dbp/linamh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial import of mmc-agent

Browse Source 
git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/linamh@380 6952d904-891a-0410-993b-d76249ca496b
This commit is contained in:
geos_one 2008-06-14 11:55:08 +00:00
parent 3b52ed1333
commit 1b8cd09a82
5 changed files with 408 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
app-admin/metadata.xml Normal file
View File

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE catmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<catmetadata>
<longdescription lang="en">
The app-admin category contains non-core applications which relate to
system administration.
</longdescription>
<longdescription lang="es">
La categoría app-admin contiene aplicaciones para la administración
del sistema.
</longdescription>
<longdescription lang="de">
Die Kategorie app-admin enthält Applikationen zur Systemadministration,
die nicht Bestandteil des Basissystems sind.
</longdescription>
<longdescription lang="ja">
app-adminカテゴリにはnon-corシステム管理に関連したアプリケーションが含まれます。
</longdescription>
<longdescription lang="nl">
De app-admin categorie bevat applicaties met betrekking tot systeem
administratie.
</longdescription>
<longdescription lang="vi">
Nhóm app-admin category chứa các ứng dụng liên quan
đến quản trị hệ thống (không tính các ứng dụng lõi).
</longdescription>
<longdescription lang="it">
La categoria app-admin contiene applicazioni per l'amministrazione del sistema.
</longdescription>
<longdescription lang="pt">
A categoria app-admin contém aplicações para a administração
do sistema.
</longdescription>
<longdescription lang="pl">
Kategoria app-admin zawiera aplikacje dla administratorów systemu.
</longdescription>
</catmetadata>

4
app-admin/mmc-agent/Manifest Normal file
View File

@ -0,0 +1,4 @@
AUX mmc-agent-2.3.1-kerberos-1.patch 14230 RMD160 f7bcaf5b79ce090dbf61408bb8fa9060dd0dca3a SHA1 e8d2d341bc081ca587bd57ab26b45261e128c914 SHA256 bce25eda6d6f7f02d9c2564d75fab626036b6e633cad160e330e38e0bac5a1c9
AUX mmc-agent.initd 438 RMD160 d7dc64366782ab0d6fe4347d6a169b88a4e03a49 SHA1 e4ae8808678161237703bbb63b144899c9a544c9 SHA256 922d0bacad3eda749f8807e3ae5c183f636fa93e0d41d7079e570c58ebccb879
DIST mmc-agent-2.3.1.tar.gz 111217 RMD160 7e75cbf9637a50214f7d2f1eee5049f7809d29aa SHA1 35f468ad4eb77ca4117695eb2b6ea83b38a01d46 SHA256 39e594a36f7cde73e6dfcc3845841137c0fe016c82c6343838fb8879931c757b
EBUILD mmc-agent-2.3.1.ebuild 1258 RMD160 b84f278c96c912bfb90a91090e7b1fb92afa68de SHA1 d74e7d5e32e0bad73f2387b565612109cf4e4390 SHA256 2985f7131db865a656ad64fa1ca4d0e48ef9af9e18dc0cffb28153b66efa8e3c

296
app-admin/mmc-agent/files/mmc-agent-2.3.1-kerberos-1.patch Normal file
View File

