def save(self): def rule_to_dict(rule): prefix = u'%s/%s' % (u'security/packetfilter', rule.identifier, ) result = {prefix: rule.action, } for (lang, description, ) in rule.description.items(): result[u'%s/%s' % (prefix, lang, )] = description return result config_registry = ucr.ConfigRegistry() config_registry.load() # set global firewall settings bool_to_string = {True: u'true', False: u'false', } global_options = { u'security/packetfilter/defaultpolicy': self.default_policy, u'security/packetfilter/disabled': bool_to_string[self.disabled], u'security/packetfilter/use_packages': bool_to_string[self.use_packages], } ucr.handler_set(global_options) org_dict = {} for (key, value, ) in config_registry.items(): if REGEX_RULE.match(key): org_dict[key] = value new_dict = {} for rule in self.rules.values(): if rule: new_dict = dict(new_dict.items() + rule_to_dict(rule).items()) diff = DictDiffer(new_dict, org_dict) ucr.handler_unset(diff.removed()) changed = [] for key in diff.changed().union(diff.added()): changed.append(u'%s=%s' % (key, new_dict[key])) ucr.handler_set(changed)
def upload_archive(self, request): UPLOAD_KEY = 'umc/sysinfo/upload/url' FALLBACK_UPLOAD_URL = 'https://forge.univention.de/cgi-bin/system-info-upload.py' ucr_reg = ucr.ConfigRegistry() ucr_reg.load() url = ucr_reg.get(UPLOAD_KEY, FALLBACK_UPLOAD_URL) SYSINFO_PATH = '/var/www/univention-management-console/system-info/' fd = open(os.path.join(SYSINFO_PATH, request.options['archive']), 'r') data = { 'filename': fd, } req = urllib2.Request(url, data, {}) try: u = urllib2.urlopen(req) answer = u.read() success = True except: success = False if not success or answer.startswith('ERROR:'): request.status = MODULE_ERR else: request.status = SUCCESS self.finished(request.id, None)
def get(self, request): ucrReg = ucr.ConfigRegistry() ucrReg.load() ucrInfo = ConfigRegistryInfo(registered_only=False) # iterate over all requested variables results = [] for key in request.options: info = ucrInfo.get_variable(str(key)) value = ucrReg.get(str(key)) if not info and (value or '' == value): # only the value available results.append({'key': key, 'value': value}) elif info: # info (categories etc.) available info['value'] = value info['key'] = key results.append(info.normalize()) else: # variable not available, request failed request.status = BAD_REQUEST_INVALID_OPTS self.finished( request.id, False, message=_('The UCR variable %(key)s could not be found') % {'key': key}) return self.finished(request.id, results)
def main(): """Get UCR settings from LDAP policy.""" options, host_dn = parse_cmdline() confregfn = os.path.join( confreg.ConfigRegistry.PREFIX, confreg.ConfigRegistry.BASES[confreg.ConfigRegistry.LDAP]) ucr_ldap = confreg.ConfigRegistry(filename=confregfn) ucr_ldap.load() set_list = get_policy(host_dn, options.verbose) if set_list: new_set_list = [] for key, value in set_list.items(): record = '%s=%s' % (key, value) if ucr_ldap.get(key) != value or options.setall: new_set_list.append(record.encode()) if options.simulate or options.verbose: for item in new_set_list: print >> sys.stderr, 'Setting %s' % item if not options.simulate: confreg.handler_set(new_set_list, {'ldap-policy': True}) unset_list = [] for key, value in ucr_ldap.items(): if key not in set_list: unset_list.append(key.encode()) if unset_list: if options.simulate or options.verbose: for item in unset_list: print >> sys.stderr, 'Unsetting %s' % item if not options.simulate: confreg.handler_unset(unset_list, {'ldap-policy': True})
