def getLocalSysvolPath():
rc, networkConfig = config.network()
if not rc:
return False, None
networkPath = f"//{networkConfig['serverHostname']}/sysvol"
return getMountpointOfRemotePath(networkPath, True)
def _resolveVariables(fileData):
# replace placeholders with values
rc, networkConfig = config.network()
if not rc:
return False, None
# network
fileData = fileData.replace('@@serverHostname@@',
networkConfig["serverHostname"])
fileData = fileData.replace('@@domain@@', networkConfig["domain"])
fileData = fileData.replace('@@realm@@', networkConfig["realm"])
# constants
fileData = fileData.replace('@@userTemplateDir@@',
constants.userTemplateDir)
fileData = fileData.replace(
'@@hiddenShareMountBasepath@@',
constants.hiddenShareMountBasepath.format("%(USER)"))
# hooks
fileData = fileData.replace('@@hookScriptBoot@@',
hooks.getLocalHookScript(hooks.Type.Boot))
fileData = fileData.replace('@@hookScriptShutdown@@',
hooks.getLocalHookScript(hooks.Type.Shutdown))
fileData = fileData.replace(
'@@hookScriptLoginLogoutAsRoot@@',
hooks.getLocalHookScript(hooks.Type.LoginLogoutAsRoot))
fileData = fileData.replace(
'@@hookScriptSessionStarted@@',
hooks.getLocalHookScript(hooks.Type.SessionStarted))
return fileData
def serverUrl():
rc, networkConfig = config.network()
if not rc:
return False, None
serverHostname = networkConfig["serverHostname"]
return 'ldap://{0}'.format(serverHostname)
def baseDn():
rc, networkConfig = config.network()
if not rc:
return None
domain = networkConfig["domain"]
return "dc=" + domain.replace(".", ",dc=")
def patchKeytab():
"""
Patches the `/etc/krb5.keytab` file. It inserts the correct hostname of the current computer.
:return: True on success, False otherwise
:rtype: bool
"""
krb5KeytabFilePath = "/etc/krb5.keytab"
logging.info("Patching {}".format(krb5KeytabFilePath))
krb5KeytabUtil = Krb5KeytabUtil(krb5KeytabFilePath)
try:
krb5KeytabUtil.read()
except:
logging.error("Error reading {}".format(krb5KeytabFilePath))
return False
for entry in krb5KeytabUtil.keytab.entries:
oldData = entry.principal.components[-1].data
if len(entry.principal.components) == 1:
newData = computer.hostname().upper() + "$"
entry.principal.components[0].data = newData
elif len(entry.principal.components) == 2 and (
entry.principal.components[0].data == "host"
or entry.principal.components[0].data == "RestrictedKrbHost"):
rc, networkConfig = config.network()
if not rc:
continue
newData = ""
domain = networkConfig["domain"]
if domain in entry.principal.components[1].data:
newData = computer.hostname().lower() + "." + domain
else:
newData = computer.hostname().upper()
entry.principal.components[1].data = newData
logging.debug("{} was changed to {}".format(
oldData, entry.principal.components[-1].data))
logging.info("Trying to overwrite {}".format(krb5KeytabFilePath))
try:
result = krb5KeytabUtil.write()
except:
result = False
if not result:
logging.error("Error overwriting {}".format(krb5KeytabFilePath))
return result
def _getRemoteHookScripts(hookType):
if not hookType in remoteScriptNames:
return False, None
rc, networkConfig = config.network()
if not rc:
logging.error(
"Could not execute server hooks because the network config could not be read"
)
return False, None
if _remoteScriptInUserContext[hookType]:
rc, attributes = user.readAttributes()
if not rc:
logging.error(
"Could not execute server hooks because the user config could not be read"
)
return False, None
else:
rc, attributes = computer.readAttributes()
if not rc:
logging.error(
