def getGroupById(self, group_id):
"""
Returns the portal_groupdata-ish object for a group
corresponding to this id. None if group does not exist here!
"""
group_id = decode_utf8(group_id)
groups = self.groups
if not groups or group_id not in groups.keys():
return None
ugmgroup = self.groups[group_id]
title = ugmgroup.attrs.get("title", None)
group = PloneGroup(ugmgroup.id, title).__of__(self)
pas = self._getPAS()
plugins = pas.plugins
# add properties
for propfinder_id, propfinder in plugins.listPlugins(pas_interfaces.IPropertiesPlugin):
data = propfinder.getPropertiesForUser(group, None)
if not data:
continue
group.addPropertysheet(propfinder_id, data)
# add subgroups
group._addGroups(pas._getGroupsForPrincipal(group, None, plugins=plugins))
# add roles
for rolemaker_id, rolemaker in plugins.listPlugins(pas_interfaces.IRolesPlugin):
roles = rolemaker.getRolesForPrincipal(group, None)
if not roles:
continue
group._addRoles(roles)
return group
def authenticate(self, login=None, pw=None, id=None):
if id is not None:
# bbb. deprecated usage
login = id
user_id = self.id_for_login(decode_utf8(login))
criteria = {self._key_attr: user_id}
attrlist = ["dn"]
if self.expiresAttr:
attrlist.append(self.expiresAttr)
try:
res = self.context.search(criteria=criteria, attrlist=attrlist)
except ldap.NO_SUCH_OBJECT:
return False
if not res:
return False
if len(res) > 1:
msg = u'More than one principal with login "{0}" found.'
logger.warning(msg.format(user_id))
if self.expiresAttr:
expires = res[0][1].get(self.expiresAttr)
expires = expires and expires[0] or None
try:
expired = calculate_expired(self.expiresUnit, expires)
except ValueError:
# unknown expires field data
msg = u"Accound expiration flag for user '{0}' " + u"contains unknown data"
logger.error(msg.format(id))
return False
if expired:
return ACCOUNT_EXPIRED
user_dn = res[0][1]["dn"]
session = self.context.ldap_session
authenticated = session.authenticate(user_dn.encode("utf-8"), pw)
return authenticated and user_id or False
def __getitem__(self, key):
key = decode_utf8(key)
try:
return self.storage[key]
except KeyError:
criteria = {self._key_attr: key}
attrlist = ['rdn', self._key_attr]
res = self.context.search(criteria=criteria, attrlist=attrlist)
if not res:
raise KeyError(key)
if len(res) > 1:
msg = u'More than one principal with id "{0}" found.'
logger.warning(msg.format(key))
prdn = res[0][1]['rdn']
if prdn in self.context._deleted_children:
raise KeyError(key)
dn = res[0][0]
# XXX: use explode_dn
path = dn.split(',')[:len(self.context.DN.split(',')) * -1]
context = self.context
for rdn in reversed(path):
context = context[rdn]
principal = self.principal_factory(
context, attraliaser=self.principal_attraliaser)
principal.__name__ = key
principal.__parent__ = self
self.storage[key] = principal
return principal
def authenticate(self, login=None, pw=None, id=None):
if id is not None:
# bbb. deprecated usage
login = id
user_id = self.id_for_login(decode_utf8(login))
criteria = {self._key_attr: user_id}
attrlist = ['dn']
if self.expiresAttr:
attrlist.append(self.expiresAttr)
try:
res = self.context.search(criteria=criteria, attrlist=attrlist)
except ldap.NO_SUCH_OBJECT:
return False
if not res:
return False
if len(res) > 1:
msg = u'More than one principal with login "{0}" found.'
logger.warning(msg.format(user_id))
if self.expiresAttr:
expires = res[0][1].get(self.expiresAttr)
expires = expires and expires[0] or None
try:
expired = calculate_expired(self.expiresUnit, expires)
except ValueError:
# unknown expires field data
msg = u"Accound expiration flag for user '{0}' " + \
u"contains unknown data"
logger.error(msg.format(id))
return False
if expired:
return ACCOUNT_EXPIRED
user_dn = res[0][1]['dn']
session = self.context.ldap_session
authenticated = session.authenticate(user_dn.encode('utf-8'), pw)
return authenticated and user_id or False
def __delitem__(self, key):
key = decode_utf8(key)
del self.context[key]
try:
del self.storage[key]
except KeyError:
pass
def authenticate(self, id=None, pw=None):
# XXX: rename 'id' kw arg to 'login'
id = decode_utf8(id)
id = self.id_for_login(id)
try:
if self.expiresAttr:
user = self.context[id]
expires = user.attrs.get(self.expiresAttr)
if expires and expires not in ['99999' '-1']:
# check expiration timestamp
try:
expires = int(expires)
except ValueError:
# unknown expires field data
msg= u"Accound expiration flag for user '%s' " +\
u"contains unknown data"
msg = msg % id
logger.error(msg)
return False
# shadow account specific
if self.expiresAttr == 'shadowExpire':
expires += int(user.attrs.get('shadowInactive', '0'))
days = time.time()
if self.expiresUnit == EXPIRATION_DAYS:
# numer of days since epoch
days /= 86400
if days >= expires:
return ACCOUNT_EXPIRED
userdn = user.DN
else:
userdn = self.context.child_dn(id)
except KeyError:
return False
return self.context.ldap_session.authenticate(userdn, pw) \
and id or False
def __getitem__(self, key):
key = decode_utf8(key)
try:
return self.storage[key]
except KeyError:
criteria = {self._key_attr: key}
attrlist = ["rdn", self._key_attr]
res = self.context.search(criteria=criteria, attrlist=attrlist)
if not res:
raise KeyError(key)
if len(res) > 1:
msg = u'More than one principal with id "{0}" found.'
