def nagiosModifyServiceList(self): fqdn = '' if 'nagios' in self.old_options: if self.hasChanged('name') and self.hasChanged('domain'): oldfqdn = u'%s.%s' % (self.oldinfo['name'], self.oldinfo['domain']) newfqdn = u'%s.%s' % (self['name'], self['domain']) self.__change_fqdn(oldfqdn, newfqdn) elif self.hasChanged('name'): oldfqdn = u'%s.%s' % (self.oldinfo['name'], self['domain']) newfqdn = u'%s.%s' % (self['name'], self['domain']) self.__change_fqdn(oldfqdn, newfqdn) elif self.hasChanged('domain'): oldfqdn = u'%s.%s' % (self.oldinfo['name'], self.oldinfo['domain']) newfqdn = u'%s.%s' % (self['name'], self['domain']) self.__change_fqdn(oldfqdn, newfqdn) fqdn = '%s.%s' % (self['name'], configRegistry.get("domainname")) if self.has_property('domain') and self['domain']: fqdn = '%s.%s' % (self['name'], self['domain']) # remove host from services if 'nagios' in self.old_options: for servicedn in self.oldinfo.get('nagiosServices', []): if servicedn not in self.info.get('nagiosServices', []): oldmembers = self.lo.getAttr(servicedn, 'univentionNagiosHostname') newmembers = [ x for x in oldmembers if x.decode('UTF-8').lower() != fqdn.lower() ] self.lo.modify( servicedn, [('univentionNagiosHostname', oldmembers, newmembers)]) if 'nagios' in self.options: # add host to new services ud.debug(ud.ADMIN, ud.INFO, 'nagios.py: NMSL: nagios in options') for servicedn in self.info.get('nagiosServices', []): if not servicedn: continue ud.debug(ud.ADMIN, ud.INFO, 'nagios.py: NMSL: servicedn %s' % servicedn) if 'nagios' not in self.old_options or servicedn not in self.oldinfo[ 'nagiosServices']: ud.debug(ud.ADMIN, ud.INFO, 'nagios.py: NMSL: add') # option nagios was freshly enabled or service has been enabled just now oldmembers = self.lo.getAttr(servicedn, 'univentionNagiosHostname') newmembers = copy.deepcopy(oldmembers) newmembers.append(fqdn.encode('UTF-8')) ud.debug(ud.ADMIN, ud.WARN, 'nagios.py: NMSL: oldmembers: %s' % oldmembers) ud.debug(ud.ADMIN, ud.WARN, 'nagios.py: NMSL: newmembers: %s' % newmembers) self.lo.modify( servicedn, [('univentionNagiosHostname', oldmembers, newmembers)])
def _ldap_pre_create(self): super(object, self)._ldap_pre_create() if configRegistry.is_false('directory/manager/child/cn/ou', True): if not self.lo.compare_dn(self.position.getDn(), configRegistry.get('ldap/base')): # it is possible to have a basedn with cn=foo # in this case it is allowed to create a ou # under a cn. if any(m and m.module == 'container/cn' for m in univention.admin.modules.identify(self.position.getDn(), self.lo.get(self.position.getDn()))): raise univention.admin.uexceptions.invalidChild(_('It is not allowed to create a container/ou as child object of a container/cn.'))