def parse_cmdline(): """Parse command line and return options and dn.""" usage = '%prog [options] <host_dn>' epilog = '<host_dn> distinguished LDAP name of the host' parser = OptionParser(usage=usage, epilog=epilog) parser.add_option('-a', '--setall', dest='setall', action='store_true', help='write all variables set by policy') parser.add_option('-s', '--simulate', dest='simulate', action='store_true', help='simulate update and show values to be set') parser.add_option('-v', '--verbose', dest='verbose', action='store_true', help='print verbose information') parser.add_option('-l', '--ldap-server', dest='server', help='connect to this ldap host') options, args = parser.parse_args() if 'UNIVENTION_BASECONF' in os.environ: del os.environ['UNIVENTION_BASECONF'] ucr = confreg.ConfigRegistry() ucr.load() if len(args) > 0: host_dn = args[0] else: host_dn = ucr.get('ldap/hostdn') or ucr.get('ldap/mydn') or None if not host_dn: print >> sys.stderr, 'ERROR: cannot get ldap/hostdn' sys.exit(1) if options.simulate: print >> sys.stderr, 'Simulating update...' return options, host_dn
def _wait_for_drs_replication(ldap_filter, attrs=None, base=None, scope=ldb.SCOPE_SUBTREE, lp=None, timeout=360, delta_t=1, verbose=True, should_exist=True, controls=None): # type: (str, Union[List[str], None, str], Optional[str], int, Optional[LoadParm], int, int, bool, bool, Optional[List[str]]) -> None if not package_installed('univention-samba4'): if package_installed('univention-samba'): time.sleep(15) print('Sleeping 15 seconds as a workaround for http://forge.univention.org/bugzilla/show_bug.cgi?id=52145') elif verbose: print('wait_for_drs_replication(): skip, univention-samba4 not installed.') return if not attrs: attrs = ['dn'] elif not isinstance(attrs, list): attrs = [attrs] if not lp: lp = LoadParm() lp.load('/etc/samba/smb.conf') samdb = SamDB("tdb://%s" % lp.private_path("sam.ldb"), session_info=system_session(lp), lp=lp) if not controls: controls = ["domain_scope:0"] if base is None: ucr = config_registry.ConfigRegistry() ucr.load() base = ucr['samba4/ldap/base'] else: if len(ldap.dn.str2dn(base)[0]) > 1: if verbose: print('wait_for_drs_replication(): skip, multiple RDNs are not supported') return if not base: if verbose: print('wait_for_drs_replication(): skip, no samba domain found') return if verbose: print("Waiting for DRS replication, filter: %r, base: %r, scope: %r, should_exist: %r" % (ldap_filter, base, scope, should_exist), end=' ') t = t0 = time.time() while t < t0 + timeout: try: res = samdb.search(base=base, scope=scope, expression=ldap_filter, attrs=attrs, controls=controls) if bool(res) is bool(should_exist): if verbose: print("\nDRS replication took %d seconds" % (t - t0, )) return # res except ldb.LdbError as exc: (_num, msg) = exc.args if _num == ldb.ERR_INVALID_DN_SYNTAX: raise if _num == ldb.ERR_NO_SUCH_OBJECT and not should_exist: if verbose: print("\nDRS replication took %d seconds" % (t - t0, )) return print("Error during samdb.search: %s" % (msg, )) print('.', end=' ') time.sleep(delta_t) t = time.time() raise DRSReplicationFailed("DRS replication for filter: %r failed due to timeout after %d sec." % (ldap_filter, t - t0))
def _load_configuration(self): def parse_port(string): (start, end, ) = REGEX_RULE_PORT.match(string).groupdict().values() start = int(start) if end: end = int(end) return (start, end, ) def parse_boolean(key, default=None): if config_registry.is_true(key): return True elif config_registry.is_false(key): return False else: # TODO: throw an error? return default config_registry = ucr.ConfigRegistry() config_registry.load() # load global firewall settings self.default_policy = config_registry.get(u'security/packetfilter/defaultpolicy', u'REJECT') self.disabled = parse_boolean(u'security/packetfilter/disabled', False) self.use_packages = parse_boolean(u'security/packetfilter/use_packages', True) # parse all firewall related UCR variables rules = {} for (key, value, ) in config_registry.items(): matched_rule = REGEX_RULE.match(key) if not matched_rule: continue rule_props = matched_rule.groupdict() try: rule = Rule( rule_props[u'protocol'], parse_port(rule_props[u'port']), rule_props[u'address'], rule_props[u'package'] ) # rule already exists? if rule.identifier in rules: rule = rules[rule.identifier] else: rules[rule.identifier] = rule # TODO: use regex instead # check for other rule properties if not rule_props[u'property']: # only the action remains rule.action = value else: rule.description[rule_props[u'property']] = value except Error: pass # TODO else: self._rules = rules
