def _account_ins(self):
cnt_need_update = self.dev_update_queue.qsize()
if (cnt_need_update == 0):
return cnt_need_update
cnt_result = 0
while (self.dev_update_queue.qsize() > 0): # make sure the queue is not empty
dev = self.dev_update_queue.get(True) # get by block
try:
owner = dev['attributes'].get('deviceOwner', [''])[0]
udid = dev['attributes'].get('UDID', [''])[0]
if len(owner) > 0:
aidobj = HostedAccount()
account = aidobj.get_account_id(**{'objectClass':'hostedUser', 'mail' : owner}) #only hosted user for MDMi
if account:
devobj = HostedDevice(udid)
data = devobj.format_update_data(None, 'replace', account=account[0])
result = devobj.do_update(attributes=data)
del devobj
if result.code >= 200 and result.code < 300:
cnt_result = cnt_result + 1
del aidobj
except Exception, e:
logger.error('Insert account error:%s' % repr(e))
pass
def _get_config(self, account_id):
# TODO the default value should not specific
credential = {
'Host': '',
'Port': 443,
'aw-tenant-code': '',
'Authorization': '',
'Content-Type': 'application/json',
}
account = HostedAccount(account_id)
# get mdmUrl, mdmUsername, mdmPassword, mdmToken from hosteddb
c = account.get_airwatch_credential()
try:
credential['Host'] = self._strip_hostname(c['mdmUrl'])
username = self._strip_value(c['mdmUsername'])
# the airwatch password in hosted was encrypted.
password = decrypt(self._strip_value(c['mdmPassword'], False))
credential['Authorization'] = " ".join(['Basic', base64.b64encode(':'.join([username, password]))])
credential['aw-tenant-code'] = self._strip_value(c['mdmToken'])
except Exception as e:
logger.warning('Error when getting airwatch credential: %s', e)
raise Exception(e)
return credential
def main():
#estimate localhost is master
result = os.path.exists('/etc/sysconfig/mes.primary')
if result:
logger.info('Start adding periodic usergroup sync tasks.')
hosted_account = HostedAccount(ACCOUNT_BLACK_SPIDER)
#acct_nums = hosted_account.get_airwatch_account_ids()
acct_nums = hosted_account.get_airwatch_hosted_account_ids()
success = 0
failure = 0
if acct_nums:
for n in acct_nums:
try:
task_num = HostedTaskQueue().do_get_task_total(tqname=TASK_QUEUE_USERGROUP_PERIODIC, account=int(n))
if int(task_num):
logger.info('Another machine has added periodic sync tasks. Abort adding.')
break
logger.info('To add periodic usergroup sync task for account %s.', n)
HostedTaskQueue().do_add(tqname=TASK_QUEUE_USERGROUP_PERIODIC, account=int(n))
success += 1
logger.info('Added periodic usergroup sync task for account %s.', n)
except Exception as e:
failure += 1
logger.error('Add periodic usergroup sync task for account %s failed. %s', n, e)
logger.error(e)
logger.info('END adding periodic usergroup sync tasks. %d success, %d failure.', success, failure)
else:
logger.info('localhost is not master')
def _account_ins(self):
cnt_need_update = self.dev_update_queue.qsize()
if (cnt_need_update == 0):
return cnt_need_update
cnt_result = 0
while (self.dev_update_queue.qsize() >
0): # make sure the queue is not empty
dev = self.dev_update_queue.get(True) # get by block
try:
owner = dev['attributes'].get('deviceOwner', [''])[0]
udid = dev['attributes'].get('UDID', [''])[0]
if len(owner) > 0:
aidobj = HostedAccount()
account = aidobj.get_account_id(**{
'objectClass': 'hostedUser',
'mail': owner
}) #only hosted user for MDMi
if account:
devobj = HostedDevice(udid)
data = devobj.format_update_data(None,
'replace',
account=account[0])
result = devobj.do_update(attributes=data)
del devobj
if result.code >= 200 and result.code < 300:
