5 commits - pykolab/conf pykolab/setup pykolab/utils.py pykolab/wap_client setup-kolab.py wallace/__init__.py
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Tue Mar 20 17:51:10 CET 2012
pykolab/conf/__init__.py | 2
pykolab/setup/components.py | 45 ++++++++++++-
pykolab/setup/ldap_setup.py | 64 -------------------
pykolab/setup/setup_ldap.py | 137 +++++++++++++++++++++++++++++++++++++++--
pykolab/utils.py | 17 ++++-
pykolab/wap_client/__init__.py | 2
setup-kolab.py | 4 -
wallace/__init__.py | 24 +++----
8 files changed, 205 insertions(+), 90 deletions(-)
New commits:
commit ecf63205e0538ddbaac083b61dcbcbf0c4623b80
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue Mar 20 17:50:54 2012 +0100
Update wallace to comply with some pylint warnings/errors
diff --git a/wallace/__init__.py b/wallace/__init__.py
index 0230c64..c85e0fe 100644
--- a/wallace/__init__.py
+++ b/wallace/__init__.py
@@ -70,19 +70,22 @@ class WallaceDaemon(object):
We have retrieved the message.
- Dispatch to virus-scanning and anti-spam filtering?
+ Not for now. We use some sort of re-injection.
+
- Apply access policies;
- Maximum number of recipients,
- kolabAllowSMTPSender,
- kolabAllowSMTPRecipient,
- Rule-based matching against white- and/or blacklist
- ...
+
- Accounting
+
- Data Loss Prevention
"""
inheaders = 1
(fp, filename) = tempfile.mkstemp(dir="/var/spool/pykolab/wallace/")
-
os.write(fp, data)
os.close(fp)
@@ -266,15 +269,11 @@ class WallaceDaemon(object):
time.sleep(1)
- # Sleep longer if last time around we didn't find any deferred
- # message files
- if file_count > 0:
- log.debug(_("Sleeping for 1 second"), level=8)
- time.sleep(1)
- else:
- log.debug(_("Sleeping for 1800 seconds"), level=8)
- time.sleep(1800)
-
+ # Sleep for 300 seconds before reprocessing the deferred queues.
+ # TODO: Consider using queue_run_delay from Postfix, which is where
+ # the default value of 300 seconds comes from.
+ log.debug(_("Sleeping for 300 seconds"), level=8)
+ time.sleep(300)
def do_wallace(self):
import binascii
@@ -343,7 +342,8 @@ class WallaceDaemon(object):
if module.lower() == "defer":
# Wallace was unable to deliver to re-injection smtpd.
- # Skip it, another thread is picking up the defers.
+ # Skip it, another thread is picking up the deferred
+ # messages.
continue
stage = root.replace(pickup_path, '').split('/')
@@ -417,7 +417,7 @@ class WallaceDaemon(object):
#print "Accepted connection from %r" % (address)
channel = SMTPChannel(self, connection, address)
asyncore.loop()
- except Exception, e:
+ except Exception, errmsg:
traceback.print_exc()
s.shutdown(1)
s.close()
commit 18f35345380722f87416ff8d021a4dd133af19db
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue Mar 20 17:50:14 2012 +0100
Do not include a password in source code files
diff --git a/pykolab/wap_client/__init__.py b/pykolab/wap_client/__init__.py
index c7c4115..9c3a245 100644
--- a/pykolab/wap_client/__init__.py
+++ b/pykolab/wap_client/__init__.py
@@ -26,7 +26,7 @@ def authenticate(username=None, password=None):
username = utils.ask_question("Login", "cn=Directory Manager")
if password == None:
- password = utils.ask_question("Password", "5auTYwxBK1uGTpy", password=True)
+ password = utils.ask_question("Password", password=True)
params = json.dumps(
{
commit 065149af2ea917f5056dcb82140ae7d87bc084b4
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue Mar 20 17:49:39 2012 +0100
