def pre_request(): """ Setup any of the global variables before the request is processed. """ g.menu = [] g.menu.append((url_for("core_index"), "Mi Account")) g.menu.append((url_for("tree_base"), u"Directory")) g.menu.append((url_for("core_logout"), "Log out")) # LDAP connection settings g.ldap = { 'domain': app.config['LDAP_DOMAIN'], 'dn': app.config['LDAP_DN'], 'server': app.config['LDAP_SERVER'], 'search_dn': app.config['SEARCH_DN'] } # The various caches g.ldap_cache = {} # SICC-IP integrations g.siccip = app.config['SICCIP_AWARE'] # Extra fields form g.extra_fields = app.config['EXTRA_FIELDS']
def group_delete(groupname): title = "Delete group" if not ldap_group_exists(groupname): abort(404) form = FlaskForm(request.form) if form.validate_on_submit(): try: group = ldap_get_group(groupname=groupname) ldap_delete_entry(group['distinguishedName']) flash(u"Group removed successfully.", "success") return redirect(url_for('core_index')) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash(u"Data validation failed.", "error") return render_template("pages/group_delete_es.html", title=title, action="Delete group", form=form, groupname=groupname, parent=url_for('group_overview', groupname=groupname))
def user_delete(username): title = "Delete user" if not ldap_user_exists(username=username): abort(404) form = Form(request.form) if form.validate_on_submit(): try: user = ldap_get_user(username=username) ldap_delete_entry(user['distinguishedName']) flash("User successfuly deleted.", "success") return redirect(url_for('core_index')) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") return render_template("pages/user_delete.html", title=title, action="Delete user", form=form, username=username, parent=url_for('user_overview', username=username))
def user_delete(username): title = "Delete User" if not ldap_user_exists(username=username): abort(404) form = FlaskForm(request.form) if form.validate_on_submit(): try: user = ldap_get_user(username=username) ldap_delete_entry(user['distinguishedName']) flash(u"User deleted successfully.", "success") return redirect(url_for('core_index')) except ldap.LDAPError as e: e = dict(e.args[0]) flash(e['info'], "error") elif form.errors: flash(u"Data validation failed.", "error") return render_template("pages/user_delete_es.html", title=title, action="Delete User", form=form, username=username, parent=url_for('user_overview', username=username))
def user_edit_ssh(username): title = "Edit SSH keys" if not ldap_user_exists(username=username): abort(404) user = ldap_get_user(username=username) form = UserSSHEdit(request.form) form.visible_fields = [form.ssh_keys] if form.validate_on_submit(): new_entries = [entry.strip() for entry in form.ssh_keys.data.split("\n")] try: ldap_update_attribute(user['distinguishedName'], 'sshPublicKey', new_entries, 'ldapPublicKey') flash("SSH keys successfuly updated.", "success") return redirect(url_for('user_overview', username=username)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") if not form.is_submitted(): if 'sshPublicKey' in user: form.ssh_keys.data = "\n".join(user['sshPublicKey']) return render_template("forms/basicform.html", form=form, title=title, action="Save changes", parent=url_for('user_overview', username=username))
def group_add(): title = "Add group" base = request.args.get('base') if not base: base = "OU=People,%s" % g.ldap['dn'] form = GroupEdit(request.form) field_mapping = [('sAMAccountName', form.name), ('description', form.description), (None, form.group_type), ('groupType', form.group_flags)] form.visible_fields = [field[1] for field in field_mapping] form.group_flags.choices = [ (key, value[0]) for key, value in LDAP_AD_GROUPTYPE_VALUES.items() if value[1] ] if form.validate_on_submit(): try: # Default attributes attributes = {'objectClass': "group"} for attribute, field in field_mapping: if attribute == "groupType": group_type = int(form.group_type.data) + \ int(form.group_flags.data) attributes[attribute] = str( struct.unpack("i", struct.pack("I", int(group_type)))[0]) elif attribute and field.data: attributes[attribute] = field.data ldap_create_entry("cn=%s,%s" % (form.name.data, base), attributes) flash("Group successfully created.", "success") return redirect( url_for('group_overview', groupname=form.name.data)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") if not form.is_submitted(): form.group_type.data = 2147483648 form.group_flags.data = 2 return render_template("forms/basicform.html", form=form, title=title, action="Add group", parent=url_for('group_add'))
def user_edit_siccip(username): title = u"Edit SICC-IP Configuration" if not ldap_user_exists(username=username): abort(404) user = ldap_get_user(username=username) pager = user['pager'][0] if 'pager' in user else None form = SICCIPEdit(request.form) field_mapping = [ #('internet_type', form.internet_type), ('internet_quota', form.internet_quota), ('socialnetwork_quota', form.socialnetwork_quota), ('dansguardian_filter', form.dansguardian_filter), ('email_type', form.email_type), ('email_quota', form.email_quota) ] form.visible_fields = [field[1] for field in field_mapping] if form.validate_on_submit(): try: internet_type = 'F' new_pager = 'I%s%f_%f|E%s%f|D%d' % ( internet_type, form.internet_quota.data, form.socialnetwork_quota.data, form.email_type.data, form.email_quota.data, form.dansguardian_filter.data) if pager != new_pager: ldap_update_attribute(user['distinguishedName'], "pager", new_pager) print(new_pager) flash(u"Profile updated successfully.", "success") return redirect(url_for('user_overview', username=username)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash(u"Data validation failed.", "error") if not form.is_submitted(): if pager: siccip_data = get_parsed_pager_attribute(pager) if siccip_data is not None: form.internet_type.data = siccip_data['internet_type'] form.internet_quota.data = siccip_data['internet_quota'] form.socialnetwork_quota.data = siccip_data[ 'socialnetwork_quota'] form.email_type.data = siccip_data['email_type'] form.email_quota.data = siccip_data['email_quota'] form.dansguardian_filter.data = siccip_data[ 'dansguardian_filter'] return render_template("forms/basicform.html", form=form, title=title, action="Salvar los cambios", parent=url_for('user_overview', username=username))
def tree_base(base=None): if not base: base = g.ldap['dn'] elif not base.lower().endswith(g.ldap['dn'].lower()): base += ",%s" % g.ldap['dn'] admin = ldap_in_group("Domain Admins") entry_fields = [('name', "Name"), ('__description', "Description"), ('__type', "Type")] entries = [] for entry in sorted(ldap_get_entries("objectClass=top", base, "onelevel"), key=lambda entry: entry['name']): if not 'description' in entry: if 'displayName' in entry: entry['__description'] = entry['displayName'] else: entry['__description'] = entry['description'] entry['__target'] = url_for('tree_base', base=entry['distinguishedName']) if 'user' in entry['objectClass']: entry['__type'] = "User" entry['__target'] = url_for('user_overview', username=entry['sAMAccountName']) elif 'group' in entry['objectClass']: entry['__type'] = "Group" entry['__target'] = url_for('group_overview', groupname=entry['sAMAccountName']) elif 'organizationalUnit' in entry['objectClass']: entry['__type'] = "Organizational Unit" elif 'container' in entry['objectClass']: entry['__type'] = "Container" elif 'builtinDomain' in entry['objectClass']: entry['__type'] = "Built-in" else: entry['__type'] = "Unknown" if 'showInAdvancedViewOnly' in entry \ and entry['showInAdvancedViewOnly']: continue for blacklist in TREE_BLACKLIST: if entry['distinguishedName'].startswith(blacklist): break else: entries.append(entry) parent = None base_split = base.split(',') if not base_split[0].lower().startswith("dc"): parent = ",".join(base_split[1:]) return render_template("pages/tree_base.html", parent=parent, admin=admin, base=base, entries=entries, entry_fields=entry_fields)
def group_add(): title = "Add group" form = GroupEdit(request.form) field_mapping = [('sAMAccountName', form.name), ('description', form.description), ('mail', form.mail), (None, form.group_type), ('groupType', form.group_flags)] form.visible_fields = [field[1] for field in field_mapping] form.group_flags.choices = [ (key, value[0]) for key, value in LDAP_AD_GROUPTYPE_VALUES.items() if value[1] ] if form.validate_on_submit(): try: base = request.args.get("b'base") base = base.rstrip("'") # Default attributes attributes = {'objectClass': b"group"} for attribute, field in field_mapping: if attribute == "groupType": group_type = int(form.group_type.data) + int( form.group_flags.data) attributes[attribute] = str( struct.unpack("i", struct.pack( "I", int(group_type)))[0]).encode('utf-8') elif attribute and field.data: attributes[attribute] = field.data.encode('utf-8') print(attributes) print("cn=%s,%s" % (form.name.data, base)) ldap_create_entry("cn=%s,%s" % (form.name.data, base), attributes) flash(u"Group created successfully.", "success") return redirect( url_for('group_overview', groupname=form.name.data)) except ldap.LDAPError as e: e = dict(e.args[0]) flash(e['info'], "error") elif form.errors: flash(u"Data validation failed.", "error") if not form.is_submitted(): form.group_type.data = 2147483648 form.group_flags.data = 2 return render_template("forms/basicform.html", form=form, title=title, action="Add group", parent=url_for('tree_base'))
def group_add(): title = "Add group" base = request.args.get('base') if not base: base = "OU=People,%s" % g.ldap['dn'] form = GroupEdit(request.form) field_mapping = [('sAMAccountName', form.name), ('description', form.description), (None, form.group_type), ('groupType', form.group_flags)] form.visible_fields = [field[1] for field in field_mapping] form.group_flags.choices = [(key, value[0]) for key, value in LDAP_AD_GROUPTYPE_VALUES.items() if value[1]] if form.validate_on_submit(): try: # Default attributes attributes = {'objectClass': "group"} for attribute, field in field_mapping: if attribute == "groupType": group_type = int(form.group_type.data) + \ int(form.group_flags.data) attributes[attribute] = str( struct.unpack("i", struct.pack("I", int(group_type)))[0]) elif attribute and field.data: attributes[attribute] = field.data ldap_create_entry("cn=%s,%s" % (form.name.data, base), attributes) flash("Group successfully created.", "success") return redirect(url_for('group_overview', groupname=form.name.data)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") if not form.is_submitted(): form.group_type.data = 2147483648 form.group_flags.data = 2 return render_template("forms/basicform.html", form=form, title=title, action="Add group", parent=url_for('group_add'))
def group_addmembers(groupname): title = "Add members" if not ldap_group_exists(groupname): abort(404) form = GroupAddMembers(request.form) form.visible_fields = [form.new_members] if form.validate_on_submit(): group = ldap_get_group(groupname) if 'member' in group: entries = set(group['member']) else: entries = set() for line in form.new_members.data.split("\n"): entry = ldap_get_entry_simple({'sAMAccountName': line.strip()}) if not entry: error = "Invalid username: %s" % line flash(error, "error") break entries.add(entry['distinguishedName']) else: try: ldap_update_attribute(group['distinguishedName'], "member", list(entries)) flash("Members added.", "success") return redirect( url_for('group_overview', groupname=groupname)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") return render_template("forms/basicform.html", form=form, title=title, action="Add members", parent=url_for('group_overview', groupname=groupname))
def group_addmembers(groupname): title = "Add members" if not ldap_group_exists(groupname): abort(404) form = GroupAddMembers(request.form) form.visible_fields = [form.new_members] if form.validate_on_submit(): group = ldap_get_group(groupname) if 'member' in group: entries = set(group['member']) else: entries = set() for line in form.new_members.data.split("\n"): entry = ldap_get_entry_simple({'sAMAccountName': line.strip()}) if not entry: error = u"Invalid username: %s" % line flash(error, "error") break entries.add(entry['distinguishedName']) else: try: ldap_add_users_to_group(group['distinguishedName'], "member", list(entries)) flash("Added users.", "success") return redirect( url_for('group_overview', groupname=groupname)) except ldap.LDAPError as e: e = dict(e.args[0]) flash(e['info'], "error") elif form.errors: flash(u"Data validation failed.", "error") return render_template("forms/basicform.html", form=form, title=title, action="Adicionar miembros", parent=url_for('group_overview', groupname=groupname))
def group_delmember(groupname, member): title = "Remove from group" group = ldap_get_group(groupname) if not group or 'member' not in group: abort(404) member = ldap_get_entry_simple({'sAMAccountName': member}) if not member: abort(404) if not member['distinguishedName'] in group['member']: abort(404) form = GroupDelMember(request.form) if form.validate_on_submit(): try: members = group['member'] members.remove(member['distinguishedName']) ldap_update_attribute(group['distinguishedName'], "member", members) flash( "Member of group X %s eliminated" % group['sAMAccountName'], "success") return redirect( url_for('user_overview', username=member['sAMAccountName'])) except ldap.LDAPError as e: e = dict(e.args[0]) flash(e['info'], "error") elif form.errors: flash(u"Data validation failed.", "error") return render_template("pages/group_delmember_es.html", title=title, action="Remove member from group", form=form, member=member['sAMAccountName'], group=group['sAMAccountName'], parent=url_for( 'user_overview', username=member['sAMAccountName']))
def group_addmembers(groupname): title = "Add members" if not ldap_group_exists(groupname): abort(404) form = GroupAddMembers(request.form) form.visible_fields = [form.new_members] if form.validate_on_submit(): group = ldap_get_group(groupname) if 'member' in group: entries = set(group['member']) else: entries = set() for line in form.new_members.data.split("\n"): entry = ldap_get_entry_simple({'sAMAccountName': line.strip()}) if not entry: error = "Invalid username: %s" % line flash(error, "error") break entries.add(entry['distinguishedName']) else: try: ldap_update_attribute(group['distinguishedName'], "member", list(entries)) flash("Members added.", "success") return redirect(url_for('group_overview', groupname=groupname)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") return render_template("forms/basicform.html", form=form, title=title, action="Add members", parent=url_for('group_overview', groupname=groupname))
def user_changepw(username): title = u"Change Password" if not ldap_user_exists(username=username): abort(404) admin = ldap_in_group(Settings.ADMIN_GROUP) if username != g.ldap['username'] and admin: form = PasswordChange(request.form) form.visible_fields = [] else: form = PasswordChangeUser(request.form) form.visible_fields = [form.oldpassword] form.visible_fields += [form.password, form.password_confirm] if form.validate_on_submit(): try: if username != g.ldap['username'] and admin: ldap_change_password(None, form.password.data, username=username) else: ldap_change_password(form.oldpassword.data, form.password.data, username=username) flash(u"The password was changed successfully.", "success") return redirect(url_for('user_overview', username=username)) except ldap.LDAPError as e: e = dict(e.args[0]) flash(e['info'], "error") elif form.errors: flash(u"Data validation failed.", "error") return render_template("forms/basicform.html", form=form, title=title, action=u"Change Password", parent=url_for('user_overview', username=username))
def user_changepw(username): title = "Change password" if not ldap_user_exists(username=username): abort(404) admin = ldap_in_group("Domain Admins") if username != g.ldap['username'] and admin: form = PasswordChange(request.form) form.visible_fields = [] else: form = PasswordChangeUser(request.form) form.visible_fields = [form.oldpassword] form.visible_fields += [form.password, form.password_confirm] if form.validate_on_submit(): try: if username != g.ldap['username'] and admin: ldap_change_password(None, form.password.data, username=username) else: ldap_change_password(form.oldpassword.data, form.password.data, username=username) flash("Password changed successfuly.", "success") return redirect(url_for('user_overview', username=username)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") return render_template("forms/basicform.html", form=form, title=title, action="Change password", parent=url_for('user_overview', username=username))
def group_delmember(groupname, member): title = "Remove group member" group = ldap_get_group(groupname) if not group or 'member' not in group: abort(404) member = ldap_get_entry_simple({'sAMAccountName': member}) if not member: abort(404) if not member['distinguishedName'] in group['member']: abort(404) form = Form(request.form) if form.validate_on_submit(): try: members = group['member'] members.remove(member['distinguishedName']) ldap_update_attribute(group['distinguishedName'], "member", members) flash("Member removed.", "success") return redirect(url_for('group_overview', groupname=groupname)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") return render_template("pages/group_delmember.html", title=title, action="Remove group member", form=form, member=member['sAMAccountName'], group=group['sAMAccountName'], parent=url_for('group_overview', groupname=groupname))
def user_edit_ssh(username): title = "Edit SSH keys" if not ldap_user_exists(username=username): abort(404) user = ldap_get_user(username=username) form = UserSSHEdit(request.form) form.visible_fields = [form.ssh_keys] if form.validate_on_submit(): new_entries = [ entry.strip() for entry in form.ssh_keys.data.split("\n") ] try: ldap_update_attribute(user['distinguishedName'], 'sshPublicKey', new_entries, 'ldapPublicKey') flash("SSH keys successfuly updated.", "success") return redirect(url_for('user_overview', username=username)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") if not form.is_submitted(): if 'sshPublicKey' in user: form.ssh_keys.data = "\n".join(user['sshPublicKey']) return render_template("forms/basicform.html", form=form, title=title, action="Save changes", parent=url_for('user_overview', username=username))
def group_edit(groupname): title = "Edit group" if not ldap_group_exists(groupname): abort(404) group = ldap_get_group(groupname) # We can't edit system groups if group['groupType'] & 1: abort(401) form = GroupEdit(request.form) field_mapping = [('sAMAccountName', form.name), ('description', form.description), (None, form.group_type), ('groupType', form.group_flags)] form.visible_fields = [field[1] for field in field_mapping] form.group_flags.choices = [ (key, value[0]) for key, value in LDAP_AD_GROUPTYPE_VALUES.items() if value[1] ] if form.validate_on_submit(): try: for attribute, field in field_mapping: value = field.data if value != group.get(attribute): if attribute == 'sAMAccountName': # Rename the account ldap_update_attribute(group['distinguishedName'], "sAMAccountName", value) # Finish by renaming the whole record ldap_update_attribute(group['distinguishedName'], "cn", value) group = ldap_get_group(value) elif attribute == "groupType": group_type = int(form.group_type.data) + \ int(form.group_flags.data) ldap_update_attribute( group['distinguishedName'], attribute, str( struct.unpack( "i", struct.pack("I", int(group_type)))[0])) elif attribute: ldap_update_attribute(group['distinguishedName'], attribute, value) flash("Group successfully updated.", "success") return redirect( url_for('group_overview', groupname=form.name.data)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") if not form.is_submitted(): form.name.data = group.get('sAMAccountName') form.description.data = group.get('description') form.group_type.data = group['groupType'] & 2147483648 form.group_flags.data = 0 for key, flag in LDAP_AD_GROUPTYPE_VALUES.items(): if flag[1] and group['groupType'] & key: form.group_flags.data += key return render_template("forms/basicform.html", form=form, title=title, action="Save changes", parent=url_for('group_overview', groupname=groupname))
def user_edit_profile(username): title = "Edit user" if not ldap_user_exists(username=username): abort(404) user = ldap_get_user(username=username) form = UserProfileEdit(request.form) field_mapping = [('givenName', form.first_name), ('sn', form.last_name), ('displayName', form.display_name), ('sAMAccountName', form.user_name), ('mail', form.mail), ('userAccountControl', form.uac_flags)] form.uac_flags.choices = [(key, value[0]) for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if value[1]] form.visible_fields = [field[1] for field in field_mapping] if form.validate_on_submit(): try: for attribute, field in field_mapping: value = field.data if value != user.get(attribute): if attribute == 'sAMAccountName': # Rename the account ldap_update_attribute(user['distinguishedName'], "sAMAccountName", value) ldap_update_attribute(user['distinguishedName'], "userPrincipalName", "%s@%s" % (value, g.ldap['domain'])) # Finish by renaming the whole record ldap_update_attribute(user['distinguishedName'], "cn", value) user = ldap_get_user(value) elif attribute == 'userAccountControl': current_uac = user['userAccountControl'] for key, flag in (LDAP_AD_USERACCOUNTCONTROL_VALUES .items()): if not flag[1]: continue if key in value: if not current_uac & key: current_uac += key else: if current_uac & key: current_uac -= key ldap_update_attribute(user['distinguishedName'], attribute, str(current_uac)) else: ldap_update_attribute(user['distinguishedName'], attribute, value) flash("Profile successfully updated.", "success") return redirect(url_for('user_overview', username=form.user_name.data)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") if not form.is_submitted(): form.first_name.data = user.get('givenName') form.last_name.data = user.get('sn') form.display_name.data = user.get('displayName') form.user_name.data = user.get('sAMAccountName') form.mail.data = user.get('mail') form.uac_flags.data = [key for key, flag in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if (flag[1] and user['userAccountControl'] & key)] return render_template("forms/basicform.html", form=form, title=title, action="Save changes", parent=url_for('user_overview', username=username))
def user_add(): title = "Add User" if g.extra_fields: form = UserAddExtraFields(request.form) else: form = UserAdd(request.form) field_mapping = [('givenName', form.first_name), ('sn', form.last_name), ('sAMAccountName', form.user_name), ('mail', form.mail), (None, form.password), (None, form.password_confirm), ('userAccountControl', form.uac_flags)] if g.extra_fields: extra_field_mapping = [('cUJAEPersonExternal', form.manual), ('cUJAEPersonType', form.person_type), ('cUJAEPersonDNI', form.dni)] field_mapping += extra_field_mapping form.visible_fields = [field[1] for field in field_mapping] form.uac_flags.choices = [ (key, value[0]) for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() ] if form.validate_on_submit(): try: base = request.args.get("b'base") base = base.rstrip("'") # Default attributes upn = "%s@%s" % (form.user_name.data, g.ldap['domain']) attributes = { 'objectClass': [ b'top', b'person', b'organizationalPerson', b'user', b'inetOrgPerson' ], 'UserPrincipalName': [upn.encode('utf-8')], 'accountExpires': [b"0"], 'lockoutTime': [b"0"], } for attribute, field in field_mapping: if attribute == 'userAccountControl': current_uac = 512 for key, flag in ( LDAP_AD_USERACCOUNTCONTROL_VALUES.items()): if flag[1] and key in field.data: current_uac += key attributes[attribute] = [ str(current_uac).encode('utf-8') ] elif attribute and field.data: if isinstance(field, BooleanField): if field.data: attributes[attribute] = 'TRUE'.encode('utf-8') else: attributes[attribute] = 'FALSE'.encode('utf-8') else: attributes[attribute] = [ field.data.encode('utf-8') ] if 'sn' in attributes: attributes['displayName'] = attributes['givenName'][ 0].decode('utf-8') + " " + attributes['sn'][0].decode( 'utf-8') attributes['displayName'] = [ attributes['displayName'].encode('utf-8') ] else: attributes['displayName'] = attributes['givenName'] ldap_create_entry("cn=%s,%s" % (form.user_name.data, base), attributes) ldap_change_password(None, form.password.data, form.user_name.data) flash(u"User created successfully.", "success") return redirect( url_for('user_overview', username=form.user_name.data)) except ldap.LDAPError as e: e = dict(e.args[0]) flash(e['info'], "error") elif form.errors: print(form.errors) flash("Some fields failed validation.", "error") return render_template("forms/basicform.html", form=form, title=title, action="Adicionar Usuario", parent=url_for('tree_base'))
def core_index(): return redirect(url_for("user_overview", username=g.ldap["username"]))
def user_overview(username): title = "User details - %s" % username if not ldap_user_exists(username=username): abort(404) user = ldap_get_user(username=username) admin = ldap_in_group(Settings.ADMIN_GROUP) logged_user = g.ldap['username'] if logged_user == user['sAMAccountName'] or admin: identity_fields = [('givenName', "Name"), ('sn', "Last Name"), ('displayName', "Full Name"), ('name', "Registry Name"), ('sAMAccountName', "Username"), ('mail', u"Email address")] if 'title' in user: identity_fields.append(('title', "Occupation")) if 'telephoneNumber' in user: identity_fields.append(('telephoneNumber', "Telephone")) if Settings.USER_ATTRIBUTES: for item in Settings.USER_ATTRIBUTES: if item[0] in user: if len(item) == 3 and item[2] == 'time': datetime_field = (user[item[0]][6:8] + '/' + user[item[0]][4:6] + '/' + user[item[0]][0:4] + ' ' + user[item[0]][8:10] + ':' + user[item[0]][10:12] + ':' + user[item[0]][12:14]) datetime_field = datetime.strptime( datetime_field, '%d/%m/%Y %H:%M:%S') user[item[0]] = datetime_field.astimezone( timezone(Settings.TIMEZONE)) if item[0] == 'jpegPhoto': imgbase64 = base64.b64encode( user[item[0]]).decode() user[item[ 0]] = 'data:image/jpeg;base64,' + imgbase64 identity_fields.append((item[0], item[1])) group_fields = [('sAMAccountName', "Name"), ('description', u"Description")] user = ldap_get_user(username=username) group_details = [] for group in ldap_get_membership(username): group_details.append(ldap_get_group(group, 'distinguishedName')) # group_details = [ldap_get_group(group, 'distinguishedName') for group in ldap_get_membership(username)] group_details = list(filter(None, group_details)) groups = sorted(group_details, key=lambda entry: entry['sAMAccountName']) siccip_data = None if 'pager' in user: siccip_data = get_parsed_pager_attribute(user['pager']) print(siccip_data) available_groups = ldap_get_entries( ldap_filter="(objectclass=group)", scope="subtree") group_choices = [("_", "Select a Group")] for group_entry in available_groups: if not ldap_in_group(group_entry['sAMAccountName'], username): group_choices += [(group_entry['distinguishedName'], group_entry['sAMAccountName'])] form = UserAddGroup(request.form) form.available_groups.choices = group_choices if not form.is_submitted(): form.available_groups.data = "_" if form.validate_on_submit(): try: group_to_add = form.available_groups.data if group_to_add == "_": flash( u"You must choose a group from the drop-down list.", "error") else: group = ldap_get_entry_simple({ 'objectClass': 'group', 'distinguishedName': group_to_add }) if 'member' in group: entries = set(group['member']) else: entries = set() entries.add(user['distinguishedName']) ldap_update_attribute(group_to_add, "member", list(entries)) flash(u"User successfully added to group.", "success") return redirect(url_for('user_overview', username=username)) except ldap.LDAPError as e: e = dict(e.args[0]) flash(e['info'], "error") elif form.errors: flash(u"Data validation failed.", "error") parent = ",".join(user['distinguishedName'].split(',')[1:]) else: abort(401) return render_template("pages/user_overview_es.html", g=g, title=title, form=form, user=user, identity_fields=identity_fields, group_fields=group_fields, admin=admin, groups=groups, siccip_data=siccip_data, parent=parent, uac_values=LDAP_AD_USERACCOUNTCONTROL_VALUES)
def tree_base(base=None): if not base: base = g.ldap['dn'] elif not base.lower().endswith(g.ldap['dn'].lower()): base += ",%s" % g.ldap['dn'] admin = ldap_in_group("Domain Admins") entry_fields = [('name', "Name"), ('__description', "Description"), ('__type', "Type")] entries = [] for entry in sorted(ldap_get_entries("objectClass=top", base, "onelevel"), key=lambda entry: entry['name']): if 'description' not in entry: if 'displayName' in entry: entry['__description'] = entry['displayName'] else: entry['__description'] = entry['description'] entry['__target'] = url_for('tree_base', base=entry['distinguishedName']) if 'user' in entry['objectClass']: entry['__type'] = "User" entry['__target'] = url_for('user_overview', username=entry['sAMAccountName']) elif 'group' in entry['objectClass']: entry['__type'] = "Group" entry['__target'] = url_for('group_overview', groupname=entry['sAMAccountName']) elif 'organizationalUnit' in entry['objectClass']: entry['__type'] = "Organizational Unit" elif 'container' in entry['objectClass']: entry['__type'] = "Container" elif 'builtinDomain' in entry['objectClass']: entry['__type'] = "Built-in" else: entry['__type'] = "Unknown" if 'showInAdvancedViewOnly' in entry \ and entry['showInAdvancedViewOnly']: continue for blacklist in TREE_BLACKLIST: if entry['distinguishedName'].startswith(blacklist): break else: entries.append(entry) parent = None base_split = base.split(',') if not base_split[0].lower().startswith("dc"): parent = ",".join(base_split[1:]) return render_template("pages/tree_base.html", parent=parent, admin=admin, base=base, entries=entries, entry_fields=entry_fields)
def get_entries(filter_str, filter_select, base, scope): """ Get all entries that will be displayed in the tree """ entries = [] users = ldap_get_entries("objectClass=top", base, scope, ignore_erros=True) users = filter(lambda entry: 'displayName' in entry, users) users = filter(lambda entry: 'sAMAccountName' in entry, users) users = filter(lambda entry: filter_select in entry, users) users = filter(lambda entry: filter_str in entry[filter_select], users) users = sorted(users, key=lambda entry: entry['displayName']) if filter_str == "top": other_entries = ldap_get_entries("objectClass=top", base, scope, ignore_erros=True) other_entries = filter(lambda entry: 'displayName' not in entry, other_entries) other_entries = sorted(other_entries, key=lambda entry: entry['name']) else: other_entries = [] for entry in users: if 'description' not in entry: if 'sAMAccountName' in entry: entry['__description'] = entry['sAMAccountName'] else: entry['__description'] = entry['description'] entry['__target'] = url_for('tree_base', base=entry['distinguishedName']) entry['name'] = entry['displayName'] entry['__type'] = "User" entry['__target'] = url_for('user_overview', username=entry['sAMAccountName']) if 'user' in entry['objectClass']: if entry['userAccountControl'] == 2: entry['active'] = "Deactivated" else: entry['active'] = "Active" else: entry['active'] = "No available" if 'showInAdvancedViewOnly' in entry and entry[ 'showInAdvancedViewOnly']: continue entries.append(entry) for entry in other_entries: if entry not in users: if 'description' not in entry: if 'sAMAccountName' in entry: entry['__description'] = entry['sAMAccountName'] else: entry['__description'] = entry['description'] entry['__target'] = url_for('tree_base', base=entry['distinguishedName']) if 'group' in entry['objectClass']: entry['__type'] = "Group" entry['__target'] = url_for( 'group_overview', groupname=entry['sAMAccountName']) elif 'organizationalUnit' in entry['objectClass']: entry['__type'] = "Organization Unit" elif 'container' in entry['objectClass']: entry['__type'] = "Container" elif 'builtinDomain' in entry['objectClass']: entry['__type'] = "Built-in" else: entry['__type'] = "Unknown" entries.append(entry) for blacklist in Settings.TREE_BLACKLIST: if entry['distinguishedName'].startswith(blacklist): entries.remove(entry) return entries
def group_edit(groupname): title = "Edit group" if not ldap_group_exists(groupname): abort(404) group = ldap_get_group(groupname) # We can't edit system groups if group['groupType'] & 1: abort(401) form = GroupEdit(request.form) field_mapping = [('sAMAccountName', form.name), ('description', form.description), (None, form.group_type), ('groupType', form.group_flags)] form.visible_fields = [field[1] for field in field_mapping] form.group_flags.choices = [(key, value[0]) for key, value in LDAP_AD_GROUPTYPE_VALUES.items() if value[1]] if form.validate_on_submit(): try: for attribute, field in field_mapping: value = field.data if value != group.get(attribute): if attribute == 'sAMAccountName': # Rename the account ldap_update_attribute(group['distinguishedName'], "sAMAccountName", value) # Finish by renaming the whole record ldap_update_attribute(group['distinguishedName'], "cn", value) group = ldap_get_group(value) elif attribute == "groupType": group_type = int(form.group_type.data) + \ int(form.group_flags.data) ldap_update_attribute( group['distinguishedName'], attribute, str( struct.unpack( "i", struct.pack( "I", int(group_type)))[0])) elif attribute: ldap_update_attribute(group['distinguishedName'], attribute, value) flash("Group successfully updated.", "success") return redirect(url_for('group_overview', groupname=form.name.data)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") if not form.is_submitted(): form.name.data = group.get('sAMAccountName') form.description.data = group.get('description') form.group_type.data = group['groupType'] & 2147483648 form.group_flags.data = 0 for key, flag in LDAP_AD_GROUPTYPE_VALUES.items(): if flag[1] and group['groupType'] & key: form.group_flags.data += key return render_template("forms/basicform.html", form=form, title=title, action="Save changes", parent=url_for('group_overview', groupname=groupname))
def user_add(): title = "Add user" base = request.args.get('base') if not base: base = "OU=People,%s" % g.ldap['dn'] form = UserAdd(request.form) field_mapping = [('givenName', form.first_name), ('sn', form.last_name), ('displayName', form.display_name), ('sAMAccountName', form.user_name), ('mail', form.mail), (None, form.password), (None, form.password_confirm), ('userAccountControl', form.uac_flags)] form.visible_fields = [field[1] for field in field_mapping] form.uac_flags.choices = [ (key, value[0]) for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if value[1] ] if form.validate_on_submit(): try: # Default attributes upn = "%s@%s" % (form.user_name.data, g.ldap['domain']) attributes = { 'objectClass': "user", 'UserPrincipalName': upn, 'accountExpires': "0", 'lockoutTime': "0" } for attribute, field in field_mapping: if attribute == 'userAccountControl': current_uac = 512 for key, flag in ( LDAP_AD_USERACCOUNTCONTROL_VALUES.items()): if flag[1] and key in field.data: current_uac += key attributes[attribute] = str(current_uac) elif attribute and field.data: attributes[attribute] = field.data ldap_create_entry("cn=%s,%s" % (form.user_name.data, base), attributes) ldap_change_password(None, form.password.data, form.user_name.data) flash("User successfully created.", "success") return redirect( url_for('user_overview', username=form.user_name.data)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") return render_template("forms/basicform.html", form=form, title=title, action="Add user", parent=url_for('user_add'))
def core_logout(): session["logout"] = 1 return redirect(url_for("core_index"))
def user_edit_profile(username): title = "Edit user" if not ldap_user_exists(username=username): abort(404) user = ldap_get_user(username=username) form = UserProfileEdit(request.form) field_mapping = [('givenName', form.first_name), ('sn', form.last_name), ('displayName', form.display_name), ('sAMAccountName', form.user_name), ('mail', form.mail), ('userAccountControl', form.uac_flags)] form.uac_flags.choices = [ (key, value[0]) for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if value[1] ] form.visible_fields = [field[1] for field in field_mapping] if form.validate_on_submit(): try: for attribute, field in field_mapping: value = field.data if value != user.get(attribute): if attribute == 'sAMAccountName': # Rename the account ldap_update_attribute(user['distinguishedName'], "sAMAccountName", value) ldap_update_attribute( user['distinguishedName'], "userPrincipalName", "%s@%s" % (value, g.ldap['domain'])) # Finish by renaming the whole record ldap_update_attribute(user['distinguishedName'], "cn", value) user = ldap_get_user(value) elif attribute == 'userAccountControl': current_uac = user['userAccountControl'] for key, flag in ( LDAP_AD_USERACCOUNTCONTROL_VALUES.items()): if not flag[1]: continue if key in value: if not current_uac & key: current_uac += key else: if current_uac & key: current_uac -= key ldap_update_attribute(user['distinguishedName'], attribute, str(current_uac)) else: ldap_update_attribute(user['distinguishedName'], attribute, value) flash("Profile successfully updated.", "success") return redirect( url_for('user_overview', username=form.user_name.data)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") if not form.is_submitted(): form.first_name.data = user.get('givenName') form.last_name.data = user.get('sn') form.display_name.data = user.get('displayName') form.user_name.data = user.get('sAMAccountName') form.mail.data = user.get('mail') form.uac_flags.data = [ key for key, flag in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if (flag[1] and user['userAccountControl'] & key) ] return render_template("forms/basicform.html", form=form, title=title, action="Save changes", parent=url_for('user_overview', username=username))
def user_add(): title = "Add user" base = request.args.get('base') if not base: base = "OU=People,%s" % g.ldap['dn'] form = UserAdd(request.form) field_mapping = [('givenName', form.first_name), ('sn', form.last_name), ('displayName', form.display_name), ('sAMAccountName', form.user_name), ('mail', form.mail), (None, form.password), (None, form.password_confirm), ('userAccountControl', form.uac_flags)] form.visible_fields = [field[1] for field in field_mapping] form.uac_flags.choices = [(key, value[0]) for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if value[1]] if form.validate_on_submit(): try: # Default attributes upn = "%s@%s" % (form.user_name.data, g.ldap['domain']) attributes = {'objectClass': "user", 'UserPrincipalName': upn, 'accountExpires': "0", 'lockoutTime': "0"} for attribute, field in field_mapping: if attribute == 'userAccountControl': current_uac = 512 for key, flag in (LDAP_AD_USERACCOUNTCONTROL_VALUES .items()): if flag[1] and key in field.data: current_uac += key attributes[attribute] = str(current_uac) elif attribute and field.data: attributes[attribute] = field.data ldap_create_entry("cn=%s,%s" % (form.user_name.data, base), attributes) ldap_change_password(None, form.password.data, form.user_name.data) flash("User successfully created.", "success") return redirect(url_for('user_overview', username=form.user_name.data)) except ldap.LDAPError as e: error = e.message['info'].split(":", 2)[-1].strip() error = str(error[0].upper() + error[1:]) flash(error, "error") elif form.errors: flash("Some fields failed validation.", "error") return render_template("forms/basicform.html", form=form, title=title, action="Add user", parent=url_for('user_add'))
def user_edit_profile(username): title = "Edit user" if not ldap_user_exists(username=username): abort(404) user = ldap_get_user(username=username) form = UserProfileEdit(request.form) field_mapping = [('givenName', form.first_name), ('sn', form.last_name), ('sAMAccountName', form.user_name), ('mail', form.mail), ('userAccountControl', form.uac_flags)] form.uac_flags.choices = [ (key, value[0]) for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() ] form.visible_fields = [field[1] for field in field_mapping] if form.validate_on_submit(): try: for attribute, field in field_mapping: value = field.data given_name = user.get('givenName') last_name = user.get('lastName') if value != user.get(attribute): if attribute == 'sAMAccountName': # Rename the account ldap_update_attribute(user['distinguishedName'], "sAMAccountName", value) ldap_update_attribute( user['distinguishedName'], "userPrincipalName", "%s@%s" % (value, g.ldap['domain'])) # Finish by renaming the whole record # TODO: refactor this to use rename_s instead of update # ldap_update_attribute(user['distinguishedName'], "cn", value) user = ldap_get_user(value) elif attribute == 'userAccountControl': current_uac = 512 for key, flag in ( LDAP_AD_USERACCOUNTCONTROL_VALUES.items()): if flag[1] and key in field.data: current_uac += key ldap_update_attribute(user['distinguishedName'], attribute, str(current_uac)) elif attribute == 'givenName': given_name = value ldap_update_attribute(user['distinguishedName'], attribute, value) displayName = given_name + ' ' + last_name ldap_update_attribute(user['distinguishedName'], 'displayName', displayName) elif attribute == 'sn': last_name = value ldap_update_attribute(user['distinguishedName'], attribute, value) displayName = given_name + ' ' + last_name ldap_update_attribute(user['distinguishedName'], 'displayName', displayName) else: ldap_update_attribute(user['distinguishedName'], attribute, value) flash(u"Profile updated successfully.", "success") return redirect( url_for('user_overview', username=form.user_name.data)) except ldap.LDAPError as e: e = dict(e.args[0]) flash(e['info'], "error") elif form.errors: flash(u"Data validation failed.", "error") if not form.is_submitted(): form.first_name.data = user.get('givenName') form.last_name.data = user.get('sn') form.user_name.data = user.get('sAMAccountName') form.mail.data = user.get('mail') form.uac_flags.data = [ key for key, flag in LDAP_AD_USERACCOUNTCONTROL_VALUES.items() if (flag[1] and user['userAccountControl'] & key) ] return render_template("forms/basicform.html", form=form, title=title, action="Save changes", parent=url_for('user_overview', username=username))
def core_index(): return redirect(url_for('user_overview', username=g.ldap['username']))
def core_logout(): session['logout'] = 1 return redirect(url_for('core_index'))