#-*- coding: utf-8 -*- #Copyright 2008 Calculate Pack, http://www.calculate-linux.ru # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import os import cl_base import cl_utils import md5 class fillVars(object, cl_base.glob_attr): def getHash(self, password, encrypt): """Получить хеш пароля password - пароль encrypt - алгоритм шифрования, например '{SSHA}' """ runStr='%s slappasswd -s %s -h %s'%\ (self.path_env, password, encrypt) res=self._runos(runStr) if res: return res.strip() print "Error generate hash (slappasswd)" exit(1) def get_cl_profile_path(self): """список накладываемых профилей при установке, наложении профилей""" profpath = [] profPaths = ['/usr/lib/calculate/calculate-server/profile', '/var/calculate/remote/server-profile', '/var/calculate/server-profile'] for profPath in profPaths: if os.path.exists(profPath): profpath.append(profPath) return profpath def get_ld_base_dn(self): """базовый DN LDAP""" return "dc=%s"%(self.Get('ld_base_root')) def get_ld_bind_dn(self): """bind DN LDAP""" return "cn=%s,%s"% (self.Get('ld_bind_login'), self.Get('ld_base_dn')) def get_ld_bind_hash(self): """hash пароля для пользователя для чтения""" return self.getHash(self.Get('ld_bind_pw'), self.Get('ld_encrypt')) def get_ld_temp_dn(self): #DN временного пользователя root (для инициализации базы данных) return "cn=ldaproot,%s"%self.Get('ld_base_dn') def get_ld_temp_pw(self): """пароль временного пользователя root""" return cl_utils.genpassword().strip() def get_ld_temp_hash(self): """hash пароля временного root""" return self.getHash(self.Get('ld_temp_pw'), self.Get('ld_encrypt')) def get_ld_admin_dn(self): """DN пользователя root""" return "cn=%s,%s"% (self.Get('ld_admin_login'),self.Get('ld_base_dn')) def get_ld_admin_hash(self): """hash пароля root""" return self.getHash(self.Get('ld_admin_pw'), self.Get('ld_encrypt')) def get_ld_admin_pw(self): """пароль root""" return cl_utils.genpassword().strip() def get_ld_services_dn(self): """DN для всех сервисов""" return "ou=%s,%s"%(self.Get('ld_services'), self.Get('ld_base_dn')) def get_ld_unix_dn(self): """DN сервиса Unix""" return "ou=%s,%s" %(self.Get('ld_unix_login'), self.Get('ld_services_dn')) def get_ld_unix_pw(self): """пароль администратора сервиса Unix""" return cl_utils.genpassword().strip() def get_ld_unix_hash(self): """hash пароля администратора сервиса Unix""" return self.getHash(self.Get('ld_unix_pw'), self.Get('ld_encrypt')) def get_ld_samba_dn(self): """DN сервиса Samba""" return "ou=%s,%s" %(self.Get('ld_samba_login'), self.Get('ld_services_dn')) def get_ld_samba_pw(self): """пароль администратора сервиса Samba""" return cl_utils.genpassword().strip() def get_ld_samba_hash(self): """hash пароля администратора сервиса Samba""" return self.getHash(self.Get('ld_samba_pw'), self.Get('ld_encrypt')) def get_sr_samba_netbios(self): """netbios имя samba домена""" hostname = self.Get('os_net_hostname') if hostname: return "%s-cds"%self.Get('os_net_hostname') return "" def get_ld_mail_dn(self): """DN сервиса Mail""" return "ou=%s,%s" %(self.Get('ld_mail_login'), self.Get('ld_services_dn')) def get_ld_mail_pw(self): """пароль администратора сервиса Mail""" return cl_utils.genpassword().strip() def get_ld_mail_hash(self): """hash пароля администратора сервиса Mail""" return self.getHash(self.Get('ld_mail_pw'), self.Get('ld_encrypt')) def get_ld_jabber_dn(self): """DN сервиса Jabber""" return "ou=%s,%s" %(self.Get('ld_jabber_login'), self.Get('ld_services_dn')) def get_ld_jabber_pw(self): """пароль администратора сервиса Jabber""" return cl_utils.genpassword().strip() def get_ld_jabber_hash(self): """hash пароля администратора сервиса Jabber""" return self.getHash(self.Get('ld_jabber_pw'), self.Get('ld_encrypt')) def get_ld_ftp_dn(self): """DN сервиса FTP""" return "ou=%s,%s" %(self.Get('ld_ftp_login'), self.Get('ld_services_dn')) def get_ld_ftp_pw(self): """пароль администратора сервиса FTP""" return cl_utils.genpassword().strip() def get_ld_ftp_hash(self): """hash пароля администратора сервиса FTP""" return self.getHash(self.Get('ld_ftp_pw'), self.Get('ld_encrypt')) def get_sr_mail_host(self): """имя компьютера с настроенным сервисом Mail""" fullHostName = "%s.%s"%(self.Get('os_net_hostname'), self.Get('os_net_domain')) if fullHostName: return fullHostName else: return "" def get_sr_jabber_host(self): """имя компьютера с настроенным сервисом Jabber""" fullHostName = "%s.%s"%(self.Get('os_net_hostname'), self.Get('os_net_domain')) if fullHostName: return fullHostName else: return "" def get_ld_repl_host(self): """имя компьютера c включенной репликацией""" fullHostName = "%s.%s"%(self.Get('os_net_hostname'), self.Get('os_net_domain')) if fullHostName: return fullHostName else: return "" def get_ld_repl_pw(self): """пароль ветки репликации""" return cl_utils.genpassword().strip() def get_ld_repl_hash(self): """hash пароля ветки репликации""" return self.getHash(self.Get('ld_repl_pw'), self.Get('ld_encrypt')) def get_ld_ldap_dn(self): """DN основной служебной ветки LDAP""" return "ou=%s,%s"%(self.Get('ld_ldap_login'), self.Get('ld_services_dn')) def get_ld_repl_dn(self): """DN ветки репликации""" return "ou=%s,%s"%(self.Get('ld_repl_login'), self.Get('ld_ldap_dn')) def get_ld_repl_worked_dn(self): """DN ветки хранения последнего посещенного сервера""" return "ou=%s,%s" %(self.Get('ld_repl_worked_login'), self.Get('ld_repl_dn')) def get_ld_repl_ids(self): """id серверов репликации""" replServers = self.Get("ld_repl_servers") rids = [] if not replServers: return "" replServers = replServers.split(",") for replServer in replServers: if replServer: md5hex = md5.new(replServer).hexdigest() dStart = 0 dEnd = 3 dMax = 32 while(dEnd<=dMax and md5hex[dStart:dEnd] in rids): dStart += 1 dEnd +=1 if dEnd>=dMax: return "" rids.append(str(int(md5hex[dStart:dEnd],16))) return ",".join(rids) def get_ld_repl_id(self): """id текущего сервера репликации""" replServers = self.Get("ld_repl_servers") if not replServers: return "" replServers = replServers.split(",") replSambaServers = self.Get("ld_repl_samba_servers") if replSambaServers: replSambaServers = replSambaServers.split(",") replUnixServers = self.Get("ld_repl_unix_servers") if replUnixServers: replUnixServers = replUnixServers.split(",") if set(replServers) != set(replSambaServers)|set(replUnixServers): return "" replIds = self.Get("ld_repl_ids") replIds = replIds.split(",") if len(replServers)!=len(replIds): return "" hostName = self.Get('os_net_hostname') domain = self.Get('os_net_domain') fullHostName = "%s.%s"%(hostName,domain) i = 0 repl_id = "" for replServer in replServers: elemReplServer = replServer.split(".") if len(elemReplServer)==1: if replServer == hostName: repl_id = replIds[i] break else: if replServer == fullHostName: repl_id = replIds[i] break i += 1 return repl_id def get_ld_repl_servers_ref(self): """Текст в slapd.conf, ссылки на серверы репликации""" repl_id = self.Get("ld_repl_id") if not repl_id: return "" servers_ref = "" replServers = self.Get("ld_repl_servers") replServers = replServers.split(",") replIds = self.Get("ld_repl_ids") replIds = replIds.split(",") i = 0 for replServer in replServers: if replIds[i]!