Пример #1
0
def askName():
    print 'The current hostname is \'%s\'\n' % functions.getlocalhostname()
    while True:
        raw = raw_input("please give the FULL QUALIFIED DOMAIN NAME for this host (leave empty to use current) : ")
        if raw == '': 
            return functions.getlocalhostname()
        elif raw.count('.') < 1: 
            print 'you want register a top level domain? Try again\n'
        else:
            return raw
Пример #2
0
def askName():
    print 'The current hostname is \'%s\'\n' % functions.getlocalhostname()
    while True:
        raw = raw_input(
            "please give the FULL QUALIFIED DOMAIN NAME for this host (leave empty to use current) : "
        )
        if raw == '':
            return functions.getlocalhostname()
        elif raw.count('.') < 1:
            print 'you want register a top level domain? Try again\n'
        else:
            return raw
Пример #3
0
 def get_service_name(self, service='host', host=getlocalhostname()):
     """
     @see UniDomain.Classes.Author#get_service_name
     """
     if '@' in service: service = service.split('@', 1)[0]
     if '/' in service: service, host = service.split('/', 1)
     return '%s/%s@%s' % (service, host, self.config.krb5realm)
Пример #4
0
 def get_service_keytab(self,
                        service='host',
                        host=getlocalhostname(),
                        options="",
                        keytab=None):
     """ get a keytab for service <service>/<fqdn>@<realm>"""
     if not self.kadm: self.kadmin()
     if not keytab: keytab = self.config.krb5keytab
     service = self.get_service_name(service, host)
     logging.debug('adding keytab for %s', service)
     sess = subprocess.Popen(
         self.kadm +
         ['-q', 'ktadd -k %s %s %s' % (keytab, options, service)],
         stdout=subprocess.PIPE,
         stderr=subprocess.PIPE,
         env=self.env)
     (sout, serr) = sess.communicate()
     if serr == '\n\x07\x07\x07Administration credentials NOT DESTROYED.\n':
         logging.info('keytab for %s written to %s', service, keytab)
         logging.debug('removing old keys in keytab')
         sess = subprocess.Popen(
             self.kadm +
             ['-q', 'ktremove -k %s %s old' % (keytab, service)],
             env=self.env)
         sess.communicate()
         return True
     logging.error(
         'Writing keytab for %s failed!\nkadmin stderr:\n %s\nkadmin stdout:\n%s',
         service, serr, sout)
     return False
Пример #5
0
 def get_service_name(self, service = 'host', host = getlocalhostname()):
     """
     @see UniDomain.Classes.Author#get_service_name
     """
     if '@' in service: service = service.split('@', 1)[0]
     if '/' in service: service, host = service.split('/', 1)
     return '%s/%s@%s' % (service, host, self.config.krb5realm)
Пример #6
0
 def delete_service(self, service='host', host=getlocalhostname()):
     """
     @see UniDomain.Classes.Author#delete_service
     """
     if not self.kadm: self.kadmin()
     logging.debug('delete_service_principal %s %s', service, host)
     if len(self.list_service(service, host)) == 0:
         logging.warning('%s does not exist in kerberos, nothing changed',
                         host)
         return False
     service = self.get_service_name(service, host)
     logging.debug('%s will be removed from KDC.', service)
     sess = subprocess.Popen(self.kadm +
                             ['-q', 'delete_principal -force ' + service],
                             stdin=subprocess.PIPE,
                             stdout=subprocess.PIPE,
                             stderr=subprocess.PIPE,
                             env=self.env)
     (sout, serr) = sess.communicate()
     if sout.find('Principal "%s" deleted.' % service) > -1:
         logging.info('%s deleted from KDC', service)
         return True
     logging.error(
         '%s not deleted in KDC.\nkadmin stderr:\n %s\nkadmin stdout:\n%s',
         service, serr, sout)
     return False
Пример #7
0
 def add_service(self, service='host', host=getlocalhostname()):
     """
     @see UniDomain.Classes.Author#add_service
