Exemplo n.º 1
0
    def export_dns(self, types=None):
        domain = tg.config.get("netgroups.domain", "travel.addrs")
        home_netgroup = tg.config.get("netgroups.home", "home")
        travel_netgroup = tg.config.get("netgroups.travel", "travel")
        home_timeout = tg.config.get("netgroups.timeout.%s" % home_netgroup)
        travel_timeout = tg.config.get("netgroups.timeout.%s" % travel_netgroup)
        res = []
        if not types:
            users = DBSession.query(User)
            for user in users:
                if user.home_addr:
                    hostname = "%s.%s.%s" % (user.user_name, home_netgroup, domain)
                    res.append("+%s:%s:15" % (hostname, user.home_addr))
                if user.travel_addr:
                    hostname = "%s.%s.%s" % (user.user_name, travel_netgroup, domain)
                    res.append("+%s:%s:15" % (hostname, user.travel_addr))

        else:
            pass
        return dict(data=res)
Exemplo n.º 2
0
 def test_query_obj(self):
     obj = DBSession.query(self.klass).one()
     for key, value in self.attrs.iteritems():
         assert_equals(getattr(obj, key), value)
Exemplo n.º 3
0
    def admin(self, **kw):
        remote_addr = request.environ.get("REMOTE_ADDR", "unknown addr")

        users = DBSession.query(User)
        """Illustrate how a page for managers only works."""
        return dict(page="admin", grid=user_grid, users=users)
Exemplo n.º 4
0
def sync_entries():
    log.debug("sync_entries: Starting")
    enabled = asbool(tg.config.get('netgroups.sync_ldap'))
    if not enabled:
        scheduler.rename_task("sync", "sync-completed")
        log.info("LDAP synchronization disabled")
        return
    from bastion.model.auth import User
    users = DBSession.query(User)

    db_home_entries = []
    db_travel_entries = []
    ldap_home_entries = []
    ldap_travel_entries = []

    use_ip = asbool(tg.config.get('netgroups.store_ip'))
    log.debug(use_ip)

    domain = tg.config.get('netgroups.domain', 'travel.addrs')
    home_netgroup = tg.config.get('netgroups.home', 'home')
    travel_netgroup = tg.config.get('netgroups.travel', 'travel')
    netgroup_dn = tg.config.get('netgroups.base_dn')

    netgroups = [ home_netgroup, travel_netgroup ]
    log.debug("sync_entries: Getting db entries")
    for user in users:
        if user.home_addr:
            timeout = tg.config.get('netgroups.timeout.%s' % home_netgroup)
            if use_ip:
                hostname = user.home_addr
            else:
                hostname = "%s.%s.%s" % (user.user_name, home_netgroup, domain)
            entry = (hostname, user.user_name, user.home_updated.strftime("%Y%m%d%H%M"))
            db_home_entries.append(entry)
        if user.travel_addr:
            timeout = tg.config.get('netgroups.timeout.%s' % travel_netgroup)
            if use_ip:
                hostname = user.travel_addr
            else:
                hostname = "%s.%s.%s" % (user.user_name, travel_netgroup, domain)
            entry = (hostname, user.user_name, user.travel_updated.strftime("%Y%m%d%H%M"))
            db_travel_entries.append(entry)

    log.debug("sync_entries: Getting ldap entries")
    con = get_connection()
    netgroup = tg.config.get('netgroups.search.format', "(cn=%s)") % home_netgroup
    timeout = tg.config.get('netgroups.timeout.%s' % home_netgroup)
    netgroup, ldap_home_entries = get_current_entries(con, netgroup_dn, netgroup)
    db_home_entries, to_prune = prune_expired_entries(db_home_entries, timeout)
    ldap_home_entries, to_prune = prune_expired_entries(ldap_home_entries, timeout)
    # now we only have valid entries in both db_*_entries and ldap_*_entries
    log.debug(db_home_entries)
    db_home_lookup = dict([(entry[1], entry) for entry in db_home_entries])

    to_modify = []
    for entry in ldap_home_entries:
        if ( entry[1] not in db_home_lookup ):
            to_prune.append(entry)
            continue
        db_entry = db_home_lookup[entry[1]]
        if ( db_entry != entry ):
            to_modify.append(db_entry)
        del db_home_lookup[entry[1]]
    actions = [format_remove_entry(entry[0], entry[1], entry[2]) for entry in to_prune]
    [actions.append(format_mod_entry(entry[0], entry[1], entry[2])) for entry in to_modify]
    [actions.append(format_add_entry(entry[0], entry[1], entry[2])) for username, entry in db_home_lookup.iteritems()]
    if len(actions) > 0:
        log.info("Synchronizing %d home hosts" % len(actions))
        log.debug(netgroup)
        log.debug(actions)
        res = con.modify(netgroup, actions)
        res, result = con.result(res)
    else:
        log.debug("No entries to change for home hosts")

    netgroup = tg.config.get('netgroups.search.format', "(cn=%s)") % travel_netgroup
    timeout = tg.config.get('netgroups.timeout.%s' % travel_netgroup)
    netgroup, ldap_travel_entries = get_current_entries(con, netgroup_dn, netgroup)
    db_travel_entries, to_prune = prune_expired_entries(db_travel_entries, timeout)
    ldap_travel_entries, to_prune = prune_expired_entries(ldap_travel_entries, timeout)
    # now we only have valid entries in both db_*_entries and ldap_*_entries
    db_user_lookup = dict([(entry[1], entry) for entry in db_travel_entries])
    log.debug(db_user_lookup)
    log.debug(db_travel_entries)

    to_modify = []
    for entry in ldap_travel_entries:
        if ( entry[1] not in db_user_lookup ):
            to_prune.append(entry)
            continue
        db_entry = db_user_lookup[entry[1]]
        if ( db_entry != entry ):
            to_modify.append(db_entry)
        del db_user_lookup[entry[1]]
    actions = [format_add_entry(entry[0], entry[1], entry[2]) for username, entry in db_user_lookup.iteritems()]
    [actions.append(format_mod_entry(entry[0], entry[1], entry[2])) for entry in to_modify]
    [actions.append(format_remove_entry(entry[0], entry[1], entry[2])) for entry in to_prune]
    if len(actions) > 0:
        log.info("Synchronizing %d travel hosts" % len(actions))
        log.debug(netgroup)
        log.debug(actions)
        res = con.modify(netgroup, actions)
        res, result = con.result(res)
    else:
        log.debug("No entries to change for travel hosts")

    # determine common entries
    con.unbind()
    # rename the task after it completes so we can run it again
    scheduler.rename_task("sync", "sync-completed")