def map_auth_method(id):
if id == 'NOCRYPT':
return 'NOCRYPT'
try:
return int(_AuthenticationCode(id))
except Errors.NotFoundError:
print "Error mapping auth_method %s" % id # no need to use logger here
raise
def map_auth_method(id):
if id == 'NOCRYPT':
return 'NOCRYPT'
try:
return int(_AuthenticationCode(id))
except Errors.NotFoundError:
print "Error mapping auth_method %s" % id # no need to use logger here
raise
class VoipAuthConstants(Constants.Constants):
"""Authentication constants for voip."""
EntityAuthenticationCode = _EntityAuthenticationCode
voip_auth_sip_secret = _EntityAuthenticationCode(
'voip-sipsecret', 'sipSecret value for voip clients')
auth_type_ha1_md5 = _AuthenticationCode(
'HA1-MD5',
"Used in digest access authentication as specified in RFC 2617. "
"Is an unsalted MD5 digest hash over 'username:realm:password'. "
"See <http://tools.ietf.org/html/rfc2617#section-3.2.2.2>")
class Constants(Constants.Constants):
# Affiliations and statuses
# Project
affiliation_project = _PersonAffiliationCode('PROJECT',
'Member of a project')
# Project Owner
affiliation_status_project_owner = _PersonAffStatusCode(
affiliation_project, 'owner', 'Project Owner')
# Project Administrator (PA)
affiliation_status_project_admin = _PersonAffStatusCode(
affiliation_project, 'admin', 'Project Administrator (PA)')
# Project Member (PM)
affiliation_status_project_member = _PersonAffStatusCode(
affiliation_project, 'member', 'Project Member (PM)')
# Pending
affiliation_pending = _PersonAffiliationCode('PENDING',
'Unapproved affiliations')
# Pending project member (PM)
affiliation_status_pending_project_member = _PersonAffStatusCode(
affiliation_pending, 'member',
'Waiting for getting accepted as a project member')
# Spreads
# AD
spread_ad_account = _SpreadCode('account@ad',
Constants.Constants.entity_account,
'Account should be synced with AD')
spread_file_group = _SpreadCode('filegroup',
Constants.Constants.entity_group,
'File group')
spread_net_group = _SpreadCode('netgroup',
Constants.Constants.entity_group,
'Net group')
spread_ad_host = _SpreadCode('host@ad', DnsConstants.entity_dns_owner,
'Host that is synced with AD')
# GW
spread_gateway_account = _SpreadCode(
'account@gw', Constants.Constants.entity_account,
'Account to be synced to the gateway')
# The gateway doesn't care about groups
# spread_gateway_group = _SpreadCode(
# 'group@gw', Constants.Constants.entity_group,
# 'Group to be synced to the gateway')
# Quarantines
quarantine_autopassord = _QuarantineCode('autopassord',
'Password out of date')
quarantine_generell = _QuarantineCode('generell', 'General block')
quarantine_teppe = _QuarantineCode('teppe', 'Quarantine for severe issues')
quarantine_not_approved = _QuarantineCode(
'not_approved', 'Waiting for approval from admin')
quarantine_project_end = _QuarantineCode(
'project_end', 'Blocking projects when end date is reached')
quarantine_project_start = _QuarantineCode(
'not_started_yet',
"Project haven't started yet, waiting for start date")
quarantine_frozen = _QuarantineCode('frozen', 'Project is frozen')
quarantine_auto_frozen = _QuarantineCode('auto_frozen',
'User is auto-frozen')
# Source systems
system_nettskjema = _AuthoritativeSystemCode(
'Nettskjema', 'Information from Nettskjema, registered by anyone')
system_ad = _AuthoritativeSystemCode('AD', 'Information from AD')
# External IDs
externalid_project_id = _EntityExternalIdCode(
'projectid', Constants.Constants.entity_ou,
"Project's external ID, generated by Cerebrum")
# Traits
trait_project_group = _EntityTraitCode('project_group',
Constants.Constants.entity_group,
'The project a group belongs to')
trait_project_host = _EntityTraitCode('project_host',
DnsConstants.entity_dns_owner,
'The project a host belongs to')
trait_project_subnet = _EntityTraitCode(
'project_subnet', DnsConstants.entity_dns_subnet,
'The project a IPv4 subnet belongs to')
trait_project_subnet6 = _EntityTraitCode(
'project_subnet6', DnsConstants.entity_dns_ipv6_subnet,
'The project a IPv6 subnet belongs to')
trait_project_vm_type = _EntityTraitCode(
'project_vm_type', Constants.Constants.entity_ou,
'The type of VM the project should use')
# Traits for metadata about projects:
trait_project_institution = _EntityTraitCode(
'institution', Constants.Constants.entity_ou,
'The institution the project belongs to')
trait_project_rek = _EntityTraitCode('rek_approval',
Constants.Constants.entity_ou,
'The REK approval for the project')
trait_project_persons_accepted = _EntityTraitCode(
'accepted_persons', Constants.Constants.entity_ou,
'FNRs of non-existing persons that has been '
'accepted as members of the project')
# Authentication codes (password types):
trait_otp_device = _EntityTraitCode(
'otp_device', Constants.Constants.entity_person,
'The type of OTP key, e.g. hotp or '
'totp, depending on device')
auth_type_otp_key = _AuthenticationCode(
'OTP-key',
'One-Time Password key, used to be able to generate one-time'
'passwords')
# DNS zone
tsd_zone = _DnsZoneCode("tsd", ".tsd.usit.no.")
tsdv4_zone = _DnsZoneCode("tsdipv4", None)
tsdv6_zone = _DnsZoneCode("tsdipv6", None)
class Constants(Constants.Constants):
#
# External Identifiers
#
externalid_sys_x_id = _EntityExternalIdCode(
'SYS_X_ID', Constants.Constants.entity_person,
'Internal sys_x identifier')
externalid_paga_ansattnr = _EntityExternalIdCode(
'PAGA_ANSATTNR', Constants.Constants.entity_person,
'Internal PAGA identifier')
externalid_hifm_ansattnr = _EntityExternalIdCode(
'HIFM_ANSATTNR', Constants.Constants.entity_person,
'Internal HIFM identifier')
externalid_sito_ansattnr = _EntityExternalIdCode(
'SITO_ANSATTNR', Constants.Constants.entity_person,
'Internal SITO identifier')
externalid_sito_ou = _EntityExternalIdCode('SITO_OU',
Constants.Constants.entity_ou,
'internal sito ou identifier')
#
# Authoritative systems
#
system_hifm = _AuthoritativeSystemCode('HIFM', 'Høgskolen i Alta')
system_hitos = _AuthoritativeSystemCode('HITOS', 'Høgskolen i Tromsø')
system_x = _AuthoritativeSystemCode('SYS_X', 'Manuelt personal system')
system_tlf = _AuthoritativeSystemCode('TLF', 'Telefoni system')
system_sysacc = _AuthoritativeSystemCode('SYSACC', 'System Accounts')
system_paga = _AuthoritativeSystemCode('PAGA', 'PAGA')
system_sito = _AuthoritativeSystemCode('SITO', 'SITO')
system_flyt = _AuthoritativeSystemCode('FLYT', 'FLYT')
system_fs_derived = _AuthoritativeSystemCode('FS-auto',
'Utledet av FS data')
system_kr_reg = _AuthoritativeSystemCode(
'KR_REG', 'Kontakt- og reservasjonsregisteret')
system_intern_ice = _AuthoritativeSystemCode(
'INTERN_ICE', 'Internal (uit) source for ICE number')
#
# Account codes
#
account_test = _AccountCode('T', 'Testkonto')
account_felles_drift = _AccountCode('FD', 'Felles Drift')
account_felles_intern = _AccountCode('FI', 'Felles Intern')
account_kurs = _AccountCode('K', 'Kurs')
account_forening = _AccountCode('F', 'Forening')
account_maskin = _AccountCode('M', 'Maskin')
account_prosess = _AccountCode('P', 'Prosess')
account_uit_guest = _AccountCode('gjestebruker_uit', 'Manuell gjestekonto')
#
# Contact codes
#
contact_workphone2 = _ContactInfoCode('PHONE_WORK_2',
'Secondary Work Phone')
contact_room = _ContactInfoCode('ROOM@UIT', 'Location and room number')
contact_building = _ContactInfoCode('BYGG@UIT', 'Building name')
contact_sito_mobile = _ContactInfoCode('PHONE_SITO', 'sito employee phone')
contact_uit_mobile = _ContactInfoCode('PHONE_UIT', 'uit employee phone')
contact_ice_phone = _ContactInfoCode('ICE_PHONE',
'Phone number for alerts (varsler)')
#
# Address codes
#
address_location = _AddressCode('Lokasjon', 'Campus')
#
# OU Structure perspective
#
perspective_sito = _OUPerspectiveCode('SITO', 'SITO')
#
# Affiliations
#
# Employee affiliations
affiliation_ansatt_sito = _PersonAffiliationCode(
'SITO', 'Ansatt ved studentsamskipnaden i tromso')
affiliation_ansatt = _PersonAffiliationCode('ANSATT',
'Ansatt ved UiT (i følge LT)')
affiliation_flyt_ansatt_hih = _PersonAffiliationCode(
'ANSATT_HIH', 'Ansatt ved HiH')
affiliation_flyt_student_hih = _PersonAffiliationCode(
'STUDENT_HIH', 'Student ved HiH')
# Affiliation status
affiliation_status_flyt_hih_ansatt_faculty = _PersonAffStatusCode(
affiliation_ansatt, 'Ansatt HiH', 'Vitenskapelig')
affiliation_status_flyt_hih_ansatt_tekadm = _PersonAffStatusCode(
affiliation_ansatt, 'ansatt HiH', 'Teknisk/administrativt')
affiliation_status_flyt_hin_ansatt_faculty = _PersonAffStatusCode(
affiliation_ansatt, 'Ansatt HiN', 'Vitenskapelig')
affiliation_status_flyt_hin_ansatt_tekadm = _PersonAffStatusCode(
affiliation_ansatt, 'ansatt HiN', 'Teknisk/administrativt')
affiliation_status_timelonnet_fast = _PersonAffStatusCode(
affiliation_ansatt, 'Timelonnet fast', 'Fast ansatt på timelønn')
affiliation_status_timelonnet_midlertidig = _PersonAffStatusCode(
affiliation_ansatt, 'Timelonnet midl',
'Midlertidig ansatt på timelønn')
affiliation_status_ansatt_perm = _PersonAffStatusCode(
affiliation_ansatt, 'permisjon', 'Ansatt, for tiden i permisjon')
affiliation_status_flyt_ansatt_hifm = _PersonAffStatusCode(
affiliation_ansatt, 'ansatt HIFm', 'Ansatte fra Høyskolen i Alta')
affiliation_status_ansatt_sito = _PersonAffStatusCode(
affiliation_ansatt_sito, 'sito', 'Ansatt')
affiliation_status_ansatt_sys_x = _PersonAffStatusCode(
affiliation_ansatt, 'sys_x-ansatt',
'Manuelt gitt tilgang til AD (bør nyanseres)')
# Student affiliations
affiliation_student = _PersonAffiliationCode(
'STUDENT', 'Student ved UiT (i følge FS)')
affiliation_status_flyt_hih_student_aktiv = _PersonAffStatusCode(
affiliation_student, 'student HiH', 'Aktiv student')
affiliation_status_flyt_student_hifm = _PersonAffStatusCode(
affiliation_student, 'student HIFm', 'Student fra Høyskolen i Alta')
affiliation_status_flyt_hin_student_aktiv = _PersonAffStatusCode(
affiliation_student, 'student HiN', 'Aktiv student')
affiliation_status_student_soker = _PersonAffStatusCode(
affiliation_student, 'soker', 'Registrert med søknad i FS')
affiliation_status_student_sys_x = _PersonAffStatusCode(
affiliation_student, 'sys_x-student',
'Student Manuelt gitt tilgang til AD')
affiliation_status_student_tilbud = _PersonAffStatusCode(
affiliation_student, 'tilbud', 'Har fått tilbud om opptak')
affiliation_status_student_opptak = _PersonAffStatusCode(
affiliation_student, 'opptak', 'Har studierett ved studieprogram')
affiliation_status_student_ny = Constants._PersonAffStatusCode(
affiliation_student, 'ny', 'Registrert med ny, gyldig studierett i FS')
affiliation_status_student_perm = _PersonAffStatusCode(
affiliation_student, 'permisjon', 'Har gyldig permisjonstatus i FS')
affiliation_status_student_alumni = _PersonAffStatusCode(
affiliation_student, 'alumni', 'Har fullført studieprogram i FS')
affiliation_status_student_drgrad = _PersonAffStatusCode(
affiliation_student, 'drgrad', 'Registrert student på doktorgrad')
