Xc%@sdZdZdZdZddkZddkZddkZddkZddkZddk Z ddk Z ddk Z ddk Z ddk Z ddkZddkZddkZddkZddkZddkTddkZddkZddkZddkZddkZddkZddkTddklZlZddklZdd kl Z ydd kl!Z!Wn)e"j od e#fd YZ!nXd Z$dei%fdYZ&dZ'ddZ)dZ*dZ+dZ,dZ-dZ.dZ/dZ0de1d8de1ddZ2dZ3dZ4dZ5dZ6dZ7ddZ8dd Z9d!e:fd"YZ;d#ei<fd$YZ=d%Z>ddd&Z?de1d'Z@d(ZAeiBdd)ZCeiBddd*ZDd+ZEd,ZFe:e:d-ZGe:e:d.ZHe:e:d/ZId0ZJd1ZKd2d3ZLd2d4ZMd5ZNd6ZOd7ZPdS(9s/usr/share/ipa/s/usr/share/ipa/pluginsi sipa v2.0iN(t*(t ipavalidatet dnsclient(tconfig(tDN(tCalledProcessErrorRcBs eZdZdZdZRS(sThis exception is raised when a process run by check_call() returns a non-zero exit status. The exit status will be stored in the returncode attribute.cCs||_||_dS(N(t returncodetcmd(tselfRR((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyt__init__<s cCsd|i|ifS(Ns-Command '%s' returned non-zero exit status %d(RR(R((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyt__str__?s(t__name__t __module__t__doc__R R (((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyR8s cCs8ytitii}Wntj odSX|S(N(Rt init_configt get_domaint ExceptiontNone(t domain_name((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pytget_domain_nameBs  tCheckedIPAddresscBs5eZeiZeeeeeedZdZRS(c Cst|toHtt|i|d|i|i|_|i|_|i|_dSd}d} t } t|t i o|}|i }nt|t i onyyt i |d|i}Wnt ij oyt|tpn|id\}} } | djont i |d|i}|idjoqQnXWnKtj o?t i |d|i}|ptdn|i }nX|idjotdn| o|iotdn|i o |ip|t i ijotdn|iotd n| o|iotd n|o|idjo d } n|idjo d } ntd d| dddg}|did}x|D]~}|i}t|djoqnt i |d}||jp|djo%|i |jo|}|d} PqqW| djotdq{n|djoit} |idjo"t i t it|}q|idjot i t|d}qn| o ||ijotdn| o0|idjo ||ijotdntt|i|d|i|i|_| |_| |_dS(Ntflagst%is*netmask and prefix length not allowed hereisunsupported IP versionscannot use loopback IP addresss#cannot use IANA reserved IP addresss cannot use link-local IP addressscannot use multicast IP addresstinettinet6s/sbin/ips-familys-onelinetaddresstshowis iis@No network interface matches the provided IP address and netmasks/64scannot use IP network addressscannot use broadcast IP address(ii( t isinstanceRtsuperR tnetaddr_ip_flagst prefixlent defaultnett interfaceRtFalsetnetaddrt IPNetworktipt IPAddresstAddrFormatErrort basestringt partitiontversiont ValueErrort is_loopbackt is_reservedt IPV4_6TO4t is_link_localt is_multicasttruntsplittlentTruetcidr_abbrev_to_verbosetstrtnetworkt broadcast(Rtaddrt match_localt parse_netmaskt allow_networktallow_loopbacktallow_broadcasttallow_multicasttnettifacetdefnettseptfootfamilytipresulttlinestlinetfieldstifnet((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyR Rs         *    "!(  cCs |idj S(N(R R(R((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pytis_locals( R R R"t INET_PTONRR!R3R RJ(((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyRKs  \cCsti|p ti|S(N(R"t valid_ipv4t valid_ipv6(R8((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pytvalid_ipscCspt|}y!titi|d|}Wntij onX|djo|Sd|t|fSdS(s Format network location (host:port). If the host part is a literal IPv6 address, it must be enclosed in square brackets (RFC 2732). s[%s]s%s:%sN(R5tsockett inet_ptontAF_INET6terrorR(thosttport((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyt format_netlocs  cCsF|id}tg}|D]}|d|ifq~}|S(s)Convert a kerberos realm to a IPA suffix.t.tdc(R1Rtlower(t realm_nametst_[1]txt