Exemplo n.º 1
0
Arquivo: nd.py Projeto: netsoc/nd
    def merge_into(self, other):
        assert self.get_state() == 'newmember'
        assert other.get_state() in [
            'shell', 'renew', 'bold', 'expired', 'dead']
        assert self.is_current_member()
        assert not other.is_current_member()
        issusername = self.get_attribute("tcdnetsoc_ISS_username") or\
            other.get_attribute("tcdnetsoc_ISS_username")
        if other.get_attribute("tcdnetsoc_ISS_username") is not None:
            assert other.tcdnetsoc_ISS_username == issusername
        else:
            other.tcdnetsoc_ISS_username = issusername
        if self.cn != other.cn:
            lwarn("Names %s and %s don't match when renewing account %s"
                  % (self.cn, other.cn, other.uid))
            other.comment("Renewed by account with non-matching name %s"
                          % self.cn)
        if self.mail != other.mail:
            lwarn("Emails %s and %s don't match when renewing account %s"
                  % (self.mail, other.mail, other.uid))
            other.comment("Renewed by account with non-matching mail %s"
                          % self.mail)

        self.tcdnetsoc_membership_year -= current_session()
        other.tcdnetsoc_membership_year += current_session()
        self.destroy()
Exemplo n.º 2
0
 def _register_backlink_attr(fwd, back):
     b = ValueSet._backlink_attrs
     if fwd in b:
         if b[fwd] != back:
             lwarn("Redeclared backlink for %s (was %s, now %s)"
                   % (fwd, b[fwd], back))
     b[fwd] = back
Exemplo n.º 3
0
    def __init__(self, name, type, matchrule=None, backlink=None):
        if isinstance(type, list):
            if not len(type) == 1:
                raise TypeError("%s is not a supported type" % type)
            type = type[0]
            multival = True
        else:
            multival = False
        if matchrule is None:
            matchrule = default_match(type)

        self.name = name
        self.type = type
        self.multival = multival
        self.matchrule = matchrule

        if backlink is not None:
            ValueSet._register_backlink_attr(self.get_ldap_name(),
                                             Attribute._normalise_name(
                                                 backlink))

        attrdesc = self._desc()
        known = Attribute._known_attrs
        ldapname = self.get_ldap_name()
        if ldapname in known:
            if known[ldapname]._desc() != attrdesc:
                lwarn("Attribute %s redefined (from %s to %s)" %
                      (name, known[ldapname]._desc(), attrdesc))
        known[ldapname] = self
Exemplo n.º 4
0
 def _register_backlink_attr(fwd, back):
     b = ValueSet._backlink_attrs
     if fwd in b:
         if b[fwd] != back:
             lwarn("Redeclared backlink for %s (was %s, now %s)" %
                   (fwd, b[fwd], back))
     b[fwd] = back
Exemplo n.º 5
0
    def __init__(self, name, type, matchrule=None, backlink=None):
        if isinstance(type, list):
            if not len(type) == 1:
                raise TypeError("%s is not a supported type" % type)
            type = type[0]
            multival = True
        else:
            multival = False
        if matchrule is None:
            matchrule = default_match(type)

        self.name = name
        self.type = type
        self.multival = multival
        self.matchrule = matchrule

        if backlink is not None:
            ValueSet._register_backlink_attr(
                self.get_ldap_name(), Attribute._normalise_name(backlink))

        attrdesc = self._desc()
        known = Attribute._known_attrs
        ldapname = self.get_ldap_name()
        if ldapname in known:
            if known[ldapname]._desc() != attrdesc:
                lwarn("Attribute %s redefined (from %s to %s)" %
                      (name, known[ldapname]._desc(), attrdesc))
        known[ldapname] = self
Exemplo n.º 6
0
 def get_attribute(name):
     '''Lookup an attribute of a given name'''
     n = Attribute._normalise_name(name)
     known = Attribute._known_attrs
     if n in known:
         return known[n]
     else:
         lwarn("Undeclared attribute %s. \
                Defaulting to assuming it's a single-valued string." % name)
         return Attribute(name, str, match_exact_or_substring)
Exemplo n.º 7
0
 def get_attribute(name):
     '''Lookup an attribute of a given name'''
     n = Attribute._normalise_name(name)
     known = Attribute._known_attrs
     if n in known:
         return known[n]
     else:
         lwarn("Undeclared attribute %s. \
                Defaulting to assuming it's a single-valued string." % name)
         return Attribute(name, str, match_exact_or_substring)
Exemplo n.º 8
0
Arquivo: nd.py Projeto: netsoc/nd
 def reset_password(self):
     if not self.has_account():
         raise Exception("User account is disabled,\
                         password cannot be reset")
     pw = generate_password()
     self.passwd(pw)
     addr = self.get_attribute("mail")
     if addr is None:
         lwarn("No mail address recorded for user %s (%s),\
               can't send password reset message" %
               (self.get_attribute("uid"), self.get_attribute("cn")))
     else:
         sm.sendmail("password_reset",
                     to=addr, username=self.uid, password=pw)
Exemplo n.º 9
0
Arquivo: nd.py Projeto: netsoc/nd
    def set_state(self, newst, newpasswd=None):
        assert newst in User.states
        st = self.get_state()
        if st == newst:
            return
        if st == "newmember" and newst not in\
                ["archived", "shell", "newmember"]:
            raise Exception("User doesn't have an account,\
                            so it can't be set to %s" % newst)

        if (st, newst) == ("archived", "newmember"):
            self.tcdnetsoc_saved_password = "******"
        elif newst == "newmember":
            raise Exception("that makes no sense")
        elif newst == "archived":
#            self.objectClass -= "posixAccount"
#            # FIXME: remove other privileges as well??
#            if self.has_priv("shell"):
#                Privilege("shell").member -= self
#            del self.userPassword
#            return
            raise Exception("archiving accounts not yet implemented")

        elif st == "archived":
            raise Exception("un-archiving accounts not yet implemented")
#            if self._has_disabled_shell():
#                prevstate = self.loginShell[len(User.disabled_shells_base):]
#                if newst != prevstate:
#                    raise Exception("Trying to change state of %s from
#                    disabled to %s, \
#                        although account was %s" % (self, newst, prevstate))
#
#            assert not self.has_priv("shell")
#            if not PersonalGroup(self.uid).exists():
#                PersonalGroup.create(cn=self.uid,
#                                     objectClass=["tcdnetsoc-group"],
#                                     gidNumber=self.uidNumber,
#                                     member=[self])
#            self.gidNumber = self.uidNumber
#            self.homeDirectory = User.homedir_pattern % self.uid
#            self.objectClass += "posixAccount"
#            Privilege("shell").member += self
        # Bouncer state is for alumni who have chosen not to have a shell account
        elif newst == "bouncer":
            if st != "shell":
                raise Exception("user must have had shell account as \
                                to have bouncer as implemented here")
            else: # User had shell, now grant user bouncer priv and 
                  # lock user's shell. Use SSH and pam_access to lock
                  # user's access to commands
                self.grant_priv("bouncer")
                
                self.tcdnetsoc_temp_loginShell = self.loginShell
                self.loginShell = '/usr/bin/passwd'

        else: # Effectively default outcome
            if st == "newmember":
                del self.tcdnetsoc_saved_password
            else:
                Privilege(st).member -= self

            Privilege(newst).member += self

            if newst == "shell":
                # ensure GID is set
                if self.get_attribute('gidNumber') is None:
                    self.gidNumber = self.uidNumber

                # ensure homedir is set
                if self.get_attribute('homeDirectory') is None:
                    self.homeDirectory = '/home/' + self.uid

                # ensure group exists
                self.create_personal_group()

                self.objectClass += 'posixAccount'

                # (re-)enable Samba
                if st == 'newmember':
                    self.setup_samba_account()
                else:
                    self.objectClass += 'sambaSamAccount'

                if st == 'newmember':
                    self.setup_shadow_account()

                # restore old password (if any)
                if newpasswd is not None:
                    self.passwd(newpasswd)
                elif self.get_attribute(
                    "tcdnetsoc_saved_password"
                ) is not None:
                    self.userPassword = self.tcdnetsoc_saved_password
                else:
                    pwd = generate_password()
                    lwarn("Setting password for %s to %s" % (self.uid, pwd))
                    self.passwd(pwd)

                # set shell if necessary
                if self.get_attribute("loginShell") is None or \
                        "special_shell" in self.loginShell or \
                        st in ["bold", "dead"]:
                            # get AUP-violating users to re-accept AUP
                    self.loginShell = User.first_login_shell

                # expired and newmember users get webspace
                # renew users didn't lose it
                # and bold/dead users don't get it without admin intervention
                if st in ["expired", "newmember"]:
                    self.grant_priv("webspace")

                self.reset_mysql_pw()

                # FIXME quotas
            else:
                # can't be a new member if the account
                # is being set to [rewew,expired,bold,dead]
                # since you need to have had an account
                # for those things to happen
                assert st != "newmember"
                # removing shell, save old password
                if self.can_bind():
                    self.tcdnetsoc_saved_password = self.userPassword
                    del self.userPassword

                # possibly remove privileges
                if newst in ["bold", "dead"]:
                    for g in list(self.memberOf):
                        if isinstance(g, Privilege) and g.cn != newst:
                            self.memberOf -= g

                # remove samba access
                if 'sambaSamAccount' in self.objectClass:
                    self.objectClass -= 'sambaSamAccount'