Exemplo n.º 1
0
def main():
    config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab",
                            plugin_author='ldapdbadmin')
    authen = Classes.Authen(config)
    if not authen:
        print "bad auth"
        return
    userid = authen.authenticate(user='******')
    if not userid: return
    authen.kadmin()
    author = Classes.Author(config)
    db = author.authorize('janitor/admin')

    config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab",
                            plugin_author='ldapdbadmin')
    authen = Classes.Authen(config)
    if not authen:
        sys.exit(3)
    userid = authen.authenticate()
    if not userid:
        sys.exit(4)
    authen.kadmin()
    author = Classes.Author(config)
    if not author:
        sys.exit(3)
    db = author.authorize(userid.split('@')[0])
    if not db:
        sys.exit(4)

    db.update_dnsSOA()
Exemplo n.º 2
0
 def setUp(self):
     self.config = Classes.Config(plugin_author='ldapdbadmin')
     #self.config = Classes.Config(krb5keytab='/root/janitor/keytab', plugin_author='ldapdbadmin')
     self.authen = Classes.Authen(self.config)
     self.author = Classes.Author(self.config)
     self.usid = self.authen.authenticate()
     self.db = self.author.authorize(self.usid)
Exemplo n.º 3
0
def client_run():
    print(
        "\n---------------------------------------------\nUniDomain managed system is updating account, group and policy settings ... \n---------------------------------------------\n"
    )
    config = Classes.Config()
    authen = Classes.Authen(config).authenticate()
    if not authen:
        logging.critical(
            'authentication of this host failed. Is this host registered in a domain? Network is up?'
        )
        return 1
    # connect to database
    db = Classes.DB(authen).connect()
    if not db:
        logging.critical('can not connect to database.')
        return 2
    #get a AttributeCollection about this host
    hostAttributes = db.get_host_data(db.userID)
    logging.debug(hostAttributes.__str__())

    udPolicies = hostAttributes.getPolicies()