@ -0,0 +1,296 @@
Submitted By: Mario Fetka (mario-fetka at gmx dot at)
Date: 2008-06-14
Initial Package Version: 2.2.0
Origin: Ticket #144
Upstream Status: Accepted
Description: Kerberized accounts in ou=People
diff -Naur mmc-agent-2.3.1.orig/conf/plugins/kerberos.ini mmc-agent-2.3.1/conf/plugins/kerberos.ini
--- mmc-agent-2.3.1.orig/conf/plugins/kerberos.ini 1970-01-01 00:00:00.000000000 +0000
+++ mmc-agent-2.3.1/conf/plugins/kerberos.ini 2008-05-17 13:04:35.000000000 +0000
@@ -0,0 +1,5 @@
+[main]
+disable = 0
+
+[kerberos]
+realm = EXAMPLE.COM
diff -Naur mmc-agent-2.3.1.orig/mmc/plugins/base/__init__.py mmc-agent-2.3.1/mmc/plugins/base/__init__.py
--- mmc-agent-2.3.1.orig/mmc/plugins/base/__init__.py 2008-04-29 15:15:48.000000000 +0000
+++ mmc-agent-2.3.1/mmc/plugins/base/__init__.py 2008-06-14 09:22:59.000000000 +0000
@@ -1229,6 +1229,10 @@
attrs = []
attrib = self.l.search_s(dn, ldap.SCOPE_BASE)
c, attrs = attrib[0]
+ # kerberos -> remove binary key from attrs
+ try: attrs.pop('krb5Key')
+ except: pass
+ #
newattrs = copy.deepcopy(attrs)
return newattrs
@@ -1249,6 +1253,10 @@
attrib = self.l.search_s(cn, ldap.SCOPE_BASE)
c,attrs=attrib[0]
+ # kerberos -> remove binary key from attrs
+ try: attrs.pop('krb5Key')
+ except: pass
+ #
newattrs = copy.deepcopy(attrs)
@@ -1402,8 +1410,13 @@
@rtype: list
"""
if not base: base = self.baseUsersDN
- if (pattern==''): searchFilter = "uid=*"
- else: searchFilter = pattern
+ # kerberos -> search only PosixAccount
+ if (pattern==''): searchFilter = "(&(objectClass=posixAccount)(uid=*))"
+ elif pattern[0] == '(':
+ searchFilter = "(&(objectClass=posixAccount)%s)" % (pattern)
+ else:
+ searchFilter = "(&(objectClass=posixAccount)(%s))" % (pattern)
+ #
monoattrs = ["uid", "sn", "givenName", "mail"]
result_set = self.search(searchFilter, base, monoattrs + ["telephoneNumber", "loginShell", "objectClass"], ldap.SCOPE_ONELEVEL)
diff -Naur mmc-agent-2.3.1.orig/mmc/plugins/kerberos/__init__.py mmc-agent-2.3.1/mmc/plugins/kerberos/__init__.py
--- mmc-agent-2.3.1.orig/mmc/plugins/kerberos/__init__.py 1970-01-01 00:00:00.000000000 +0000
+++ mmc-agent-2.3.1/mmc/plugins/kerberos/__init__.py 2007-11-21 09:56:21.000000000 +0000
@@ -0,0 +1,180 @@
+# -*- coding: utf-8; -*-
+#
+# (c) 2004-2007 Linbox / Free&ALter Soft, http://linbox.com
+# (c) 2007 Mandriva, http://www.mandriva.com/
+# (c) 2007 Kids-und-Co g.e.V http://www.kids-und-co.de
+#
+# $Id: __init__.py 108 2007-11-21 09:56:21Z iosifb $
+#
+# This file is part of Mandriva Management Console (MMC).
+#
+# MMC is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# MMC is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with MMC; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+import logging
+import ldap.modlist
+import copy
+from mmc.plugins.base import ldapUserGroupControl
+import xmlrpclib
+from mmc.support.errorObj import errorMessage
+from mmc.support.mmcException import *
+from mmc.support import mmctools
+import mmc.plugins.base
+from mmc.support.config import *
+from mmc.plugins.base import ldapUserGroupControl
+
+VERSION = "2.1.0"
+APIVERSION = "4:2:0"
+REVISION = int("$Rev: 108 $".split(':')[1].strip(' $'))
+
+def getVersion(): return VERSION
+def getApiVersion(): return APIVERSION
+def getRevision(): return REVISION
+
+def activate():
+ """
+ this function define if the module "base" can be activated.
+ @return: return True if this module can be activate
+ @rtype: boolean
+ """
+ config = KerberosConfig("kerberos")
+ logger = logging.getLogger()
+
+ if config.disabled:
+ logger.info("Kerberos plugin disabled by configuration.")
+ return False
+
+ try:
+ ldapObj = ldapUserGroupControl()
+ except ldap.INVALID_CREDENTIALS:
+ logger.error("Can't bind to LDAP: invalid credentials.")
+ return False
+
+ # Test if the Kerberos LDAP schema is available in the directory
+ try:
+ schema = ldapObj.getSchema("krb5KDCEntry")
+ if len(schema) <= 0:
+ logger.error("Kerberos schema is not included in LDAP directory");
+ return False
+ except:
+ logger.exception("invalid schema")
+ return False
+ try:
+ schema = ldapObj.getSchema("krb5Principal")
+ if len(schema) <= 0:
+ logger.error("Kerberos schema is not included in LDAP directory");
+ return False
+ except:
+ logger.exception("invalid schema")
+ return False
+ """
+ TODO: Check kerberos database
+ """
+ return True
+
+def isKrbUser(uid):
+ return kerberosLdapControl().isKerberosUser(uid)
+
+def addKrbAttr(uid,password):
+ return kerberosLdapControl().addKerberosAttr(uid,password)
+
+def delKrbAttr(uid,password):
+ return kerberosLdapControl().delKerberosAttr(uid,password)
+
+def changePassword(uid,password):
+ return kerberosLdapControl().changePassword(uid, password)
+
+class KerberosConfig(PluginConfig):
+ def __init__(self,name, conffile = None):
+ PluginConfig.__init__(self,name, conffile = None)
+ self.setDefault()
+ self.readConfig()
+
+ def readConfig(self):
