def get_user_ldap_connection(self): if not self._user_dn: return # local user (probably root) try: lo, po = get_user_connection(bind=self.bind_user_connection, write=False, follow_referral=True) return lo except (ldap.LDAPError, udm_errors.base) as exc: CORE.warn('Failed to open LDAP connection for user %s: %s' % (self._user_dn, exc))
def get_user_ldap_connection(self, no_cache=False, **kwargs): if not self._user_dn: return # local user (probably root) try: lo, po = get_user_connection(bind=self.bind_user_connection, write=kwargs.pop('write', False), follow_referral=True, no_cache=no_cache, **kwargs) if not no_cache: self._user_connections.add(lo) return lo except (ldap.LDAPError, udm_errors.base) as exc: CORE.warn('Failed to open LDAP connection for user %s: %s' % (self._user_dn, exc))
def update_language(self, locales): for _locale in locales: language = None try: CORE.info("Setting locale %r" % (_locale, )) _locale = Locale(_locale) language = '%s-%s' % (_locale.language, _locale.territory ) if _locale.territory else '%s' % ( _locale.language, ) if language != self.__current_language: self.set_locale(str(_locale)) self.__current_language = language return except (locale.Error, I18N_Error) as exc: if language in ( 'en', 'en-US'): # the system is missing english locale self.set_locale('C') if not self.__current_language: # only log once! CORE.error( 'Missing "en_US.UTF-8:UTF-8" in UCR variable "locale"' ) self.__current_language = language return CORE.warn("Locale %r is not available: %s" % (str(_locale), exc)) CORE.warn('Could not set language. Resetting locale.') self.set_locale('C') self.__current_language = None raise NotAcceptable(self._('Specified locale is not available'))
def run(self, args): # locale must be set before importing UDM! log_init('/dev/stdout', args.debug) language = str(Locale(args.language)) locale.setlocale(locale.LC_MESSAGES, language) os.umask( 0o077) # FIXME: should probably be changed, this is what UMC sets # The UMC-Server and module processes are clearing environment variables os.environ.clear() os.environ['PATH'] = '/bin:/sbin:/usr/bin:/usr/sbin' os.environ['LANG'] = language import univention.admin.modules as udm_modules udm_modules.update() from univention.admin.rest.module import Application application = Application(serve_traceback=ucr.is_true( 'directory/manager/rest/show-tracebacks', True)) server = HTTPServer(application) if args.port: server.bind(args.port) server.start(args.cpus) if args.unix_socket: socket = bind_unix_socket(args.unix_socket) server.add_socket(socket) signal.signal(signal.SIGTERM, partial(self.signal_handler_stop, server)) signal.signal(signal.SIGINT, partial(self.signal_handler_stop, server)) signal.signal(signal.SIGHUP, self.signal_handler_reload) channel = logging.StreamHandler() channel.setFormatter( tornado.log.LogFormatter( fmt= '%(color)s%(asctime)s %(levelname)10s (%(process)9d) :%(end_color)s %(message)s', datefmt='%d.%m.%y %H:%M:%S')) logger = logging.getLogger() logger.setLevel(logging.INFO) logger.addHandler(channel) try: tornado.ioloop.IOLoop.current().start() except (SystemExit, KeyboardInterrupt): raise except: CORE.error(traceback.format_exc()) raise
def run(self, args): # locale must be set before importing UDM! log_init('/dev/stdout', args.debug) language = str(Locale(args.language)) locale.setlocale(locale.LC_MESSAGES, language) os.umask( 0o077) # FIXME: should probably be changed, this is what UMC sets # The UMC-Server and module processes are clearing environment variables os.environ.clear() os.environ['PATH'] = '/bin:/sbin:/usr/bin:/usr/sbin' os.environ['LANG'] = language import univention.admin.modules as udm_modules udm_modules.update() from univention.admin.rest.module import Application application = Application(serve_traceback=ucr.is_true( 'directory/manager/rest/show-tracebacks', True)) server = HTTPServer(application) server.start(args.cpus) if args.port: server.listen(args.port) if args.unix_socket: socket = bind_unix_socket(args.unix_socket) server.add_socket(socket) signal.signal(signal.SIGTERM, partial(self.signal_handler_stop, server)) signal.signal(signal.SIGINT, partial(self.signal_handler_stop, server)) signal.signal(signal.SIGHUP, self.signal_handler_reload) tornado.log.enable_pretty_logging() try: tornado.ioloop.IOLoop.current().start() except (SystemExit, KeyboardInterrupt): raise except: CORE.error(traceback.format_exc()) raise
def update_language(self, locales): for _locale in locales: try: CORE.info("Setting locale %r" % (_locale,)) _locale = Locale(_locale) language = '%s-%s' % (_locale.language, _locale.territory) if _locale.territory else '%s' % (_locale.language,) if language != self.__current_language: self.set_locale(str(_locale)) self.__current_language = language return except (locale.Error, I18N_Error) as exc: CORE.warn("Locale %r is not available: %s" % (str(_locale), exc)) CORE.warn('Could not set language. Resetting locale.') self.set_locale('C') self.__current_language = None raise NotAcceptable(self._('Specified locale is not available'))
def bind_user_connection(self, lo): CORE.process('LDAP bind for user %r.' % (self._user_dn, )) try: if self.auth_type == 'SAML': lo.lo.bind_saml(self._password) if not lo.lo.compare_dn(lo.binddn, self._user_dn): CORE.warn('SAML binddn does not match: %r != %r' % (lo.binddn, self._user_dn)) self._user_dn = lo.binddn else: try: lo.lo.bind(self._user_dn, self._password) except ldap.INVALID_CREDENTIALS: # workaround for Bug #44382: the password might be a SAML message, try to authenticate via SAML etype, exc, etraceback = sys.exc_info() CORE.error('LDAP authentication for %r failed: %s' % (self._user_dn, exc)) if self._password < 25: raise CORE.warn('Trying to authenticate via SAML.') try: lo.lo.bind_saml(self._password) except ldap.OTHER: CORE.error('SAML authentication failed.') six.reraise(etype, exc, etraceback) CORE.error('Wrong authentication type. Resetting.') self.auth_type = 'SAML' except ldap.INVALID_CREDENTIALS: etype, exc, etraceback = sys.exc_info() exc = etype( 'An error during LDAP authentication happened. Auth type: %s; SAML message length: %s; DN length: %s; Original Error: %s' % (self.auth_type, len(self._password or '') if len(self._password or '') > 25 else False, len(self._user_dn or ''), exc)) six.reraise(etype, exc, etraceback)