def save(self):
def rule_to_dict(rule):
prefix = u'%s/%s' % (u'security/packetfilter', rule.identifier, )
result = {prefix: rule.action, }
for (lang, description, ) in rule.description.items():
result[u'%s/%s' % (prefix, lang, )] = description
return result
config_registry = ucr.ConfigRegistry()
config_registry.load()
# set global firewall settings
bool_to_string = {True: u'true', False: u'false', }
global_options = {
u'security/packetfilter/defaultpolicy': self.default_policy,
u'security/packetfilter/disabled': bool_to_string[self.disabled],
u'security/packetfilter/use_packages': bool_to_string[self.use_packages],
}
ucr.handler_set(global_options)
org_dict = {}
for (key, value, ) in config_registry.items():
if REGEX_RULE.match(key):
org_dict[key] = value
new_dict = {}
for rule in self.rules.values():
if rule:
new_dict = dict(new_dict.items() + rule_to_dict(rule).items())
diff = DictDiffer(new_dict, org_dict)
ucr.handler_unset(diff.removed())
changed = []
for key in diff.changed().union(diff.added()):
changed.append(u'%s=%s' % (key, new_dict[key]))
ucr.handler_set(changed)
def upload_archive(self, request):
UPLOAD_KEY = 'umc/sysinfo/upload/url'
FALLBACK_UPLOAD_URL = 'https://forge.univention.de/cgi-bin/system-info-upload.py'
ucr_reg = ucr.ConfigRegistry()
ucr_reg.load()
url = ucr_reg.get(UPLOAD_KEY, FALLBACK_UPLOAD_URL)
SYSINFO_PATH = '/var/www/univention-management-console/system-info/'
fd = open(os.path.join(SYSINFO_PATH, request.options['archive']), 'r')
data = {
'filename': fd,
}
req = urllib2.Request(url, data, {})
try:
u = urllib2.urlopen(req)
answer = u.read()
success = True
except:
success = False
if not success or answer.startswith('ERROR:'):
request.status = MODULE_ERR
else:
request.status = SUCCESS
self.finished(request.id, None)
def get(self, request):
ucrReg = ucr.ConfigRegistry()
ucrReg.load()
ucrInfo = ConfigRegistryInfo(registered_only=False)
# iterate over all requested variables
results = []
for key in request.options:
info = ucrInfo.get_variable(str(key))
value = ucrReg.get(str(key))
if not info and (value or '' == value):
# only the value available
results.append({'key': key, 'value': value})
elif info:
# info (categories etc.) available
info['value'] = value
info['key'] = key
results.append(info.normalize())
else:
# variable not available, request failed
request.status = BAD_REQUEST_INVALID_OPTS
self.finished(
request.id,
False,
message=_('The UCR variable %(key)s could not be found') %
{'key': key})
return
self.finished(request.id, results)
def main():
"""Get UCR settings from LDAP policy."""
options, host_dn = parse_cmdline()
confregfn = os.path.join(
confreg.ConfigRegistry.PREFIX,
confreg.ConfigRegistry.BASES[confreg.ConfigRegistry.LDAP])
ucr_ldap = confreg.ConfigRegistry(filename=confregfn)
ucr_ldap.load()
set_list = get_policy(host_dn, options.verbose)
if set_list:
new_set_list = []
for key, value in set_list.items():
record = '%s=%s' % (key, value)
if ucr_ldap.get(key) != value or options.setall:
new_set_list.append(record.encode())
if options.simulate or options.verbose:
for item in new_set_list:
print >> sys.stderr, 'Setting %s' % item
if not options.simulate:
confreg.handler_set(new_set_list, {'ldap-policy': True})
unset_list = []
for key, value in ucr_ldap.items():
if key not in set_list:
unset_list.append(key.encode())
if unset_list:
if options.simulate or options.verbose:
for item in unset_list:
print >> sys.stderr, 'Unsetting %s' % item
if not options.simulate:
confreg.handler_unset(unset_list, {'ldap-policy': True})
def parse_cmdline():
"""Parse command line and return options and dn."""
