def getGroupById(self, group_id): """ Returns the portal_groupdata-ish object for a group corresponding to this id. None if group does not exist here! """ group_id = decode_utf8(group_id) groups = self.groups if not groups or group_id not in groups.keys(): return None ugmgroup = self.groups[group_id] title = ugmgroup.attrs.get("title", None) group = PloneGroup(ugmgroup.id, title).__of__(self) pas = self._getPAS() plugins = pas.plugins # add properties for propfinder_id, propfinder in plugins.listPlugins(pas_interfaces.IPropertiesPlugin): data = propfinder.getPropertiesForUser(group, None) if not data: continue group.addPropertysheet(propfinder_id, data) # add subgroups group._addGroups(pas._getGroupsForPrincipal(group, None, plugins=plugins)) # add roles for rolemaker_id, rolemaker in plugins.listPlugins(pas_interfaces.IRolesPlugin): roles = rolemaker.getRolesForPrincipal(group, None) if not roles: continue group._addRoles(roles) return group
def authenticate(self, login=None, pw=None, id=None): if id is not None: # bbb. deprecated usage login = id user_id = self.id_for_login(decode_utf8(login)) criteria = {self._key_attr: user_id} attrlist = ["dn"] if self.expiresAttr: attrlist.append(self.expiresAttr) try: res = self.context.search(criteria=criteria, attrlist=attrlist) except ldap.NO_SUCH_OBJECT: return False if not res: return False if len(res) > 1: msg = u'More than one principal with login "{0}" found.' logger.warning(msg.format(user_id)) if self.expiresAttr: expires = res[0][1].get(self.expiresAttr) expires = expires and expires[0] or None try: expired = calculate_expired(self.expiresUnit, expires) except ValueError: # unknown expires field data msg = u"Accound expiration flag for user '{0}' " + u"contains unknown data" logger.error(msg.format(id)) return False if expired: return ACCOUNT_EXPIRED user_dn = res[0][1]["dn"] session = self.context.ldap_session authenticated = session.authenticate(user_dn.encode("utf-8"), pw) return authenticated and user_id or False
def __getitem__(self, key): key = decode_utf8(key) try: return self.storage[key] except KeyError: criteria = {self._key_attr: key} attrlist = ['rdn', self._key_attr] res = self.context.search(criteria=criteria, attrlist=attrlist) if not res: raise KeyError(key) if len(res) > 1: msg = u'More than one principal with id "{0}" found.' logger.warning(msg.format(key)) prdn = res[0][1]['rdn'] if prdn in self.context._deleted_children: raise KeyError(key) dn = res[0][0] # XXX: use explode_dn path = dn.split(',')[:len(self.context.DN.split(',')) * -1] context = self.context for rdn in reversed(path): context = context[rdn] principal = self.principal_factory( context, attraliaser=self.principal_attraliaser) principal.__name__ = key principal.__parent__ = self self.storage[key] = principal return principal
def authenticate(self, login=None, pw=None, id=None): if id is not None: # bbb. deprecated usage login = id user_id = self.id_for_login(decode_utf8(login)) criteria = {self._key_attr: user_id} attrlist = ['dn'] if self.expiresAttr: attrlist.append(self.expiresAttr) try: res = self.context.search(criteria=criteria, attrlist=attrlist) except ldap.NO_SUCH_OBJECT: return False if not res: return False if len(res) > 1: msg = u'More than one principal with login "{0}" found.' logger.warning(msg.format(user_id)) if self.expiresAttr: expires = res[0][1].get(self.expiresAttr) expires = expires and expires[0] or None try: expired = calculate_expired(self.expiresUnit, expires) except ValueError: # unknown expires field data msg = u"Accound expiration flag for user '{0}' " + \ u"contains unknown data" logger.error(msg.format(id)) return False if expired: return ACCOUNT_EXPIRED user_dn = res[0][1]['dn'] session = self.context.ldap_session authenticated = session.authenticate(user_dn.encode('utf-8'), pw) return authenticated and user_id or False
def __delitem__(self, key): key = decode_utf8(key) del self.context[key] try: del self.storage[key] except KeyError: pass
