Complete autodiscovery with autoconfiguration

The code is still not perfect and rely on a yet unreleased nss_ldap package that fix dns discovery problems within nss_ldap itself. Also the manipulation of krb5.conf need to be improved
2025-02-25 18:55:28 -06:00 · 2007-08-30 19:40:54 -04:00
parent a9b9a55392
commit 12b46527c6
5 changed files with 148 additions and 45 deletions
--- a/ipa-client/ipaclient/ipachangeconf.py
+++ b/ipa-client/ipaclient/ipachangeconf.py
@@ -39,42 +39,61 @@ def openLocked(filename, perms):
 		raise IOError(errno, strerr)
 	return os.fdopen(fd, "r+")

+
+    #TODO: add subsection as a concept
+    #      (ex. REALM.NAME = { foo = x bar = y } )
+    #TODO: put section delimiters as separating element of the list
+    #      so that we can process multiple sections in one go
+    #TODO: add a comment all but provided options as a section option
 class IPAChangeConf:

    def __init__(self, name):
        self.progname = name
-        self.optpre = (" ",)
+        self.optpre = ("",)
        self.doptpre = self.optpre[0]
-        self.assign = ("=",)
+        self.assign = (" = ",)
        self.dassign = self.assign[0]
        self.comment = ("#",)
        self.dcomment = self.comment[0]
        self.eol = ("\n",)
        self.deol = self.eol[0]
-	#self.sectdel = ("[","]")
-	self.sectdel = ()
+	#self.sectnamdel = ("[","]")
+	self.sectnamdel = ()
+        self.newsection = False

    def setProgName(self, name):
        self.progname = name

    def setOptionPrefix(self, prefix):
-        self.optpre = prefix
+        if type(prefix) is list:
+            self.optpre = prefix
+        else:
+            self.optpre = (prefix, )
        self.doptpre = self.optpre[0]

    def setOptionAssignment(self, assign):
-        self.assign = assign
+	if type(assign) is list:
+            self.assign = assign
+        else:
+            self.assign = (assign, )
        self.dassign = self.assign[0]

    def setCommentPrefix(self, comment):
-        self.comment = comment
+        if type(comment) is list:
+            self.comment = comment
+        else:
+            self.comment = (comment, )
        self.dcomment = self.comment[0]

    def setEndLine(self, eol):
-        self.eol = eol
+        if type(eol) is list:
+            self.eol = eol
+        else:
+            self.eol = (eol, )
        self.deol = self.eol[0]

-    def setSectionDelimiters(self, delims):
-        self.sectdel = delims
+    def setSectionNameDelimiters(self, delims):
+        self.sectnamdel = delims

    def confDump(self, options):
        output = ""
@@ -82,16 +101,18 @@ class IPAChangeConf:
        #pre conf options delimiter
        output += self.deol
        output += self.dcomment+"["+self.progname+"]--start-line--"+self.deol
-        output += self.deol
        output += self.dcomment+" Generated by authconfig on " + time.strftime("%Y/%m/%d %H:%M:%S") + self.deol
        output += self.dcomment+" DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)"+self.deol
        output += self.dcomment+" Any modification may be deleted or altered by authconfig in future"+self.deol
        output += self.deol

+        if self.newsection:
+            output += getSectionLine(section)
+
        #set options
        for opt in options:
            if opt['action'] == "set":
-                output += self.doptpre+opt['name']+" "+self.dassign+" "+opt['value']+self.deol
+                output += self.doptpre+opt['name']+self.dassign+opt['value']+self.deol

        #post conf options delimiter
        output += self.deol
@@ -127,18 +148,18 @@ class IPAChangeConf:

    def matchSection(self, line):
        cl = "".join(line.strip().split()).lower()
-        if len(self.sectdel) != 2:
+        if len(self.sectnamdel) != 2:
            return False
-        if not cl.startswith(self.sectdel[0]):
+        if not cl.startswith(self.sectnamdel[0]):
            return False
-        if not cl.endswith(self.sectdel[1]):
+        if not cl.endswith(self.sectnamdel[1]):
            return False
-        return cl[len(self.sectdel[0]):-len(self.sectdel[1])]            
+        return cl[len(self.sectnamdel[0]):-len(self.sectnamdel[1])]            

    def getSectionLine(self, section):
-        if len(self.sectdel) != 2:
+        if len(self.sectnamdel) != 2:
            return section
-        return self.sectdel[0]+section+self.sectdel[1]+self.deol
+        return self.sectnamdel[0]+section+self.sectnamdel[1]+self.deol

    def checkLineOption(self, line, options):
        output = ""
@@ -211,7 +232,7 @@ class IPAChangeConf:

            if not done:
                if section:
-                    output += getSectionLine(section)
+                    self.newsection = True
                output += self.confDump(options)

            # Write it out and close it.
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -30,6 +30,7 @@ class IPADiscovery:
        self.realm = None
        self.domain = None
        self.server = None
+        self.basedn = None

    def getServerName(self):
        return str(self.server)
@@ -40,6 +41,9 @@ class IPADiscovery:
    def getRealmName(self):
        return str(self.realm)

+    def getBaseDN(self):
+        return str(self.basedn)
+
    def search(self, domain = "", server = ""):
        hostname = ""
        qname = ""
@@ -127,10 +131,10 @@ class IPADiscovery:
            lret = lh.search_s("", ldap.SCOPE_BASE, "(objectClass=*)")
            for lattr in lret[0][1]:
                if lattr.lower() == "namingcontexts":
-                    lbase = lret[0][1][lattr][0]
+                    self.basedn = lret[0][1][lattr][0]
    
-            logging.debug("Search for (info=*) in "+lbase+"(base)")
-            lret = lh.search_s(lbase, ldap.SCOPE_BASE, "(info=IPA*)")
+            logging.debug("Search for (info=*) in "+self.basedn+"(base)")
+            lret = lh.search_s(self.basedn, ldap.SCOPE_BASE, "(info=IPA*)")
            if not lret:
                return []
            logging.debug("Found: "+str(lret))
@@ -144,8 +148,8 @@ class IPADiscovery:
                return []
    
            #search and return known realms
-            logging.debug("Search for (objectClass=krbRealmContainer) in "+lbase+"(sub)")
-            lret = lh.search_s("cn=kerberos,"+lbase, ldap.SCOPE_SUBTREE, "(objectClass=krbRealmContainer)")
+            logging.debug("Search for (objectClass=krbRealmContainer) in "+self.basedn+"(sub)")
+            lret = lh.search_s("cn=kerberos,"+self.basedn, ldap.SCOPE_SUBTREE, "(objectClass=krbRealmContainer)")
            if not lret:
                #something very wrong
                return []
@@ -235,5 +239,4 @@ class IPADiscovery:
                    else:
                        kdc = qname

-        print "["+realm+", "+kdc+"]"
        return [realm, kdc]