def get_members(self, attributes, members, subgroups, seen): # add the memberUid values for member in clean(attributes['memberUid']): if common.is_valid_name(member): members.add(member) # translate and add the member values for memberdn in clean(attributes['member']): if memberdn in seen: continue seen.add(memberdn) member = passwd.dn2uid(self.conn, memberdn) if member and common.is_valid_name(member): members.add(member) elif cfg.nss_nested_groups: subgroups.append(memberdn)
def validate(self, parameters): """Check the username for validity and fill in the DN if needed.""" # check username for validity common.validate_name(parameters['username']) # look up user DN entry = passwd.uid2entry(self.conn, parameters['username']) if not entry: # FIXME: we should close the stream with an empty response here raise ValueError('%r: user not found' % parameters['username']) # save the DN parameters['userdn'] = entry[0] # get the "real" username value = passwd.attmap.get_rdn_value(entry[0], 'uid') if not value: # get the username from the uid attribute values = entry[1]['uid'] if not values or not values[0]: logging.warning('%s: is missing a %s attribute', entry[0], passwd.attmap['uid']) value = values[0] # check the username if value and not common.is_valid_name(value): raise ValueError('%s: has invalid %s attribute', entry[0], passwd.attmap['uid']) # check if the username is different and update it if needed if value != parameters['username']: logging.info('username changed from %r to %r', parameters['username'], value) parameters['username'] = value
def validate(self, parameters): """This method checks the provided username for validity and fills in the DN if needed.""" # check username for validity common.validate_name(parameters['username']) # look up user DN entry = passwd.uid2entry(self.conn, parameters['username']) if not entry: # FIXME: we should close the stream with an empty response here raise ValueError('%r: user not found' % parameters['username']) # save the DN parameters['userdn'] = entry[0] # get the "real" username value = passwd.attmap.get_rdn_value(entry[0], 'uid') if not value: # get the username from the uid attribute values = entry[1]['uid'] if not values or not values[0]: logging.warning('%s: is missing a %s attribute', entry[0], passwd.attmap['uid']) value = values[0] # check the username if value and not common.is_valid_name(value): raise ValueError('%s: has invalid %s attribute', entry[0], passwd.attmap['uid']) # check if the username is different and update it if needed if value != parameters['username']: logging.info('username changed from %r to %r', parameters['username'], value) parameters['username'] = value
def convert(self, dn, attributes, parameters): # get group names and check against requested group name names = attributes['cn'] # get group password try: passwd = attributes['userPassword'][0] except IndexError: passwd = None if not passwd or self.calleruid != 0: passwd = '*' # get group id(s) gids = [int(x) for x in attributes['gidNumber']] # build member list members = set() subgroups = [] seen = set([dn]) self.get_members(attributes, members, subgroups, seen) # go over subgroups to find more members while subgroups: memberdn = subgroups.pop(0) for dn2, attributes2 in self.search(self.conn, base=memberdn, scope=ldap.SCOPE_BASE): self.get_members(attributes2, members, subgroups, seen) # actually return the results for name in names: if not common.is_valid_name(name): logging.warning('%s: %s: denied by validnames option', dn, attmap['cn']) else: for gid in gids: yield (name, passwd, gid, members)
def get_members(self, attributes, members, subgroups, seen): # add the memberUid values for member in clean(attributes['memberUid']): if common.is_valid_name(member): members.add(member) # translate and add the member values if attmap['member']: for memberdn in clean(attributes['member']): if memberdn in seen: continue seen.add(memberdn) member = passwd.dn2uid(self.conn, memberdn) if member and common.is_valid_name(member): members.add(member) elif cfg.nss_nested_groups: subgroups.append(memberdn)
def convert(self, dn, attributes, parameters): names = attributes['uid'] try: passwd = attributes['userPassword'][0] except IndexError: passwd = None if not passwd or self.calleruid != 0: passwd = '*' # function for making an int def mk_int(attr): try: return int(attr) except TypeError: return None # get lastchange date lastchangedate = mk_int(attributes.get('shadowLastChange', [0])[0]) # we expect an AD 64-bit datetime value; # we should do date=date/864000000000-134774 # but that causes problems on 32-bit platforms, # first we devide by 1000000000 by stripping the # last 9 digits from the string and going from there */ if attmap['shadowLastChange'] == 'pwdLastSet': lastchangedate = (lastchangedate / 864000000000) - 134774 # get longs mindays = mk_int(attributes.get('shadowMin', [-1])[0]) maxdays = mk_int(attributes.get('shadowMax', [-1])[0]) warndays = mk_int(attributes.get('shadowWarning', [-1])[0]) inactdays = mk_int(attributes.get('shadowInactive', [-1])[0]) expiredate = mk_int(attributes.get('shadowExpire', [-1])[0]) flag = mk_int(attributes.get('shadowFlag', [0])[0]) if attmap['shadowFlag'] == 'pwdLastSet': if flag & 0x10000: maxdays = -1 flag = 0 # return results for name in names: if not common.is_valid_name(name): logging.warning('%s: %s: denied by validnames option', dn, attmap['uid']) else: yield (name, passwd, lastchangedate, mindays, maxdays, warndays, inactdays, expiredate, flag)
def convert(self, dn, attributes, parameters): names = attributes['uid'] if 'shadowAccount' in attributes['objectClass']: passwd = 'x' else: try: passwd = attributes['userPassword'][0] except IndexError: passwd = None if not passwd or self.calleruid != 0: passwd = '*' uids = [int(x) for x in attributes['uidNumber']] gid = int(attributes['gidNumber'][0]) gecos = attributes['gecos'][0] home = attributes['homeDirectory'][0] shell = attributes['loginShell'][0] for name in names: if not common.is_valid_name(name): logging.warning('%s: %s: denied by validnames option', dn, attmap['uid']) else: for uid in uids: if uid >= cfg.nss_min_uid: yield (name, passwd, uid, gid, gecos, home, shell)
def convert(self, dn, attributes, parameters): names = attributes['uid'] if 'shadowAccount' in attributes['objectClass']: passwd = 'x' else: try: passwd = attributes['userPassword'][0] except IndexError: passwd = None if not passwd or self.calleruid != 0: passwd = '*' uids = [int(x) + cfg.nss_uid_offset for x in attributes['uidNumber']] gid = int(attributes['gidNumber'][0]) + cfg.nss_gid_offset gecos = attributes['gecos'][0] home = attributes['homeDirectory'][0] shell = attributes['loginShell'][0] for name in names: if not common.is_valid_name(name): logging.warning('%s: %s: denied by validnames option', dn, attmap['uid']) else: for uid in uids: if uid >= cfg.nss_min_uid: yield (name, passwd, uid, gid, gecos, home, shell)