+ PluginConfig.readConf(self)
+ self.realm = self.get("kerberos", "realm")
+
+class kerberosLdapControl(mmc.plugins.base.ldapUserGroupControl):
+
+ def __init__(self, conffile = None, conffilebase = None):
+ mmc.plugins.base.ldapUserGroupControl.__init__(self, conffilebase)
+ self.configKerberos = KerberosConfig("kerberos", conffile)
+ self.realm = self.configKerberos.realm
+
+ def delKerberosAttr(self,uid,password):
+ # If the password has been encoded in the XML-RPC stream, decode it
+ if isinstance(password, xmlrpclib.Binary):
+ password = str(password)
+ dn = 'uid=' + uid + ',' + self.baseUsersDN
+ s = self.l.search_s(dn, ldap.SCOPE_BASE)
+ c, attr = s[0]
+ old = {}
+ new = {}
+ for key in attr.keys(): old[key.lower()] = attr[key]
+ new = copy.deepcopy(old)
+ # remove krb attributes
+ new.pop('krb5kdcflags')
+ new.pop('krb5principalname')
+ new.pop('krb5keyversionnumber')
+ try: new.pop('krb5key')
+ except KeyError: pass
+ newobjclasses = ()
+ for s in new.pop('objectclass'):
+ if s[0:4] == 'krb5': pass
+ else: newobjclasses = newobjclasses + (s,)
+ new['objectclass'] = newobjclasses
+ modlist = ldap.modlist.modifyModlist(old, new)
+ #logger = logging.getLogger()
+ #logger.debug(newobjclasses)
+ #logger.debug(modlist)
+ self.l.modify_s(dn, modlist)
+ mmc.plugins.base.ldapUserGroupControl.changeUserPasswd(self,uid,password)
+ return True
+
+ def addKerberosAttr(self,uid,password):
+ # If the password has been encoded in the XML-RPC stream, decode it
+ if isinstance(password, xmlrpclib.Binary):
+ password = str(password)
+ dn = 'uid=' + uid + ',' + self.baseUsersDN
+ s = self.l.search_s(dn, ldap.SCOPE_BASE)
+ c, attr = s[0]
+ old = {}
+ new = {}
+ for key in attr.keys(): old[key.lower()] = attr[key]
+ new = copy.deepcopy(old)
+ new['objectclass'] = new['objectclass'] + ['krb5Principal','krb5KDCEntry']
+ new['userpassword'] = ['{K5Key}']
+ new['krb5kdcflags'] = ['126']
+ new['krb5keyversionnumber'] = ['0']
+ new['krb5principalname'] = [uid+'@' +self.realm]
+ modlist = ldap.modlist.modifyModlist(old, new)
+ self.l.modify_s(dn, modlist)
+ self.l.passwd_s(dn, None, password)
+ return True
+
+ def isKerberosUser(self,uid):
+ ret = False
+ if self.existUser(uid): ret = "krb5Principal" in self.getDetailedUser(uid)["objectClass"]
+ return ret
+
+ def changePassword(self,uid,password):
+ # If the password has been encoded in the XML-RPC stream, decode it
+ if isinstance(password, xmlrpclib.Binary):
+ password = str(password)
+ dn = 'uid=' + uid + ',' + self.baseUsersDN
+ self.l.modify_s(dn, [(ldap.MOD_REPLACE,'userPassWord','{K5KEY}')])
+ self.l.passwd_s(dn, None, password)
+ return True
+
+
diff -Naur mmc-agent-2.3.1.orig/plugins_base.diff mmc-agent-2.3.1/plugins_base.diff
--- mmc-agent-2.3.1.orig/plugins_base.diff 1970-01-01 00:00:00.000000000 +0000
+++ mmc-agent-2.3.1/plugins_base.diff 2008-05-17 13:04:04.000000000 +0000
@@ -0,0 +1,40 @@
+--- mds-orig/mmc-agent/mmc/plugins/base/__init__.py 2007-11-21 10:57:03.000000000 +0100
++++ kerberos_plugin/trunk/mmc-agent/mmc/plugins/base/__init__.py 2007-11-21 11:34:36.000000000 +0100
+@@ -1207,6 +1207,10 @@
+ attrs = []
+ attrib = self.l.search_s(dn, ldap.SCOPE_BASE)
+ c, attrs = attrib[0]
++ # kerberos -> remove binary key from attrs
++ try: attrs.pop('krb5Key')
++ except: pass
++ #
+ newattrs = copy.deepcopy(attrs)
+ return newattrs
+
+@@ -1227,6 +1231,10 @@
+ attrib = self.l.search_s(cn, ldap.SCOPE_BASE)
+
+ c,attrs=attrib[0]
++ # kerberos -> remove binary key from attrs
++ try: attrs.pop('krb5Key')
++ except: pass
++ #
+
+ newattrs = copy.deepcopy(attrs)
+
+@@ -1380,8 +1388,13 @@
+ @rtype: list
+ """
+ if not base: base = self.baseUsersDN
+- if (pattern==''): searchFilter = "uid=*"
+- else: searchFilter = pattern
++ # kerberos -> search only PosixAccount
++ if (pattern==''): searchFilter = "(&(objectClass=posixAccount)(uid=*))"
++ elif pattern[0] == '(':
++ searchFilter = "(&(objectClass=posixAccount)%s)" % (pattern)
++ else:
++ searchFilter = "(&(objectClass=posixAccount)(%s))" % (pattern)
++ #
+ monoattrs = ["uid", "sn", "givenName", "mail"]
+ result_set = self.search(searchFilter, base, monoattrs + ["telephoneNumber", "loginShell", "objectClass"], ldap.SCOPE_ONELEVEL)
+
diff -Naur mmc-agent-2.3.1.orig/setup.py mmc-agent-2.3.1/setup.py
--- mmc-agent-2.3.1.orig/setup.py 2007-09-10 08:20:59.000000000 +0000
+++ mmc-agent-2.3.1/setup.py 2008-06-14 09:24:15.000000000 +0000
@@ -8,5 +8,5 @@
author_email = "cdelfosse@mandriva.com",
maintainer = "Cedric Delfosse",
maintainer_email = "cdelfosse@mandriva.com",
- packages = ["mmc", "mmc.support", "mmc.plugins", "mmc.plugins.base", "mmc.plugins.samba", "mmc.plugins.proxy", "mmc.plugins.mail", "mmc.plugins.network"],
+ packages = ["mmc", "mmc.support", "mmc.plugins", "mmc.plugins.base", "mmc.plugins.samba", "mmc.plugins.proxy", "mmc.plugins.mail", "mmc.plugins.network", "mmc.plugins.kerberos"],
)