logger.warning(msg.format(key))
prdn = res[0][1]["rdn"]
if prdn in self.context._deleted_children:
raise KeyError(key)
dn = res[0][0]
# XXX: use explode_dn
path = dn.split(",")[: len(self.context.DN.split(",")) * -1]
context = self.context
for rdn in reversed(path):
context = context[rdn]
principal = self.principal_factory(context, attraliaser=self.principal_attraliaser)
principal.__name__ = key
principal.__parent__ = self
self.storage[key] = principal
return principal
def getGroupById(self, group_id):
"""
Returns the portal_groupdata-ish object for a group
corresponding to this id. None if group does not exist here!
"""
group_id = decode_utf8(group_id)
groups = self.groups
if not groups or group_id not in groups.keys():
return None
ugmgroup = self.groups[group_id]
title = ugmgroup.attrs.get('title', None)
group = PloneGroup(ugmgroup.id, title).__of__(self)
pas = self._getPAS()
plugins = pas.plugins
# add properties
for propfinder_id, propfinder in \
plugins.listPlugins(pas_interfaces.IPropertiesPlugin):
data = propfinder.getPropertiesForUser(group, None)
if not data:
continue
group.addPropertysheet(propfinder_id, data)
# add subgroups
group._addGroups(
pas._getGroupsForPrincipal(group, None, plugins=plugins))
# add roles
for rolemaker_id, rolemaker in \
plugins.listPlugins(pas_interfaces.IRolesPlugin):
roles = rolemaker.getRolesForPrincipal(group, None)
if not roles:
continue
group._addRoles(roles)
return group
def __getitem__(self, key):
key = decode_utf8(key)
if key not in self:
raise KeyError(key)
principals = self.related_principals(key)
if key.startswith('group:'):
key = key[6:]
return principals[key]
def add(self, key):
key = decode_utf8(key)
if key not in self.member_ids:
val = self.translate_key(key)
# self.context.attrs[self._member_attribute].append won't work here
# issue in LDAPNodeAttributes, does not recognize changed this way.
old = self.context.attrs.get(self._member_attribute, list())
self.context.attrs[self._member_attribute] = old + [val]
def __getitem__(self, key):
key = decode_utf8(key)
if key not in self:
raise KeyError(key)
principals = self.related_principals(key)
if key.startswith('group:'):
key = key[6:]
return principals[key]
def __delitem__(self, key):
key = decode_utf8(key)
group = self[key]
parent = self.parent
if parent and parent.rcfg is not None:
for role in group.roles:
group.remove_role(role)
del self.context[key]
def add(self, key):
key = decode_utf8(key)
if not key in self.member_ids:
val = self.translate_key(key)
# self.context.attrs[self._member_attribute].append won't work here
# issue in LDAPNodeAttributes, does not recognize changed this way.
old = self.context.attrs.get(self._member_attribute, list())
self.context.attrs[self._member_attribute] = old + [val]
def __delitem__(self, key):
key = decode_utf8(key)
group = self[key]
parent = self.parent
if parent and parent.rcfg is not None:
for role in group.roles:
group.remove_role(role)
context = group.context
del context.parent[context.name]
del self.storage[key]
def __delitem__(self, key):
key = decode_utf8(key)
group = self[key]
parent = self.parent
if parent and parent.rcfg is not None:
for role in group.roles:
group.remove_role(role)
context = group.context
del context.parent[context.name]
del self.storage[key]
def passwd(self, id, oldpw, newpw):
id = decode_utf8(id)
self.context.ldap_session.passwd(
self.context.child_dn(id), oldpw, newpw)
object_classes = self.context.child_defaults['objectClass']
user_node = self[id].context
user_node.attrs.load()
if 'sambaSamAccount' in object_classes:
user_node.attrs['sambaNTPassword'] = sambaNTPassword(newpw)
user_node.attrs['sambaLMPassword'] = sambaLMPassword(newpw)
user_node()
def invalidate(self, key=None):
"""Invalidate LDAPPrincipals.
