diff options
Diffstat (limited to 'ipa-client/ipaclient/ipadiscovery.py')
-rw-r--r-- | ipa-client/ipaclient/ipadiscovery.py | 80 |
1 files changed, 40 insertions, 40 deletions
diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py index 2bd151925..e2d2043f9 100644 --- a/ipa-client/ipaclient/ipadiscovery.py +++ b/ipa-client/ipaclient/ipadiscovery.py @@ -19,10 +19,10 @@ import socket import logging -import ipa.dnsclient +import ipapython.dnsclient import ldap from ldap import LDAPError - + class IPADiscovery: def __init__(self): @@ -50,22 +50,22 @@ class IPADiscovery: result = [] krbret = [] ldapret = [] - + if not server: if not domain: #domain not provided do full DNS discovery - + # get the local host name hostname = socket.getfqdn() if not hostname: return -10 #bad host configuration - + # first, check for an LDAP server for the local domain p = hostname.find(".") if p == -1: #no domain name return -1 domain = hostname[p+1:] - + while not self.server: logging.debug("[ipadnssearchldap("+domain+")]") self.server = self.ipadnssearchldap(domain) @@ -83,69 +83,69 @@ class IPADiscovery: self.domain = domain else: return -2 #no ldap server found - - + + #search for kerberos TODO: move this after ipacheckldap() logging.debug("[ipadnssearchkrb]") krbret = self.ipadnssearchkrb(self.domain) if not krbret: return -3 #no krb server found - + self.realm = krbret[0] - + else: #server forced on us, this means DNS doesn't work :/ - + self.domain = domain self.server = server - + logging.debug("[ipacheckldap]") # check ldap now ldapret = self.ipacheckldap(self.server, self.realm) if not ldapret: return -4 # not an IPA server (or broken config) - + self.server = ldapret[0] self.realm = ldapret[1] - + return 0 def ipacheckldap(self, thost, trealm): - + lret = [] lres = [] lattr = "" linfo = "" lrealms = [] - + i = 0 - + #now verify the server is really an IPA server try: logging.debug("Init ldap with: ldap://"+thost+":389") lh = ldap.initialize("ldap://"+thost+":389") lh.simple_bind_s("","") - + logging.debug("Search rootdse") lret = lh.search_s("", ldap.SCOPE_BASE, "(objectClass=*)") for lattr in lret[0][1]: if lattr.lower() == "namingcontexts": self.basedn = lret[0][1][lattr][0] - + logging.debug("Search for (info=*) in "+self.basedn+"(base)") lret = lh.search_s(self.basedn, ldap.SCOPE_BASE, "(info=IPA*)") if not lret: return [] logging.debug("Found: "+str(lret)) - + for lattr in lret[0][1]: if lattr.lower() == "info": linfo = lret[0][1][lattr][0].lower() break - + if not linfo: return [] - + #search and return known realms logging.debug("Search for (objectClass=krbRealmContainer) in "+self.basedn+"(sub)") lret = lh.search_s("cn=kerberos,"+self.basedn, ldap.SCOPE_SUBTREE, "(objectClass=krbRealmContainer)") @@ -153,13 +153,13 @@ class IPADiscovery: #something very wrong return [] logging.debug("Found: "+str(lret)) - + for lres in lret: for lattr in lres[1]: if lattr.lower() == "cn": lrealms.append(lres[1][lattr][0]) - - + + if trealm: for r in lrealms: if trealm == r: @@ -172,10 +172,10 @@ class IPADiscovery: return [] else: return [thost, lrealms[0]] - + #we shouldn't get here return [] - + except LDAPError, err: #no good try: @@ -188,19 +188,19 @@ class IPADiscovery: logging.error("LDAP Error: "+str(err)) return [] - + def ipadnssearchldap(self, tdomain): servers = "" rserver = "" - + qname = "_ldap._tcp."+tdomain # terminate the name if not qname.endswith("."): qname += "." - results = ipa.dnsclient.query(qname, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_SRV) - + results = ipapython.dnsclient.query(qname, ipapython.dnsclient.DNS_C_IN, ipapython.dnsclient.DNS_T_SRV) + for result in results: - if result.dns_type == ipa.dnsclient.DNS_T_SRV: + if result.dns_type == ipapython.dnsclient.DNS_T_SRV: rserver = result.rdata.server.rstrip(".") if result.rdata.port and result.rdata.port != 389: rserver += ":" + str(result.rdata.port) @@ -209,9 +209,9 @@ class IPADiscovery: else: servers = rserver break - + return servers - + def ipadnssearchkrb(self, tdomain): realm = "" kdc = "" @@ -220,23 +220,23 @@ class IPADiscovery: # terminate the name if not qname.endswith("."): qname += "." - results = ipa.dnsclient.query(qname, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_TXT) - + results = ipapython.dnsclient.query(qname, ipapython.dnsclient.DNS_C_IN, ipapython.dnsclient.DNS_T_TXT) + for result in results: - if result.dns_type == ipa.dnsclient.DNS_T_TXT: + if result.dns_type == ipapython.dnsclient.DNS_T_TXT: realm = result.rdata.data if realm: break - + if realm: # now fetch server information for the realm qname = "_kerberos._udp." + tdomain # terminate the name if not qname.endswith("."): qname += "." - results = ipa.dnsclient.query(qname, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_SRV) + results = ipapython.dnsclient.query(qname, ipapython.dnsclient.DNS_C_IN, ipapython.dnsclient.DNS_T_SRV) for result in results: - if result.dns_type == ipa.dnsclient.DNS_T_SRV: + if result.dns_type == ipapython.dnsclient.DNS_T_SRV: qname = result.rdata.server.rstrip(".") if result.rdata.port and result.rdata.port != 88: qname += ":" + str(result.rdata.port) |