usage = '%prog [options] <host_dn>'
epilog = '<host_dn> distinguished LDAP name of the host'
parser = OptionParser(usage=usage, epilog=epilog)
parser.add_option('-a', '--setall',
dest='setall', action='store_true',
help='write all variables set by policy')
parser.add_option('-s', '--simulate',
dest='simulate', action='store_true',
help='simulate update and show values to be set')
parser.add_option('-v', '--verbose',
dest='verbose', action='store_true',
help='print verbose information')
parser.add_option('-l', '--ldap-server', dest='server', help='connect to this ldap host')
options, args = parser.parse_args()
if 'UNIVENTION_BASECONF' in os.environ:
del os.environ['UNIVENTION_BASECONF']
ucr = confreg.ConfigRegistry()
ucr.load()
if len(args) > 0:
host_dn = args[0]
else:
host_dn = ucr.get('ldap/hostdn') or ucr.get('ldap/mydn') or None
if not host_dn:
print >> sys.stderr, 'ERROR: cannot get ldap/hostdn'
sys.exit(1)
if options.simulate:
print >> sys.stderr, 'Simulating update...'
return options, host_dn
def _wait_for_drs_replication(ldap_filter, attrs=None, base=None, scope=ldb.SCOPE_SUBTREE, lp=None, timeout=360, delta_t=1, verbose=True, should_exist=True, controls=None):
# type: (str, Union[List[str], None, str], Optional[str], int, Optional[LoadParm], int, int, bool, bool, Optional[List[str]]) -> None
if not package_installed('univention-samba4'):
if package_installed('univention-samba'):
time.sleep(15)
print('Sleeping 15 seconds as a workaround for http://forge.univention.org/bugzilla/show_bug.cgi?id=52145')
elif verbose:
print('wait_for_drs_replication(): skip, univention-samba4 not installed.')
return
if not attrs:
attrs = ['dn']
elif not isinstance(attrs, list):
attrs = [attrs]
if not lp:
lp = LoadParm()
lp.load('/etc/samba/smb.conf')
samdb = SamDB("tdb://%s" % lp.private_path("sam.ldb"), session_info=system_session(lp), lp=lp)
if not controls:
controls = ["domain_scope:0"]
if base is None:
ucr = config_registry.ConfigRegistry()
ucr.load()
base = ucr['samba4/ldap/base']
else:
if len(ldap.dn.str2dn(base)[0]) > 1:
if verbose:
print('wait_for_drs_replication(): skip, multiple RDNs are not supported')
return
if not base:
if verbose:
print('wait_for_drs_replication(): skip, no samba domain found')
return
if verbose:
print("Waiting for DRS replication, filter: %r, base: %r, scope: %r, should_exist: %r" % (ldap_filter, base, scope, should_exist), end=' ')
t = t0 = time.time()
while t < t0 + timeout:
try:
res = samdb.search(base=base, scope=scope, expression=ldap_filter, attrs=attrs, controls=controls)
if bool(res) is bool(should_exist):
if verbose:
print("\nDRS replication took %d seconds" % (t - t0, ))
return # res
except ldb.LdbError as exc:
(_num, msg) = exc.args
if _num == ldb.ERR_INVALID_DN_SYNTAX:
raise
if _num == ldb.ERR_NO_SUCH_OBJECT and not should_exist:
if verbose:
print("\nDRS replication took %d seconds" % (t - t0, ))
return
print("Error during samdb.search: %s" % (msg, ))
print('.', end=' ')
time.sleep(delta_t)
t = time.time()
raise DRSReplicationFailed("DRS replication for filter: %r failed due to timeout after %d sec." % (ldap_filter, t - t0))
def _load_configuration(self):
def parse_port(string):
(start, end, ) = REGEX_RULE_PORT.match(string).groupdict().values()
start = int(start)
if end:
end = int(end)
return (start, end, )
def parse_boolean(key, default=None):
if config_registry.is_true(key):
return True
elif config_registry.is_false(key):
return False
else:
# TODO: throw an error?
return default
config_registry = ucr.ConfigRegistry()
config_registry.load()
# load global firewall settings
self.default_policy = config_registry.get(u'security/packetfilter/defaultpolicy', u'REJECT')
self.disabled = parse_boolean(u'security/packetfilter/disabled', False)
self.use_packages = parse_boolean(u'security/packetfilter/use_packages', True)
# parse all firewall related UCR variables
rules = {}
for (key, value, ) in config_registry.items():
matched_rule = REGEX_RULE.match(key)
if not matched_rule:
continue
rule_props = matched_rule.groupdict()
try:
rule = Rule(
rule_props[u'protocol'],
parse_port(rule_props[u'port']),
rule_props[u'address'],
rule_props[u'package']
)