20
app-admin/mmc-agent/files/mmc-agent.initd Executable file
View File

@ -0,0 +1,20 @@
#!/sbin/runscript
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
depend() {
need net slapd
}
start() {
ebegin "Starting mmc-agent"
eval start-stop-daemon --start --quiet --exec /usr/sbin/mmc-agent --pidfile /var/run/mmc-agent.pid
eend $?
}
stop() {
ebegin "Stopping mmc-agent"
start-stop-daemon --stop --quiet --pidfile /var/run/mmc-agent.pid
eend $?
}

50
app-admin/mmc-agent/mmc-agent-2.3.1.ebuild Normal file
View File

@ -0,0 +1,50 @@
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
inherit distutils
# ESVN_REPO_URI="http://mds.mandriva.org/svn/mmc-agent"
DESCRIPTION="The MMC Agent and its Python plugins."
HOMEPAGE="http://mds.mandriva.org/"
SRC_URI="http://mds.mandriva.org/pub/mds/sources/${PV}/${P}.tar.gz"
LICENSE="GPL-2"
KEYWORDS="~amd64 ~ppc64 ~x86"
IUSE=""
SLOT="0"
DEPEND=">=dev-python/setuptools-0.6_rc1
>=dev-python/twisted-web-0.7.0
>=dev-python/python-ldap-2.2.1"
src_unpack() {
unpack ${A}
epatch ${FILESDIR}/${P}-kerberos-1.patch
}
# from marienz's setuptools.eclass:
src_install() {
"${python}" setup.py install --root=${D} --no-compile "$@" || die "install failed"
dosbin bin/*
insinto etc/mmc/agent/keys
doins -r conf/agent/keys/*
insinto etc/mmc/agent
doins -r conf/agent/*.ini
insinto etc/mmc/plugins
doins -r conf/plugins/*.ini
newinitd ${FILESDIR}/mmc-agent.initd mmc-agent
}
src_test() {
"${python}" setup.py test || die "tests failed"
}
pkg_postinst() {
elog "To disable some plugin in your mmc environments, you have to set"
elog "disable to 1 in /etc/mmc/plugins/*.ini"
elog "(one config file per service)"
elog "You can't disable the base plugin."
}