def test_all_roles_modification_set_network(ip_subnet, ip_network, ip_netmask, ip_range): ucr = configRegistry.ConfigRegistry() ucr.load() for role in udm_test.UCSTestUDM.COMPUTER_MODULES: computerProperties = { 'mac': '01:23:45:67:89:ab', 'name': uts.random_name() } with udm_test.UCSTestUDM() as udm: dNSCn = 'cn=dns,%s' % (ucr.get('ldap/base'),) forwardZoneName = '%s.%s' % (uts.random_name(), uts.random_name()) forwardZone = udm.create_object('dns/forward_zone', zone=forwardZoneName, position=dNSCn, nameserver=uts.random_string(numeric=False)) reverseZone = udm.create_object('dns/reverse_zone', subnet=ip_subnet, position=dNSCn, nameserver=uts.random_string(numeric=False)) dhcpService = udm.create_object('dhcp/service', service=uts.random_name()) networkProperties = { 'name': uts.random_name(), 'network': ip_network, 'netmask': ip_netmask, 'dnsEntryZoneForward': forwardZone, 'dnsEntryZoneReverse': reverseZone, 'dhcpEntryZone': dhcpService, 'ipRange': ip_range, } network = udm.create_object('networks/network', **networkProperties) computer = udm.create_object(role, **computerProperties) udm.modify_object(role, dn=computer, network=network) aRecord = (utils.get_ldap_connection().getAttr(computer, 'aRecord') or [b''])[0].decode('ASCII') aaaRecord = (utils.get_ldap_connection().getAttr(computer, 'aAAARecord') or [b''])[0].decode('ASCII') # FIXME: workaround for possibly remaining locks if aaaRecord: udm.addCleanupLock('aAAARecord', aaaRecord) if aRecord: udm.addCleanupLock('aRecord', aRecord) udm.addCleanupLock('mac', '01:23:45:67:89:ab') utils.verify_ldap_object(computer, {'univentionNetworkLink': [network]}) assert aRecord or aaaRecord if aRecord: assert aRecord in ['%s.%s' % (ip_subnet, oktett) for oktett in range(2, 255)], 'IP address of computer not in range of its network' if aaaRecord: assert aaaRecord in ['%s:0000:0000:0000:%0.4x' % (ip_subnet, oktett) for oktett in range(2, 255)], 'IP address of computer not in range of its network' if aRecord: utils.verify_ldap_object('relativeDomainName=%s,%s' % (computerProperties['name'], forwardZone), {'aRecord': [aRecord]}) utils.verify_ldap_object('relativeDomainName=%s,%s' % (aRecord.split(".")[-1], reverseZone), {'pTRRecord': ['%s.%s.' % (computerProperties['name'], forwardZoneName)]}) utils.verify_ldap_object('cn=%s,%s' % (computerProperties['name'], dhcpService), {'univentionDhcpFixedAddress': [aRecord]}) if aaaRecord: utils.verify_ldap_object('relativeDomainName=%s,%s' % (computerProperties['name'], forwardZone), {'aAAARecord': [aaaRecord]}) utils.verify_ldap_object('relativeDomainName=%s,%s' % ('.'.join(reversed(''.join(aaaRecord.split(':')[4:]))), reverseZone), {'pTRRecord': ['%s.%s.' % (computerProperties['name'], forwardZoneName)]}) utils.verify_ldap_object('cn=%s,%s' % (computerProperties['name'], dhcpService), {'univentionDhcpFixedAddress': [str(ipaddress.IPv6Address(aaaRecord))]})
def __init__(self, username, password, use_kerberos=False): self.ucr = configRegistry.ConfigRegistry() self.ucr.load() self.use_kerberos = use_kerberos self.target_sp_hostname = '%s.%s' % (self.ucr['hostname'], self.ucr['domainname']) self.username = username self.password = password self.session = requests.Session() if use_kerberos: self.session.auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL) self.page = None self.position = 'Init...'
