def getpwent(self, filter=None, params=None):
logger.debug('getpwent(filter={0}, params={1})'.format(filter, params))
query = LdapQueryBuilder(LDAP_ATTRIBUTE_MAPPING)
qstr = query.build_query([['objectclass', '=', 'posixAccount']] + (filter or []))
logger.debug('getpwent query string: {0}'.format(qstr))
result = self.search(self.user_dn, qstr)
return (self.convert_user(i) for i in result)
def getpwent(self, filter=None, params=None):
logger.debug('getpwent(filter={0}, params={1})'.format(filter, params))
query = LdapQueryBuilder(LDAP_ATTRIBUTE_MAPPING)
qstr = query.build_query([['objectclass', '=', 'posixAccount']] + (filter or []))
logger.debug('getpwent query string: {0}'.format(qstr))
result = self.search(self.user_dn, qstr)
return (self.convert_user(i) for i in result)
def convert_user(self, entry):
if not entry:
return
dn = entry['dn']
entry = dict(entry['attributes'])
if 'user' not in get(entry, 'objectClass'):
# not a user
return
if 'computer' in get(entry, 'objectClass'):
# not a user
return
username = get(entry, 'sAMAccountName')
usersid = get(entry, 'objectSid')
groups = []
uid = self.mapper.get_uid(entry)
if uid is None:
return
if get(entry, 'memberOf'):
builder = LdapQueryBuilder()
qstr = builder.build_query([('member', '=', dn),
('objectClass', '=', 'group')])
for r in self.search(self.base_dn,
qstr,
attributes=['objectGUID', 'objectSid']):
r = dict(r['attributes'])
guid = uuid.UUID(get(r, 'objectGUID'))
groups.append(str(guid))
# Append wheel group to users being in Domain Admins group
if r['objectSid'] == self.domain_admins_sid and self.wheel_group:
groups.append(self.wheel_group['id'])
return {
'id': str(uuid.UUID(get(entry, 'objectGUID'))),
'sid': str(usersid),
'uid': uid,
'builtin': False,
'username': username,
'aliases': [f'{self.workgroup}\\{username}'],
'full_name': get(entry, 'name'),
'email': None,
'locked': False,
'sudo': False,
'password_disabled': False,
'group': str(self.domain_users_guid),
'groups': groups,
'shell': '/bin/sh',
'home': self.context.get_home_directory(self.directory, username)
}
def convert_user(self, entry):
if not entry:
return
entry = dict(entry['attributes'])
if 'user' not in get(entry, 'objectClass'):
# not a user
return
if 'computer' in get(entry, 'objectClass'):
# not a user
return
username = get(entry, 'sAMAccountName')
usersid = get(entry, 'objectSid')
groups = []
try:
wbu = self.wbc.get_user(
name='{0}\\{1}'.format(self.realm, username))
except:
return
if not wbu:
logging.warning(
'User {0} found in LDAP, but not in winbindd.'.format(
username))
return
if get(entry, 'memberOf'):
builder = LdapQueryBuilder()
qstr = builder.build_query([('distinguishedName', 'in',
get(entry, 'memberOf'))])
for r in self.search(self.base_dn, qstr):
r = dict(r['attributes'])
guid = uuid.UUID(get(r, 'objectGUID'))
groups.append(str(guid))
return {
'id': str(uuid.UUID(get(entry, 'objectGUID'))),
'sid': str(usersid),
'uid': wbu.passwd.pw_uid,
'builtin': False,
'username': username,
'aliases': [wbu.passwd.pw_name],
'full_name': get(entry, 'name'),
'email': None,
'locked': False,
'sudo': False,
'password_disabled': False,
'group': str(self.domain_users_guid),
'groups': groups,
'shell': wbu.passwd.pw_shell,
'home': wbu.passwd.pw_dir
}
def convert_user(self, entry):
if not entry:
return
dn = entry['dn']
entry = dict(entry['attributes'])
if 'user' not in get(entry, 'objectClass'):
# not a user
return
if 'computer' in get(entry, 'objectClass'):
# not a user
return
username = get(entry, 'sAMAccountName')
usersid = get(entry, 'objectSid')
groups = []
try:
wbu = self.wbc.get_user(name='{0}\\{1}'.format(self.realm, username))
except:
return
if not wbu:
logging.warning('User {0} found in LDAP, but not in winbindd.'.format(username))
return
if get(entry, 'memberOf'):
builder = LdapQueryBuilder()
qstr = builder.build_query([
('member', '=', dn),
('objectClass', '=', 'group')
])
for r in self.search(self.base_dn, qstr, attributes=['objectGUID']):
r = dict(r['attributes'])
guid = uuid.UUID(get(r, 'objectGUID'))
groups.append(str(guid))
return {
'id': str(uuid.UUID(get(entry, 'objectGUID'))),
'sid': str(usersid),
'uid': wbu.passwd.pw_uid,
'builtin': False,
'username': username,
'aliases': [wbu.passwd.pw_name],
'full_name': get(entry, 'name'),
'email': None,
'locked': False,
'sudo': False,
'password_disabled': False,
'group': str(self.domain_users_guid),
'groups': groups,
'shell': wbu.passwd.pw_shell,
'home': wbu.passwd.pw_dir
}
def getgrent(self, filter=None, params=None):
logger.debug('getgrent(filter={0}, params={1})'.format(filter, params))
if not self.is_joined():
logger.debug('getgrent: not joined')
return []
query = LdapQueryBuilder(AD_LDAP_ATTRIBUTE_MAPPING)
qstr = query.build_query([['objectClass', '=', 'group']] + (filter or []))
logger.debug('getgrent query string: {0}'.format(qstr))
results = self.search(self.base_dn, qstr)
return (self.convert_group(i) for i in results)
def getpwent(self, filter=None, params=None):
logger.debug('getpwent(filter={0}, params={1})'.format(filter, params))
if not self.is_joined():
logger.debug('getpwent: not joined')
return []
query = LdapQueryBuilder(AD_LDAP_ATTRIBUTE_MAPPING)
qstr = query.build_query([['objectClass', '=', 'person']] + (filter or []))
logger.debug('getpwent query string: {0}'.format(qstr))
results = self.search(self.user_dn, qstr)
return (self.convert_user(i) for i in results)
def getgrent(self, filter=None, params=None):
logger.debug('getgrent(filter={0}, params={1})'.format(filter, params))
if not self.is_joined():
logger.debug('getgrent: not joined')
return []
query = LdapQueryBuilder(AD_LDAP_ATTRIBUTE_MAPPING)
qfilter = [['objectClass', '=', 'group']] + (filter or [])
if self.parameters['idmap_type'] == 'UNIX':
qfilter.append(['gidNumber', '~', '*'])
qstr = query.build_query(qfilter)
logger.debug('getgrent query string: {0}'.format(qstr))
results = self.search(self.base_dn, qstr)
return (self.convert_group(i) for i in results)
def convert_user(self, entry):
dn = entry['dn']
entry = dict(entry['attributes'])
groups = []
group = None
nthash = None
if contains(entry, 'gidNumber'):
ret = self.search_one(
self.group_dn,
'(gidNumber={0})'.format(get(entry, 'gidNumber')),
attributes=['ipaUniqueID']
)
if ret:
group = dict(ret['attributes'])
if get(entry, 'memberOf'):
builder = LdapQueryBuilder()
qstr = builder.build_query([
('member', '=*', dn),
('objectClass', '=', 'posixGroup')
])
for r in self.search(self.base_dn, qstr, attributes=['ipaUniqueID']):
r = dict(r['attributes'])
groups.append(get(r, 'ipaUniqueID.0'))
if contains(entry, 'ipaNTHash'):
nthash = binascii.hexlify(entry['ipaNTHash']).decode('ascii')
return {
'id': get(entry, 'ipaUniqueID.0'),
'uid': int(get(entry, 'uidNumber')),
'gid': int(get(entry, 'gidNumber')),
'sid': get(entry, 'ipaNTSecurityIdentifier'),
'builtin': False,
'username': get(entry, 'uid.0'),
'full_name': get(entry, 'gecos', get(entry, 'displayName', '<unknown>')),
'nthash': nthash,
'password_changed_at': get(entry, 'krbLastPwdChange'),
'shell': get(entry, 'loginShell', '/bin/sh'),
'home': get(entry, 'homeDirectory', '/nonexistent'),
'sshpubkey': get(entry, 'ipaSshPubKey.0', b'').decode('ascii') or None,
'group': get(group, 'ipaUniqueID.0') if group else None,
'groups': groups,
'sudo': False
}
def convert_user(self, entry):
entry = dict(entry['attributes'])
groups = []
group = None
nthash = None
if contains(entry, 'gidNumber'):
ret = self.search_one(
self.group_dn,
'(gidNumber={0})'.format(get(entry, 'gidNumber'))
)
if ret:
group = dict(ret['attributes'])
if get(entry, 'memberOf'):
builder = LdapQueryBuilder()
qstr = builder.build_query([
('dn', 'in', get(entry, 'memberOf'))
])
for r in self.search(self.base_dn, qstr):
r = dict(r['attributes'])
groups.append(get(r, 'ipaUniqueID.0'))
if contains(entry, 'ipaNTHash'):
nthash = binascii.hexlify(entry['ipaNTHash']).decode('ascii')
return {
'id': get(entry, 'ipaUniqueID.0'),
'uid': int(get(entry, 'uidNumber')),
'gid': int(get(entry, 'gidNumber')),
'sid': get(entry, 'ipaNTSecurityIdentifier'),
'builtin': False,
'username': get(entry, 'uid.0'),
'full_name': get(entry, 'gecos', get(entry, 'displayName', '<unknown>')),
'nthash': nthash,
'password_changed_at': get(entry, 'krbLastPwdChange'),
'shell': get(entry, 'loginShell', '/bin/sh'),
'home': get(entry, 'homeDirectory', '/nonexistent'),
'sshpubkey': get(entry, 'ipaSshPubKey.0', b'').decode('ascii') or None,
'group': get(group, 'ipaUniqueID.0') if group else None,
'groups': groups,
'sudo': False
}
def convert_group(self, entry):
if not entry:
return
entry = dict(entry['attributes'])
if 'group' not in get(entry, 'objectClass'):
# not a group
return
groupname = get(entry, 'sAMAccountName')
groupsid = get(entry, 'objectSid')
parents = []
try:
wbg = self.wbc.get_group(
name='{0}\\{1}'.format(self.realm, groupname))
except:
return
if not wbg:
logging.warning(
'Group {0} found in LDAP, but not in winbindd.'.format(
groupname))
return
if get(entry, 'memberOf'):
builder = LdapQueryBuilder()
qstr = builder.build_query([('distinguishedName', 'in',
get(entry, 'memberOf'))])
for r in self.search(self.base_dn, qstr):
r = dict(r['attributes'])
guid = uuid.UUID(get(r, 'objectGUID'))
parents.append(str(guid))
return {
'id': str(uuid.UUID(get(entry, 'objectGUID'))),
'sid': str(groupsid),
'gid': wbg.group.gr_gid,
'builtin': False,
'name': groupname,
'aliases': [wbg.group.gr_name],
'parents': parents,
'sudo': False
}
def convert_group(self, entry):
if not entry:
return
entry = dict(entry['attributes'])
if 'group' not in get(entry, 'objectClass'):
# not a group
return
groupname = get(entry, 'sAMAccountName')
groupsid = get(entry, 'objectSid')
parents = []
try:
wbg = self.wbc.get_group(name='{0}\\{1}'.format(self.realm, groupname))
except:
return
if not wbg:
logging.warning('Group {0} found in LDAP, but not in winbindd.'.format(groupname))
return
if get(entry, 'memberOf'):
builder = LdapQueryBuilder()
qstr = builder.build_query([
('distinguishedName', 'in', get(entry, 'memberOf'))
])
for r in self.search(self.base_dn, qstr):
r = dict(r['attributes'])
guid = uuid.UUID(get(r, 'objectGUID'))
parents.append(str(guid))
return {
'id': str(uuid.UUID(get(entry, 'objectGUID'))),
'sid': str(groupsid),
'gid': wbg.group.gr_gid,
'builtin': False,
'name': groupname,
'aliases': [wbg.group.gr_name],
'parents': parents,
'sudo': False
}
def convert_group(self, entry):
entry = dict(entry['attributes'])
parents = []
if get(entry, 'memberOf'):
builder = LdapQueryBuilder()
qstr = builder.build_query([('dn', 'in', get(entry, 'memberOf'))])
for r in self.search(self.base_dn, qstr):
r = dict(r['attributes'])
parents.append(get(r, 'ipaUniqueID.0'))
return {
'id': get(entry, 'ipaUniqueID.0'),
'gid': int(get(entry, 'gidNumber')),
'name': get(entry, 'cn.0'),
'parents': parents,
'builtin': False,
'sudo': False
}
def convert_group(self, entry):
entry = dict(entry['attributes'])