affiliation_status_student_emnestud = _PersonAffStatusCode(
affiliation_student, 'emnestud',
'Registrert som aktiv emnestudent i FS')
# Tilknyttet affiliation
affiliation_tilknyttet = _PersonAffiliationCode(
'TILKNYTTET', 'Tilknyttet UiT uten å være student eller ansatt')
affiliation_tilknyttet_fagperson = _PersonAffStatusCode(
affiliation_tilknyttet, 'fagperson', 'Registrert som fagperson i FS')
affiliation_tilknyttet_emeritus = _PersonAffStatusCode(
affiliation_tilknyttet, 'emeritus',
'Registrert i LT med gjestetypekode EMERITUS')
affiliation_tilknyttet_ekst_stip = _PersonAffStatusCode(
affiliation_tilknyttet, 'ekst_stip',
'Personer registrert i LT med gjestetypekode=EF-STIP')
# Manual affiliation
affiliation_manuell = _PersonAffiliationCode(
'MANUELL', 'Tilknyttet enheter/instutusjoner som UiT har avtale med')
affiliation_manuell_alumni = _PersonAffStatusCode(
affiliation_manuell, 'alumni', 'Uteksaminerte studenter')
affiliation_manuell_sito = _PersonAffStatusCode(
affiliation_manuell, 'sito', 'Manuelt registrert Sito ansatt')
affiliation_manuell_gjest_u_konto = _PersonAffStatusCode(
affiliation_manuell, 'gjest_u_konto', 'gjest uten konto')
affiliation_manuell_unn = _PersonAffStatusCode(
affiliation_manuell, 'UNN', 'Universitets sykheuset i Nord Norge')
affiliation_manuell_gjest = _PersonAffStatusCode(affiliation_manuell,
'gjest', 'Gjest')
affiliation_manuell_utdanning_no = _PersonAffStatusCode(
affiliation_manuell, 'utdanning_no', 'Utdanning.no')
affiliation_manuell_akademisk_kvarter = _PersonAffStatusCode(
affiliation_manuell, 'akademisk_kvart', 'Akademisk Kvarter')
affiliation_manuell_norges_universitetet = _PersonAffStatusCode(
affiliation_manuell, 'norges_universi', 'Norgesuniversitetet')
affiliation_manuell_kirkutdnor = _PersonAffStatusCode(
affiliation_manuell, 'kirkutdnor',
'Kirkelig Utdanningssenter Nord-Norge')
affiliation_manuell_gjesteforsker = _PersonAffStatusCode(
affiliation_manuell, 'gjesteforsker', 'Gjesteforsker (under utfasing)')
affiliation_manuell_konsulent = _PersonAffStatusCode(
affiliation_manuell, 'konsulent', 'Konsulent (under utfasing)')
affiliation_status_gjest_u_account = _PersonAffStatusCode(
affiliation_manuell, 'gjest_u_konto', 'Gjest uten konto')
# Non-personal affiliation
affiliation_upersonlig = _PersonAffiliationCode(
'UPERSONLIG', 'Fellesbrukere, samt andre brukere uten eier')
affiliation_upersonlig_felles = _PersonAffStatusCode(
affiliation_upersonlig, 'felles', 'Felleskonti')
affiliation_upersonlig_kurs = _PersonAffStatusCode(affiliation_upersonlig,
'kurs', 'Kurskonti')
affiliation_upersonlig_pvare = _PersonAffStatusCode(
affiliation_upersonlig, 'pvare', 'Programvarekonti')
affiliation_upersonlig_term_maskin = _PersonAffStatusCode(
affiliation_upersonlig, 'term_maskin', 'Terminalstuemaskin')
affiliation_upersonlig_bib_felles = _PersonAffStatusCode(
affiliation_upersonlig, 'bib_felles', 'Bibliotek felles')
#
# Shells
#
# Override of the default shell paths.
# NOTE: this file should be before PosixUser in cereconf.CLASS_CONSTANTS
# TODO: Shell path mapping should be configuration, not db-constants.
#
posix_shell_bash = _PosixShellCode('bash', '/bin/bash')
posix_shell_csh = _PosixShellCode('csh', '/bin/csh')
posix_shell_false = _PosixShellCode('false', '/bin/false')
posix_shell_nologin = _PosixShellCode('nologin', '/local/etc/nologin')
posix_shell_sh = _PosixShellCode('sh', '/bin/sh')
posix_shell_zsh = _PosixShellCode('zsh', '/local/bin/zsh')
#
# Spreads
#
spread_uit_fronter = _SpreadCode('fronter@uit',
Constants.Constants.entity_group,
'fronter user')
spread_uit_fronter_account = _SpreadCode(
'fronter_acc@uit', Constants.Constants.entity_account,
'fronter account')
spread_uit_evu = _SpreadCode('evu@uit', Constants.Constants.entity_account,
'evu person')
spread_uit_cristin = _SpreadCode('cristin@uit',
Constants.Constants.entity_account,
'Accounts with CRISTIN spread')
# spread for ldap guests
spread_uit_ldap_guest = _SpreadCode(
'guest@ldap', Constants.Constants.entity_account,
'LDAP/RADIUS spread for wireless accounts')
# spread for ldap system accounts
spread_uit_ldap_system = _SpreadCode(
'system@ldap', Constants.Constants.entity_account,
'account included in system tree on ldap')
# spread for ldap people accounts
spread_uit_ldap_people = _SpreadCode(
'people@ldap', Constants.Constants.entity_account,
'account included in people tree on ldap')
# spread for securimaster export
spread_uit_securimaster = _SpreadCode(
'securimaster', Constants.Constants.entity_account,
'account to be exported to securimaster')
# spread for portal export
spread_uit_portal = _SpreadCode('portal export',
Constants.Constants.entity_account,
'account to be exported to the portal')
# spread for paga export - account uit should be exported to paga
spread_uit_paga = _SpreadCode('paga export',
Constants.Constants.entity_account,
'account to have its uid exported to paga')
# spread for fs export - account should have email and uid exported to FS
spread_uit_fs = _SpreadCode(
'fs export', Constants.Constants.entity_account,
'account to have its uid and email exported to fs')
spread_uit_ad_account = _SpreadCode(
'AD_account', Constants.Constants.entity_account,
'account included in Active Directory')
spread_uit_ad_group = _SpreadCode('AD_group',
Constants.Constants.entity_group,
'group included in Active Directory')
spread_uit_ad_lit_admingroup = _SpreadCode(
'AD_group_litadmn', Constants.Constants.entity_group,
'AD admingroup for local IT')
# Spreads for Exchange
spread_uit_exchange = _SpreadCode('exchange_mailbox',
Constants.Constants.entity_account,
'Accounts with exchange mailbox')
# sito spread
spread_sito = _SpreadCode('SITO', Constants.Constants.entity_account,
'Accounts generated for sito users')
spread_fronter_dotcom = _SpreadCode(
'*****@*****.**', Constants.Constants.entity_group,
'Group representing a course that should be exported to the '
'ClassFronter instance on fronter.com. Should only be given to '
'groups that have been automatically generated from FS.')
spread_ephorte_person = _SpreadCode('ePhorte_person',
Constants.Constants.entity_person,
'Person included in ePhorte export')
#
# Email
#
email_server_type_exchange_imap = _EmailServerTypeCode(
'exchange_imap', "Server is an Exchange server")
#
# Quarantines
#
quarantine_ou_notvalid = _QuarantineCode(
'ou_notvalid', 'OU not valid from external source')
quarantine_auto_emailonly = _QuarantineCode(
'auto_kunepost', 'Ikke ordin<E6>r student, tilgang til bare e-post')
quarantine_auto_inaktiv = _QuarantineCode('auto_inaktiv',
'Ikke aktiv student, utestengt')
quarantine_tilbud = _QuarantineCode(
'Tilbud', "Pre-generert konto til studenter som har fått studietilbud,"
"men som ikke har aktivert kontoen.")
