Exemple #1
0
    def __init__(self, cmd_line_args, log_file=None):
        
        Test.__init__(self, log_file)
        
        self.inp_args            = cmd_line_args
        self.result              = 'Auto-Conf Easy Auth result:\n'
        
        #dictionary of param name, param values for testing DNS
        testdns_params      = { 'realm'           : cmd_line_args.domain_name,
                                'process_timeout' : 75}
        #instantiate test DNS object
        self.testdns             = TestDNS(testdns_params, log_file)
            
        #dictionary of param name, param values for join domain
        domainjoin_params        = {'realm'        : cmd_line_args.domain_name,
                                    'login'        : cmd_line_args.admin_name,
                                    'passwd'       : cmd_line_args.admin_pass,
                                    'join_type'    : cmd_line_args.join_type,
                                    'dc_list'      : cmd_line_args.dc_name,
                                    'workgroup'    : cmd_line_args.shortdom,
                                    'join_timeout' : 60}
        #instantiate JoinDomain object
        self.domainjoin          = JoinDomain(domainjoin_params, log_file)

        #initialize node list
        self.node_alias_map      = AutoConfEasyAuth.NodeAliasMap(cmd_line_args.conf_type)
        #instatiate ModifyConfigNodes object
        self.setconfig           = ModifyConfigNodes(self.node_alias_map.node_list, \
                                        self.node_alias_map.node_alias, \
                                        log_file)
        addrepl_params       = {'domain'       : cmd_line_args.domain_name,
                                'user'         : cmd_line_args.repl_user_name,
                                'user_domain'  : cmd_line_args.repl_user_dom,
                                'clr_password' : cmd_line_args.repl_user_pass,
                                'rodc'         : cmd_line_args.repl_isrodc,
                                'dcname'       : cmd_line_args.dc_name }
        self.addrepl             = AddReplUser(addrepl_params, log_file);
        #dictionary of param name, param values for auto conf
        confrepl_params          = { 'realm'           : cmd_line_args.domain_name,
                                     'admin'           : cmd_line_args.admin_name,
                                     'adminpass'       : cmd_line_args.admin_pass,
                                     'dc'              : cmd_line_args.dc_name,
                                     'process_timeout' : 45 } 
        #instantiate ModifyConfigNodes object
        self.confrepl            = AutoConfRepl(confrepl_params, log_file)
Exemple #2
0
class AutoConfEasyAuth(Test):
    
    #allowed configuration types
    _conf_type_separator = ','
    _conf_types = [ 'emapi','smbsigning','smb2signing', 'smb3signing', 'all']

    #allowed join types
    _join_types = [ 'bdc', 'rodc']

    _repl_domain_prefix = '/rbt/sport/domain_auth/state/replication/domain'

    class NodeAliasMap:
        """class to maintain config nodes that need to be enabled,
        based on the type of auto configuration to be performed
        node_list   : is a list of (node name, node type, node value)
        node_alias  : holds name of the node to be used in log messages
        peer_enable : does the node need to be enabled on peer as well
        """
        def __init__(self, type):
            self.node_list       = []
            self.node_alias      = []
            self.peer_enable     = []
            if type is not None:
                if 'emapi' in type or 'all' in type :
                    self.node_list   += [ ['/rbt/sport/blade/exchange/config/mapi2k7/encrypted/enable', 'bool', 'true'],
                                          ['/rbt/sport/blade/exchange/config/mapi2k7/encrypted/force_ntlm_auth', 'bool' ,'true'],
                                          ['/rbt/sport/blade/exchange/config/native_krb/enable', 'bool', 'true'] ]
                    self.node_alias  += ['Encrypted MAPI',
                                         'Encrypted MAPI NTLM',
                                         'Encrypted MAPI Native Kerberos']
                    self.peer_enable += [True,
                                         True,
                                         True]

                if 'smbsigning' in type or 'all' in type :
                    self.node_list   += [ ['/rbt/sport/smbsigning/config/enable', 'bool', 'true'],
                                          ['/rbt/sport/smbsigning/config/mode_type', 'string', 'transparent'],
                                          ['/rbt/sport/smbsigning/config/native_krb', 'bool', 'true'] ]
                    self.node_alias  += ['SMB Signing',
                                         'SMB Signing Mode',
                                         'SMB Signing Native Kerberos']
                    self.peer_enable += [False,
                                         False,
                                         False]
            
