Beispiel #1
0
 def get_members(self, attributes, members, subgroups, seen):
     # add the memberUid values
     for member in clean(attributes['memberUid']):
         if common.is_valid_name(member):
             members.add(member)
     # translate and add the member values
     for memberdn in clean(attributes['member']):
         if memberdn in seen:
             continue
         seen.add(memberdn)
         member = passwd.dn2uid(self.conn, memberdn)
         if member and common.is_valid_name(member):
             members.add(member)
         elif cfg.nss_nested_groups:
             subgroups.append(memberdn)
Beispiel #2
0
 def validate(self, parameters):
     """Check the username for validity and fill in the DN if needed."""
     # check username for validity
     common.validate_name(parameters['username'])
     # look up user DN
     entry = passwd.uid2entry(self.conn, parameters['username'])
     if not entry:
         # FIXME: we should close the stream with an empty response here
         raise ValueError('%r: user not found' % parameters['username'])
     # save the DN
     parameters['userdn'] = entry[0]
     # get the "real" username
     value = passwd.attmap.get_rdn_value(entry[0], 'uid')
     if not value:
         # get the username from the uid attribute
         values = entry[1]['uid']
         if not values or not values[0]:
             logging.warning('%s: is missing a %s attribute', entry[0],
                             passwd.attmap['uid'])
         value = values[0]
     # check the username
     if value and not common.is_valid_name(value):
         raise ValueError('%s: has invalid %s attribute', entry[0],
                          passwd.attmap['uid'])
     # check if the username is different and update it if needed
     if value != parameters['username']:
         logging.info('username changed from %r to %r',
                      parameters['username'], value)
         parameters['username'] = value
Beispiel #3
0
 def validate(self, parameters):
     """This method checks the provided username for validity and fills
     in the DN if needed."""
     # check username for validity
     common.validate_name(parameters['username'])
     # look up user DN
     entry = passwd.uid2entry(self.conn, parameters['username'])
     if not entry:
         # FIXME: we should close the stream with an empty response here
         raise ValueError('%r: user not found' % parameters['username'])
     # save the DN
     parameters['userdn'] = entry[0]
     # get the "real" username
     value = passwd.attmap.get_rdn_value(entry[0], 'uid')
     if not value:
         # get the username from the uid attribute
         values = entry[1]['uid']
         if not values or not values[0]:
             logging.warning('%s: is missing a %s attribute', entry[0], passwd.attmap['uid'])
         value = values[0]
     # check the username
     if value and not common.is_valid_name(value):
         raise ValueError('%s: has invalid %s attribute', entry[0], passwd.attmap['uid'])
     # check if the username is different and update it if needed
     if value != parameters['username']:
         logging.info('username changed from %r to %r', parameters['username'], value)
         parameters['username'] = value
Beispiel #4
0
 def convert(self, dn, attributes, parameters):
     # get group names and check against requested group name
     names = attributes['cn']
     # get group password
     try:
         passwd = attributes['userPassword'][0]
     except IndexError:
         passwd = None
     if not passwd or self.calleruid != 0:
         passwd = '*'
     # get group id(s)
     gids = [int(x) for x in attributes['gidNumber']]
     # build member list
     members = set()
     subgroups = []
     seen = set([dn])
     self.get_members(attributes, members, subgroups, seen)
     # go over subgroups to find more members
     while subgroups:
         memberdn = subgroups.pop(0)
         for dn2, attributes2 in self.search(self.conn, base=memberdn, scope=ldap.SCOPE_BASE):
             self.get_members(attributes2, members, subgroups, seen)
     # actually return the results
     for name in names:
         if not common.is_valid_name(name):
             logging.warning('%s: %s: denied by validnames option', dn,
                             attmap['cn'])
         else:
             for gid in gids:
                 yield (name, passwd, gid, members)
Beispiel #5
0
 def convert(self, dn, attributes, parameters):
     # get group names and check against requested group name
     names = attributes['cn']
     # get group password
     try:
         passwd = attributes['userPassword'][0]
     except IndexError:
         passwd = None
     if not passwd or self.calleruid != 0:
         passwd = '*'
     # get group id(s)
     gids = [int(x) for x in attributes['gidNumber']]
     # build member list
     members = set()
     subgroups = []
     seen = set([dn])
     self.get_members(attributes, members, subgroups, seen)
     # go over subgroups to find more members
     while subgroups:
         memberdn = subgroups.pop(0)
         for dn2, attributes2 in self.search(self.conn,
                                             base=memberdn,
                                             scope=ldap.SCOPE_BASE):
             self.get_members(attributes2, members, subgroups, seen)
     # actually return the results
     for name in names:
         if not common.is_valid_name(name):
             logging.warning('%s: %s: denied by validnames option', dn,
                             attmap['cn'])
         else:
             for gid in gids:
                 yield (name, passwd, gid, members)
Beispiel #6
0
 def get_members(self, attributes, members, subgroups, seen):
     # add the memberUid values
     for member in clean(attributes['memberUid']):
         if common.is_valid_name(member):
             members.add(member)
     # translate and add the member values
     if attmap['member']:
         for memberdn in clean(attributes['member']):
             if memberdn in seen:
                 continue
             seen.add(memberdn)
             member = passwd.dn2uid(self.conn, memberdn)
             if member and common.is_valid_name(member):
                 members.add(member)
             elif cfg.nss_nested_groups:
                 subgroups.append(memberdn)
Beispiel #7
0
    def convert(self, dn, attributes, parameters):
        names = attributes['uid']
        try:
            passwd = attributes['userPassword'][0]
        except IndexError:
            passwd = None
        if not passwd or self.calleruid != 0:
            passwd = '*'
        # function for making an int
        def mk_int(attr):
            try:
                return int(attr)
            except TypeError:
                return None

        # get lastchange date
        lastchangedate = mk_int(attributes.get('shadowLastChange', [0])[0])
        # we expect an AD 64-bit datetime value;
        # we should do date=date/864000000000-134774
        # but that causes problems on 32-bit platforms,
        # first we devide by 1000000000 by stripping the
        # last 9 digits from the string and going from there */
        if attmap['shadowLastChange'] == 'pwdLastSet':
            lastchangedate = (lastchangedate / 864000000000) - 134774
        # get longs
        mindays = mk_int(attributes.get('shadowMin', [-1])[0])
        maxdays = mk_int(attributes.get('shadowMax', [-1])[0])
        warndays = mk_int(attributes.get('shadowWarning', [-1])[0])
        inactdays = mk_int(attributes.get('shadowInactive', [-1])[0])
        expiredate = mk_int(attributes.get('shadowExpire', [-1])[0])
        flag = mk_int(attributes.get('shadowFlag', [0])[0])
        if attmap['shadowFlag'] == 'pwdLastSet':
            if flag & 0x10000:
                maxdays = -1
            flag = 0
        # return results
        for name in names:
            if not common.is_valid_name(name):
                logging.warning('%s: %s: denied by validnames option', dn,
                                attmap['uid'])
            else:
                yield (name, passwd, lastchangedate, mindays, maxdays,
                       warndays, inactdays, expiredate, flag)
Beispiel #8
0
 def convert(self, dn, attributes, parameters):
     names = attributes['uid']
     if 'shadowAccount' in attributes['objectClass']:
         passwd = 'x'
     else:
         try:
             passwd = attributes['userPassword'][0]
         except IndexError:
             passwd = None
         if not passwd or self.calleruid != 0:
             passwd = '*'
     uids = [int(x) for x in attributes['uidNumber']]
     gid = int(attributes['gidNumber'][0])
     gecos = attributes['gecos'][0]
     home = attributes['homeDirectory'][0]
     shell = attributes['loginShell'][0]
     for name in names:
         if not common.is_valid_name(name):
             logging.warning('%s: %s: denied by validnames option', dn, attmap['uid'])
         else:
             for uid in uids:
                 if uid >= cfg.nss_min_uid:
                     yield (name, passwd, uid, gid, gecos, home, shell)
Beispiel #9
0
 def convert(self, dn, attributes, parameters):
     names = attributes['uid']
     if 'shadowAccount' in attributes['objectClass']:
         passwd = 'x'
     else:
         try:
             passwd = attributes['userPassword'][0]
         except IndexError:
             passwd = None
         if not passwd or self.calleruid != 0:
             passwd = '*'
     uids = [int(x) + cfg.nss_uid_offset for x in attributes['uidNumber']]
     gid = int(attributes['gidNumber'][0]) + cfg.nss_gid_offset
     gecos = attributes['gecos'][0]
     home = attributes['homeDirectory'][0]
     shell = attributes['loginShell'][0]
     for name in names:
         if not common.is_valid_name(name):
             logging.warning('%s: %s: denied by validnames option', dn, attmap['uid'])
         else:
             for uid in uids:
                 if uid >= cfg.nss_min_uid:
                     yield (name, passwd, uid, gid, gecos, home, shell)