mirror of
https://github.com/dkmstr/openuds.git
synced 2025-01-08 21:18:00 +03:00
merged from 2.1 update 1 changes
This commit is contained in:
commit
9f441c6b22
@ -81,3 +81,8 @@ def writeConfig(data):
|
|||||||
|
|
||||||
def useOldJoinSystem():
|
def useOldJoinSystem():
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
# Right now, we do not really need an application to be run on "startup" as could ocur with windows
|
||||||
|
def runApplication():
|
||||||
|
return None
|
||||||
|
|
||||||
|
@ -87,8 +87,25 @@ class CommonService(object):
|
|||||||
def reboot(self):
|
def reboot(self):
|
||||||
self.rebootRequested = True
|
self.rebootRequested = True
|
||||||
|
|
||||||
def setReady(self, hostName=None):
|
def execute(self, cmd, section):
|
||||||
self.api.setReady([(v.mac, v.ip) for v in operations.getNetworkInfo()], hostName)
|
import os
|
||||||
|
import subprocess
|
||||||
|
import stat
|
||||||
|
|
||||||
|
if os.path.isfile(cmd):
|
||||||
|
if (os.stat(cmd).st_mode & stat.S_IXUSR) != 0:
|
||||||
|
subprocess.call([cmd, ])
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
logger.info('{} file exists but it it is not executable (needs execution permission by admin/root)'.format(section))
|
||||||
|
else:
|
||||||
|
logger.info('{} file not found & not executed'.format(section))
|
||||||
|
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
def setReady(self):
|
||||||
|
self.api.setReady([(v.mac, v.ip) for v in operations.getNetworkInfo()])
|
||||||
|
|
||||||
def interactWithBroker(self):
|
def interactWithBroker(self):
|
||||||
'''
|
'''
|
||||||
@ -139,6 +156,13 @@ class CommonService(object):
|
|||||||
# Wait a bit before next check
|
# Wait a bit before next check
|
||||||
self.doWait(5000)
|
self.doWait(5000)
|
||||||
|
|
||||||
|
# Now try to run the "runonce" element
|
||||||
|
runOnce = store.runApplication()
|
||||||
|
if runOnce is not None:
|
||||||
|
if self.execute(runOnce, 'RunOnce') is True:
|
||||||
|
# operations.reboot()
|
||||||
|
return False
|
||||||
|
|
||||||
# Broker connection is initialized, now get information about what to
|
# Broker connection is initialized, now get information about what to
|
||||||
# do
|
# do
|
||||||
counter = 0
|
counter = 0
|
||||||
|
@ -57,7 +57,7 @@ from .SENS import SENSGUID_PUBLISHER
|
|||||||
from .SENS import PROGID_EventSubscription
|
from .SENS import PROGID_EventSubscription
|
||||||
from .SENS import PROGID_EventSystem
|
from .SENS import PROGID_EventSystem
|
||||||
|
|
||||||
POST_CMD = 'c:\\windows\post-uds.bat'
|
POST_CMD = 'c:\\windows\\post-uds.bat'
|
||||||
|
|
||||||
|
|
||||||
class UDSActorSvc(win32serviceutil.ServiceFramework, CommonService):
|
class UDSActorSvc(win32serviceutil.ServiceFramework, CommonService):
|
||||||
|
@ -105,3 +105,19 @@ def useOldJoinSystem():
|
|||||||
data = ''
|
data = ''
|
||||||
|
|
||||||
return data == 'old'
|
return data == 'old'
|
||||||
|
|
||||||
|
# Gives the oportunity to run an application ONE TIME (because, the registry key "run" will be deleted after read)
|
||||||
|
def runApplication():
|
||||||
|
try:
|
||||||
|
key = wreg.OpenKey(baseKey, 'Software\\UDSEnterpriseActor', 0, wreg.KEY_ALL_ACCESS) # @UndefinedVariable
|
||||||
|
try:
|
||||||
|
data, _ = wreg.QueryValueEx(key, 'run') # @UndefinedVariable
|
||||||
|
wreg.DeleteValue(key, 'run') # @UndefinedVariable
|
||||||
|
except Exception:
|
||||||
|
data = None
|
||||||
|
wreg.CloseKey(key) # @UndefinedVariable
|
||||||
|
except:
|
||||||
|
data = None
|
||||||
|
|
||||||
|
return data
|
||||||
|
|
||||||
|
@ -112,8 +112,8 @@ def request_service_info(provider_id, service_id):
|
|||||||
|
|
||||||
resp, content = h.request(rest_url + 'providers/{0}/services/{1}'.format(provider_id, service_id), headers=headers)
|
resp, content = h.request(rest_url + 'providers/{0}/services/{1}'.format(provider_id, service_id), headers=headers)
|
||||||
if resp['status'] != '200': # error due to incorrect parameters, bad request, etc...