"Could not execute server hooks because the computer config could not be read"
)
return False, None
try:
domain = networkConfig["domain"]
school = attributes["sophomorixSchoolname"]
scriptName = remoteScriptNames[hookType]
except:
logging.error(
"Could not execute server hooks because the computer/user config is missing attributes"
)
return False, None
rc, sysvolPath = shares.getLocalSysvolPath()
if not rc:
logging.error(
"Could not execute server hook {} because the sysvol could not be mounted!\n"
)
return False, None
hookScriptPathTemplate = "{0}/{1}/scripts/{2}/{3}/linux/{4}".format(
sysvolPath, domain, school, "{}", scriptName)
return True, [
hookScriptPathTemplate.format("lmn"),
hookScriptPathTemplate.format("custom")
]
def serverUrl():
"""
Returns the server URL
:return: The server URL
:rtype: str
"""
rc, networkConfig = config.network()
if not rc:
return False, None
serverHostname = networkConfig["serverHostname"]
return 'ldap://{0}'.format(serverHostname)
def baseDn():
"""
Returns the base DN
:return: The baseDN
:rtype: str
"""
rc, networkConfig = config.network()
if not rc:
return None
domain = networkConfig["domain"]
return "dc=" + domain.replace(".", ",dc=")
def _prepareEnvironment():
dictsAndPrefixes = {}
rc, networkConfig = config.network()
if rc:
dictsAndPrefixes["Network"] = networkConfig
rc, userConfig = user.readAttributes()
if rc:
dictsAndPrefixes["User"] = userConfig
rc, computerConfig = computer.readAttributes()
if rc:
dictsAndPrefixes["Computer"] = computerConfig
environment = _dictsToEnv(dictsAndPrefixes)
_writeEnvironment(environment)
def _mountShare(username,
networkPath,
shareName,
hiddenShare,
useCruidOfExecutingUser=False):
mountpoint = _getShareMountpoint(networkPath, username, hiddenShare,
shareName)
mountCommandOptions = f"file_mode=0700,dir_mode=0700,sec=krb5,nodev,nosuid,mfsymlinks,nobrl,vers=3.0,user={username}"
rc, networkConfig = config.network()
domain = None
if rc:
domain = networkConfig["domain"]
mountCommandOptions += f",domain={domain.upper()}"
try:
pwdInfo = pwd.getpwnam(username)
uid = pwdInfo.pw_uid
gid = pwdInfo.pw_gid
mountCommandOptions += f",gid={gid},uid={uid}"
if not useCruidOfExecutingUser:
mountCommandOptions += f",cruid={uid}"
except KeyError:
uid = -1
gid = -1
logging.warning("Uid could not be found! Continuing anyway!")
mountCommand = [
"/usr/sbin/mount.cifs", "-o", mountCommandOptions, networkPath,
mountpoint
]
logging.debug(f"Trying to mount '{networkPath}' to '{mountpoint}'")
logging.debug("* Creating directory...")
try:
Path(mountpoint).mkdir(parents=True, exist_ok=False)
except FileExistsError:
# Test if a share is already mounted there
if _directoryIsMountpoint(mountpoint):
logging.debug("* The mountpoint is already mounted.")
return True, mountpoint
else:
logging.warning(
"* The target directory already exists, proceeding anyway!")
logging.debug("* Executing '{}' ".format(" ".join(mountCommand)))
logging.debug("* Trying to mount...")
if not subprocess.call(
mountCommand, stdout=subprocess.PIPE, stderr=subprocess.PIPE) == 0:
logging.fatal(
f"* Error mounting share {networkPath} to {mountpoint}!\n")
return False, None
logging.debug("* Success!")
# hide the shares parent dir (/home/%user/media) in case it is not a hidden share
if not hiddenShare:
try:
hiddenFilePath = f"{mountpoint}/../../.hidden"
logging.debug(f"* hiding parent dir {hiddenFilePath}")
hiddenFile = open(hiddenFilePath, "w+")
hiddenFile.write(mountpoint.split("/")[-2])
hiddenFile.close()
except:
logging.warning(f"Could not hide parent dir of share {mountpoint}")
return True, mountpoint
