def specificGroup(id):
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
lg = ldap.groups()
if request.method == "GET":
dbconn.execute("SELECT name, info FROM groups WHERE id = %s LIMIT 1",
(id, ))
group = dbconn.fetchone()
group["permissions"] = []
group["users"] = []
dbconn.execute(
"SELECT P.id FROM permission P INNER JOIN groups_has_permission GHP ON P.id = GHP.permission_id INNER JOIN groups G ON G.id = GHP.group_id WHERE G.id = %s",
(id, ))
for permission in dbconn.fetchall():
group["permissions"].append(permission["id"])
dbconn.execute(
"SELECT P.id FROM people P INNER JOIN people_has_groups PHG ON P.id = PHG.people_id INNER JOIN groups G ON G.id = PHG.group_id WHERE G.id = %s",
(id, ))
for user in dbconn.fetchall():
group["users"].append(user["id"])
return jsonify(group), 200
elif request.method == "DELETE":
if not lg.delete(id) == 0:
return "ERR_LDAP_ERROR", 500
dbconn.execute("DELETE FROM groups WHERE id = %s", (id, ))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
return "SUCCESS", 200
def createGroup():
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
lg = ldap.groups()
failed = False
if request.form.get("name") == "":
return "ERR_INPUT_ERROR", 500
dbconn.execute("INSERT INTO groups (name, info, type) VALUES (%s, %s, %s)",
(request.form.get("name"), request.form.get("info"),
request.form.get("type")))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
id = dbconn.getId()
if not lg.create(id) == 0:
return "ERR_LDAP_ERROR", 500
if request.form.get("permissions"):
permissions = []
for permission in json.loads(request.form.get("permissions")):
permissions.append((id, permission))
dbconn.execute(
"INSERT INTO groups_has_permission (group_id, permission_id) VALUES (%s, %s)",
permissions)
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
usersToAdd = []
if request.form.get("fromgroup"):
for group in request.form.get("source"):
dbconn.execute(
"SELECT P.id FROM people P INNER JOIN people_has_groups PHG ON P.id = PHG.people_id INNER JOIN groups G ON G.id = PHG.group_id WHERE G.id = %s",
(group, ))
for user in dbconn.fetchall():
if not user in usersToAdd:
usersToAdd.append((id, user["id"]))
if request.form.get("users"):
for user in json.loads(request.form.get("users")):
usersToAdd.append((id, user))
for element in usersToAdd:
element = (id, element)
dbconn.execute(
"INSERT INTO people_has_groups (group_id, people_id) VALUES (%s, %s)",
usersToAdd)
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
for (id, element) in usersToAdd:
if not lg.addUser(element, id) == 0:
failed = True
if failed:
return "ERR_LDAP_ERROR", 500
return str(id), 201
def fixGroup(id):
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
ldapGroups = ldap.groups()
dbconn.execute("SELECT name FROM groups WHERE id = %s", (id, ))
name = dbconn.fetchone()["name"]
check = checkers.checkLdapGroupEntry({"name": name})
if not check and request.form.get("missing"):
ldapResult = ldapGroups.create(int(id))
if ldapResult == -1:
return "ERR_LDAP_ERROR", 500
if ldapResult == -2:
return "ERR_DATABASE_ERROR", 500
dbconn.execute(
"SELECT P.id FROM people P INNER JOIN people_has_groups PHG ON PHG.people_id = P.ID INNER JOIN groups G ON G.id = PHG.group_id WHERE G.id = %s",
(id, ))
addFailed = False
for user in dbconn.fetchall():
memberResult = ldapGroups.addUser(user["id"], id)
if memberResult < 0:
addFailed = True
if addFailed:
return "ERR_LDAP_ERROR", 500
else:
return "ERR_ALL_DONE", 200
try:
removeError = requests.delete(
url="http://localhost:25252/removeError/" + id +
"/ERR_LDAP_ENTRY_MISSING/0")
except:
return "ERR_CONNECTION_ERROR", 500
try:
removeError = requests.delete(
url="http://localhost:25252/removeError/" + id +
"/ERR_LDAP_ENTRY_INCOMPLETE/0")
except:
return "ERR_CONNECTION_ERROR", 500
return "SUCCESS", 200
def fixGroupMembership(id):
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
ldapGroups = ldap.groups()
dbconn.execute("SELECT username FROM people WHERE id = %s", (id, ))
username = dbconn.fetchone()["username"]
for target in json.loads(request.form.get("targets")):
dbconn.execute("SELECT id FROM groups WHERE name = %s", (target, ))
gid = dbconn.fetchone()["id"]
if not checkers.checkLdapGroupMembership(username, gid):
memberResult = ldapGroups.addUser(id, gid)
if memberResult == -1:
return "ERR_LDAP_ERROR", 500
if memberResult == -2:
return "ERR_DATABASE_ERROR", 500
try:
removeError = requests.delete(
url="http://localhost:25252/removeError/" + id +
"/ERR_LDAP_GROUP_MEMBERSHIP/1")
except:
return "ERR_CONNECTION_ERROR", 500
return "SUCCESS", 200
def groupOperation(id, uid):
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
lg = ldap.groups()
if request.method == "POST":
dbconn.execute(
"INSERT INTO people_has_groups (people_id, group_id) VALUES (%s, %s)",
(uid, id))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
if not lg.addUser(uid, id) == 0:
return "ERR_LDAP_ERROR", 500
return "SUCCESS", 201
elif request.method == "DELETE":
dbconn.execute(
"DELETE FROM people_has_groups WHERE people_id = %s AND group_id = %s",
(uid, id))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
if not lg.deleteUser(uid, id) == 0:
return "ERR_LDAP_ERROR", 500
return "SUCCESS", 200
def runLdapAutoSetup(self):
ldapServer = Server(self.__config.get("ldap", "url"))
baseDn = "dc=" + os.environ.get(
"SLAPD_DOMAIN1") + ",dc=" + os.environ.get("SLAPD_DOMAIN0")
try:
Connection(ldapServer,
self.__config.get("ldap", "admindn") + "," + baseDn,
os.environ.get("SLAPD_PASSWORD"),
auto_bind=True)
except Exception as e:
print(e)
return False
else:
self.__config.set("ldap", "password",
os.environ.get("SLAPD_PASSWORD"))
self.__config.set("ldap", "basedn", baseDn)
dbconn = db.database()
dbconn.execute("SELECT id FROM groups")
ldapGroups = ldap.groups()
failed = False
for row in dbconn.fetchall():
if not ldapGroups.create(row["id"]) == 0:
failed = True
return not failed
def specificUser(id):
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
lu = ldap.users()
lg = ldap.groups()
dir = directory.directory()
if request.method == "GET":
dbconn.execute(
"SELECT firstname, lastname, preferredname, sex, title, short, email, DATE_FORMAT(birthdate, '%Y-%m-%d') AS birthdate, username, smb_homedir, persistant FROM people WHERE id = %s",
(id, ))
user = dbconn.fetchone()
user["groups"] = []
user["devices"] = []
user["logins"] = []
dbconn.execute(
"SELECT G.name AS name, G.id AS id FROM groups G INNER JOIN people_has_groups PHG ON PHG.group_id = G.id INNER JOIN people P ON P.id = PHG.people_id WHERE P.id = %s",
(id, ))
for group in dbconn.fetchall():
user["groups"].append(group)
dbconn.execute("SELECT name, id FROM device WHERE people_id = %s",
(id, ))
for device in dbconn.fetchall():
user["devices"].append(device)
dbconn.execute(
"SELECT timestamp, info, type, D.name AS devicename, D.id AS deviceid, P.preferredname AS people FROM localLoginLog LLL LEFT JOIN device D ON D.id = LLL.device_id LEFT JOIN people P ON LLL.affected = P.id WHERE LLL.people_id = %s OR LLL.affected = %s",
(id, id))
for loginEvent in dbconn.fetchall():
user["logins"].append(loginEvent)
dbconn.execute(
"SELECT autogen, cleartext FROM userpassword WHERE people_id = %s",
(id, ))
autogenPassword = dbconn.fetchone()
if autogenPassword["autogen"] == 1:
user["autogenPassword"] = autogenPassword["cleartext"]
return jsonify(user), 200
elif request.method == "PUT":
short = request.form.get("short") if not request.form.get(
"short") == "" and not request.form.get(
"short").lower() == "null" else None
sex = request.form.get("sex") if isinstance(request.form.get("sex"),
int) else 0
dbconn.execute(
"UPDATE people SET firstname = %s, lastname = %s, email = %s, title = %s, short = %s, birthdate = %s, sex = %s, persistant = %s WHERE id = %s",
(request.form.get("firstname"), request.form.get("lastname"),
request.form.get("email"), request.form.get("title"), short,
request.form.get("birthdate"), sex,
request.form.get("persistant"), id))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
if not lu.update(id) == 0:
return "ERR_LDAP_ERROR", 500
return "SUCCESS", 200
elif request.method == "DELETE":
dbconn.execute("SELECT username FROM people WHERE id = %s", (id, ))
user = dbconn.fetchone()["username"]
if user == current_user.username:
return "ERR_ACTUAL_ACCOUNT", 400
if not lu.delete(id) == 0:
return "ERR_LDAP_ERROR", 500
failed = False
dbconn.execute(
"SELECT G.id FROM people P INNER JOIN people_has_groups PHG ON PHG.people_id = P.id INNER JOIN groups G ON G.id = PHG.group_id WHERE P.id = %s",
(id, ))
for group in dbconn.fetchall():
if not lg.deleteUser(id, group["id"]) == 0:
failed = True
if failed:
return "ERR_LDAP_ERROR", 500
if dir.exists(user, "deleted"):
if not dir.delete(user, "deleted") == 0:
return "ERR_DELETE_PREVIOUS_FOLDER", 500
dircode = dir.move(user, "users", user, "deleted")
if not dircode == 0 and not dircode == -2:
return "ERR_MOVE_DATA_FOLDER", 500
dbconn.execute("DELETE FROM people WHERE id = %s", (id, ))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
return "SUCCESS", 200
def createUser():
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dir = directory.directory()
if dir.exists(request.form.get("username"), "users"):
return "ERR_FOLDER_EXISTS", 500
dbconn = db.database()
lu = ldap.users()
lg = ldap.groups()
id = idsrv.getNew()
if not request.form.get("password") == request.form.get("password2"):
return "ERR_PASSWORDS_DIFFERENT", 500
try:
short = request.form.get("short") if not request.form.get(
"short") == "" and not request.form.get(
"short").lower() == "null" else None
except AttributeError:
short = None
persistant = 1 if request.form.get("persistant") else 0
smb_homedir = "/home/users/" + request.form.get("username")
sex = request.form.get("sex") if isinstance(request.form.get("sex"),
int) else 0
dbconn.execute(
"INSERT INTO people (id, firstname, lastname, preferredname, sex, title, short, email, birthdate, username, smb_homedir, persistant) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
(id, request.form.get("firstname"), request.form.get("lastname"),
request.form.get("preferredname"), sex, request.form.get("title"),
short, request.form.get("email"), request.form.get("birthdate"),
request.form.get("username"), smb_homedir, persistant))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
if not request.form.get("cleartext") is None:
dbconn.execute(
"INSERT INTO userpassword (people_id, unix_hash, smb_hash, hint, cleartext, autogen) VALUES (%s, %s, %s, %s, %s, 1)",
(id, hash.unix(request.form.get("password")),
hash.samba(request.form.get("password")),
request.form.get("pwhint"), request.form.get("password")))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
else:
dbconn.execute(
"INSERT INTO userpassword (people_id, unix_hash, smb_hash, hint, autogen) VALUES (%s, %s, %s, %s, 0)",
(id, hash.unix(request.form.get("password")),
hash.samba(
request.form.get("password")), request.form.get("pwhint")))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
failed = False
for group in json.loads(request.form.get("groups")):
dbconn.execute(
"INSERT INTO people_has_groups (people_id, group_id) VALUES (%s, %s)",
(id, group))
if not dbconn.commit():
failed = True
if not lg.addUser(id, group) == 0:
failed = True
if failed:
return "ERR_DATABASE_ERROR", 500
dircode = dir.create(request.form.get("username"), "users")
if dircode == 0 and dir.setMode(request.form.get("username"), "users",
"511"): # 511 in octal gives 777
if not lu.update(id) == 0:
return "ERR_LDAP_ERROR", 500
dbconn.execute("SELECT unix_userid FROM people WHERE id = %s LIMIT 1",
(id, ))
result = dbconn.fetchone()
if not dir.setOwner(request.form.get("username"), "users",
result["unix_userid"]):
return "ERR_DATABASE_ERROR", 500
elif dircode == -1:
return "ERR_FOLDER_PLACE_INVALID", 500
elif dircode == -4:
return "ERR_FOLDER_EXISTS", 500
else:
return "ERR_CREATE_HOMEFOLDER", 500
return "SUCCESS", 201
def __init__(self):
self.__ldapUsers = ldap.users()
self.__ldapGroups = ldap.groups()
self.__dir = directory.directory()