     """
     if not self.kadm: self.kadmin()
     logging.debug("add_service %s %s", service, host)
     if len(self.list_service(service, host)) > 0:
         logging.warning('Service %s %s already exists. Nothing changed.',
                         service, host)
         return True
     service = self.get_service_name(service, host)
     logging.debug('%s will be added to KDC', service)
     sess = subprocess.Popen(self.kadm + [
         '-q',
         'add_principal -policy service -pwexpire never -expire never -randkey %s'
         % (service)
     ],
                             stdout=subprocess.PIPE,
                             stderr=subprocess.PIPE,
                             stdin=subprocess.PIPE,
                             env=self.env)
     (sout, serr) = sess.communicate(None)
     if sout.find('Principal "%s" created.' % service) == -1:
         logging.error(
             '%s %s not created in KDC.\nkadmin stderr:\n %s\nkadmin stdout:\n%s',
             service, host, serr, sout)
         return False
     return True
Пример #8
0
    def add_host(self, hostname=None, target=None, classes=None, **args):
        """
        @see UniDomain.Classes.db#add_host
        """
        # some prechecks
        if not classes: classes = []
        if not target: target = self.home[0]
        if not hostname: hostname = func.getlocalhostname()
        shortname = hostname.split('.')[0]
        if len(self.home) == 0:
            logging.warning(
                '%s does not have enough rights to add hosts to the database',
                self.userID)
            return False

        # setup host object
        host_dn = 'cn=%s,%s' % (shortname, target
                                )  # we use first home dn as target container
        #FIXME: I dont like this krb5-dependancy...
        host_usid = 'host/%s@%s' % (hostname, self.config.krb5realm)
        logging.debug('using %s as usid', host_usid)
        if len(self.list_hosts(hostname)) > 0:
            logging.warning('Host %s already exists. Not changing.', hostname)
            return True
        logging.debug('Looks good. Adding %s to %s', hostname, target)
        host_data = [
            ('cn', shortname),
            ('udSerial', '%i' % self.next_udSerial()),
            ('lastSeen', nowstr()),
            ('objectClass', ['top', 'dNSZone', 'udHost']),
            ('relativeDomainName', shortname),
            ('zoneName', self.config.dnszone),
            ('dNSTTL', '3600'),
            ('dNSClass', 'IN'),
            ('ARecord', func.get_local_ip()),
            ('FQDN', hostname),
            ('USID', host_usid),
            ('description', 'new registered host object'),
        ]
        ipv6 = func.get_local_ipv6()
        if ipv6:
            host_data.append(('aAAARecord', ipv6))
        if len(classes) > 0:
            host_data.append(('udGroup', classes))
        try:
            self.conn.result(self.conn.add(host_dn, host_data))
            # add policies
            queries = [
                self.conn.add(
                    'cn=%s,%s' % (policy, host_dn),
                    [('objectClass', ['top', 'udPolicy']), args[policy]])
                for policy in args
            ]
            [self.conn.result(query) for query in queries]
        except Exception, err:
            logging.warning('add_host(): Trouble adding to ldap.\n%s',
                            str(err))
            return False
Пример #9
0
    def add_host(self, hostname = None, target = None, classes = None, **args):
        """
        @see UniDomain.Classes.db#add_host
        """
        # some prechecks
        if not classes: classes = []
        if not target: target = self.home[0]
        if not hostname: hostname = func.getlocalhostname()
        shortname = hostname.split('.')[0]
        if len(self.home) == 0:
            logging.warning('%s does not have enough rights to add hosts to the database', self.userID)
            return False

        # setup host object
        host_dn = 'cn=%s,%s' % (shortname, target) # we use first home dn as target container
        #FIXME: I dont like this krb5-dependancy...