= repl_id: servers_ref += "updateref ldap://%s:389\n" %replServer i += 1 return servers_ref def get_ld_repl_servers_info(self): """Текст в slapd.conf, в котором находится информация о серверах репликации""" repl_id = self.Get("ld_repl_id") if not repl_id: return "" servers_info = "" replSambaServers = self.Get("ld_repl_samba_servers") if replSambaServers: replSambaServers = replSambaServers.split(",") replUnixServers = self.Get("ld_repl_unix_servers") if replUnixServers: replUnixServers = replUnixServers.split(",") replServers = self.Get("ld_repl_servers") replServers = replServers.split(",") if set(replServers) != set(replSambaServers)|set(replUnixServers): return "" replIds = self.Get("ld_repl_ids") replIds = replIds.split(",") i = 0 for replServer in replServers: if replIds[i]!= repl_id: if replServer in replSambaServers: servers_info += """syncrepl rid=%s provider=ldap://%s type=refreshAndPersist retry="5 5 300 +" filter="(|(|(ou:dn:=Samba)(ou:dn:=Unix))(ou:dn:=Replication))" searchbase="%s" attrs="*,+" schemachecking=on bindmethod=simple binddn="%s" credentials=%s\n""" %(replIds[i], replServer, self.Get("ld_services_dn"), self.Get("ld_repl_dn"), self.Get("ld_repl_pw")) elif replServer in replUnixServers: servers_info += """syncrepl rid=%s provider=ldap://%s type=refreshAndPersist retry="5 5 300 +" filter="(|(ou:dn:=Unix)(ou:dn:=Replication))" searchbase="%s" attrs="*,+" schemachecking=on bindmethod=simple binddn="%s" credentials=%s\n""" %(replIds[i], replServer, self.Get("ld_services_dn"), self.Get("ld_repl_dn"), self.Get("ld_repl_pw")) i += 1 return servers_info def get_ld_repl_samba_set(self): """Включена или нет репликация для сервиса Samba""" replSambaServers = self.Get("ld_repl_samba_servers") if replSambaServers: replSambaServers = replSambaServers.split(",") else: return "off" hostName = self.Get('os_net_hostname') domain = self.Get('os_net_domain') fullHostName = "%s.%s"%(hostName,domain) if fullHostName in replSambaServers: return "on" return "off" def get_sr_samba_net_allow_pass(self): """Текст в smb.conf - доступные сети""" netAllow = self.Get("sr_samba_net_allow") if netAllow: netAllow = netAllow.split(",") foundLoc = False for net in netAllow: if net[:4] == '127.': foundLoc = True break netAllow = " ".join(netAllow) if not foundLoc: netAllow += " 127." return netAllow osNetAllow = self.Get("os_net_allow") if osNetAllow: return "%s 127." %osNetAllow return "127." def get_sr_mail_net_allow_pass(self): """Текст в main.cf - доступные сети""" netAllow = self.Get("sr_mail_net_allow") if netAllow: netAllow = netAllow.split(",") foundLoc = False for net in netAllow: if net[:4] == '127.': foundLoc = True break netAllow = ", ".join(netAllow) if not foundLoc: netAllow += ", 127.0.0.0/8" return netAllow osNetAllow = self.Get("os_net_allow") if osNetAllow: return "%s, 127.0.0.0/8" %osNetAllow return "127.0.0.0/8" def get_sr_samba_net_allow(self): """Доступные сети для сервиса Samba""" netAllow = self.Get("os_net_allow") if netAllow: return netAllow return "" def get_sr_mail_net_allow(self): """Доступные сети для сервиса Mail""" netAllow = self.Get("os_net_allow") if netAllow: return netAllow return "" def get_ld_repl_mail_dn(self): """DN ветки хранения реплицируемых алиасов""" return "ou=%s,%s" %(self.Get('ld_repl_mail_login'), self.Get('ld_repl_dn')) def get_ld_repl_mail_set(self): """Включена или нет репликация для сервиса Mail""" replMailServers = self.Get("ld_repl_mail_servers") if replMailServers: replMailServers = replMailServers.split(",") else: return "off" hostName = self.Get('os_net_hostname') domain = self.Get('os_net_domain') fullHostName = "%s.%s"%(hostName,domain) if fullHostName in replMailServers: return "on" return "off" def get_ld_repl_unix_set(self): """Включена или нет репликация для сервиса Unix""" replUnixServers = self.Get("ld_repl_unix_servers") if replUnixServers: replUnixServers = replUnixServers.split(",") else: return "off" hostName = self.Get('os_net_hostname') domain = self.Get('os_net_domain') fullHostName = "%s.%s"%(hostName,domain) if fullHostName in replUnixServers: return "on" return "off"