def __getFQDN(self): hostname = self.oldattr.get("cn", [b''])[0].decode('UTF-8') domain = self.oldattr.get("associatedDomain", [b''])[0].decode('UTF-8') if not domain: domain = configRegistry.get("domainname", None) if domain and hostname: return hostname + "." + domain return None
def open(self): univention.admin.handlers.simpleLdap.open(self) try: caching_timeout = int(configRegistry.get('directory/manager/web/modules/groups/group/caching/uniqueMember/timeout', '300')) self.cache_uniqueMember.set_timeout(caching_timeout) except: pass if 'samba' in self.options: sid = self.oldattr.get('sambaSID', [''])[0] pos = sid.rfind('-') self.info['sambaRID'] = sid[pos + 1:] if self.exists(): self['memberOf'] = self.lo.searchDn(filter=filter_format('(&(objectClass=posixGroup)(uniqueMember=%s))', [self.dn])) time_start = time.time() self['users'] = [] self['hosts'] = [] self['nestedGroup'] = [] for i in self.oldattr.get('uniqueMember', []): if cache_uniqueMember.is_valid(i): membertype = cache_uniqueMember.get(i).get('type') if membertype == 'user': self['users'].append(i) elif membertype == 'group': self['nestedGroup'].append(i) elif membertype == 'host': self['hosts'].append(i) elif i.startswith('uid='): self['users'].append(i) cache_uniqueMember.set(i, {'type': 'user'}) else: result = self.lo.getAttr(i, 'objectClass') if result: if 'univentionGroup' in result: self['nestedGroup'].append(i) cache_uniqueMember.set(i, {'type': 'group'}) elif 'univentionHost' in result: self['hosts'].append(i) cache_uniqueMember.set(i, {'type': 'host'}) else: self['users'].append(i) else: # removing following line breaks deletion of computers from groups self['users'].append(i) time_end = time.time() univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: open(): member check duration: %1.2fs' % (time_end - time_start)) self['allowedEmailUsers'] = self.oldattr.get('univentionAllowedEmailUsers', []) self['allowedEmailGroups'] = self.oldattr.get('univentionAllowedEmailGroups', []) self.save()
def _ldap_pre_create(self): self.dn='%s=%s,%s' % (mapping.mapName('name'), mapping.mapValue('name', self.info['name']), self.position.getDn()) if configRegistry.is_false('directory/manager/child/cn/ou', True): if self.position.getDn() != configRegistry.get('ldap/base'): # it is possible to have a basedn with cn=foo # in this case it is allowed to create a ou # under a cn. m = univention.admin.modules.identifyOne(self.position.getDn(), self.lo.get(self.position.getDn())) if m.module == 'container/cn': raise univention.admin.uexceptions.invalidChild(_('It is not allowed to create a container/ou as child object of a container/cn.'))
def nagiosSaveParentHostList(self, ml): if self.hasChanged('nagiosParents'): parentlist = [] for parentdn in self.info.get('nagiosParents', []): domain = self.lo.getAttr(parentdn, 'associatedDomain') cn = self.lo.getAttr(parentdn, 'cn') if not domain: domain = [configRegistry.get("domainname")] if cn and domain: parentlist.append('%s.%s' % (cn[0], domain[0])) ml.insert(0, ('univentionNagiosParent', self.oldattr.get('univentionNagiosParent', []), parentlist))
def open(self): univention.admin.handlers.simpleLdap.open(self) try: caching_timeout = int(configRegistry.get('directory/manager/web/modules/groups/group/caching/uniqueMember/timeout', '300')) self.cache_uniqueMember.set_timeout(caching_timeout) except Exception: pass if 'samba' in self.options: sid = self.oldattr.get('sambaSID', [b''])[0].decode('ASCII') sid, has_rid, rid = sid.rpartition(u'-') if has_rid and rid.isdigit(): self.info['sambaRID'] = rid if self.exists(): self['memberOf'] = self.lo.searchDn(filter=filter_format('(&(objectClass=posixGroup)(uniqueMember=%s))', [self.dn])) time_start = time.time() self['users'] = [] self['hosts'] = [] self['nestedGroup'] = [] for i in [x.decode('utf-8') for x in self.oldattr.get('uniqueMember', [])]: if cache_uniqueMember.is_valid(i): membertype = cache_uniqueMember.get(i).get('type') if membertype == 'user': self['users'].append(i) elif membertype == 'group': self['nestedGroup'].append(i) elif membertype == 'host': self['hosts'].append(i) elif i.startswith('uid='): self['users'].append(i) cache_uniqueMember.set(i, {'type': 'user'}) else: result = self.lo.getAttr(i, 'objectClass') if result: if b'univentionGroup' in result: self['nestedGroup'].append(i) cache_uniqueMember.set(i, {'type': 'group'}) elif b'univentionHost' in result: self['hosts'].append(i) cache_uniqueMember.set(i, {'type': 'host'}) elif set(result) & {b'person', b'inetOrgPerson', b'organizationalPerson'}: self['users'].append(i) else: raise RuntimeError('%s not detected: %r' % (i, result)) time_end = time.time() ud.debug(ud.ADMIN, ud.INFO, 'groups/group: open(): member check duration: %1.2fs' % (time_end - time_start)) self.save()