        host_usid = 'host/%s@%s' % (hostname, self.config.krb5realm)
        logging.debug('using %s as usid', host_usid)
        if len(self.list_hosts(hostname)) > 0:
            logging.warning('Host %s already exists. Not changing.', hostname)
            return True
        logging.debug('Looks good. Adding %s to %s', hostname, target)
        host_data = [
            ('cn', shortname),
            ('udSerial', '%i' % self.next_udSerial()),
            ('lastSeen', nowstr()),
            ('objectClass', ['top', 'dNSZone', 'udHost']),
            ('relativeDomainName', shortname),
            ('zoneName', self.config.dnszone),
            ('dNSTTL', '3600'),
            ('dNSClass', 'IN'),
            ('ARecord', func.get_local_ip()),
            ('FQDN', hostname),
            ('USID', host_usid),
            ('description', 'new registered host object'),
        ]
        ipv6 = func.get_local_ipv6()
        if ipv6:
            host_data.append(('aAAARecord', ipv6))
        if len(classes) > 0:
            host_data.append(('udGroup', classes))
        try:
            self.conn.result(self.conn.add(host_dn, host_data))
            # add policies
            queries = [
                self.conn.add(
                    'cn=%s,%s' % (policy, host_dn), 
                    [('objectClass', ['top','udPolicy']),args[policy]]
                )  
                for policy in args
            ]
            [
                self.conn.result(query)   
                for query in queries
            ]
        except Exception, err:
            logging.warning('add_host(): Trouble adding to ldap.\n%s', str(err))
            return False
Пример #10
0
 def list_service(self, service = 'host', host = getlocalhostname()):
     """
     @see UniDomain.Classes.Author#list_service
     """
     if not self.kadm: self.kadmin()
     service = self.get_service_name(service, host)
     logging.debug('canoncial servicename is %s', service)
     sess = subprocess.Popen(self.kadm + ['-q', 'listprincs ' + service], stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=self.env)
     (sout, serr) = sess.communicate()
     logging.debug(sout)
     logging.debug(serr)
     return [x for x in sout.split('\n') if x==service]
Пример #11
0
 def get_service_keytab(self,
                        service='host',
                        host=getlocalhostname(),
                        options="",
                        keytab=None):
     """
     get service keytab
     @param service: service to add defaults to 'host'
     @param host: the host. defaults to the local hosts name
     @param options: additional options to add (encryption params, etc)
     @param keytab: which keytab to add the principal to. defaults to /etc/krb5.keytab
     @return: True if success, False otherwise
     """
     return False
Пример #12
0
 def list_service(self, service='host', host=getlocalhostname()):
     """
     @see UniDomain.Classes.Author#list_service
     """
     if not self.kadm: self.kadmin()
     service = self.get_service_name(service, host)
     logging.debug('canoncial servicename is %s', service)
     sess = subprocess.Popen(self.kadm + ['-q', 'listprincs ' + service],
                             stdout=subprocess.PIPE,
                             stderr=subprocess.PIPE,
                             env=self.env)
     (sout, serr) = sess.communicate()
     logging.debug(sout)
     logging.debug(serr)
     return [x for x in sout.split('\n') if x == service]
Пример #13
0
 def get_service_keytab(self, service='host', host = getlocalhostname(), options="", keytab=None):
     """ get a keytab for service <service>/<fqdn>@<realm>"""
     if not self.kadm: self.kadmin()
     if not keytab: keytab = self.config.krb5keytab
     service = self.get_service_name(service, host)
     logging.debug('adding keytab for %s', service)
     sess = subprocess.Popen(self.kadm + ['-q', 'ktadd -k %s %s %s' % (keytab, options, service)], stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=self.env)
     (sout, serr) = sess.communicate()
     if serr == '\n\x07\x07\x07Administration credentials NOT DESTROYED.\n':
         logging.info('keytab for %s written to %s', service, keytab)
         logging.debug('removing old keys in keytab')
         sess = subprocess.Popen(self.kadm + ['-q', 'ktremove -k %s %s old' % (keytab, service)], env=self.env)
         sess.communicate()
         return True
     logging.error('Writing keytab for %s failed!\nkadmin stderr:\n %s\nkadmin stdout:\n%s', service, serr, sout)
     return False
