Пример #1
0
    def group_overview(groupname):
        title = "Group details - %s" % groupname

        if not ldap_group_exists(groupname=groupname):
            abort(404)

        identity_fields = [('sAMAccountName', "Name"),
                           ('description', "Description")]

        group_fields = [('sAMAccountName', "Name"),
                        ('description', "Description")]

        group = ldap_get_group(groupname=groupname)
        admin = ldap_in_group("Domain Admins") and not group['groupType'] & 1
        group_details = [ldap_get_group(entry, 'distinguishedName')
                         for entry in ldap_get_membership(groupname)]

        groups = sorted(group_details, key=lambda entry:
                        entry['sAMAccountName'])

        member_list = []
        for entry in ldap_get_members(groupname):
            member = ldap_get_entry_simple({'distinguishedName': entry})
            if 'sAMAccountName' not in member:
                continue
            member_list.append(member)

        members = sorted(member_list, key=lambda entry:
                         entry['sAMAccountName'])

        return render_template("pages/group_overview.html", g=g, title=title,
                               group=group, identity_fields=identity_fields,
                               group_fields=group_fields, admin=admin,
                               groups=groups, members=members,
                               grouptype_values=LDAP_AD_GROUPTYPE_VALUES)
    def group_overview(groupname):
        title = "Group details - %s" % groupname

        if not ldap_group_exists(groupname=groupname):
            abort(404)

        identity_fields = [('sAMAccountName', "Name"),
                           ('description', u"Description")]

        group_fields = [('sAMAccountName', "Name"),
                        ('description', u"Description")]

        group = ldap_get_group(groupname=groupname)

        admin = ldap_in_group(
            Settings.ADMIN_GROUP) and not group['groupType'] & 1

        group_details = [
            ldap_get_group(entry, 'distinguishedName')
            for entry in ldap_get_membership(groupname)
        ]

        group_details = list(filter(None, group_details))
        groups = sorted(group_details,
                        key=lambda entry: entry['sAMAccountName'])

        member_list = []
        for entry in ldap_get_members(groupname):
            member = ldap_get_entry_simple({'distinguishedName': entry})
            if 'sAMAccountName' not in member:
                continue
            member_list.append(member)

        members = sorted(member_list,
                         key=lambda entry: entry['sAMAccountName'])

        parent = ",".join(group['distinguishedName'].split(',')[1:])

        return render_template("pages/group_overview_es.html",
                               g=g,
                               title=title,
                               group=group,
                               identity_fields=identity_fields,
                               group_fields=group_fields,
                               admin=admin,
                               groups=groups,
                               members=members,
                               parent=parent,
                               grouptype_values=LDAP_AD_GROUPTYPE_VALUES)
Пример #3
0
    def user_overview(username):
        title = "User details - %s" % username

        if not ldap_user_exists(username=username):
            abort(404)

        identity_fields = [('givenName', "First name"),
                           ('sn', "Last name"),
                           ('displayName', "Display name"),
                           ('sAMAccountName', "User name"),
                           ('mail', "E-mail address"),
                           ('___primary_group', "Primary group")]
        group_fields = [('sAMAccountName', "Name"),
                        ('description', "Description")]

        admin = ldap_in_group("Domain Admins")
        user = ldap_get_user(username=username)
        group_details = [ldap_get_group(group, 'distinguishedName')
                         for group in ldap_get_membership(username)]
        user['___primary_group'] = group_details[0]['sAMAccountName']

        groups = sorted(group_details, key=lambda entry:
                        entry['sAMAccountName'])

        return render_template("pages/user_overview.html", g=g, title=title,
                               user=user, identity_fields=identity_fields,
                               group_fields=group_fields,
                               admin=admin, groups=groups,
                               uac_values=LDAP_AD_USERACCOUNTCONTROL_VALUES)
Пример #4
0
    def group_delete(groupname):
        title = "Delete group"

        if not ldap_group_exists(groupname):
            abort(404)

        form = Form(request.form)

        if form.validate_on_submit():
            try:
                group = ldap_get_group(groupname=groupname)
                ldap_delete_entry(group['distinguishedName'])
                flash("Group successfuly deleted.", "success")
                return redirect(url_for('core_index'))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
                flash("Some fields failed validation.", "error")

        return render_template("pages/group_delete.html", title=title,
                               action="Delete group", form=form,
                               groupname=groupname,
                               parent=url_for('group_overview',
                                              groupname=groupname))
Пример #5
0
    def user_overview(username):
        title = "User details - %s" % username

        if not ldap_user_exists(username=username):
            abort(404)

        identity_fields = [('givenName', "First name"), ('sn', "Last name"),
                           ('displayName', "Display name"),
                           ('sAMAccountName', "User name"),
                           ('mail', "E-mail address"),
                           ('___primary_group', "Primary group")]
        group_fields = [('sAMAccountName', "Name"),
                        ('description', "Description")]

        admin = ldap_in_group("Domain Admins")
        user = ldap_get_user(username=username)
        group_details = [
            ldap_get_group(group, 'distinguishedName')
            for group in ldap_get_membership(username)
        ]
        user['___primary_group'] = group_details[0]['sAMAccountName']

        groups = sorted(group_details,
                        key=lambda entry: entry['sAMAccountName'])

        return render_template("pages/user_overview.html",
                               g=g,
                               title=title,
                               user=user,
                               identity_fields=identity_fields,
                               group_fields=group_fields,
                               admin=admin,
                               groups=groups,
                               uac_values=LDAP_AD_USERACCOUNTCONTROL_VALUES)
Пример #6
0
    def group_delete(groupname):
        title = "Delete group"

        if not ldap_group_exists(groupname):
            abort(404)

        form = Form(request.form)

        if form.validate_on_submit():
            try:
                group = ldap_get_group(groupname=groupname)
                ldap_delete_entry(group['distinguishedName'])
                flash("Group successfuly deleted.", "success")
                return redirect(url_for('core_index'))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
            flash("Some fields failed validation.", "error")

        return render_template("pages/group_delete.html",
                               title=title,
                               action="Delete group",
                               form=form,
                               groupname=groupname,
                               parent=url_for('group_overview',
                                              groupname=groupname))
Пример #7
0
    def group_addmembers(groupname):
        title = "Add members"

        if not ldap_group_exists(groupname):
            abort(404)

        form = GroupAddMembers(request.form)
        form.visible_fields = [form.new_members]

        if form.validate_on_submit():
            group = ldap_get_group(groupname)
            if 'member' in group:
                entries = set(group['member'])
            else:
                entries = set()

            for line in form.new_members.data.split("\n"):
                entry = ldap_get_entry_simple({'sAMAccountName': line.strip()})
                if not entry:
                    error = "Invalid username: %s" % line
                    flash(error, "error")
                    break

                entries.add(entry['distinguishedName'])
            else:
                try:
                    ldap_update_attribute(group['distinguishedName'], "member",
                                          list(entries))
                    flash("Members added.", "success")
                    return redirect(
                        url_for('group_overview', groupname=groupname))
                except ldap.LDAPError as e:
                    error = e.message['info'].split(":", 2)[-1].strip()
                    error = str(error[0].upper() + error[1:])
                    flash(error, "error")
        elif form.errors:
            flash("Some fields failed validation.", "error")

        return render_template("forms/basicform.html",
                               form=form,
                               title=title,
                               action="Add members",
                               parent=url_for('group_overview',
                                              groupname=groupname))
    def group_delmember(groupname, member):
        title = "Remove from group"

        group = ldap_get_group(groupname)
        if not group or 'member' not in group:
            abort(404)

        member = ldap_get_entry_simple({'sAMAccountName': member})
        if not member:
            abort(404)

        if not member['distinguishedName'] in group['member']:
            abort(404)

        form = GroupDelMember(request.form)

        if form.validate_on_submit():
            try:
                members = group['member']
                members.remove(member['distinguishedName'])
                ldap_update_attribute(group['distinguishedName'], "member",
                                      members)
                flash(
                    "Member of group X %s eliminated" %
                    group['sAMAccountName'], "success")
                return redirect(
                    url_for('user_overview',
                            username=member['sAMAccountName']))
            except ldap.LDAPError as e:
                e = dict(e.args[0])
                flash(e['info'], "error")
        elif form.errors:
            flash(u"Data validation failed.", "error")

        return render_template("pages/group_delmember_es.html",
                               title=title,
                               action="Remove member from group",
                               form=form,
                               member=member['sAMAccountName'],
                               group=group['sAMAccountName'],
                               parent=url_for(
                                   'user_overview',
                                   username=member['sAMAccountName']))
    def group_addmembers(groupname):
        title = "Add members"

        if not ldap_group_exists(groupname):
            abort(404)