parents = []
if get(entry, 'memberOf'):
builder = LdapQueryBuilder()
qstr = builder.build_query([
('dn', 'in', get(entry, 'memberOf'))
])
for r in self.search(self.base_dn, qstr):
r = dict(r['attributes'])
parents.append(get(r, 'ipaUniqueID.0'))
return {
'id': get(entry, 'ipaUniqueID.0'),
'gid': int(get(entry, 'gidNumber')),
'name': get(entry, 'cn.0'),
'parents': parents,
'builtin': False,
'sudo': False
}
def convert_user(self, entry):
entry = dict(entry['attributes'])
groups = []
group = None
if contains(entry, 'gidNumber.0'):
ret = self.search_one(
self.group_dn,
'(gidNumber={0})'.format(get(entry, 'gidNumber.0'))
)
if ret:
group = dict(ret['attributes'])
if get(entry, 'memberOf'):
builder = LdapQueryBuilder()
qstr = builder.build_query([
('dn', 'in', get(entry, 'memberOf'))
])
for r in self.search(self.base_dn, qstr):
r = dict(r['attributes'])
groups.append(get(r, 'ipaUniqueID.0'))
return {
'id': get(entry, 'ipaUniqueID.0'),
'uid': int(get(entry, 'uidNumber.0')),
'gid': int(get(entry, 'gidNumber.0')),
'builtin': False,
'username': get(entry, 'uid.0'),
'full_name': get(entry, 'gecos.0', get(entry, 'displayName.0', '<unknown>')),
'shell': get(entry, 'loginShell.0', '/bin/sh'),
'home': get(entry, 'homeDirectory.0', '/nonexistent'),
'sshpubkey': get(entry, 'ipaSshPubKey.0', None),
'group': get(group, 'ipaUniqueID.0') if group else None,
'groups': groups,
'sudo': False
}
def convert_group(self, entry):
if not entry:
return
entry = dict(entry['attributes'])
if 'group' not in get(entry, 'objectClass'):
# not a group
return
groupname = get(entry, 'sAMAccountName')
groupsid = get(entry, 'objectSid')
parents = []
gid = self.mapper.get_gid(entry)
if gid is None:
return
if get(entry, 'memberOf'):
builder = LdapQueryBuilder()
qstr = builder.build_query([('distinguishedName', 'in',
get(entry, 'memberOf'))])
for r in self.search(self.base_dn, qstr):
r = dict(r['attributes'])
guid = uuid.UUID(get(r, 'objectGUID'))
parents.append(str(guid))
return {
'id': str(uuid.UUID(get(entry, 'objectGUID'))),
'sid': str(groupsid),
'gid': gid,
'builtin': False,
'name': groupname,
'aliases': [f'{self.workgroup}\\{groupname}'],
'parents': parents,
'sudo': False
}
def convert_user(self, entry):
if not entry:
return
dn = entry['dn']
entry = dict(entry['attributes'])
if 'user' not in get(entry, 'objectClass'):
# not a user
return
if 'computer' in get(entry, 'objectClass'):
# not a user
return
username = get(entry, 'sAMAccountName')
usersid = get(entry, 'objectSid')
groups = []
try:
wbu = self.wbc.get_user(
name='{0}\\{1}'.format(self.realm, username))
except:
return
if not wbu:
logging.warning(
'User {0} found in LDAP, but not in winbindd.'.format(
username))
return
if get(entry, 'memberOf'):
builder = LdapQueryBuilder()
qstr = builder.build_query([('member', '=', dn),
('objectClass', '=', 'group')])
for r in self.search(self.base_dn,
qstr,
attributes=['objectGUID', 'objectSid']):
r = dict(r['attributes'])
guid = uuid.UUID(get(r, 'objectGUID'))
groups.append(str(guid))
# Append wheel group to users being in Domain Admins group
if r['objectSid'] == self.domain_admins_sid and self.wheel_group:
groups.append(self.wheel_group['id'])
return {
'id': str(uuid.UUID(get(entry, 'objectGUID'))),
'sid': str(usersid),
'uid': wbu.passwd.pw_uid,
'builtin': False,
'username': username,
'aliases': [wbu.passwd.pw_name],
'full_name': get(entry, 'name'),
'email': None,
'locked': False,
'sudo': False,
'password_disabled': False,
'group': str(self.domain_users_guid),
'groups': groups,
'shell': wbu.passwd.pw_shell,
'home': self.context.get_home_directory(self.directory, username)
}