# rule already exists?
if rule.identifier in rules:
rule = rules[rule.identifier]
else:
rules[rule.identifier] = rule
# TODO: use regex instead
# check for other rule properties
if not rule_props[u'property']:
# only the action remains
rule.action = value
else:
rule.description[rule_props[u'property']] = value
except Error:
pass # TODO
else:
self._rules = rules
def test_all_roles_modification_set_network(ip_subnet, ip_network, ip_netmask, ip_range):
ucr = configRegistry.ConfigRegistry()
ucr.load()
for role in udm_test.UCSTestUDM.COMPUTER_MODULES:
computerProperties = {
'mac': '01:23:45:67:89:ab',
'name': uts.random_name()
}
with udm_test.UCSTestUDM() as udm:
dNSCn = 'cn=dns,%s' % (ucr.get('ldap/base'),)
forwardZoneName = '%s.%s' % (uts.random_name(), uts.random_name())
forwardZone = udm.create_object('dns/forward_zone', zone=forwardZoneName, position=dNSCn, nameserver=uts.random_string(numeric=False))
reverseZone = udm.create_object('dns/reverse_zone', subnet=ip_subnet, position=dNSCn, nameserver=uts.random_string(numeric=False))
dhcpService = udm.create_object('dhcp/service', service=uts.random_name())
networkProperties = {
'name': uts.random_name(),
'network': ip_network,
'netmask': ip_netmask,
'dnsEntryZoneForward': forwardZone,
'dnsEntryZoneReverse': reverseZone,
'dhcpEntryZone': dhcpService,
'ipRange': ip_range,
}
network = udm.create_object('networks/network', **networkProperties)
computer = udm.create_object(role, **computerProperties)
udm.modify_object(role, dn=computer, network=network)
aRecord = (utils.get_ldap_connection().getAttr(computer, 'aRecord') or [b''])[0].decode('ASCII')
aaaRecord = (utils.get_ldap_connection().getAttr(computer, 'aAAARecord') or [b''])[0].decode('ASCII')
# FIXME: workaround for possibly remaining locks
if aaaRecord:
udm.addCleanupLock('aAAARecord', aaaRecord)
if aRecord:
udm.addCleanupLock('aRecord', aRecord)
udm.addCleanupLock('mac', '01:23:45:67:89:ab')
utils.verify_ldap_object(computer, {'univentionNetworkLink': [network]})
assert aRecord or aaaRecord
if aRecord:
assert aRecord in ['%s.%s' % (ip_subnet, oktett) for oktett in range(2, 255)], 'IP address of computer not in range of its network'
if aaaRecord:
assert aaaRecord in ['%s:0000:0000:0000:%0.4x' % (ip_subnet, oktett) for oktett in range(2, 255)], 'IP address of computer not in range of its network'
if aRecord:
utils.verify_ldap_object('relativeDomainName=%s,%s' % (computerProperties['name'], forwardZone), {'aRecord': [aRecord]})
utils.verify_ldap_object('relativeDomainName=%s,%s' % (aRecord.split(".")[-1], reverseZone), {'pTRRecord': ['%s.%s.' % (computerProperties['name'], forwardZoneName)]})
utils.verify_ldap_object('cn=%s,%s' % (computerProperties['name'], dhcpService), {'univentionDhcpFixedAddress': [aRecord]})
if aaaRecord:
utils.verify_ldap_object('relativeDomainName=%s,%s' % (computerProperties['name'], forwardZone), {'aAAARecord': [aaaRecord]})
utils.verify_ldap_object('relativeDomainName=%s,%s' % ('.'.join(reversed(''.join(aaaRecord.split(':')[4:]))), reverseZone), {'pTRRecord': ['%s.%s.' % (computerProperties['name'], forwardZoneName)]})
utils.verify_ldap_object('cn=%s,%s' % (computerProperties['name'], dhcpService), {'univentionDhcpFixedAddress': [str(ipaddress.IPv6Address(aaaRecord))]})
def __init__(self, username, password, use_kerberos=False): self.ucr = configRegistry.ConfigRegistry() self.ucr.load() self.use_kerberos = use_kerberos self.target_sp_hostname = '%s.%s' % (self.ucr['hostname'], self.ucr['domainname']) self.username = username self.password = password self.session = requests.Session() if use_kerberos: self.session.auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL) self.page = None self.position = 'Init...'
def __init__(self, lo, username=None):
self.ConfigRegistry = ucr.ConfigRegistry()
self.ConfigRegistry.load()
self.enableQualityCheck = False
self.checkHistory = False
self.min_length = -1
if not lo:
self._getConnection()
else:
self.lo = lo
self._systemPolicy()
if username:
self._userPolicy(username)
def get_mail_info(self, request):
ucr_reg = ucr.ConfigRegistry()
ucr_reg.load()
ADDRESS_KEY = 'umc/sysinfo/mail/address'
SUBJECT_KEY = 'umc/sysinfo/mail/subject'
ADDRESS_VALUE = ucr_reg.get(ADDRESS_KEY, '*****@*****.**')
SUBJECT_VALUE = ucr_reg.get(SUBJECT_KEY, 'Univention System Info')
url = urlunparse(('mailto', '', ADDRESS_VALUE, '',
urlencode({
'subject': SUBJECT_VALUE,
}), ''))
result = {}
result['url'] = url.replace('+', '%20')
request.status = SUCCESS
self.finished(request.id, result)
def __init__( self, install_mode = False, registered_only = True, load_customized=True ):
"""Initialize variable and category descriptions.
install_mode=True deactivates the use of an UCR instance.
registered_only=False creates syntetic entries for all undescribed but set variables.
load_customized=False deactivates loading customized descriptions.
"""
self.categories = {}
self.variables = {}
self.__patterns = {}
if not install_mode:
self.__configRegistry = ucr.ConfigRegistry()
self.__configRegistry.load()
self.load_categories()
self.__load_variables( registered_only, load_customized )
else:
self.__configRegistry = None
def __init__(self, install_mode=False, registered_only=True, load_customized=True):
# type: (bool, bool, bool) -> None
"""
Initialize variable and category descriptions.
:param install_mode: `True` deactivates the use of an UCR instance.
:param registered_only: `False` creates synthetic entries for all undescribed but set variables.
:param load_customized: `False` deactivates loading customized descriptions.
"""
self.categories = {} # type: Dict[str, Category]
self.variables = {} # type: Dict[str, Variable]
self.__patterns = {} # type: Dict[str, List[Tuple[str, str]]]
if not install_mode:
self.__configRegistry = ucr.ConfigRegistry() # type: Optional[ucr.ConfigRegistry]
self.__configRegistry.load()
self.load_categories()
self.__load_variables(registered_only, load_customized)
else:
self.__configRegistry = None
def force_drs_replication(source_dc=None, destination_dc=None, partition_dn=None, direction="in"):
# type: (Optional[str], Optional[str], Optional[str], str) -> int
if not package_installed('univention-samba4'):
print('force_drs_replication(): skip, univention-samba4 not installed.')
return 0
src = source_dc or get_available_s4connector_dc()
if not src:
return 1
dst = destination_dc or socket.gethostname()
if src == dst:
return 0
if not partition_dn:
ucr = config_registry.ConfigRegistry()
ucr.load()
partition_dn = str(ucr.get('samba4/ldap/base'))
print("USING partition_dn:", partition_dn)
cmd = ("/usr/bin/samba-tool", "drs", "replicate", dst, src, partition_dn)
return subprocess.call(cmd)
def save(self):
config_registry = ucr.ConfigRegistry()
config_registry.load()
org_dict = {}
for (
key,
value,
) in config_registry.items():
if REGEX_RULE.match(key):
org_dict[key] = value
new_dict = {}
for rule in self.rules.values():
if rule:
new_dict = dict(new_dict.items() + rule.dict.items())
diff = DictDiffer(new_dict, org_dict)
ucr.handler_unset(diff.removed())
changed = []
for key in diff.changed().union(diff.added()):
changed.append(u'%s=%s' % (key, new_dict[key]))
ucr.handler_set(changed)
parser = OptionParser(usage=usage)
parser.add_option("--move",
action="store",
dest="target_directory",
help="Move unused GPOs to given directory")
parser.add_option("--verbose",
action="store_true",
dest="verbose",
default=False,
help="Print verbose messages")
(options, args) = parser.parse_args()
# load UCR
ucr = config_registry.ConfigRegistry()
ucr.load()
sysvolDirectory = _sysvol_directory(ucr)
ldapGPOs = getLDAPGPOs(options)
if not ldapGPOs:
print 'No LDAP GPOs found. Abort!'
sys.exit(1)
fileSystemGPOs = getFileSystemGPOs(sysvolDirectory)
if options.verbose:
print 'The following LDAP GPOs were found:'
for ldapGPO in ldapGPOs:
def wait_for_s4connector(timeout=360, delta_t=1, s4cooldown_t=10):
ucr = config_registry.ConfigRegistry()
ucr.load()
if not package_installed('univention-s4-connector'):
print(
'wait_for_s4connector(): skip, univention-s4-connector not installed.'
)
return
if ucr.is_false('connector/s4/autostart'):
print(
'wait_for_s4connector(): skip, connector/s4/autostart is set to false.'
)
return
conn = sqlite3.connect('/etc/univention/connector/s4internal.sqlite')
c = conn.cursor()
static_count = 0
highestCommittedUSN = -1
lastUSN = -1
t = t0 = time.time()
while t < t0 + timeout:
time.sleep(delta_t)
if not _ldap_replication_complete():
continue
previous_highestCommittedUSN = highestCommittedUSN
highestCommittedUSN = -1
ldbresult = subprocess.check_output([
'ldbsearch',
'--url',
'/var/lib/samba/private/sam.ldb',
'--scope',
'base',
'--basedn',
'',
'highestCommittedUSN',
])
for line in ldbresult.split('\n'):
line = line.strip()
if line.startswith('highestCommittedUSN: '):
highestCommittedUSN = line.replace('highestCommittedUSN: ', '')
break
else:
raise KeyError('No highestCommittedUSN in ldbsearch')
previous_lastUSN = lastUSN
c.execute('select value from S4 where key=="lastUSN"')
lastUSN = c.fetchone()[0]
print('highestCommittedUSN: {}'.format(highestCommittedUSN))
print('lastUSN: {}'.format(lastUSN))
if not (lastUSN == highestCommittedUSN and lastUSN == previous_lastUSN
and highestCommittedUSN == previous_highestCommittedUSN):
static_count = 0
print('Reset counter')
else:
static_count = static_count + 1
print('Counter: %d' % static_count)
if static_count * delta_t >= s4cooldown_t:
return 0
t = time.time()
conn.close()
raise WaitForS4ConnectorTimeout()
def _load_config(self):
def parse_port(string):
(
start,
end,
) = REGEX_RULE_PORT.match(string).groupdict().values()
start = int(start)
if end:
end = int(end)
return (
start,
end,
)
def parse_boolean(string):
string = string.lower()
if string in (
u'true',
u'yes',
u'on',
u'1',
):
return True
elif string in (
u'false',
u'no',
u'off',
u'0',
):
return False
else:
return None
config_registry = ucr.ConfigRegistry()
config_registry.load()
# set global firewall settings
self.default_policy = config_registry.get( # TODO: logging?
u'security/packetfilter/defaultpolicy', u'REJECT')
self.disabled = parse_boolean(
config_registry.get(u'security/packetfilter/disabled', 'False'))
self.use_packages = parse_boolean(
config_registry.get(u'security/packetfilter/use_packages', 'True'))
# parse all firewall related UCR variables
rules = {}
for (
key,
value,
) in config_registry.items():
matched_rule = REGEX_RULE.match(key)
if not matched_rule:
continue
rule_props = matched_rule.groupdict()
try:
rule = Rule(rule_props[u'address'],
parse_port(rule_props[u'port']),
rule_props[u'protocol'], rule_props[u'package'])
# rule already exists?
if rule.name in rules:
rule = rules[rule.name]
else:
rules[rule.name] = rule
# check for other rule properties
if not rule_props[u'property']:
# only the action remains
rule.action = value
else:
rule.description[rule_props[u'property']] = value
except Error as err:
pass # TODO: logging
else:
self._rules = rules
ignore_templates_for_groups = ['bannediplist', 'exceptioniplist']
# several lists for filter groups
for entry in os.listdir(os.path.join(TEMPLATE_PATH, 'lists')):
if entry not in ignore_templates_for_groups:
abs_filename = os.path.join(TEMPLATE_PATH, 'lists', entry)
if os.path.isfile(abs_filename):
with open(abs_filename) as template:
conf = os.path.join(CONFIG_PATH, 'lists',
'%s-%s' % (groups[i], entry))
content = ucr.filter(template.read(),
configRegistry,
srcfiles=[abs_filename])
with open(conf, 'w') as fd:
fd.write(content)
files_written.append(conf)
# remove old filter lists
for f in glob.iglob(os.path.join(CONFIG_PATH, 'lists', '*-*list')):
if f not in files_written and os.path.isfile(f):
os.unlink(f)
ucr.handler_unset(
['dansguardian/current/groupno', 'dansguardian/current/group'])
if __name__ == '__main__':
configRegistry = ucr.ConfigRegistry()
configRegistry.load()
handler(configRegistry, [])
def get_server_cert_folder():
ucr = configRegistry.ConfigRegistry()
ucr.load()
hostname = '%s.%s' % (ucr['hostname'], ucr['domainname'])
return os.path.join('/etc/univention/ssl', hostname)
def __init__(self, ip):
self.ip = ip
ucr = configRegistry.ConfigRegistry()
ucr.load()
self.sso_fqdn = ucr['ucs/server/sso/fqdn']
host=host,
port=port,
errno=errno)
def __str__(self):
return "TCP-SSL Socket %s:%d -> %s:%d" % (self.sock.getsockname() +
self.sock.getpeername())
class UVMM_ClientAuthSSLSocket(UVMM_ClientSSLSocket,
UVMM_ClientAuthenticatedSocket):
"""SSL-socket plus authentication."""
pass
__ucr = ucr.ConfigRegistry()
__ucr.load()
def __auth_machine():
"""Get machine connection."""
username = "******" % __ucr['hostname']
f = open('/etc/machine.secret', 'r')
try:
password = f.readline().rstrip()
finally:
f.close()
return (username, password)
def __debug(msg):
assert UCR.ucr_factory() is not UCR.ucr_factory()
def test_ro(ucrf):
reload(UCR)
assert not isinstance(UCR.ucr, UCR.ConfigRegistry)
assert UCR.ucr["foo"] == "LDAP"
assert UCR.ucr["bam"] is None
with pytest.raises(TypeError):
UCR.ucr["foo"] = "42"
with pytest.raises(TypeError):
del UCR.ucr["foo"]
@pytest.mark.parametrize("autoload,before,after", [
pytest.param(lambda: UCR.ConfigRegistry(), None, None, id="Manual"),
pytest.param(lambda: UCR.ucr, "BEFORE", "BEFORE", id="Once"),
pytest.param(lambda: UCR.ucr_live, "BEFORE", "AFTER", id="Always"),
pytest.param(
lambda: UCR.ucr_live.__enter__(), "BEFORE", "BEFORE", id="View"),
])
def test_autoload(autoload, before, after, ucr0):
reload(UCR)
ucr0["baz"] = "BEFORE"
ucr0.save()
ucr = autoload()
assert ucr["baz"] == before
ucr0["baz"] = "AFTER"
if not logobj:
logobj = open('/var/log/univention/log-collector-client.log', 'a')
info = inspect.getframeinfo(inspect.currentframe().f_back)[0:3]
printInfo = []
if len(info[0]) > 30:
printInfo.append('...' + info[0][-27:])
else:
printInfo.append(info[0])
printInfo.extend(info[1:3])
logobj.write("%s [L%s]: %s\n" %
(time.asctime(time.localtime()), printInfo[1], msg))
logobj.flush()
baseconfig = ub.ConfigRegistry()
baseconfig.load()
class LogCollectorClient(object):
def __init__(self, server, port=7450):
'''Initialize a socket-connection to the server.'''
