univention.management.console package

univention.management.console package#

class univention.management.console.Translation(*args, **kwargs)[source]#

Bases: NullTranslation

Translation.

locale: Locale = <univention.lib.i18n.Locale object>#

classmethod set_all_languages(language: str) → None[source]#: Set the language of all existing Translation instances. This is required when instances are created during import time but later on the language should be changed.

set_language(language: str = '') → None[source]#

Select language.

Parameters:: language (str) – The language code.
Raises:: I18N_Error – if the given locale is not valid.

Subpackages#

univention.management.console.modules package

Submodules#

univention.management.console.acl module#

UMC ACL implementation#

This module implements the UMC ACLs used to define the access rights for users and groups to the UMC service.

UMC ACLs are defined by creating UMC operation set objects that are added to UMC policies. These policies can be connected with users or groups.

An UMC operation set consists of a list of UMC command patterns like

udm/* objectType=nagios/*

This specifies that all commands hat match the pattern udm/* can be called if the option objectType is given and the value matches the pattern nagios/*.

Patterns for commands and options may just use the asterik and know no other wildcards. For options there is one additional format allowed to specify that the option may not exist. Therefore the following format is used

udm/* !objectType

class univention.management.console.acl.Rule[source]#

Bases: dict

A simple class representing one ACL rule in a form that can be simply serialized.

property fromUser#: Returns True if the rule was connected with a user, otherwise False

property host#: Returns a hostname pattern. If the pattern matches the hostname the command is allowed on the host

property command#: Returns the command pattern this rule describes

property options#: Returns the option pattern for the rule

property flavor#: Returns the flavor if given otherwise None

class univention.management.console.acl.ACLs(ldap_base=None, acls=None)[source]#

Bases: object

Provides methods to determine the access rights of users to specific UMC commands. It defines a cache for ACLs, a parser for command definitions of ACLs and functions for comparison.

MATCH_NONE = 0#

MATCH_PART = 1#

MATCH_FULL = 2#

CACHE_DIR = '/var/cache/univention-management-console/acls'#: defines the directory for the cache files

reload()[source]#

is_command_allowed(command, hostname=None, options={}, flavor=None)[source]#

This method verifies if the given command (with options and flavor) is on the named host allowed.

Parameters:

command (str) – the command to check access for
hostname (str) – FQDN of the host
options (dict) – the command options given in the HTTP request
flavor (str) – the flavor given in the HTTP request

Return type:

bool

json()[source]#: Returns the ACL definitions in a JSON compatible form.

class univention.management.console.acl.LDAP_ACLs(username, userdn, ldap_base)[source]#

Bases: ACLs

Reads ACLs from LDAP directory for the given username. By inheriting the class ACLs the ACL definitions can be cached on the local system. If the LDAP server can not be reached the cache is used if available.

FROM_USER = True#

FROM_GROUP = False#

reload(lo=None)[source]#

univention.management.console.auth module#

class univention.management.console.auth.AuthenticationResult(result: BaseException | dict[str, str], locale: str | None)[source]#: Bases: object

class univention.management.console.auth.AuthHandler[source]#

Bases: object

get_handler(locale)[source]#

authenticate(pam, args)[source]#

univention.management.console.base module#

Python API for UMC modules#

The Python API for UMC modules primary consists of one base class that must be implemented. As an addition the Python API provides some helper functions and classes:

exception classes
translation support
logging functions
UCR access

The XML file defining the UMC module specifies functions for the commands provided by the module. These functions must be implemented as methods of a class named Instance that inherits Base.

The following Python code example matches the definition in the previous section:

from univention.management.console import Translation
from univention.management.console.config import ucr
from univention.management.console.modules import Base
from univention.management.console.modules.decorators import sanitize
from univention.management.console.modules.sanitizers import IntegerSanitizer
from univention.management.console.log import MODULE

_ = Translation('univention-management-console-modules-udm').translate

class Instance(Base):

    @sanitize(end=IntegerSanitizer(minimum=0),)
    def query(self, request):
        end = request.options['end']
        result = list(range(end))
        self.finished(request.id, result)

Each command methods has one parameter that contains the HTTP request of type Request. Such an object has the following properties:

id: is the unique identifier of the request
options: contains the arguments for the command. For most commands it is a dictionary.
flavor: is the name of the flavor that was used to invoke the command. This might be None

username: The username of the owner of this session
password: The password of the user
auth_type: The authentication method which was used to authenticate this user

The query method in the example above shows how to retrieve the command parameters and what to do to send the result back to the client. Important is that returning a value in a command function does not send anything back to the client. Therefore the function finished must be invoked. The first parameter is the identifier of the request that will be answered and the second parameter the data structure containing the result. As the result is converted to JSON it must just contain data types that can be converted.

The base class for modules provides some methods that could be useful when writing UMC modules:

Methods * init: Is invoked after the module process has been initialised. At that moment, the settings, like locale and username and password are available.

class univention.management.console.base.Base(*args, **kwargs)[source]#

Bases: Translation

The base class for UMC modules

update_language(locales)[source]#

set_locale(_locale)[source]#

property username#: Deprecated since version 5.0-4: use request.username instead!

property user_dn#: Deprecated since version 5.0-4: use request.user_dn instead!

property password#: Deprecated since version 5.0-4: use request.password instead!

property auth_type#: Deprecated since version 5.0-4: use request.auth_type instead!

property tornado_routes#

prepare(request)[source]#: this function is invoked after the module process started.

init()[source]#: this function is invoked after the module process started.

destroy()[source]#: this function is invoked before the module process is exiting.

execute(method, request, *args, **kwargs)[source]#

security_checks(request, function)[source]#

thread_finished_callback(thread, result, request)[source]#

error_handling(etype, exc, etraceback)[source]#

Translate generic UDM exceptions back to LDAP exceptions.

Parameters:

etype – The exception class.
exc – The exception instance.
etraceback – The exception traceback instance; may be None.

default_response_headers()[source]#

get_user_ldap_connection(no_cache=False, **kwargs)[source]#: Deprecated since version 5.0-4: use request.get_user_ldap_connection() instead!

bind_user_connection(lo)[source]#: Deprecated since version 5.0-4: use request.bind_user_connection() instead!

require_password()[source]#: Deprecated since version 5.0-4: use request.require_password() instead!

finished(id, response, message=None, success=True, status=None, mimetype=None, headers=None, error=None, reason=None)[source]#: Should be invoked by module to finish the processing of a request. ‘id’ is the request command identifier

result(response)[source]#

univention.management.console.category module#

Category definitions#

The UMC server provides the possibility to define categories used to sort the available UMC modules into groups. Each module can be in as many groups as desired.