def authenticate(self, id=None, pw=None): # XXX: rename 'id' kw arg to 'login' id = decode_utf8(id) id = self.id_for_login(id) try: if self.expiresAttr: user = self.context[id] expires = user.attrs.get(self.expiresAttr) if expires and expires not in ['99999' '-1']: # check expiration timestamp try: expires = int(expires) except ValueError: # unknown expires field data msg= u"Accound expiration flag for user '%s' " +\ u"contains unknown data" msg = msg % id logger.error(msg) return False # shadow account specific if self.expiresAttr == 'shadowExpire': expires += int(user.attrs.get('shadowInactive', '0')) days = time.time() if self.expiresUnit == EXPIRATION_DAYS: # numer of days since epoch days /= 86400 if days >= expires: return ACCOUNT_EXPIRED userdn = user.DN else: userdn = self.context.child_dn(id) except KeyError: return False return self.context.ldap_session.authenticate(userdn, pw) \ and id or False
def __getitem__(self, key): key = decode_utf8(key) try: return self.storage[key] except KeyError: criteria = {self._key_attr: key} attrlist = ["rdn", self._key_attr] res = self.context.search(criteria=criteria, attrlist=attrlist) if not res: raise KeyError(key) if len(res) > 1: msg = u'More than one principal with id "{0}" found.' logger.warning(msg.format(key)) prdn = res[0][1]["rdn"] if prdn in self.context._deleted_children: raise KeyError(key) dn = res[0][0] # XXX: use explode_dn path = dn.split(",")[: len(self.context.DN.split(",")) * -1] context = self.context for rdn in reversed(path): context = context[rdn] principal = self.principal_factory(context, attraliaser=self.principal_attraliaser) principal.__name__ = key principal.__parent__ = self self.storage[key] = principal return principal
def getGroupById(self, group_id): """ Returns the portal_groupdata-ish object for a group corresponding to this id. None if group does not exist here! """ group_id = decode_utf8(group_id) groups = self.groups if not groups or group_id not in groups.keys(): return None ugmgroup = self.groups[group_id] title = ugmgroup.attrs.get('title', None) group = PloneGroup(ugmgroup.id, title).__of__(self) pas = self._getPAS() plugins = pas.plugins # add properties for propfinder_id, propfinder in \ plugins.listPlugins(pas_interfaces.IPropertiesPlugin): data = propfinder.getPropertiesForUser(group, None) if not data: continue group.addPropertysheet(propfinder_id, data) # add subgroups group._addGroups( pas._getGroupsForPrincipal(group, None, plugins=plugins)) # add roles for rolemaker_id, rolemaker in \ plugins.listPlugins(pas_interfaces.IRolesPlugin): roles = rolemaker.getRolesForPrincipal(group, None) if not roles: continue group._addRoles(roles) return group
def __getitem__(self, key): key = decode_utf8(key) if key not in self: raise KeyError(key) principals = self.related_principals(key) if key.startswith('group:'): key = key[6:] return principals[key]
def add(self, key): key = decode_utf8(key) if key not in self.member_ids: val = self.translate_key(key) # self.context.attrs[self._member_attribute].append won't work here # issue in LDAPNodeAttributes, does not recognize changed this way. old = self.context.attrs.get(self._member_attribute, list()) self.context.attrs[self._member_attribute] = old + [val]
def __delitem__(self, key): key = decode_utf8(key) group = self[key] parent = self.parent if parent and parent.rcfg is not None: for role in group.roles: group.remove_role(role) del self.context[key]
def add(self, key): key = decode_utf8(key) if not key in self.member_ids: val = self.translate_key(key) # self.context.attrs[self._member_attribute].append won't work here # issue in LDAPNodeAttributes, does not recognize changed this way. old = self.context.attrs.get(self._member_attribute, list()) self.context.attrs[self._member_attribute] = old + [val]
def __delitem__(self, key): key = decode_utf8(key) group = self[key] parent = self.parent if parent and parent.rcfg is not None: for role in group.roles: group.remove_role(role) context = group.context del context.parent[context.name] del self.storage[key]
def passwd(self, id, oldpw, newpw): id = decode_utf8(id) self.context.ldap_session.passwd( self.context.child_dn(id), oldpw, newpw) object_classes = self.context.child_defaults['objectClass'] user_node = self[id].context user_node.attrs.load() if 'sambaSamAccount' in object_classes: user_node.attrs['sambaNTPassword'] = sambaNTPassword(newpw) user_node.attrs['sambaLMPassword'] = sambaLMPassword(newpw) user_node()