                if 'smb3signing' in type or 'all' in type :
                    self.node_list   += [['/rbt/sport/smb2/config/smb3/enable', 'bool', 'true']]
                    self.node_alias  += ['SMB3']
                    self.peer_enable += [True]

                if 'smb2signing' in type or 'smb3signing' in type or 'all' in type :
                    self.node_list   += [['/rbt/sport/smb2/config/enable', 'bool', 'true'],
                                         ['/rbt/sport/smb2signing/config/enable', 'bool', 'true'],
                                         ['/rbt/sport/smb2signing/config/mode_type', 'string', 'transparent'],
                                         ['/rbt/sport/smb2signing/config/native_krb', 'bool', 'true'] ]
                    self.node_alias  += ['SMB2',
                                         'SMB2/3 Signing',
                                         'SMB2/3 Signing Mode',
                                         'SMB2/3 Signing Native Kerberos']
                    self.peer_enable += [True,
                                         False,
                                         False,
                                         False]

    def __init__(self, cmd_line_args, log_file=None):
        
        Test.__init__(self, log_file)
        
        self.inp_args            = cmd_line_args
        self.result              = 'Auto-Conf Easy Auth result:\n'
        
        #dictionary of param name, param values for testing DNS
        testdns_params      = { 'realm'           : cmd_line_args.domain_name,
                                'process_timeout' : 75}
        #instantiate test DNS object
        self.testdns             = TestDNS(testdns_params, log_file)
            
        #dictionary of param name, param values for join domain
        domainjoin_params        = {'realm'        : cmd_line_args.domain_name,
                                    'login'        : cmd_line_args.admin_name,
                                    'passwd'       : cmd_line_args.admin_pass,
                                    'join_type'    : cmd_line_args.join_type,
                                    'dc_list'      : cmd_line_args.dc_name,
                                    'workgroup'    : cmd_line_args.shortdom,
                                    'join_timeout' : 60}
        #instantiate JoinDomain object
        self.domainjoin          = JoinDomain(domainjoin_params, log_file)

        #initialize node list
        self.node_alias_map      = AutoConfEasyAuth.NodeAliasMap(cmd_line_args.conf_type)
        #instatiate ModifyConfigNodes object
        self.setconfig           = ModifyConfigNodes(self.node_alias_map.node_list, \
                                        self.node_alias_map.node_alias, \
                                        log_file)
        addrepl_params       = {'domain'       : cmd_line_args.domain_name,
                                'user'         : cmd_line_args.repl_user_name,
                                'user_domain'  : cmd_line_args.repl_user_dom,
                                'clr_password' : cmd_line_args.repl_user_pass,
                                'rodc'         : cmd_line_args.repl_isrodc,
                                'dcname'       : cmd_line_args.dc_name }
        self.addrepl             = AddReplUser(addrepl_params, log_file);
        #dictionary of param name, param values for auto conf
        confrepl_params          = { 'realm'           : cmd_line_args.domain_name,
                                     'admin'           : cmd_line_args.admin_name,
                                     'adminpass'       : cmd_line_args.admin_pass,
                                     'dc'              : cmd_line_args.dc_name,
                                     'process_timeout' : 45 } 
        #instantiate ModifyConfigNodes object
        self.confrepl            = AutoConfRepl(confrepl_params, log_file)
        
    def _add_restart_peer_enable_msg(self):
        for index, value in enumerate(self.node_alias_map.peer_enable):
            if value :
                output = 'Please make sure ' \
                         + self.node_alias_map.node_alias[index]\
                         + ' is enabled on the peers\n'
                self.result += output
                self.log_file.warn(output)

        if self.setconfig.restart_needed :
            output = 'You must restart the optimization' \
                         + ' service for your changes to take' \
                         + ' effect.\n'
            self.result += output
            self.log_file.warn(output)