Evaluating args this way doesn't make any sense (it's not used anywhere but in setup anyway)
diff --git a/pykolab/conf/__init__.py b/pykolab/conf/__init__.py
index 7d850b6..fdf723f 100644
--- a/pykolab/conf/__init__.py
+++ b/pykolab/conf/__init__.py
@@ -402,8 +402,6 @@ class Conf(object):
TODO: Add key value checking
"""
- exec("args = %r" % args)
-
if not self.cfg_parser:
self.read_config()
commit 3322a02b5e6240f754cce529bc3ae331a1c18bac
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue Mar 20 17:49:08 2012 +0100
Add utils.generate_password() for setup-kolab.py
diff --git a/pykolab/utils.py b/pykolab/utils.py
index 9198c82..e3e2e7b 100644
--- a/pykolab/utils.py
+++ b/pykolab/utils.py
@@ -36,7 +36,10 @@ def ask_question(question, default="", password=False):
Usage: pykolab.utils.ask_question("What is the server?", default="localhost")
"""
if password:
- answer = getpass.getpass("%s: " % (question))
+ if default == "":
+ answer = getpass.getpass("%s: " % (question))
+ else:
+ answer = getpass.getpass("%s [%s]: " % (question, default))
else:
if default == "":
answer = raw_input("%s: " % (question))
@@ -90,6 +93,18 @@ def ask_confirmation(question, default="y", all_inclusive_no=True):
print >> sys.stderr, _("Please answer 'yes' or 'no'.")
sys.stderr.flush()
+def generate_password():
+ import subprocess
+
+ p1 = subprocess.Popen(['head', '-c', '200', '/dev/urandom'], stdout=subprocess.PIPE)
+ p2 = subprocess.Popen(['tr', '-dc', '_A-Z-a-z-0-9'], stdin=p1.stdout, stdout=subprocess.PIPE)
+ p3 = subprocess.Popen(['head', '-c', '15'], stdin=p2.stdout, stdout=subprocess.PIPE)
+ p1.stdout.close()
+ p2.stdout.close()
+ output = p3.communicate()[0]
+
+ return output
+
def normalize(_object):
if type(_object) == list:
result = []
commit 796413f66f681d6735245f99fcb2c7c082f749de
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue Mar 20 17:48:41 2012 +0100
Implement a version of setup-kolab.py around 389 Directory Server
diff --git a/pykolab/setup/components.py b/pykolab/setup/components.py
index d17a357..bef460e 100644
--- a/pykolab/setup/components.py
+++ b/pykolab/setup/components.py
@@ -50,9 +50,9 @@ def __init__():
for dirname in dirnames:
register_group(components_path, dirname)
- register('help', list_setup, description=_("Display this help."))
+ register('help', list_components, description=_("Display this help."))
-def list_setup(*args, **kw):
+def list_components(*args, **kw):
"""
List components
"""
@@ -91,7 +91,41 @@ def list_setup(*args, **kw):
else:
print "%-4s%-21s" % ('',__component.replace('_','-'))
+def _list_components(*args, **kw):
+ """
+ List components and return API compatible, parseable lists and
+ dictionaries.
+ """
+
+ __components = {}
+
+ for component in components.keys():
+ if isinstance(component, tuple):
+ component_group, component = component
+ __components[component_group] = {
+ component: components[(component_group,component)]
+ }
+ else:
+ __components[component] = components[component]
+
+ _components = __components.keys()
+ _components.sort()
+
+ return _components
+
def execute(component_name, *args, **kw):
+ if component_name == '':
+ log.debug(
+ _("No component selected, continuing for all components"),
+ level=8
+ )
+
+ for component in _list_components():
+ if not component == 'help':
+ execute(component)
+
+ return
+
if not components.has_key(component_name):
log.error(_("No such component."))
