def create_filegroup_object(self, group_id):
assert group_id not in self.filegroupcache
cache = self.groupcache[group_id]
entry = {'objectClass': ('top', 'posixGroup'),
'cn': LDIFutils.iso2utf(cache['name']),
'gidNumber': self.group2gid[group_id],
}
if 'description' in cache:
entry['description'] = (LDIFutils.iso2utf(cache['description']),)
self.filegroupcache[group_id] = entry
def create_filegroup_object(self, group_id):
assert group_id not in self.filegroupcache
cache = self.groupcache[group_id]
entry = {
'objectClass': ('top', 'posixGroup'),
'cn': LDIFutils.iso2utf(cache['name']),
'gidNumber': self.group2gid[group_id],
}
if 'description' in cache:
entry['description'] = (LDIFutils.iso2utf(cache['description']), )
self.filegroupcache[group_id] = entry
def dump(self):
fd = LDIFutils.ldif_outfile('RADIUS')
fd.write(LDIFutils.container_entry_string('RADIUS'))
noAuth = (None, None)
for account_id, vlan_vpn in self.id2vlan_vpn.iteritems():
info = self.auth[account_id]
uname = LDIFutils.iso2utf(str(info[0]))
auth = info[1]
ntAuth = self.md4_auth.get(account_id, noAuth)[1]
if account_id in self.quarantines:
qh = QuarantineHandler(self.db, self.quarantines[account_id])
if qh.should_skip():
continue
if qh.is_locked():
auth = ntAuth = None
dn = ','.join(('uid=' + uname, self.radius_dn))
entry = {
# Ikke endelig innhold
'objectClass': ['top', 'account', 'uiaRadiusAccount'],
'uid': (uname,),
'radiusTunnelType': ('VLAN',),
'radiusTunnelMediumType': ('IEEE-802',),
'radiusTunnelPrivateGroupId': (vlan_vpn[0],),
'radiusClass': (vlan_vpn[1],)}
if auth:
entry['objectClass'].append('simpleSecurityObject')
entry['userPassword'] = ('{crypt}' + auth,)
if ntAuth:
entry['ntPassword'] = (ntAuth,)
fd.write(LDIFutils.entry_string(dn, entry, False))
LDIFutils.end_ldif_outfile('RADIUS', fd)
def create_netgroup_object(self, group_id):
assert group_id not in self.netgroupcache
cache = self.groupcache[group_id]
entry = {'objectClass': ('top', 'nisNetGroup'),
'cn': LDIFutils.iso2utf(cache['name'],)
}
if 'description' in cache:
entry['description'] = \
latin1_to_iso646_60(cache['description']).rstrip(),
self.netgroupcache[group_id] = entry
def create_netgroup_object(self, group_id):
assert group_id not in self.netgroupcache
cache = self.groupcache[group_id]
entry = {
'objectClass': ('top', 'nisNetGroup'),
'cn': LDIFutils.iso2utf(cache['name'], )
}
if 'description' in cache:
entry['description'] = \
latin1_to_iso646_60(cache['description']).rstrip(),
self.netgroupcache[group_id] = entry
def dump(self):
fd = LDIFutils.ldif_outfile('USER')
fd.write(LDIFutils.container_entry_string('USER'))
for row in self.account.search():
account_id = row['account_id']
info = self.auth[account_id]
uname = LDIFutils.iso2utf(str(info[0]))
auth = info[1]
if account_id in self.quarantines:
qh = QuarantineHandler(self.db, self.quarantines[account_id])
if qh.should_skip():
continue
if qh.is_locked():
auth = None
dn = ','.join(('uid=' + uname, self.user_dn))
entry = {
'objectClass': ['account'],
'uid': (uname,),}
if auth:
entry['objectClass'].append('simpleSecurityObject')
entry['userPassword'] = ('{crypt}' + auth,)
fd.write(LDIFutils.entry_string(dn, entry, False))
LDIFutils.end_ldif_outfile('USER', fd)
def dump(self):
fd = LDIFutils.ldif_outfile('USER')
fd.write(LDIFutils.container_entry_string('USER'))
for row in self.account.search():
account_id = row['account_id']
info = self.auth[account_id]
uname = LDIFutils.iso2utf(str(info[0]))
auth = info[1]
if account_id in self.quarantines:
qh = QuarantineHandler(self.db, self.quarantines[account_id])
if qh.should_skip():
continue
if qh.is_locked():
auth = None
dn = ','.join(('uid=' + uname, self.user_dn))
entry = {
'objectClass': ['account'],
'uid': (uname, ),
}
if auth:
entry['objectClass'].append('simpleSecurityObject')
entry['userPassword'] = ('{crypt}' + auth, )
fd.write(LDIFutils.entry_string(dn, entry, False))
LDIFutils.end_ldif_outfile('USER', fd)
def user_object(self, row):
account_id = int(row['account_id'])
uname = row['entity_name']
passwd = '{crypt}*Invalid'
if row['auth_data']:
if self.auth_format[self.user_auth]['format']:
passwd = self.auth_format[self.user_auth]['format'] % \
row['auth_data']
else:
passwd = row['auth_data']
else:
for uauth in [x for x in self.a_meth if x in self.auth_format]:
try:
if self.auth_format[uauth]['format']:
passwd = self.auth_format[uauth]['format'] % \
self.auth_data[account_id][uauth]
else:
passwd = self.auth_data[account_id][uauth]
except KeyError:
pass
if not row['shell']:
self.logger.warn("User %s have no posix-shell!" % uname)
return None, None
else:
shell = self.shell_tab[int(row['shell'])]
if account_id in self.quarantines:
self.qh.quarantines = self.quarantines[account_id]
if self.qh.should_skip():
return None, None
if self.qh.is_locked():
passwd = '{crypt}' + '*Locked'
qshell = self.qh.get_shell()
if qshell is not None:
shell = qshell
try:
if row['disk_id']:
disk_path = self.disk_tab[int(row['disk_id'])]
else:
disk_path = None
home = self.posuser.resolve_homedir(account_name=uname,
home=row['home'],
disk_path=disk_path)
# 22.07.2013: Jira, CRB-98
# Quick fix, treat empty "home" as an error, to make
# generate_posix_ldif complete
if not home:
# This event should be treated the same way as a disk_id
# NotFoundError -- it means that a PosixUser has no home
# directory set.
raise Exception()
except (Errors.NotFoundError, Exception):
self.logger.warn("User %s has no home-directory!" % uname)
return None, None
cn = row['name'] or row['gecos'] or uname
gecos = latin1_to_iso646_60(row['gecos'] or cn)
entry = {
'objectClass': ['top', 'account', 'posixAccount'],
'cn': (LDIFutils.iso2utf(cn), ),
'uid': (uname, ),
'uidNumber': (str(int(row['posix_uid'])), ),
'gidNumber': (str(int(row['posix_gid'])), ),
'homeDirectory': (home, ),
'userPassword': (passwd, ),
'loginShell': (shell, ),
'gecos': (gecos, )
}
self.update_user_entry(account_id, entry, row)
if not account_id in self.id2uname:
self.id2uname[account_id] = uname
else:
self.logger.warn('Duplicate user-entry: (%s,%s)!', account_id,
uname)
return None, None
dn = ','.join((('uid=' + uname), self.user_dn))
return dn, entry
def prep(self):
# This function collects the information that should be exported.
# It also enforces quarantines.
aff_to_select = [self.const.PersonAffiliation(x) for x in cereconf.LDAP_SAMSON3["affiliation"]]
# We select all persons with a specific affiliation:
for ac in self.account.list_accounts_by_type(affiliation=aff_to_select):
# We get the account name and password hash
self.account.clear()
self.account.find(ac["account_id"])
auth = self.auth[self.account.entity_id]
auth = "{crypt}" + auth[1]
# Set the hash to None if the account is quarantined.
if ac["account_id"] in self.quarantines:
# FIXME: jsama, 2012-03-21:
# Commenting out these lines is a quick fix. Spreads might not
# be totally sane as of this writing, so if anyone has a
# quarantine, don't export the password hash. We don't care
# about them rules defined in cereconf.
# qh = QuarantineHandler(self.db, self.quarantines[ac['account_id']],
# spreads=[self.const.spread_ldap_account])
# if qh.should_skip():
# continue
# if qh.is_locked():
# auth = None
auth = None
# Get the persons names
self.person.clear()
self.person.find(self.account.owner_id)
surname = self.person.get_name(self.const.system_cached, self.const.name_last)
given_name = self.person.get_name(self.const.system_cached, self.const.name_first)
common_name = self.person.get_name(self.const.system_cached, self.const.name_full)
# We convert to utf
surname = LDIFutils.iso2utf(surname)
given_name = LDIFutils.iso2utf(given_name)
common_name = LDIFutils.iso2utf(common_name)
username = LDIFutils.iso2utf(self.account.account_name)
# Get the email address
email = self.account.get_primary_mailaddress()
# Construct the distinguished name
dn = ",".join(("uid=" + username, self.samson3_dn))
# Stuff all data in a dict
entry = {
"uid": username,
"mail": email,
"cn": common_name,
"sn": surname,
"givenName": given_name,
"objectClass": "inetOrgPerson",
}
if auth: # Export password attribute unless quarantine
entry["userPassword"] = auth
# Put the DN and dict in a list, to be written to file later.
self.entries.append({"dn": dn, "entry": entry})
def user_object(self, row):
account_id = int(row['account_id'])
uname = row['entity_name']
passwd = '{crypt}*Invalid'
if row['auth_data']:
if self.auth_format[self.user_auth]['format']:
passwd = self.auth_format[self.user_auth]['format'] % \
row['auth_data']
else:
passwd = row['auth_data']
else:
for uauth in [x for x in self.a_meth if x in self.auth_format]:
try:
if self.auth_format[uauth]['format']:
passwd = self.auth_format[uauth]['format'] % \
self.auth_data[account_id][uauth]
else:
passwd = self.auth_data[account_id][uauth]
except KeyError:
pass
if not row['shell']:
self.logger.warn("User %s have no posix-shell!" % uname)
return None, None
else:
shell = self.shell_tab[int(row['shell'])]
if account_id in self.quarantines:
self.qh.quarantines = self.quarantines[account_id]
if self.qh.should_skip():
return None, None
if self.qh.is_locked():
passwd = '{crypt}' + '*Locked'
qshell = self.qh.get_shell()
if qshell is not None:
shell = qshell
try:
if row['disk_id']:
disk_path = self.disk_tab[int(row['disk_id'])]
else:
disk_path = None
home = self.posuser.resolve_homedir(account_name=uname,
home=row['home'],
disk_path=disk_path)
# 22.07.2013: Jira, CRB-98
# Quick fix, treat empty "home" as an error, to make
# generate_posix_ldif complete
if not home:
# This event should be treated the same way as a disk_id
# NotFoundError -- it means that a PosixUser has no home
# directory set.
raise Exception()
except (Errors.NotFoundError, Exception):
self.logger.warn("User %s has no home-directory!" % uname)
return None, None
cn = row['name'] or row['gecos'] or uname
gecos = latin1_to_iso646_60(row['gecos'] or cn)
entry = {'objectClass': ['top', 'account', 'posixAccount'],
'cn': (LDIFutils.iso2utf(cn),),
'uid': (uname,),
'uidNumber': (str(int(row['posix_uid'])),),
'gidNumber': (str(int(row['posix_gid'])),),
'homeDirectory': (home,),
'userPassword': (passwd,),
'loginShell': (shell,),
'gecos': (gecos,)}
self.update_user_entry(account_id, entry, row)
if not account_id in self.id2uname:
self.id2uname[account_id] = uname
else:
self.logger.warn('Duplicate user-entry: (%s,%s)!',
account_id, uname)
return None, None
dn = ','.join((('uid=' + uname), self.user_dn))
return dn, entry
def prep(self):
# This function collects the information that should be exported.
# It also enforces quarantines.
aff_to_select = [self.const.PersonAffiliation(x) for x in \
cereconf.LDAP_SAMSON3['affiliation']]
# We select all persons with a specific affiliation:
for ac in self.account.list_accounts_by_type(
affiliation=aff_to_select):
# We get the account name and password hash
self.account.clear()
self.account.find(ac['account_id'])
auth = self.auth[self.account.entity_id]
auth = '{crypt}' + auth[1]
# Set the hash to None if the account is quarantined.
if ac['account_id'] in self.quarantines:
# FIXME: jsama, 2012-03-21:
# Commenting out these lines is a quick fix. Spreads might not
# be totally sane as of this writing, so if anyone has a
# quarantine, don't export the password hash. We don't care
# about them rules defined in cereconf.
#qh = QuarantineHandler(self.db, self.quarantines[ac['account_id']],
# spreads=[self.const.spread_ldap_account])
#if qh.should_skip():
# continue
#if qh.is_locked():
# auth = None
auth = None
# Get the persons names
self.person.clear()
self.person.find(self.account.owner_id)
surname = self.person.get_name(self.const.system_cached,
self.const.name_last)
given_name = self.person.get_name(self.const.system_cached,
self.const.name_first)
common_name = self.person.get_name(self.const.system_cached,
self.const.name_full)
# We convert to utf
surname = LDIFutils.iso2utf(surname)
given_name = LDIFutils.iso2utf(given_name)
common_name = LDIFutils.iso2utf(common_name)
username = LDIFutils.iso2utf(self.account.account_name)
# Get the email address
email = self.account.get_primary_mailaddress()
# Construct the distinguished name
dn = ','.join(('uid=' + username, self.samson3_dn))
# Stuff all data in a dict
entry = {
'uid': username,
'mail': email,
'cn': common_name,
'sn': surname,
'givenName': given_name,
'objectClass': 'inetOrgPerson',
}
if auth: # Export password attribute unless quarantine
entry['userPassword'] = auth
# Put the DN and dict in a list, to be written to file later.
self.entries.append({'dn': dn, 'entry': entry})
