From 5a0bc411c47be62b655cd408d7ac75d070cadced Mon Sep 17 00:00:00 2001 From: agahhulusi Date: Fri, 26 Mar 2021 14:38:51 +0300 Subject: [PATCH] dynamics DNS update --- .../registration/config-files/sssd_ad.conf | 8 - .../config-files/sssd_ad_dns.conf | 36 ++++ .../execute_cancel_sssd_ad_authentication.py | 40 +++-- .../execute_sssd_ad_authentication.py | 167 ++++++++++++------ src/base/registration/registration.py | 5 +- 5 files changed, 177 insertions(+), 79 deletions(-) create mode 100644 src/base/registration/config-files/sssd_ad_dns.conf diff --git a/src/base/registration/config-files/sssd_ad.conf b/src/base/registration/config-files/sssd_ad.conf index 9397ddd..42c8ac8 100644 --- a/src/base/registration/config-files/sssd_ad.conf +++ b/src/base/registration/config-files/sssd_ad.conf @@ -26,11 +26,3 @@ access_provider = ad ad_gpo_access_control = permissive ad_gpo_ignore_unreadable = true enumerate = true -auth_provider = ad -chpass_provider = ad -dyndns_update = true -dyndns_update_ptr = false -###ad_hostname### -ldap_schema = ad -ldap_sasl_mech = gssapi -ldap_krb5_init_creds = true \ No newline at end of file diff --git a/src/base/registration/config-files/sssd_ad_dns.conf b/src/base/registration/config-files/sssd_ad_dns.conf new file mode 100644 index 0000000..9397ddd --- /dev/null +++ b/src/base/registration/config-files/sssd_ad_dns.conf @@ -0,0 +1,36 @@ +[nss] +filter_groups = root,adm +filter_users = root,adm +reconnection_retries = 3 + +[pam] +reconnection_retries = 3 + +[sssd] +###domains### +config_file_version = 2 +services = nss, pam + +###[domain/### +###ad_domain### +###krb5_realm### +realmd_tags = manages-system joined-with-adcli +cache_credentials = True +id_provider = ad +krb5_store_password_if_offline = True +default_shell = /bin/bash +ldap_id_mapping = True +use_fully_qualified_names = False +fallback_homedir = /home/%u +access_provider = ad +ad_gpo_access_control = permissive +ad_gpo_ignore_unreadable = true +enumerate = true +auth_provider = ad +chpass_provider = ad +dyndns_update = true +dyndns_update_ptr = false +###ad_hostname### +ldap_schema = ad +ldap_sasl_mech = gssapi +ldap_krb5_init_creds = true \ No newline at end of file diff --git a/src/base/registration/execute_cancel_sssd_ad_authentication.py b/src/base/registration/execute_cancel_sssd_ad_authentication.py index dab64b0..b0a286d 100644 --- a/src/base/registration/execute_cancel_sssd_ad_authentication.py +++ b/src/base/registration/execute_cancel_sssd_ad_authentication.py @@ -7,6 +7,7 @@ from base.util.util import Util from base.system.system import System import re + class ExecuteCancelSSSDAdAuthentication: def __init__(self): scope = Scope().get_instance() @@ -21,12 +22,22 @@ class ExecuteCancelSSSDAdAuthentication: # Read information about AD if self.util.is_exist(self.ad_info_path): file_data = self.util.read_file_by_line(self.ad_info_path) - self.ip_address = file_data[0].strip("\n") - self.host_name = file_data[1].strip("\n") + self.ip_list = file_data[0].strip("\n").replace("[", "").replace("]", "") + self.host_list = file_data[1].strip("\n").replace("[", "").replace("]", "") self.domain_name = file_data[2].strip("\n") + + self.ip_address = self.ip_list.split(", ") + self.host_name = self.host_list.split(", ") + + self.ip_address[0] = self.ip_address[0].replace("'", "") + self.host_name[0] = self.host_name[0].replace("'", "") + self.logger.info(self.ip_address) self.logger.info(self.host_name) self.logger.info(self.domain_name) + self.logger.info(self.ip_list) + self.logger.info(self.host_list) + self.logger.info("Information read successfully from ad_info.") else: self.logger.error("ad_info file not found") @@ -43,8 +54,8 @@ class ExecuteCancelSSSDAdAuthentication: file_dhclient = open(dhclient_conf_path, 'r') file_data = file_dhclient.read() - if "prepend domain-name-servers {};".format(self.ip_address) in file_data: - file_data = file_data.replace(("prepend domain-name-servers {};".format(self.ip_address)), + if "prepend domain-name-servers {};".format(self.ip_address[0]) in file_data: + file_data = file_data.replace(("prepend domain-name-servers {};".format(self.ip_address[0])), "#prepend domain-name-servers 127.0.0.1;") self.logger.info("dhclient is reconfigured") else: @@ -60,17 +71,11 @@ class ExecuteCancelSSSDAdAuthentication: file_hosts = open(hosts_conf_path, 'r') file_data = file_hosts.read() - if ("{0} {1}".format(self.ip_address, self.domain_name)) in file_data: - file_data = file_data.replace(("{0} {1}".format(self.ip_address, self.domain_name)), " ") - self.logger.info("hosts