def get_session_info(self, domsid=DOM_SID): """ Get session_info for setntacl. """ if str(domsid) != str(self.samdb.get_domain_sid()): # fake it with admin session as domsid is not in local db admin_session = auth.admin_session(self.lp, str(domsid)) auth.session_info_fill_unix(admin_session, lp_ctx=self.lp, user_name="Administrator") return admin_session dn = '<SID={0}-{1}>'.format(domsid, security.DOMAIN_RID_ADMINISTRATOR) flags = (auth.AUTH_SESSION_INFO_DEFAULT_GROUPS | auth.AUTH_SESSION_INFO_AUTHENTICATED | auth.AUTH_SESSION_INFO_SIMPLE_PRIVILEGES) session = auth.user_session(self.samdb, lp_ctx=self.lp, dn=dn, session_info_flags=flags) auth.session_info_fill_unix(session, lp_ctx=self.lp, user_name="Administrator") return session
def autenticacion(creds, lp): """ Cumple con la idea de inyección, así que debería ser testeable """ try: ldap_conn = Ldb('ldap://localhost', lp=lp, credentials=creds) domain_dn = ldap_conn.get_default_basedn() search_filter='sAMAccountName={0}'.format(creds.get_username()) # NOTA: No intentes usar searchone para este caso específico. Dn resulta ser una clase no iterable busqueda = ldap_conn.search(base=domain_dn, scope=SCOPE_SUBTREE, expression=search_filter, attrs=['dn', 'memberOf', 'displayName']) user_dn = busqueda[0].dn sesion = user_session(ldap_conn, lp_ctx=lp, dn=user_dn, session_info_flags=session_info_flags) # Este punto podría ser importante para la idea de login token = sesion.security_token except LdbError as e: log.warning("Error LDB: %s" % e) return False; except IndexError as e: log.warning("El usuario %s no existe" % creds.get_username()) return False; except Exception as e: log.warning("Error no contemplado %s " % e) return False; return busqueda
def test_auth_user_session(self): s = auth.user_session(ldb=42, principal='foo')