|
if resp['status'] != '200': # error due to incorrect parameters, bad request, etc...
|
||||||
print "Error requesting pools"
|
print "Error requesting pools: response: {}, content: {}".format(resp, content)
|
||||||
return {}
|
return None
|
||||||
|
|
||||||
return json.loads(content)
|
return json.loads(content)
|
||||||
|
|
||||||
@ -125,14 +125,17 @@ if __name__ == '__main__':
|
|||||||
print res
|
print res
|
||||||
for r in res:
|
for r in res:
|
||||||
res2 = request_service_info(r['provider_id'], r['service_id'])
|
res2 = request_service_info(r['provider_id'], r['service_id'])
|
||||||
print "Base Service info por pool {0}: {1}".format(r['name'], res2)
|
if res2 is not None:
|
||||||
|
print "Base Service info por pool {0}: {1}".format(r['name'], res2['type'])
|
||||||
|
else:
|
||||||
|
print "Base service {} is not accesible".format(r['name'])
|
||||||
print "First logout"
|
print "First logout"
|
||||||
print logout() # This will success
|
print logout() # This will success
|
||||||
print "Second logout"
|
print "Second logout"
|
||||||
print logout() # This will fail (already logged out)
|
print logout() # This will fail (already logged out)
|
||||||
# Also new requests will fail
|
# Also new requests will fail
|
||||||
print request_pools()
|
print request_pools()
|
||||||
# Untin we do log in again
|
# Until we do log in again
|
||||||
login()
|
login()
|
||||||
print request_pools()
|
print request_pools()
|
||||||
|
|
||||||
|
279
server/samples/REST3.py
Normal file
279
server/samples/REST3.py
Normal file
@ -0,0 +1,279 @@
|
|||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
#
|
||||||
|
# Copyright (c) 2014 Virtual Cable S.L.
|
||||||
|
# All rights reserved.
|
||||||
|
#
|
||||||
|
# Redistribution and use in source and binary forms, with or without modification,
|
||||||
|
# are permitted provided that the following conditions are met:
|
||||||
|
#
|
||||||
|
# * Redistributions of source code must retain the above copyright notice,
|
||||||
|
# this list of conditions and the following disclaimer.
|
||||||
|
# * Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
# this list of conditions and the following disclaimer in the documentation
|
||||||
|
# and/or other materials provided with the distribution.
|
||||||
|
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
|
||||||
|
# may be used to endorse or promote products derived from this software
|
||||||
|
# without specific prior written permission.
|
||||||
|
#
|
||||||
|
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||||
|
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||||
|
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
||||||
|
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||||
|
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
||||||
|
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||||
|
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||||
|
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
'''
|
||||||
|
@author: Adolfo Gómez, dkmaster at dkmon dot com
|
||||||
|
'''
|
||||||
|
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from httplib2 import Http
|
||||||
|
import json
|
||||||
|
import sys
|
||||||
|
|
||||||
|
rest_url = 'http://172.27.0.1:8000/rest/'
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
headers = {}
|
||||||
|
|
||||||
|
# Hace login con el root, puede usarse cualquier autenticador y cualquier usuario, pero en la 1.5 solo está implementado poder hacer
|
||||||
|
# este tipo de login con el usuario "root"
|
||||||
|
def login():
|
||||||
|
global headers
|
||||||
|
h = Http()
|
||||||
|
|
||||||
|
# parameters = '{ "auth": "admin", "username": "root", "password": "temporal" }'
|
||||||
|
parameters = '{ "auth": "interna", "username": "admin", "password": "temporal" }'
|
||||||
|
|
||||||
|
resp, content = h.request(rest_url + 'auth/login', method='POST', body=parameters)
|
||||||
|
|
||||||
|
if resp['status'] != '200': # Authentication error due to incorrect parameters, bad request, etc...
|
||||||
|
print "Authentication error"
|
||||||
|
return -1
|
||||||
|
|
||||||
|
# resp contiene las cabeceras, content el contenido de la respuesta (que es json), pero aún está en formato texto
|
||||||
|
res = json.loads(content)
|
||||||
|
print "Authentication response: {}".format(res)
|
||||||
|
if res['result'] != 'ok': # Authentication error
|
||||||
|
print "Authentication error"
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
headers['X-Auth-Token'] = res['token']
|
||||||
|
headers['content-type'] = 'application/json'
|
||||||
|
|
||||||
|
return 0
|
||||||
|
|
||||||
|
def logout():
|
||||||
|
global headers
|
||||||
|
h = Http()
|
||||||
|
|
||||||
|
resp, content = h.request(rest_url + 'auth/logout', headers=headers)
|
||||||
|
|
||||||
|
if resp['status'] != '200': # Logout error due to incorrect parameters, bad request, etc...
