# Authors:
#   Adam Young <ayoung@redhat.com>
#   Rob Crittenden <rcritten@redhat.com>
#
# Copyright (c) 2010  Red Hat
# See file 'copying' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""
Plugin to make multiple ipa calls via one remote procedure call

To run this code in the lite-server

curl   -H "Content-Type:application/json"          -H "Accept:application/json" -H "Accept-Language:en"        --negotiate -u :          --cacert /etc/ipa/ca.crt           -d  @batch_request.json -X POST       http://localhost:8888/ipa/json

where the contents of the file batch_request.json follow the below example

{"method":"batch","params":[[
        {"method":"group_find","params":[[],{}]},
        {"method":"user_find","params":[[],{"whoami":"true","all":"true"}]},
        {"method":"user_show","params":[["admin"],{"all":true}]}
        ],{}],"id":1}

The format of the response is nested the same way.  At the top you will see
  "error": null,
    "id": 1,
    "result": {
        "count": 3,
            "results": [


And then a nested response for each IPA command method sent in the request

"""

from ipalib import api, errors
from ipalib import Command
from ipalib.parameters import Str, Any
from ipalib.output import Output
from ipalib import output
from ipalib.text import _
from ipalib.request import context
from ipapython.version import API_VERSION

class batch(Command):
    NO_CLI = True

    takes_args = (
        Any('methods*',
            doc=_('Nested Methods to execute'),
        ),
    )

    take_options = (
        Str('version',
            cli_name='version',
            doc=_('Client version. Used to determine if server will accept request.'),
            exclude='webui',
            flags=['no_option', 'no_output'],
            default=API_VERSION,
            autofill=True,
        ),
    )

    has_output = (
        Output('count', int, doc=''),
        Output('results', list, doc='')
    )

    def execute(self, *args, **options):
        results=[]
        for arg in args[0]:
            params = dict()
            name = None
            try:
                if 'method' not in arg:
                    raise errors.RequirementError(name='method')
                if 'params' not in arg:
                    raise errors.RequirementError(name='params')
                name = arg['method']
                if name not in self.Command:
                    raise errors.CommandError(name=name)
                a = arg['params'][0]
                kw = arg['params'][1]
                newkw = {}
                for k in kw:
                    newkw[str(k)] = kw[k]
                params = api.Command[name].args_options_2_params(*a, **newkw)

                result = api.Command[name](*a, **newkw)
                self.info(
                    '%s: batch: %s(%s): SUCCESS', context.principal, name, ', '.join(api.Command[name]._repr_iter(**params))
                )
                result['error']=None
            except Exception, e:
                result = dict()
                result['error'] = unicode(e)
                if isinstance(e, errors.RequirementError) or \
                    isinstance(e, errors.CommandError):
                    self.info(
                        '%s: batch: %s', context.principal, e.__class__.__name__
                    )
                else:
                    self.info(
                        '%s: batch: %s(%s): %s', context.principal, name, ', '.join(api.Command[name]._repr_iter(**params)),  e.__class__.__name__
                    )
            results.append(result)
        return dict(count=len(results) , results=results)