self._port = port
self._server = server
self._nextId = random.randint(100000, 999999)
self._resendQueue = {}
self._inbuffer = ''
self._config = {}
self._socket_ready = False
self._outbuffer = ''
def test_benchmark_autoload(autoload, benchmark, ucr0):
ucr0["foo"] = "value"
ucr0.save()
ucr = autoload(UCR.ConfigRegistry())
benchmark(ucr.get, "foo")
def wait_for_s4connector():
ucr = config_registry.ConfigRegistry()
ucr.load()
if not package_installed('univention-s4-connector'):
print 'wait_for_s4connector(): skip, univention-s4-connector not installed.'
return
if ucr.is_false('connector/s4/autostart'):
print 'wait_for_s4connector(): skip, connector/s4/autostart is set to false.'
return
conn = sqlite3.connect('/etc/univention/connector/s4internal.sqlite')
c = conn.cursor()
static_count = 0
highestCommittedUSN = -1
lastUSN = -1
while static_count < CONNECTOR_WAIT_INTERVAL:
time.sleep(CONNECTOR_WAIT_SLEEP)
if not _ldap_replication_complete():
continue
previous_highestCommittedUSN = highestCommittedUSN
highestCommittedUSN = -1
ldbsearch = subprocess.Popen(
"ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b '' highestCommittedUSN",
shell=True,
stdout=subprocess.PIPE)
ldbresult = ldbsearch.communicate()
for line in ldbresult[0].split('\n'):
line = line.strip()
if line.startswith('highestCommittedUSN: '):
highestCommittedUSN = line.replace('highestCommittedUSN: ', '')
break
print highestCommittedUSN
previous_lastUSN = lastUSN
try:
c.execute('select value from S4 where key=="lastUSN"')
except sqlite3.OperationalError as e:
static_count = 0
print 'Reset counter: sqlite3.OperationalError: %s' % e
print 'Counter: %d' % static_count
continue
conn.commit()
lastUSN = c.fetchone()[0]
if not (lastUSN == highestCommittedUSN and lastUSN == previous_lastUSN
and highestCommittedUSN == previous_highestCommittedUSN):
static_count = 0
print 'Reset counter'
else:
static_count = static_count + 1
print 'Counter: %d' % static_count
conn.close()
return 0
def wait_for_s4connector(timeout=360, delta_t=1, s4cooldown_t=5):
# type: (int, int, int) -> int
ucr = config_registry.ConfigRegistry()
ucr.load()
if not package_installed('univention-s4-connector'):
print('wait_for_s4connector(): skip, univention-s4-connector not installed.')
return 0
if ucr.is_false('connector/s4/autostart'):
print('wait_for_s4connector(): skip, connector/s4/autostart is set to false.')
return 0
conn = sqlite3.connect('/etc/univention/connector/s4internal.sqlite')
c = conn.cursor()
static_count = 0
replication_complete = False
highestCommittedUSN = -1
lastUSN = -1
t = t0 = time.time()
while t < t0 + timeout:
time.sleep(delta_t)
if not _ldap_replication_complete(verbose=False):
continue
else:
if not replication_complete:
print('Start waiting for S4-Connector replication')
replication_complete = True
previous_highestCommittedUSN = highestCommittedUSN
ldbresult = subprocess.Popen([
'ldbsearch',
'--url', '/var/lib/samba/private/sam.ldb',
'--scope', 'base',
'--basedn', '',
'highestCommittedUSN',
], stdout=subprocess.PIPE)
assert ldbresult.stdout
for chunk in ldbresult.stdout:
line = chunk.decode('utf-8').strip()
if line.startswith('highestCommittedUSN: '):
highestCommittedUSN = int(line[len('highestCommittedUSN: '):])
break
else:
raise KeyError('No highestCommittedUSN in ldbsearch')
previous_lastUSN = lastUSN
c.execute('select value from S4 where key=="lastUSN"')
lastUSN = int(c.fetchone()[0])
if not (lastUSN == highestCommittedUSN and lastUSN == previous_lastUSN and highestCommittedUSN == previous_highestCommittedUSN):
static_count = 0
print('Reset counter')
else:
static_count += 1
print('Counter: {}; highestCommittedUSN: {!r}; lastUSN: {!r}'.format(static_count, highestCommittedUSN, lastUSN))
if static_count * delta_t >= s4cooldown_t:
return 0
t = time.time()
conn.close()
raise WaitForS4ConnectorTimeout()