def _ldap_modlist(self): ml = univention.admin.handlers.simpleLdap._ldap_modlist(self) options = [] for key, value in self.OPTION_BITS.items(): if self[key] == '1': options.append(value) # type: List[bytes] # univentionNagiosNotificationOptions is required in LDAP schema if not options: options.append(b'n') newoptions = b','.join(options) ml.append(('univentionNagiosNotificationOptions', self.oldattr.get('univentionNagiosNotificationOptions', []), newoptions)) # save assigned hosts if self.hasChanged('assignedHosts'): hostlist = [] for hostdn in self.info.get('assignedHosts', []): try: host = self.lo.get(hostdn, ['associatedDomain', 'cn'], required=True) cn = host['cn'][0] # type: bytes except (univention.admin.uexceptions.noObject, ldap.NO_SUCH_OBJECT): raise univention.admin.uexceptions.valueError( _('The host "%s" does not exists.') % (hostdn, ), property='assignedHosts') except KeyError: raise univention.admin.uexceptions.valueError( _('The host "%s" is invalid, it has no "cn" attribute.' ) % (hostdn, ), property='assignedHosts') domain = host.get( 'associatedDomain', [configRegistry.get("domainname").encode('ASCII') ])[0] # type: bytes hostlist.append(b"%s.%s" % (cn, domain)) ml.insert( 0, ('univentionNagiosHostname', self.oldattr.get('univentionNagiosHostname', []), hostlist)) return ml
def check_for_group_recursion(self): # perform check only if membership of groups has changed if not self.hasChanged('memberOf') and not self.hasChanged('nestedGroup'): return # perform check only if enabled via UCR if configRegistry.get('directory/manager/web/modules/groups/group/checks/circular_dependency', 'yes').lower() in ('no', 'false', '0'): return grpdn2childgrpdns = {} grp_module = univention.admin.modules.get('groups/group') cn = self.info.get('name', 'UNKNOWN') # test self dependency # ==> nestedGroup or memberOf contains self.dn for field in ('nestedGroup', 'memberOf'): if self.dn.lower() in (x.lower() for x in self.info.get(field, [])): raise univention.admin.uexceptions.circularGroupDependency('%s ==> %s' % (cn, cn)) # test short dependencies: A -> B -> A # ==> intersection of nestedGroup and memberOf is not empty set_nestedGroup = set([x.lower() for x in self.info.get('nestedGroup', [])]) set_memberOf = set([x.lower() for x in self.info.get('memberOf', [])]) set_intersection = set_nestedGroup & set_memberOf if set_intersection: childdn = list(set_intersection)[0] # get cn for first detected object childobj = univention.admin.objects.get(grp_module, self.co, self.lo, position='', dn=childdn) childcn = childobj.info.get('name', 'UNKNOWN') raise univention.admin.uexceptions.circularGroupDependency('%s ==> %s ==> %s' % (childcn, cn, childcn)) # test long dependencies: A -> B -> C -> A if self.info.get('memberOf'): # TODO: FIXME: perform extended check only if self.hasChanged('memberOf') is True # if user added some groups to memberOf, the group objects specified in memberOf do not contain self as # uniqueMember (aka nestedGroup) when this test is performed. So this test has to perform the recursion check # with each member of memberOf as parent for upgrp in self.info.get('memberOf', []): for subgrp in self.info.get('nestedGroup', []): self._check_group_childs_for_recursion(grp_module, grpdn2childgrpdns, subgrp.lower(), [upgrp.lower(), self.dn.lower()]) else: for subgrp in self.info.get('nestedGroup', []): self._check_group_childs_for_recursion(grp_module, grpdn2childgrpdns, subgrp.lower(), [self.dn.lower()])