|
||||||
|
print "Error requesting logout"
|
||||||
|
return -1
|
||||||
|
|
||||||
|
# Return value of logout method is nonsense (returns always done right now, but it's not important)
|
||||||
|
|
||||||
|
return 0
|
||||||
|
|
||||||
|
def list_supported_auths_and_fields():
|
||||||
|
h = Http()
|
||||||
|
|
||||||
|
resp, content = h.request(rest_url + 'authenticators/types', headers=headers)
|
||||||
|
if resp['status'] != '200':
|
||||||
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
r = json.loads(content)
|
||||||
|
|
||||||
|
for auth in r: # r is an array
|
||||||
|
print '* {}'.format(auth['name'])
|
||||||
|
for fld in auth: # every auth is converted to a dictionary in python by json.load
|
||||||
|
# Skip icon
|
||||||
|
if fld != 'icon':
|
||||||
|
print " > {}: {}".format(fld, auth[fld])
|
||||||
|
resp, content = h.request(rest_url + 'authenticators/gui/{}'.format(auth['type']), headers=headers)
|
||||||
|
if resp['status'] != '200':
|
||||||
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
print " > GUI"
|
||||||
|
rr = json.loads(content)
|
||||||
|
for field in rr:
|
||||||
|
print " - Name: {}".format(field['name'])
|
||||||
|
print " - Value: {}".format(field['value'])
|
||||||
|
print " - GUI: "
|
||||||
|
for gui in field['gui']:
|
||||||
|
print " + {}: {}".format(gui, field['gui'][gui])
|
||||||
|
print " > Simplified fields:"
|
||||||
|
for field in rr:
|
||||||
|
print " - Name: {}, Type: {}, is Required?: {}".format(field['name'], field['gui']['type'], field['gui']['required'])
|
||||||
|
|
||||||
|
def create_simpleldap_auth():
|
||||||
|
h = Http()
|
||||||
|
|
||||||
|
# Keep in mind that parameters are related to kind of authenticator.
|
||||||
|
# To ensure what parameters you need, yo can invoke first its gui
|
||||||
|
# Take a look at list_supported_auths_and_fields method
|
||||||
|
data = {"tags":["Tag1","Tag2","Tag3"],"name":"name_Field","comments":"comments__Field","priority":"1","small_name":"label_Field","host":"host_Field","port":"389","ssl":False,"timeout":"10","username":"username__Field","password":"password_Field","ldapBase":"base_Field","userClass":"userClass_Field","userIdAttr":"userIdAttr_Field","userNameAttr":"userName_Field","groupClass":"groupClass_Field","groupIdAttr":"groupId_Field","memberAttr":"groupMembership_Field","data_type":"SimpleLdapAuthenticator"}
|
||||||
|
resp, content = h.request(rest_url + 'authenticators','PUT', headers=headers, body=json.dumps(data))
|
||||||
|
if resp['status'] != '200':
|
||||||
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
# Expected content is something like this:
|
||||||
|
# {
|
||||||
|
# "numeric_id": 18,
|
||||||
|
# "groupIdAttr": "groupId_Field",
|
||||||
|
# "port": "389",
|
||||||
|
# "memberAttr": "groupMembership_Field",
|
||||||
|
# "id": "790b9d85-67ec-51dc-847f-dee1daa96a7c",
|
||||||
|
# "userClass": "userClass_Field",
|
||||||
|
# "permission": 96,
|
||||||
|
# "comments": "comments__Field",
|
||||||
|
# "users_count": 0,
|
||||||
|
# "priority": "1",
|
||||||
|
# "type": "SimpleLdapAuthenticator",
|
||||||
|
# "username": "username__Field",
|
||||||
|
# "ldapBase": "base_Field", "userNameAttr":
|
||||||
|
# "userName_Field",
|
||||||
|
# "tags": ["Tag1", "Tag2", "Tag3"],
|
||||||
|
# "groupClass": "groupClass_Field",
|
||||||
|
# "ssl": false,
|
||||||
|
# "host": "host_Field",
|
||||||
|
# "userIdAttr": "userIdAttr_Field",
|
||||||
|
# "password": "password_Field",
|
||||||
|
# "small_name": "label_Field",
|
||||||
|
# "name": "name_Field",
|
||||||
|
# "timeout": "10"
|
||||||
|
# }
|
||||||
|
r = json.loads(content)
|
||||||
|