def __init__(self, lo, username=None): self.ConfigRegistry = ucr.ConfigRegistry() self.ConfigRegistry.load() self.enableQualityCheck = False self.checkHistory = False self.min_length = -1 if not lo: self._getConnection() else: self.lo = lo self._systemPolicy() if username: self._userPolicy(username)
def get_mail_info(self, request): ucr_reg = ucr.ConfigRegistry() ucr_reg.load() ADDRESS_KEY = 'umc/sysinfo/mail/address' SUBJECT_KEY = 'umc/sysinfo/mail/subject' ADDRESS_VALUE = ucr_reg.get(ADDRESS_KEY, '*****@*****.**') SUBJECT_VALUE = ucr_reg.get(SUBJECT_KEY, 'Univention System Info') url = urlunparse(('mailto', '', ADDRESS_VALUE, '', urlencode({ 'subject': SUBJECT_VALUE, }), '')) result = {} result['url'] = url.replace('+', '%20') request.status = SUCCESS self.finished(request.id, result)
def __init__( self, install_mode = False, registered_only = True, load_customized=True ): """Initialize variable and category descriptions. install_mode=True deactivates the use of an UCR instance. registered_only=False creates syntetic entries for all undescribed but set variables. load_customized=False deactivates loading customized descriptions. """ self.categories = {} self.variables = {} self.__patterns = {} if not install_mode: self.__configRegistry = ucr.ConfigRegistry() self.__configRegistry.load() self.load_categories() self.__load_variables( registered_only, load_customized ) else: self.__configRegistry = None
def __init__(self, install_mode=False, registered_only=True, load_customized=True): # type: (bool, bool, bool) -> None """ Initialize variable and category descriptions. :param install_mode: `True` deactivates the use of an UCR instance. :param registered_only: `False` creates synthetic entries for all undescribed but set variables. :param load_customized: `False` deactivates loading customized descriptions. """ self.categories = {} # type: Dict[str, Category] self.variables = {} # type: Dict[str, Variable] self.__patterns = {} # type: Dict[str, List[Tuple[str, str]]] if not install_mode: self.__configRegistry = ucr.ConfigRegistry() # type: Optional[ucr.ConfigRegistry] self.__configRegistry.load() self.load_categories() self.__load_variables(registered_only, load_customized) else: self.__configRegistry = None
def force_drs_replication(source_dc=None, destination_dc=None, partition_dn=None, direction="in"): # type: (Optional[str], Optional[str], Optional[str], str) -> int if not package_installed('univention-samba4'): print('force_drs_replication(): skip, univention-samba4 not installed.') return 0 src = source_dc or get_available_s4connector_dc() if not src: return 1 dst = destination_dc or socket.gethostname() if src == dst: return 0 if not partition_dn: ucr = config_registry.ConfigRegistry() ucr.load() partition_dn = str(ucr.get('samba4/ldap/base')) print("USING partition_dn:", partition_dn) cmd = ("/usr/bin/samba-tool", "drs", "replicate", dst, src, partition_dn) return subprocess.call(cmd)
def save(self): config_registry = ucr.ConfigRegistry() config_registry.load() org_dict = {} for ( key, value, ) in config_registry.items(): if REGEX_RULE.match(key): org_dict[key] = value new_dict = {} for rule in self.rules.values(): if rule: new_dict = dict(new_dict.items() + rule.dict.items()) diff = DictDiffer(new_dict, org_dict) ucr.handler_unset(diff.removed()) changed = [] for key in diff.changed().union(diff.added()): changed.append(u'%s=%s' % (key, new_dict[key])) ucr.handler_set(changed)