is deleted") - else: - self.logger.error("hosts domain is not deleted") - - if ("{0} {1}".format(self.ip_address, self.host_name)) in file_data: - file_data = file_data.replace(("{0} {1}".format(self.ip_address, self.host_name)), " ") - self.logger.info("hosts is deleted") - else: - self.logger.error("hosts hostname is not deleted") + for ip, host in zip(self.ip_address, self.host_name): + ip = ip.replace("'", "") + host = host.replace("'", "") + if ("{0} {1} {2}".format(ip, host, self.domain_name)) in file_data: + file_data = file_data.replace(("{0} {1} {2}".format(ip, host, self.domain_name)), " ") file_hosts.close() file_hosts = open(hosts_conf_path, 'w') @@ -98,8 +103,8 @@ class ExecuteCancelSSSDAdAuthentication: file_resolv = open(resolv_conf_path, 'r') file_data = file_resolv.read() - if ("nameserver {0}".format(self.ip_address)) in file_data: - file_data = file_data.replace(("nameserver {0}".format(self.ip_address)), "") + if ("nameserver {0}".format(self.ip_address[0])) in file_data: + file_data = file_data.replace(("nameserver {0}".format(self.ip_address[0])), "") self.logger.info("resolv.conf is configured") else: self.logger.error("resolv is not configured") @@ -116,7 +121,6 @@ class ExecuteCancelSSSDAdAuthentication: else: self.logger.error("ad_info file not found") - self.logger.info("AD Login iptal etme işlemi başarı ile sağlandı.") return True diff --git a/src/base/registration/execute_sssd_ad_authentication.py b/src/base/registration/execute_sssd_ad_authentication.py index 94fdeb5..af8ffb2 100644 --- a/src/base/registration/execute_sssd_ad_authentication.py +++ b/src/base/registration/execute_sssd_ad_authentication.py @@ -7,6 +7,7 @@ from base.util.util import Util from base.system.system import System import time + class ExecuteSSSDAdAuthentication: def __init__(self): scope = Scope().get_instance() @@ -14,8 +15,9 @@ class ExecuteSSSDAdAuthentication: self.util = Util() self.system = System() - def authenticate(self, domain_name, host_name, ip_address, password, ad_username): + def authenticate(self, domain_name, host_name, ip_address, password, ad_username, dynamic_dns_update): try: + # Installation of required packages (result_code, p_out, p_err) = self.util.execute( "sudo apt-get -y install realmd") @@ -24,6 +26,15 @@ class ExecuteSSSDAdAuthentication: else: self.logger.error("İndirmeler Başarısız : " + str(p_err)) + # Split datas that Lider send + self.logger.info(host_name) + self.logger.info(ip_address) + + ip_address_split = ip_address.split(",") + host_name_split = host_name.split(",") + ip_address = ip_address_split[0] + host_name = host_name_split[0] + # Execute the commands that require for leave (result_code, p_out, p_err) = self.util.execute("realm leave") if (result_code == 0): @@ -40,8 +51,10 @@ class ExecuteSSSDAdAuthentication: file_default_ad_info = open(default_ad_info_path, 'r') file_data = file_default_ad_info.read() - file_data = file_data + ("{}".format(ip_address)) + "\n" + ("{}".format(host_name)) + "\n" + ( - "{}".format(domain_name)) + "\n" + ("{}".format(ad_username)) + file_data = file_data + ("{}".format(ip_address_split)) + "\n" + ( + "{}".format(host_name_split)) + "\n" + ( + "{}".format(domain_name)) + "\n" + ("{}".format(ad_username)) + self.logger.info("/etc/ahenk/ad_info bilgiler girildi.") file_default_ad_info.close() file_default_ad_info = open(default_ad_info_path, 'w') @@ -101,17 +114,8 @@ class ExecuteSSSDAdAuthentication: file_default_hosts = open(host_path, 'r') file_data = file_default_hosts.read() - if ("{0} {1}".format(ip_address, host_name)) not in file_data: - file_data = file_data + "\n" + ("{0} {1}".format(ip_address, host_name)) - self.logger.info("/etc/hosts is configured for hostname") - else: - self.logger.info("/etc/hosts is NOT configured for hostname") - - if ("{0} {1}".format(ip_address, domain_name)) not in file_data: - file_data = file_data + "\n" + ("{0} {1}".format(ip_address, domain_name)) - self.logger.info("/etc/hosts is configured for domainname") - else: - self.logger.info("/etc/hosts is NOT configured for domainname") + for ips, hostnames in zip(ip_address_split, host_name_split): + file_data = file_data + "\n" + ips + " " + hostnames + " " + domain_name file_default_hosts.close() file_default_hosts = open(host_path, 'w') @@ -119,15 +123,18 @@ class ExecuteSSSDAdAuthentication: file_default_hosts.close() # Execute the script that required for "samba-common" and "krb5" - (result_code, p_out, p_err) = self.util.execute("/bin/bash /usr/share/ahenk/base/registration/scripts/ad.sh {0} {1}".format(domain_name.upper(),host_name)) + (result_code, p_out, p_err) = self.util.execute( + "/bin/bash /usr/share/ahenk/base/registration/scripts/ad.sh {0} {1}".format(domain_name.upper(), + host_name)) - if(result_code == 0): + if (result_code == 0): self.logger.info("Script başarılı bir şekilde çalıştırıldı.") else: self.logger.error("Script başarısız oldu : " + str(p_err)) # Installation of required packages - (result_code, p_out, p_err) = self.util.execute("sudo apt-get -y install sssd sssd-tools adcli packagekit samba-common-bin samba-libs dnsutils") + (result_code, p_out, p_err) = self.util.execute( + "sudo apt-get -y install sssd sssd-tools adcli packagekit samba-common-bin samba-libs") if (result_code == 0): self.logger.info("İndirmeler Başarılı") else: @@ -172,7 +179,9 @@ class ExecuteSSSDAdAuthentication: if (self.join_try_counter == 5): break else: - (result_code, p_out, p_err) = self.util.execute("echo \"{0}\" | realm join --user={1} {2}".format(password, ad_username, domain_name.upper())) + (result_code, p_out, p_err) = self.util.execute( + "echo \"{0}\" | realm join --user={1} {2}".format(password, ad_username, + domain_name.upper())) if (result_code == 0): self.logger.info("Realm Join komutu başarılı") break @@ -183,44 +192,99 @@ class ExecuteSSSDAdAuthentication: self.logger.error(e) self.logger.info("Active Directory Join işlemi esnasında hata oluştu.") - # Configure sssd template - sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad.conf" - sssd_config_folder_path = "/etc/sssd" - sssd_config_file_path = "/etc/sssd/sssd.conf" + # DynamicDNSUpdate in Active Directory + if dynamic_dns_update == True: + self.logger.info("dynamicDNSUpdate is Activated") + # Installation of required packages + (result_code, p_out, p_err) = self.util.execute( + "sudo apt-get -y install dnsutils") + if (result_code == 0): + self.logger.info("İndirmeler Başarılı") + else: + self.logger.error("İndirmeler Başarısız : " + str(p_err)) - if not self.util.is_exist(sssd_config_folder_path): - self.util.create_directory(sssd_config_folder_path) - self.logger.info("{0} folder is created".format(sssd_config_folder_path)) + # Configure sssd template + sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad_dns.conf" + sssd_config_folder_path = "/etc/sssd" + sssd_config_file_path = "/etc/sssd/sssd.conf" - if self.util.is_exist(sssd_config_file_path): - self.util.delete_file(sssd_config_file_path) - self.logger.info("delete sssd org conf") + if not self.util.is_exist(sssd_config_folder_path): + self.util.create_directory(sssd_config_folder_path) + self.logger.info("{0} folder is created".format(sssd_config_folder_path)) - self.util.copy_file(sssd_config_template_path, sssd_config_folder_path) - self.logger.info("{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path)) - self.util.rename_file("/etc/sssd/sssd_ad.conf", "/etc/sssd/sssd.conf") + if self.util.is_exist(sssd_config_file_path): + self.util.delete_file(sssd_config_file_path) + self.logger.info("delete sssd org conf") - # Configure sssd.conf - file_sssd = open(sssd_config_file_path, 'r') - file_data = file_sssd.read() + self.util.copy_file(sssd_config_template_path, sssd_config_folder_path) + self.logger.info( + "{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path)) + self.util.rename_file("/etc/sssd/sssd_ad_dns.conf", "/etc/sssd/sssd.conf") - file_data = file_data.replace("###domains###", "domains = {}".format(domain_name)) - file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name)) - file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name)) - file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper())) - file_data = file_data.replace("###ad_hostname###", "ad_hostname = {0}.{1}".format(self.system.Os.hostname(), domain_name.lower())) + # Configure sssd.conf + file_sssd = open(sssd_config_file_path, 'r') + file_data = file_sssd.read() - file_sssd.close() - file_sssd = open(sssd_config_file_path, 'w') - file_sssd.write(file_data) - file_sssd.close() + file_data = file_data.replace("###domains###", "domains = {}".format(domain_name)) + file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name)) + file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name)) + file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper())) + file_data = file_data.replace("###ad_hostname###", + "ad_hostname = {0}.