def get_session_info(self, domsid=DOM_SID):
"""
Get session_info for setntacl.
"""
if str(domsid) != str(self.samdb.get_domain_sid()):
# fake it with admin session as domsid is not in local db
admin_session = auth.admin_session(self.lp, str(domsid))
auth.session_info_fill_unix(admin_session,
lp_ctx=self.lp,
user_name="Administrator")
return admin_session
dn = '<SID={0}-{1}>'.format(domsid, security.DOMAIN_RID_ADMINISTRATOR)
flags = (auth.AUTH_SESSION_INFO_DEFAULT_GROUPS
| auth.AUTH_SESSION_INFO_AUTHENTICATED
| auth.AUTH_SESSION_INFO_SIMPLE_PRIVILEGES)
session = auth.user_session(self.samdb,
lp_ctx=self.lp,
dn=dn,
session_info_flags=flags)
auth.session_info_fill_unix(session,
lp_ctx=self.lp,
user_name="Administrator")
return session
def autenticacion(creds, lp):
"""
Cumple con la idea de inyección, así que debería ser testeable
"""
try:
ldap_conn = Ldb('ldap://localhost', lp=lp, credentials=creds)
domain_dn = ldap_conn.get_default_basedn()
search_filter='sAMAccountName={0}'.format(creds.get_username())
# NOTA: No intentes usar searchone para este caso específico. Dn resulta ser una clase no iterable
busqueda = ldap_conn.search(base=domain_dn, scope=SCOPE_SUBTREE, expression=search_filter, attrs=['dn', 'memberOf', 'displayName'])
user_dn = busqueda[0].dn
sesion = user_session(ldap_conn, lp_ctx=lp, dn=user_dn, session_info_flags=session_info_flags)
# Este punto podría ser importante para la idea de login
token = sesion.security_token
except LdbError as e:
log.warning("Error LDB: %s" % e)
return False;
except IndexError as e:
log.warning("El usuario %s no existe" % creds.get_username())
return False;
except Exception as e:
log.warning("Error no contemplado %s " % e)
return False;
return busqueda
def test_auth_user_session(self):
s = auth.user_session(ldb=42, principal='foo')
