def is_admin(self, args):
user_list = args
user_list.remove('is_admin')
completed = True
for user in user_list:
is_adm = ldap.is_admin(user)
if is_adm:
L.info(t("The user %s is admin") % user)
else:
L.info(t("The user %s is NOT admin") % user)
completed &= is_adm
return completed
from uwsas.common import *
from uwsas.helpers import unix
from uwsas.helpers import ldap
from uwsas.core import CONF_MAP
from uwsas.core import L
from uwsas import core
if __name__ == "__main__":
pam_user = os.getenv("PAM_USER")
is_admin = unix.is_admin(pam_user)
try:
if not is_admin and CONF_MAP("ldap", "enabled"):
is_admin |= ldap.is_admin(pam_user)
if (
not is_admin
and unix.is_notunix_user(pam_user)
and CONF_MAP("ldap", "enabled")
and CONF_MAP("centrify", "pam_allow_workaround")
):
is_allowed_to_login = False
with open("/etc/centrifydc/groups.allow", "r") as f:
for group in f:
group = group.strip()
if group:
print pam_user, group, ldap.is_member_of(pam_user, group, "")
is_allowed_to_login |= ldap.is_member_of(pam_user, group, "")
if not is_allowed_to_login:
