def get_group(self, groupName=None, gidNumber=None,_dc=None):
if gidNumber:
results = do_ldap_search("(&(objectclass=posixGroup)(gidNumber=%s))" % (gidNumber))
elif groupName:
results = do_ldap_search("(&(objectclass=posixGroup)(cn=%s))" % (groupName))
else:
return "{failure:1,'text':'No group GID or name entered'}"
if not results:
return "{failure:1,'text':'No group found'}"
res=results[0][0][1]
output="{"
members=''
for f in groupFields:
if res.has_key(f) and f is not "memberUid":
output+="%s:'%s'," % (f, res[f][0])
if res.has_key('memberUid'):
for m in res['memberUid']:
members+="%s:" % (m)
output+='members:"%s"' % (members[:-1])
output+="}"
cherrypy.response.headers['Content-Type'] = "text/plain"
return output
def getMembers(self, groupName=None, gidNumber=None,_dc=None,query=None):
server = cherrypy.session['server']
suffix = cherrypy.session['suffix']
adminUser = cherrypy.session['username']
adminPass = cherrypy.session['password']
if not server or not suffix or not adminUser or not adminPass:
doLogout('You cannot be here')
return "{failure:1,'info':'Access violation: you are not logged in or your session has expired'}"
if gidNumber:
results = do_ldap_search("(&(objectclass=posixGroup)(gidNumber=%s))" % (gidNumber))
elif groupName:
results = do_ldap_search("(&(objectclass=posixGroup)(cn=%s))" % (groupName))
if not results:
return "{failure:1,'text':'No members found'}"
if not results[0][0][1].has_key('memberUid'):
return "{success:1,'text':'No members found'}"
members=results[0][0][1]['memberUid']
output="{results: ["
for member in members:
user_details = getUser(uidNumber=member)
if user_details:
output+="""{cn: '%s',gidNumber:%s,givenName:'%s',sn:'%s',uid:'%s'},""" % (getUserCN(member),member,
user_details['givenName'][0],
user_details['sn'][0],
user_details['uid'][0])
output+="]}"
cherrypy.response.headers['Content-Type'] = "text/plain"
return output
def getGroupCN(gid):
results = do_ldap_search("(&(objectclass=posixGroup)(gidNumber=%s))" % (gid),['cn'])
if not results:
return 0
res=results[0][0][1]['cn'][0]
return res
def list(self, *args, **kwargs):
cn="*"
if kwargs.has_key('cn'):
cn=kwargs['cn']
results = do_ldap_search("(&(objectclass=sudoRole)(cn=%s))" % (cn))
output = "{results:["
for res in results:
res = res[0][1]
commands=''
sudouser=''
sudooptions=''
if res.has_key('sudoCommand'):
commands=";".join(res['sudoCommand'])
if res.has_key('sudoUser'):
sudouser = res['sudoUser'][0]
if res.has_key('sudoOption'):
sudooptions=";".join(res['sudoOption'])
hosts=";".join(res['sudoHost'])
output += """{sudorole:"%s",sudouser:"******",sudohost:"%s",sudocommands:"%s",sudooptions:"%s"},""" % (res['cn'][0],sudouser,hosts,commands,sudooptions)
output += "]}"
cherrypy.response.headers['Content-Type'] = "text/plain"
return output
def update(self, groupName=None, gidNumber=None,members=None,_dc=None):
if not groupName:
return "{failure:1,'text':'No group found'}"
server = cherrypy.session['server']
suffix = cherrypy.session['suffix']
adminUser = cherrypy.session['username']
adminPass = cherrypy.session['password']
if not server or not suffix or not adminUser or not adminPass or not gidNumber:
doLogout('You cannot be here')
return "{failure:1,'info':'Access violation'"
results = do_ldap_search("(&(objectclass=posixGroup)(cn=%s))" % (groupName))
if len(results) < 1:
return "{failure:1,'info':'Cannot find the required group'}"
res=results[0][0][1]
memberUid=[]
uniqueMember=[]
for x in members.split(","):
if len(x)>0:
memberUid.append(x)
full_user = "******" % (x, suffix)
uniqueMember.append(full_user)
New={"cn":groupName,"gidNumber":gidNumber}
if memberUid:
if len(memberUid)>0:
New["memberUid"] = memberUid
if len(uniqueMember)>0:
New['uniqueMember'] = uniqueMember
Current={"cn":res['cn'][0], "gidNumber":res['gidNumber'][0]}
if res.has_key('memberUid'):
Current["memberUid"] = copy.copy(res['memberUid'])
if res.has_key('uniqueMember'):
Current['uniqueMember'] = copy.copy(res['uniqueMember'])
if not "groupOfUniqueNames" in res['objectClass']:
Current['objectClass'] = copy.copy(res['objectClass'])
New['objectClass'] = copy.copy(res['objectClass'])
New['objectClass'].append('groupOfUniqueNames')
print Current
print New
DN='cn=%s,ou=Group,%s' % (res['cn'][0],suffix)
if Current == New and not r:
return "{success:1,info:'No changes needed'}"
l = ldap.open(server)
try:
l.simple_bind_s(adminUser, adminPass)
except ldap.LDAPError, e:
err = parse_ldap_error(e)
return "{failure:1,'info':'Bind: %s'}" % (err)
def get(self, hostname=None,ip=None,_dc=None):
if not ip is None:
results = do_ldap_search("(&(objectclass=ipHost)(ipHostNumber=%s))" % (ip))
else:
results = do_ldap_search("(&(objectclass=ipHost)(cn=%s))" % (hostname))
if not results:
return "{}"
res=results[0][0][1]
output = ""
if "ipHostNumber" in results[0][0]:
hostname = results[0][0].split("+")[0].replace("cn=","")
aliases=",".join(res['cn'])
output += """{hostname:"%s",ip:"%s",aliases:"%s"}""" % (hostname,res['ipHostNumber'][0],aliases)
cherrypy.response.headers['Content-Type'] = "text/plain"
return output
def list(self, *args, **kwargs):
cn="*"
if kwargs.has_key('cn'):
cn=kwargs['cn']
results = do_ldap_search("(&(objectclass=ipHost)(cn=%s))" % (cn))
output = "{results:["
for res in results:
if "ipHostNumber" in res[0][0]:
hostname = res[0][0].split("+")[0].replace("cn=","")
res = res[0][1]
aliases=";".join(res['cn'])
output += """{hostname:"%s",ip:"%s",aliases:"%s"},""" % (hostname,res['ipHostNumber'][0],aliases)
output += "]}"
cherrypy.response.headers['Content-Type'] = "text/plain"
return output
def update(self, hostname=None,ip=None,aliases=None,_dc=None):
server = cherrypy.session['server']
suffix = cherrypy.session['suffix']
adminUser = cherrypy.session['username']
adminPass = cherrypy.session['password']
if not server or not suffix or not adminUser or not adminPass:
doLogout('You cannot be here')
return "{failure:1,'info':'Access violation'"
if not hostname or not ip:
return "{failure:1,'info':'Nothing to change'"
results = do_ldap_search("(&(objectclass=ipHost)(cn=%s))" % (hostname))
if len(results) < 1:
return "{failure:1,'info':'Cannot find the required host'}"
DN=results[0][0][0]
res=results[0][0][1]
if "ie:" in aliases: aliases=''
hostAliases=[]
for c in aliases.split(","):
if len(c)>1:
c = c.replace(" ","")
hostAliases.append(c)
if not hostname in hostAliases:
hostAliases.append(hostname)
Current={"cn":res['cn'],"ipHostNumber":res['ipHostNumber'][0]}
New={"cn":hostAliases,"ipHostNumber":ip}
if Current == New:
return "{success:1,info:'No changes needed'}"
l = ldap.open(server)
try:
l.simple_bind_s(adminUser, adminPass)
except ldap.LDAPError, e:
err = parse_ldap_error(e)
return "{failure:1,'info':'Bind: %s'}" % (err)
def get(self, sudorole=None,_dc=None):
results = do_ldap_search("(&(objectclass=SudoRole)(cn=%s))" % (sudorole))
if not results:
return "{}"
res=results[0][0][1]
users=''
hosts=''
commands=''
options=''
if res.has_key('sudoUser'):
users = ';'.join(res['sudoUser'])
if res.has_key('sudoCommand'):
commands = ';'.join(res['sudoCommand'])
if res.has_key('sudoHost'):
hosts = ';'.join(res['sudoHost'])
if res.has_key('sudoOption'):
options = ';'.join(res['sudoOption'])
output = """{cn:"%s",sudoCommand:"%s",sudoUser:"******",sudoHost:"%s",sudoOption:"%s"}""" % (sudorole,commands,users,hosts,options)
cherrypy.response.headers['Content-Type'] = "text/plain"
return output
def update(self, role=None,sudohost=None,sudouser=None,sudogroup=None,sudocommands=None,sudooptions=None,_dc=None):
server = cherrypy.session['server']
suffix = cherrypy.session['suffix']
adminUser = cherrypy.session['username']
adminPass = cherrypy.session['password']
if not server or not suffix or not adminUser or not adminPass:
doLogout('You cannot be here')
return "{failure:1,'info':'Access violation'"
sudorole=role
results = do_ldap_search("(&(objectclass=SudoRole)(cn=%s))" % (sudorole))
if not results:
return "{failure:1,info:'Role not found'}"
DN=results[0][0][0]
res=results[0][0][1]
if sudogroup and not "Select" in sudogroup:
if "%" in sudogroup:
sudouser="******" % (sudogroup)
else:
sudouser="******" % (sudogroup)
if "Select" in sudouser:
sudouser=''
commands=[]
for c in sudocommands.split(";"):
if len(c)>1:
commands.append(c)
hosts=[]
for c in sudohost.split(","):
if len(c)>1:
hosts.append(c)
options=[]
for c in sudooptions.split(";"):
if len(c)>1:
options.append(c)
Current={'cn':res['cn']}
for k in ["sudoCommand", "sudoUser", "sudoOption","sudoHost"]:
if res.has_key(k):
Current[k] = res[k]
New={'cn':role}
if len(sudouser)>0:
New['sudoUser'] = sudouser
if len(commands)>0:
New['sudoCommand'] = commands
if len(options)>0:
New['sudoOption'] = options
if len(hosts)>0:
New['sudoHost'] = hosts
else:
New['sudoHost'] = 'ALL'
print "\n\n"
print Current
print "\n\n"
print New
print "\n\n"
l = ldap.open(server)
try:
l.simple_bind_s(adminUser, adminPass)
except ldap.LDAPError, e:
err = parse_ldap_error(e)
return """{failure:1,info:"%s"}""" % (err)
