sWc@s@dZddlmZddlmZdefdYZdS(sLDAP classes used by nscfg.i(tprint_functioni(tNssbaset LdapClientcBseZdZdZdZdZdZdZdZdZ dZ ddgZ id d e dagd 6d d e dagd 6d de dagd6dde dagd6d de dagd6d de dagd6d de dagd6d de dagd6ddedgd6ddedgd 6d d!e dagd"6d d#e dagd$6d d%ed&gd'6d d(ed)gd*6d d+ed,gd-6d.d/e dagd06d.d1e dagd26dd3e dagd46d d5e dagd66d d7ed,gd86d d9ed,gd:6d d;ed,gd<6d d=ed,gd>6Zd?ZdZied 6ed6ed6ed6ed6ed6Zd@ZdAZd ZdBZdBZdbdcddfZdeZdfZdgZdZZd[Zd\Zd]Zd^Z d_Z!d`Z"RS(hsfLDAP Name Service class. Represents the configuration of LDAP. See ldapclient(1m) for details.ssvc:/network/ldap/clientttldap_client_filetldap_client_creds /var/ldaptconfigs"# See ldapclient(1m) for details. tcredtastringtNS_LDAP_FILE_VERSIONtversiontNS_LDAP_BINDDNtbind_dntNS_LDAP_BINDPASSWDt bind_passwdtbooleantNS_LDAP_ENABLE_SHADOW_UPDATEtenable_shadow_updatetNS_LDAP_ADMIN_BINDDNt admin_bind_dntNS_LDAP_ADMIN_BINDPASSWDtadmin_bind_passwdtNS_LDAP_HOST_CERTPATHt host_certpathtNS_LDAP_PROFILEtprofilethosttNS_LDAP_SERVER_PREFt,tpreferred_server_listtNS_LDAP_SERVERSt server_listtNS_LDAP_SEARCH_BASEDNt search_basetNS_LDAP_SEARCH_SCOPEt search_scopet NS_LDAP_AUTHt;tauthentication_methodtNS_LDAP_CREDENTIAL_LEVELt tcredential_leveltNS_LDAP_SERVICE_SEARCH_DESCtNLtservice_search_descriptortintegertNS_LDAP_SEARCH_TIMEtsearch_time_limittNS_LDAP_BIND_TIMEtbind_time_limittNS_LDAP_SEARCH_REFtfollow_referralstNS_LDAP_CACHETTLt profile_ttltNS_LDAP_ATTRIBUTEMAPt attribute_maptNS_LDAP_OBJECTCLASSMAPtobjectclass_maptNS_LDAP_SERVICE_CRED_LEVELtservice_credential_leveltNS_LDAP_SERVICE_AUTH_METHODtservice_authentication_methodtnss_ldapitread_authorizations*solaris.smf.value.name-service.ldap.clients2.0t net_addresss0.0.0.0tnonetsimples sasl/CRAM-MD5ssasl/DIGEST-MD5ssasl/DIGEST-MD5:auth-intssasl/DIGEST-MD5:auth-confs sasl/EXTERNALs sasl/GSSAPIstls:nones tls:simplestls:sasl/CRAM-MD5stls:sasl/DIGEST-MD5stls:sasl/DIGEST-MD5:auth-intstls:sasl/DIGEST-MD5:auth-conft anonymoustproxytselftbasetonetsubcCstj|dS(N(Rt__init__(RE((scommon/ldap.pyRIscCsC|jdi}x|jjD]}|jd|d||<||jkr|jd||jd|jd|}|dkrq#n|j|ddkr|j}n|jdn|jd ||j|d r(|j d|j d|}|dks#t |dkr{q#q{nS|jd|j d|}|dkrUq#n|j|ddkr{|j}n|jd ||dkr#|d kr#|||> is MAP: R+RsIllegal value (%s): %sR#sIllegal scope value: %ss ADD: R&sIllegal auth value: %sR)sIllegal cred value: %sN(RLtLEGACYtFalset load_legacyRPROt startswithtfindtendswithtsplitRWRMRNtlowert typecheckterr_msgR^t VALID_SCOPEtappendt VALID_AUTHt VALID_CRED(REterrRetlinestltidxtvalstkeytmaptmtypetismultitmseptmtemsgtmvalstmv((scommon/ldap.pyt read_files      !                 ! c CsS|jd|j|j|j\}}|r<|jS|jd|j|j|j\}}|rx|jS|jd|jd|t|dkr|jSt }t }t }x|D]\}}} |jd||| |dkr.| dkr t }qd | } |j | |jSq|d krCt }q|d ks[|d krdt }q||j j kr|j d |jS||jj kr|j d|jSqW| s| s| rd} |j | |jSxF|D]>\}}} y|j |rnWq|j d|jSXqW|jrB|jS|jd|j|jsh|jS|j|js|jS|js|jS|jdt }i} i} xJ|jj D]9}|j|drg| |<|j|d| |> R s2.0s Unsupported version: %s detectedR!RRs%Illegal property found in client files%Unknown property found in client files:Missing configuration: version, search base or server lists#Illegal property found in cred files delete customizations.s loading config pg...is adding: Rs ERR adding: s loading cred pg...s committing pg...s validating pg...ssuccessful import.(RLR[R\RRXR`RORWtNOCONFIGRwR^RRQRNRMtno_writeRdt delcust_pgRVRStcommitRR}t add_prop_valtvalidate( RERtcldbtcrdbthasverthasbasethasservRKtptypeRiRtmvaltmvaltype((scommon/ldap.pyt import_to_smfSs                        !          cCss|jd|jd|j|js3|jS|j|jsL|jS|js_|jS|jd|jS(sUnconfigure SMF. Reset DEFPG.sunconfiguring LDAP...sDelete customizations.ssuccessful unconfigure.(RLRRVRXRSRRd(RE((scommon/ldap.pyt unconfig_smfs    cCs|j}|dkr|j|kr|j|j}|dkrd|krd|krd|ksud|kr|j|jd}|dks|dkrtStSqqntS(s/Is SMF populated with this service? True/Falsesconfig/versionsconfig/search_basesconfig/preferred_server_listsconfig/server_listR!RN(tget_pgsRPRVt get_propsRRRwR^(REtpgstpropstpv((scommon/ldap.pyt is_populateds        cCs|j|j|jr|j}t|tgkrt|dkr|j|kr|j|j|jr|j}t|tgkrt|dkr|j|krtSnt StSqnt S(s,Was the legacy file generated from SMF data?i( R[R\t legacy_existsRxRYRWtAUTO_GENR`R^Rw(RER((scommon/ldap.pytis_autogenerateds  *  * N(sversionRs2.0(s search_baseRR(s server_listR@s0.0.0.0(RARBs sasl/CRAM-MD5ssasl/DIGEST-MD5ssasl/DIGEST-MD5:auth-intssasl/DIGEST-MD5:auth-confs sasl/EXTERNALs sasl/GSSAPIstls:nones tls:simplestls:sasl/CRAM-MD5stls:sasl/DIGEST-MD5stls:sasl/DIGEST-MD5:auth-intstls:sasl/DIGEST-MD5:auth-conf(RCsproxysself(sbaseRGssub(#t__name__t __module__t__doc__tSERVICERvR\R`t LEGACYDIRRVtDEFPROPtDOCtALLPGSRwRPR^RMtBACKENDRSRQtPERMt READ_AUTHtREAD_AUTH_TYPEtREAD_AUTH_VALUEt VALUE_AUTHtUNCPROPRRRRIRsRRRRR(((scommon/ldap.pyRs     w Y }  N(Rt __future__RtnssbaseRR(((scommon/ldap.pyts