api.register(batch)
30'>30</a>
<a id='n31' href='#n31'>31</a>
<a id='n32' href='#n32'>32</a>
<a id='n33' href='#n33'>33</a>
<a id='n34' href='#n34'>34</a>
<a id='n35' href='#n35'>35</a>
<a id='n36' href='#n36'>36</a>
<a id='n37' href='#n37'>37</a>
<a id='n38' href='#n38'>38</a>
<a id='n39' href='#n39'>39</a>
<a id='n40' href='#n40'>40</a>
<a id='n41' href='#n41'>41</a>
<a id='n42' href='#n42'>42</a>
<a id='n43' href='#n43'>43</a>
<a id='n44' href='#n44'>44</a>
<a id='n45' href='#n45'>45</a>
<a id='n46' href='#n46'>46</a>
<a id='n47' href='#n47'>47</a>
<a id='n48' href='#n48'>48</a>
<a id='n49' href='#n49'>49</a>
<a id='n50' href='#n50'>50</a>
<a id='n51' href='#n51'>51</a>
<a id='n52' href='#n52'>52</a>
<a id='n53' href='#n53'>53</a>
<a id='n54' href='#n54'>54</a>
<a id='n55' href='#n55'>55</a>
<a id='n56' href='#n56'>56</a>
<a id='n57' href='#n57'>57</a>
<a id='n58' href='#n58'>58</a>
<a id='n59' href='#n59'>59</a>
<a id='n60' href='#n60'>60</a>
<a id='n61' href='#n61'>61</a>
<a id='n62' href='#n62'>62</a>
<a id='n63' href='#n63'>63</a>
<a id='n64' href='#n64'>64</a>
<a id='n65' href='#n65'>65</a>
<a id='n66' href='#n66'>66</a>
<a id='n67' href='#n67'>67</a>
<a id='n68' href='#n68'>68</a>
<a id='n69' href='#n69'>69</a>
<a id='n70' href='#n70'>70</a>
<a id='n71' href='#n71'>71</a>
<a id='n72' href='#n72'>72</a>
<a id='n73' href='#n73'>73</a>
<a id='n74' href='#n74'>74</a>
<a id='n75' href='#n75'>75</a>
<a id='n76' href='#n76'>76</a>
<a id='n77' href='#n77'>77</a>
<a id='n78' href='#n78'>78</a>
<a id='n79' href='#n79'>79</a>
<a id='n80' href='#n80'>80</a>
<a id='n81' href='#n81'>81</a>
<a id='n82' href='#n82'>82</a>
<a id='n83' href='#n83'>83</a>
<a id='n84' href='#n84'>84</a>
<a id='n85' href='#n85'>85</a>
<a id='n86' href='#n86'>86</a>
<a id='n87' href='#n87'>87</a>
<a id='n88' href='#n88'>88</a>
<a id='n89' href='#n89'>89</a>
<a id='n90' href='#n90'>90</a>
<a id='n91' href='#n91'>91</a>
<a id='n92' href='#n92'>92</a>
<a id='n93' href='#n93'>93</a>
<a id='n94' href='#n94'>94</a>
<a id='n95' href='#n95'>95</a>
<a id='n96' href='#n96'>96</a>
<a id='n97' href='#n97'>97</a>
<a id='n98' href='#n98'>98</a>
<a id='n99' href='#n99'>99</a>
<a id='n100' href='#n100'>100</a>
<a id='n101' href='#n101'>101</a>
<a id='n102' href='#n102'>102</a>
<a id='n103' href='#n103'>103</a>
<a id='n104' href='#n104'>104</a>
<a id='n105' href='#n105'>105</a>
<a id='n106' href='#n106'>106</a>
<a id='n107' href='#n107'>107</a>
<a id='n108' href='#n108'>108</a>
<a id='n109' href='#n109'>109</a>
<a id='n110' href='#n110'>110</a>
<a id='n111' href='#n111'>111</a>
<a id='n112' href='#n112'>112</a>
<a id='n113' href='#n113'>113</a>
<a id='n114' href='#n114'>114</a>
<a id='n115' href='#n115'>115</a>
<a id='n116' href='#n116'>116</a>
<a id='n117' href='#n117'>117</a>
<a id='n118' href='#n118'>118</a>
<a id='n119' href='#n119'>119</a>
<a id='n120' href='#n120'>120</a>
<a id='n121' href='#n121'>121</a>
<a id='n122' href='#n122'>122</a>
<a id='n123' href='#n123'>123</a>
<a id='n124' href='#n124'>124</a>
<a id='n125' href='#n125'>125</a>
<a id='n126' href='#n126'>126</a>
<a id='n127' href='#n127'>127</a>
<a id='n128' href='#n128'>128</a>
<a id='n129' href='#n129'>129</a>
<a id='n130' href='#n130'>130</a>
<a id='n131' href='#n131'>131</a>
<a id='n132' href='#n132'>132</a>
<a id='n133' href='#n133'>133</a>
<a id='n134' href='#n134'>134</a>
<a id='n135' href='#n135'>135</a>
<a id='n136' href='#n136'>136</a>
<a id='n137' href='#n137'>137</a>
<a id='n138' href='#n138'>138</a>
<a id='n139' href='#n139'>139</a>
<a id='n140' href='#n140'>140</a>
<a id='n141' href='#n141'>141</a>
<a id='n142' href='#n142'>142</a>
<a id='n143' href='#n143'>143</a>
<a id='n144' href='#n144'>144</a>
<a id='n145' href='#n145'>145</a>
<a id='n146' href='#n146'>146</a>
<a id='n147' href='#n147'>147</a>
<a id='n148' href='#n148'>148</a>
<a id='n149' href='#n149'>149</a>
<a id='n150' href='#n150'>150</a>
<a id='n151' href='#n151'>151</a>
<a id='n152' href='#n152'>152</a>
<a id='n153' href='#n153'>153</a>
<a id='n154' href='#n154'>154</a>
<a id='n155' href='#n155'>155</a>
<a id='n156' href='#n156'>156</a>
<a id='n157' href='#n157'>157</a>
<a id='n158' href='#n158'>158</a>
<a id='n159' href='#n159'>159</a>
<a id='n160' href='#n160'>160</a>
<a id='n161' href='#n161'>161</a>
<a id='n162' href='#n162'>162</a>
<a id='n163' href='#n163'>163</a>
<a id='n164' href='#n164'>164</a>
<a id='n165' href='#n165'>165</a>
<a id='n166' href='#n166'>166</a>
<a id='n167' href='#n167'>167</a>
<a id='n168' href='#n168'>168</a>
<a id='n169' href='#n169'>169</a>
<a id='n170' href='#n170'>170</a>
<a id='n171' href='#n171'>171</a>
<a id='n172' href='#n172'>172</a>
<a id='n173' href='#n173'>173</a>
<a id='n174' href='#n174'>174</a>
<a id='n175' href='#n175'>175</a>
<a id='n176' href='#n176'>176</a>
<a id='n177' href='#n177'>177</a>
<a id='n178' href='#n178'>178</a>
<a id='n179' href='#n179'>179</a>
<a id='n180' href='#n180'>180</a>
<a id='n181' href='#n181'>181</a>
<a id='n182' href='#n182'>182</a>
<a id='n183' href='#n183'>183</a>
<a id='n184' href='#n184'>184</a>
<a id='n185' href='#n185'>185</a>
<a id='n186' href='#n186'>186</a>
<a id='n187' href='#n187'>187</a>
<a id='n188' href='#n188'>188</a>
<a id='n189' href='#n189'>189</a>
<a id='n190' href='#n190'>190</a>
<a id='n191' href='#n191'>191</a>
<a id='n192' href='#n192'>192</a>
<a id='n193' href='#n193'>193</a>
<a id='n194' href='#n194'>194</a>
<a id='n195' href='#n195'>195</a>
<a id='n196' href='#n196'>196</a>
<a id='n197' href='#n197'>197</a>
<a id='n198' href='#n198'>198</a>
<a id='n199' href='#n199'>199</a>
<a id='n200' href='#n200'>200</a>
<a id='n201' href='#n201'>201</a>
<a id='n202' href='#n202'>202</a>
<a id='n203' href='#n203'>203</a>
<a id='n204' href='#n204'>204</a>
<a id='n205' href='#n205'>205</a>
<a id='n206' href='#n206'>206</a>
<a id='n207' href='#n207'>207</a>
<a id='n208' href='#n208'>208</a>
<a id='n209' href='#n209'>209</a>
<a id='n210' href='#n210'>210</a>
<a id='n211' href='#n211'>211</a>
<a id='n212' href='#n212'>212</a>
<a id='n213' href='#n213'>213</a>
<a id='n214' href='#n214'>214</a>
<a id='n215' href='#n215'>215</a>
<a id='n216' href='#n216'>216</a>
<a id='n217' href='#n217'>217</a>
<a id='n218' href='#n218'>218</a>
<a id='n219' href='#n219'>219</a>
<a id='n220' href='#n220'>220</a>
<a id='n221' href='#n221'>221</a>
<a id='n222' href='#n222'>222</a>
<a id='n223' href='#n223'>223</a>
<a id='n224' href='#n224'>224</a>
<a id='n225' href='#n225'>225</a>
<a id='n226' href='#n226'>226</a>
<a id='n227' href='#n227'>227</a>
<a id='n228' href='#n228'>228</a>
<a id='n229' href='#n229'>229</a>
<a id='n230' href='#n230'>230</a>
<a id='n231' href='#n231'>231</a>
<a id='n232' href='#n232'>232</a>
<a id='n233' href='#n233'>233</a>
<a id='n234' href='#n234'>234</a>
<a id='n235' href='#n235'>235</a>
<a id='n236' href='#n236'>236</a>
<a id='n237' href='#n237'>237</a>
<a id='n238' href='#n238'>238</a>
<a id='n239' href='#n239'>239</a>
<a id='n240' href='#n240'>240</a>
<a id='n241' href='#n241'>241</a>
<a id='n242' href='#n242'>242</a>
<a id='n243' href='#n243'>243</a>
<a id='n244' href='#n244'>244</a>
<a id='n245' href='#n245'>245</a>
<a id='n246' href='#n246'>246</a>
<a id='n247' href='#n247'>247</a>
<a id='n248' href='#n248'>248</a>
<a id='n249' href='#n249'>249</a>
<a id='n250' href='#n250'>250</a>
<a id='n251' href='#n251'>251</a>
<a id='n252' href='#n252'>252</a>
<a id='n253' href='#n253'>253</a>
<a id='n254' href='#n254'>254</a>
<a id='n255' href='#n255'>255</a>
<a id='n256' href='#n256'>256</a>
<a id='n257' href='#n257'>257</a>
<a id='n258' href='#n258'>258</a>
<a id='n259' href='#n259'>259</a>
<a id='n260' href='#n260'>260</a>
<a id='n261' href='#n261'>261</a>
<a id='n262' href='#n262'>262</a>
<a id='n263' href='#n263'>263</a>
<a id='n264' href='#n264'>264</a>
<a id='n265' href='#n265'>265</a>
<a id='n266' href='#n266'>266</a>
<a id='n267' href='#n267'>267</a>
<a id='n268' href='#n268'>268</a>
<a id='n269' href='#n269'>269</a>
<a id='n270' href='#n270'>270</a>
<a id='n271' href='#n271'>271</a>
<a id='n272' href='#n272'>272</a>
<a id='n273' href='#n273'>273</a>
<a id='n274' href='#n274'>274</a>
<a id='n275' href='#n275'>275</a>
<a id='n276' href='#n276'>276</a>
<a id='n277' href='#n277'>277</a>
<a id='n278' href='#n278'>278</a>
<a id='n279' href='#n279'>279</a>
<a id='n280' href='#n280'>280</a>
<a id='n281' href='#n281'>281</a>
<a id='n282' href='#n282'>282</a>
<a id='n283' href='#n283'>283</a>
<a id='n284' href='#n284'>284</a>
<a id='n285' href='#n285'>285</a>
<a id='n286' href='#n286'>286</a>
<a id='n287' href='#n287'>287</a>
<a id='n288' href='#n288'>288</a>
<a id='n289' href='#n289'>289</a>
<a id='n290' href='#n290'>290</a>
<a id='n291' href='#n291'>291</a>
<a id='n292' href='#n292'>292</a>
<a id='n293' href='#n293'>293</a>
<a id='n294' href='#n294'>294</a>
<a id='n295' href='#n295'>295</a>
<a id='n296' href='#n296'>296</a>
<a id='n297' href='#n297'>297</a>
<a id='n298' href='#n298'>298</a>
<a id='n299' href='#n299'>299</a>
<a id='n300' href='#n300'>300</a>
<a id='n301' href='#n301'>301</a>
<a id='n302' href='#n302'>302</a>
<a id='n303' href='#n303'>303</a>
<a id='n304' href='#n304'>304</a>
<a id='n305' href='#n305'>305</a>
<a id='n306' href='#n306'>306</a>
<a id='n307' href='#n307'>307</a>
<a id='n308' href='#n308'>308</a>
<a id='n309' href='#n309'>309</a>
<a id='n310' href='#n310'>310</a>
<a id='n311' href='#n311'>311</a>
<a id='n312' href='#n312'>312</a>
<a id='n313' href='#n313'>313</a>
<a id='n314' href='#n314'>314</a>
<a id='n315' href='#n315'>315</a>
<a id='n316' href='#n316'>316</a>
<a id='n317' href='#n317'>317</a>
<a id='n318' href='#n318'>318</a>
<a id='n319' href='#n319'>319</a>
<a id='n320' href='#n320'>320</a>
<a id='n321' href='#n321'>321</a>
<a id='n322' href='#n322'>322</a>
<a id='n323' href='#n323'>323</a>
<a id='n324' href='#n324'>324</a>
<a id='n325' href='#n325'>325</a>
<a id='n326' href='#n326'>326</a>
<a id='n327' href='#n327'>327</a>
<a id='n328' href='#n328'>328</a>
<a id='n329' href='#n329'>329</a>
<a id='n330' href='#n330'>330</a>
<a id='n331' href='#n331'>331</a>
<a id='n332' href='#n332'>332</a>
<a id='n333' href='#n333'>333</a>
<a id='n334' href='#n334'>334</a>
<a id='n335' href='#n335'>335</a>
<a id='n336' href='#n336'>336</a>
<a id='n337' href='#n337'>337</a>
<a id='n338' href='#n338'>338</a>
<a id='n339' href='#n339'>339</a>
<a id='n340' href='#n340'>340</a>
<a id='n341' href='#n341'>341</a>
<a id='n342' href='#n342'>342</a>
<a id='n343' href='#n343'>343</a>
<a id='n344' href='#n344'>344</a>
<a id='n345' href='#n345'>345</a>
<a id='n346' href='#n346'>346</a>
<a id='n347' href='#n347'>347</a>
<a id='n348' href='#n348'>348</a>
<a id='n349' href='#n349'>349</a>
<a id='n350' href='#n350'>350</a>
<a id='n351' href='#n351'>351</a>
<a id='n352' href='#n352'>352</a>
<a id='n353' href='#n353'>353</a>
<a id='n354' href='#n354'>354</a>
<a id='n355' href='#n355'>355</a>
<a id='n356' href='#n356'>356</a>
<a id='n357' href='#n357'>357</a>
<a id='n358' href='#n358'>358</a>
<a id='n359' href='#n359'>359</a>
<a id='n360' href='#n360'>360</a>
<a id='n361' href='#n361'>361</a>
<a id='n362' href='#n362'>362</a>
<a id='n363' href='#n363'>363</a>
<a id='n364' href='#n364'>364</a>
<a id='n365' href='#n365'>365</a>
<a id='n366' href='#n366'>366</a>
<a id='n367' href='#n367'>367</a>
<a id='n368' href='#n368'>368</a>
<a id='n369' href='#n369'>369</a>
<a id='n370' href='#n370'>370</a>
<a id='n371' href='#n371'>371</a>
<a id='n372' href='#n372'>372</a>
<a id='n373' href='#n373'>373</a>
<a id='n374' href='#n374'>374</a>
<a id='n375' href='#n375'>375</a>
<a id='n376' href='#n376'>376</a>
<a id='n377' href='#n377'>377</a>
<a id='n378' href='#n378'>378</a>
<a id='n379' href='#n379'>379</a>
<a id='n380' href='#n380'>380</a>
<a id='n381' href='#n381'>381</a>
<a id='n382' href='#n382'>382</a>
<a id='n383' href='#n383'>383</a>
<a id='n384' href='#n384'>384</a>
<a id='n385' href='#n385'>385</a>
<a id='n386' href='#n386'>386</a>
<a id='n387' href='#n387'>387</a>
<a id='n388' href='#n388'>388</a>
<a id='n389' href='#n389'>389</a>
<a id='n390' href='#n390'>390</a>
<a id='n391' href='#n391'>391</a>
<a id='n392' href='#n392'>392</a>
<a id='n393' href='#n393'>393</a>
<a id='n394' href='#n394'>394</a>
<a id='n395' href='#n395'>395</a>
<a id='n396' href='#n396'>396</a>
<a id='n397' href='#n397'>397</a>
<a id='n398' href='#n398'>398</a>
<a id='n399' href='#n399'>399</a>
<a id='n400' href='#n400'>400</a>
<a id='n401' href='#n401'>401</a>
<a id='n402' href='#n402'>402</a>
<a id='n403' href='#n403'>403</a>
<a id='n404' href='#n404'>404</a>
<a id='n405' href='#n405'>405</a>
<a id='n406' href='#n406'>406</a>
<a id='n407' href='#n407'>407</a>
<a id='n408' href='#n408'>408</a>
<a id='n409' href='#n409'>409</a>
<a id='n410' href='#n410'>410</a>
<a id='n411' href='#n411'>411</a>
<a id='n412' href='#n412'>412</a>
<a id='n413' href='#n413'>413</a>
<a id='n414' href='#n414'>414</a>
<a id='n415' href='#n415'>415</a>
<a id='n416' href='#n416'>416</a>
<a id='n417' href='#n417'>417</a>
<a id='n418' href='#n418'>418</a>
<a id='n419' href='#n419'>419</a>
<a id='n420' href='#n420'>420</a>
<a id='n421' href='#n421'>421</a>
<a id='n422' href='#n422'>422</a>
<a id='n423' href='#n423'>423</a>
<a id='n424' href='#n424'>424</a>
<a id='n425' href='#n425'>425</a>
<a id='n426' href='#n426'>426</a>
<a id='n427' href='#n427'>427</a>
<a id='n428' href='#n428'>428</a>
<a id='n429' href='#n429'>429</a>
<a id='n430' href='#n430'>430</a>
<a id='n431' href='#n431'>431</a>
<a id='n432' href='#n432'>432</a>
<a id='n433' href='#n433'>433</a>
<a id='n434' href='#n434'>434</a>
<a id='n435' href='#n435'>435</a>
<a id='n436' href='#n436'>436</a>
<a id='n437' href='#n437'>437</a>
<a id='n438' href='#n438'>438</a>
<a id='n439' href='#n439'>439</a>
<a id='n440' href='#n440'>440</a>
<a id='n441' href='#n441'>441</a>
<a id='n442' href='#n442'>442</a>
<a id='n443' href='#n443'>443</a>
<a id='n444' href='#n444'>444</a>
<a id='n445' href='#n445'>445</a>
<a id='n446' href='#n446'>446</a>
<a id='n447' href='#n447'>447</a>
<a id='n448' href='#n448'>448</a>
<a id='n449' href='#n449'>449</a>
<a id='n450' href='#n450'>450</a>
<a id='n451' href='#n451'>451</a>
<a id='n452' href='#n452'>452</a>
<a id='n453' href='#n453'>453</a>
<a id='n454' href='#n454'>454</a>
<a id='n455' href='#n455'>455</a>
<a id='n456' href='#n456'>456</a>
<a id='n457' href='#n457'>457</a>
<a id='n458' href='#n458'>458</a>
<a id='n459' href='#n459'>459</a>
<a id='n460' href='#n460'>460</a>
<a id='n461' href='#n461'>461</a>
<a id='n462' href='#n462'>462</a>
<a id='n463' href='#n463'>463</a>
<a id='n464' href='#n464'>464</a>
<a id='n465' href='#n465'>465</a>
<a id='n466' href='#n466'>466</a>
<a id='n467' href='#n467'>467</a>
<a id='n468' href='#n468'>468</a>
<a id='n469' href='#n469'>469</a>
<a id='n470' href='#n470'>470</a>
<a id='n471' href='#n471'>471</a>
<a id='n472' href='#n472'>472</a>
<a id='n473' href='#n473'>473</a>
<a id='n474' href='#n474'>474</a>
<a id='n475' href='#n475'>475</a>
<a id='n476' href='#n476'>476</a>
<a id='n477' href='#n477'>477</a>
<a id='n478' href='#n478'>478</a>
<a id='n479' href='#n479'>479</a>
<a id='n480' href='#n480'>480</a>
<a id='n481' href='#n481'>481</a>
<a id='n482' href='#n482'>482</a>
<a id='n483' href='#n483'>483</a>
<a id='n484' href='#n484'>484</a>
<a id='n485' href='#n485'>485</a>
<a id='n486' href='#n486'>486</a>
<a id='n487' href='#n487'>487</a>
<a id='n488' href='#n488'>488</a>
<a id='n489' href='#n489'>489</a>
<a id='n490' href='#n490'>490</a>
<a id='n491' href='#n491'>491</a>
<a id='n492' href='#n492'>492</a>
<a id='n493' href='#n493'>493</a>
<a id='n494' href='#n494'>494</a>
<a id='n495' href='#n495'>495</a>
<a id='n496' href='#n496'>496</a>
<a id='n497' href='#n497'>497</a>
<a id='n498' href='#n498'>498</a>
<a id='n499' href='#n499'>499</a>
<a id='n500' href='#n500'>500</a>
<a id='n501' href='#n501'>501</a>
<a id='n502' href='#n502'>502</a>
<a id='n503' href='#n503'>503</a>
<a id='n504' href='#n504'>504</a>
<a id='n505' href='#n505'>505</a>
<a id='n506' href='#n506'>506</a>
<a id='n507' href='#n507'>507</a>
<a id='n508' href='#n508'>508</a>
<a id='n509' href='#n509'>509</a>
<a id='n510' href='#n510'>510</a>
<a id='n511' href='#n511'>511</a>
<a id='n512' href='#n512'>512</a>
<a id='n513' href='#n513'>513</a>
<a id='n514' href='#n514'>514</a>
<a id='n515' href='#n515'>515</a>
<a id='n516' href='#n516'>516</a>
<a id='n517' href='#n517'>517</a>
<a id='n518' href='#n518'>518</a>
<a id='n519' href='#n519'>519</a>
<a id='n520' href='#n520'>520</a>
<a id='n521' href='#n521'>521</a>
<a id='n522' href='#n522'>522</a>
<a id='n523' href='#n523'>523</a>
<a id='n524' href='#n524'>524</a>
<a id='n525' href='#n525'>525</a>
<a id='n526' href='#n526'>526</a>
<a id='n527' href='#n527'>527</a>
<a id='n528' href='#n528'>528</a>
<a id='n529' href='#n529'>529</a>
<a id='n530' href='#n530'>530</a>
<a id='n531' href='#n531'>531</a>
<a id='n532' href='#n532'>532</a>
<a id='n533' href='#n533'>533</a>
<a id='n534' href='#n534'>534</a>
<a id='n535' href='#n535'>535</a>
<a id='n536' href='#n536'>536</a>
<a id='n537' href='#n537'>537</a>
<a id='n538' href='#n538'>538</a>
<a id='n539' href='#n539'>539</a>
<a id='n540' href='#n540'>540</a>
<a id='n541' href='#n541'>541</a>
<a id='n542' href='#n542'>542</a>
<a id='n543' href='#n543'>543</a>
<a id='n544' href='#n544'>544</a>
<a id='n545' href='#n545'>545</a>
<a id='n546' href='#n546'>546</a>
<a id='n547' href='#n547'>547</a>
<a id='n548' href='#n548'>548</a>
<a id='n549' href='#n549'>549</a>
<a id='n550' href='#n550'>550</a>
<a id='n551' href='#n551'>551</a>
<a id='n552' href='#n552'>552</a>
<a id='n553' href='#n553'>553</a>
<a id='n554' href='#n554'>554</a>
<a id='n555' href='#n555'>555</a>
<a id='n556' href='#n556'>556</a>
<a id='n557' href='#n557'>557</a>
<a id='n558' href='#n558'>558</a>
<a id='n559' href='#n559'>559</a>
<a id='n560' href='#n560'>560</a>
<a id='n561' href='#n561'>561</a>
<a id='n562' href='#n562'>562</a>
</pre></td>
<td class='lines'><pre><code><span class="hl slc"># Authors:</span>
<span class="hl slc">#   Jason Gerard DeRose &lt;jderose&#64;redhat.com&gt;</span>
<span class="hl slc">#</span>
<span class="hl slc"># Copyright (C) 2008  Red Hat</span>
<span class="hl slc"># see file &#39;COPYING&#39; for use and warranty information</span>
<span class="hl slc">#</span>
<span class="hl slc"># This program is free software; you can redistribute it and/or modify</span>
<span class="hl slc"># it under the terms of the GNU General Public License as published by</span>
<span class="hl slc"># the Free Software Foundation, either version 3 of the License, or</span>
<span class="hl slc"># (at your option) any later version.</span>
<span class="hl slc">#</span>
<span class="hl slc"># This program is distributed in the hope that it will be useful,</span>
<span class="hl slc"># but WITHOUT ANY WARRANTY; without even the implied warranty of</span>
<span class="hl slc"># MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the</span>
<span class="hl slc"># GNU General Public License for more details.</span>
<span class="hl slc">#</span>
<span class="hl slc"># You should have received a copy of the GNU General Public License</span>
<span class="hl slc"># along with this program.  If not, see &lt;http://www.gnu.org/licenses/&gt;.</span>