The category definitions are stored in XML files that structured as in the following example

<?xml version="1.0" encoding="UTF-8"?>
<umc version="2.0">
    <categories>
        <category id="id1">
            <name>Category 1</name>
        </category>
        <category id="id2">
            <name>Category 2 on {hostname}.{domainname}</name>
        </category>
    </categories>
</umc>

Each file can define several categories. For each of these categories an unique identifier and the english description must be specified. The translations are stored in extra po files that are generated by the UMC build tools.

Within the description of a category UCR variable names can be used that will be substituted by the value. Therefore the name of the variables must be given in curly braces {VARIABLE}.

class univention.management.console.category.XML_Definition(root=None, filename=None, domain=None)[source]#

Bases: ElementTree

Represents a category definition.

property name#: Returns the descriptive name of the category

property id#: Returns the unique identifier of the category

property icon#

property color#

property priority#

Returns the priority of the category. If no priority is defined the default priority of -1 is returned. None is returned if the specified priority is not a valid float

Return type:: float or None

json()[source]#

Returns a JSON compatible representation of the category

Return type:: dict

class univention.management.console.category.Manager[source]#

Bases: dict

This class manages all available categories.

DIRECTORY = '/usr/share/univention-management-console/categories'#

all()[source]#

load()[source]#

univention.management.console.config module#

Configuration#

Global configuration variables and objects for the UMC server.

This module provides a global ConfigRegistry instance ucr some constants that are used internally.

univention.management.console.config.get_int(variable, default)[source]#

univention.management.console.error module#

exception univention.management.console.error.UMC_Error(message=None, status=None, result=None, headers=None, traceback=None, reason=None)[source]#

Bases: HTTPError

include_traceback = False#

msg = None#

status = 400#

exception univention.management.console.error.BadRequest(message=None, status=None, result=None, headers=None, traceback=None, reason=None)[source]#

Bases: UMC_Error

msg = 'Bad request'#

status = 400#

exception univention.management.console.error.Unauthorized(message=None, status=None, result=None, headers=None, traceback=None, reason=None)[source]#

Bases: UMC_Error

msg = 'Unauthorized'#

status = 401#

exception univention.management.console.error.Forbidden(message=None, status=None, result=None, headers=None, traceback=None, reason=None)[source]#

Bases: UMC_Error

msg = 'Forbidden'#

status = 403#

exception univention.management.console.error.NotFound(message=None, status=None, result=None, headers=None, traceback=None, reason=None)[source]#

Bases: UMC_Error

msg = 'Not found'#

status = 404#

exception univention.management.console.error.MethodNotAllowed(message=None, status=None, result=None, headers=None, traceback=None, reason=None)[source]#

Bases: UMC_Error

msg = 'Method not allowed'#

status = 405#

exception univention.management.console.error.NotAcceptable(message=None, status=None, result=None, headers=None, traceback=None, reason=None)[source]#

Bases: UMC_Error

status = 406#

exception univention.management.console.error.UnprocessableEntity(message=None, status=None, result=None, headers=None, traceback=None, reason=None)[source]#

Bases: UMC_Error

status = 422#

exception univention.management.console.error.ServerError(message=None, status=None, result=None, headers=None, traceback=None, reason=None)[source]#

Bases: UMC_Error

msg = 'Internal error'#

status = 500#

exception univention.management.console.error.BadGateway(message=None, status=None, result=None, headers=None, traceback=None, reason=None)[source]#

Bases: UMC_Error

status = 502#

exception univention.management.console.error.ServiceUnavailable(message=None, status=None, result=None, headers=None, traceback=None, reason=None)[source]#

Bases: UMC_Error

status = 503#

exception univention.management.console.error.PasswordRequired[source]#: Bases: Unauthorized

exception univention.management.console.error.LDAP_ServerDown[source]#: Bases: UMC_Error

exception univention.management.console.error.LDAP_ConnectionFailed(exc)[source]#: Bases: LDAP_ServerDown

exception univention.management.console.error.OpenIDProvideUnavailable(*args, **kwargs)[source]#: Bases: ServiceUnavailable

univention.management.console.ldap module#

Decorators for common ldap functionality. Example usage:

@machine_connection(write=True)
def foobar(self, ldap_connection=None, ldap_position=None):
    return ldap_connection.search('uid=Administrator')

def foobar():
    def bind(lo):
        lo.bind('Administrator', 'univention')
    lo, po = get_user_connection(bind=bind, write=True)
    return lo.search('uid=Administrator')

univention.management.console.ldap.admin_connection(func=None, loarg='ldap_connection', poarg='ldap_position', no_cache=False, **kwargs)#

univention.management.console.ldap.connection(func=None, bind=None, host=None, port=None, base=None, loarg='ldap_connection', poarg='ldap_position', no_cache=False, **kwargs)#

univention.management.console.ldap.get_admin_connection(*args, **kwargs)#

univention.management.console.ldap.get_connection(*args, **kwargs)#

univention.management.console.ldap.get_machine_connection(*args, **kwargs)#

univention.management.console.ldap.get_user_connection(*args, **kwargs)#

univention.management.console.ldap.machine_connection(func=None, write=True, loarg='ldap_connection', poarg='ldap_position', no_cache=False, **kwargs)#

univention.management.console.ldap.user_connection(func=None, bind=None, write=True, loarg='ldap_connection', poarg='ldap_position', no_cache=False, **kwargs)#

univention.management.console.locales module#

Locales#

The translations provided by the UMC server are technically based on gettext library. As the server needs to provide translations for several different components that deliver their own translation files this module provides a simple way for the UMC server to get the required translations. Components that provide their own translation files:

the UMC core — Python code directly imported by the UMC server
categories
module definitions

class univention.management.console.locales.I18N(locale=None, domain=None)[source]#

Bases: object

Provides a translation function for a given language and translation domain.

Parameters:

locale (str) – the locale to provide
domain (str) – the translation domain to use

LOCALE_DIR = '/usr/share/univention-management-console/i18n/'#

load(locale=None, domain=None)[source]#

Tries to load the translation file specified by the given locale and domain. If the given locale could not be found the method tries to find the translation domain for the systems default locale. No translation is provided when this fails too.

Parameters:

locale (str) – the locale to provide
domain (str) – the translation domain to use

exists(message)[source]#

Verifies if the translation file contains a translation for the given text.

Parameters:: message (str) – the text to search for
Return type:: bool

class univention.management.console.locales.I18N_Manager[source]#

Bases: dict

This class handles the I18N instances within an UMC session.

As the UMC server handles all sessions opened on a system that may all use a different language it uses one I18N_Manager per session.

set_locale(locale)[source]#

Sets the locale to use within the I18N_Manager.

Parameters:: locale (str) – locale to use

univention.management.console.log module#

Logging#

This module provides a wrapper for univention.debug

class univention.management.console.log.RequestFilter(umcmodule)[source]#

Bases: Filter

Initialize a filter.

Initialize with the name of the logger which, together with its children, will have its events allowed through the filter. If no name is specified, allow every event.

request_context = <ContextVar name='request'>#

filter(record)[source]#

Determine if the specified record is to be logged.

Returns True if the record should be logged, or False otherwise. If deemed appropriate, the record may be modified in-place.

univention.management.console.log.log_init(filename, log_level=2, log_pid=None, **kwargs)[source]#

Initializes Univention debug.

Parameters:

filename (str) – The filename just needs to be a relative name. The directory /var/log/univention/ is prepended and the suffix ‘.log’ is appended.
log_level (int) – log level to use (1-4)
log_pid (bool) – Prefix log message with process ID

univention.management.console.log.log_set_level(level=0)[source]#

Sets the log level for all components.

Parameters:: level (int) – log level to set

univention.management.console.log.log_reopen()[source]#: Reopenes the logfile and reset the current loglevel

univention.management.console.log.init_request_context_logging(umc_module)[source]#

univention.management.console.log.add_filter(filter_, logger_names=('MAIN', 'NETWORK', 'SSL', 'ADMIN', 'LDAP', 'MODULE', 'AUTH', 'PARSER', 'LOCALE', 'ACL', 'RESOURCES', 'PROTOCOL', 'tornado'))[source]#

univention.management.console.message module#

A backwards compatible layer to wrap HTTP request and response messages. The API of the Python objects representing the messages are based on the class Message.

class univention.management.console.message.Request(command: str, arguments: Any = None, options: Any = None, mime_type: str = 'application/json')[source]#

Bases: Message

Wraps a HTTP request message in a backwards compatible Python API format

require_password()[source]#

get_user_ldap_connection(no_cache=False, **kwargs)[source]#

bind_user_connection(lo)[source]#

class univention.management.console.message.Response(request: Request = None, data: Any = None, mime_type: str = 'application/json')[source]#

Bases: Message

This class describes a response to a request from the console frontend to the console daemon

recreate_id = None#

set_body(filename: str, mimetype: str | None = None) → None[source]#: Set body of response by guessing the mime type of the given file if not specified and adding the content of the file to the body. The mime type is guessed using the extension of the filename.

univention.management.console.modserver module#

This module provides a class for an UMC module server

class univention.management.console.modserver.UploadManager[source]#

Bases: dict

Store file uploads in temporary files so that module processes can access them

add(request_id, store)[source]#

cleanup(request_id)[source]#

class univention.management.console.modserver.ModuleServer(socket: str, module: str, logfile: str, timeout: int = 300)[source]#

Bases: object

Implements an UMC module server

Parameters:

socket (str) – UNIX socket filename
module (str) – name of the UMC module to serve
logfile (str) – name of the logfile
timeout (int) – If there are no incoming requests for timeout seconds the module server shuts down

loop()[source]#

signal_handler_stop(signo, frame)[source]#

signal_handler_reload(signo, frame)[source]#

signal_handler_alarm(signo, frame)[source]#

error_handling(request, method, etype, exc, etraceback)[source]#

handle_init(msg)[source]#

class univention.management.console.modserver.Handler(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: RequestHandler

set_default_headers()[source]#

Override this to set HTTP headers at the beginning of the request.

For example, this is the place to set a custom Server header. Note that setting such headers in the normal flow of request processing may not do what you want, since headers may be reset during error handling.

initialize(server, handler)[source]#

on_connection_close()[source]#

Called in async handlers if the client closed the connection.

Override this to clean up resources associated with long-lived connections. Note that this method is called only if the connection was closed during asynchronous processing; if you need to do cleanup after every request override on_finish instead.

Proxies may keep a connection open for a time (perhaps indefinitely) after the client has gone away, so this method may not be called promptly after the end user closes their connection.

on_finish()[source]#

Called after the end of a request.

Override this method to perform cleanup, logging, etc. This method is a counterpart to prepare. on_finish may not produce any output, as it is called after the response has been sent to the client.

async get(path)[source]#

async post(path)#

async put(path)#

async delete(path)#

async patch(path)#

async options(path)#

reply(response)[source]#

suffixed_cookie_name(cookie_name)[source]#

parse_authorization()[source]#

write_error(status_code, exc_info=(None, None, None), **kwargs)[source]#

Override to implement custom error pages.

write_error may call write, render, set_header, etc to produce output as usual.

If this error was caused by an uncaught exception (including HTTPError), an exc_info triple will be available as kwargs["exc_info"]. Note that this exception may not be the “current” exception for purposes of methods like sys.exc_info() or traceback.format_exc.

class univention.management.console.modserver.Cancel(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: RequestHandler

initialize(handler)[source]#

get()[source]#

class univention.management.console.modserver.Exit(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: RequestHandler

post()[source]#

get()#

univention.management.console.module module#

Module definitions#

The UMC server does not load the Python modules to get the details about the modules name, description and functionality. Therefore each UMC module must provide an XML file containing this kind of information.

The following example defines a module with the id udm:

<?xml version="1.0" encoding="UTF-8"?>
<umc version="2.0">
    <module id="udm" icon="udm-module" version="1.0">
        <name>Univention Directory Manager</name>
        <description>Manages all UDM modules</description>
        <flavor icon="udm-users" id="users/user">
            <name>Users</name>
            <description>Managing users</description>
        </flavor>
        <categories>
            <category name="domain" />
        </categories>
        <requiredCommands>
            <requiredCommand name="udm/query" />
        </requiredCommands>
        <command name="udm/query" function="query" />
        <command name="udm/containers" function="containers" />
    </module>
</umc>

The module tag defines the basic details of a UMC module

id: This identifier must be unique among the modules of an UMC server. Other files may extend the definition of a module by adding more flavors or categories.
icon: The value of this attribute defines an identifier for the icon that should be used for the module. Details for installing icons can be found in the section Packaging

The child elements name and description define the English human readable name and description of the module. For other translations the build tools will create translation files. Details can be found in the section Packaging.