cnt_result = cnt_result + 1
del aidobj
except Exception, e:
logger.error('Insert account error:%s' % repr(e))
pass
def _get_accounts(self):
logger.info("get all accounts start")
accounts = []
try:
hosted_acc = HostedAccount()
accounts = hosted_acc.get_airwatch_account_ids()
except Exception, e:
logger.error("get account from RS error %s " % repr(e))
def _get_accounts(self):
logger.info("get all accounts start")
accounts = []
try:
hosted_acc = HostedAccount()
accounts = hosted_acc.get_airwatch_account_ids()
except Exception, e:
logger.error("get account from RS error %s " % repr(e))
def _get_modify_admin(self, account):
mails = []
logger.info("get modify permission admins from account %d start" % account)
try:
hosted_user = HostedAccount(account)
admins = hosted_user.get_admins()
if isinstance(admins, list):
if len(admins) > 0:
for admin in admins:
mail = self._check_permission(admin)
if mail:
mails.append(mail)
else:
logger.error("no admin for the account %d" % account)
else:
mails.append(self._check_permission(admins))
except Exception, e:
logger.error("get modify permission admin error %s" % repr(e))
def _get_modify_admin(self, account):
mails = []
logger.info("get modify permission admins from account %d start" %
account)
try:
hosted_user = HostedAccount(account)
admins = hosted_user.get_admins()
if isinstance(admins, list):
if len(admins) > 0:
for admin in admins:
mail = self._check_permission(admin)
if mail:
mails.append(mail)
else:
logger.error("no admin for the account %d" % account)
else:
mails.append(self._check_permission(admins))
except Exception, e:
logger.error("get modify permission admin error %s" % repr(e))
def process(self):
account = os.environ.get('hosted_account')
#estimate the device version
if self.dict["type"] == 'install':
data_info = json.loads(self.request.data)
logger.debug('Notification REST Service - Device :%s',
data_info['Device'])
version = data_info['Device']['OperatingSystem']
version_1 = int(version.split('.')[0])
logger.debug('Notification REST Service - Device version: %s %s',
data_info['Device']['Platform'], version)
if data_info['Device']['Platform'] == 'Apple' and version_1 < 7:
raise ValueError(
'Notification REST Service - IOS Device Vsersion: %s Not Support'
% version)
elif data_info['Device']['Platform'] == 'Android' and version_1 < 4:
raise ValueError(
'Notification REST Service - Android Device Vsersion: %s Not Support'
% version)
#distinguish hosted or hybird account
account_info = HostedAccount(account).get_airwatch_credential()
if account_info['enabledServices'].find('wdCategories') >= 0:
data = json.loads(self.request.data)
data['User'].update({'enabledServices': 'wdCategories'})
self.request.data = json.dumps(data)
logger.debug("account:%s is Hosted account", account)
else:
data = json.loads(self.request.data)
data['User'].update({'enabledServices': 'hyPE'})
self.request.data = json.dumps(data)
logger.debug("account:%s is Hybrid account", account)
logger.debug('data info:%s', self.request.data)
self.request.account_id = int(account)
del os.environ['hosted_account']
def update_certs_by_accounts(accounts=None):
if accounts == "all":
account_array = HostedAccount().get_airwatch_account_ids()
else:
account_array = accounts.split(',')
if verbose > 0:
print "MDMi enabled accounts: %s" % account_array
thread_list = []
device_total = []
for account_id in account_array:
hosted_device = HostedDevice()
idx = 0
max = 100
total = 0
try:
while idx >= 0:
result = hosted_device.do_get_many(idx,
max,
'account',
account=account_id,
deviceEnrollmentStatus='1')
if result.code >= 200 and result.code < 300:
device_list = json.loads(result.content)
for device in device_list:
#udid = device['attributes']['UDID'][0]
device_total.append(device)
if len(device_list) == max:
idx = idx + 1
else:
idx = -1
except Exception, e:
print "Failed to update the certificate for the account: %s, error message: %s\n" % (
account_id, str(e))
finally:
def _get_aw_accounts(self):
# temp
return HostedAccount().get_airwatch_account_ids()
pass
def get_activesync_whitelists(account, user_type):
#get whitelist settings from RS first, and insert internal ip range, notice: should know user type (hosted, hybrid) first
whitelist = []
hosted_account = HostedAccount(account)
hosted_networks = hosted_account.get_hosted_networks()
logger.debug('hosted_networks are: %s'% hosted_networks)
'''
#for test
hosted_networks = [
{
"href" : "https://localhost:8085/rs/v-1/account-130/cn-connection1%20%2828%29",
"attributes" :
{
"cn" : [
"connection1 (28)"
],
"policy" : [
"71"
],
"objectClass" : [
"hostedNetwork"
],
"ipaddress" : [
"10.255.40.1"
],
"description" : [
"connection1"
],
"scope" : [
"external"
]
},
"dn" : "cn=connection1 (28),account=130,dc=blackspider,dc=com"
}
]
'''
if not isinstance(hosted_networks, list):
hosted_networks = [hosted_networks]
for item in hosted_networks:
addr_from = ''
addr_to = ''
ip = ''
item = item['attributes']
#ipaddress
if item.has_key('ipaddress'):
condition = isinstance(item['ipaddress'], list)
ip = item['ipaddress'][0] if condition else item['ipaddress']
whitelist.append(ip)
#iprange
elif item.has_key('iprange'):
#condition = isinstance(item['addrFrom'], list)
(addr_from, addr_to) = item['iprange'].split('-')
whitelist.append({'addrFrom':addr_from, 'addrTo':addr_to})
#subnet
elif item.has_key('subnet'):
(subnet, cidr) = item['subnet'].split('/')
whitelist.append({'subnet':subnet, 'cidr':cidr})
else:
logger.error('unrecgnized hosted network:%s' % item)
pass
#return internal ip range as default
return whitelist;
def get_activesync_whitelists(account, user_type):
#get whitelist settings from RS first, and insert internal ip range, notice: should know user type (hosted, hybrid) first
whitelist = []
hosted_account = HostedAccount(account)
hosted_networks = hosted_account.get_hosted_networks()
logger.debug('hosted_networks are: %s' % hosted_networks)
'''
#for test
hosted_networks = [
{
"href" : "https://localhost:8085/rs/v-1/account-130/cn-connection1%20%2828%29",
"attributes" :
{
"cn" : [
"connection1 (28)"
],
"policy" : [
"71"
],
"objectClass" : [
"hostedNetwork"
],
"ipaddress" : [
"10.255.40.1"
],
"description" : [
"connection1"
],
"scope" : [
"external"
]
},
"dn" : "cn=connection1 (28),account=130,dc=blackspider,dc=com"
}
]
'''
if not isinstance(hosted_networks, list):
hosted_networks = [hosted_networks]
for item in hosted_networks:
addr_from = ''
addr_to = ''
ip = ''
item = item['attributes']
#ipaddress
if item.has_key('ipaddress'):
condition = isinstance(item['ipaddress'], list)
ip = item['ipaddress'][0] if condition else item['ipaddress']
whitelist.append(ip)
#iprange
elif item.has_key('iprange'):
#condition = isinstance(item['addrFrom'], list)
(addr_from, addr_to) = item['iprange'].split('-')
whitelist.append({'addrFrom': addr_from, 'addrTo': addr_to})
#subnet
elif item.has_key('subnet'):
(subnet, cidr) = item['subnet'].split('/')
whitelist.append({'subnet': subnet, 'cidr': cidr})
else:
logger.error('unrecgnized hosted network:%s' % item)
pass
#return internal ip range as default
return whitelist