Пример #1
0
def specificGroup(id):
    if not es.isAuthorized("usermgmt"):
        return "ERR_ACCESS_DENIED", 403
    dbconn = db.database()
    lg = ldap.groups()
    if request.method == "GET":
        dbconn.execute("SELECT name, info FROM groups WHERE id = %s LIMIT 1",
                       (id, ))
        group = dbconn.fetchone()
        group["permissions"] = []
        group["users"] = []
        dbconn.execute(
            "SELECT P.id FROM permission P INNER JOIN groups_has_permission GHP ON P.id = GHP.permission_id INNER JOIN groups G ON G.id = GHP.group_id WHERE G.id = %s",
            (id, ))
        for permission in dbconn.fetchall():
            group["permissions"].append(permission["id"])
        dbconn.execute(
            "SELECT P.id FROM people P INNER JOIN people_has_groups PHG ON P.id = PHG.people_id INNER JOIN groups G ON G.id = PHG.group_id WHERE G.id = %s",
            (id, ))
        for user in dbconn.fetchall():
            group["users"].append(user["id"])
        return jsonify(group), 200
    elif request.method == "DELETE":
        if not lg.delete(id) == 0:
            return "ERR_LDAP_ERROR", 500
        dbconn.execute("DELETE FROM groups WHERE id = %s", (id, ))
        if not dbconn.commit():
            return "ERR_DATABASE_ERROR", 500
        return "SUCCESS", 200
Пример #2
0
def createGroup():
    if not es.isAuthorized("usermgmt"):
        return "ERR_ACCESS_DENIED", 403
    dbconn = db.database()
    lg = ldap.groups()
    failed = False
    if request.form.get("name") == "":
        return "ERR_INPUT_ERROR", 500
    dbconn.execute("INSERT INTO groups (name, info, type) VALUES (%s, %s, %s)",
                   (request.form.get("name"), request.form.get("info"),
                    request.form.get("type")))
    if not dbconn.commit():
        return "ERR_DATABASE_ERROR", 500
    id = dbconn.getId()
    if not lg.create(id) == 0:
        return "ERR_LDAP_ERROR", 500
    if request.form.get("permissions"):
        permissions = []
        for permission in json.loads(request.form.get("permissions")):
            permissions.append((id, permission))
        dbconn.execute(
            "INSERT INTO groups_has_permission (group_id, permission_id) VALUES (%s, %s)",
            permissions)
        if not dbconn.commit():
            return "ERR_DATABASE_ERROR", 500
    usersToAdd = []
    if request.form.get("fromgroup"):
        for group in request.form.get("source"):
            dbconn.execute(
                "SELECT P.id FROM people P INNER JOIN people_has_groups PHG ON P.id = PHG.people_id INNER JOIN groups G ON G.id = PHG.group_id WHERE G.id = %s",
                (group, ))
            for user in dbconn.fetchall():
                if not user in usersToAdd:
                    usersToAdd.append((id, user["id"]))
    if request.form.get("users"):
        for user in json.loads(request.form.get("users")):
            usersToAdd.append((id, user))
    for element in usersToAdd:
        element = (id, element)
    dbconn.execute(
        "INSERT INTO people_has_groups (group_id, people_id) VALUES (%s, %s)",
        usersToAdd)
    if not dbconn.commit():
        return "ERR_DATABASE_ERROR", 500
    for (id, element) in usersToAdd:
        if not lg.addUser(element, id) == 0:
            failed = True
    if failed:
        return "ERR_LDAP_ERROR", 500
    return str(id), 201
def fixGroup(id):
    if not es.isAuthorized("usermgmt"):
        return "ERR_ACCESS_DENIED", 403
    dbconn = db.database()
    ldapGroups = ldap.groups()
    dbconn.execute("SELECT name FROM groups WHERE id = %s", (id, ))
    name = dbconn.fetchone()["name"]
    check = checkers.checkLdapGroupEntry({"name": name})
    if not check and request.form.get("missing"):
        ldapResult = ldapGroups.create(int(id))
        if ldapResult == -1:
            return "ERR_LDAP_ERROR", 500
        if ldapResult == -2:
            return "ERR_DATABASE_ERROR", 500
        dbconn.execute(
            "SELECT P.id FROM people P INNER JOIN people_has_groups PHG ON PHG.people_id = P.ID INNER JOIN groups G ON G.id = PHG.group_id WHERE G.id = %s",
            (id, ))
        addFailed = False
        for user in dbconn.fetchall():
            memberResult = ldapGroups.addUser(user["id"], id)
            if memberResult < 0:
                addFailed = True
        if addFailed:
            return "ERR_LDAP_ERROR", 500
    else:
        return "ERR_ALL_DONE", 200
    try:
        removeError = requests.delete(
            url="http://localhost:25252/removeError/" + id +
            "/ERR_LDAP_ENTRY_MISSING/0")
    except:
        return "ERR_CONNECTION_ERROR", 500
    try:
        removeError = requests.delete(
            url="http://localhost:25252/removeError/" + id +
            "/ERR_LDAP_ENTRY_INCOMPLETE/0")
    except:
        return "ERR_CONNECTION_ERROR", 500
    return "SUCCESS", 200
def fixGroupMembership(id):
    if not es.isAuthorized("usermgmt"):
        return "ERR_ACCESS_DENIED", 403
    dbconn = db.database()
    ldapGroups = ldap.groups()
    dbconn.execute("SELECT username FROM people WHERE id = %s", (id, ))
    username = dbconn.fetchone()["username"]
    for target in json.loads(request.form.get("targets")):
        dbconn.execute("SELECT id FROM groups WHERE name = %s", (target, ))
        gid = dbconn.fetchone()["id"]
        if not checkers.checkLdapGroupMembership(username, gid):
            memberResult = ldapGroups.addUser(id, gid)
            if memberResult == -1:
                return "ERR_LDAP_ERROR", 500
            if memberResult == -2:
                return "ERR_DATABASE_ERROR", 500
    try:
        removeError = requests.delete(
            url="http://localhost:25252/removeError/" + id +
            "/ERR_LDAP_GROUP_MEMBERSHIP/1")
    except:
        return "ERR_CONNECTION_ERROR", 500
    return "SUCCESS", 200
Пример #5
0
def groupOperation(id, uid):
    if not es.isAuthorized("usermgmt"):
        return "ERR_ACCESS_DENIED", 403
    dbconn = db.database()
    lg = ldap.groups()
    if request.method == "POST":
        dbconn.execute(
            "INSERT INTO people_has_groups (people_id, group_id) VALUES (%s, %s)",
            (uid, id))
        if not dbconn.commit():
            return "ERR_DATABASE_ERROR", 500
        if not lg.addUser(uid, id) == 0:
            return "ERR_LDAP_ERROR", 500
        return "SUCCESS", 201
    elif request.method == "DELETE":
        dbconn.execute(
            "DELETE FROM people_has_groups WHERE people_id = %s AND group_id = %s",
            (uid, id))
        if not dbconn.commit():
            return "ERR_DATABASE_ERROR", 500
        if not lg.deleteUser(uid, id) == 0:
            return "ERR_LDAP_ERROR", 500
        return "SUCCESS", 200
Пример #6
0
 def runLdapAutoSetup(self):
     ldapServer = Server(self.__config.get("ldap", "url"))
     baseDn = "dc=" + os.environ.get(
         "SLAPD_DOMAIN1") + ",dc=" + os.environ.get("SLAPD_DOMAIN0")
     try:
         Connection(ldapServer,
                    self.__config.get("ldap", "admindn") + "," + baseDn,
                    os.environ.get("SLAPD_PASSWORD"),
                    auto_bind=True)
     except Exception as e:
         print(e)
         return False
     else:
         self.__config.set("ldap", "password",
                           os.environ.get("SLAPD_PASSWORD"))
         self.__config.set("ldap", "basedn", baseDn)
         dbconn = db.database()
         dbconn.execute("SELECT id FROM groups")
         ldapGroups = ldap.groups()
         failed = False
         for row in dbconn.fetchall():
             if not ldapGroups.create(row["id"]) == 0:
                 failed = True
         return not failed
Пример #7
0
def specificUser(id):
    if not es.isAuthorized("usermgmt"):
        return "ERR_ACCESS_DENIED", 403
    dbconn = db.database()
    lu = ldap.users()
    lg = ldap.groups()
    dir = directory.directory()
    if request.method == "GET":
        dbconn.execute(
            "SELECT firstname, lastname, preferredname, sex, title, short, email, DATE_FORMAT(birthdate, '%Y-%m-%d') AS birthdate, username, smb_homedir, persistant FROM people WHERE id = %s",
            (id, ))
        user = dbconn.fetchone()
        user["groups"] = []
        user["devices"] = []
        user["logins"] = []
        dbconn.execute(
            "SELECT G.name AS name, G.id AS id FROM groups G INNER JOIN people_has_groups PHG ON PHG.group_id = G.id INNER JOIN people P ON P.id = PHG.people_id WHERE P.id = %s",
            (id, ))
        for group in dbconn.fetchall():
            user["groups"].append(group)
        dbconn.execute("SELECT name, id FROM device WHERE people_id = %s",
                       (id, ))
        for device in dbconn.fetchall():
            user["devices"].append(device)
        dbconn.execute(