        form = GroupAddMembers(request.form)
        form.visible_fields = [form.new_members]

        if form.validate_on_submit():
            group = ldap_get_group(groupname)
            if 'member' in group:
                entries = set(group['member'])
            else:
                entries = set()

            for line in form.new_members.data.split("\n"):
                entry = ldap_get_entry_simple({'sAMAccountName': line.strip()})
                if not entry:
                    error = u"Invalid username: %s" % line
                    flash(error, "error")
                    break

                entries.add(entry['distinguishedName'])
            else:
                try:
                    ldap_add_users_to_group(group['distinguishedName'],
                                            "member", list(entries))
                    flash("Added users.", "success")
                    return redirect(
                        url_for('group_overview', groupname=groupname))
                except ldap.LDAPError as e:
                    e = dict(e.args[0])
                    flash(e['info'], "error")
        elif form.errors:
            flash(u"Data validation failed.", "error")

        return render_template("forms/basicform.html",
                               form=form,
                               title=title,
                               action="Adicionar miembros",
                               parent=url_for('group_overview',
                                              groupname=groupname))
Пример #10
0
    def group_addmembers(groupname):
        title = "Add members"

        if not ldap_group_exists(groupname):
            abort(404)

        form = GroupAddMembers(request.form)
        form.visible_fields = [form.new_members]

        if form.validate_on_submit():
            group = ldap_get_group(groupname)
            if 'member' in group:
                entries = set(group['member'])
            else:
                entries = set()

            for line in form.new_members.data.split("\n"):
                entry = ldap_get_entry_simple({'sAMAccountName': line.strip()})
                if not entry:
                    error = "Invalid username: %s" % line
                    flash(error, "error")
                    break

                entries.add(entry['distinguishedName'])
            else:
                try:
                    ldap_update_attribute(group['distinguishedName'],
                                          "member", list(entries))
                    flash("Members added.", "success")
                    return redirect(url_for('group_overview',
                                            groupname=groupname))
                except ldap.LDAPError as e:
                    error = e.message['info'].split(":", 2)[-1].strip()
                    error = str(error[0].upper() + error[1:])
                    flash(error, "error")
        elif form.errors:
            flash("Some fields failed validation.", "error")

        return render_template("forms/basicform.html", form=form, title=title,
                               action="Add members",
                               parent=url_for('group_overview',
                                              groupname=groupname))
Пример #11
0
    def group_delmember(groupname, member):
        title = "Remove group member"

        group = ldap_get_group(groupname)
        if not group or 'member' not in group:
            abort(404)

        member = ldap_get_entry_simple({'sAMAccountName': member})
        if not member:
            abort(404)

        if not member['distinguishedName'] in group['member']:
            abort(404)

        form = Form(request.form)

        if form.validate_on_submit():
            try:
                members = group['member']
                members.remove(member['distinguishedName'])
                ldap_update_attribute(group['distinguishedName'], "member",
                                      members)
                flash("Member removed.", "success")
                return redirect(url_for('group_overview', groupname=groupname))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
            flash("Some fields failed validation.", "error")

        return render_template("pages/group_delmember.html",
                               title=title,
                               action="Remove group member",
                               form=form,
                               member=member['sAMAccountName'],
                               group=group['sAMAccountName'],
                               parent=url_for('group_overview',
                                              groupname=groupname))
Пример #12
0
    def group_delmember(groupname, member):
        title = "Remove group member"

        group = ldap_get_group(groupname)
        if not group or 'member' not in group:
            abort(404)

        member = ldap_get_entry_simple({'sAMAccountName': member})
        if not member:
            abort(404)

        if not member['distinguishedName'] in group['member']:
            abort(404)

        form = Form(request.form)

        if form.validate_on_submit():
            try:
                members = group['member']
                members.remove(member['distinguishedName'])
                ldap_update_attribute(group['distinguishedName'],
                                      "member", members)
                flash("Member removed.", "success")
                return redirect(url_for('group_overview', groupname=groupname))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
                flash("Some fields failed validation.", "error")

        return render_template("pages/group_delmember.html", title=title,
                               action="Remove group member", form=form,
                               member=member['sAMAccountName'],
                               group=group['sAMAccountName'],
                               parent=url_for('group_overview',
                                              groupname=groupname))
Пример #13
0
    def group_edit(groupname):
        title = "Edit group"

        if not ldap_group_exists(groupname):
            abort(404)

        group = ldap_get_group(groupname)