    # update the database. this is used for dead host detection.
    udPolicies['updateDbPolicy'] = None

    logging.info('instantiating udPolicyEngine with %i policies' %
                 len(udPolicies))
    runner = udPolicyEngine.udPolicyEngine(udPolicies, db, config)
    logging.info('running udPolicyEngine.')
    runner.run()
Exemplo n.º 4
0
 def setUp(self):
     self.config = Classes.Config(plugin_authen='krb5_login',
                                  krb5keytab='./keytab')
     self.authen = Classes.Authen(self.config)
     self.usid = self.authen.authenticate(
         user=sys.modules['__main__'].username,
         pw=sys.modules['__main__'].userpw)
     self.authen.kadmin()
Exemplo n.º 5
0
 def test_readconf(self):
     """check if readconf behaves like we want"""
     self.config = Classes.Config(file='testconf.xml', passwdfile='xyz')
     self.assertEqual(len(self.config.ldapservers), 1,
                      'reading value from file does not work.')
     self.assertEqual(type(self.config.debug), type(True),
                      'debug value is not bool!')
     self.assertEqual(self.config.passwdfile, 'xyz',
                      'passing config vars as args doesnt work')
Exemplo n.º 6
0
 def setUp(self):
     self.config = Classes.Config(plugin_authen='krb5_login',
                                  plugin_author='ldapdbadmin')
     #self.config = Classes.Config(krb5keytab='/root/janitor/keytab', plugin_author='ldapdbadmin')
     self.authen = Classes.Authen(self.config)
     self.author = Classes.Author(self.config)
     self.usid = self.authen.authenticate(
         user=sys.modules['__main__'].username,
         pw=sys.modules['__main__'].userpw)
     self.db = self.author.authorize(self.usid.split('@')[0])
Exemplo n.º 7
0
 def testPasswordAuthen(self):
     """check if password login works"""
     config = Classes.Config(plugin_authen='krb5_login')
     authen = Classes.Authen(config)
     self.assertEqual(authen.__module__, 'UniDomain.plugins.krb5_login')
     authen.authenticate(user=sys.modules['__main__'].username,
                         pw=sys.modules['__main__'].userpw)
     self.assertTrue(authen.isAuthenticated,
                     'isAuthenticated is not set after login.')
     authen.kadmin()
     self.assertTrue(authen.kadm, 'cant acquire kadmin ticket.')
Exemplo n.º 8
0
def open_ud2_connection(env):
    config = Classes.Config(file='/opt/UD2/etc/www_conf.xml')
    authen = Classes.Authen(config).authenticate(ccpath=env['KRB5CCNAME'])
    if not authen:
        return ("403 Forbidden", "Can not validate kerberos Ticket Data")
        #return writeError(req, apache.HTTP_FORBIDDEN, "Can not validate kerberos Ticket Data")
    db = Classes.DB(authen).connect()
    if not db:
        return ("403 Forbidden", "Database Connection failed for user %s" %
                (env['REMOTE_USER']))
        #return writeError(req, apache.HTTP_FORBIDDEN, "Database Connection failed for user %s" % (req.subprocess_env['REMOTE_USER']))
    return (False, db)
Exemplo n.º 9
0
 def testdefaultAuthen(self):
     """check if default login is non-interactive and works"""
     config = Classes.Config()
     authen = Classes.Authen()
     self.assertEqual(authen.__module__, 'UniDomain.plugins.krb5_keytab')
     self.assertEqual(authen.authenticate(),
                      'host/' + socket.getfqdn() + '@' + config.krb5realm,
                      'default login with keytab failed.')
     self.assertTrue(authen.isAuthenticated,
                     'isAuthenticated is not set after login.')
     authen.kadmin()
     self.assertTrue(authen.kadm, 'cant acquire kadmin ticket.')
Exemplo n.º 10
0
 def test_Config(self):
     """Check if required config defaults are set"""
     self.config = Classes.Config()
     self.assertTrue('plugin_authen' in self.config.config,
                     'no authen plugin in default config')
     self.assertTrue('plugin_author' in self.config.config,
                     'no author plugin in default config')
     self.assertTrue('cachedir' in self.config.config,
                     'no cache directory in default config')
     self.assertTrue('policydir' in self.config.config,
                     'no policy directory in default config')
     self.assertTrue('dnszone' in self.config.config,
                     'no dnszone in default config')
     self.assertTrue('passwdfile' in self.config.config,
                     'no passwdfile in default config')
     self.assertTrue('groupfile' in self.config.config,
                     'no groupfile in default config')
Exemplo n.º 11
0
 def testApacheAuthen(self):
     """test if apache authen works"""
     config = Classes.Config(plugin_authen='krb5_apache')
     authen = Classes.Authen(config)
     self.assertEqual(authen.__module__, 'UniDomain.plugins.krb5_apache',
                      'apache laods wrong plugin')
     self.assertEqual(
         authen.authenticate(ccfile='FILE:' +
                             sys.modules['__main__'].krb5cc),
         sys.modules['__main__'].username + '@' + config.krb5realm,
         'apache_authen returns wrong username')
     self.assertTrue(authen.isAuthenticated,
                     'isAuthenticated is not set after login.')
     self.assertFalse(
         authen.kadm,
         'apache authen sets kadmin. we dont have kadmin privileges')
     try:
         authen.kadmin()
         self.fail('apache plugin should not have a kadmin interface.')
     except:
         pass
Exemplo n.º 12
0
 def setUp(self):
     self.config = Classes.Config()
     self.authen = Classes.Authen(self.config)
     self.host_usid = self.authen.authenticate()
Exemplo n.º 13
0
    if len(sys.argv) > 1:
        if sys.argv[1] == '-d':
            logging.basicConfig(level=logging.DEBUG)
        elif sys.argv[1] == '-q':
            logging.basicConfig(level=logging.CRITICAL)
        else:
            logging.basicConfig(level=logging.ERROR)
    else:
        logging.basicConfig(level=logging.ERROR)
    print "\n-- Testing Author plugin compatibility --"
    suite = unittest.defaultTestLoader.loadTestsFromTestCase(TestAuthor)
    if not unittest.TextTestRunner(verbosity=2).run(suite).wasSuccessful():
        sys.exit(1)
    print "\n-- Testing Basic db backend functionality. --"
    suite = unittest.defaultTestLoader.loadTestsFromTestCase(TestDB)
    if not unittest.TextTestRunner(verbosity=2).run(suite).wasSuccessful():
        sys.exit(1)
    authen = Classes.Authen(
        Classes.Config(plugin_authen='krb5_login',
                       plugin_author='ldapdbadmin'))
    if not authen.authenticate():
        print "\nadmin functionality check skipped."
        sys.exit(0)
    print "\n-- Testing admin functionality --"
    username = authen.user
    userpw = authen.pw
    suite = unittest.defaultTestLoader.loadTestsFromTestCase(TestDBDomad)
    if not unittest.TextTestRunner(verbosity=2).run(suite).wasSuccessful():
        sys.exit(1)
    print "-- Congratulations. All Tests for db passed."
Exemplo n.º 14
0
list domad accounts. 
Specify a domain implies --author
if neither --authen nor --author are specified we list from authentication and database """)
    parser.add_option("-j", action="store_true", dest="janitor", help="use janitor account", default=False)
    parser.add_option("--authen", action="store_true", dest="authen", help="list from authen backend (kerberos)", default=False)
    parser.add_option("--author", action="store_true", dest="author", help="list from database backend (ldap)", default=False)
    parser.add_option("-v", action="store_true", dest="debug", help="be verbose", default=False)
    (options, args) = parser.parse_args()
    if len(args) > 1:
        parser.print_help()
        sys.exit(2)
    if options.debug:
        logging.basicConfig(level=logging.DEBUG)
        
    if options.janitor:
        config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab",plugin_author='ldapdbadmin')
    else:
        config = Classes.Config(plugin_authen="krb5_login", plugin_author='ldapdbadmin')
    if not (options.author or options.authen):
        options.authen = True
        options.author = True
    authen = Classes.Authen(config)
    if not authen:
        sys.exit(3)
    userid = authen.authenticate()
    if not userid:
        sys.exit(4)
    authen.kadmin()
    author = Classes.Author(config)
    if not author:
        sys.exit(3)
Exemplo n.º 15
0
        dest="add_kdc",
        help=
        "assume the principal already exists in the kdc. Just retrieve the key to the local keytab",
        default=True)
    (options, args) = parser.parse_args()
    #if len(args) > 0:
    #    # do not get keytab if we maualy add hosts.
    #    options.get_keytab = False
    if options.debug:
        logging.basicConfig(level=logging.DEBUG)

    # get the correct rights.
    # if we only want retrieve the key file, we only require host privileges.
    if options.add_kdc:
        if options.janitor:
            config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab")
            # janitor operation assumes we want add host principals without getting the key to the local keytab.
            options.get_keytab = False
        else:
            config = Classes.Config(plugin_authen="krb5_login")
    else:
        config = Classes.Config()
    authen = Classes.Authen(config)
    if not authen:
        sys.exit(3)
    userid = authen.authenticate()
    if not userid:
        sys.exit(4)
    authen.kadmin()

    if options.add_kdc:
Exemplo n.º 16
0

def askPolicies():
    print 'Specify any policies you want set for this host (one per line, end with newline)'
    policies = []
    input = raw_input('policy : ')
    while input:
        policies.append(input)
        input = raw_input('policy : ')
    return policies


if __name__ == "__main__":
    if len(sys.argv) > 1 and sys.argv[1] == "-d":
        logging.basicConfig(level=logging.DEBUG)
    config = Classes.Config(plugin_authen='krb5_login')
    try:
        authen = Classes.Authen(config).authenticate()
    except IndexError, e:
        print 'Authentication error (wrong password?)'
        sys.exit(1)
    db = Classes.DB(authen).connect()
    if not db:
        print 'db connection error'
        sys.exit(2)

    fqdn = askName()
    functions.set_hostname(fqdn)

    target = askTarget(db)
    classes = askClasses()