print "Correctly created {} with id {}".format(r['name'], r['id'])
|
||||||
|
print "The record created was: {}".format(r)
|
||||||
|
return r
|
||||||
|
|
||||||
|
def delete_auth(auth_id):
|
||||||
|
h = Http()
|
||||||
|
|
||||||
|
# Sample delete URL for an auth
|
||||||
|
# http://172.27.0.1:8000/rest/authenticators/790b9d85-67ec-51dc-847f-dee1daa96a7c
|
||||||
|
# Method MUST be DELETE
|
||||||
|
resp, content = h.request(rest_url + 'authenticators/{}'.format(auth_id), 'DELETE', headers=headers)
|
||||||
|
if resp['status'] != '200':
|
||||||
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
print "Correctly deleted {}".format(auth_id)
|
||||||
|
|
||||||
|
def create_internal_auth():
|
||||||
|
h = Http()
|
||||||
|
|
||||||
|
data = {"tags":[""],"name":"name_Field","comments":"comments_Field","priority":"1","small_name":"label_Field","differentForEachHost":False,"reverseDns":False,"acceptProxy":False,"data_type":"InternalDBAuth"}
|
||||||
|
resp, content = h.request(rest_url + 'authenticators','PUT', headers=headers, body=json.dumps(data))
|
||||||
|
if resp['status'] != '200':
|
||||||
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
r = json.loads(content)
|
||||||
|
print "Correctly created {} with id {}".format(r['name'], r['id'])
|
||||||
|
print "The record created was: {}".format(r)
|
||||||
|
return r
|
||||||
|
|
||||||
|
def create_internal_group(auth_id):
|
||||||
|
h = Http()
|
||||||
|
|
||||||
|
# Type can also be a metagroup, composed of groups, but for this sample a group is enoutgh
|
||||||
|
data = {"type":"group","name":"groupname_Field","comments":"comments_Field","state":"A"}
|
||||||
|
resp, content = h.request(rest_url + 'authenticators/{}/groups'.format(auth_id),'PUT', headers=headers, body=json.dumps(data))
|
||||||
|
if resp['status'] != '200':
|
||||||
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
r = json.loads(content)
|
||||||
|
print "Correctly created {} with id {}".format(r['name'], r['id'])
|
||||||
|
print "The record created was: {}".format(r)
|
||||||
|
return r
|
||||||
|
|
||||||
|
def delete_group(auth_id, group_id):
|
||||||
|
h = Http()
|
||||||
|
|
||||||
|
# Method MUST be DELETE
|
||||||
|
resp, content = h.request(rest_url + 'authenticators/{}/groups/{}'.format(auth_id, group_id), 'DELETE', headers=headers)
|
||||||
|
if resp['status'] != '200':
|
||||||
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
print "Correctly deleted {}".format(auth_id)
|
||||||
|
|
||||||
|
|
||||||
|
def create_internal_user(auth_id, group_id):
|
||||||
|
# Note: internal users NEEDS to store password on UDS, description of auth describes if password field is needed (in this case, we need it)
|
||||||
|
# Also, if authenticator is marked as "external" on its description, the groups field will be ignored.
|
||||||
|
# On internal auths, we can incluide de ID of the groups we want this user to belong to, or it will not belong to any group
|
||||||
|
h = Http()
|
||||||
|
|
||||||
|
data = {"id":"","name":"username_Field","real_name":"name_Field","comments":"comments_Field","state":"A","staff_member":False, "is_admin":False,"password":"password_Field","groups":[group_id]}
|
||||||
|
|
||||||
|
resp, content = h.request(rest_url + 'authenticators/{}/users'.format(auth_id),'PUT', headers=headers, body=json.dumps(data))
|
||||||
|
if resp['status'] != '200':
|
||||||
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
r = json.loads(content)
|
||||||
|
print "Correctly created {} with id {}".format(r['name'], r['id'])
|
||||||
|
print "The record created was: {}".format(r)
|
||||||
|
return r
|
||||||
|
|
||||||
|
def delete_user(auth_id, user_id):