        # We can't edit system groups
        if group['groupType'] & 1:
            abort(401)

        form = GroupEdit(request.form)
        field_mapping = [('sAMAccountName', form.name),
                         ('description', form.description),
                         (None, form.group_type),
                         ('groupType', form.group_flags)]

        form.visible_fields = [field[1] for field in field_mapping]

        form.group_flags.choices = [(key, value[0]) for key, value in
                                    LDAP_AD_GROUPTYPE_VALUES.items()
                                    if value[1]]

        if form.validate_on_submit():
            try:
                for attribute, field in field_mapping:
                    value = field.data
                    if value != group.get(attribute):
                        if attribute == 'sAMAccountName':
                            # Rename the account
                            ldap_update_attribute(group['distinguishedName'],
                                                  "sAMAccountName", value)
                            # Finish by renaming the whole record
                            ldap_update_attribute(group['distinguishedName'],
                                                  "cn", value)
                            group = ldap_get_group(value)
                        elif attribute == "groupType":
                            group_type = int(form.group_type.data) + \
                                int(form.group_flags.data)
                            ldap_update_attribute(
                                group['distinguishedName'], attribute,
                                str(
                                    struct.unpack(
                                        "i", struct.pack(
                                            "I", int(group_type)))[0]))
                        elif attribute:
                            ldap_update_attribute(group['distinguishedName'],
                                                  attribute, value)

                flash("Group successfully updated.", "success")
                return redirect(url_for('group_overview',
                                        groupname=form.name.data))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
            flash("Some fields failed validation.", "error")

        if not form.is_submitted():
            form.name.data = group.get('sAMAccountName')
            form.description.data = group.get('description')
            form.group_type.data = group['groupType'] & 2147483648
            form.group_flags.data = 0
            for key, flag in LDAP_AD_GROUPTYPE_VALUES.items():
                if flag[1] and group['groupType'] & key:
                    form.group_flags.data += key

        return render_template("forms/basicform.html", form=form, title=title,
                               action="Save changes",
                               parent=url_for('group_overview',
                                              groupname=groupname))
Пример #14
0
    def group_edit(groupname):
        title = "Edit group"

        if not ldap_group_exists(groupname):
            abort(404)

        group = ldap_get_group(groupname)

        # We can't edit system groups
        if group['groupType'] & 1:
            abort(401)

        form = GroupEdit(request.form)
        field_mapping = [('sAMAccountName', form.name),
                         ('description', form.description),
                         (None, form.group_type),
                         ('groupType', form.group_flags)]

        form.visible_fields = [field[1] for field in field_mapping]

        form.group_flags.choices = [
            (key, value[0]) for key, value in LDAP_AD_GROUPTYPE_VALUES.items()
            if value[1]
        ]

        if form.validate_on_submit():
            try:
                for attribute, field in field_mapping:
                    value = field.data
                    if value != group.get(attribute):
                        if attribute == 'sAMAccountName':
                            # Rename the account
                            ldap_update_attribute(group['distinguishedName'],
                                                  "sAMAccountName", value)
                            # Finish by renaming the whole record
                            ldap_update_attribute(group['distinguishedName'],
                                                  "cn", value)
                            group = ldap_get_group(value)
                        elif attribute == "groupType":
                            group_type = int(form.group_type.data) + \
                                int(form.group_flags.data)
                            ldap_update_attribute(
                                group['distinguishedName'], attribute,
                                str(
                                    struct.unpack(
                                        "i", struct.pack("I",
                                                         int(group_type)))[0]))
                        elif attribute:
                            ldap_update_attribute(group['distinguishedName'],
                                                  attribute, value)

                flash("Group successfully updated.", "success")
                return redirect(
                    url_for('group_overview', groupname=form.name.data))
            except ldap.LDAPError as e:
                error = e.message['info'].split(":", 2)[-1].strip()
                error = str(error[0].upper() + error[1:])
                flash(error, "error")
        elif form.errors:
            flash("Some fields failed validation.", "error")

        if not form.is_submitted():
            form.name.data = group.get('sAMAccountName')
            form.description.data = group.get('description')
            form.group_type.data = group['groupType'] & 2147483648
            form.group_flags.data = 0
            for key, flag in LDAP_AD_GROUPTYPE_VALUES.items():
                if flag[1] and group['groupType'] & key:
                    form.group_flags.data += key