    def _is_repl_deployed(self):
        is_deployed = False
        deployed_repl_domains_list, domain_details = \
                  AutoConfEasyAuth.get_node_children(\
                                        AutoConfEasyAuth._repl_domain_prefix)

        if len(deployed_repl_domains_list):
            is_deployed = any( AutoConfEasyAuth.strequal_ic(\
                                deployed_domain, self.inp_args.domain_name) \
                            for deployed_domain in deployed_repl_domains_list)

        return is_deployed

    def _handle_no_repl_domain(self):
        ret_code = AutoConfEasyAuth.success
        if not self._is_repl_deployed():
            modify_node_list = []
            self.log_file.info("Turning off native-krb nodes")
            for alias in self.node_alias_map.node_alias :
                #if no replication domain reset native-krb nodes
                if 'Kerberos' in alias :
                    index = self.node_alias_map.node_alias.index(alias)
                    node_details = self.node_alias_map.node_list[index]
                    #set the value of krb nodes to false
                    node_details[ModifyConfigNodes.node_value_index] = 'false'
                    modify_node_list.append(node_details)
                    self.node_alias_map.peer_enable[index] = False
            ret_code = self.setconfig.modify_set_nodes(modify_node_list)
            
        return ret_code

    def _handle_repl_ut_mode(self):
        ret_code = AutoConfEasyAuth.success
        if self.inp_args.domain_name == "INVALIDTESTDOM.COM":
            #forcing rollback in unit test mode 
            ret_code = AutoConfEasyAuth.error
        else:
            #testing scenario when no repl user is deployed on SH
            if not self._is_repl_deployed():
                self.confrepl.result = 'WARN: Replication domain: ' \
                                        + self.inp_args.domain_name + ' not '\
                                        + 'found. Not going to attempt to ' \
                                        + 'auto-configure replication user in AD\n'  
        
        return ret_code

    def _easyauth_auto_conf(self):
        ret_code = AutoConfEasyAuth.success
        # the easy auth auto configuration involves 4 steps

        ret_code = self.is_process_running('domaind')
        ret_code = ret_code or self.is_process_running('rcud')
        ret_code = ret_code or self.is_process_running('sport')

        if ret_code == AutoConfEasyAuth.success :

            #####Step 1: test DNS#####
            self.log_file.info('Testing DNS Configuration')
            self.log_file.info('Join Domain: ' + self.inp_args.domain_name)
            if self.inp_args.test_mode == False:
                ret_code = self.testdns.run()

            if ret_code == AutoConfEasyAuth.success :
                output = 'DNS Test Passed\n'
                self.result += output
                self.log_file.notice(output)

                #####Step 2: Join/Re-join domain#####
                self.log_file.info('Join/Re-Join the Domain')
                if self.inp_args.test_mode == False:
                    ret_code = self.domainjoin.run()

                if ret_code == AutoConfEasyAuth.success :
                    output='Successfully joined domain: ' + self.inp_args.domain_name + '\n'
                    self.result += output
                    self.log_file.notice(output)

                    #####Step 3: Enable Config Nodes #####
                    self.log_file.info('Enable nodes for ' \
                            + self.inp_args.conf_type + ' auto-conf')
                    ret_code = self.setconfig.run()

                    if ret_code == AutoConfEasyAuth.success:
                        output = 'Successfully enabled nodes for ' \
                                    + self.inp_args.conf_type + ' auto-conf \n'
                        self.result += output
                        self.log_file.notice(output)


                        #####Step 4: Add Replication user if provided
                        if self.inp_args.repl_user_dom is not None and \
                           self.inp_args.repl_user_pass is not None and \
                           self.inp_args.repl_user_pass is not None:
                            self.log_file.info('Add Replication User')
                            ret_code = self.addrepl.run()
                            if ret_code == AutoConfEasyAuth.success :
                                output='Successfully added replication user: '******'\n'
                                self.result += output
                                self.log_file.notice(output)
                            else : 
                                output='Adding Replication user failed\n'
                                self.result +=output
                                self.log_file.warn(output)