|
||||||
|
# Deleting user will result in deleting in cascade all asigned resources (machines, apps, etc...)
|
||||||
|
|
||||||
|
h = Http()
|
||||||
|
|
||||||
|
# Method MUST be DELETE
|
||||||
|
resp, content = h.request(rest_url + 'authenticators/{}/users/{}'.format(auth_id, user_id), 'DELETE', headers=headers)
|
||||||
|
if resp['status'] != '200':
|
||||||
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
print "Correctly deleted {}".format(auth_id)
|
||||||
|
|
||||||
|
def list_currents_auths():
|
||||||
|
pass
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
if login() == 0: # If we can log in, will get the pools correctly
|
||||||
|
print "Listing supported auths and related info"
|
||||||
|
list_supported_auths_and_fields()
|
||||||
|
print "*******************************"
|
||||||
|
print "Creating a simple ldap authenticator"
|
||||||
|
auth = create_simpleldap_auth()
|
||||||
|
print "*******************************"
|
||||||
|
print "Deleting the created simple ldap authenticator"
|
||||||
|
delete_auth(auth['id'])
|
||||||
|
print "*******************************"
|
||||||
|
print "Creating internal auth"
|
||||||
|
auth = create_internal_auth()
|
||||||
|
print "*******************************"
|
||||||
|
print "Creating internal group"
|
||||||
|
print "*******************************"
|
||||||
|
group = create_internal_group(auth['id'])
|
||||||
|
print "Creating internal user"
|
||||||
|
print "*******************************"
|
||||||
|
user = create_internal_user(auth['id'], group['id'])
|
||||||
|
print "*******************************"
|
||||||
|
print "Deleting user"
|
||||||
|
delete_user(auth['id'], user['id'])
|
||||||
|
print "*******************************"
|
||||||
|
print "Deleting Group"
|
||||||
|
delete_group(auth['id'], group['id'])
|
||||||
|
print "*******************************"
|
||||||
|
print "Deleting the created internal auth"
|
||||||
|
delete_auth(auth['id'])
|
1494
server/samples/sample_output_REST3.txt
Normal file
1494
server/samples/sample_output_REST3.txt
Normal file
File diff suppressed because it is too large
Load Diff
@ -31,10 +31,11 @@ class WinDomainOsManager(WindowsOsManager):
|
|||||||
iconFile = 'wosmanager.png'
|
iconFile = 'wosmanager.png'
|
||||||
|
|
||||||
# Apart form data from windows os manager, we need also domain and credentials
|
# Apart form data from windows os manager, we need also domain and credentials
|
||||||
domain = gui.TextField(length=64, label=_('Domain'), order=1, tooltip=_('Domain to join machines to (use FQDN form, Netbios name not allowed)'), required=True)
|
domain = gui.TextField(length=64, label=_('Domain'), order=1, tooltip=_('Domain to join machines to (use FQDN form, Netbios name not supported for most operations)'), required=True)
|
||||||
account = gui.TextField(length=64, label=_('Account'), order=2, tooltip=_('Account with rights to add machines to domain'), required=True)
|
account = gui.TextField(length=64, label=_('Account'), order=2, tooltip=_('Account with rights to add machines to domain'), required=True)
|
||||||
password = gui.PasswordField(length=64, label=_('Password'), order=3, tooltip=_('Password of the account'), required=True)
|
password = gui.PasswordField(length=64, label=_('Password'), order=3, tooltip=_('Password of the account'), required=True)
|
||||||
ou = gui.TextField(length=64, label=_('OU'), order=4, tooltip=_('Organizational unit where to add machines in domain (check it before using it). i.e.: ou=My Machines,dc=mydomain,dc=local'))
|
ou = gui.TextField(length=64, label=_('OU'), order=4, tooltip=_('Organizational unit where to add machines in domain (check it before using it). i.e.: ou=My Machines,dc=mydomain,dc=local'))
|
||||||
|
grp = gui.TextField(length=64, label=_('Group'), order=5, tooltip=_('Group to which add machines on creation. If empty, no group will be used. (experimental)'))
|
||||||
# Inherits base "onLogout"
|
# Inherits base "onLogout"
|
||||||
onLogout = WindowsOsManager.onLogout
|
onLogout = WindowsOsManager.onLogout
|
||||||
idle = WindowsOsManager.idle
|
idle = WindowsOsManager.idle
|
||||||
@ -56,6 +57,7 @@ class WinDomainOsManager(WindowsOsManager):
|
|||||||
self._ou = values['ou'].strip()
|
self._ou = values['ou'].strip()
|
||||||
self._account = values['account']
|
self._account = values['account']
|
||||||
self._password = values['password']
|
self._password = values['password']
|
||||||
|
self._group = values['grp'].strip()
|
||||||
else:
|
else:
|
||||||
self._domain = ""
|
self._domain = ""
|
||||||
self._ou = ""
|
self._ou = ""
|
||||||
@ -115,6 +117,57 @@ class WinDomainOsManager(WindowsOsManager):
|
|||||||
|
|
||||||
raise ldap.LDAPError(_str)
|
raise ldap.LDAPError(_str)
|
||||||
|
|
||||||
|
def __getGroup(self, l):
|
||||||
|
base = ','.join(['DC=' + i for i in self._domain.split('.')])
|
||||||
|
group = self._group.replace('\\', '\\\\').replace('(', '\\(').replace(')', '\\)')
|
||||||
|
|
||||||
|
res = l.search_ext_s(base=base, scope=ldap.SCOPE_SUBTREE, filterstr="(&(objectClass=group)(|(cn={0})(sAMAccountName={0})))".format(group), attrlist=[b'dn'])
|
||||||
|
if res[0] is None:
|
||||||
|
return None
|
||||||
|
|
||||||
|
return res[0][0] # Returns the DN
|
||||||
|
|
||||||
|
def __getMachine(self, l, machineName):
|
||||||
|
if self._ou:
|
||||||
|
ou = self._ou
|
||||||
|
else:
|
||||||
|
ou = ','.join(['DC=' + i for i in self._domain.split('.')])