This example defines a so called flavor. A flavor defines a new name, description and icon for the same UMC module. This can be used to show several”virtual” modules in the overview of the web frontend. Additionally the flavor is passed to the UMC server with each request i.e. the UMC module has the possibility to act differently for a specific flavor.

As the next element categories is defined in the example. The child elements category set the categories wthin the overview where the module should be shown. Each module can be more than one category. The attribute name is to identify the category internally. The UMC server brings a set of pre-defined categories:

favorites: This category is intended to be filled by the user herself.
system: Tools manipulating the system itself (e.g. software installation) should go in here.

At the end of the definition file a list of commands is specified. The UMC server only passes commands to a UMC module that are defined. A command definition has two attributes:

name: is the name of the command that is passed to the UMC module. Within the request this is the path segement of the URL after /univention/command/.
function: defines the method to be invoked within the Python module when the command is called.
keywords: defined keywords for the module to ensure searchability

The translations are stored in extra po files that are generated by the UMC build tools.

class univention.management.console.module.Command(name='', method=None, allow_anonymous=False)[source]#

Bases: JSON_Object

Represents a request URL path handled by a module

SEPARATOR = '/'#

fromJSON(json)[source]#

class univention.management.console.module.Flavor(id='', icon='', name='', description='', overwrites=None, deactivated=False, priority=-1, translationId=None, keywords=None, categories=None, required_commands=None, version=None, hidden=False)[source]#

Bases: JSON_Object

Defines a flavor of a module. This provides another name and icon in the overview and may influence the behavior of the module.

merge(other)[source]#

class univention.management.console.module.Module(id='', name='', url='', description='', icon='', categories=None, flavors=None, commands=None, priority=-1, keywords=None, translationId=None, required_commands=None, version=None, singleton=False, proxy=None)[source]#

Bases: JSON_Object

Represents a command attribute

fromJSON(json)[source]#

append_flavors(flavors)[source]#

merge_flavors(other_flavors)[source]#

merge(other)[source]#: merge another Module object into current one

class univention.management.console.module.Link(id='', name='', url='', description='', icon='', categories=None, flavors=None, commands=None, priority=-1, keywords=None, translationId=None, required_commands=None, version=None, singleton=False, proxy=None)[source]#: Bases: Module

class univention.management.console.module.XML_Definition(root=None, filename=None)[source]#

Bases: ElementTree

container for the interface description of a module

property name#

property version#

property url#

property description#

property keywords#

property id#

property priority#

property translationId#

property singleton#

property icon#

property deactivated#

property flavors#: Retrieve list of flavor objects

property categories#

commands()[source]#: Generator to iterate over the commands

get_module()[source]#

get_flavor(name)[source]#: Retrieves details of a flavor

get_command(name)[source]#: Retrieves details of a command

class univention.management.console.module.Manager[source]#

Bases: dict

Manager of all available modules

DIRECTORY = '/usr/share/univention-management-console/modules'#

modules()[source]#: Returns list of module names

load()[source]#: Loads the list of available modules. As the list is cleared before, the method can also be used for reloading

is_command_allowed(acls, command, hostname=None, options={}, flavor=None)[source]#

get_module(module_id)[source]#

permitted_commands(hostname, acls)[source]#

Retrieves a list of all modules and commands available according to the ACLs (instance of LDAP_ACLs)

{ id : Module, … }

is_singleton(module_name)[source]#

proxy_address(module_name)[source]#

module_providing(modules, command)[source]#: Searches a dictionary of modules (as returned by permitted_commands) for the given command. If found, the id of the module is returned, otherwise None

univention.management.console.oidc module#

univention.management.console.oidc.create_federated_account(uuid)[source]#

class univention.management.console.oidc.OIDCUser(id_token, access_token, refresh_token, claims)[source]#

Bases: object

OIDC tokens of the authenticated user.

id_token#

access_token#

refresh_token#

claims#

roles#

uuid#

username#

session_refresh_future#

federated_account#

property session_end_time#

property token_end_time#

class univention.management.console.oidc.OIDCResource(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: OAuth2Mixin, Resource

Base class for all OIDC resources.

requires_authentication = False#

async prepare()[source]#

Called at the beginning of a request before get/post/etc.

Override this method to perform common initialization regardless of the request method.

Asynchronous support: Use async def or decorate this method with .gen.coroutine to make it asynchronous. If this method returns an Awaitable execution will not proceed until the Awaitable is done.

Added in version 3.1: Asynchronous support.

get_openid_provider(issuer)[source]#

set_settings(issuer)[source]#

async bearer_authorization(bearer_token)[source]#

async authenticate(code, code_verifier, nonce)[source]#

async handle_federated_account(oidc)[source]#

async pam_oidc_authentication(oidc)[source]#

verify_id_token(token, nonce)[source]#

verify_access_token(token)[source]#

verify_logout_token(token)[source]#

async get_user_information(bearer_token)[source]#

async download_jwks()[source]#

async get_access_token(redirect_uri, code, code_verifier)[source]#

async get_new_access_token(redirect_uri, refresh_token)[source]#

async refresh_session_tokens(user)[source]#: Refresh the tokens using the refresh token.

class univention.management.console.oidc.OIDCLogin(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: OIDCResource

User initiated login at the OP using Authentication Code Flow.

async get()[source]#

async post()[source]#

async do_single_sign_on(location, login_hint)[source]#

class univention.management.console.oidc.OIDCLogout(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: _OIDCLogoutBase

User initiated logout at the OP

get()[source]#: User initiated front channel logout at OP.

async post()[source]#: User initiated back channel logout at OP.

class univention.management.console.oidc.OIDCLogoutFinished(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: _OIDCLogoutBase

get()[source]#

class univention.management.console.oidc.OIDCFrontchannelLogout(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: _OIDCLogoutBase

OP initiated frontchannel logout at this RP.

get()[source]#

class univention.management.console.oidc.OIDCBackchannelLogout(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: OIDCResource

OP initiated backchannel logout at this RP.

post()[source]#

class univention.management.console.oidc.OIDCMetadata(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: OIDCResource

A client metadata document suitable for dynamic client registration.