                        #####Step 5: Auto-Configure Replication User in AD #####
                        self.log_file.info('Auto-Configure Replication User in AD')
                        if self.inp_args.test_mode == False:
                            ret_code = self.confrepl.run()
                        else:
                            ret_code = self._handle_repl_ut_mode()

                        if ret_code == AutoConfEasyAuth.success :
                            if self.confrepl.result :     
                                self.result += self.confrepl.result
                                self._handle_no_repl_domain()
                            else :
                                output = 'Auto-Conf of Replication user' \
                                         + ' in AD succeeded\n'
                                self.result += output
                                self.log_file.notice(output)
                            
                            self._add_restart_peer_enable_msg()

                            return ret_code

                        else :
                            output = 'Auto-Conf of Replication user Failed\n'
                    else :
                        output = 'Enabling config nodes Failed\n'
                else :
                    output = 'Encountered problems when trying to ' \
                              + 'join/rejoin domain: '\
                              + self.inp_args.domain_name + '\n'
            else :
                output = 'DNS Test failed\n'
        else :
            output = 'Unable to Connect to Domain-Health provider rcud or sport\n'

        self.result = output
        self.log_file.error(output)

        return ret_code

    def _is_valid_conf_type(self):
        inp_conf_type = self.inp_args.conf_type
        if AutoConfEasyAuth._conf_type_separator in inp_conf_type :
            input_confs = inp_conf_type.split(AutoConfEasyAuth._conf_type_separator)
            for conf_type in input_confs:
                if not conf_type in AutoConfEasyAuth._conf_types :
                    return False
        else :
            if not inp_conf_type in AutoConfEasyAuth._conf_types :
                return False
        return True
                     
    
    def validate_params(self):
        """validate parameters that were initialized on object instantiation

        returns:
            (ret_code)
            ret_code -> zero on success and non-zero on error
        """ 

        ret_code = AutoConfEasyAuth.success

        if (self.inp_args.conf_type == None) or \
           (self.inp_args.domain_name == None) or \
           (self.inp_args.admin_name == None) or \
           (self.inp_args.admin_pass == None) or \
           (self.inp_args.dc_name == None) or \
           (self.inp_args.join_type == None) or \
           (not self._is_valid_conf_type()) or \
           ((self.inp_args.join_type).lower() not in AutoConfEasyAuth._join_types) :
               self.log_file.error('Invalid input parameters')
               ret_code = AutoConfEasyAuth.invalid
           
        return ret_code


    #if input arguments are validated start Easy Auth Auto-Conf
    def run(self):
        """issue an operation an instantiated object to auto-configure auth settings

        returns:
            (ret_code)
            ret_code -> zero on success and non-zero on error
        """

        ret_code = AutoConfEasyAuth.success

        ret_code = self.validate_params()

        if ret_code == AutoConfEasyAuth.success :
            self.log_file.info('Starting AUTO-CONF EASY AUTH')
            msg = 'Input Arguments: \n' \
                  + ' Configuration type: ' + self.inp_args.conf_type + '\n' \
                  + ' Domain Name: ' + self.inp_args.domain_name + '\n' \
                  + ' Admin User: '******'\n' \
                  + ' Domain Controller: ' + self.inp_args.dc_name + '\n' \
                  + ' Join Type: ' + self.inp_args.join_type + '\n'
            if self.inp_args.shortdom is not None:
                msg += ' Short Domain Name: ' + self.inp_args.shortdom + '\n'
            if self.inp_args.repl_user_name is not None:
                msg += ' Replication User: '******'\n'
                if self.inp_args.repl_user_dom is not None:
                    msg += ' Replication User Domain: ' + self.inp_args.repl_user_dom \
                           + '\n' + ' Is RODC: ' + self.inp_args.repl_isrodc + '\n'
            self.log_file.info(msg)

            ret_code = self._easyauth_auto_conf()
        return ret_code

    def rollback(self):
        """Rollsback state to what it was before the auto-configuration was issued"""

        self.log_file.notice('Rolling back to original state')
        self.confrepl.rollback()
        self.addrepl.rollback()
        self.setconfig.rollback()
        self.domainjoin.rollback()
        self.testdns.rollback()