 0:
host_data.append(('udGroup', classes))
try:
self.conn.result(self.conn.add(host_dn, host_data))
# add policies
queries = [
self.conn.add(
'cn=%s,%s' % (policy, host_dn),
[('objectClass', ['top','udPolicy']),args[policy]]
)
for policy in args
]
[
self.conn.result(query)
for query in queries
]
except Exception, err:
logging.warning('add_host(): Trouble adding to ldap.\n%s', str(err))
return False
def list_service(self, service = 'host', host = getlocalhostname()):
"""
@see UniDomain.Classes.Author#list_service
"""
if not self.kadm: self.kadmin()
service = self.get_service_name(service, host)
logging.debug('canoncial servicename is %s', service)
sess = subprocess.Popen(self.kadm + ['-q', 'listprincs ' + service], stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=self.env)
(sout, serr) = sess.communicate()
logging.debug(sout)
logging.debug(serr)
return [x for x in sout.split('\n') if x==service]
def get_service_keytab(self,
service='host',
host=getlocalhostname(),
options="",
keytab=None):
"""
get service keytab
@param service: service to add defaults to 'host'
@param host: the host. defaults to the local hosts name
@param options: additional options to add (encryption params, etc)
@param keytab: which keytab to add the principal to. defaults to /etc/krb5.keytab
@return: True if success, False otherwise
"""
return False
def list_service(self, service='host', host=getlocalhostname()):
"""
@see UniDomain.Classes.Author#list_service
"""
if not self.kadm: self.kadmin()
service = self.get_service_name(service, host)
logging.debug('canoncial servicename is %s', service)
sess = subprocess.Popen(self.kadm + ['-q', 'listprincs ' + service],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
env=self.env)
(sout, serr) = sess.communicate()
logging.debug(sout)
logging.debug(serr)
return [x for x in sout.split('\n') if x == service]
def get_service_keytab(self, service='host', host = getlocalhostname(), options="", keytab=None):
""" get a keytab for service <service>/<fqdn>@<realm>"""
if not self.kadm: self.kadmin()
if not keytab: keytab = self.config.krb5keytab
service = self.get_service_name(service, host)
logging.debug('adding keytab for %s', service)
sess = subprocess.Popen(self.kadm + ['-q', 'ktadd -k %s %s %s' % (keytab, options, service)], stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=self.env)
(sout, serr) = sess.communicate()
if serr == '\n\x07\x07\x07Administration credentials NOT DESTROYED.\n':
logging.info('keytab for %s written to %s', service, keytab)
logging.debug('removing old keys in keytab')
sess = subprocess.Popen(self.kadm + ['-q', 'ktremove -k %s %s old' % (keytab, service)], env=self.env)
sess.communicate()
return True
logging.error('Writing keytab for %s failed!\nkadmin stderr:\n %s\nkadmin stdout:\n%s', service, serr, sout)
return False
def add_service(self, service= 'host', host=getlocalhostname()):
"""
@see UniDomain.Classes.Author#add_service
"""
if not self.kadm: self.kadmin()
logging.debug("add_service %s %s", service, host)
if len(self.list_service(service, host)) > 0:
logging.warning('Service %s %s already exists. Nothing changed.', service, host)
return True
service = self.get_service_name(service, host)
logging.debug('%s will be added to KDC', service)
sess = subprocess.Popen(self.kadm + ['-q', 'add_principal -policy service -pwexpire never -expire never -randkey %s' % (service)], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, env=self.env)
(sout, serr) = sess.communicate(None)
if sout.find('Principal "%s" created.' % service) == -1:
logging.error('%s %s not created in KDC.\nkadmin stderr:\n %s\nkadmin stdout:\n%s', service, host, serr, sout)
return False
return True
def delete_service(self, service= 'host', host= getlocalhostname()):
"""
@see UniDomain.Classes.Author#delete_service
"""
if not self.kadm: self.kadmin()
logging.debug('delete_service_principal %s %s', service, host)
if len(self.list_service(service, host)) == 0:
logging.warning('%s does not exist in kerberos, nothing changed', host)
return False
service = self.get_service_name(service, host)
logging.debug('%s will be removed from KDC.', service)
sess = subprocess.Popen(self.kadm + ['-q', 'delete_principal -force ' + service], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=self.env)
(sout, serr) = sess.communicate()
if sout.find('Principal "%s" deleted.' % service) > -1:
logging.info('%s deleted from KDC', service)
return True
logging.error('%s not deleted in KDC.\nkadmin stderr:\n %s\nkadmin stdout:\n%s', service, serr, sout)
return False
def delete_service(self, service='host', host=getlocalhostname()):
"""
delete a service from the authen backend
@note: this requires additional privileges
"""
return False
)
(options, args) = parser.parse_args()
if options.debug:
logging.basicConfig(level=logging.DEBUG)
if options.extended_help:
print extended_help
sys.exit(0)
if len(args) < 2:
logging.critical("invalid syntax")
parser.print_usage()
sys.exit(1)
# check for hostname and policy to edit.
if args[0] in known_policies:
# no hosts specified. use local host name.
hostname = "host/" + functions.getlocalhostname()
policy = args.pop(0)
elif args[1] in known_policies:
hostname = args.pop(0)
if not hostname.startswith("host/"):
hostname = "host/" + hostname
policy = args.pop(0)
else:
logging.critical("Invalid syntax, unknown policy specified")
parser.print_usage()
sys.exit(1)
# get ticket
if options.janitor:
config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab")
else:
if args[0] == "list":
def list_service(self, service='host', host=getlocalhostname()):
"""
list services in the authen backend
"""
return []
parser.add_option("-p", action="store_true", dest="extended_help", help="show known policies and their actions", default=False)
(options, args) = parser.parse_args()
if options.debug:
logging.basicConfig(level=logging.DEBUG)
if options.extended_help:
print extended_help
sys.exit(0)
if len(args) < 2:
logging.critical('invalid syntax')
parser.print_usage()
sys.exit(1)
# check for hostname and policy to edit.
if args[0] in known_policies:
# no hosts specified. use local host name.
hostname = 'host/' + functions.getlocalhostname()
policy = args.pop(0)
elif args[1] in known_policies:
hostname = args.pop(0)
if not hostname.startswith('host/'):
hostname = 'host/' + hostname
policy = args.pop(0)
else:
logging.critical('Invalid syntax, unknown policy specified')
parser.print_usage()
sys.exit(1)
# get ticket
if options.janitor:
config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab")
else:
if args[0] == 'list' :
def add_service(self, service='host', host=getlocalhostname()):
"""
add a service to the authen backend
@note: this requires additional privileges
"""
return False