get()[source]#

univention.management.console.pam module#

exception univention.management.console.pam.AuthenticationError[source]#: Bases: Exception

exception univention.management.console.pam.AuthenticationFailed[source]#: Bases: AuthenticationError

exception univention.management.console.pam.AuthenticationInformationMissing(message: str, missing_prompts: Any)[source]#: Bases: AuthenticationError

exception univention.management.console.pam.AccountExpired[source]#: Bases: AuthenticationError

exception univention.management.console.pam.PasswordExpired[source]#: Bases: AuthenticationError

exception univention.management.console.pam.PasswordChangeFailed[source]#: Bases: AuthenticationError

class univention.management.console.pam.PamAuth(locale: str | None = None)[source]#

Bases: object

known_errors: dict[str | Pattern[str], str] = {"Password doesn't meet complexity requirement.": 'The password is too simple.', "The passwort didn't pass quality check": 'The password is too simple.', ': Es basiert auf einem Wörterbucheintrag': 'The password is based on a dictionary word.', ': Es enthält nicht genug unterschiedliche Zeichen': 'The password does not contain enough different characters.', ': Es ist VIEL zu kurz': 'The password is too short.', ': Es ist zu einfach/systematisch': 'The password is too simple.', ': Es ist zu kurz': 'The password is too short.', ': Password already used': 'The password was already used.', ': Password does not meet complexity requirements': 'The password is too simple.', ': Password is too short': 'The password is too short.', ': is a palindrome': 'The password is a palindrome.', ': it does not contain enough DIFFERENT characters': 'The password does not contain enough different characters.', ': it is WAY too short': 'The password is too short.', ': it is based on a dictionary word': 'The password is based on a dictionary word.', ': it is too simplistic/systematic': 'The password is too simple.', 'BAD PASSWORD: is too simple': 'The password is too simple.', 'BAD PASSWORD: it is WAY too short': 'The password is too short.', 'Bad: new and old password are too similar': 'The password is too similar to the old one.', 'Bad: new and old password must differ by more than just case': 'The password is too similar to the old one.', 'Bad: new password cannot be a palindrome': 'The password is a palindrome.', 'Bad: new password is just a wrapped version of the old one': 'The password is too similar to the old one.', 'Bad: new password is too simple': 'The password is too simple.', 'Bad: new password must be different than the old one': 'The password was already used.', 'Error: Password does not meet complexity requirements': 'The password is too simple.', 'Insufficient Password Quality': 'The password is too simple.', 'Password Insufficient': 'The password is too simple.', 'Password Too Young': 'The minimum password age is not reached yet.', 'Password already used': 'The password was already used.', 'Password change rejected, password changes may not be permitted on this account, or the minimum password age may not have elapsed.': 'The minimum password age is not reached yet.', 'Password contains parts of the full user name.': 'The password contains parts of the full user name.', 'Password contains user account name.': 'The password contains user account name.', 'Password does not meet complexity requirements': 'The password is too simple.', 'Password does not meet the password complexity requirements.': 'The password does not meet the password complexity requirements.', 'Password has been already used. Choose another.': 'The password was already used.', 'Password has been already used.': 'The password was already used.', 'Password is too short': 'The password is too short.', 'Passwort nicht geändert': 'The password was already used.', 'Schlechtes Passwort: Es basiert auf einem (umgekehrten) W?rterbucheintrag': 'The password is based on a dictionary word.', 'Schlechtes Passwort: Es basiert auf einem (umgekehrten) Wörterbucheintrag': 'The password is based on a dictionary word.', 'Schlechtes Passwort: Es basiert auf einem W?rterbucheintrag': 'The password is based on a dictionary word.', 'Schlechtes Passwort: Es basiert auf einem Wörterbucheintrag': 'The password is based on a dictionary word.', 'Schlechtes Passwort: Es ist VIEL zu kurz': 'The password is too short.', 'Schlechtes Passwort: Es ist zu kurz': 'The password is too short.', 'Schlechtes Passwort: ist dem alten zu ?hnlich': 'The password is too similar to the old one.', 'Schlechtes Passwort: ist dem alten zu ähnlich': 'The password is too similar to the old one.', 'Schlechtes Passwort: ist ein Palindrome': 'The password is a palindrome.', 'Schlechtes Passwort: ist zu einfach': 'The password is too simple.', 'Schlechtes Passwort: wurde gedreht': 'The password is a palindrome.', 'Sie müssen ein kürzeres Passwort wählen.': 'The password is too long.', 'Unable to reach any changepw server in realm %s': 'Make sure the kerberos service is functioning or inform an Administrator.', 'You must choose a longer passwordPassword Too Short': 'The password is too short.', 'You must choose a shorter password.': 'The password is too long.', 'You must wait longer to change your password': 'The minimum password age is not reached yet.', 'case changes only': 'The password is too similar to the old one.', 'contains too long of a monotonic character sequence': 'The password does not contain enough different characters.', 'contains too many same characters consecutively': 'The password does not contain enough different characters.', 'is a palindrome': 'The password is a palindrome.', 'is rotated': 'The password was already used.', 'is the same as the old one': 'The password was already used.', 'is too similar to the old one': 'The password is too similar to the old one.', 'is too simple': 'The password is too simple.', 'not enough character classes': 'The password does not contain enough different characters.', 'password unchanged': 'The password was already used.', re.compile('Password is already in password history. New password must not match any of your (?P<history>\\d+) previous passwords.', re.IGNORECASE): 'The password was already used.', re.compile('Password too short, password must be at least (?P<minlen>\\d+) characters long.', re.IGNORECASE): 'The password is too short.', re.compile('^Password is already in password history$'): 'The password was already used.', re.compile('^Password too short$'): 'The password is too short.'}#

custom_prompts: tuple[str, ...] = ('OTP',)#

authenticate(username: str, password: str, **answers: Any) → None[source]#

change_password(username: str, old_password: str, new_password: str) → None[source]#

init() → PAM.pam[source]#

start(username: str, data: Any) → None[source]#

end() → None[source]#

conversation(auth: Any, query_list: Any, data: Any) → list[source]#

error_message(pam_err: tuple[Any, int]) → str[source]#

univention.management.console.resource module#

class univention.management.console.resource.Resource(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: RequestHandler

Base class for every UMC resource

requires_authentication = True#

ignore_session_timeout_reset = False#

set_default_headers()[source]#

Override this to set HTTP headers at the beginning of the request.

async prepare()[source]#

Called at the beginning of a request before get/post/etc.

Override this method to perform common initialization regardless of the request method.

Added in version 3.1: Asynchronous support.

check_session_validity()[source]#

get_current_user()[source]#

Override to determine the current user from, e.g., a cookie.

This method may not be a coroutine.

get_user_locale()[source]#

Override to determine the locale from the authenticated user.

If None is returned, we fall back to get_browser_locale().

This method should return a tornado.locale.Locale object, most likely obtained via a call like tornado.locale.get("en")

get_session_id()[source]#: get the current session ID from cookie (or basic auth hash).

create_sessionid(random=True)[source]#

sessionidhash()[source]#

set_session(sessionid)[source]#

expire_session()[source]#

set_cookies(*cookies, **kwargs)[source]#

get_cookie(name, default=None)[source]#

Returns the value of the request cookie with the given name.

If the named cookie is not present, returns default.

This method only returns cookies that were present in the request. It does not see the outgoing cookies set by set_cookie in this handler.

suffixed_cookie_name(name)[source]#

bind_session_to_ip()[source]#

get_ip_address()[source]#: get the IP address of client by last entry (from apache) in X-FORWARDED-FOR header

async parse_authorization()[source]#

async basic_authorization(credentials)[source]#

async bearer_authorization(bearer_token)[source]#

async refresh_oidc_session()[source]#

property lo#

load_json(body)[source]#

decode_request_arguments()[source]#

content_negotiation(response, wrap=True)[source]#

get_json(result, wrap=True)[source]#

content_negotiation_json(response)[source]#

write_error(status_code, **kwargs)[source]#

Override to implement custom error pages.

write_error may call write, render, set_header, etc to produce output as usual.

default_error_page(status, message, stacktrace, result=None)[source]#

default_error_page_html(status, message, stacktrace, result=None)[source]#

default_error_page_json(status, message, stacktrace, result=None)[source]#: The default error page for responses

check_acceptable(header, default='')[source]#

reverse_abs_url(name, path=None)[source]#

univention.management.console.resources module#

Implements several helper classes to handle the state of a session and the communication with the module processes

univention.management.console.resources.sanitize(*sargs, **skwargs)[source]#

exception univention.management.console.resources.CouldNotConnect[source]#: Bases: Exception

class univention.management.console.resources.ModuleProcess(module, debug='0', locale=None, no_daemonize_module_processes=False)[source]#

Bases: _ModuleConnection

handles the communication with a UMC module process

Parameters:

module (str) – name of the module to start
debug (str) – debug level as a string
locale (str) – locale to use for the module process

set_exit_callback(callback)[source]#

async connect(connect_retries=0)[source]#

request(method, uri, headers=None, body=None)[source]#

get_uri(uri)[source]#

stop() → None[source]#

async stop_process()[source]#

str_returncode(returncode)[source]#

pid() → int[source]#: Returns process ID of module process

disconnect_inactivity_timer()[source]#

reset_inactivity_timer()[source]#: Resets the inactivity timer. This timer watches the inactivity of the module process. If the module did not receive a request for MODULE_INACTIVITY_TIMER seconds the module process is shut down to save resources.

class univention.management.console.resources.ModuleProxy(proxy_address, unix_socket=None)[source]#

Bases: _ModuleConnection

async connect(connect_retries=0)[source]#

request(method, uri, headers=None, body=None)[source]#

get_uri(uri)[source]#

class univention.management.console.resources.Index(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Redirect to correct path when bypassing gateway

get()[source]#

post()#

class univention.management.console.resources.Logout(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Logout a user

requires_authentication = False#

ignore_session_timeout_reset = True#

get(**kwargs)[source]#

post(**kwargs)#

class univention.management.console.resources.Nothing(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

requires_authentication = False#

async prepare(*args, **kwargs)[source]#

Called at the beginning of a request before get/post/etc.

Override this method to perform common initialization regardless of the request method.

Added in version 3.1: Asynchronous support.

class univention.management.console.resources.SessionInfo(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Get information about the current session

requires_authentication = False#

ignore_session_timeout_reset = True#

get()[source]#

post()#

class univention.management.console.resources.GetIPAddress(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Get the most likely IP address of the client

requires_authentication = False#

get()[source]#

property addresses#

post()#

class univention.management.console.resources.NewSession(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Drop all information from the current session - like a relogin

get()[source]#

post()#

class univention.management.console.resources.Auth(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Authenticate the user via PAM - either via plain password or via SAML message

requires_authentication = False#

async parse_authorization()[source]#

post(*args, **kwargs)[source]#

get(*args, **kwargs)#

class univention.management.console.resources.Modules(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Get a list of available modules

requires_authentication = False#

async prepare()[source]#

Called at the beginning of a request before get/post/etc.

Override this method to perform common initialization regardless of the request method.

Added in version 3.1: Asynchronous support.

get()[source]#

post()#

class univention.management.console.resources.Categories(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Get a list of available categories

requires_authentication = False#

async prepare()[source]#

Called at the beginning of a request before get/post/etc.

Override this method to perform common initialization regardless of the request method.

Added in version 3.1: Asynchronous support.

get()[source]#

post()#

class univention.management.console.resources.Upload(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Handle generic file upload which is not targeted for any module

post()[source]#: Handles a file UPLOAD request, respond with a base64 representation of the content.

class univention.management.console.resources.Command(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Gateway for command/upload requests to UMC module processes

requires_authentication = False#

async prepare(*args, **kwargs)[source]#

Called at the beginning of a request before get/post/etc.

Override this method to perform common initialization regardless of the request method.

Added in version 3.1: Asynchronous support.

forbidden_or_unauthenticated(message)[source]#

on_connection_close()[source]#

Called in async handlers if the client closed the connection.

Proxies may keep a connection open for a time (perhaps indefinitely) after the client has gone away, so this method may not be called promptly after the end user closes their connection.

cancel_request()[source]#

on_finish()[source]#

Called after the end of a request.

Override this method to perform cleanup, logging, etc. This method is a counterpart to prepare. on_finish may not produce any output, as it is called after the response has been sent to the client.

async get(umcp_command, command)[source]#

Handles a COMMAND request. The request must contain a valid and known command that can be accessed by the current user. If access to the command is prohibited the request is answered as a forbidden command.

If there is no running module process for the given command a new one is started and the request is added to a queue of requests that will be passed on when the process is ready.

If a module process is already running the request is passed on and the inactivity timer is reset.

get_request_header(session, methodname, umcp_command)[source]#

async post(umcp_command, command)#

If there is no running module process for the given command a new one is started and the request is added to a queue of requests that will be passed on when the process is ready.

If a module process is already running the request is passed on and the inactivity timer is reset.

async put(umcp_command, command)#

If there is no running module process for the given command a new one is started and the request is added to a queue of requests that will be passed on when the process is ready.

If a module process is already running the request is passed on and the inactivity timer is reset.

async delete(umcp_command, command)#

If there is no running module process for the given command a new one is started and the request is added to a queue of requests that will be passed on when the process is ready.

If a module process is already running the request is passed on and the inactivity timer is reset.

async patch(umcp_command, command)#

If there is no running module process for the given command a new one is started and the request is added to a queue of requests that will be passed on when the process is ready.

If a module process is already running the request is passed on and the inactivity timer is reset.

async options(umcp_command, command)#

If there is no running module process for the given command a new one is started and the request is added to a queue of requests that will be passed on when the process is ready.

If a module process is already running the request is passed on and the inactivity timer is reset.

class univention.management.console.resources.UCR(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Get UCR Variables matching a pattern

get(*args, **kwargs)[source]#

post(*args, **kwargs)#

class univention.management.console.resources.Meta(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Get Metainformation about the environment

requires_authentication = False#

META_JSON_PATH = '/var/www/univention/meta.json'#

META_UCR_VARS = ['domainname', 'hostname', 'ldap/master', 'license/base', 'server/role', 'ssl/validity/host', 'ssl/validity/root', 'ssl/validity/warning', 'umc/web/favorites/default', 'umc/web/piwik', 'update/available', 'update/reboot/required', 'uuid/license', 'uuid/system', 'version/erratalevel', 'version/patchlevel', 'version/releasename', 'version/version']#

get()[source]#

post()#

class univention.management.console.resources.Info(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Get UCS and UMC version number and SSL validity

CHANGELOG_VERSION = re.compile('^[^(]*\$([^)]*)\$.*')#

get_umc_version()[source]#

get_ucs_version()[source]#

get()[source]#

post()#

class univention.management.console.resources.Hosts(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

List all directory nodes in the domain

get()[source]#

post()#

get_hosts()[source]#

class univention.management.console.resources.Set(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Generic set of locale, user preferences (favorites) or password

..deprecated:: 5.0: use specific pathes (“set/{password,locale,user/preferences}”) instead

async post()[source]#

class univention.management.console.resources.SetLocale(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Set the locale for the session.

Deprecated since version 5.0: set language via Accept-Language HTTP header

requires_authentication = False#

post(*args, **kwargs)[source]#

class univention.management.console.resources.SetPassword(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Change the password of the currently authenticated user

post(*args, **kwargs)[source]#

class univention.management.console.resources.UserPreferences(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

get user specific preferences like favorites

get()[source]#

post()[source]#

class univention.management.console.resources.SetUserPreferences(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: UserPreferences

set user specific preferences like favorites

get()[source]#

post(*args, **kwargs)[source]#

async univention.management.console.resources.wait_task(event)[source]#

class univention.management.console.resources.SSELogoutNotifer(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

requires_authentication = True#

wait_task = None#

cancelled = True#

async wait(event: Event)[source]#

async get()[source]#

on_connection_close()[source]#

Called in async handlers if the client closed the connection.

Proxies may keep a connection open for a time (perhaps indefinitely) after the client has gone away, so this method may not be called promptly after the end user closes their connection.

on_finish()[source]#

Called after the end of a request.

Override this method to perform cleanup, logging, etc. This method is a counterpart to prepare. on_finish may not produce any output, as it is called after the response has been sent to the client.

univention.management.console.saml module#

class univention.management.console.saml.SAMLUser(response, message)[source]#

Bases: object

SAML specific user information

name_id#

message#

username#

session_end_time#

on_logout()[source]#

exception univention.management.console.saml.SamlError(_=<bound method NullTranslation.translate of <univention.lib.i18n.NullTranslation object>>)[source]#

Bases: HTTPError

Errors caused during SAML authentication

error(status=400)[source]#

from_exception(etype, exc, etraceback)[source]#

unknown_principal(*args, **kwargs)[source]#

unsupported_binding(*args, **kwargs)[source]#

unknown_logout_binding(*args, **kwargs)[source]#

verification_error(*args, **kwargs)[source]#

unsolicited_response(*args, **kwargs)[source]#

status_error(*args, **kwargs)[source]#

missing_key(*args, **kwargs)[source]#

signature_error(*args, **kwargs)[source]#

unparsed_saml_response(*args, **kwargs)[source]#

no_identity_provider(*args, **kwargs)[source]#

multiple_identity_provider(*args, **kwargs)[source]#

class univention.management.console.saml.SAMLResource(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: Resource

Base class for all SAML resources

requires_authentication = False#

SP = None#

configfile = '/usr/share/univention-management-console/saml/sp.py'#

idp_query_param = 'IdpQuery'#

bindings = ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact']#

outstanding_queries = {}#

classmethod on_logout(name_id)[source]#

class univention.management.console.saml.SamlMetadata(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: SAMLResource

Get the SAML XML Metadata

get()[source]#

class univention.management.console.saml.SamlACS(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: SAMLResource

SAML attribute consuming service (or Single Sign On redirection)

property sp#

classmethod reload()[source]#

async get()[source]#

async post()#

async attribute_consuming_service(binding, message, relay_state)[source]#

async attribute_consuming_service_iframe(binding, message, relay_state)[source]#

async pam_saml_authentication(saml)[source]#

parse_authn_response(message, binding)[source]#

do_single_sign_on(**kwargs)[source]#

create_authn_request(**kwargs)[source]#

Creates the SAML <AuthnRequest> request and returns the SAML binding and HTTP response.

Returns (binding, http-arguments)

select_identity_provider()[source]#

Select an identity provider based on the available identity providers. If multiple IDP’s are set up the client might have specified one in the query string. Otherwise an error is raised where the user can choose one.

Returns the EntityID of the IDP.

get_identity_provider_destination(entity_id)[source]#

Get the destination (with SAML binding) of the specified entity_id.

Returns (binding, destination-URI)

select_service_provider()[source]#

Select the ACS-URI and binding of this service provider based on the request uri. Tries to preserve the current scheme (HTTP/HTTPS) and netloc (host/IP) but falls back to FQDN if it is not set up.