"""
key = decode_utf8(key)
self.context.invalidate(key)
if key is None:
self.storage.clear()
return
try:
del self.storage[key]
except KeyError:
pass
def __getitem__(self, key):
key = decode_utf8(key)
try:
return self.storage[key]
except KeyError:
principal = self.principal_factory(
self.context[key],
attraliaser=self.principal_attraliaser)
principal.__name__ = self.context[key].name
principal.__parent__ = self
self.storage[key] = principal
return principal
def __delitem__(self, key):
key = decode_utf8(key)
user = self[key]
try:
groups = user.groups
except AttributeError:
groups = list()
for group in groups:
del group[user.name]
parent = self.parent
if parent and parent.rcfg is not None:
for role in user.roles:
user.remove_role(role)
del self.context[key]
def __delitem__(self, key):
key = decode_utf8(key)
if key not in self:
raise KeyError(key)
if self._member_format == FORMAT_DN:
val = self.related_principals(key)[key].context.DN
elif self._member_format == FORMAT_UID:
val = key
# self.context.attrs[self._member_attribute].remove won't work here
# issue in LDAPNodeAttributes, does not recognize changed this way.
members = self.context.attrs[self._member_attribute]
members.remove(val)
self.context.attrs[self._member_attribute] = members
# XXX: call here immediately?
self.context()
def __delitem__(self, key):
key = decode_utf8(key)
if key not in self:
raise KeyError(key)
if self._member_format == FORMAT_DN:
val = self.related_principals(key).context.child_dn(key)
elif self._member_format == FORMAT_UID:
val = key
# self.context.attrs[self._member_attribute].remove won't work here
# issue in LDAPNodeAttributes, does not recognize changed this way.
members = self.context.attrs[self._member_attribute]
members.remove(val)
self.context.attrs[self._member_attribute] = members
# XXX: call here immediately?
self.context()
def __delitem__(self, key):
key = decode_utf8(key)
if key not in self:
raise KeyError(key)
principals = self.related_principals(key)
if self._member_format == FORMAT_DN:
real_key = key
if key.startswith("group:"):
real_key = key[6:]
val = principals[real_key].context.DN
elif self._member_format == FORMAT_UID:
val = key
# self.context.attrs[self._member_attribute].remove won't work here
# issue in LDAPNodeAttributes, does not recognize changed this way.
members = self.context.attrs[self._member_attribute]
members.remove(val)
self.context.attrs[self._member_attribute] = members
# XXX: call here immediately?
self.context()
def passwd(self, id, oldpw, newpw):
user_id = self.id_for_login(decode_utf8(id))
criteria = {self._key_attr: user_id}
attrlist = ["dn"]
if self.expiresAttr:
attrlist.append(self.expiresAttr)
res = self.context.search(criteria=criteria, attrlist=attrlist)
if not res:
raise KeyError(id)
if len(res) > 1:
msg = u'More than one principal with login "{0}" found.'
logger.warning(msg.format(user_id))
user_dn = res[0][1]["dn"]
self.context.ldap_session.passwd(user_dn, oldpw, newpw)
object_classes = self.context.child_defaults["objectClass"]
user_node = self[user_id].context
user_node.attrs.load()
if "sambaSamAccount" in object_classes:
user_node.attrs["sambaNTPassword"] = sambaNTPassword(newpw)
user_node.attrs["sambaLMPassword"] = sambaLMPassword(newpw)
user_node()
def passwd(self, id, oldpw, newpw):
user_id = self.id_for_login(decode_utf8(id))
criteria = {self._key_attr: user_id}
attrlist = ['dn']
if self.expiresAttr:
attrlist.append(self.expiresAttr)
res = self.context.search(criteria=criteria, attrlist=attrlist)
if not res:
raise KeyError(id)
if len(res) > 1:
msg = u'More than one principal with login "{0}" found.'
logger.warning(msg.format(user_id))
user_dn = res[0][1]['dn']
self.context.ldap_session.passwd(user_dn, oldpw, newpw)
object_classes = self.context.child_defaults['objectClass']
user_node = self[user_id].context
user_node.attrs.load()
if 'sambaSamAccount' in object_classes:
user_node.attrs['sambaNTPassword'] = sambaNTPassword(newpw)
user_node.attrs['sambaLMPassword'] = sambaLMPassword(newpw)
user_node()
def __getitem__(self, key):
key = decode_utf8(key)
if key not in self:
raise KeyError(key)
return self.related_principals(key)[key]
def __contains__(self, key):
key = decode_utf8(key)
for uid in self:
if uid == key:
return True
return False
def __contains__(self, key):
key = decode_utf8(key)
for uid in self:
if uid == key:
return True
return False
def __getitem__(self, key):
key = decode_utf8(key)
if key not in self:
raise KeyError(key)
return self.related_principals(key)[key]