{1}".format(self.system.Os.hostname(), + domain_name.lower())) + + file_sssd.close() + file_sssd = open(sssd_config_file_path, 'w') + file_sssd.write(file_data) + file_sssd.close() + + # Arrangement of chmod as 600 for sssd.conf + (result_code, p_out, p_err) = self.util.execute("chmod 600 {}".format(sssd_config_file_path)) + if (result_code == 0): + self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı") + else: + self.logger.error("Chmod komutu başarısız : " + str(p_err)) - # Arrangement of chmod as 600 for sssd.conf - (result_code, p_out, p_err) = self.util.execute("chmod 600 {}".format(sssd_config_file_path)) - if(result_code == 0): - self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı") else: - self.logger.error("Chmod komutu başarısız : " + str(p_err)) + self.logger.info("dynamicDNSUpdate is NOT Activated") + # Configure sssd template + sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad.conf" + sssd_config_folder_path = "/etc/sssd" + sssd_config_file_path = "/etc/sssd/sssd.conf" + + if not self.util.is_exist(sssd_config_folder_path): + self.util.create_directory(sssd_config_folder_path) + self.logger.info("{0} folder is created".format(sssd_config_folder_path)) + + if self.util.is_exist(sssd_config_file_path): + self.util.delete_file(sssd_config_file_path) + self.logger.info("delete sssd org conf") + + self.util.copy_file(sssd_config_template_path, sssd_config_folder_path) + self.logger.info( + "{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path)) + self.util.rename_file("/etc/sssd/sssd_ad.conf", "/etc/sssd/sssd.conf") + + # Configure sssd.conf + file_sssd = open(sssd_config_file_path, 'r') + file_data = file_sssd.read() + + file_data = file_data.replace("###domains###", "domains = {}".format(domain_name)) + file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name)) + file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name)) + file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper())) + + file_sssd.close() + file_sssd = open(sssd_config_file_path, 'w') + file_sssd.write(file_data) + file_sssd.close() + + # Arrangement of chmod as 600 for sssd.conf + (result_code, p_out, p_err) = self.util.execute("chmod 600 {}".format(sssd_config_file_path)) + if (result_code == 0): + self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı") + else: + self.logger.error("Chmod komutu başarısız : " + str(p_err)) # Configure krb5 template krb5_config_template_path = "/usr/share/ahenk/base/registration/config-files/krb5_ad.conf" @@ -236,7 +300,8 @@ class ExecuteSSSDAdAuthentication: self.logger.info("delete krb5 org conf") self.util.copy_file(krb5_config_template_path, krb5_config_folder_path) - self.logger.info("{0} config file is copied under {1}".format(krb5_config_template_path, krb5_config_folder_path)) + self.logger.info( + "{0} config file is copied under {1}".format(krb5_config_template_path, krb5_config_folder_path)) self.util.rename_file("/etc/krb5_ad.conf", "/etc/krb5.conf") # Configure krb5_ad.conf @@ -250,7 +315,7 @@ class ExecuteSSSDAdAuthentication: # Arrangement of chmod as 644 for krb5_ad.conf (result_code, p_out, p_err) = self.util.execute("chmod 644 {}".format(krb5_config_file_path)) - if(result_code == 0): + if (result_code == 0): self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı") else: self.logger.error("Chmod komutu başarısız : " + str(p_err)) @@ -268,7 +333,7 @@ class ExecuteSSSDAdAuthentication: self.util.delete_file(default_sssd_path) self.logger.info("delete sssd org conf") - if "LC_ALL=\"tr_CY.UTF-8\"" not in file_data : + if "LC_ALL=\"tr_CY.UTF-8\"" not in file_data: file_data = file_data + "\n" + "LC_ALL=\"tr_CY.UTF-8\"" self.logger.info("/etc/default/sssd is configured") diff --git a/src/base/registration/registration.py b/src/base/registration/registration.py index 0a2cb8a..f05accf 100644 --- a/src/base/registration/registration.py +++ b/src/base/registration/registration.py @@ -201,15 +201,16 @@ class Registration: ip_address = str(reg_reply['adIpAddress']) password = str(reg_reply['adAdminPassword']) ad_username = str(reg_reply['adAdminUserName']) + dynamic_dns_update = reg_reply['dynamicDNSUpdate'] if domain_name is None or host_name is None or ip_address is None or password is None : self.logger.error("Registration params is null") return - self.ad_login.authenticate(domain_name, host_name, ip_address, password, ad_username) + self.ad_login.authenticate(domain_name, host_name, ip_address, password, ad_username, dynamic_dns_update) def registration_error(self, reg_reply): - self.re_register() + self.re_register() def is_registered(self): try: