def change_passwd(l, r):
if len(r) != 1:
raise ValueError(_("user %s not found)" % (username,)))
# Bind using the user credentials. Throws an exception in case of
# error.
if old_password is not None:
l.simple_bind_s(r[0][0], encode_s(old_password))
l.passwd_s(r[0][0], encode_s(old_password), encode_s(password))
l.unbind_s()
logger.info("password for user [%s] is updated in LDAP" % username)
# User updated, return False
return False
def render_prefs_panel(self, panelid, **kwargs): # @UnusedVariable
# Get user root directory
user_root = self.app.userdb.get_user_root(self.app.currentuser.username)
user_root_b = encode_s(user_root)
filename = os.path.join(user_root_b, b'.ssh', b'authorized_keys')
# Handle action
params = {}
if 'action' in kwargs:
try:
action = kwargs['action']
if action == 'add':
self._handle_add(filename, **kwargs)
elif action == 'delete':
self._handle_delete(filename, **kwargs)
except ValueError as e:
params['error'] = unicode(e)
except Exception as e:
_logger.warn("unknown error processing action", exc_info=True)
params['error'] = _("Unknown error")
# Get SSH keys if file exists.
params["sshkeys"] = []
if os.access(filename, os.R_OK):
try:
params["sshkeys"] = [
{'title': key.comment or (key.keytype + ' ' + key.key[:18]),
'fingerprint': key.fingerprint,
'lineno': key.lineno}
for key in authorizedkeys.read(filename)]
except IOError:
params['error'] = _("error reading SSH keys file")
_logger.warn("error reading SSH keys file [%s]", filename)
return "prefs_sshkeys.html", params
def _hash_password(self, password):
# At this point the password should be unicode. We converted it into
# system encoding.
password_b = encode_s(password)
import sha
hasher = sha.new()
hasher.update(password_b)
return decode_s(hasher.hexdigest())
def _execute(self, username, function):
assert isinstance(username, unicode)
"""Reusable method to run LDAP operation."""
# try STARTLS if configured
if self.tls:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
# Check LDAP credential only.
l = ldap.initialize(self.uri)
# Set v2 or v3
if self.version == 2:
l.protocol_version = ldap.VERSION2
else:
l.protocol_version = ldap.VERSION3
try:
# Bind to the LDAP server
logger.debug("binding to ldap server {}".format(self.uri))
l.simple_bind_s(self.bind_dn, self.bind_password)
# Search the LDAP server
search_filter = "(&{}({}={}))".format(
self.filter, self.attribute, username)
logger.debug("search ldap server: {}/{}?{}?{}?{}".format(
self.uri, self.base_dn, self.attribute, self.scope,
search_filter))
r = l.search_s(encode_s(self.base_dn),
self.scope,
encode_s(search_filter))
# Execute operation
return function(l, r)
except ldap.LDAPError as e:
l.unbind_s()
logger.warn('ldap error', exc_info=1)
if isinstance(e.message, dict) and 'desc' in e.message:
raise RdiffError(decode_s(e.message['desc']))
raise RdiffError(unicode(repr(e)))
def find_repos_for_user(user, userdb):
logger.debug("find repos for [%s]" % user)
user_root = encode_s(userdb.get_user_root(user))
repo_paths = list(_find_repos(user_root))
def striproot(path):
if not path[len(user_root):]:
return "/"
return path[len(user_root):]
repo_paths = map(striproot, repo_paths)
logger.debug("set user [%s] repos: %s " % (user, repo_paths))
userdb.set_repos(user, repo_paths)
def check_crendential(l, r):
# Check results
if len(r) != 1:
logger.debug("user [%s] not found in LDAP" % username)
return None
# Bind using the user credentials. Throws an exception in case of
# error.
l.simple_bind_s(r[0][0], encode_s(password))
l.unbind_s()
logger.info("user [%s] found in LDAP" % username)
# Return the username
return decode_s(r[0][1][self.attribute][0])
