| 
									
										
										
										
											2011-01-13 12:26:30 -05:00
										 |  |  | #!/usr/bin/python | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  | # Authors: Rob Crittenden <rcritten@redhat.com> | 
					
						
							|  |  |  | # Authors: Simo Sorce <ssorce@redhat.com> | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # Copyright (C) 2009  Red Hat | 
					
						
							|  |  |  | # see file 'COPYING' for use and warranty information | 
					
						
							|  |  |  | # | 
					
						
							| 
									
										
										
										
											2010-12-09 13:59:11 +01:00
										 |  |  | # This program is free software; you can redistribute it and/or modify | 
					
						
							|  |  |  | # it under the terms of the GNU General Public License as published by | 
					
						
							|  |  |  | # the Free Software Foundation, either version 3 of the License, or | 
					
						
							|  |  |  | # (at your option) any later version. | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  | # | 
					
						
							|  |  |  | # This program is distributed in the hope that it will be useful, | 
					
						
							|  |  |  | # but WITHOUT ANY WARRANTY; without even the implied warranty of | 
					
						
							|  |  |  | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
					
						
							|  |  |  | # GNU General Public License for more details. | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # You should have received a copy of the GNU General Public License | 
					
						
							| 
									
										
										
										
											2010-12-09 13:59:11 +01:00
										 |  |  | # along with this program.  If not, see <http://www.gnu.org/licenses/>. | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  | # | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import sys | 
					
						
							| 
									
										
										
										
											2011-04-14 10:17:04 +02:00
										 |  |  | import os | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  | try: | 
					
						
							|  |  |  |     from optparse import OptionParser | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |     from ipapython import ipautil, config | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |     from ipaserver.install import installutils | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |     from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax | 
					
						
							| 
									
										
										
										
											2010-03-24 15:51:31 +01:00
										 |  |  |     from ipaserver.plugins.ldap2 import ldap2 | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |     from ipalib import api, errors | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |     import logging | 
					
						
							|  |  |  | except ImportError: | 
					
						
							|  |  |  |     print >> sys.stderr, """\ | 
					
						
							|  |  |  | There was a problem importing one of the required Python modules. The | 
					
						
							|  |  |  | error was: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     %s | 
					
						
							|  |  |  | """ % sys.exc_value | 
					
						
							|  |  |  |     sys.exit(1) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-11-04 15:23:25 -04:00
										 |  |  | nis_config_dn = "cn=NIS Server,cn=plugins,cn=config" | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  | compat_dn = "cn=Schema Compatibility,cn=plugins,cn=config" | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  | def parse_options(): | 
					
						
							|  |  |  |     usage = "%prog [options] <enable|disable>\n" | 
					
						
							|  |  |  |     usage += "%prog [options]\n" | 
					
						
							|  |  |  |     parser = OptionParser(usage=usage, formatter=config.IPAFormatter()) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     parser.add_option("-d", "--debug", action="store_true", dest="debug", | 
					
						
							|  |  |  |                       help="Display debugging information about the update(s)") | 
					
						
							|  |  |  |     parser.add_option("-y", dest="password", | 
					
						
							|  |  |  |                       help="File containing the Directory Manager password") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     config.add_standard_options(parser) | 
					
						
							|  |  |  |     options, args = parser.parse_args() | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     config.init_config(options) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return options, args | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | def get_dirman_password(): | 
					
						
							|  |  |  |     """Prompt the user for the Directory Manager password and verify its | 
					
						
							|  |  |  |        correctness. | 
					
						
							|  |  |  |     """ | 
					
						
							|  |  |  |     password = installutils.read_password("Directory Manager", confirm=False, validate=False) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return password | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  | def get_entry(dn, conn): | 
					
						
							|  |  |  |     """ | 
					
						
							|  |  |  |     Return the entry for the given DN. If the entry is not found return | 
					
						
							|  |  |  |     None. | 
					
						
							|  |  |  |     """ | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |     entry = None | 
					
						
							|  |  |  |     try: | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |         (dn, entry) = conn.get_entry(dn, normalize=False) | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |     except errors.NotFound: | 
					
						
							|  |  |  |         pass | 
					
						
							|  |  |  |     return entry | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | def main(): | 
					
						
							|  |  |  |     retval = 0 | 
					
						
							| 
									
										
										
										
											2010-02-03 16:16:46 -05:00
										 |  |  |     loglevel = logging.ERROR | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |     files = ['/usr/share/ipa/nis.uldif'] | 
					
						
							| 
									
										
										