quarantine_sys_x_approved = _QuarantineCode(
'sys-x_approved', 'Konto fra system-x som ikke er godkjent')
quarantine_generell = _QuarantineCode('generell', 'Generell splatt')
quarantine_system = _QuarantineCode(
'system', 'Systembrukar som ikke skal logge inn')
quarantine_permisjon = _QuarantineCode('permisjon',
'Brukeren har permisjon')
quarantine_svakt_passord = _QuarantineCode('svakt_passord',
'For dårlig passord')
quarantine_autopassord = _QuarantineCode(
'autopassord', 'Passord ikke skiftet trass pålegg')
quarantine_sut_disk_usage = _QuarantineCode('sut_disk',
"Bruker for mye disk på sut")
#
# Auth codes
#
auth_type_md5_crypt_hex = _AuthenticationCode(
'MD5-crypt2', "MD5-derived 32 bit password non unix style, no salt")
auth_type_md5_b64 = _AuthenticationCode(
'MD5-crypt_base64', "MD5-derived 32 bit password base 64 encoded")
#
# Traits
#
trait_sito_registrar_notified = _EntityTraitCode(
'sito_req_mailed', Constants.Constants.entity_account,
"Trait set on account when sito processing is done")
trait_sito_user_notified = _EntityTraitCode(
'sito_user_mailed', Constants.Constants.entity_account,
"Trait set on account after account created mail is sent to user")
trait_sysx_registrar_notified = _EntityTraitCode(
'sysx_reg_mailed', Constants.Constants.entity_account,
"Trait set on account when systemx processing is done")
trait_sysx_user_notified = _EntityTraitCode(
'sysx_user_mailed', Constants.Constants.entity_account,
"Trait set on account after account created mail is sent to user")
trait_primary_aff = _EntityTraitCode(
"primary_aff", Constants.Constants.entity_person,
"A person's chosen primary affiliation,"
" for use at the web presentations")
trait_sysx_registrar_notified = _EntityTraitCode(
'sysx_reg_mailed', Constants.Constants.entity_account,
"Trait set on account when systemx processing is done")
trait_sysx_user_notified = _EntityTraitCode(
'sysx_user_mailed', Constants.Constants.entity_account,
"Trait set on account after account created mail is sent to user")
trait_nsd_unit_code = _EntityTraitCode(
'nsd_unit_code', Constants.Constants.entity_ou,
'NSD unit code (Avdelingskode) to use for this OU')
return NotImplemented
return self.__super.verify_password(method, plaintext, cryptstring)
def delete(self):
# TODO: Implement a log_change for this operation
# Remove the entity from the gpg_data table when deleting an account
self.execute("""
DELETE FROM [:table schema=cerebrum name=entity_gpg_data]
WHERE entity_id=:e_id""", {'e_id': self.entity_id})
self.__super.delete()
class Constants:
# Will add constants dynamically
pass
# WARNING: Hackish code below =)
# Generate authcode constants dynamically, one for each AUTH_PGP
# system, and add them to AUTH_CRYPT_METHODS
for (system, pgpkey) in cereconf.AUTH_PGP.items():
codename = 'PGP-' + system
if codename not in cereconf.AUTH_CRYPT_METHODS:
cereconf.AUTH_CRYPT_METHODS += (codename,)
auth_code = _AuthenticationCode(
codename, "PGP encrypted password for the system %s" % system)
name = "auth_type_pgp_%s" % system
setattr(Constants, name, auth_code)
return self.__super.decrypt_password(method, cryptstring)
def verify_password(self, method, plaintext, cryptstring):
for system, pgpkey in cereconf.AUTH_PGP.items():
if method == self._pgp_auth(system):
# TODO: it is possible to verify the plaintext if the
# private key is available.
return NotImplemented
return self.__super.verify_password(method, plaintext, cryptstring)
class Constants:
# Will add constants dynamically
pass
# WARNING: Hackish code below =)
# Generate authcode constants dynamically, one for each AUTH_PGP
# system, and add them to AUTH_CRYPT_METHODS
for (system, pgpkey) in cereconf.AUTH_PGP.items():
codename = 'PGP-' + system
if codename not in cereconf.AUTH_CRYPT_METHODS:
cereconf.AUTH_CRYPT_METHODS += (codename,)
auth_code = _AuthenticationCode(
codename, "PGP encrypted password for the system %s" % system)
name = "auth_type_pgp_%s" % system
setattr(Constants, name, auth_code)