parser = OptionParser(usage=usage) parser.add_option("--move", action="store", dest="target_directory", help="Move unused GPOs to given directory") parser.add_option("--verbose", action="store_true", dest="verbose", default=False, help="Print verbose messages") (options, args) = parser.parse_args() # load UCR ucr = config_registry.ConfigRegistry() ucr.load() sysvolDirectory = _sysvol_directory(ucr) ldapGPOs = getLDAPGPOs(options) if not ldapGPOs: print 'No LDAP GPOs found. Abort!' sys.exit(1) fileSystemGPOs = getFileSystemGPOs(sysvolDirectory) if options.verbose: print 'The following LDAP GPOs were found:' for ldapGPO in ldapGPOs:
def wait_for_s4connector(timeout=360, delta_t=1, s4cooldown_t=10): ucr = config_registry.ConfigRegistry() ucr.load() if not package_installed('univention-s4-connector'): print( 'wait_for_s4connector(): skip, univention-s4-connector not installed.' ) return if ucr.is_false('connector/s4/autostart'): print( 'wait_for_s4connector(): skip, connector/s4/autostart is set to false.' ) return conn = sqlite3.connect('/etc/univention/connector/s4internal.sqlite') c = conn.cursor() static_count = 0 highestCommittedUSN = -1 lastUSN = -1 t = t0 = time.time() while t < t0 + timeout: time.sleep(delta_t) if not _ldap_replication_complete(): continue previous_highestCommittedUSN = highestCommittedUSN highestCommittedUSN = -1 ldbresult = subprocess.check_output([ 'ldbsearch', '--url', '/var/lib/samba/private/sam.ldb', '--scope', 'base', '--basedn', '', 'highestCommittedUSN', ]) for line in ldbresult.split('\n'): line = line.strip() if line.startswith('highestCommittedUSN: '): highestCommittedUSN = line.replace('highestCommittedUSN: ', '') break else: raise KeyError('No highestCommittedUSN in ldbsearch') previous_lastUSN = lastUSN c.execute('select value from S4 where key=="lastUSN"') lastUSN = c.fetchone()[0] print('highestCommittedUSN: {}'.format(highestCommittedUSN)) print('lastUSN: {}'.format(lastUSN)) if not (lastUSN == highestCommittedUSN and lastUSN == previous_lastUSN and highestCommittedUSN == previous_highestCommittedUSN): static_count = 0 print('Reset counter') else: static_count = static_count + 1 print('Counter: %d' % static_count) if static_count * delta_t >= s4cooldown_t: return 0 t = time.time() conn.close() raise WaitForS4ConnectorTimeout()
def _load_config(self): def parse_port(string): ( start, end, ) = REGEX_RULE_PORT.match(string).groupdict().values() start = int(start) if end: end = int(end) return ( start, end, ) def parse_boolean(string): string = string.lower() if string in ( u'true', u'yes', u'on', u'1', ): return True elif string in ( u'false', u'no', u'off', u'0', ): return False else: return None config_registry = ucr.ConfigRegistry() config_registry.load() # set global firewall settings self.default_policy = config_registry.get( # TODO: logging? u'security/packetfilter/defaultpolicy', u'REJECT') self.disabled = parse_boolean( config_registry.get(u'security/packetfilter/disabled', 'False')) self.use_packages = parse_boolean( config_registry.get(u'security/packetfilter/use_packages', 'True')) # parse all firewall related UCR variables rules = {} for ( key, value, ) in config_registry.items(): matched_rule = REGEX_RULE.match(key) if not matched_rule: continue rule_props = matched_rule.groupdict() try: rule = Rule(rule_props[u'address'], parse_port(rule_props[u'port']), rule_props[u'protocol'], rule_props[u'package']) # rule already exists? if rule.name in rules: rule = rules[rule.name] else: rules[rule.name] = rule # check for other rule properties if not rule_props[u'property']: # only the action remains rule.action = value else: rule.description[rule_props[u'property']] = value except Error as err: pass # TODO: logging else: self._rules = rules