|
||||||
|
|
||||||
|
fltr = '(&(objectClass=computer)(sAMAccountName={}$))'.format(machineName)
|
||||||
|
res = l.search_ext_s(base=ou, scope=ldap.SCOPE_SUBTREE, filterstr=fltr, attrlist=[b'dn'])
|
||||||
|
if res[0] is None:
|
||||||
|
return None
|
||||||
|
|
||||||
|
return res[0][0] # Returns the DN
|
||||||
|
|
||||||
|
def readyReceived(self, userService, data):
|
||||||
|
# No group to add
|
||||||
|
if self._group == '':
|
||||||
|
return
|
||||||
|
|
||||||
|
if not '.' in self._domain:
|
||||||
|
logger.info('Adding to a group for a non FQDN domain is not supported')
|
||||||
|
return
|
||||||
|
|
||||||
|
try:
|
||||||
|
l = self.__connectLdap()
|
||||||
|
except dns.resolver.NXDOMAIN: # No domain found, log it and pass
|
||||||
|
logger.warn('Could not find _ldap._tcp.' + self._domain)
|
||||||
|
log.doLog(service, log.WARN, "Could not remove machine from domain (_ldap._tcp.{0} not found)".format(self._domain), log.OSMANAGER)
|
||||||
|
except ldap.LDAPError:
|
||||||
|
logger.exception('Ldap Exception caught')
|
||||||
|
log.doLog(service, log.WARN, "Could not remove machine from domain (invalid credentials for {0})".format(self._account), log.OSMANAGER)
|
||||||
|
|
||||||
|
try:
|
||||||
|
machine = self.__getMachine(l, userService.friendly_name)
|
||||||
|
group = self.__getGroup(l)
|
||||||
|
l.modify_s(group, ((ldap.MOD_ADD, 'member', machine),))
|
||||||
|
except ldap.ALREADY_EXISTS:
|
||||||
|
# Already added this machine to this group, pass
|
||||||
|
pass
|
||||||
|
except Exception:
|
||||||
|
logger.error('Got exception trying to add machine to group')
|
||||||
|
|
||||||
def release(self, service):
|
def release(self, service):
|
||||||
'''
|
'''
|
||||||
service is a db user service object
|
service is a db user service object
|
||||||
@ -134,15 +187,11 @@ class WinDomainOsManager(WindowsOsManager):
|
|||||||
logger.exception('Ldap Exception caught')
|
logger.exception('Ldap Exception caught')
|
||||||
log.doLog(service, log.WARN, "Could not remove machine from domain (invalid credentials for {0})".format(self._account), log.OSMANAGER)
|
log.doLog(service, log.WARN, "Could not remove machine from domain (invalid credentials for {0})".format(self._account), log.OSMANAGER)
|
||||||
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if self._ou:
|
res = self.__getMachine(l, service.friendly_name)
|
||||||
ou = self._ou
|
if res is None:
|
||||||
else:
|
raise Exception('Machine {} not found on AD (permissions?)'.format(service.friendly_name))
|
||||||
ou = ','.join(['DC=' + i for i in self._domain.split('.')])
|
l.delete_s(res) # Remove by DN, SYNC
|
||||||
fltr = '(&(objectClass=computer)(sAMAccountName={}$))'.format(service.friendly_name)
|
|
||||||
res = l.search_ext_s(base=ou, scope=ldap.SCOPE_SUBTREE, filterstr=fltr)[0]
|
|
||||||
l.delete_s(res[0]) # Remove by DN, SYNC
|
|
||||||
except IndexError:
|
except IndexError:
|
||||||
logger.error('Error deleting {} from BASE {}'.format(service.friendly_name, ou))
|
logger.error('Error deleting {} from BASE {}'.format(service.friendly_name, ou))
|
||||||
except Exception:
|
except Exception:
|
||||||
@ -158,11 +207,18 @@ class WinDomainOsManager(WindowsOsManager):
|
|||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.exception('Exception ')
|
logger.exception('Exception ')
|
||||||
return [False, str(e)]
|
return [False, str(e)]
|
||||||
|
|
||||||
try:
|
try:
|
||||||
l.search_st(self._ou, ldap.SCOPE_BASE)
|
l.search_st(self._ou, ldap.SCOPE_BASE)
|
||||||
except ldap.LDAPError as e:
|
except ldap.LDAPError as e:
|
||||||
return _('Check error: {0}').format(self.__getLdapError(e))
|
return _('Check error: {0}').format(self.__getLdapError(e))
|
||||||
|
|
||||||
|
# Group
|
||||||
|
if self._group != '':
|
||||||
|
if self.__getGroup(l) is None:
|
||||||
|
