Ñò ÓXc @s9ddkZddkZddkZddkTddkZddkZddklZddklZl Z l Z lZlZl Z ddklZddklZdZdZdZd Zd ZdZdZd ZdZh dd6de6de6de6de6de6de6de6de6Zdefd„ƒYZdS(iÿÿÿÿN(t*(t LDAPError(truntCalledProcessErrortvalid_iptget_ipa_basedntrealm_to_suffixt format_netloc(tDN(t dnsclients/etc/ipa/ca.crtiþÿÿÿiýÿÿÿiüÿÿÿiûÿÿÿiúÿÿÿiöÿÿÿiñÿÿÿtSuccessitNOT_FQDNtNO_LDAP_SERVERtREALM_NOT_FOUNDtNOT_IPA_SERVERtNO_ACCESS_TO_LDAPtNO_TLS_LDAPtBAD_HOST_CONFIGt UNKNOWN_ERRORtIPADiscoverycBs˜eZd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Z dddddd „Zdd „Ze d„Zdd„Zdd „ZRS(cCsUd|_d|_d|_g|_d|_d|_d|_d|_d|_ dS(N( tNonetrealmtdomaintservertserverstbasedntrealm_sourcet domain_sourcet server_sourcet basedn_source(tself((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pyt__init__:s cCsëg}d }y¹tddƒ}|iƒ}|iƒx|D]…}|iƒidƒo|iƒddf}q;|iƒidƒo9|g}|iƒdD]}||dfqŸ~7}q;q;WWnnX|o|g|}n|S( sÖ Read /etc/resolv.conf and return all the domains found in domain and search. Returns a list of (domain, info) pairs. The info contains a reason why the domain is returned. s/etc/resolv.conftrRiÿÿÿÿs"local domain from /etc/resolv.conftsearchis#search domain from /etc/resolv.confN(Rtopent readlinestclosetlowert startswithtsplit(RtdomainsRtfptlinestlinet_[1]td((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pyt__get_resolver_domainsFs& 7cCs|iS(N(R(R((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pyt getServerNamebscCs|iS(N(R(R((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pyt getDomainNameescCs|iS(N(R(R((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pytgetRealmNamehscCs|iS(N(tkdc(R((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pyt getKDCNamekscCs|iS(N(R(R((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pyt getBaseDNnscCs»d }tidd||ƒx—|p||jotid|ƒPn|i|ƒ|i|dddtƒ}|o||fS|idƒ}|djodS||d }q WdS( s• Given a domain search it for SRV records, breaking it down to search all subdomains too. Returns a tuple (servers, domain) or (None,None) if a SRV record isn't found. servers is a list of servers found. domain is a string. :param tried: A set of domains that were tried already :param reason: Reason this domain is searched (included in the log) s1Start searching for LDAP SRV record in "%s" (%s) sand its sub-domainssAlready searched %s; skippings _ldap._tcpi…tbreak_on_firstt.iÿÿÿÿiN(NN(NN(Rtroot_loggertdebugtaddtipadns_search_srvtFalsetfind(RRttriedtreasonRtp((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pytcheck_domainqs$ tcCstidƒtid|||ƒd#|_t}|p¡|p#|p tiƒ}tid|ƒn|ptSt|ƒot S|i dƒ}|djot S||d}|iƒ}|dfg|}tƒ} xd|D]\\}} |i || | ƒ\}}|o.t}||_d|| f|_|_PqãqãW|iptid ƒtSqtid |ƒ|i|ddd tƒ}|o't}||_d||_|_qd#|_tid ƒtSn'tidƒ||_d|_|_tidƒ|o#tidƒ||_d|_n&|iƒ}||_d|i|_|o |otS|iƒ|_d|i|_tg}t}tidƒg} x?|D]7}tid||iƒ|i||id|ƒ}|ddjoQ|d|_|d|_d|i|_|_| id|ƒ|oPqðq¹|dtjp|dtjo&t}| id|ƒ|oPqðq¹|dtjoti d||iƒq¹|dtjotid||iƒq¹q¹W|oB|id#jo2|ii!ƒ|_d|_tid|iƒn|oC|i"d#jo3t#|iƒ|_"d|_$tid|i"ƒntid t%i&|d|dƒ|i|i|i|i"ƒtid!d"i'| ƒƒ| |_(| o|d|_d|dStarting IPA discovery with domain=%s, servers=%s, hostname=%ssHostname: %sR6iÿÿÿÿisdomain of the hostnames(Discovered LDAP SRV records from %s (%s)sNo LDAP server founds Search for LDAP SRV record in %ss _ldap._tcpi…R5s#Discovered LDAP SRV records from %ssServer and domain forcedtForceds[Kerberos realm search]sKerberos realm forceds'Discovered Kerberos DNS records from %ss[LDAP server check]s-Verifying that %s (realm %s) is an IPA servertca_cert_pathiis&Discovered from LDAP DNS records in %ss"%s (realm %s) is not an IPA servers4Unable to verify that %s (realm %s) is an IPA serversAssumed same as domains(Assuming realm is the same as domain: %ssGenerated from Kerberos realmsGenerated basedn from realm: %ss=Discovery result: %s; server=%s, domain=%s, kdc=%s, basedn=%ssValidated servers: %st,N()R7R8RRR;tsockettgetfqdnRRRR<t#_IPADiscovery__get_resolver_domainstsetR@tTrueRRRRR:RRtipadnssearchkrbrealmR tipadnssearchkrbkdcR2t kdc_sourceRtipacheckldaptinsertRRtwarntupperRRRterror_namestgettjoinR(RRRRthostnameRCtautodiscoveredR?R(R=R>tldaprett ldapaccesst valid_serversR((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pyR!sÔ " c Cs*g}d}ydt|dƒ}tid|ƒti|ƒ}|oGtititƒtiti|ƒ|iti tƒ|i ƒn|itidƒ|iddƒtidƒt |ƒ}|djotidƒtgS||_d ||_tid |iƒ|ittd|iƒƒtid ƒ} | ptgSxg| D]_} tid| dƒxB| dD]6}|iƒdjo|i| d|dƒq{q{WqVW|o4x)|D]!}||jod||gSqÇWtgSt|ƒdjotgSd||dgStgSWnûtj oï} t| tiƒotidƒtgSt| tiƒotidƒtgSt| ti ƒotidƒt!gS|djo(t| ti"ƒotidƒt#gSti$d| i%dd| i%di&ddƒfƒtgSXdS(s¬ Given a host and kerberos realm verify that it is an IPA LDAP server hosting the realm. Returns a list [errno, host, realm] or an empty list on error. Errno is an error number: 0 means all ok 1 means we could not check the info in LDAP (may happend when anonymous binds are disabled) 2 means the server is certainly not an IPA server isldap://i…sInit LDAP connection with: %siRAs"Search LDAP server for IPA base DNsThe server is not an IPA serversFrom IPA server %ss6Search for (objectClass=krbRealmContainer) in %s (sub)tcntkerbeross(objectClass=krbRealmContainer)s Found: %sisLDAP Error: timeoutsLDAP Error: server downs(LDAP Error: Anonymous access not allowedsSLDAP server returned UNWILLING_TO_PERFORM. This likely means that minssf is enabledsLDAP Error: %s: %stdesctinfoN(RYRZ('RR7R8tldapt initializet set_optiontOPT_X_TLS_REQUIRE_CERTRItOPT_X_TLS_CACERTFILEtOPT_X_TLS_DEMANDtstart_tls_stOPT_PROTOCOL_VERSIONt simple_bind_sRRRRRtsearch_ststrRt SCOPE_SUBTREER R%tappendtlenRRt isinstancetTIMEOUTRtSERVER_DOWNtINAPPROPRIATE_AUTHRtUNWILLING_TO_PERFORMRterrortargsRR(RtthostttrealmRCtlrealmstitldap_urltlhRtlrettlrestlattrR terr((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pyRM;sv *% ,c CsFg}d||f}|idƒp|d7}ntid|ƒti|titiƒ}|ptidƒnxÈ|D]À}|itijo§tid|ƒ|ii i dƒ} | ptid|ƒq~n|dj o:|iio-|ii|jod| |iif} n|i | ƒ|oPq>q~q~W|S( s_ Search for SRV records in given domain. When no record is found, en empty list is returned :param domain: Search domain name :param srv_record_name: SRV record name, e.g. "_ldap._tcp" :param default_port: When default_port is not None, it is being checked with the port in SRV record and if they don't match, the port from SRV record is appended to found hostname in this format: "hostname:port" :param break_on_first: break on the first find and return just one entry s%s.%sR6sSearch DNS for SRV record of %ssNo DNS record foundsDNS record found: %ss-Cannot parse the hostname from SRV record: %ss%s:%sN(tendswithR7R8R tquerytDNS_C_INt DNS_T_SRVtdns_typetrdataRtrstripRtportRi( RRtsrv_record_nametdefault_portR5RtqnametresultstresultR((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pyR:œs. cCsêd}|p |i}nd|}|idƒp|d7}ntid|ƒti|titiƒ}|ptidƒnx^|D]V}|i tijo=tid|ƒ|i io|i i}n|oPqâqŒqŒW|S(Ns _kerberos.R6sSearch DNS for TXT record of %ssNo DNS record foundsDNS record found: %s(RRR|R7R8R R}R~t DNS_T_TXTR€Rtdata(RRRR†R‡Rˆ((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pyRJÇs& cCsjd}|p |i}n|i|dddtƒ}|odi|ƒ}ntid|ƒd}|S(Ns_kerberos._udpiXR5RDs(SRV record for KDC not found! Domain: %s(RRR:R;RSR7R8(RRR2((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pyRKßs N(t__name__t __module__RRGR/R0R1R3R4R@RR!RMRIR:RJRK(((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pyR8s «b*(REtostcopytipapython.ipa_log_managerttempfileR]Rtipapython.ipautilRRRRRRtipapython.dnRt ipapythonR tCACERTRRR RRRRRRQtobjectR(((s:/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.pyts: .