From 1b8cd09a8246f560599a2cce48f0a19f79230102 Mon Sep 17 00:00:00 2001 From: geos_one Date: Sat, 14 Jun 2008 11:55:08 +0000 Subject: [PATCH] Initial import of mmc-agent git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/linamh@380 6952d904-891a-0410-993b-d76249ca496b --- app-admin/metadata.xml | 38 +++ app-admin/mmc-agent/Manifest | 4 + .../files/mmc-agent-2.3.1-kerberos-1.patch | 296 ++++++++++++++++++ app-admin/mmc-agent/files/mmc-agent.initd | 20 ++ app-admin/mmc-agent/mmc-agent-2.3.1.ebuild | 50 +++ 5 files changed, 408 insertions(+) create mode 100644 app-admin/metadata.xml create mode 100644 app-admin/mmc-agent/Manifest create mode 100644 app-admin/mmc-agent/files/mmc-agent-2.3.1-kerberos-1.patch create mode 100755 app-admin/mmc-agent/files/mmc-agent.initd create mode 100644 app-admin/mmc-agent/mmc-agent-2.3.1.ebuild diff --git a/app-admin/metadata.xml b/app-admin/metadata.xml new file mode 100644 index 00000000..b15417f5 --- /dev/null +++ b/app-admin/metadata.xml @@ -0,0 +1,38 @@ + + + + + The app-admin category contains non-core applications which relate to + system administration. + + + La categoría app-admin contiene aplicaciones para la administración + del sistema. + + + Die Kategorie app-admin enthält Applikationen zur Systemadministration, + die nicht Bestandteil des Basissystems sind. + + + app-adminカテゴリにはnon-corシステム管理に関連したアプリケーションが含まれます。 + + + De app-admin categorie bevat applicaties met betrekking tot systeem + administratie. + + + Nhóm app-admin category chứa các ứng dụng liên quan + đến quản trị hệ thống (không tính các ứng dụng lõi). + + + La categoria app-admin contiene applicazioni per l'amministrazione del sistema. + + + A categoria app-admin contém aplicações para a administração + do sistema. + + + Kategoria app-admin zawiera aplikacje dla administratorów systemu. + + + diff --git a/app-admin/mmc-agent/Manifest b/app-admin/mmc-agent/Manifest new file mode 100644 index 00000000..3baf2b52 --- /dev/null +++ b/app-admin/mmc-agent/Manifest @@ -0,0 +1,4 @@ +AUX mmc-agent-2.3.1-kerberos-1.patch 14230 RMD160 f7bcaf5b79ce090dbf61408bb8fa9060dd0dca3a SHA1 e8d2d341bc081ca587bd57ab26b45261e128c914 SHA256 bce25eda6d6f7f02d9c2564d75fab626036b6e633cad160e330e38e0bac5a1c9 +AUX mmc-agent.initd 438 RMD160 d7dc64366782ab0d6fe4347d6a169b88a4e03a49 SHA1 e4ae8808678161237703bbb63b144899c9a544c9 SHA256 922d0bacad3eda749f8807e3ae5c183f636fa93e0d41d7079e570c58ebccb879 +DIST mmc-agent-2.3.1.tar.gz 111217 RMD160 7e75cbf9637a50214f7d2f1eee5049f7809d29aa SHA1 35f468ad4eb77ca4117695eb2b6ea83b38a01d46 SHA256 39e594a36f7cde73e6dfcc3845841137c0fe016c82c6343838fb8879931c757b +EBUILD mmc-agent-2.3.1.ebuild 1258 RMD160 b84f278c96c912bfb90a91090e7b1fb92afa68de SHA1 d74e7d5e32e0bad73f2387b565612109cf4e4390 SHA256 2985f7131db865a656ad64fa1ca4d0e48ef9af9e18dc0cffb28153b66efa8e3c diff --git a/app-admin/mmc-agent/files/mmc-agent-2.3.1-kerberos-1.patch b/app-admin/mmc-agent/files/mmc-agent-2.3.1-kerberos-1.patch new file mode 100644 index 00000000..632c6fa9 --- /dev/null +++ b/app-admin/mmc-agent/files/mmc-agent-2.3.1-kerberos-1.patch @@ -0,0 +1,296 @@ +Submitted By: Mario Fetka (mario-fetka at gmx dot at) +Date: 2008-06-14 +Initial Package Version: 2.2.0 +Origin: Ticket #144 +Upstream Status: Accepted +Description: Kerberized accounts in ou=People + + +diff -Naur mmc-agent-2.3.1.orig/conf/plugins/kerberos.ini mmc-agent-2.3.1/conf/plugins/kerberos.ini +--- mmc-agent-2.3.1.orig/conf/plugins/kerberos.ini 1970-01-01 00:00:00.000000000 +0000 ++++ mmc-agent-2.3.1/conf/plugins/kerberos.ini 2008-05-17 13:04:35.000000000 +0000 +@@ -0,0 +1,5 @@ ++[main] ++disable = 0 ++ ++[kerberos] ++realm = EXAMPLE.COM +diff -Naur mmc-agent-2.3.1.orig/mmc/plugins/base/__init__.py mmc-agent-2.3.1/mmc/plugins/base/__init__.py +--- mmc-agent-2.3.1.orig/mmc/plugins/base/__init__.py 2008-04-29 15:15:48.000000000 +0000 ++++ mmc-agent-2.3.1/mmc/plugins/base/__init__.py 2008-06-14 09:22:59.000000000 +0000 +@@ -1229,6 +1229,10 @@ + attrs = [] + attrib = self.l.search_s(dn, ldap.SCOPE_BASE) + c, attrs = attrib[0] ++ # kerberos -> remove binary key from attrs ++ try: attrs.pop('krb5Key') ++ except: pass ++ # + newattrs = copy.deepcopy(attrs) + return newattrs + +@@ -1249,6 +1253,10 @@ + attrib = self.l.search_s(cn, ldap.SCOPE_BASE) + + c,attrs=attrib[0] ++ # kerberos -> remove binary key from attrs ++ try: attrs.pop('krb5Key') ++ except: pass ++ # + + newattrs = copy.deepcopy(attrs) + +@@ -1402,8 +1410,13 @@ + @rtype: list + """ + if not base: base = self.baseUsersDN +- if (pattern==''): searchFilter = "uid=*" +- else: searchFilter = pattern ++ # kerberos -> search only PosixAccount ++ if (pattern==''): searchFilter = "(&(objectClass=posixAccount)(uid=*))" ++ elif pattern[0] == '(': ++ searchFilter = "(&(objectClass=posixAccount)%s)" % (pattern) ++ else: ++ searchFilter = "(&(objectClass=posixAccount)(%s))" % (pattern) ++ # + monoattrs = ["uid", "sn", "givenName", "mail"] + result_set = self.search(searchFilter, base, monoattrs + ["telephoneNumber", "loginShell", "objectClass"], ldap.SCOPE_ONELEVEL) + +diff -Naur mmc-agent-2.3.1.orig/mmc/plugins/kerberos/__init__.py mmc-agent-2.3.1/mmc/plugins/kerberos/__init__.py +--- mmc-agent-2.3.1.orig/mmc/plugins/kerberos/__init__.py 1970-01-01 00:00:00.000000000 +0000 ++++ mmc-agent-2.3.1/mmc/plugins/kerberos/__init__.py 2007-11-21 09:56:21.000000000 +0000 +@@ -0,0 +1,180 @@ ++# -*- coding: utf-8; -*- ++# ++# (c) 2004-2007 Linbox / Free&ALter Soft, http://linbox.com ++# (c) 2007 Mandriva, http://www.mandriva.com/ ++# (c) 2007 Kids-und-Co g.e.V http://www.kids-und-co.de ++# ++# $Id: __init__.py 108 2007-11-21 09:56:21Z iosifb $ ++# ++# This file is part of Mandriva Management Console (MMC). ++# ++# MMC is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# MMC is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with MMC; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ ++import logging ++import ldap.modlist ++import copy ++from mmc.plugins.base import ldapUserGroupControl ++import xmlrpclib ++from mmc.support.errorObj import errorMessage ++from