return _('Check Error: group "{}" not found (using "cn" to locate it)').format(self._group)
|
||||||
|
|
||||||
|
|
||||||
return _('Server check was successful')
|
return _('Server check was successful')
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
@ -208,16 +264,22 @@ class WinDomainOsManager(WindowsOsManager):
|
|||||||
'''
|
'''
|
||||||
Serializes the os manager data so we can store it in database
|
Serializes the os manager data so we can store it in database
|
||||||
'''
|
'''
|
||||||
return '\t'.join(['v1', self._domain, self._ou, self._account, CryptoManager.manager().encrypt(self._password), base.encode('hex')])
|
return '\t'.join(['v2', self._domain, self._ou, self._account, CryptoManager.manager().encrypt(self._password), base.encode('hex'), self._group])
|
||||||
|
|
||||||
def unmarshal(self, s):
|
def unmarshal(self, s):
|
||||||
data = s.split('\t')
|
data = s.split('\t')
|
||||||
if data[0] == 'v1':
|
if data[0] in ('v1', 'v2'):
|
||||||
self._domain = data[1]
|
self._domain = data[1]
|
||||||
self._ou = data[2]
|
self._ou = data[2]
|
||||||
self._account = data[3]
|
self._account = data[3]
|
||||||
self._password = CryptoManager.manager().decrypt(data[4])
|
self._password = CryptoManager.manager().decrypt(data[4])
|
||||||
super(WinDomainOsManager, self).unmarshal(data[5].decode('hex'))
|
|
||||||
|
if data[0] == 'v2':
|
||||||
|
self._group = data[6]
|
||||||
|
else:
|
||||||
|
self._group = ''
|
||||||
|
|
||||||
|
super(WinDomainOsManager, self).unmarshal(data[5].decode('hex'))
|
||||||
|
|
||||||
def valuesDict(self):
|
def valuesDict(self):
|
||||||
dct = super(WinDomainOsManager, self).valuesDict()
|
dct = super(WinDomainOsManager, self).valuesDict()
|
||||||
@ -225,4 +287,5 @@ class WinDomainOsManager(WindowsOsManager):
|
|||||||
dct['ou'] = self._ou
|
dct['ou'] = self._ou
|
||||||
dct['account'] = self._account
|
dct['account'] = self._account
|
||||||
dct['password'] = self._password
|
dct['password'] = self._password
|
||||||
|
dct['grp'] = self._group
|
||||||
return dct
|
return dct
|
||||||
|
@ -114,6 +114,7 @@ class WindowsOsManager(osmanagers.OSManager):
|
|||||||
si = service.getInstance()
|
si = service.getInstance()
|
||||||
ip = ''
|
ip = ''
|
||||||
|
|
||||||
|
ip = ''
|
||||||
# Notifies IP to deployed
|
# Notifies IP to deployed
|
||||||
for p in data['ips']:
|
for p in data['ips']:
|
||||||
if p[0].lower() == uid.lower():
|
if p[0].lower() == uid.lower():
|
||||||
@ -139,6 +140,10 @@ class WindowsOsManager(osmanagers.OSManager):
|
|||||||
logger.exception('WindowsOs Manager message log: ')
|
logger.exception('WindowsOs Manager message log: ')
|
||||||
log.doLog(service, log.ERROR, "do not understand {0}".format(data), origin)
|
log.doLog(service, log.ERROR, "do not understand {0}".format(data), origin)
|
||||||
|
|
||||||
|
# default "ready received" does nothing
|
||||||
|
def readyReceived(self, userService, data):
|
||||||
|
pass
|
||||||
|
|
||||||
def process(self, userService, msg, data, options=None):
|
def process(self, userService, msg, data, options=None):
|
||||||
'''
|
'''
|
||||||
We understand this messages:
|
We understand this messages:
|
||||||
@ -194,6 +199,7 @@ class WindowsOsManager(osmanagers.OSManager):
|
|||||||
state = State.USABLE
|
state = State.USABLE
|
||||||
notifyReady = True
|
notifyReady = True
|
||||||
self.notifyIp(userService.unique_id, userService, data)
|
self.notifyIp(userService.unique_id, userService, data)
|
||||||
|
self.readyReceived(userService, data)
|
||||||
|
|
||||||
userService.setOsState(state)
|
userService.setOsState(state)
|
||||||
|
|
||||||
|
@ -78,7 +78,7 @@ class HTML5RDPTransport(Transport):
|
|||||||
smooth = gui.CheckBoxField(label=_('Font Smoothing'), order=23, tooltip=_('If checked, fonts smoothing will be allowed (windows clients only)'), tab=gui.PARAMETERS_TAB)
|
