Updating windowmain to be functional on python2 & python3

This commit is contained in:
Adolfo Gómez García 2018-02-09 06:10:50 +01:00
parent 54136ae077
commit ca0fc6a61d
2 changed files with 69 additions and 65 deletions

View File

@ -43,6 +43,18 @@ from uds.core.util import tools
logger = logging.getLogger(__name__)
class LDAPError(Exception):
@staticmethod
def reraise(e):
_str = _('Connection error: ')
if hasattr(e, 'message') and isinstance(e.message, dict):
_str += ', '.join((e.message.get('info', ''), e.message.get('desc')))
else:
_str += "{}".format(e)
raise LDAPError(_str)
def escape(value):
"""
Escape filter chars for ldap search filter
@ -78,17 +90,12 @@ def connection(username, password, host, port=-1, ssl=False, timeout=3, debug=Fa
l.simple_bind_s(who=username, cred=password)
except ldap.SERVER_DOWN:
raise Exception(_('Can\'t contact LDAP server'))
raise LDAPError(_('Can\'t contact LDAP server'))
except ldap.LDAPError as e:
_str = _('Connection error: ')
if hasattr(e, 'message') and isinstance(e.message, dict):
_str += ', '.join((e.message.get('info', ''), e.message.get('desc')))
else:
_str += "{}".format(e)
raise Exception(_str)
except Exception:
LDAPError.reraise(e)
except Exception as e:
logger.exception('Exception connection:')
raise
raise LDAPError('{}'.format(e))
logger.debug('Conneciton was success')
return l
@ -104,6 +111,7 @@ def getAsDict(con, base, ldapFilter, attrList, sizeLimit, scope=ldap.SCOPE_SUBTR
if attrList is not None:
attrList = [tools.b2(i) for i in attrList]
try:
# On python2, attrs and search string is str (not unicode), in 3, str (not bytes)
res = con.search_ext_s(base,
scope=scope,
@ -111,6 +119,11 @@ def getAsDict(con, base, ldapFilter, attrList, sizeLimit, scope=ldap.SCOPE_SUBTR
attrlist=attrList,
sizelimit=sizeLimit
)
except ldap.LDAPError as e:
LDAPError.reraise(e)
except Exception as e:
logger.exception('Exception connection:')
raise LDAPError('{}'.format(e))
logger.debug('Result of search {} on {}: {}'.format(ldapFilter, base, res))

