def main():
config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab",
plugin_author='ldapdbadmin')
authen = Classes.Authen(config)
if not authen:
print "bad auth"
return
userid = authen.authenticate(user='******')
if not userid: return
authen.kadmin()
author = Classes.Author(config)
db = author.authorize('janitor/admin')
config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab",
plugin_author='ldapdbadmin')
authen = Classes.Authen(config)
if not authen:
sys.exit(3)
userid = authen.authenticate()
if not userid:
sys.exit(4)
authen.kadmin()
author = Classes.Author(config)
if not author:
sys.exit(3)
db = author.authorize(userid.split('@')[0])
if not db:
sys.exit(4)
db.update_dnsSOA()
def setUp(self):
self.config = Classes.Config(plugin_author='ldapdbadmin')
#self.config = Classes.Config(krb5keytab='/root/janitor/keytab', plugin_author='ldapdbadmin')
self.authen = Classes.Authen(self.config)
self.author = Classes.Author(self.config)
self.usid = self.authen.authenticate()
self.db = self.author.authorize(self.usid)
def client_run():
print(
"\n---------------------------------------------\nUniDomain managed system is updating account, group and policy settings ... \n---------------------------------------------\n"
)
config = Classes.Config()
authen = Classes.Authen(config).authenticate()
if not authen:
logging.critical(
'authentication of this host failed. Is this host registered in a domain? Network is up?'
)
return 1
# connect to database
db = Classes.DB(authen).connect()
if not db:
logging.critical('can not connect to database.')
return 2
#get a AttributeCollection about this host
hostAttributes = db.get_host_data(db.userID)
logging.debug(hostAttributes.__str__())
udPolicies = hostAttributes.getPolicies()
# update the database. this is used for dead host detection.
udPolicies['updateDbPolicy'] = None
logging.info('instantiating udPolicyEngine with %i policies' %
len(udPolicies))
runner = udPolicyEngine.udPolicyEngine(udPolicies, db, config)
logging.info('running udPolicyEngine.')
runner.run()
def setUp(self):
self.config = Classes.Config(plugin_authen='krb5_login',
krb5keytab='./keytab')
self.authen = Classes.Authen(self.config)
self.usid = self.authen.authenticate(
user=sys.modules['__main__'].username,
pw=sys.modules['__main__'].userpw)
self.authen.kadmin()
def setUp(self):
self.config = Classes.Config(plugin_authen='krb5_login',
plugin_author='ldapdbadmin')
#self.config = Classes.Config(krb5keytab='/root/janitor/keytab', plugin_author='ldapdbadmin')
self.authen = Classes.Authen(self.config)
self.author = Classes.Author(self.config)
self.usid = self.authen.authenticate(
user=sys.modules['__main__'].username,
pw=sys.modules['__main__'].userpw)
self.db = self.author.authorize(self.usid.split('@')[0])
def testPasswordAuthen(self):
"""check if password login works"""
config = Classes.Config(plugin_authen='krb5_login')
authen = Classes.Authen(config)
self.assertEqual(authen.__module__, 'UniDomain.plugins.krb5_login')
authen.authenticate(user=sys.modules['__main__'].username,
pw=sys.modules['__main__'].userpw)
self.assertTrue(authen.isAuthenticated,
'isAuthenticated is not set after login.')
authen.kadmin()
self.assertTrue(authen.kadm, 'cant acquire kadmin ticket.')
def open_ud2_connection(env):
config = Classes.Config(file='/opt/UD2/etc/www_conf.xml')
authen = Classes.Authen(config).authenticate(ccpath=env['KRB5CCNAME'])
if not authen:
return ("403 Forbidden", "Can not validate kerberos Ticket Data")
#return writeError(req, apache.HTTP_FORBIDDEN, "Can not validate kerberos Ticket Data")
db = Classes.DB(authen).connect()
if not db:
return ("403 Forbidden", "Database Connection failed for user %s" %
(env['REMOTE_USER']))
#return writeError(req, apache.HTTP_FORBIDDEN, "Database Connection failed for user %s" % (req.subprocess_env['REMOTE_USER']))
return (False, db)
def testdefaultAuthen(self):
"""check if default login is non-interactive and works"""
config = Classes.Config()
authen = Classes.Authen()
self.assertEqual(authen.__module__, 'UniDomain.plugins.krb5_keytab')
self.assertEqual(authen.authenticate(),
'host/' + socket.getfqdn() + '@' + config.krb5realm,
'default login with keytab failed.')
self.assertTrue(authen.isAuthenticated,
'isAuthenticated is not set after login.')
authen.kadmin()
self.assertTrue(authen.kadm, 'cant acquire kadmin ticket.')
def testApacheAuthen(self):
"""test if apache authen works"""
config = Classes.Config(plugin_authen='krb5_apache')
authen = Classes.Authen(config)
self.assertEqual(authen.__module__, 'UniDomain.plugins.krb5_apache',
'apache laods wrong plugin')
self.assertEqual(
authen.authenticate(ccfile='FILE:' +
sys.modules['__main__'].krb5cc),
sys.modules['__main__'].username + '@' + config.krb5realm,
'apache_authen returns wrong username')
self.assertTrue(authen.isAuthenticated,
'isAuthenticated is not set after login.')
self.assertFalse(
authen.kadm,
'apache authen sets kadmin. we dont have kadmin privileges')
try:
authen.kadmin()
self.fail('apache plugin should not have a kadmin interface.')
except:
pass
def setUp(self):
self.config = Classes.Config()
self.authen = Classes.Authen(self.config)
self.host_usid = self.authen.authenticate()
if len(sys.argv) > 1:
if sys.argv[1] == '-d':
logging.basicConfig(level=logging.DEBUG)
elif sys.argv[1] == '-q':
logging.basicConfig(level=logging.CRITICAL)
else:
logging.basicConfig(level=logging.ERROR)
else:
logging.basicConfig(level=logging.ERROR)
print "\n-- Testing Author plugin compatibility --"
suite = unittest.defaultTestLoader.loadTestsFromTestCase(TestAuthor)
if not unittest.TextTestRunner(verbosity=2).run(suite).wasSuccessful():
sys.exit(1)
print "\n-- Testing Basic db backend functionality. --"
suite = unittest.defaultTestLoader.loadTestsFromTestCase(TestDB)
if not unittest.TextTestRunner(verbosity=2).run(suite).wasSuccessful():
sys.exit(1)
authen = Classes.Authen(
Classes.Config(plugin_authen='krb5_login',
plugin_author='ldapdbadmin'))
if not authen.authenticate():
print "\nadmin functionality check skipped."
sys.exit(0)
print "\n-- Testing admin functionality --"
username = authen.user
userpw = authen.pw
suite = unittest.defaultTestLoader.loadTestsFromTestCase(TestDBDomad)
if not unittest.TextTestRunner(verbosity=2).run(suite).wasSuccessful():
sys.exit(1)
print "-- Congratulations. All Tests for db passed."
search for hosts who did not report back within [days]. default is 4 weeks""")
parser.add_option("-v", action="store_true", dest="debug", help="be verbose", default=False)
(options, args) = parser.parse_args()
if len(args) > 1:
parser.print_help()
sys.exit(2)
if options.debug:
logging.basicConfig(level=logging.DEBUG)
if len(args) == 0:
delta = datetime.timedelta(weeks=4)
else:
delta = datetime.timedelta(days=int(args[0]))
config = Classes.Config(plugin_authen='krb5_login', plugin_author='ldapdbadmin')
authen = Classes.Authen(config)
if not authen:
sys.exit(3)
userid = authen.authenticate()
if not userid:
sys.exit(4)
author = Classes.Author(config)
if not author:
sys.exit(3)
db = author.authorize(userid.split('@')[0])
if not db:
sys.exit(4)
print 'The following hosts have not been seen in the last %s days:' % delta.days
res = db.conn.result(db.conn.search(config.ldapbase, ldap.SCOPE_SUBTREE, '(&(objectClass=udHost)(lastSeen<=%s))'%((datetime.date.today() - delta).strftime("1%y%m%d00")) , ['cn', 'FQDN', 'USID', 'description', 'lastSeen']))[1]
res.sort(key=lambda x: int(x[1]['lastSeen'][0]))
def askPolicies():
print 'Specify any policies you want set for this host (one per line, end with newline)'
policies = []
input = raw_input('policy : ')
while input:
policies.append(input)
input = raw_input('policy : ')
return policies
if __name__ == "__main__":
if len(sys.argv) > 1 and sys.argv[1] == "-d":
logging.basicConfig(level=logging.DEBUG)
config = Classes.Config(plugin_authen='krb5_login')
try:
authen = Classes.Authen(config).authenticate()
except IndexError, e:
print 'Authentication error (wrong password?)'
sys.exit(1)
db = Classes.DB(authen).connect()
if not db:
print 'db connection error'
sys.exit(2)
fqdn = askName()
functions.set_hostname(fqdn)
target = askTarget(db)
classes = askClasses()
policies = askPolicies()
args = {}