<span class="hl str">&quot;&quot;&quot;</span>
<span class="hl str">Various utility functions.</span>
<span class="hl str">&quot;&quot;&quot;</span>

<span class="hl kwa">import</span> os
<span class="hl kwa">import</span> imp
<span class="hl kwa">import</span> time
<span class="hl kwa">import</span> socket
<span class="hl kwa">import</span> re
<span class="hl kwa">import</span> decimal
<span class="hl kwa">import</span> netaddr
<span class="hl kwa">from</span> types <span class="hl kwa">import</span> NoneType
<span class="hl kwa">from</span> weakref <span class="hl kwa">import</span> WeakKeyDictionary
<span class="hl kwa">from</span> dns <span class="hl kwa">import</span> resolver<span class="hl opt">,</span> rdatatype
<span class="hl kwa">from</span> dns<span class="hl opt">.</span>exception <span class="hl kwa">import</span> DNSException

<span class="hl kwa">from</span> ipalib <span class="hl kwa">import</span> errors
<span class="hl kwa">from</span> ipalib<span class="hl opt">.</span>text <span class="hl kwa">import</span> _
<span class="hl kwa">from</span> ipapython<span class="hl opt">.</span>ssh <span class="hl kwa">import</span> SSHPublicKey
<span class="hl kwa">from</span> ipapython<span class="hl opt">.</span>dn <span class="hl kwa">import</span> DN<span class="hl opt">,</span> RDN