Пример #14
0
 def add_service(self, service= 'host', host=getlocalhostname()):
     """
     @see UniDomain.Classes.Author#add_service
     """
     if not self.kadm: self.kadmin()
     logging.debug("add_service %s %s", service, host)
     if len(self.list_service(service, host)) > 0:
         logging.warning('Service %s %s already exists. Nothing changed.', service, host)
         return True
     service = self.get_service_name(service, host)
     logging.debug('%s will be added to KDC', service)
     sess = subprocess.Popen(self.kadm + ['-q', 'add_principal -policy service -pwexpire never -expire never -randkey %s' % (service)], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, env=self.env)
     (sout, serr) = sess.communicate(None)
     if sout.find('Principal "%s" created.' % service) == -1:
         logging.error('%s %s not created in KDC.\nkadmin stderr:\n %s\nkadmin stdout:\n%s', service, host, serr, sout)
         return False
     return True 
Пример #15
0
 def delete_service(self, service= 'host', host= getlocalhostname()):
     """
     @see UniDomain.Classes.Author#delete_service
     """
     if not self.kadm: self.kadmin()
     logging.debug('delete_service_principal %s %s', service, host)
     if len(self.list_service(service, host)) == 0:
         logging.warning('%s does not exist in kerberos, nothing changed', host)
         return False
     service = self.get_service_name(service, host)
     logging.debug('%s will be removed from KDC.', service)
     sess = subprocess.Popen(self.kadm + ['-q', 'delete_principal -force ' + service], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=self.env)
     (sout, serr) = sess.communicate()
     if sout.find('Principal "%s" deleted.' % service) > -1:
         logging.info('%s deleted from KDC', service)
         return True
     logging.error('%s not deleted in KDC.\nkadmin stderr:\n %s\nkadmin stdout:\n%s', service, serr, sout)
     return False
Пример #16
0
 def delete_service(self, service='host', host=getlocalhostname()):
     """
     delete a service from the authen backend
     @note: this requires additional privileges
     """
     return False
Пример #17
0
    )
    (options, args) = parser.parse_args()
    if options.debug:
        logging.basicConfig(level=logging.DEBUG)
    if options.extended_help:
        print extended_help
        sys.exit(0)

    if len(args) < 2:
        logging.critical("invalid syntax")
        parser.print_usage()
        sys.exit(1)
    # check for hostname and policy to edit.
    if args[0] in known_policies:
        # no hosts specified. use local host name.
        hostname = "host/" + functions.getlocalhostname()
        policy = args.pop(0)
    elif args[1] in known_policies:
        hostname = args.pop(0)
        if not hostname.startswith("host/"):
            hostname = "host/" + hostname
        policy = args.pop(0)
    else:
        logging.critical("Invalid syntax, unknown policy specified")
        parser.print_usage()
        sys.exit(1)
    # get ticket
    if options.janitor:
        config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab")
    else:
        if args[0] == "list":
Пример #18
0
 def list_service(self, service='host', host=getlocalhostname()):
     """
     list services in the authen backend
     """
     return []
Пример #19
0
 parser.add_option("-p", action="store_true", dest="extended_help", help="show known policies and their actions", default=False)
 (options, args) = parser.parse_args()
 if options.debug:
     logging.basicConfig(level=logging.DEBUG)
 if options.extended_help:
     print extended_help
     sys.exit(0)
 
 if len(args) < 2:
     logging.critical('invalid syntax')
     parser.print_usage()
     sys.exit(1)
 # check for hostname and policy to edit.
 if args[0] in known_policies:
     # no hosts specified. use local host name.
     hostname = 'host/' + functions.getlocalhostname()
     policy = args.pop(0)
 elif args[1] in known_policies:
     hostname = args.pop(0)
     if not hostname.startswith('host/'):
         hostname = 'host/' + hostname
     policy = args.pop(0)
 else:
     logging.critical('Invalid syntax, unknown policy specified')
     parser.print_usage()
     sys.exit(1)
 # get ticket
 if options.janitor:
     config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab")
 else:
     if args[0] == 'list' :
Пример #20
0
 def add_service(self, service='host', host=getlocalhostname()):
     """
     add a service to the authen backend
     @note: this requires additional privileges
     """
     return False