ignore_templates_for_groups = ['bannediplist', 'exceptioniplist'] # several lists for filter groups for entry in os.listdir(os.path.join(TEMPLATE_PATH, 'lists')): if entry not in ignore_templates_for_groups: abs_filename = os.path.join(TEMPLATE_PATH, 'lists', entry) if os.path.isfile(abs_filename): with open(abs_filename) as template: conf = os.path.join(CONFIG_PATH, 'lists', '%s-%s' % (groups[i], entry)) content = ucr.filter(template.read(), configRegistry, srcfiles=[abs_filename]) with open(conf, 'w') as fd: fd.write(content) files_written.append(conf) # remove old filter lists for f in glob.iglob(os.path.join(CONFIG_PATH, 'lists', '*-*list')): if f not in files_written and os.path.isfile(f): os.unlink(f) ucr.handler_unset( ['dansguardian/current/groupno', 'dansguardian/current/group']) if __name__ == '__main__': configRegistry = ucr.ConfigRegistry() configRegistry.load() handler(configRegistry, [])
def get_server_cert_folder(): ucr = configRegistry.ConfigRegistry() ucr.load() hostname = '%s.%s' % (ucr['hostname'], ucr['domainname']) return os.path.join('/etc/univention/ssl', hostname)
def __init__(self, ip): self.ip = ip ucr = configRegistry.ConfigRegistry() ucr.load() self.sso_fqdn = ucr['ucs/server/sso/fqdn']
host=host, port=port, errno=errno) def __str__(self): return "TCP-SSL Socket %s:%d -> %s:%d" % (self.sock.getsockname() + self.sock.getpeername()) class UVMM_ClientAuthSSLSocket(UVMM_ClientSSLSocket, UVMM_ClientAuthenticatedSocket): """SSL-socket plus authentication.""" pass __ucr = ucr.ConfigRegistry() __ucr.load() def __auth_machine(): """Get machine connection.""" username = "******" % __ucr['hostname'] f = open('/etc/machine.secret', 'r') try: password = f.readline().rstrip() finally: f.close() return (username, password) def __debug(msg):
assert UCR.ucr_factory() is not UCR.ucr_factory() def test_ro(ucrf): reload(UCR) assert not isinstance(UCR.ucr, UCR.ConfigRegistry) assert UCR.ucr["foo"] == "LDAP" assert UCR.ucr["bam"] is None with pytest.raises(TypeError): UCR.ucr["foo"] = "42" with pytest.raises(TypeError): del UCR.ucr["foo"] @pytest.mark.parametrize("autoload,before,after", [ pytest.param(lambda: UCR.ConfigRegistry(), None, None, id="Manual"), pytest.param(lambda: UCR.ucr, "BEFORE", "BEFORE", id="Once"), pytest.param(lambda: UCR.ucr_live, "BEFORE", "AFTER", id="Always"), pytest.param( lambda: UCR.ucr_live.__enter__(), "BEFORE", "BEFORE", id="View"), ]) def test_autoload(autoload, before, after, ucr0): reload(UCR) ucr0["baz"] = "BEFORE" ucr0.save() ucr = autoload() assert ucr["baz"] == before ucr0["baz"] = "AFTER"
if not logobj: logobj = open('/var/log/univention/log-collector-client.log', 'a') info = inspect.getframeinfo(inspect.currentframe().f_back)[0:3] printInfo = [] if len(info[0]) > 30: printInfo.append('...' + info[0][-27:]) else: printInfo.append(info[0]) printInfo.extend(info[1:3]) logobj.write("%s [L%s]: %s\n" % (time.asctime(time.localtime()), printInfo[1], msg)) logobj.flush() baseconfig = ub.ConfigRegistry() baseconfig.load() class LogCollectorClient(object): def __init__(self, server, port=7450): '''Initialize a socket-connection to the server.''' self._port = port self._server = server self._nextId = random.randint(100000, 999999) self._resendQueue = {} self._inbuffer = '' self._config = {} self._socket_ready = False self._outbuffer = ''
def test_benchmark_autoload(autoload, benchmark, ucr0): ucr0["foo"] = "value" ucr0.save() ucr = autoload(UCR.ConfigRegistry()) benchmark(ucr.get, "foo")