View File

@ -17,6 +17,8 @@ from uds.core.managers.CryptoManager import CryptoManager
from uds.core import osmanagers
from uds.core.util import log
from uds.core.util import encoders
from uds.core.util import ldaputil
import dns.resolver
import ldap
from .WindowsOsManager import WindowsOsManager
@ -76,16 +78,6 @@ class WinDomainOsManager(WindowsOsManager):
if self._ou.lower().find(lpath) == -1:
self._ou += ',' + lpath
def __getLdapError(self, e):
logger.debug('Ldap Error: {0} {1}'.format(e, e.message))
_str = ''
if type(e.message) == dict:
# _str += e.message.has_key('info') and e.message['info'] + ',' or ''
_str += e.message.get('desc', '')
else:
_str += str(e)
return _str
def __getServerList(self):
if self._serverHint != '':
yield (self._serverHint, 389)
@ -98,61 +90,54 @@ class WinDomainOsManager(WindowsOsManager):
Tries to connect to LDAP
Raises an exception if not found:
dns.resolver.NXDOMAIN
ldap.LDAPError
ldaputil.LDAPError
"""
if servers is None:
servers = self.__getServerList()
_str = "No servers found"
for server in servers:
_str = ''
try:
uri = "%s://%s:%d" % ('ldap', server[0], server[1])
logger.debug('URI: {0}'.format(uri))
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) # Disable certificate check
l = ldap.initialize(uri=uri)
l.set_option(ldap.OPT_REFERRALS, 0)
l.network_timeout = l.timeout = 5
l.protocol_version = ldap.VERSION3
account = self._account
if account.find('@') == -1:
account += '@' + self._domain
logger.debug('Account data: {0}, {1}, {2}, {3}'.format(self._account, self._domain, account, self._password))
_str = "No servers found"
for server in servers:
_str = ''
try:
return ldaputil.connection(account, self._password, server[0], server[1], ssl=False, timeout=10, debug=False)
except Exception as e:
_str = 'Error: {}'.format(e)
l.simple_bind_s(who=account, cred=self._password)
return l
except ldap.LDAPError as e:
_str = self.__getLdapError(e)
raise ldap.LDAPError(_str)
raise ldaputil.LDAPError(_str)
def __getGroup(self, l):
base = ','.join(['DC=' + i for i in self._domain.split('.')])
group = self._group.replace('\\', '\\\\').replace('(', '\\(').replace(')', '\\)')
group = ldaputil.escape(self._group)
try:
obj = next(ldaputil.getAsDict(l, base, "(&(objectClass=group)(|(cn={0})(sAMAccountName={0})))".format(group), ['dn'], sizeLimit=50))
except StopIteration:
obj = None
res = l.search_ext_s(base=base, scope=ldap.SCOPE_SUBTREE, filterstr="(&(objectClass=group)(|(cn={0})(sAMAccountName={0})))".format(group), attrlist=[b'dn'])
if res[0] is None:
if obj is None:
return None
return res[0][0] # Returns the DN
return obj['dn'] # Returns the DN
def __getMachine(self, l, machineName):
if self._ou:
ou = self._ou
base = self._ou
else:
ou = ','.join(['DC=' + i for i in self._domain.split('.')])
base = ','.join(['DC=' + i for i in self._domain.split('.')])
fltr = '(&(objectClass=computer)(sAMAccountName={}$))'.format(machineName)
res = l.search_ext_s(base=ou, scope=ldap.SCOPE_SUBTREE, filterstr=fltr, attrlist=[b'dn'])
if res[0] is None:
fltr = '(&(objectClass=computer)(sAMAccountName={}$))'.format(ldaputil.escape(machineName))
try:
obj = next(ldaputil.getAsDict(l, base, fltr, ['dn'], sizeLimit=50))
except StopIteration:
obj = None
if obj is None:
return None
return res[0][0] # Returns the DN
return obj['dn'] # Returns the DN
def readyReceived(self, userService, data):
# No group to add
@ -173,6 +158,9 @@ class WinDomainOsManager(WindowsOsManager):
machine = self.__getMachine(l, userService.friendly_name)
group = self.__getGroup(l)
# #
# Direct LDAP operation "modify", maybe this need to be added to ldaputil? :)
# #
l.modify_s(group, ((ldap.MOD_ADD, 'member', machine),))
error = None
break
@ -183,7 +171,7 @@ class WinDomainOsManager(WindowsOsManager):
# Already added this machine to this group, pass
error = None
break
except ldap.LDAPError:
except ldaputil.LDAPError:
logger.exception('Ldap Exception caught')
error = "Could not remove machine from domain (invalid credentials for {0})".format(self._account)
except Exception as e:
@ -210,7 +198,7 @@ class WinDomainOsManager(WindowsOsManager):
logger.warn('Could not find _ldap._tcp.' + self._domain)
log.doLog(service, log.WARN, "Could not remove machine from domain (_ldap._tcp.{0} not found)".format(self._domain), log.OSMANAGER)
return
except ldap.LDAPError:
except ldaputil.LDAPError:
logger.exception('Ldap Exception caught')
log.doLog(service, log.WARN, "Could not remove machine from domain (invalid credentials for {0})".format(self._account), log.OSMANAGER)
return
@ -222,6 +210,9 @@ class WinDomainOsManager(WindowsOsManager):
res = self.__getMachine(l, service.friendly_name)
if res is None:
raise Exception('Machine {} not found on AD (permissions?)'.format(service.friendly_name))
# #
# Direct LDAP operation "modify", maybe this need to be added to ldaputil? :)
# #
l.delete_s(res) # Remove by DN, SYNC
except IndexError:
logger.error('Error deleting {} from BASE {}'.format(service.friendly_name, self._ou))
@ -231,7 +222,7 @@ class WinDomainOsManager(WindowsOsManager):
def check(self):
try:
l = self.__connectLdap()
except ldap.LDAPError as e:
except ldaputil.LDAPError as e:
return _('Check error: {0}').format(self.__getLdapError(e))
except dns.resolver.NXDOMAIN:
return [True, _('Could not find server parameters (_ldap._tcp.{0} can\'t be resolved)').format(self._domain)]
@ -241,7 +232,7 @@ class WinDomainOsManager(WindowsOsManager):
try:
l.search_st(self._ou, ldap.SCOPE_BASE)
except ldap.LDAPError as e:
except ldaputil.LDAPError as e:
return _('Check error: {0}').format(self.__getLdapError(e))
# Group
@ -260,7 +251,7 @@ class WinDomainOsManager(WindowsOsManager):
logger.debug(wd)
try:
l = wd.__connectLdap()
except ldap.LDAPError as e:
except ldaputil.LDAPError as e:
return [False, _('Could not access AD using LDAP ({0})').format(wd.__getLdapError(e))]
ou = wd._ou
@ -271,7 +262,7 @@ class WinDomainOsManager(WindowsOsManager):
r = l.search_st(ou, ldap.SCOPE_BASE)
logger.debug('Result of search: {0}'.format(r))
except ldap.LDAPError:
except ldaputil.LDAPError:
if wd._ou == '':
return [False, _('The default path {0} for computers was not found!!!').format(wd._ou)]
else: