def bind(session_id,uid,encrypted_passwd):
global sessions,um
session_id=pload(session_id)
encrypted_passwd=pload(encrypted_passwd)
uid=pload(uid)
if not has_perm(uid,'access.soap.bind'):
return pdump(-9999) # Access denied
if not sessions.session_exists(session_id):
return pdump(False)
if not sessions.has_session_variable(session_id,'nonce'):
return pdump(False)
nonce = sessions.get_session_variable(session_id,'nonce')[1]
sessions.unset_session_variable(session_id,'nonce')
plain = p2_decrypt(encrypted_passwd,nonce)
#if plain==conf.get('SOAP_SERVICE','passwd'):
if um.authenticate(uid,plain)==0:
sessions.set_session_variable(session_id,'uid',uid)
sessions.set_session_variable(session_id,'authenticated',True)
return pdump(True)
sessions.set_session_variable(session_id,'authenticated',False)
return pdump(False)
def list_users(session_id,usertype_id,uid): global um if not session_valid(pload(session_id)): return pdump(False) usertype_id = pload(usertype_id) uid = pload(uid) return pdump(um.list_users(usertype_id,uid))
def getconf(session_id,dist_codename,hwaddr,context,context_only):
global hm
dist_codename = pload(dist_codename)
context = pload(context)
context_only = pload(context_only)
if context == 'update-hosts' and context_only:
pass
elif not session_valid(pload(session_id)):
return pdump(False)
hwaddr = pload(hwaddr)
hinfo = hm.host_info(hwaddr)
if not hinfo:
return pdump([-1,'']) # Only registered hosts can ask for configurations
hosttype_id = hostdef.hosttype_as_text(hinfo['hostType'][0])
if not hosttype_id:
return pdump([-2,'']) # The host is registered with an invalid host type id
print "Configuration requested by host: %s" % hwaddr
cb = ConfigBuilder(hosttype_id,dist_codename,hwaddr,context,context_only)
f = open('%s/conf.tgz' % cb.tempdir ,'rb')
o = f.read()
f.close()
return pdump([1,o])
def list_groups(session_id,usertype_id,groupname): global gm if not session_valid(pload(session_id)): return pdump(False) usertype_id = pload(usertype_id) groupname = pload(groupname) return pdump(gm.list_groups(usertype_id,groupname))
def list_members(session_id,groupname): """ List members of a certain group "groupname" """ global gm if not session_valid(pload(session_id)): return pdump(False) groupname = pload(groupname) return pdump(gm.list_members(groupname))
def list_usergroups(session_id,uid): """ List groups of a certain user "uid" """ global um if not session_valid(pload(session_id)): return pdump(False) uid = pload(uid) return pdump(um.list_usergroups(uid))
def register_host(session_id,hostname,hosttype_id,hwaddr): global hm if not session_valid(pload(session_id)): return pdump(False) hostname = pload(hostname) hosttype_id = pload(hosttype_id) hwaddr = pload(hwaddr) return pdump(hm.register_host(hwaddr,hostname,hosttype_id))
def removefiles(session_id,files): global fm if not session_valid(pload(session_id)): return pdump(False) if not has_perm(session_uid(pload(session_id)),'file.remove'): return pdump(-9999) # Access denied files = pload(files) return pdump(fm.removefiles(files))
def tr(domain,msg,lang): """ Fetch all access identities for the domain """ domain = pload(domain) msg = pload(msg) lang = pload(lang) return pdump(skolesys.tools.lang.tr(domain,msg,lang))
def user_exists(session_id,uid): """ Do a quick lookup in the mainserver LDAP to see if a certain uid exists. """ global um if not session_valid(pload(session_id)): return pdump(False) uid=pload(uid) return pdump(um.user_exists(uid))
def hwaddr_exists(session_id,hwaddr): """ Check if a certain hwaddr (mac-address) is already registered """ global hm if not session_valid(pload(session_id)): return pdump(False) hwaddr = pload(hwaddr) return pdump(hm.host_exists(hwaddr=hwaddr))
def hostname_exists(session_id,hostname): """ Check if a certain hostname is already registered """ global hm if not session_valid(pload(session_id)): return pdump(False) hostname = pload(hostname) return pdump(hm.host_exists(hostname=hostname))
def remove_host_by_hostname(session_id,hostname): """ Remove host registered on the Mainserver by hostname """ global hm if not session_valid(pload(session_id)): return pdump(False) hostname = pload(hostname) return pdump(hm.remove_host(hostname=hostname))
def remove_host_by_hwaddr(session_id,hwaddr): """ Remove host registered on the Mainserver by hwaddr """ global hm if not session_valid(pload(session_id)): return pdump(False) hwaddr = pload(hwaddr) return pdump(hm.remove_host(hwaddr=hwaddr))
def group_exists(session_id,groupname): """ Do a quick lookup in the mainserver LDAP to see if a certain groupname exists. """ global gm if not session_valid(pload(session_id)): return pdump(False) groupname=pload(groupname) return pdump(gm.group_exists(groupname))
def hostinfo_by_hostname(session_id,hostname): """ Fetch the registration info of a certain host by hwaddr """ global hm if not session_valid(pload(session_id)): return pdump(False) hostname = pload(hostname) return pdump(hm.host_info(hostname=hostname))
def listhosts(session_id,hosttype_id): """ Fetch a list og registered hosts """ global hm if not session_valid(pload(session_id)): return pdump(False) hosttype_id = pload(hosttype_id) return pdump(hm.list_hosts(hosttype_id))
def list_my_permissions(session_id): """ Fetch user's permissions as a list of access identities """ global am if not session_valid(pload(session_id)): return pdump(False) binded_uid = sessions.get_session_variable(pload(session_id),'uid')[1] return pdump(am.list_permissions(binded_uid))
def list_groupservices(session_id,groupname): """ Fetch a simple list of group service names. """ global gm if not session_valid(pload(session_id)): return pdump(False) groupname = pload(groupname) return pdump(gm.list_services(groupname))
def groupdel(session_id,uid,groupname): global um if not session_valid(pload(session_id)): return pdump(False) if not has_perm(session_uid(pload(session_id)),'membership.remove'): return pdump(-9999) # Access denied uid=pload(uid) groupname=pload(groupname) return pdump(um.groupdel(uid,groupname))
def check_my_permission(session_id,access_ident): """ Fetch user's permissions as a list of access identities """ global am if not session_valid(pload(session_id)): return pdump(False) access_ident = pload(access_ident) binded_uid = sessions.get_session_variable(pload(session_id),'uid')[1] return pdump(am.check_permission(binded_uid,access_ident))
def changegroup(session_id,groupname,description): global gm if not session_valid(pload(session_id)): return pdump(False) if not has_perm(session_uid(pload(session_id)),'group.modify'): return pdump(-9999) # Access denied groupname=pload(groupname) description=pload(description) return pdump(gm.changegroup(groupname,description))
def get_groupservice_option_values(session_id,groupname,servicename): global gm if not session_valid(pload(session_id)): return pdump(False) if not has_perm(session_uid(pload(session_id)),'service.group.property.read'): return pdump(-9999) # Access denied groupname = pload(groupname) servicename = pload(servicename) return pdump(gm.get_service_option_values(groupname,servicename))
def unset_groupservice_option(session_id,groupname,servicename,variable): global gm if not session_valid(pload(session_id)): return pdump(False) if not has_perm(session_uid(pload(session_id)),'service.group.property.set'): return pdump(-9999) # Access denied groupname = pload(groupname) servicename = pload(servicename) variable = pload(variable) return pdump(gm.unset_service_option(groupname,servicename,variable))
def removegroup(session_id,groupname,backup_home,remove_home): global gm if not session_valid(pload(session_id)): return pdump(False) if not has_perm(session_uid(pload(session_id)),'group.remove'): return pdump(-9999) # Access denied groupname=pload(groupname) backup_home=pload(backup_home) remove_home=pload(remove_home) return pdump(gm.removegroup(groupname,backup_home,remove_home))
def removeuser(session_id,uid,backup_home,remove_home): global um if not session_valid(pload(session_id)): return pdump(False) if not has_perm(session_uid(pload(session_id)),'user.remove'): return pdump(-9999) # Access denied uid=pload(uid) backup_home=pload(backup_home) remove_home=pload(remove_home) return pdump(um.deluser(uid,backup_home,remove_home))
def update_permissions(session_id,users,groups): """ Fetch all access identities for the domain """ if not session_valid(pload(session_id)): return pdump(False) #if not has_perm(session_uid(pload(session_id)),''): # return pdump(-9999) # Access denied users = pload(users) groups = pload(groups) return pdump(skolesys.tools.admintools.update_permissions(users,groups))
def list_permissions(session_id,uid): """ Fetch user's permissions as a list of access identities """ global am if not session_valid(pload(session_id)): return pdump(False) uid = pload(uid) if not has_perm(session_uid(pload(session_id)),'access.granter'): return pdump(-9999) # Access denied return pdump(am.list_permissions(uid))
def detach_groupservice(session_id,groupname,servicename): """ Detach group from a group service """ global gm if not session_valid(pload(session_id)): return pdump(False) if not has_perm(session_uid(pload(session_id)),'service.group.detach'): return pdump(-9999) # Access denied groupname = pload(groupname) servicename = pload(servicename) return pdump(gm.detach_service(groupname,servicename))
def restart_groupservice(session_id,groupname,servicename): """ Attach group to a group service """ global gm if not session_valid(pload(session_id)): return pdump(False) if not has_perm(session_uid(pload(session_id)),'service.group.property.set'): return pdump(-9999) # Access denied groupname = pload(groupname) servicename = pload(servicename) return pdump(gm.restart_service(groupname,servicename))