# -*- coding: utf-8 -*-
#
# Copyright 2004-2022 Univention GmbH
#
# https://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <https://www.gnu.org/licenses/>.
"""
|UDM| objects.
"""
from __future__ import absolute_import
from typing import Any, Dict, List, Optional, Tuple, Union # noqa: F401
import ldap
import univention.debug as ud
import univention.admin.modules
[docs]def module(object):
# type: (univention.admin.handlers.simpleLdap) -> Optional[str]
"""
Return handler name for |UDM| object.
:param object: |UDM| object instance
:returns: |UDM| handler name or `None`.
"""
return getattr(object, 'module', None)
[docs]def get_superordinate(module, co, lo, dn):
# type: (univention.admin.modules.UdmModule, None, univention.admin.uldap.access, str) -> Optional[univention.admin.handlers.simpleLdap]
"""
Searches for the superordinate object for the given DN.
:param module: |UDM| module name
:param co: |UDM| configuation object.
:param lo: |LDAP| connection.
:param dn: |DN|.
:returns: the superoridnate or `None` if the object does not require a superordinate object or it is not found.
"""
super_modules = set(univention.admin.modules.superordinate_names(module))
if super_modules:
while dn:
attr = lo.get(dn)
super_module = {univention.admin.modules.name(x) for x in univention.admin.modules.identify(dn, attr)} & super_modules
if super_module:
super_module = univention.admin.modules.get(list(super_module)[0])
return get(super_module, co, lo, None, dn)
dn = lo.parentDn(dn)
return None
[docs]def get(module, co, lo, position, dn='', attr=None, superordinate=None, attributes=None):
# type: (univention.admin.modules.UdmModule, None, univention.admin.uldap.access, univention.admin.uldap.position, str, Dict[str, List[Any]], Any, Any) -> univention.admin.handlers.simpleLdap
"""
Return object of module while trying to create objects of
superordinate modules as well.
:param module: |UDM| handler.
:param co: |UDM| configuation object.
:param lo: |LDAP| connection.
:param position: |UDM| position instance.
"""
# module was deleted
if not module:
return None
if not superordinate:
superordinate = get_superordinate(module, co, lo, dn or position.getDn())
if dn:
try:
obj = univention.admin.modules.lookup(module.module, co, lo, base=dn, superordinate=superordinate, scope='base', unique=True, required=True)[0]
obj.position.setDn(position.getDn() if position else dn)
return obj
except (ldap.NO_SUCH_OBJECT, univention.admin.uexceptions.noObject):
if not lo.get(dn, attr=['objectClass']):
raise univention.admin.uexceptions.noObject(dn)
if not univention.admin.modules.virtual(module.module):
raise univention.admin.uexceptions.wrongObjectType('The object %s is not a %s.' % (dn, module.module,))
return module.object(co, lo, position, dn, superordinate=superordinate, attributes=attributes)
[docs]def open(object):
# type: (univention.admin.handlers.simpleLdap) -> None
"""
Initialization of properties not necessary for browsing etc.
:param object: |UDM| object.
"""
if not object:
return
if hasattr(object, 'open'):
object.open()
[docs]def default(module, co, lo, position):
# type: (univention.admin.modules.UdmModule, None, univention.admin.uldap.access, univention.admin.uldap.position) -> univention.admin.handlers.simpleLdap
"""
Create |UDM| object and initialize default values.
:param module: |UDM| handler.
:param co: |UDM| configuation object.
:param lo: |LDAP| connection.
:param position: |UDM| position instance.
:returns: An initialized |UDM| object.
"""
module = univention.admin.modules.get(module)
object = module.object(co, lo, position)
for name, property in module.property_descriptions.items():
default = property.default(object)
if default:
object[name] = default
return object
[docs]def description(object):
# type: (univention.admin.handlers.simpleLdap) -> str
"""
Return short description for object.
:param object: |UDM| object.
"""
if hasattr(object, 'description'):
return object.description()
else:
description = None
object_module = module(object)
object_module = univention.admin.modules.get(object_module)
if hasattr(object_module, 'property_descriptions'):
for name, property in object_module.property_descriptions.items():
if property.identifies:
syntax = property.syntax
description = syntax.tostring(object[name])
break
if not description:
if object.dn:
description = univention.admin.uldap.explodeDn(object.dn, 1)[0]
ud.debug(ud.ADMIN, ud.INFO, 'falling back to rdn: %s' % (object.dn))
else:
description = 'None'
return description
[docs]def shadow(lo, module, object, position):
# type: (univention.admin.uldap.access, univention.admin.modules.UdmModule, univention.admin.handlers.simpleLdap, univention.admin.uldap.position) -> Union[Tuple[univention.admin.handlers.simpleLdap, univention.admin.modules.UdmModule], Tuple[None, None]]
"""
If object is a container, return object and module the container
shadows (that is usually the one that is subordinate in the LDAP tree).
:param lo: |LDAP| connection.
:param module: |UDM| handler.
:param object: |UDM| object.
:param position: |UDM| position instance.