<span class="hl kwa">def</span> <span class="hl kwd">json_serialize</span><span class="hl opt">(</span>obj<span class="hl opt">):</span>
    <span class="hl kwa">if</span> <span class="hl kwb">isinstance</span><span class="hl opt">(</span>obj<span class="hl opt">, (</span><span class="hl kwb">list</span><span class="hl opt">,</span> <span class="hl kwb">tuple</span><span class="hl opt">)):</span>
        <span class="hl kwa">return</span> <span class="hl opt">[</span><span class="hl kwd">json_serialize</span><span class="hl opt">(</span>o<span class="hl opt">)</span> <span class="hl kwa">for</span> o <span class="hl kwa">in</span> obj<span class="hl opt">]</span>
    <span class="hl kwa">if</span> <span class="hl kwb">isinstance</span><span class="hl opt">(</span>obj<span class="hl opt">,</span> <span class="hl kwb">dict</span><span class="hl opt">):</span>
        <span class="hl kwa">return</span> <span class="hl kwb">dict</span><span class="hl opt">((</span>k<span class="hl opt">,</span> <span class="hl kwd">json_serialize</span><span class="hl opt">(</span>v<span class="hl opt">))</span> <span class="hl kwa">for</span> <span class="hl opt">(</span>k<span class="hl opt">,</span> v<span class="hl opt">)</span> <span class="hl kwa">in</span> obj<span class="hl opt">.</span><span class="hl kwd">iteritems</span><span class="hl opt">())</span>
    <span class="hl kwa">if</span> <span class="hl kwb">isinstance</span><span class="hl opt">(</span>obj<span class="hl opt">, (</span><span class="hl kwb">bool</span><span class="hl opt">,</span> <span class="hl kwb">float</span><span class="hl opt">,</span> <span class="hl kwb">int</span><span class="hl opt">,</span> <span class="hl kwb">long</span><span class="hl opt">,</span> <span class="hl kwb">unicode</span><span class="hl opt">,</span> NoneType<span class="hl opt">)):</span>
        <span class="hl kwa">return</span> obj
    <span class="hl kwa">if</span> <span class="hl kwb">isinstance</span><span class="hl opt">(</span>obj<span class="hl opt">,</span> <span class="hl kwb">str</span><span class="hl opt">):</span>
        <span class="hl kwa">return</span> obj<span class="hl opt">.</span><span class="hl kwd">decode</span><span class="hl opt">(</span><span class="hl str">&#39;utf-8&#39;</span><span class="hl opt">)</span>
    <span class="hl kwa">if</span> <span class="hl kwb">isinstance</span><span class="hl opt">(</span>obj<span class="hl opt">, (</span>decimal<span class="hl opt">.</span>Decimal<span class="hl opt">,</span> DN<span class="hl opt">)):</span>
        <span class="hl kwa">return</span> <span class="hl kwb">str</span><span class="hl opt">(</span>obj<span class="hl opt">)</span>
    <span class="hl kwa">if not</span> <span class="hl kwb">callable</span><span class="hl opt">(</span><span class="hl kwb">getattr</span><span class="hl opt">(</span>obj<span class="hl opt">,</span> <span class="hl str">&#39;__json__&#39;</span><span class="hl opt">,</span> <span class="hl kwa">None</span><span class="hl opt">)):</span>
        <span class="hl slc"># raise TypeError(&#39;%r is not JSON serializable&#39;)</span>
        <span class="hl kwa">return</span> <span class="hl str">&#39;&#39;</span>
    <span class="hl kwa">return</span> <span class="hl kwd">json_serialize</span><span class="hl opt">(</span>obj<span class="hl num">.__</span>json<span class="hl num">__</span><span class="hl opt">())</span>

<span class="hl kwa">def</span> <span class="hl kwd">get_current_principal</span><span class="hl opt">():</span>
    <span class="hl kwa">try</span><span class="hl opt">:</span>
        <span class="hl slc"># krbV isn&#39;t necessarily available on client machines, fail gracefully</span>
        <span class="hl kwa">import</span> krbV
        <span class="hl kwa">return</span> <span class="hl kwb">unicode</span><span class="hl opt">(</span>krbV<span class="hl opt">.</span><span class="hl kwd">default_context</span><span class="hl opt">().</span><span class="hl kwd">default_ccache</span><span class="hl opt">().</span><span class="hl kwd">principal</span><span class="hl opt">().</span>name<span class="hl opt">)</span>
    <span class="hl kwa">except</span> <span class="hl kwc">ImportError</span><span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwc">RuntimeError</span><span class="hl opt">(</span><span class="hl str">&#39;python-krbV is not available.&#39;</span><span class="hl opt">)</span>
    <span class="hl kwa">except</span> krbV<span class="hl opt">.</span>Krb5Error<span class="hl opt">:</span>
        <span class="hl slc">#TODO: do a kinit?</span>
        <span class="hl kwa">raise</span> errors<span class="hl opt">.</span><span class="hl kwd">CCacheError</span><span class="hl opt">()</span>


<span class="hl slc"># FIXME: This function has no unit test</span>
<span class="hl kwa">def</span> <span class="hl kwd">find_modules_in_dir</span><span class="hl opt">(</span>src_dir<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;</span>
<span class="hl str">    Iterate through module names found in ``src_dir``.</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">if not</span> <span class="hl opt">(</span>os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">abspath</span><span class="hl opt">(</span>src_dir<span class="hl opt">) ==</span> src_dir <span class="hl kwa">and</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">isdir</span><span class="hl opt">(</span>src_dir<span class="hl opt">)):</span>
        <span class="hl kwa">return</span>
    <span class="hl kwa">if</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">islink</span><span class="hl opt">(</span>src_dir<span class="hl opt">):</span>
        <span class="hl kwa">return</span>
    suffix <span class="hl opt">=</span> <span class="hl str">&#39;.py&#39;</span>
    <span class="hl kwa">for</span> name <span class="hl kwa">in</span> <span class="hl kwb">sorted</span><span class="hl opt">(</span>os<span class="hl opt">.</span><span class="hl kwd">listdir</span><span class="hl opt">(</span>src_dir<span class="hl opt">)):</span>
        <span class="hl kwa">if not</span> name<span class="hl opt">.</span><span class="hl kwd">endswith</span><span class="hl opt">(</span>suffix<span class="hl opt">):</span>
            <span class="hl kwa">continue</span>
        pyfile <span class="hl opt">=</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>src_dir<span class="hl opt">,</span> name<span class="hl opt">)</span>
        <span class="hl kwa">if</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">islink</span><span class="hl opt">(</span>pyfile<span class="hl opt">)</span> <span class="hl kwa">or not</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">isfile</span><span class="hl opt">(</span>pyfile<span class="hl opt">):</span>
            <span class="hl kwa">continue</span>
        module <span class="hl opt">=</span> name<span class="hl opt">[:-</span><span class="hl kwb">len</span><span class="hl opt">(</span>suffix<span class="hl opt">)]</span>
        <span class="hl kwa">if</span> module <span class="hl opt">==</span> <span class="hl str">&#39;__init__&#39;</span><span class="hl opt">:</span>
            <span class="hl kwa">continue</span>
        <span class="hl kwa">yield</span> <span class="hl opt">(</span>module<span class="hl opt">,</span> pyfile<span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">validate_host_dns</span><span class="hl opt">(</span>log<span class="hl opt">,</span> fqdn<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;</span>
<span class="hl str">    See if the hostname has a DNS A record.</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">try</span><span class="hl opt">:</span>
        answers <span class="hl opt">=</span> resolver<span class="hl opt">.</span><span class="hl kwd">query</span><span class="hl opt">(</span>fqdn<span class="hl opt">,</span> rdatatype<span class="hl opt">.</span>A<span class="hl opt">)</span>
        log<span class="hl opt">.</span><span class="hl kwd">debug</span><span class="hl opt">(</span>
            <span class="hl str">&#39;IPA: found</span> <span class="hl ipl">%d</span> <span class="hl str">records for</span> <span class="hl ipl">%s</span><span class="hl str">:</span> <span class="hl ipl">%s</span><span class="hl str">&#39;</span> <span class="hl opt">% (</span><span class="hl kwb">len</span><span class="hl opt">(</span>answers<span class="hl opt">),</span> fqdn<span class="hl opt">,</span>
                <span class="hl str">&#39; &#39;</span><span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span><span class="hl kwb">str</span><span class="hl opt">(</span>answer<span class="hl opt">)</span> <span class="hl kwa">for</span> answer <span class="hl kwa">in</span> answers<span class="hl opt">))</span>
        <span class="hl opt">)</span>
    <span class="hl kwa">except</span> DNSException<span class="hl opt">,</span> e<span class="hl opt">:</span>
        log<span class="hl opt">.</span><span class="hl kwd">debug</span><span class="hl opt">(</span>
            <span class="hl str">&#39;IPA: DNS A record lookup failed for</span> <span class="hl ipl">%s</span><span class="hl str">&#39;</span> <span class="hl opt">%</span> fqdn
        <span class="hl opt">)</span>
        <span class="hl kwa">raise</span> errors<span class="hl opt">.</span><span class="hl kwd">DNSNotARecordError</span><span class="hl opt">()</span>


<span class="hl kwa">def</span> <span class="hl kwd">has_soa_or_ns_record</span><span class="hl opt">(</span>domain<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;</span>
<span class="hl str">    Checks to see if given domain has SOA or NS record.</span>
<span class="hl str">    Returns True or False.</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">try</span><span class="hl opt">:</span>
        resolver<span class="hl opt">.</span><span class="hl kwd">query</span><span class="hl opt">(</span>domain<span class="hl opt">,</span> rdatatype<span class="hl opt">.</span>SOA<span class="hl opt">)</span>
        soa_record_found <span class="hl opt">=</span> <span class="hl kwa">True</span>
    <span class="hl kwa">except</span> DNSException<span class="hl opt">:</span>
        soa_record_found <span class="hl opt">=</span> <span class="hl kwa">False</span>

    <span class="hl kwa">try</span><span class="hl opt">:</span>
        resolver<span class="hl opt">.</span><span class="hl kwd">query</span><span class="hl opt">(</span>domain<span class="hl opt">,</span> rdatatype<span class="hl opt">.</span>NS<span class="hl opt">)</span>
        ns_record_found <span class="hl opt">=</span> <span class="hl kwa">True</span>
    <span class="hl kwa">except</span> DNSException<span class="hl opt">:</span>
        ns_record_found <span class="hl opt">=</span> <span class="hl kwa">False</span>

    <span class="hl kwa">return</span> soa_record_found <span class="hl kwa">or</span> ns_record_found


<span class="hl kwa">def</span> <span class="hl kwd">normalize_name</span><span class="hl opt">(</span>name<span class="hl opt">):</span>
    result <span class="hl opt">=</span> <span class="hl kwb">dict</span><span class="hl opt">()</span>
    components <span class="hl opt">=</span> name<span class="hl opt">.</span><span class="hl kwd">split</span><span class="hl opt">(</span><span class="hl str">&#39;&#64;&#39;</span><span class="hl opt">)</span>
    <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>components<span class="hl opt">) ==</span> <span class="hl num">2</span><span class="hl opt">:</span>
        result<span class="hl opt">[</span><span class="hl str">&#39;domain&#39;</span><span class="hl opt">] =</span> <span class="hl kwb">unicode</span><span class="hl opt">(</span>components<span class="hl opt">[</span><span class="hl num">1</span><span class="hl opt">]).</span><span class="hl kwd">lower</span><span class="hl opt">()</span>
        result<span class="hl opt">[</span><span class="hl str">&#39;name&#39;</span><span class="hl opt">] =</span> <span class="hl kwb">unicode</span><span class="hl opt">(</span>components<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">]).</span><span class="hl kwd">lower</span><span class="hl opt">()</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        components <span class="hl opt">=</span> name<span class="hl opt">.</span><span class="hl kwd">split</span><span class="hl opt">(</span><span class="hl str">&#39;</span><span class="hl esc">\\</span><span class="hl str">&#39;</span><span class="hl opt">)</span>
        <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>components<span class="hl opt">) ==</span> <span class="hl num">2</span><span class="hl opt">:</span>
            result<span class="hl opt">[</span><span class="hl str">&#39;flatname&#39;</span><span class="hl opt">] =</span> <span class="hl kwb">unicode</span><span class="hl opt">(</span>components<span class="hl opt">[</span><span class="hl num">0</span><span class="hl opt">]).</span><span class="hl kwd">lower</span><span class="hl opt">()</span>
            result<span class="hl opt">[</span><span class="hl str">&#39;name&#39;</span><span class="hl opt">] =</span> <span class="hl kwb">unicode</span><span class="hl opt">(</span>components<span class="hl opt">[</span><span class="hl num">1</span><span class="hl opt">]).</span><span class="hl kwd">lower</span><span class="hl opt">()</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            result<span class="hl opt">[</span><span class="hl str">&#39;name&#39;</span><span class="hl opt">] =</span> <span class="hl kwb">unicode</span><span class="hl opt">(</span>name<span class="hl opt">).</span><span class="hl kwd">lower</span><span class="hl opt">()</span>
    <span class="hl kwa">return</span> result

<span class="hl kwa">def</span> <span class="hl kwd">isvalid_base64</span><span class="hl opt">(</span>data<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;</span>
<span class="hl str">    Validate the incoming data as valid base64 data or not.</span>
<span class="hl str"></span>
<span class="hl str">    The character set must only include of a-z, A-Z, 0-9, + or / and</span>
<span class="hl str">    be padded with = to be a length divisible by 4 (so only 0-2 =s are</span>
<span class="hl str">    allowed). Its length must be divisible by 4. White space is</span>
<span class="hl str">    not significant so it is removed.</span>
<span class="hl str"></span>
<span class="hl str">    This doesn&#39;t guarantee we have a base64-encoded value, just that it</span>
<span class="hl str">    fits the base64 requirements.</span>
<span class="hl str">    &quot;&quot;&quot;</span>

    data <span class="hl opt">=</span> <span class="hl str">&#39;&#39;</span><span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">(</span>data<span class="hl opt">.</span><span class="hl kwd">split</span><span class="hl opt">())</span>

    <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>data<span class="hl opt">) %</span> <span class="hl num">4</span> <span class="hl opt">&gt;</span> <span class="hl num">0</span> <span class="hl kwa">or</span> \
        re<span class="hl opt">.</span><span class="hl kwd">match</span><span class="hl opt">(</span><span class="hl str">&#39;^[a-zA-Z0-9\+\/]+\={0,2}$&#39;</span><span class="hl opt">,</span> data<span class="hl opt">)</span> <span class="hl kwa">is None</span><span class="hl opt">:</span>
        <span class="hl kwa">return False</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        <span class="hl kwa">return True</span>

<span class="hl kwa">def</span> <span class="hl kwd">validate_ipaddr</span><span class="hl opt">(</span>ipaddr<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;</span>
<span class="hl str">    Check to see if the given IP address is a valid IPv4 or IPv6 address.</span>
<span class="hl str"></span>
<span class="hl str">    Returns True or False</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">try</span><span class="hl opt">:</span>
        socket<span class="hl opt">.</span><span class="hl kwd">inet_pton</span><span class="hl opt">(</span>socket<span class="hl opt">.</span>AF_INET<span class="hl opt">,</span> ipaddr<span class="hl opt">)</span>
    <span class="hl kwa">except</span> socket<span class="hl opt">.</span>error<span class="hl opt">:</span>
        <span class="hl kwa">try</span><span class="hl opt">:</span>
            socket<span class="hl opt">.</span><span class="hl kwd">inet_pton</span><span class="hl opt">(</span>socket<span class="hl opt">.</span>AF_INET6<span class="hl opt">,</span> ipaddr<span class="hl opt">)</span>
        <span class="hl kwa">except</span> socket<span class="hl opt">.</span>error<span class="hl opt">:</span>
            <span class="hl kwa">return False</span>
    <span class="hl kwa">return True</span>