Returns (binding, service-provider-URI)

http_response(binding, http_args)[source]#: Converts the HTTP arguments from pysaml2 into the tornado response.

class univention.management.console.saml.SamlIframeACS(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: SamlACS

Passive SAML authentication via hidden iframe

get()[source]#

post()#

class univention.management.console.saml.SamlSingleLogout(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: SamlACS

SAML Single Logout by IDP

get(*args, **kwargs)[source]#

post(*args, **kwargs)#

class univention.management.console.saml.SamlLogout(application: Application, request: HTTPServerRequest, **kwargs: Any)[source]#

Bases: SamlACS

Initiate SAML Logout at the IDP

get()[source]#

post()#

univention.management.console.server module#

class univention.management.console.server.Application(**settings)[source]#

Bases: Application

The tornado application with all UMC resources

univention.management.console.server.tornado_log_reopen()[source]#

class univention.management.console.server.Server[source]#

Bases: object

univention-management-console-server

signal_handler_hup(signo, frame)[source]#: Handler for the postrotate action

signal_handler_sigusr2(signo, frame)[source]#: Handler for SIGUSR2 for debugging e.g. memory analysis

signal_handler_reload(signo, frame)[source]#: Handler for the reload action

signal_handler_stop(signo, frame)[source]#

classmethod reload()[source]#

run()[source]#

static analyse_memory() → None[source]#: Print the number of living UMC objects. Helpful when analysing memory leaks.

univention.management.console.server.main()[source]#

univention.management.console.session module#

class univention.management.console.session.User[source]#

Bases: object

Information about the authenticated user

ip#

authenticated#

username#

password#

auth_type#

user_dn#

object_id#

session_end_time#

roles#

federated_account#

class univention.management.console.session.Session(session_id)[source]#

Bases: object

A interface to session data

sessions = <univention.management.console.session_dict.SessionDict object>#

classmethod get_or_create(session_id)[source]#

classmethod put(session_id, session)[source]#

classmethod expire(session_id, reload=True)[source]#: Removes a session when the connection to the UMC server has died or the session is expired

session_id#

user#

saml#

oidc#

acls#

processes#

renew()[source]#

async authenticate(args)[source]#

async change_password(args)[source]#

set_credentials(username, password, auth_type, object_id=None, roles=None, federated_account=False)[source]#

get_user_ldap_connection(**kwargs)[source]#

is_saml_user()[source]#

is_oidc_user()[source]#

get_umc_password()[source]#

get_umc_auth_type()[source]#

logout(reload=True)[source]#

reset_timeout()[source]#

disconnect_timer()[source]#

timed_out(now=None, session_end_time=None)[source]#

property session_end_time#

on_logout()[source]#

class univention.management.console.session.IACLs(session)[source]#

Bases: object

Interface for UMC-ACL information

property acls#

is_command_allowed(command, options, flavor)[source]#

get_permitted_commands(moduleManager)[source]#

is_module_singleton(module_name)[source]#

get_module_proxy_address(module_name)[source]#

get_module_providing(moduleManager, command)[source]#

get_method_name(moduleManager, module_name, command)[source]#

class univention.management.console.session.Processes(session)[source]#

Bases: object

Interface for module processes

singletons = {}#

property acls#

processes(module_name)[source]#

get_process(module_name, accepted_language, no_daemonize_module_processes=False)[source]#

stop_process(module_name)[source]#

process_exited(module_name, exit_code)[source]#

has_active_module_processes()[source]#

univention.management.console.session_db module#

exception univention.management.console.session_db.DBDisabledException[source]#: Bases: Exception

exception univention.management.console.session_db.PostgresListenNotifyUnsupported[source]#: Bases: Exception

class univention.management.console.session_db.DBRegistry[source]#

Bases: object

classmethod get()[source]#

classmethod enabled()[source]#

class univention.management.console.session_db.PostgresListener(engine: Engine)[source]#

Bases: object

verify_postgres(engine: Engine | None = None)[source]#

listen()[source]#

handle_postgres_notify()[source]#

classmethod notify(conn: Connection | Session, session_id: str)[source]#

univention.management.console.session_db.get_session(auto_commit=True) → Generator[Session, None, None][source]#

class univention.management.console.session_db.DBSession(**kwargs)[source]#

Bases: Base

A simple constructor that allows initialization from kwargs.

Sets attributes on the constructed instance using the names and values in kwargs.

Only keys that are present as attributes of the instance’s class are allowed. These could be, for example, any mapped columns or relationships.

session_id#

expire_time#

oidc_sid#

oidc_sub#

oidc_iss#

sessions = {}#

classmethod get(db_session, session_id)[source]#

classmethod delete(db_session: Session, session_id: str, send_postgres_logout_notify: bool = False)[source]#

classmethod update(db_session, session_id, umc_session)[source]#

classmethod create(db_session, session_id, umc_session)[source]#

classmethod calculate_session_end_time(umc_session)[source]#

classmethod get_by_oidc(db_session, claims)[source]#

univention.management.console.session_dict module#

class univention.management.console.session_dict.SessionDict[source]#

Bases: MutableMapping

sessions = {}#

get_oidc_sessions(logout_token_claims)[source]#

delete(session_id, reload=True)[source]#

univention.management.console.shared_memory module#

univention.management.console.sse module#

univention.management.console.tools module#

class univention.management.console.tools.JSON_Object[source]#

Bases: object

Converts Python object into JSON compatible data structures. Types like lists, tuples and dictionary are converted directly. If none of these types matches the method tries to convert the attributes of the object and generate a dict to represent it.

json()[source]#

class univention.management.console.tools.JSON_List(iterable=(), /)[source]#: Bases: list, JSON_Object

class univention.management.console.tools.JSON_Dict[source]#: Bases: dict, JSON_Object

Univention Corporate Server Python API 5.2 documentation

univention.management.console package

Contents

univention.management.console package#

Subpackages#

Submodules#

univention.management.console.acl module#

UMC ACL implementation#

univention.management.console.auth module#

univention.management.console.base module#

Python API for UMC modules#

univention.management.console.category module#

Category definitions#

univention.management.console.config module#

Configuration#

univention.management.console.error module#

univention.management.console.ldap module#

univention.management.console.locales module#

Locales#

univention.management.console.log module#

Logging#

univention.management.console.message module#

univention.management.console.modserver module#

univention.management.console.module module#

Module definitions#

univention.management.console.oidc module#

univention.management.console.pam module#

univention.management.console.resource module#

univention.management.console.resources module#

univention.management.console.saml module#

univention.management.console.server module#

univention.management.console.session module#

univention.management.console.session_db module#

univention.management.console.session_dict module#

univention.management.console.shared_memory module#

univention.management.console.sse module#

univention.management.console.tools module#