:returnd: 2-tuple (module, object) or `(None, None)`
"""
if not object:
return (None, None)
dn = object.dn
# this is equivalent to if ...; while 1:
while univention.admin.modules.isContainer(module):
dn = lo.parentDn(dn)
if not dn:
return (None, None)
attr = lo.get(dn)
for m in univention.admin.modules.identify(dn, attr):
if not univention.admin.modules.isContainer(m):
o = get(m, None, lo, position=position, dn=dn)
return (m, o)
# module is not a container
return (module, object)
[docs]def dn(object):
# type: (univention.admin.handlers.simpleLdap) -> Optional[str]
"""
Return the |DN| of the object.
:param object: |UDM| object.
:returns: the |DN| or `None`.
"""
return getattr(object, 'dn', None)
[docs]def ocToType(oc):
# type: (str) -> Optional[str]
"""
Return the |UDM| module capabale of handling the given |LDAP| objectClass.
:param oc: |LDAP| object class.
:returns: name of the |UDM| module.
"""
for module in univention.admin.modules.modules.values():
if univention.admin.modules.policyOc(module) == oc:
return univention.admin.modules.name(module)
return None # FIXME
[docs]def fixedAttribute(object, key):
# type: (univention.admin.handlers.simpleLdap, str) -> int
"""
Check if the named property is a fixed attribute (not overwritten by more specific policies).
:param object: |UDM| object.
:param key: |UDM| property name
:returns: `True` if the property is fixed, `False` otherwise.
"""
if not hasattr(object, 'fixedAttributes'):
return False
return object.fixedAttributes().get(key, False)
[docs]def emptyAttribute(object, key):
# type: (univention.admin.handlers.simpleLdap, str) -> int
"""
Check if the named property is an empty attribute (reset to empty by a general policy).
:param object: |UDM| object.
:param key: |UDM| property name
:returns: `True` if the property is empty, `False` otherwise.
"""
if not hasattr(object, 'emptyAttributes'):
return False
return object.emptyAttributes().get(key, False)
[docs]def getPolicyReference(object, policy_type):
# type: (univention.admin.handlers.simpleLdap, str) -> Optional[univention.admin.handlers.simplePolicy]
"""
Return the policy of the requested type.
:param object: |UDM| object.
:param policy_type: Name of the |UDM| policy to lookup.
:returns: The policy applying to the object or `None`.
"""
# FIXME: Move this to handlers.simpleLdap?
policyReference = None
for policy_dn in object.policies:
for m in univention.admin.modules.identify(policy_dn, object.lo.get(policy_dn)):
if univention.admin.modules.name(m) == policy_type:
policyReference = policy_dn
ud.debug(ud.ADMIN, ud.INFO, 'getPolicyReference: returning: %s' % policyReference)
return policyReference
[docs]def removePolicyReference(object, policy_type):
# type: (univention.admin.handlers.simpleLdap, str) -> None
"""
Remove the policy of the requested type.
:param object: |UDM| object.
:param policy_type: Name of the |UDM| policy to lookup.
"""
# FIXME: Move this to handlers.simpleLdap?
remove = None
for policy_dn in object.policies:
for m in univention.admin.modules.identify(policy_dn, object.lo.get(policy_dn)):
if univention.admin.modules.name(m) == policy_type:
remove = policy_dn
if remove:
ud.debug(ud.ADMIN, ud.INFO, 'removePolicyReference: removing reference: %s' % remove)
object.policies.remove(remove)
[docs]def replacePolicyReference(object, policy_type, new_reference):
# type: (univention.admin.handlers.simpleLdap, str, univention.admin.handlers.simplePolicy) -> None
"""
Replace the policy of the requested type with a new instance.
:param object: |UDM| object.
:param policy_type: Name of the |UDM| policy to lookup.
"""
# FIXME: Move this to handlers.simpleLdap?
module = univention.admin.modules.get(policy_type)
if not univention.admin.modules.recognize(module, new_reference, object.lo.get(new_reference)):
ud.debug(ud.ADMIN, ud.INFO, 'replacePolicyReference: error.')
return
removePolicyReference(object, policy_type)
ud.debug(ud.ADMIN, ud.INFO, 'replacePolicyReference: appending reference: %s' % new_reference)
object.policies.append(new_reference)
[docs]def restorePolicyReference(object, policy_type):
# type: (univention.admin.handlers.simpleLdap, str) -> None
"""
Restore the policy of the requested type.
:param object: |UDM| object.
:param policy_type: Name of the |UDM| policy to lookup.
"""
# FIXME: Move this to handlers.simpleLdap?
module = univention.admin.modules.get(policy_type)
if not module:
return
removePolicyReference(object, policy_type)
restore = None
for policy_dn in object.oldpolicies:
if univention.admin.modules.recognize(module, policy_dn, object.lo.get(policy_dn)):
restore = policy_dn
if restore:
object.policies.append(restore)
[docs]def wantsCleanup(object):
# type: (univention.admin.handlers.simpleLdap) -> bool
"""
Check if the given object wants to perform a cleanup (delete
other objects, etc.) before it is deleted itself.
:param object: parent object.
:returns: `True´ if a cleanup is requested, `False` otherwise.
"""
# TODO make this a method of object
wantsCleanup = False
object_module = module(object)
object_module = univention.admin.modules.get(object_module)
if hasattr(object_module, 'docleanup'):
wantsCleanup = object_module.docleanup
return wantsCleanup