<span class="hl kwa">def</span> <span class="hl kwd">check_writable_file</span><span class="hl opt">(</span>filename<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot;</span>
<span class="hl str">    Determine if the file is writable. If the file doesn&#39;t exist then</span>
<span class="hl str">    open the file to test writability.</span>
<span class="hl str">    &quot;&quot;&quot;</span>
    <span class="hl kwa">if</span> filename <span class="hl kwa">is None</span><span class="hl opt">:</span>
        <span class="hl kwa">raise</span> errors<span class="hl opt">.</span><span class="hl kwd">FileError</span><span class="hl opt">(</span>reason<span class="hl opt">=</span><span class="hl kwd">_</span><span class="hl opt">(</span><span class="hl str">&#39;Filename is empty&#39;</span><span class="hl opt">))</span>
    <span class="hl kwa">try</span><span class="hl opt">:</span>
        <span class="hl kwa">if</span> os<span class="hl opt">.</span>path<span class="hl opt">.</span><span class="hl kwd">exists</span><span class="hl opt">(</span>filename<span class="hl opt">):</span>
            <span class="hl kwa">if not</span> os<span class="hl opt">.</span><span class="hl kwd">access</span><span class="hl opt">(</span>filename<span class="hl opt">,</span> os<span class="hl opt">.</span>W_OK<span class="hl opt">):</span>
                <span class="hl kwa">raise</span> errors<span class="hl opt">.</span><span class="hl kwd">FileError</span><span class="hl opt">(</span>reason<span class="hl opt">=</span><span class="hl kwd">_</span><span class="hl opt">(</span><span class="hl str">&#39;Permission denied:</span> <span class="hl ipl">%(file)s</span><span class="hl str">&#39;</span><span class="hl opt">) %</span> <span class="hl kwb">dict</span><span class="hl opt">(</span><span class="hl kwb">file</span><span class="hl opt">=</span>filename<span class="hl opt">))</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            fp <span class="hl opt">=</span> <span class="hl kwb">open</span><span class="hl opt">(</span>filename<span class="hl opt">,</span> <span class="hl str">&#39;w&#39;</span><span class="hl opt">)</span>
            fp<span class="hl opt">.</span><span class="hl kwd">close</span><span class="hl opt">()</span>
    <span class="hl kwa">except</span> <span class="hl opt">(</span><span class="hl kwc">IOError</span><span class="hl opt">,</span> <span class="hl kwc">OSError</span><span class="hl opt">),</span> e<span class="hl opt">:</span>
        <span class="hl kwa">raise</span> errors<span class="hl opt">.</span><span class="hl kwd">FileError</span><span class="hl opt">(</span>reason<span class="hl opt">=</span><span class="hl kwb">str</span><span class="hl opt">(</span>e<span class="hl opt">))</span>

<span class="hl kwa">def</span> <span class="hl kwd">normalize_zonemgr</span><span class="hl opt">(</span>zonemgr<span class="hl opt">):</span>
    <span class="hl kwa">if not</span> zonemgr<span class="hl opt">:</span>
        <span class="hl slc"># do not normalize empty or None value</span>
        <span class="hl kwa">return</span> zonemgr
    <span class="hl kwa">if</span> <span class="hl str">&#39;&#64;&#39;</span> <span class="hl kwa">in</span> zonemgr<span class="hl opt">:</span>
        <span class="hl slc"># local-part needs to be normalized</span>
        name<span class="hl opt">,</span> at<span class="hl opt">,</span> domain <span class="hl opt">=</span> zonemgr<span class="hl opt">.</span><span class="hl kwd">partition</span><span class="hl opt">(</span><span class="hl str">&#39;&#64;&#39;</span><span class="hl opt">)</span>
        name <span class="hl opt">=</span> name<span class="hl opt">.</span><span class="hl kwd">replace</span><span class="hl opt">(</span><span class="hl str">&#39;.&#39;</span><span class="hl opt">,</span> <span class="hl str">&#39;</span><span class="hl esc">\\</span><span class="hl str">.&#39;</span><span class="hl opt">)</span>
        zonemgr <span class="hl opt">=</span> u<span class="hl str">&#39;&#39;</span><span class="hl opt">.</span><span class="hl kwd">join</span><span class="hl opt">((</span>name<span class="hl opt">,</span> u<span class="hl str">&#39;.&#39;</span><span class="hl opt">,</span> domain<span class="hl opt">))</span>

    <span class="hl kwa">if not</span> zonemgr<span class="hl opt">.</span><span class="hl kwd">endswith</span><span class="hl opt">(</span><span class="hl str">&#39;.&#39;</span><span class="hl opt">):</span>
        zonemgr <span class="hl opt">=</span> zonemgr <span class="hl opt">+</span> u<span class="hl str">&#39;.&#39;</span>

    <span class="hl kwa">return</span> zonemgr

<span class="hl kwa">def</span> <span class="hl kwd">normalize_zone</span><span class="hl opt">(</span>zone<span class="hl opt">):</span>
    <span class="hl kwa">if</span> zone<span class="hl opt">[-</span><span class="hl num">1</span><span class="hl opt">] !=</span> <span class="hl str">&#39;.&#39;</span><span class="hl opt">:</span>
        <span class="hl kwa">return</span> zone <span class="hl opt">+</span> <span class="hl str">&#39;.&#39;</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        <span class="hl kwa">return</span> zone

<span class="hl kwa">def</span> <span class="hl kwd">validate_dns_label</span><span class="hl opt">(</span>dns_label<span class="hl opt">,</span> allow_underscore<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">):</span>
    label_chars <span class="hl opt">=</span> r<span class="hl str">&#39;a-z0-9&#39;</span>
    underscore_err_msg <span class="hl opt">=</span> <span class="hl str">&#39;&#39;</span>
    <span class="hl kwa">if</span> allow_underscore<span class="hl opt">:</span>
        label_chars <span class="hl opt">+=</span> <span class="hl str">&quot;_&quot;</span>
        underscore_err_msg <span class="hl opt">=</span> u<span class="hl str">&#39; _,&#39;</span>
    label_regex <span class="hl opt">=</span> r<span class="hl str">&#39;^[</span><span class="hl ipl">%(chars)s</span><span class="hl str">]([</span><span class="hl ipl">%(chars)s</span><span class="hl str">-]?[</span><span class="hl ipl">%(chars)s</span><span class="hl str">])*$&#39;</span> <span class="hl opt">%</span> <span class="hl kwb">dict</span><span class="hl opt">(</span>chars<span class="hl opt">=</span>label_chars<span class="hl opt">)</span>
    regex <span class="hl opt">=</span> re<span class="hl opt">.</span><span class="hl kwb">compile</span><span class="hl opt">(</span>label_regex<span class="hl opt">,</span> re<span class="hl opt">.</span>IGNORECASE<span class="hl opt">)</span>

    <span class="hl kwa">if not</span> dns_label<span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwc">ValueError</span><span class="hl opt">(</span><span class="hl kwd">_</span><span class="hl opt">(</span><span class="hl str">&#39;empty DNS label&#39;</span><span class="hl opt">))</span>

    <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>dns_label<span class="hl opt">) &gt;</span> <span class="hl num">63</span><span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwc">ValueError</span><span class="hl opt">(</span><span class="hl kwd">_</span><span class="hl opt">(</span><span class="hl str">&#39;DNS label cannot be longer that 63 characters&#39;</span><span class="hl opt">))</span>

    <span class="hl kwa">if not</span> regex<span class="hl opt">.</span><span class="hl kwd">match</span><span class="hl opt">(</span>dns_label<span class="hl opt">):</span>
        <span class="hl kwa">raise</span> <span class="hl kwc">ValueError</span><span class="hl opt">(</span><span class="hl kwd">_</span><span class="hl opt">(</span><span class="hl str">&#39;only letters, numbers,</span><span class="hl ipl">%(underscore)s</span> <span class="hl str">and - are allowed. &#39;</span> \
                           <span class="hl str">&#39;DNS label may not start or end with -&#39;</span><span class="hl opt">)</span> \
                           <span class="hl opt">%</span> <span class="hl kwb">dict</span><span class="hl opt">(</span>underscore<span class="hl opt">=</span>underscore_err_msg<span class="hl opt">))</span>

<span class="hl kwa">def</span> <span class="hl kwd">validate_domain_name</span><span class="hl opt">(</span>domain_name<span class="hl opt">,</span> allow_underscore<span class="hl opt">=</span><span class="hl kwa">False</span><span class="hl opt">):</span>
    <span class="hl kwa">if</span> domain_name<span class="hl opt">.</span><span class="hl kwd">endswith</span><span class="hl opt">(</span><span class="hl str">&#39;.&#39;</span><span class="hl opt">):</span>
        domain_name <span class="hl opt">=</span> domain_name<span class="hl opt">[:-</span><span class="hl num">1</span><span class="hl opt">]</span>

    domain_name <span class="hl opt">=</span> domain_name<span class="hl opt">.</span><span class="hl kwd">split</span><span class="hl opt">(</span><span class="hl str">&quot;.&quot;</span><span class="hl opt">)</span>

    <span class="hl slc"># apply DNS name validator to every name part</span>
    <span class="hl kwb">map</span><span class="hl opt">(</span><span class="hl kwa">lambda</span> label<span class="hl opt">:</span><span class="hl kwd">validate_dns_label</span><span class="hl opt">(</span>label<span class="hl opt">,</span>allow_underscore<span class="hl opt">),</span> domain_name<span class="hl opt">)</span>


<span class="hl kwa">def</span> <span class="hl kwd">validate_zonemgr</span><span class="hl opt">(</span>zonemgr<span class="hl opt">):</span>
    <span class="hl str">&quot;&quot;&quot; See RFC 1033, 1035 &quot;&quot;&quot;</span>
    regex_local_part <span class="hl opt">=</span> re<span class="hl opt">.</span><span class="hl kwb">compile</span><span class="hl opt">(</span>r<span class="hl str">&#39;^[a-z0-9]([a-z0-9-_]?[a-z0-9])*$&#39;</span><span class="hl opt">,</span>
                                    re<span class="hl opt">.</span>IGNORECASE<span class="hl opt">)</span>
    local_part_errmsg <span class="hl opt">=</span> <span class="hl kwd">_</span><span class="hl opt">(</span><span class="hl str">&#39;mail account may only include letters, numbers, -, _ and a dot. There may not be consecutive -, _ and . characters. Its parts may not start or end with - or _&#39;</span><span class="hl opt">)</span>
    local_part_sep <span class="hl opt">=</span> <span class="hl str">&#39;.&#39;</span>
    local_part <span class="hl opt">=</span> <span class="hl kwa">None</span>
    domain <span class="hl opt">=</span> <span class="hl kwa">None</span>

    <span class="hl kwa">if</span> <span class="hl kwb">len</span><span class="hl opt">(</span>zonemgr<span class="hl opt">) &gt;</span> <span class="hl num">255</span><span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwc">ValueError</span><span class="hl opt">(</span><span class="hl kwd">_</span><span class="hl opt">(</span><span class="hl str">&#39;cannot be longer that 255 characters&#39;</span><span class="hl opt">))</span>

    <span class="hl kwa">if</span> zonemgr<span class="hl opt">.</span><span class="hl kwd">endswith</span><span class="hl opt">(</span><span class="hl str">&#39;.&#39;</span><span class="hl opt">):</span>
        zonemgr <span class="hl opt">=</span> zonemgr<span class="hl opt">[:-</span><span class="hl num">1</span><span class="hl opt">]</span>

    <span class="hl kwa">if</span> zonemgr<span class="hl opt">.</span><span class="hl kwd">count</span><span class="hl opt">(</span><span class="hl str">&#39;&#64;&#39;</span><span class="hl opt">) ==</span> <span class="hl num">1</span><span class="hl opt">:</span>
        local_part<span class="hl opt">,</span> dot<span class="hl opt">,</span> domain <span class="hl opt">=</span> zonemgr<span class="hl opt">.</span><span class="hl kwd">partition</span><span class="hl opt">(</span><span class="hl str">&#39;&#64;&#39;</span><span class="hl opt">)</span>
    <span class="hl kwa">elif</span> zonemgr<span class="hl opt">.</span><span class="hl kwd">count</span><span class="hl opt">(</span><span class="hl str">&#39;&#64;&#39;</span><span class="hl opt">) &gt;</span> <span class="hl num">1</span><span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwc">ValueError</span><span class="hl opt">(</span><span class="hl kwd">_</span><span class="hl opt">(</span><span class="hl str">&#39;too many</span> <span class="hl esc">\&#39;</span><span class="hl str">&#64;</span><span class="hl esc">\&#39;</span> <span class="hl str">characters&#39;</span><span class="hl opt">))</span>
    <span class="hl kwa">else</span><span class="hl opt">:</span>
        last_fake_sep <span class="hl opt">=</span> zonemgr<span class="hl opt">.</span><span class="hl kwd">rfind</span><span class="hl opt">(</span><span class="hl str">&#39;</span><span class="hl esc">\\</span><span class="hl str">.&#39;</span><span class="hl opt">)</span>
        <span class="hl kwa">if</span> last_fake_sep <span class="hl opt">!= -</span><span class="hl num">1</span><span class="hl opt">:</span> <span class="hl slc"># there is a &#39;fake&#39; local-part/domain separator</span>
            local_part_sep <span class="hl opt">=</span> <span class="hl str">&#39;</span><span class="hl esc">\\</span><span class="hl str">.&#39;</span>
            sep <span class="hl opt">=</span> zonemgr<span class="hl opt">.</span><span class="hl kwd">find</span><span class="hl opt">(</span><span class="hl str">&#39;.&#39;</span><span class="hl opt">,</span> last_fake_sep<span class="hl opt">+</span><span class="hl num">2</span><span class="hl opt">)</span>
            <span class="hl kwa">if</span> sep <span class="hl opt">!= -</span><span class="hl num">1</span><span class="hl opt">:</span>
                local_part <span class="hl opt">=</span> zonemgr<span class="hl opt">[:</span>sep<span class="hl opt">]</span>
                domain <span class="hl opt">=</span> zonemgr<span class="hl opt">[</span>sep<span class="hl opt">+</span><span class="hl num">1</span><span class="hl opt">:]</span>
        <span class="hl kwa">else</span><span class="hl opt">:</span>
            local_part<span class="hl opt">,</span> dot<span class="hl opt">,</span> domain <span class="hl opt">=</span> zonemgr<span class="hl opt">.</span><span class="hl kwd">partition</span><span class="hl opt">(</span><span class="hl str">&#39;.&#39;</span><span class="hl opt">)</span>

    <span class="hl kwa">if not</span> domain<span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwc">ValueError</span><span class="hl opt">(</span><span class="hl kwd">_</span><span class="hl opt">(</span><span class="hl str">&#39;missing address domain&#39;</span><span class="hl opt">))</span>

    <span class="hl kwd">validate_domain_name</span><span class="hl opt">(</span>domain<span class="hl opt">)</span>

    <span class="hl kwa">if not</span> local_part<span class="hl opt">:</span>
        <span class="hl kwa">raise</span> <span class="hl kwc">ValueError</span><span class="hl opt">(</span><span class="hl kwd">_</span><span class="hl opt">(</span><span class="hl str">&#39;missing mail account&#39;</span><span class="hl opt">))</span>