def wait_for_s4connector(): ucr = config_registry.ConfigRegistry() ucr.load() if not package_installed('univention-s4-connector'): print 'wait_for_s4connector(): skip, univention-s4-connector not installed.' return if ucr.is_false('connector/s4/autostart'): print 'wait_for_s4connector(): skip, connector/s4/autostart is set to false.' return conn = sqlite3.connect('/etc/univention/connector/s4internal.sqlite') c = conn.cursor() static_count = 0 highestCommittedUSN = -1 lastUSN = -1 while static_count < CONNECTOR_WAIT_INTERVAL: time.sleep(CONNECTOR_WAIT_SLEEP) if not _ldap_replication_complete(): continue previous_highestCommittedUSN = highestCommittedUSN highestCommittedUSN = -1 ldbsearch = subprocess.Popen( "ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b '' highestCommittedUSN", shell=True, stdout=subprocess.PIPE) ldbresult = ldbsearch.communicate() for line in ldbresult[0].split('\n'): line = line.strip() if line.startswith('highestCommittedUSN: '): highestCommittedUSN = line.replace('highestCommittedUSN: ', '') break print highestCommittedUSN previous_lastUSN = lastUSN try: c.execute('select value from S4 where key=="lastUSN"') except sqlite3.OperationalError as e: static_count = 0 print 'Reset counter: sqlite3.OperationalError: %s' % e print 'Counter: %d' % static_count continue conn.commit() lastUSN = c.fetchone()[0] if not (lastUSN == highestCommittedUSN and lastUSN == previous_lastUSN and highestCommittedUSN == previous_highestCommittedUSN): static_count = 0 print 'Reset counter' else: static_count = static_count + 1 print 'Counter: %d' % static_count conn.close() return 0
def wait_for_s4connector(timeout=360, delta_t=1, s4cooldown_t=5): # type: (int, int, int) -> int ucr = config_registry.ConfigRegistry() ucr.load() if not package_installed('univention-s4-connector'): print('wait_for_s4connector(): skip, univention-s4-connector not installed.') return 0 if ucr.is_false('connector/s4/autostart'): print('wait_for_s4connector(): skip, connector/s4/autostart is set to false.') return 0 conn = sqlite3.connect('/etc/univention/connector/s4internal.sqlite') c = conn.cursor() static_count = 0 replication_complete = False highestCommittedUSN = -1 lastUSN = -1 t = t0 = time.time() while t < t0 + timeout: time.sleep(delta_t) if not _ldap_replication_complete(verbose=False): continue else: if not replication_complete: print('Start waiting for S4-Connector replication') replication_complete = True previous_highestCommittedUSN = highestCommittedUSN ldbresult = subprocess.Popen([ 'ldbsearch', '--url', '/var/lib/samba/private/sam.ldb', '--scope', 'base', '--basedn', '', 'highestCommittedUSN', ], stdout=subprocess.PIPE) assert ldbresult.stdout for chunk in ldbresult.stdout: line = chunk.decode('utf-8').strip() if line.startswith('highestCommittedUSN: '): highestCommittedUSN = int(line[len('highestCommittedUSN: '):]) break else: raise KeyError('No highestCommittedUSN in ldbsearch') previous_lastUSN = lastUSN c.execute('select value from S4 where key=="lastUSN"') lastUSN = int(c.fetchone()[0]) if not (lastUSN == highestCommittedUSN and lastUSN == previous_lastUSN and highestCommittedUSN == previous_highestCommittedUSN): static_count = 0 print('Reset counter') else: static_count += 1 print('Counter: {}; highestCommittedUSN: {!r}; lastUSN: {!r}'.format(static_count, highestCommittedUSN, lastUSN)) if static_count * delta_t >= s4cooldown_t: return 0 t = time.time() conn.close() raise WaitForS4ConnectorTimeout()