smooth = gui.CheckBoxField(label=_('Font Smoothing'), order=23, tooltip=_('If checked, fonts smoothing will be allowed (windows clients only)'), tab=gui.PARAMETERS_TAB)
|
||||||
enableAudio = gui.CheckBoxField(label=_('Enable Audio'), order=24, tooltip=_('If checked, the audio will be redirected to client (if client browser supports it)'), tab=gui.PARAMETERS_TAB)
|
enableAudio = gui.CheckBoxField(label=_('Enable Audio'), order=24, tooltip=_('If checked, the audio will be redirected to client (if client browser supports it)'), tab=gui.PARAMETERS_TAB)
|
||||||
enablePrinting = gui.CheckBoxField(label=_('Enable Printing'), order=25, tooltip=_('If checked, the printing will be redirected to client (if client browser supports it)'), tab=gui.PARAMETERS_TAB)
|
enablePrinting = gui.CheckBoxField(label=_('Enable Printing'), order=25, tooltip=_('If checked, the printing will be redirected to client (if client browser supports it)'), tab=gui.PARAMETERS_TAB)
|
||||||
# enableFileShare = gui.CheckBoxField(label=_('Enable File Sharing'), order=8, tooltip=_('If checked, the user will be able to upload/download files (if client browser supports it)'), tab=gui.PARAMETERS_TAB)
|
# enableFileSharing = gui.CheckBoxField(label=_('Enable File Sharing'), order=8, tooltip=_('If checked, the user will be able to upload/download files (if client browser supports it)'), tab=gui.PARAMETERS_TAB)
|
||||||
serverLayout = gui.ChoiceField(order=26,
|
serverLayout = gui.ChoiceField(order=26,
|
||||||
label=_('Layout'),
|
label=_('Layout'),
|
||||||
tooltip=_('Keyboards Layout of server'),
|
tooltip=_('Keyboards Layout of server'),
|
||||||
@ -189,7 +189,7 @@ class HTML5RDPTransport(Transport):
|
|||||||
}
|
}
|
||||||
|
|
||||||
# if self.enableFileSharing.isTrue():
|
# if self.enableFileSharing.isTrue():
|
||||||
# params['enable-drive'] = self.serverLayout.value
|
# params['enable-drive'] = 'true'
|
||||||
|
|
||||||
if self.serverLayout.value != '-':
|
if self.serverLayout.value != '-':
|
||||||
params['server-layout'] = self.serverLayout.value
|
params['server-layout'] = self.serverLayout.value
|
||||||
|
@ -40,7 +40,7 @@ from uds.core.util import OsDetector
|
|||||||
import six
|
import six
|
||||||
import os
|
import os
|
||||||
|
|
||||||
__updated__ = '2017-06-07'
|
__updated__ = '2017-07-06'
|
||||||
|
|
||||||
|
|
||||||
class RDPFile(object):
|
class RDPFile(object):
|
||||||
@ -227,7 +227,6 @@ class RDPFile(object):
|
|||||||
res += 'compression:i:' + compression + '\n'
|
res += 'compression:i:' + compression + '\n'
|
||||||
res += 'keyboardhook:i:2' + '\n'
|
res += 'keyboardhook:i:2' + '\n'
|
||||||
res += 'audiomode:i:' + audioMode + '\n'
|
res += 'audiomode:i:' + audioMode + '\n'
|
||||||
res += 'redirectdrives:i:' + drives + '\n'
|
|
||||||
res += 'redirectprinters:i:' + printers + '\n'
|
res += 'redirectprinters:i:' + printers + '\n'
|
||||||
res += 'redirectcomports:i:' + serials + '\n'
|
res += 'redirectcomports:i:' + serials + '\n'
|
||||||
res += 'redirectsmartcards:i:' + scards + '\n'
|
res += 'redirectsmartcards:i:' + scards + '\n'
|
||||||
@ -260,8 +259,15 @@ class RDPFile(object):
|
|||||||
if self.redirectAudio is True:
|
if self.redirectAudio is True:
|
||||||
res += 'audiocapturemode:i:1\n'
|
res += 'audiocapturemode:i:1\n'
|
||||||
|
|
||||||
|
if self.redirectDrives is True:
|
||||||
|
res += 'drivestoredirect:s:*\n'
|
||||||
|
res += 'devicestoredirect:s:*\n'
|
||||||
|
|
||||||
res += 'enablecredsspsupport:i:{}\n'.format(0 if self.enablecredsspsupport is False else 1)
|
res += 'enablecredsspsupport:i:{}\n'.format(0 if self.enablecredsspsupport is False else 1)
|
||||||
|
|
||||||
|
# DirectX?
|
||||||
|
res += 'redirectdirectx:i:1\n'
|
||||||
|
|
||||||
return res
|
return res
|
||||||
|
|
||||||
def getMacOsX(self):
|
def getMacOsX(self):
|
||||||
|
Loading…
Reference in New Issue
Block a user