										
											2009-05-19 15:19:44 -04:00
										 |  |  |     servicemsg = "" | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-04-11 15:30:11 -04:00
										 |  |  |     if os.getegid() != 0: | 
					
						
							|  |  |  |         sys.exit('Must be root to use this tool.') | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |     options, args = parse_options() | 
					
						
							|  |  |  |     if options.debug: | 
					
						
							|  |  |  |         loglevel = logging.DEBUG | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if len(args) != 1: | 
					
						
							| 
									
										
										
										
											2010-11-08 23:13:48 +01:00
										 |  |  |         sys.exit("You must specify one action, either enable or disable") | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |     elif args[0] != "enable" and args[0] != "disable": | 
					
						
							| 
									
										
										
										
											2010-11-08 23:13:48 +01:00
										 |  |  |         sys.exit("Unrecognized action [" + args[0] + "]") | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  |     logging.basicConfig(level=loglevel, | 
					
						
							|  |  |  |                         format='%(levelname)s %(message)s') | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     dirman_password = "" | 
					
						
							|  |  |  |     if options.password: | 
					
						
							|  |  |  |         pw = ipautil.template_file(options.password, []) | 
					
						
							|  |  |  |         dirman_password = pw.strip() | 
					
						
							|  |  |  |     else: | 
					
						
							|  |  |  |         dirman_password = get_dirman_password() | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |     api.bootstrap(context='cli', debug=options.debug) | 
					
						
							|  |  |  |     api.finalize() | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-03-24 15:51:31 +01:00
										 |  |  |     conn = None | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |     try: | 
					
						
							|  |  |  |         try: | 
					
						
							| 
									
										
										
										
											2011-02-15 14:11:27 -05:00
										 |  |  |             conn = ldap2(shared_instance=False, base_dn='') | 
					
						
							| 
									
										
										
										
											2010-03-24 15:51:31 +01:00
										 |  |  |             conn.connect( | 
					
						
							|  |  |  |                 bind_dn='cn=directory manager', bind_pw=dirman_password | 
					
						
							|  |  |  |             ) | 
					
						
							| 
									
										
										
										
											2011-02-15 14:11:27 -05:00
										 |  |  |         except errors.ExecutionError, lde: | 
					
						
							| 
									
										
										
										
											2010-11-08 23:13:48 +01:00
										 |  |  |             sys.exit("An error occurred while connecting to the server: %s" % str(lde)) | 
					
						
							| 
									
										
										
										
											2011-02-15 14:11:27 -05:00
										 |  |  |         except errors.AuthorizationError: | 
					
						
							|  |  |  |             sys.exit("Incorrect password") | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  |         if args[0] == "enable": | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |             compat = get_entry(compat_dn, conn) | 
					
						
							|  |  |  |             if compat is None: | 
					
						
							| 
									
										
										
										
											2010-11-08 23:13:48 +01:00
										 |  |  |                 sys.exit("The compat plugin needs to be enabled: ipa-compat-manage enable") | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |             entry = None | 
					
						
							|  |  |  |             try: | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |                 entry = get_entry(nis_config_dn, conn) | 
					
						
							| 
									
										
										
										
											2011-02-15 14:11:27 -05:00
										 |  |  |             except errors.ExecutionError, lde: | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |                 print "An error occurred while talking to the server." | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |                 print lde | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |                 retval = 1 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-05-19 15:19:44 -04:00
										 |  |  |             # Enable either the portmap or rpcbind service | 
					
						
							|  |  |  |             try: | 
					
						
							|  |  |  |                 ipautil.run(["/sbin/chkconfig", "portmap", "on"]) | 
					
						
							|  |  |  |                 servicemsg = "portmap" | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |             except ipautil.CalledProcessError, cpe: | 
					
						
							|  |  |  |                 if cpe.returncode == 1: | 
					
						
							| 
									
										
										
										
											2009-05-19 15:19:44 -04:00
										 |  |  |                     try: | 
					
						
							|  |  |  |                         ipautil.run(["/sbin/chkconfig", "rpcbind", "on"]) | 
					
						
							|  |  |  |                         servicemsg = "rpcbind" | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |                     except ipautil.CalledProcessError, cpe: | 
					
						
							| 
									
										
										
										
											2009-05-19 15:19:44 -04:00
										 |  |  |                         print "Unable to enable either portmap or rpcbind" | 
					
						
							|  |  |  |                         retval = 3 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |             # The cn=config entry for the plugin may already exist but it | 
					
						
							|  |  |  |             # could be turned off, handle both cases. | 
					
						
							|  |  |  |             if (entry is None or | 
					
						
							|  |  |  |               entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off'): | 
					
						
							|  |  |  |                 # Already configured, just enable the plugin | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |                 print "Enabling plugin" | 
					
						
							| 
									
										
										