suffix_dn((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pytrealm_to_suffixs3cCs1dig}|D]}||iq~}|S(s)Convert a IPA suffix to a kerberos realm.RV(tjointvalue(R]R[R\trealm((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pytsuffix_to_realms-cCs@ti|i|}tid}|id|}|S(Ns(eval\s*\(([^()]*)\))cSstt|idS(i(R5tevaltgroup(R\((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyts(tstringtTemplatet substitutetretcompiletsub(ttxttvarstvaltpattern((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyt template_strscCs@t|ii}z |~}t|i|SWdQXdS(s.Read a file and perform template substitutionsN(topent__exit__t __enter__Rptread(t infilenameRmR[tf((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyt template_files#cCsLt||}t|dii}z|~}|i|WdQXdS(s.Copy a file, performing template substitutionstwN(RwRqRrRstwrite(Rut outfilenameRmRlR[tfile((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pytcopy_template_files&cCs'ti}|i||i|S(N(ttempfiletNamedTemporaryFileRytflush(Rltfd((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pytwrite_tmp_files   cCsd|idddS(Nt's'\''(treplace(Rf((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyt shell_quotesc Csd}d}d} t|totdn|djo titi}d|d Case-insensitive but case-respecting dictionary. This code is derived from python-ldap's cidict.py module, written by stroeder: http://python-ldap.sourceforge.net/ This version extends 'dict' so it works properly with TurboGears. If you extend UserDict, isinstance(foo, dict) returns false. cCs4tt|ih|_|i|phdS(N(RRR t_keystupdate(Rtdefault((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyR s cCstt|i|iS(N(RRt __getitem__RX(Rtkey((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyRscCs2|i}||i|Parses are Generalized Time string (as specified in X.680), returning a datetime object. Generalized Times are stored inside the krbPasswordExpiration attribute in LDAP. This method doesn't attempt to be perfect wrt timezones. If python can't be bothered to implement them, how can we...iiiiis\dt,RViii<i@BN( R2RRRiRtfloattdivmodRRR*(ttimestrtdatettimetyeartmonthtdaythourtmintsectmsecttzonet hour_fractiont total_secst min_fractiont sec_fraction((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pytparse_generalized_time#sb  * 5 ** 5 ** 5 *&cCs|ptititid}n|iotdn|p t}nt|d}d}ti }xt |D]s}||i d|}|djp||djo/x,|io||i d|}qWn||7}qW|S(s Generates password. Password cannot start or end with a whitespace character. It also cannot be formed by whitespace characters only. Length of password as well as string of characters to be used by generator could be optionaly specified by characters and pwd_len parameters, otherwise default values will be used: characters string will be formed by all printable non-whitespace characters and space, pwd_len will be equal to value of GEN_PWD_LEN. Rs-password cannot be formed by whitespaces onlyiRi( Rftdigitst ascii_letterst punctuationtisspaceR*t GEN_PWD_LENR2trandomt SystemRandomtrangetrandint(t characterstpwd_lent upper_boundtrndpwdtrR\trndchar((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pytipa_generate_passwordbs$      cCs|djo<x9to-td|}|p |io|SqWnt|toVxStoGtd||f}| o|p|o|S|io|Sq\Wnt|to|o d}nd}xjto^td||f}|p|S|iddjotS|iddjotSqWnt|t o_x\toPy2td||f}|p|St |}Wnt j oqVX|SqVWndS(Ns%s: s %s [%s]: tyestnoitytn( RR3t raw_inputtstripRR'tboolRXR!RR*(tpromptRt allow_emptytrettchoice((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyt user_inputsL   cCsHy|d}|d}Wn#|dd}|dd}nX||fS(sl A GSSError exception looks differently in python 2.4 than it does in python 2.5. Deal with it. ii((tetmajortminor((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pyt get_gsserrors c Csx ti||ti|D]}|\}}}}} zyyti|||} Wntij od} wnX|dj o| i|n| i| |tijo| id| i dnt SWntij o } nXWd| o| i nXqWt S(NRi( ROt getaddrinfot AF_UNSPECRRRt settimeouttconnectt SOCK_DGRAMtsendtrecvR3tcloseR!( RSRTt socket_typetsocket_timeouttrestaftsocktypetprotot canonnametsaRZR((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pythost_port_opens,    cCsd}d}titif}d}x|D]w}y%ti||||dti} Wn!tij o} | }q+nXx%| D]} | \} } }}}yti| | |}Wn'tij o} | }d}qnX|dj o|idn| tijo:y|iti ti dWqGtij oqGXn|ti jo|iti ti dnzy|i|xto|ti joM|id|i\}}z|o|i|nWd|iXq|tijo4|id\}}|o|i||q2qqWWnItij o n2tij o"} | }|id}wnXWd|o|inXqWq+W|djo|dj o |ndS(Nii(RRORQtAF_INETR"t AI_PASSIVERRR$t setsockoptt IPPROTO_IPV6t IPV6_V6ONLYt SOCK_STREAMt SOL_SOCKETt SO_REUSEADDRtbindR3tlistentaccepttsendallR)R&trecvfromtsendtottimeout(RTR*R+tresponder_dataRStlast_socket_errortfamiliesRZRDt addr_infosRR,R-R.R/R0R1t connectiontclient_addresstdataR8((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pytbind_port_respondersr    !  cCs|idp|d}nx|titifD]h}ti|ti|}tg}|D]$}|itij o ||q]q]~djot Sq1Wt S(NRVi( tendswithRtDNS_T_At DNS_T_AAAAtquerytDNS_C_INR2tdns_typet DNS_T_SOAR3R!(tfqdntrdtypetrsR[trec((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pytis_host_resolvablesE cCs|iddtidddg}|ddid}|ptiddS|ddidoX|dddd}||jo|i|n|id|ddddnx|D]}tid |y|i |tid }Wn&ti j otid qnXt |djotid qn|ddd di }|t jotid|t fqntid|t|SWdS(s Get base DN of IPA suffix in given LDAP server. None is returned if the suffix is not found :param conn: Bound LDAP connection that will be used for searching RtscopetattrlisttdefaultnamingcontexttnamingcontextsiisNo naming context founds'Check if naming context '%s' is for IPAs (info=IPA*)sBLDAP server did not return info attribute to check for IPA versions0Info attribute with IPA server version not foundtinfos>Detected IPA server version (%s) did not match the client (%s)s*Naming context '%s' is a valid IPA contextN(t search_ext_stldapt SCOPE_BASERRRRtremovetinserttsearch_stNO_SUCH_OBJECTR2RXtIPA_BASEDN_INFOR(tconntentriestcontextsRtcontexttentryRZ((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pytget_ipa_basedn%s<  $     cCstidti}ti|}t}d }tidt i i }z@|~}|i }t |di i } z | ~ } x| D]} | } |i| } | o| idd\}}|d j o|o/||jo"d|||f} ||| [^\#;]+?) (\s*=\s*) (?P .+?)? (\s*((\#|;).*)?)? $)tdeleteRtoptionR`u%s=%s iu %s=%s %s Ns%s=%s (RiRjtVERBOSERRRRR}R~R!RrRsRRqRRdtfindRyRRtsetRRtfchmodtfilenotst_modetfchowntst_uidtst_gidR(tfilepatht replacevarst appendvarsRot orig_statt old_valuest temp_filenameR[t new_configt_[2]RvRGtnew_linetmRjR`tnew_varst newvars_viewt append_viewtitem((s5/usr/lib/python2.6/site-packages/ipapython/ipautil.pytconfig_replace_variablesOsP ) &   " % cCstidti}d}ti|}t}d }tidt i i } zo| ~ } | i }t |di i } z| ~ } t } t }d}x| D]}|d}|}|i|}|oY|iddd\}}}| o*|d j o|| |||t}n|d j o(t|it|ij} n|d j o| o|o/||jo"d |||f}||| .+) \] (\s+((\#|;).*)?)? $)|(^ \s* (?P