def execute(self, *keys, **options):
dn = self.obj.get_dn(*keys, **options)
ldap = self.obj.backend
domains_old = set(ldap.get_entry(dn)['associateddomain'])
result = super(realmdomains_mod, self).execute(*keys, **options)
domains_new = set(ldap.get_entry(dn)['associateddomain'])
domains_added = domains_new - domains_old
domains_deleted = domains_old - domains_new
# Add a _kerberos TXT record for zones that correspond with
# domains which were added
for domain in domains_added:
# Skip our own domain
if domain == api.env.domain:
continue
try:
self.api.Command['dnsrecord_add'](unicode(domain),
u'_kerberos',
txtrecord=api.env.realm)
except (errors.EmptyModlist, errors.NotFound,
errors.ValidationError) as error:
# If creation of the _kerberos TXT record failed, prompt
# for manual intervention
messages.add_message(
options['version'], result,
messages.KerberosTXTRecordCreationFailure(
domain=domain,
error=unicode(error),
realm=self.api.env.realm))
# Delete _kerberos TXT record from zones that correspond with
# domains which were deleted
for domain in domains_deleted:
# Skip our own domain
if domain == api.env.domain:
continue
try:
self.api.Command['dnsrecord_del'](unicode(domain),
u'_kerberos',
txtrecord=api.env.realm)
except (errors.AttrValueNotFound, errors.NotFound,
errors.ValidationError) as error:
# If deletion of the _kerberos TXT record failed, prompt
# for manual intervention
messages.add_message(
options['version'], result,
messages.KerberosTXTRecordDeletionFailure(
domain=domain, error=unicode(error)))
return result
def execute(self, *keys, **options):
# the server must be the local host
if keys[-2] != api.env.host:
raise errors.ValidationError(name='cn',
error=_("must be \"%s\"") %
api.env.host)
# the server entry must exist
try:
self.obj.get_dn_if_exists(*keys[:-1])
except errors.NotFound:
raise self.obj.handle_not_found(keys[-2])
# the user must have the Replication Administrators privilege
privilege = u'Replication Administrators'
privilege_dn = self.api.Object.privilege.get_dn(privilege)
ldap = self.obj.backend
filter = ldap.make_filter(
{
'krbprincipalname': context.principal, # pylint: disable=no-member
'memberof': privilege_dn
},
rules=ldap.MATCH_ALL)
try:
ldap.find_entries(base_dn=self.api.env.basedn, filter=filter)
except errors.NotFound:
raise errors.ACIError(
info=_("not allowed to perform server connection check"))
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
bus = dbus.SystemBus()
obj = bus.get_object('org.freeipa.server',
'/',
follow_name_owner_changes=True)
server = dbus.Interface(obj, 'org.freeipa.server')
ret, stdout, _stderr = server.conncheck(keys[-1])
result = dict(
result=(ret == 0),
value=keys[-2],
)
for line in stdout.splitlines():
messages.add_message(options['version'], result,
messages.ExternalCommandOutput(line=line))
return result
def execute(self, *keys, **options):
# the server must be the local host
if keys[-2] != api.env.host:
raise errors.ValidationError(
name='cn', error=_("must be \"%s\"") % api.env.host)
# the server entry must exist
try:
self.obj.get_dn_if_exists(*keys[:-1])
except errors.NotFound:
self.obj.handle_not_found(keys[-2])
# the user must have the Replication Administrators privilege
privilege = u'Replication Administrators'
privilege_dn = self.api.Object.privilege.get_dn(privilege)
ldap = self.obj.backend
filter = ldap.make_filter({
'krbprincipalname': context.principal, # pylint: disable=no-member
'memberof': privilege_dn},
rules=ldap.MATCH_ALL)
try:
ldap.find_entries(base_dn=self.api.env.basedn, filter=filter)
except errors.NotFound:
raise errors.ACIError(
info=_("not allowed to perform server connection check"))
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
bus = dbus.SystemBus()
obj = bus.get_object('org.freeipa.server', '/',
follow_name_owner_changes=True)
server = dbus.Interface(obj, 'org.freeipa.server')
ret, stdout, _stderr = server.conncheck(keys[-1])
result = dict(
result=(ret == 0),
value=keys[-2],
)
for line in stdout.splitlines():
messages.add_message(options['version'],
result,
messages.ExternalCommandOutput(line=line))
return result
def __call__(self, *args, **options):
"""
Perform validation and then execute the command.
If not in a server context, the call will be forwarded over
XML-RPC and the executed an the nearest IPA server.
"""
self.ensure_finalized()
version_provided = 'version' in options
if version_provided:
self.verify_client_version(unicode(options['version']))
elif self.api.env.skip_version_check and not self.api.env.in_server:
options['version'] = u'2.0'
else:
options['version'] = API_VERSION
params = self.args_options_2_params(*args, **options)
self.debug(
'raw: %s(%s)', self.name, ', '.join(self._repr_iter(**params))
)
params.update(self.get_default(**params))
params = self.normalize(**params)
params = self.convert(**params)
self.debug(
'%s(%s)', self.name, ', '.join(self._repr_iter(**params))
)
self.validate(**params)
(args, options) = self.params_2_args_options(**params)
ret = self.run(*args, **options)
if (not version_provided and isinstance(ret, dict) and
self.api.env.in_server):
# add message only on server side
messages.add_message(
API_VERSION, ret,
messages.VersionMissing(server_version=API_VERSION))
if (
isinstance(ret, dict)
and 'summary' in self.output
and 'summary' not in ret
):
ret['summary'] = self.get_summary_default(ret)
if self.use_output_validation and (self.output or ret is not None):
self.validate_output(ret, options['version'])
return ret
def __call__(self, *args, **options):
"""
Perform validation and then execute the command.
If not in a server context, the call will be forwarded over
XML-RPC and the executed an the nearest IPA server.
"""
self.ensure_finalized()
version_provided = 'version' in options
if version_provided:
self.verify_client_version(unicode(options['version']))
elif self.api.env.skip_version_check and not self.api.env.in_server:
options['version'] = VERSION_WITHOUT_CAPABILITIES
else:
options['version'] = API_VERSION
params = self.args_options_2_params(*args, **options)
self.debug(
'raw: %s(%s)', self.name, ', '.join(self._repr_iter(**params))
)
params.update(self.get_default(**params))
params = self.normalize(**params)
params = self.convert(**params)
self.debug(
'%s(%s)', self.name, ', '.join(self._repr_iter(**params))
)
self.validate(**params)
(args, options) = self.params_2_args_options(**params)
ret = self.run(*args, **options)
if (not version_provided and isinstance(ret, dict) and
self.api.env.in_server):
# add message only on server side
messages.add_message(
API_VERSION, ret,
messages.VersionMissing(server_version=API_VERSION))
if (
isinstance(ret, dict)
and 'summary' in self.output
and 'summary' not in ret
):
ret['summary'] = self.get_summary_default(ret)
if self.use_output_validation and (self.output or ret is not None):
self.validate_output(ret, options['version'])
return ret
def _get_qrcode(self, output, uri, version):
# Print QR code to terminal if specified
qr_output = StringIO()
qr = qrcode.QRCode()
qr.add_data(uri)
qr.make()
qr.print_ascii(out=qr_output, tty=False)
encoding = getattr(sys.stdout, 'encoding', None)
if encoding is None:
encoding = locale.getpreferredencoding(False)
try:
qr_code = qr_output.getvalue().encode(encoding)
except UnicodeError:
add_message(
version,
output,
message=ResultFormattingError(
message=_("Unable to display QR code using the configured "
"output encoding. Please use the token URI to "
"configure your OTP device")
)
)
return None
if sys.stdout.isatty():
output_width = self.api.Backend.textui.get_tty_width()
qr_code_width = len(qr_code.splitlines()[0])
if qr_code_width > output_width:
add_message(
version,
output,
message=ResultFormattingError(
message=_(
"QR code width is greater than that of the output "
"tty. Please resize your terminal.")
)
)
return qr
def _get_qrcode(self, output, uri, version):
# Print QR code to terminal if specified
qr_output = StringIO()
qr = qrcode.QRCode()
qr.add_data(uri)
qr.make()
qr.print_ascii(out=qr_output, tty=False)
encoding = getattr(sys.stdout, 'encoding', None)
if encoding is None:
encoding = locale.getpreferredencoding(False)
try:
qr_code = qr_output.getvalue().encode(encoding)
except UnicodeError:
add_message(
version,
output,
message=ResultFormattingError(
message=_("Unable to display QR code using the configured "
"output encoding. Please use the token URI to "
"configure your OTP device")
)
)
return None
if sys.stdout.isatty():
output_width = self.api.Backend.textui.get_tty_width()
qr_code_width = len(qr_code.splitlines()[0])
if qr_code_width > output_width:
add_message(
version,
output,
message=ResultFormattingError(
message=_(
"QR code width is greater than that of the output "
"tty. Please resize your terminal.")
)
)
return qr
def test_add_message():
result = {}
assert capabilities['messages'] == u'2.52'
messages.add_message(u'2.52', result,
HelloMessage(greeting='Hello', object='world'))
messages.add_message(u'2.1', result,
HelloMessage(greeting="'Lo", object='version'))
messages.add_message(u'2.60', result,
HelloMessage(greeting='Hi', object='version'))
assert result == {'messages': [
dict(
name=u'HelloMessage',
type=u'info',
message=u'Hello, world!',
code=1234,
data={'greeting': 'Hello', 'object': 'world'},
),
dict(
name=u'HelloMessage',
type=u'info',
message=u'Hi, version!',
code=1234,
data={'greeting': 'Hi', 'object': 'version'},
)
]}
def test_add_message():
result = {}
assert capabilities['messages'] == u'2.52'
messages.add_message(u'2.52', result,
HelloMessage(greeting='Hello', object='world'))
messages.add_message(u'2.1', result,
HelloMessage(greeting="'Lo", object='version'))
messages.add_message(u'2.60', result,
HelloMessage(greeting='Hi', object='version'))
assert result == {'messages': [
dict(
name='HelloMessage',
type='info',
message='Hello, world!',
code=1234,
),
dict(
name='HelloMessage',
type='info',
message='Hi, version!',
code=1234,
)
]}
def execute(self, *keys, **options):
# the server must be the local host
if keys[-2] != api.env.host:
raise errors.ValidationError(name='cn',
error=_("must be \"%s\"") %
api.env.host)
# the server entry must exist
try:
self.obj.get_dn_if_exists(*keys[:-1])
except errors.NotFound:
raise self.obj.handle_not_found(keys[-2])
# the user must have the Replication Administrators privilege
privilege = u'Replication Administrators'
if not principal_has_privilege(self.api, context.principal, privilege):
raise errors.ACIError(
info=_("not allowed to perform server connection check"))
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
bus = dbus.SystemBus()
obj = bus.get_object('org.freeipa.server',
'/',
follow_name_owner_changes=True)
server = dbus.Interface(obj, 'org.freeipa.server')
ret, stdout, _stderr = server.conncheck(keys[-1])
result = dict(
result=(ret == 0),
value=keys[-2],
)
for line in stdout.splitlines():
messages.add_message(options['version'], result,
messages.ExternalCommandOutput(line=line))
return result
def forward(self, *args, **kw):
result = {'name': 'forward'}
messages.add_message(kw['version'], result, TestMessage())
return result
def execute(self, *args, **kw):
result = {'name': 'execute'}
messages.add_message(kw['version'], result, TestMessage())
return result
def forward(self, *args, **kw):
result = {'name': 'forward'}
messages.add_message(kw['version'], result, TestMessage())
return result
def execute(self, *args, **kw):
result = {'name': 'execute'}
messages.add_message(kw['version'], result, TestMessage())
return result
def execute(self, *keys, **options):
dn = self.obj.get_dn(*keys, **options)
ldap = self.obj.backend
domains_old = set(ldap.get_entry(dn)['associateddomain'])
result = super(realmdomains_mod, self).execute(*keys, **options)
domains_new = set(ldap.get_entry(dn)['associateddomain'])
domains_added = domains_new - domains_old
domains_deleted = domains_old - domains_new
# Add a _kerberos TXT record for zones that correspond with
# domains which were added
for domain in domains_added:
# Skip our own domain
if domain == api.env.domain:
continue
try:
self.api.Command['dnsrecord_add'](
unicode(domain),
u'_kerberos',
txtrecord=api.env.realm
)
except (errors.EmptyModlist, errors.NotFound,
errors.ValidationError) as error:
# If creation of the _kerberos TXT record failed, prompt
# for manual intervention
messages.add_message(
options['version'],
result,
messages.KerberosTXTRecordCreationFailure(
domain=domain,
error=unicode(error),
realm=self.api.env.realm
)
)
# Delete _kerberos TXT record from zones that correspond with
# domains which were deleted
for domain in domains_deleted:
# Skip our own domain
if domain == api.env.domain:
continue
try:
self.api.Command['dnsrecord_del'](
unicode(domain),
u'_kerberos',
txtrecord=api.env.realm
)
except (errors.AttrValueNotFound, errors.NotFound,
errors.ValidationError) as error:
# If deletion of the _kerberos TXT record failed, prompt
# for manual intervention
messages.add_message(
options['version'],
result,
messages.KerberosTXTRecordDeletionFailure(
domain=domain, error=unicode(error)
)
)
return result