mmc.support.mmcException import * ++from mmc.support import mmctools ++import mmc.plugins.base ++from mmc.support.config import * ++from mmc.plugins.base import ldapUserGroupControl ++ ++VERSION = "2.1.0" ++APIVERSION = "4:2:0" ++REVISION = int("$Rev: 108 $".split(':')[1].strip(' $')) ++ ++def getVersion(): return VERSION ++def getApiVersion(): return APIVERSION ++def getRevision(): return REVISION ++ ++def activate(): ++ """ ++ this function define if the module "base" can be activated. ++ @return: return True if this module can be activate ++ @rtype: boolean ++ """ ++ config = KerberosConfig("kerberos") ++ logger = logging.getLogger() ++ ++ if config.disabled: ++ logger.info("Kerberos plugin disabled by configuration.") ++ return False ++ ++ try: ++ ldapObj = ldapUserGroupControl() ++ except ldap.INVALID_CREDENTIALS: ++ logger.error("Can't bind to LDAP: invalid credentials.") ++ return False ++ ++ # Test if the Kerberos LDAP schema is available in the directory ++ try: ++ schema = ldapObj.getSchema("krb5KDCEntry") ++ if len(schema) <= 0: ++ logger.error("Kerberos schema is not included in LDAP directory"); ++ return False ++ except: ++ logger.exception("invalid schema") ++ return False ++ try: ++ schema = ldapObj.getSchema("krb5Principal") ++ if len(schema) <= 0: ++ logger.error("Kerberos schema is not included in LDAP directory"); ++ return False ++ except: ++ logger.exception("invalid schema") ++ return False ++ """ ++ TODO: Check kerberos database ++ """ ++ return True ++ ++def isKrbUser(uid): ++ return kerberosLdapControl().isKerberosUser(uid) ++ ++def addKrbAttr(uid,password): ++ return kerberosLdapControl().addKerberosAttr(uid,password) ++ ++def delKrbAttr(uid,password): ++ return kerberosLdapControl().delKerberosAttr(uid,password) ++ ++def changePassword(uid,password): ++ return kerberosLdapControl().changePassword(uid, password) ++ ++class KerberosConfig(PluginConfig): ++ def __init__(self,name, conffile = None): ++ PluginConfig.__init__(self,name, conffile = None) ++ self.setDefault() ++ self.readConfig() ++ ++ def readConfig(self): ++ PluginConfig.readConf(self) ++ self.realm = self.get("kerberos", "realm") ++ ++class kerberosLdapControl(mmc.plugins.base.ldapUserGroupControl): ++ ++ def __init__(self, conffile = None, conffilebase = None): ++ mmc.plugins.base.ldapUserGroupControl.__init__(self, conffilebase) ++ self.configKerberos = KerberosConfig("kerberos", conffile) ++ self.realm = self.configKerberos.realm ++ ++ def delKerberosAttr(self,uid,password): ++ # If the password has been encoded in the XML-RPC stream, decode it ++ if isinstance(password, xmlrpclib.Binary): ++ password = str(password) ++ dn = 'uid=' + uid + ',' + self.baseUsersDN ++ s = self.l.search_s(dn, ldap.SCOPE_BASE) ++ c, attr = s[0] ++ old = {} ++ new = {} ++ for key in attr.keys(): old[key.lower()] = attr[key] ++ new = copy.deepcopy(old) ++ # remove krb attributes ++ new.pop('krb5kdcflags') ++ new.pop('krb5principalname') ++ new.pop('krb5keyversionnumber') ++ try: new.pop('krb5key') ++ except KeyError: pass ++ newobjclasses = () ++ for s in new.pop('objectclass'): ++ if s[0:4] == 'krb5': pass ++ else: newobjclasses = newobjclasses + (s,) ++ new['objectclass'] = newobjclasses ++ modlist = ldap.modlist.modifyModlist(old, new) ++ #logger = logging.getLogger() ++ #logger.debug(newobjclasses) ++ #logger.debug(modlist) ++ self.l.modify_s(dn, modlist) ++ mmc.plugins.base.ldapUserGroupControl.changeUserPasswd(self,uid,password) ++ return True ++ ++ def addKerberosAttr(self,uid,password): ++ # If the password has been encoded in the XML-RPC stream, decode it ++ if isinstance(password, xmlrpclib.Binary): ++ password = str(password) ++ dn = 'uid=' + uid + ',' + self.baseUsersDN ++ s = self.l.search_s(dn, ldap.SCOPE_BASE) ++ c, attr = s[0] ++ old = {} ++ new = {} ++ for key in attr.keys(): old[key.lower()] = attr[key] ++ new = copy.deepcopy(old) ++ new['objectclass'] = new['objectclass'] + ['krb5Principal','krb5KDCEntry'] ++ new['userpassword'] = ['{K5Key}'] ++ new['krb5kdcflags'] = ['126'] ++ new['krb5keyversionnumber'] = ['0'] ++ new['krb5principalname'] = [uid+'@' +self.realm] ++ modlist = ldap.modlist.modifyModlist(old, new) ++ self.l.modify_s(dn, modlist) ++ self.l.passwd_s(dn, None, password) ++ return True ++ ++ def isKerberosUser(self,uid): ++ ret = False ++ if self.existUser(uid): ret = "krb5Principal" in self.getDetailedUser(uid)["objectClass"] ++ return ret ++ ++ def changePassword(self,uid,password): ++ # If the password has been encoded in the XML-RPC stream, decode it ++ if isinstance(password, xmlrpclib.Binary): ++ password = str(password) ++ dn = 'uid=' + uid + ',' + self.baseUsersDN ++ self.l.modify_s(dn, [(ldap.MOD_REPLACE,'userPassWord','{K5KEY}')]) ++ self.l.passwd_s(dn, None, password) ++ return True ++ ++ +diff -Naur mmc-agent-2.3.1.orig/plugins_base.diff mmc-agent-2.3.1/plugins_base.diff +--- mmc-agent-2.3.1.orig/plugins_base.diff 1970-01-01 00:00:00.000000000 +0000 ++++ mmc-agent-2.3.1/plugins_base.diff 2008-05-17 13:04:04.000000000 +0000 +@@ -0,0 +1,40 @@ ++--- mds-orig/mmc-agent/mmc/plugins/base/__init__.py 2007-11-21 10:57:03.000000000 +0100 +++++ kerberos_plugin/trunk/mmc-agent/mmc/plugins/base/__init__.py 2007-11-21 11:34:36.000000000 +0100 ++@@ -1207,6 +1207,10 @@ ++ attrs = [] ++ attrib = self.l.search_s(dn, ldap.SCOPE_BASE) ++ c, attrs = attrib[0] +++ # kerberos -> remove binary key from attrs +++ try: attrs.pop('krb5Key') +++ except: pass +++ # ++ newattrs = copy.deepcopy(attrs) ++ return newattrs ++ ++@@ -1227,6 +1231,10 @@ ++ attrib = self.l.search_s(cn, ldap.SCOPE_BASE) ++ ++ c,attrs=attrib[0] +++ # kerberos -> remove binary key from attrs +++ try: attrs.pop('krb5Key') +++ except: pass +++ # ++ ++ newattrs = copy.deepcopy(attrs) ++ ++@@ -1380,8 +1388,13 @@ ++ @rtype: list ++ """ ++ if not base: base = self.baseUsersDN ++- if (pattern==''): searchFilter = "uid=*" ++- else: searchFilter = pattern +++ # kerberos -> search only PosixAccount +++ if (pattern==''): searchFilter = "(&(objectClass=posixAccount)(uid=*))" +++ elif pattern[0] == '(': +++ searchFilter = "(&(objectClass=posixAccount)%s)" % (pattern) +++ else: +++ searchFilter = "(&(objectClass=posixAccount)(%s))" % (pattern) +++ # ++ monoattrs = ["uid", "sn", "givenName", "mail"] ++ result_set = self.search(searchFilter, base, monoattrs + ["telephoneNumber", "loginShell", "objectClass"], ldap.SCOPE_ONELEVEL) ++ +diff -Naur mmc-agent-2.3.1.orig/setup.py mmc-agent-2.3.1/setup.py +--- mmc-agent-2.3.1.orig/setup.py 2007-09-10 08:20:59.000000000 +0000 ++++ mmc-agent-2.3.1/setup.py 2008-06-14 09:24:15.000000000 +0000 +@@ -8,5 +8,5 @@ + author_email = "cdelfosse@mandriva.com", + maintainer = "Cedric Delfosse", + maintainer_email = "cdelfosse@mandriva.com", +- packages = ["mmc", "mmc.support", "mmc.plugins", "mmc.plugins.base", "mmc.plugins.samba", "mmc.plugins.proxy", "mmc.plugins.mail", "mmc.plugins.network"], ++ packages = ["mmc", "mmc.support", "mmc.plugins", "mmc.plugins.base", "mmc.plugins.samba", "mmc.plugins.proxy", "mmc.plugins.mail", "mmc.plugins.network", "mmc.plugins.kerberos"], + ) diff --git a/app-admin/mmc-agent/files/mmc-agent.initd b/app-admin/mmc-agent/files/mmc-agent.initd new file mode 100755 index 00000000..2e3555ed --- /dev/null +++ b/app-admin/mmc-agent/files/mmc-agent.initd @@ -0,0 +1,20 @@ +#!/sbin/runscript +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +depend() { + need net slapd +} + +start() { + ebegin "Starting mmc-agent" + eval start-stop-daemon --start --quiet --exec /usr/sbin/mmc-agent --pidfile /var/run/mmc-agent.pid + eend $? +} + +stop() { + ebegin "Stopping mmc-agent" + start-stop-daemon --stop --quiet --pidfile /var/run/mmc-agent.pid + eend $? +} diff --git a/app-admin/mmc-agent/mmc-agent-2.3.1.ebuild b/app-admin/mmc-agent/mmc-agent-2.3.1.ebuild new file mode 100644 index 00000000..bb24c79b --- /dev/null +++ b/app-admin/mmc-agent/mmc-agent-2.3.1.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +inherit distutils + +# ESVN_REPO_URI="http://mds.mandriva.org/svn/mmc-agent" +DESCRIPTION="The MMC Agent and its Python plugins." +HOMEPAGE="http://mds.mandriva.org/" +SRC_URI="http://mds.mandriva.org/pub/mds/sources/${PV}/${P}.tar.gz" + +LICENSE="GPL-2" +KEYWORDS="~amd64 ~ppc64 ~x86" +IUSE="" + +SLOT="0" + +DEPEND=">=dev-python/setuptools-0.6_rc1 + >=dev-python/twisted-web-0.7.0 + >=dev-python/python-ldap-2.2.1" + +src_unpack() { + unpack ${A} + epatch ${FILESDIR}/${P}-kerberos-1.patch +} + +# from marienz's setuptools.eclass: +src_install() { + "${python}" setup.py install --root=${D} --no-compile "$@" || die "install failed" + dosbin bin/* + insinto etc/mmc/agent/keys + doins -r conf/agent/keys/* + insinto etc/mmc/agent + doins -r conf/agent/*.ini + insinto etc/mmc/plugins + doins -r conf/plugins/*.ini + + newinitd ${FILESDIR}/mmc-agent.initd mmc-agent +} + +src_test() { + "${python}" setup.py test || die "tests failed" +} + +pkg_postinst() { + elog "To disable some plugin in your mmc environments, you have to set" + elog "disable to 1 in /etc/mmc/plugins/*.ini" + elog "(one config file per service)" + elog "You can't disable the base plugin." +}