def check_for_group_recursion(self): # perform check only if membership of groups has changed if not self.hasChanged('memberOf') and not self.hasChanged('nestedGroup'): return # perform check only if enabled via UCR if configRegistry.get('directory/manager/web/modules/groups/group/checks/circular_dependency','yes').lower() in ('no','false','0'): return grpdn2childgrpdns = {} grp_module=univention.admin.modules.get('groups/group') cn = self.info.get('name', 'UNKNOWN') # test self dependency # ==> nestedGroup or memberOf contains self.dn for field in ('nestedGroup', 'memberOf'): if self.dn.lower() in [ x.lower() for x in self.info.get(field,[]) ]: raise univention.admin.uexceptions.circularGroupDependency('%s ==> %s' % (cn, cn)) # test short dependencies: A -> B -> A # ==> intersection of nestedGroup and memberOf is not empty set_nestedGroup = set( [ x.lower() for x in self.info.get('nestedGroup',[]) ] ) set_memberOf = set( [ x.lower() for x in self.info.get('memberOf',[]) ] ) set_intersection = set_nestedGroup & set_memberOf if set_intersection: childdn = list(set_intersection)[0] # get cn for first detected object childobj = univention.admin.objects.get(grp_module, self.co, self.lo, position='', dn=childdn) childcn = childobj.info.get('name','UNKNOWN') raise univention.admin.uexceptions.circularGroupDependency('%s ==> %s ==> %s' % (childcn, cn, childcn)) # test long dependencies: A -> B -> C -> A if self.info.get('memberOf'): # TODO: FIXME: perform extended check only if self.hasChanged('memberOf') is True # if user added some groups to memberOf, the group objects specified in memberOf do not contain self als # uniqueMember (aka nestedGroup) when this test is performed. So this test has to perform the recursion check # with each member of memberOf as parent for upgrp in self.info.get('memberOf',[]): for subgrp in self.info.get('nestedGroup',[]): self._check_group_childs_for_recursion(grp_module, grpdn2childgrpdns, subgrp.lower(), [ upgrp.lower(), self.dn.lower() ]) else: for subgrp in self.info.get('nestedGroup',[]): self._check_group_childs_for_recursion(grp_module, grpdn2childgrpdns, subgrp.lower(), [ self.dn.lower() ])
def _ldap_modlist(self): ml = univention.admin.handlers.simpleLdap._ldap_modlist(self) options = [] if self['notificationOptionWarning'] in ['1']: options.append('w') if self['notificationOptionCritical'] in ['1']: options.append('c') if self['notificationOptionUnreachable'] in ['1']: options.append('u') if self['notificationOptionRecovered'] in ['1']: options.append('r') # univentionNagiosNotificationOptions is required in LDAP schema if len(options) == 0: options.append('n') newoptions = ','.join(options) ml.append(('univentionNagiosNotificationOptions', self.oldattr.get('univentionNagiosNotificationOptions', []), newoptions)) # save assigned hosts if self.hasChanged('assignedHosts'): hostlist = [] for hostdn in self.info.get('assignedHosts', []): domain = self.lo.getAttr(hostdn, 'associatedDomain') cn = self.lo.getAttr(hostdn, 'cn') if not domain: domain = [configRegistry.get("domainname")] fqdn = "%s.%s" % (cn[0], domain[0]) hostlist.append(fqdn) ml.insert( 0, ('univentionNagiosHostname', self.oldattr.get('univentionNagiosHostname', []), hostlist)) return ml
univention.admin.property( short_description=_('Zone time to live'), long_description=_('The time this entry may be cached.'), syntax=univention.admin.syntax.UNIX_TimeInterval, required=True, default=(('3', 'hours'), []), dontsearch=True, ), 'contact': univention.admin.property( short_description=_('Contact person'), long_description=_( 'The email address of the person responsible for this zone.'), syntax=univention.admin.syntax.string, required=True, default=('root@%s.' % configRegistry.get('domainname', ''), []), ), 'serial': univention.admin.property( short_description=_('Serial number'), long_description=_( 'The sequence number for this zone. Updates automatically.'), syntax=univention.admin.syntax.integer, required=True, default=('1', [])), 'refresh': univention.admin.property( short_description=_('Refresh interval'), long_description= _('The time interval secondary DNS servers use to check the zone for updates.' ),