        return render_template("forms/basicform.html",
                               form=form,
                               title=title,
                               action="Save changes",
                               parent=url_for('group_overview',
                                              groupname=groupname))
    def user_overview(username):
        title = "User details - %s" % username

        if not ldap_user_exists(username=username):
            abort(404)

        user = ldap_get_user(username=username)
        admin = ldap_in_group(Settings.ADMIN_GROUP)
        logged_user = g.ldap['username']

        if logged_user == user['sAMAccountName'] or admin:

            identity_fields = [('givenName', "Name"), ('sn', "Last Name"),
                               ('displayName', "Full Name"),
                               ('name', "Registry Name"),
                               ('sAMAccountName', "Username"),
                               ('mail', u"Email address")]

            if 'title' in user:
                identity_fields.append(('title', "Occupation"))
            if 'telephoneNumber' in user:
                identity_fields.append(('telephoneNumber', "Telephone"))

            if Settings.USER_ATTRIBUTES:
                for item in Settings.USER_ATTRIBUTES:
                    if item[0] in user:
                        if len(item) == 3 and item[2] == 'time':
                            datetime_field = (user[item[0]][6:8] + '/' +
                                              user[item[0]][4:6] + '/' +
                                              user[item[0]][0:4] + ' ' +
                                              user[item[0]][8:10] + ':' +
                                              user[item[0]][10:12] + ':' +
                                              user[item[0]][12:14])
                            datetime_field = datetime.strptime(
                                datetime_field, '%d/%m/%Y %H:%M:%S')
                            user[item[0]] = datetime_field.astimezone(
                                timezone(Settings.TIMEZONE))
                        if item[0] == 'jpegPhoto':
                            imgbase64 = base64.b64encode(
                                user[item[0]]).decode()
                            user[item[
                                0]] = 'data:image/jpeg;base64,' + imgbase64
                        identity_fields.append((item[0], item[1]))

            group_fields = [('sAMAccountName', "Name"),
                            ('description', u"Description")]

            user = ldap_get_user(username=username)
            group_details = []
            for group in ldap_get_membership(username):
                group_details.append(ldap_get_group(group,
                                                    'distinguishedName'))
            # group_details = [ldap_get_group(group, 'distinguishedName') for group in ldap_get_membership(username)]

            group_details = list(filter(None, group_details))

            groups = sorted(group_details,
                            key=lambda entry: entry['sAMAccountName'])

            siccip_data = None
            if 'pager' in user:
                siccip_data = get_parsed_pager_attribute(user['pager'])
                print(siccip_data)

            available_groups = ldap_get_entries(
                ldap_filter="(objectclass=group)", scope="subtree")
            group_choices = [("_", "Select a Group")]
            for group_entry in available_groups:
                if not ldap_in_group(group_entry['sAMAccountName'], username):
                    group_choices += [(group_entry['distinguishedName'],
                                       group_entry['sAMAccountName'])]

            form = UserAddGroup(request.form)
            form.available_groups.choices = group_choices

            if not form.is_submitted():
                form.available_groups.data = "_"

            if form.validate_on_submit():
                try:
                    group_to_add = form.available_groups.data
                    if group_to_add == "_":
                        flash(
                            u"You must choose a group from the drop-down list.",
                            "error")
                    else:
                        group = ldap_get_entry_simple({
                            'objectClass':
                            'group',
                            'distinguishedName':
                            group_to_add
                        })
                        if 'member' in group:
                            entries = set(group['member'])
                        else:
                            entries = set()
                        entries.add(user['distinguishedName'])
                        ldap_update_attribute(group_to_add, "member",
                                              list(entries))
                        flash(u"User successfully added to group.", "success")
                    return redirect(url_for('user_overview',
                                            username=username))
                except ldap.LDAPError as e:
                    e = dict(e.args[0])
                    flash(e['info'], "error")
            elif form.errors:
                flash(u"Data validation failed.", "error")

            parent = ",".join(user['distinguishedName'].split(',')[1:])

        else:
            abort(401)

        return render_template("pages/user_overview_es.html",
                               g=g,
                               title=title,
                               form=form,
                               user=user,
                               identity_fields=identity_fields,
                               group_fields=group_fields,
                               admin=admin,
                               groups=groups,
                               siccip_data=siccip_data,
                               parent=parent,
                               uac_values=LDAP_AD_USERACCOUNTCONTROL_VALUES)