def invalidate(self, key=None): """Invalidate LDAPPrincipals. """ key = decode_utf8(key) self.context.invalidate(key) if key is None: self.storage.clear() return try: del self.storage[key] except KeyError: pass
def __getitem__(self, key): key = decode_utf8(key) try: return self.storage[key] except KeyError: principal = self.principal_factory( self.context[key], attraliaser=self.principal_attraliaser) principal.__name__ = self.context[key].name principal.__parent__ = self self.storage[key] = principal return principal
def __delitem__(self, key): key = decode_utf8(key) user = self[key] try: groups = user.groups except AttributeError: groups = list() for group in groups: del group[user.name] parent = self.parent if parent and parent.rcfg is not None: for role in user.roles: user.remove_role(role) del self.context[key]
def __delitem__(self, key): key = decode_utf8(key) if key not in self: raise KeyError(key) if self._member_format == FORMAT_DN: val = self.related_principals(key)[key].context.DN elif self._member_format == FORMAT_UID: val = key # self.context.attrs[self._member_attribute].remove won't work here # issue in LDAPNodeAttributes, does not recognize changed this way. members = self.context.attrs[self._member_attribute] members.remove(val) self.context.attrs[self._member_attribute] = members # XXX: call here immediately? self.context()
def __delitem__(self, key): key = decode_utf8(key) if key not in self: raise KeyError(key) if self._member_format == FORMAT_DN: val = self.related_principals(key).context.child_dn(key) elif self._member_format == FORMAT_UID: val = key # self.context.attrs[self._member_attribute].remove won't work here # issue in LDAPNodeAttributes, does not recognize changed this way. members = self.context.attrs[self._member_attribute] members.remove(val) self.context.attrs[self._member_attribute] = members # XXX: call here immediately? self.context()
def __delitem__(self, key): key = decode_utf8(key) if key not in self: raise KeyError(key) principals = self.related_principals(key) if self._member_format == FORMAT_DN: real_key = key if key.startswith("group:"): real_key = key[6:] val = principals[real_key].context.DN elif self._member_format == FORMAT_UID: val = key # self.context.attrs[self._member_attribute].remove won't work here # issue in LDAPNodeAttributes, does not recognize changed this way. members = self.context.attrs[self._member_attribute] members.remove(val) self.context.attrs[self._member_attribute] = members # XXX: call here immediately? self.context()
def passwd(self, id, oldpw, newpw): user_id = self.id_for_login(decode_utf8(id)) criteria = {self._key_attr: user_id} attrlist = ["dn"] if self.expiresAttr: attrlist.append(self.expiresAttr) res = self.context.search(criteria=criteria, attrlist=attrlist) if not res: raise KeyError(id) if len(res) > 1: msg = u'More than one principal with login "{0}" found.' logger.warning(msg.format(user_id)) user_dn = res[0][1]["dn"] self.context.ldap_session.passwd(user_dn, oldpw, newpw) object_classes = self.context.child_defaults["objectClass"] user_node = self[user_id].context user_node.attrs.load() if "sambaSamAccount" in object_classes: user_node.attrs["sambaNTPassword"] = sambaNTPassword(newpw) user_node.attrs["sambaLMPassword"] = sambaLMPassword(newpw) user_node()
def passwd(self, id, oldpw, newpw): user_id = self.id_for_login(decode_utf8(id)) criteria = {self._key_attr: user_id} attrlist = ['dn'] if self.expiresAttr: attrlist.append(self.expiresAttr) res = self.context.search(criteria=criteria, attrlist=attrlist) if not res: raise KeyError(id) if len(res) > 1: msg = u'More than one principal with login "{0}" found.' logger.warning(msg.format(user_id)) user_dn = res[0][1]['dn'] self.context.ldap_session.passwd(user_dn, oldpw, newpw) object_classes = self.context.child_defaults['objectClass'] user_node = self[user_id].context user_node.attrs.load() if 'sambaSamAccount' in object_classes: user_node.attrs['sambaNTPassword'] = sambaNTPassword(newpw) user_node.attrs['sambaLMPassword'] = sambaLMPassword(newpw) user_node()
def __getitem__(self, key): key = decode_utf8(key) if key not in self: raise KeyError(key) return self.related_principals(key)[key]
def __contains__(self, key): key = decode_utf8(key) for uid in self: if uid == key: return True return False