options=[], required=1, may_change=1, identifies=0, default=( ( '3', 'hours' ), []) ), 'contact': univention.admin.property( short_description=_('Contact person'), long_description='', syntax=univention.admin.syntax.emailAddress, multivalue=0, options=[], required=1, may_change=1, identifies=0, default = ( 'root@%s' % configRegistry.get( 'domainname' ), [] ), ), 'serial': univention.admin.property( short_description=_('Serial number'), long_description='', syntax=univention.admin.syntax.integer, multivalue=0, options=[], required=1, may_change=1, identifies=0, default=('1', []) ), 'refresh': univention.admin.property( short_description=_('Refresh interval'), long_description='',
syntax=univention.admin.syntax.DNS_ReverseZone, multivalue=True, options=[], required=False, may_change=False, identifies=False ), 'sambaDomainName': univention.admin.property( short_description=_('Samba domain name'), long_description='', syntax=univention.admin.syntax.string, multivalue=True, options=['samba'], required=True, may_change=True, default=(configRegistry.get('domainname', '').upper(), []), identifies=False ), 'sambaSID': univention.admin.property( short_description=_('Samba SID'), long_description='', syntax=univention.admin.syntax.string, multivalue=False, options=['samba'], required=True, may_change=False, identifies=False ), 'sambaNextUserRid': univention.admin.property( short_description=_('Samba Next User RID'), long_description='',
def open(self): global options univention.admin.handlers.simpleLdap.open(self) try: caching_timeout = int(configRegistry.get('directory/manager/web/modules/groups/group/caching/uniqueMember/timeout','300')) self.cache_uniqueMember.set_timeout( caching_timeout ) except: pass self.options=[] if self.oldattr.has_key('objectClass'): ocs=self.oldattr['objectClass'] if 'posixGroup' in ocs: self.options.append( 'posix' ) if 'sambaGroupMapping' in ocs: self.options.append( 'samba' ) else: self._define_options( options ) self.info['gidNumber'] = self.oldattr.get('gidNumber', [''])[0] if 'samba' in self.options: sid = self.oldattr.get('sambaSID', [''])[0] pos = sid.rfind('-') self.info['sambaRID'] = sid[pos+1:] if self.dn: self['memberOf']=self.lo.searchDn(filter='(&(objectClass=posixGroup)(uniqueMember=%s))' % univention.admin.filter.escapeForLdapFilter(self.dn)) time_start = time.time() self['users']=self['hosts']=self['nestedGroup']=[] if self.oldattr.has_key('uniqueMember'): groupMembers=self.oldattr['uniqueMember'] for i in groupMembers: if cache_uniqueMember.is_valid(i): membertype = cache_uniqueMember.get(i).get('type') if membertype == 'user': self['users'].append(i) elif membertype == 'group': self['nestedGroup'].append(i) elif membertype == 'host': self['hosts'].append(i) elif i.startswith('uid='): self['users'].append(i) cache_uniqueMember.set(i, { 'type': 'user' }) else: result = self.lo.getAttr(i, 'objectClass' ) if result: if 'univentionGroup' in result: self['nestedGroup'].append(i) cache_uniqueMember.set(i, { 'type': 'group' }) elif 'univentionHost' in result: self['hosts'].append(i) cache_uniqueMember.set(i, { 'type': 'host' }) else: self['users'].append(i) else: # removing following line breaks deletion of computers from groups self['users'].append(i) time_end = time.time() univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: open(): member check duration: %1.2fs' % (time_end - time_start)) self['allowedEmailUsers'] = [] if self.oldattr.has_key('univentionAllowedEmailUsers'): self['allowedEmailUsers'] = self.oldattr['univentionAllowedEmailUsers'] self['allowedEmailGroups'] = [] if self.oldattr.has_key('univentionAllowedEmailGroups'): self['allowedEmailGroups'] = self.oldattr['univentionAllowedEmailGroups'] self.save()
syntax=univention.admin.syntax.string, multivalue=0, include_in_default_search=1, options=[], required=1, may_change=0, identifies=1 ), 'dnsForwardZone': univention.admin.property( short_description=_('DNS forward lookup zone'), long_description='', syntax=univention.admin.syntax.dnsName, multivalue=1, options=[], required=0, default = ( '<name>.%s' % configRegistry.get( 'domainname', '' ), [] ), may_change=0, identifies=0 ), 'dnsReverseZone': univention.admin.property( short_description=_('DNS reverse lookup zone'), long_description='', syntax=univention.admin.syntax.reverseLookupSubnet, multivalue=1, options=[], required=0, may_change=0, identifies=0 ), 'sambaDomainName': univention.admin.property( short_description=_('Samba domain name'),