From 262ff2d731b1bfc4acd91153088b8fcde7ae92b8 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 5 Feb 2009 15:03:08 -0500 Subject: Rename ipa-python directory to ipapython so it is a real python library We used to install it as ipa, now installing it as ipapython. The rpm is still ipa-python. --- ipa-client/ipaclient/ipadiscovery.py | 80 ++++++++++++++++++------------------ ipa-client/ipaclient/ntpconf.py | 10 ++--- 2 files changed, 45 insertions(+), 45 deletions(-) (limited to 'ipa-client/ipaclient') diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py index 2bd15192..e2d2043f 100644 --- a/ipa-client/ipaclient/ipadiscovery.py +++ b/ipa-client/ipaclient/ipadiscovery.py @@ -19,10 +19,10 @@ import socket import logging -import ipa.dnsclient +import ipapython.dnsclient import ldap from ldap import LDAPError - + class IPADiscovery: def __init__(self): @@ -50,22 +50,22 @@ class IPADiscovery: result = [] krbret = [] ldapret = [] - + if not server: if not domain: #domain not provided do full DNS discovery - + # get the local host name hostname = socket.getfqdn() if not hostname: return -10 #bad host configuration - + # first, check for an LDAP server for the local domain p = hostname.find(".") if p == -1: #no domain name return -1 domain = hostname[p+1:] - + while not self.server: logging.debug("[ipadnssearchldap("+domain+")]") self.server = self.ipadnssearchldap(domain) @@ -83,69 +83,69 @@ class IPADiscovery: self.domain = domain else: return -2 #no ldap server found - - + + #search for kerberos TODO: move this after ipacheckldap() logging.debug("[ipadnssearchkrb]") krbret = self.ipadnssearchkrb(self.domain) if not krbret: return -3 #no krb server found - + self.realm = krbret[0] - + else: #server forced on us, this means DNS doesn't work :/ - + self.domain = domain self.server = server - + logging.debug("[ipacheckldap]") # check ldap now ldapret = self.ipacheckldap(self.server, self.realm) if not ldapret: return -4 # not an IPA server (or broken config) - + self.server = ldapret[0] self.realm = ldapret[1] - + return 0 def ipacheckldap(self, thost, trealm): - + lret = [] lres = [] lattr = "" linfo = "" lrealms = [] - + i = 0 - + #now verify the server is really an IPA server try: logging.debug("Init ldap with: ldap://"+thost+":389") lh = ldap.initialize("ldap://"+thost+":389") lh.simple_bind_s("","") - + logging.debug("Search rootdse") lret = lh.search_s("", ldap.SCOPE_BASE, "(objectClass=*)") for lattr in lret[0][1]: if lattr.lower() == "namingcontexts": self.basedn = lret[0][1][lattr][0] - + logging.debug("Search for (info=*) in "+self.basedn+"(base)") lret = lh.search_s(self.basedn, ldap.SCOPE_BASE, "(info=IPA*)") if not lret: return [] logging.debug("Found: "+str(lret)) - + for lattr in lret[0][1]: if lattr.lower() == "info": linfo = lret[0][1][lattr][0].lower() break - + if not linfo: return [] - + #search and return known realms logging.debug("Search for (objectClass=krbRealmContainer) in "+self.basedn+"(sub)") lret = lh.search_s("cn=kerberos,"+self.basedn, ldap.SCOPE_SUBTREE, "(objectClass=krbRealmContainer)") @@ -153,13 +153,13 @@ class IPADiscovery: #something very wrong return [] logging.debug("Found: "+str(lret)) - + for lres in lret: for lattr in lres[1]: if lattr.lower() == "cn": lrealms.append(lres[1][lattr][0]) - - + + if trealm: for r in lrealms: if trealm == r: @@ -172,10 +172,10 @@ class IPADiscovery: return [] else: return [thost, lrealms[0]] - + #we shouldn't get here return [] - + except LDAPError, err: #no good try: @@ -188,19 +188,19 @@ class IPADiscovery: logging.error("LDAP Error: "+str(err)) return [] - + def ipadnssearchldap(self, tdomain): servers = "" rserver = "" - + qname = "_ldap._tcp."+tdomain # terminate the name if not qname.endswith("."): qname += "." - results = ipa.dnsclient.query(qname, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_SRV) - + results = ipapython.dnsclient.query(qname, ipapython.dnsclient.DNS_C_IN, ipapython.dnsclient.DNS_T_SRV) + for result in results: - if result.dns_type == ipa.dnsclient.DNS_T_SRV: + if result.dns_type == ipapython.dnsclient.DNS_T_SRV: rserver = result.rdata.server.rstrip(".") if result.rdata.port and result.rdata.port != 389: rserver += ":" + str(result.rdata.port) @@ -209,9 +209,9 @@ class IPADiscovery: else: servers = rserver break - + return servers - + def ipadnssearchkrb(self, tdomain): realm = "" kdc = "" @@ -220,23 +220,23 @@ class IPADiscovery: # terminate the name if not qname.endswith("."): qname += "." - results = ipa.dnsclient.query(qname, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_TXT) - + results = ipapython.dnsclient.query(qname, ipapython.dnsclient.DNS_C_IN, ipapython.dnsclient.DNS_T_TXT) + for result in results: - if result.dns_type == ipa.dnsclient.DNS_T_TXT: + if result.dns_type == ipapython.dnsclient.DNS_T_TXT: realm = result.rdata.data if realm: break - + if realm: # now fetch server information for the realm qname = "_kerberos._udp." + tdomain # terminate the name if not qname.endswith("."): qname += "." - results = ipa.dnsclient.query(qname, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_SRV) + results = ipapython.dnsclient.query(qname, ipapython.dnsclient.DNS_C_IN, ipapython.dnsclient.DNS_T_SRV) for result in results: - if result.dns_type == ipa.dnsclient.DNS_T_SRV: + if result.dns_type == ipapython.dnsclient.DNS_T_SRV: qname = result.rdata.server.rstrip(".") if result.rdata.port and result.rdata.port != 88: qname += ":" + str(result.rdata.port) diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py index 14e720c2..e71a909b 100644 --- a/ipa-client/ipaclient/ntpconf.py +++ b/ipa-client/ipaclient/ntpconf.py @@ -17,7 +17,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -from ipa.ipautil import * +from ipapython.ipautil import * import shutil ntp_conf = """# Permit time synchronization with our time source, but do not @@ -28,7 +28,7 @@ restrict -6 default kod nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. -restrict 127.0.0.1 +restrict 127.0.0.1 restrict -6 ::1 # Hosts on local network are less restricted. @@ -46,9 +46,9 @@ server $SERVER #manycastclient 239.255.254.254 key 42 # manycast client # Undisciplined Local Clock. This is a fake driver intended for backup -# and when no outside source of synchronized time is available. +# and when no outside source of synchronized time is available. server 127.127.1.0 # local clock -#fudge 127.127.1.0 stratum 10 +#fudge 127.127.1.0 stratum 10 # Drift file. Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file @@ -57,7 +57,7 @@ server 127.127.1.0 # local clock driftfile /var/lib/ntp/drift # Key file containing the keys and key identifiers used when operating -# with symmetric key cryptography. +# with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. -- cgit