										
											2011-02-15 14:11:27 -05:00
										 |  |  |                 ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}, ldapi=True) | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |                 if ld.update(files) != True: | 
					
						
							|  |  |  |                     retval = 1 | 
					
						
							|  |  |  |                 mod = {'nsslapd-pluginenabled': 'on'} | 
					
						
							|  |  |  |                 try: | 
					
						
							|  |  |  |                     conn.update_entry(nis_config_dn, mod, normalize=False) | 
					
						
							|  |  |  |                 except errors.EmptyModlist: | 
					
						
							|  |  |  |                     # plugin is already enabled, silently continue | 
					
						
							|  |  |  |                     pass | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |             else: | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |                 print "Plugin already Enabled" | 
					
						
							|  |  |  |                 retval = 2 | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  |         elif args[0] == "disable": | 
					
						
							|  |  |  |             try: | 
					
						
							| 
									
										
										
										
											2010-03-24 15:51:31 +01:00
										 |  |  |                 mod = {'nsslapd-pluginenabled': 'off'} | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |                 conn.update_entry(nis_config_dn, mod, normalize=False) | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |             except errors.NotFound: | 
					
						
							|  |  |  |                 print "Plugin is already disabled" | 
					
						
							|  |  |  |                 retval = 2 | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |             except errors.EmptyModlist: | 
					
						
							|  |  |  |                 print "Plugin is already disabled" | 
					
						
							|  |  |  |                 retval = 2 | 
					
						
							|  |  |  |             except errors.LDAPError, lde: | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |                 print "An error occurred while talking to the server." | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |                 print lde | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |                 retval = 1 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |             # delete the netgroups compat area. | 
					
						
							|  |  |  |             try: | 
					
						
							|  |  |  |                 conn.delete_entry('cn=ng,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) | 
					
						
							|  |  |  |             except errors.NotFound: | 
					
						
							|  |  |  |                 pass | 
					
						
							|  |  |  |             except errors.DatabaseError, dbe: | 
					
						
							|  |  |  |                 print "An error occurred while talking to the server." | 
					
						
							| 
									
										
										
										
											2010-12-08 14:26:17 -08:00
										 |  |  |                 print dbe | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |                 retval = 1 | 
					
						
							| 
									
										
										
										
											2011-02-15 14:11:27 -05:00
										 |  |  |             except errors.ExecutionError, lde: | 
					
						
							| 
									
										
										
										
											2010-07-14 13:56:46 -04:00
										 |  |  |                 print "An error occurred while talking to the server." | 
					
						
							|  |  |  |                 print lde | 
					
						
							|  |  |  |                 retval = 1 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |         else: | 
					
						
							|  |  |  |             retval = 1 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if retval == 0: | 
					
						
							|  |  |  |             print "This setting will not take effect until you restart Directory Server." | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-05-19 15:19:44 -04:00
										 |  |  |             if args[0] == "enable": | 
					
						
							|  |  |  |                 print "The %s service may need to be started." % servicemsg | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |     finally: | 
					
						
							| 
									
										
										
										
											2010-11-04 15:23:25 -04:00
										 |  |  |         if conn and conn.isconnected(): | 
					
						
							| 
									
										
										
										
											2010-03-24 15:51:31 +01:00
										 |  |  |             conn.disconnect() | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  |     return retval | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | try: | 
					
						
							|  |  |  |     if __name__ == "__main__": | 
					
						
							|  |  |  |         sys.exit(main()) | 
					
						
							|  |  |  | except BadSyntax, e: | 
					
						
							|  |  |  |     print "There is a syntax error in this update file:" | 
					
						
							|  |  |  |     print "  %s" % e | 
					
						
							|  |  |  |     sys.exit(1) | 
					
						
							|  |  |  | except RuntimeError, e: | 
					
						
							|  |  |  |     print "%s" % e | 
					
						
							|  |  |  |     sys.exit(1) | 
					
						
							|  |  |  | except SystemExit, e: | 
					
						
							|  |  |  |     sys.exit(e) | 
					
						
							|  |  |  | except KeyboardInterrupt, e: | 
					
						
							|  |  |  |     sys.exit(1) | 
					
						
							|  |  |  | except config.IPAConfigError, e: | 
					
						
							|  |  |  |     print "An IPA server to update cannot be found. Has one been configured yet?" | 
					
						
							|  |  |  |     print "The error was: %s" % e | 
					
						
							|  |  |  |     sys.exit(1) | 
					
						
							| 
									
										
										
										
											2010-03-24 15:51:31 +01:00
										 |  |  | except errors.LDAPError, e: | 
					
						
							| 
									
										
										
										
											2009-05-07 10:51:44 -04:00
										 |  |  |     print "An error occurred while performing operations: %s" % e | 
					
						
							|  |  |  |     sys.exit(1) |