def main():
config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab",
plugin_author='ldapdbadmin')
authen = Classes.Authen(config)
if not authen:
print "bad auth"
return
userid = authen.authenticate(user='******')
if not userid: return
authen.kadmin()
author = Classes.Author(config)
db = author.authorize('janitor/admin')
config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab",
plugin_author='ldapdbadmin')
authen = Classes.Authen(config)
if not authen:
sys.exit(3)
userid = authen.authenticate()
if not userid:
sys.exit(4)
authen.kadmin()
author = Classes.Author(config)
if not author:
sys.exit(3)
db = author.authorize(userid.split('@')[0])
if not db:
sys.exit(4)
db.update_dnsSOA()
def setUp(self):
self.config = Classes.Config(plugin_author='ldapdbadmin')
#self.config = Classes.Config(krb5keytab='/root/janitor/keytab', plugin_author='ldapdbadmin')
self.authen = Classes.Authen(self.config)
self.author = Classes.Author(self.config)
self.usid = self.authen.authenticate()
self.db = self.author.authorize(self.usid)
def client_run():
print(
"\n---------------------------------------------\nUniDomain managed system is updating account, group and policy settings ... \n---------------------------------------------\n"
)
config = Classes.Config()
authen = Classes.Authen(config).authenticate()
if not authen:
logging.critical(
'authentication of this host failed. Is this host registered in a domain? Network is up?'
)
return 1
# connect to database
db = Classes.DB(authen).connect()
if not db:
logging.critical('can not connect to database.')
return 2
#get a AttributeCollection about this host
hostAttributes = db.get_host_data(db.userID)
logging.debug(hostAttributes.__str__())
udPolicies = hostAttributes.getPolicies()
# update the database. this is used for dead host detection.
udPolicies['updateDbPolicy'] = None
logging.info('instantiating udPolicyEngine with %i policies' %
len(udPolicies))
runner = udPolicyEngine.udPolicyEngine(udPolicies, db, config)
logging.info('running udPolicyEngine.')
runner.run()
def setUp(self):
self.config = Classes.Config(plugin_authen='krb5_login',
krb5keytab='./keytab')
self.authen = Classes.Authen(self.config)
self.usid = self.authen.authenticate(
user=sys.modules['__main__'].username,
pw=sys.modules['__main__'].userpw)
self.authen.kadmin()
def test_readconf(self):
"""check if readconf behaves like we want"""
self.config = Classes.Config(file='testconf.xml', passwdfile='xyz')
self.assertEqual(len(self.config.ldapservers), 1,
'reading value from file does not work.')
self.assertEqual(type(self.config.debug), type(True),
'debug value is not bool!')
self.assertEqual(self.config.passwdfile, 'xyz',
'passing config vars as args doesnt work')
def setUp(self):
self.config = Classes.Config(plugin_authen='krb5_login',
plugin_author='ldapdbadmin')
#self.config = Classes.Config(krb5keytab='/root/janitor/keytab', plugin_author='ldapdbadmin')
self.authen = Classes.Authen(self.config)
self.author = Classes.Author(self.config)
self.usid = self.authen.authenticate(
user=sys.modules['__main__'].username,
pw=sys.modules['__main__'].userpw)
self.db = self.author.authorize(self.usid.split('@')[0])
def testPasswordAuthen(self):
"""check if password login works"""
config = Classes.Config(plugin_authen='krb5_login')
authen = Classes.Authen(config)
self.assertEqual(authen.__module__, 'UniDomain.plugins.krb5_login')
authen.authenticate(user=sys.modules['__main__'].username,
pw=sys.modules['__main__'].userpw)
self.assertTrue(authen.isAuthenticated,
'isAuthenticated is not set after login.')
authen.kadmin()
self.assertTrue(authen.kadm, 'cant acquire kadmin ticket.')
def open_ud2_connection(env):
config = Classes.Config(file='/opt/UD2/etc/www_conf.xml')
authen = Classes.Authen(config).authenticate(ccpath=env['KRB5CCNAME'])
if not authen:
return ("403 Forbidden", "Can not validate kerberos Ticket Data")
#return writeError(req, apache.HTTP_FORBIDDEN, "Can not validate kerberos Ticket Data")
db = Classes.DB(authen).connect()
if not db:
return ("403 Forbidden", "Database Connection failed for user %s" %
(env['REMOTE_USER']))
#return writeError(req, apache.HTTP_FORBIDDEN, "Database Connection failed for user %s" % (req.subprocess_env['REMOTE_USER']))
return (False, db)
def testdefaultAuthen(self):
"""check if default login is non-interactive and works"""
config = Classes.Config()
authen = Classes.Authen()
self.assertEqual(authen.__module__, 'UniDomain.plugins.krb5_keytab')
self.assertEqual(authen.authenticate(),
'host/' + socket.getfqdn() + '@' + config.krb5realm,
'default login with keytab failed.')
self.assertTrue(authen.isAuthenticated,
'isAuthenticated is not set after login.')
authen.kadmin()
self.assertTrue(authen.kadm, 'cant acquire kadmin ticket.')
def test_Config(self):
"""Check if required config defaults are set"""
self.config = Classes.Config()
self.assertTrue('plugin_authen' in self.config.config,
'no authen plugin in default config')
self.assertTrue('plugin_author' in self.config.config,
'no author plugin in default config')
self.assertTrue('cachedir' in self.config.config,
'no cache directory in default config')
self.assertTrue('policydir' in self.config.config,
'no policy directory in default config')
self.assertTrue('dnszone' in self.config.config,
'no dnszone in default config')
self.assertTrue('passwdfile' in self.config.config,
'no passwdfile in default config')
self.assertTrue('groupfile' in self.config.config,
'no groupfile in default config')
def testApacheAuthen(self):
"""test if apache authen works"""
config = Classes.Config(plugin_authen='krb5_apache')
authen = Classes.Authen(config)
self.assertEqual(authen.__module__, 'UniDomain.plugins.krb5_apache',
'apache laods wrong plugin')
self.assertEqual(
authen.authenticate(ccfile='FILE:' +
sys.modules['__main__'].krb5cc),
sys.modules['__main__'].username + '@' + config.krb5realm,
'apache_authen returns wrong username')
self.assertTrue(authen.isAuthenticated,
'isAuthenticated is not set after login.')
self.assertFalse(
authen.kadm,
'apache authen sets kadmin. we dont have kadmin privileges')
try:
authen.kadmin()
self.fail('apache plugin should not have a kadmin interface.')
except:
pass
def setUp(self):
self.config = Classes.Config()
self.authen = Classes.Authen(self.config)
self.host_usid = self.authen.authenticate()
if len(sys.argv) > 1:
if sys.argv[1] == '-d':
logging.basicConfig(level=logging.DEBUG)
elif sys.argv[1] == '-q':
logging.basicConfig(level=logging.CRITICAL)
else:
logging.basicConfig(level=logging.ERROR)
else:
logging.basicConfig(level=logging.ERROR)
print "\n-- Testing Author plugin compatibility --"
suite = unittest.defaultTestLoader.loadTestsFromTestCase(TestAuthor)
if not unittest.TextTestRunner(verbosity=2).run(suite).wasSuccessful():
sys.exit(1)
print "\n-- Testing Basic db backend functionality. --"
suite = unittest.defaultTestLoader.loadTestsFromTestCase(TestDB)
if not unittest.TextTestRunner(verbosity=2).run(suite).wasSuccessful():
sys.exit(1)
authen = Classes.Authen(
Classes.Config(plugin_authen='krb5_login',
plugin_author='ldapdbadmin'))
if not authen.authenticate():
print "\nadmin functionality check skipped."
sys.exit(0)
print "\n-- Testing admin functionality --"
username = authen.user
userpw = authen.pw
suite = unittest.defaultTestLoader.loadTestsFromTestCase(TestDBDomad)
if not unittest.TextTestRunner(verbosity=2).run(suite).wasSuccessful():
sys.exit(1)
print "-- Congratulations. All Tests for db passed."
list domad accounts.
Specify a domain implies --author
if neither --authen nor --author are specified we list from authentication and database """)
parser.add_option("-j", action="store_true", dest="janitor", help="use janitor account", default=False)
parser.add_option("--authen", action="store_true", dest="authen", help="list from authen backend (kerberos)", default=False)
parser.add_option("--author", action="store_true", dest="author", help="list from database backend (ldap)", default=False)
parser.add_option("-v", action="store_true", dest="debug", help="be verbose", default=False)
(options, args) = parser.parse_args()
if len(args) > 1:
parser.print_help()
sys.exit(2)
if options.debug:
logging.basicConfig(level=logging.DEBUG)
if options.janitor:
config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab",plugin_author='ldapdbadmin')
else:
config = Classes.Config(plugin_authen="krb5_login", plugin_author='ldapdbadmin')
if not (options.author or options.authen):
options.authen = True
options.author = True
authen = Classes.Authen(config)
if not authen:
sys.exit(3)
userid = authen.authenticate()
if not userid:
sys.exit(4)
authen.kadmin()
author = Classes.Author(config)
if not author:
sys.exit(3)
dest="add_kdc",
help=
"assume the principal already exists in the kdc. Just retrieve the key to the local keytab",
default=True)
(options, args) = parser.parse_args()
#if len(args) > 0:
# # do not get keytab if we maualy add hosts.
# options.get_keytab = False
if options.debug:
logging.basicConfig(level=logging.DEBUG)
# get the correct rights.
# if we only want retrieve the key file, we only require host privileges.
if options.add_kdc:
if options.janitor:
config = Classes.Config(krb5keytab="/root/janitor/janitor.keytab")
# janitor operation assumes we want add host principals without getting the key to the local keytab.
options.get_keytab = False
else:
config = Classes.Config(plugin_authen="krb5_login")
else:
config = Classes.Config()
authen = Classes.Authen(config)
if not authen:
sys.exit(3)
userid = authen.authenticate()
if not userid:
sys.exit(4)
authen.kadmin()
if options.add_kdc:
def askPolicies():
print 'Specify any policies you want set for this host (one per line, end with newline)'
policies = []
input = raw_input('policy : ')
while input:
policies.append(input)
input = raw_input('policy : ')
return policies
if __name__ == "__main__":
if len(sys.argv) > 1 and sys.argv[1] == "-d":
logging.basicConfig(level=logging.DEBUG)
config = Classes.Config(plugin_authen='krb5_login')
try:
authen = Classes.Authen(config).authenticate()
except IndexError, e:
print 'Authentication error (wrong password?)'
sys.exit(1)
db = Classes.DB(authen).connect()
if not db:
print 'db connection error'
sys.exit(2)
fqdn = askName()
functions.set_hostname(fqdn)
target = askTarget(db)
classes = askClasses()