sys.exit(1)
@@ -118,7 +152,12 @@ def execute(component_name, *args, **kw):
pass
conf.finalize_conf()
- _component_name = conf.cli_args.pop(0)
+
+ if len(conf.cli_args) >= 1:
+ _component_name = conf.cli_args.pop(0)
+ else:
+ _component_name = component_name
+
components[component_name]['function'](conf.cli_args, kw)
def register_group(dirname, module):
diff --git a/pykolab/setup/imap_setup.py b/pykolab/setup/imap_setup.py
deleted file mode 100644
index e69de29..0000000
diff --git a/pykolab/setup/ldap_setup.py b/pykolab/setup/ldap_setup.py
deleted file mode 100644
index a99351f..0000000
--- a/pykolab/setup/ldap_setup.py
+++ /dev/null
@@ -1,64 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# Copyright 2010-2012 Kolab Systems AG (http://www.kolabsys.com)
-#
-# Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen a kolabsys.com>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; version 3 or, at your option, any later version
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Library General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-
-import logging
-import os
-import sys
-
-try:
- import ldap
-except ImportError, e:
- print >> sys.stderr, _("Cannot load Python LDAP libraries.")
-
-import pykolab
-from pykolab import constants
-from pykolab import utils
-from pykolab.setup import package
-from pykolab.translate import _
-
-log = pykolab.getLogger('pykolab.setup.ldap')
-conf = pykolab.getConf()
-
-def setup():
- """
- Setup LDAP from here.
- """
-
- (service, other_services) = utils.is_service([
- 'dirsrv',
- 'ldap',
- 'slapd'
- ])
-
- for item in other_services:
- log.warning(_("Warning: LDAP Service '%s' is available on " + \
- "this system as well.") % (item))
-
- if not service == None:
- log.info(_("Found system service %s.") % (service))
- else:
- package.Package('openldap-servers')
-
- standard_root_dn = utils.standard_root_dn(constants.domainname)
-
- root_dn = utils.ask_question("Root DN", standard_root_dn)
- manager_dn = utils.ask_question("Manager DN", "cn=manager")
- manager_pw = utils.ask_question("Manager Password", password=True)
-
diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index 1d85da7..f177c37 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -17,6 +17,13 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
+import ldap
+import ldap.modlist
+import os
+import shutil
+import subprocess
+import tempfile
+
import components
import pykolab
@@ -37,21 +44,30 @@ def description():
def execute(*args, **kw):
_input = {}
- _input['admin_pass'] = utils.ask_question(_("Administrator password"), password=True)
- _input['dirmgr_pass'] = utils.ask_question(_("Directory Manager password"), password=True)
+ _input['admin_pass'] = utils.ask_question(
+ _("Administrator password"),
+ default=utils.generate_password(),
+ password=True
+ )
+
+ _input['dirmgr_pass'] = utils.ask_question(
+ _("Directory Manager password"),
+ default=utils.generate_password(),
+ password=True
+ )
_input['userid'] = utils.ask_question(_("User"), default="nobody")
_input['group'] = utils.ask_question(_("Group"), default="nobody")
_input['fqdn'] = fqdn
- _input['hostname'] = hostname
+ _input['hostname'] = hostname.split('.')[0]
_input['domain'] = domainname
_input['nodotdomain'] = domainname.replace('.','_')
_input['rootdn'] = utils.standard_root_dn(domainname)
- print """
+ data = """
[General]
FullMachineName = %(fqdn)s
SuiteSpotUserID = %(userid)s
@@ -66,7 +82,7 @@ SlapdConfigForMC = Yes
UseExistingMC = 0
ServerPort = 389
ServerIdentifier = %(hostname)s
-Suffix = dc=test90,dc=kolabsys,dc=com
+Suffix = %(rootdn)s
RootDN = cn=Directory Manager
RootDNPwd = %(dirmgr_pass)s
ds_bename = %(nodotdomain)s
@@ -77,3 +93,114 @@ Port = 9830
ServerAdminID = admin
ServerAdminPwd = %(admin_pass)s
""" % (_input)
+
+ (fp, filename) = tempfile.mkstemp(dir="/tmp/")
+ os.write(fp, data)
+ os.close(fp)
+
+ command = [
+ '/usr/sbin/setup-ds-admin.pl',
+ '--silent',
+ '--file=%s' % (filename)
+ ]
+
+ setup_389 = subprocess.Popen(
+ command,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE
+ )
+
+ (stdoutdata, stderrdata) = setup_389.communicate()
+
+ # Copy in kolab schema
+ #
+ shutil.copy(
+ '/usr/share/doc/kolab-schema-3.0/kolab2.ldif',
+ '/etc/dirsrv/slapd-%s/schema/99kolab2.ldif' % (_input['hostname'])
+ )
+
+ subprocess.call(['service', 'dirsrv@%s' % (_input['hostname']), 'restart'])
+
+ # Write out kolab configuration
+ conf.command_set('kolab', 'primary_domain', _input['domain'])
+ conf.command_set('ldap', 'base_dn', _input['rootdn'])
+ conf.command_set('ldap', 'bind_dn', 'cn=Directory Manager')
+ conf.command_set('ldap', 'bind_pw', _input['dirmgr_pass'])
+
+ _input['cyrus_admin_pass'] = utils.ask_question(
+ _("Cyrus Administrator password"),
+ default=utils.generate_password(),
+ password=True
+ )
+
+ _input['kolab_service_pass'] = utils.ask_question(
+ _("Kolab Service password"),
+ default=utils.generate_password(),
+ password=True
+ )
+
+ # Insert service users
+ auth = pykolab.auth
+ auth.connect()
+ auth._auth._connect()
+ auth._auth._bind()
+
+ dn = 'uid=cyrus-admin,ou=Special Users,%s' % (_input['rootdn'])
+
+ # A dict to help build the "body" of the object
+ attrs = {}
+ attrs['objectclass'] = ['top','person','inetorgperson','organizationalperson']
+ attrs['uid'] = "cyrus-admin"
+ attrs['givenname'] = "Cyrus"
+ attrs['surname'] = "Administrator"
+ attrs['cn'] = "Cyrus Administrator"
+ attrs['userPassword'] = _input['cyrus_admin_pass']
+
+ # Convert our dict to nice syntax for the add-function using modlist-module
+ ldif = ldap.modlist.addModlist(attrs)
+
+ # Do the actual synchronous add-operation to the ldapserver
+ auth._auth.ldap.add_s(dn, ldif)
+
+ conf.command_set('cyrus-imap', 'admin_password', _input['cyrus_admin_pass'])
+
+ dn = 'uid=kolab-service,ou=Special Users,%s' % (_input['rootdn'])
+
+ # A dict to help build the "body" of the object
+ attrs = {}
+ attrs['objectclass'] = ['top','person','inetorgperson','organizationalperson']
+ attrs['uid'] = "kolab-service"
+ attrs['givenname'] = "Kolab"
+ attrs['surname'] = "Service"
+ attrs['cn'] = "Kolab Service"
+ attrs['userPassword'] = _input['kolab_service_pass']
+
+ # Convert our dict to nice syntax for the add-function using modlist-module
+ ldif = ldap.modlist.addModlist(attrs)
+
+ # Do the actual synchronous add-operation to the ldapserver
+ auth._auth.ldap.add_s(dn, ldif)
+
+ #dn: cn=kolab,cn=config
+ #objectClass: top
+ #objectClass: extensibleObject
+ #cn: kolab
+
+ dn = 'cn=kolab,cn=config'
+
+ # A dict to help build the "body" of the object
+ attrs = {}
+ attrs['objectclass'] = ['top','extensibleobject']
+ attrs['cn'] = "kolab"
+
+ # Convert our dict to nice syntax for the add-function using modlist-module
+ ldif = ldap.modlist.addModlist(attrs)
+
+ # Do the actual synchronous add-operation to the ldapserver
+ auth._auth.ldap.add_s(dn, ldif)
+
+ auth._auth._set_user_attribute(
+ dn,
+ 'aci',
+ '(targetattr = "*") (version 3.0;acl "Kolab Services";allow (read,compare,search)(userdn = "ldap:///%s");)' % ('uid=kolab-service,ou=Special Users,%s' % (_input['rootdn']))
+ )
diff --git a/setup-kolab.py b/setup-kolab.py
index bbbb445..edb9f90 100755
--- a/setup-kolab.py
+++ b/setup-kolab.py
@@ -38,5 +38,5 @@ except ImportError, e:
sys.exit(1)
if __name__ == "__main__":
- kolab = Setup()
- kolab.run()
+ setup = Setup()
+ setup.run()
More information about the commits
mailing list