            "SELECT timestamp, info, type, D.name AS devicename, D.id AS deviceid, P.preferredname AS people FROM localLoginLog LLL LEFT JOIN device D ON D.id = LLL.device_id LEFT JOIN people P ON LLL.affected = P.id WHERE LLL.people_id = %s OR LLL.affected = %s",
            (id, id))
        for loginEvent in dbconn.fetchall():
            user["logins"].append(loginEvent)
        dbconn.execute(
            "SELECT autogen, cleartext FROM userpassword WHERE people_id = %s",
            (id, ))
        autogenPassword = dbconn.fetchone()
        if autogenPassword["autogen"] == 1:
            user["autogenPassword"] = autogenPassword["cleartext"]
        return jsonify(user), 200
    elif request.method == "PUT":
        short = request.form.get("short") if not request.form.get(
            "short") == "" and not request.form.get(
                "short").lower() == "null" else None
        sex = request.form.get("sex") if isinstance(request.form.get("sex"),
                                                    int) else 0
        dbconn.execute(
            "UPDATE people SET firstname = %s, lastname = %s, email = %s, title = %s, short = %s, birthdate = %s, sex = %s, persistant = %s WHERE id = %s",
            (request.form.get("firstname"), request.form.get("lastname"),
             request.form.get("email"), request.form.get("title"), short,
             request.form.get("birthdate"), sex,
             request.form.get("persistant"), id))
        if not dbconn.commit():
            return "ERR_DATABASE_ERROR", 500
        if not lu.update(id) == 0:
            return "ERR_LDAP_ERROR", 500
        return "SUCCESS", 200
    elif request.method == "DELETE":
        dbconn.execute("SELECT username FROM people WHERE id = %s", (id, ))
        user = dbconn.fetchone()["username"]
        if user == current_user.username:
            return "ERR_ACTUAL_ACCOUNT", 400
        if not lu.delete(id) == 0:
            return "ERR_LDAP_ERROR", 500
        failed = False
        dbconn.execute(
            "SELECT G.id FROM people P INNER JOIN people_has_groups PHG ON PHG.people_id = P.id INNER JOIN groups G ON G.id = PHG.group_id WHERE P.id = %s",
            (id, ))
        for group in dbconn.fetchall():
            if not lg.deleteUser(id, group["id"]) == 0:
                failed = True
        if failed:
            return "ERR_LDAP_ERROR", 500
        if dir.exists(user, "deleted"):
            if not dir.delete(user, "deleted") == 0:
                return "ERR_DELETE_PREVIOUS_FOLDER", 500
        dircode = dir.move(user, "users", user, "deleted")
        if not dircode == 0 and not dircode == -2:
            return "ERR_MOVE_DATA_FOLDER", 500
        dbconn.execute("DELETE FROM people WHERE id = %s", (id, ))
        if not dbconn.commit():
            return "ERR_DATABASE_ERROR", 500
        return "SUCCESS", 200
Пример #8
0
def createUser():
    if not es.isAuthorized("usermgmt"):
        return "ERR_ACCESS_DENIED", 403
    dir = directory.directory()
    if dir.exists(request.form.get("username"), "users"):
        return "ERR_FOLDER_EXISTS", 500
    dbconn = db.database()
    lu = ldap.users()
    lg = ldap.groups()
    id = idsrv.getNew()
    if not request.form.get("password") == request.form.get("password2"):
        return "ERR_PASSWORDS_DIFFERENT", 500
    try:
        short = request.form.get("short") if not request.form.get(
            "short") == "" and not request.form.get(
                "short").lower() == "null" else None
    except AttributeError:
        short = None
    persistant = 1 if request.form.get("persistant") else 0
    smb_homedir = "/home/users/" + request.form.get("username")
    sex = request.form.get("sex") if isinstance(request.form.get("sex"),
                                                int) else 0
    dbconn.execute(
        "INSERT INTO people (id, firstname, lastname, preferredname, sex, title, short, email, birthdate, username, smb_homedir, persistant) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
        (id, request.form.get("firstname"), request.form.get("lastname"),
         request.form.get("preferredname"), sex, request.form.get("title"),
         short, request.form.get("email"), request.form.get("birthdate"),
         request.form.get("username"), smb_homedir, persistant))
    if not dbconn.commit():
        return "ERR_DATABASE_ERROR", 500
    if not request.form.get("cleartext") is None:
        dbconn.execute(
            "INSERT INTO userpassword (people_id, unix_hash, smb_hash, hint, cleartext, autogen) VALUES (%s, %s, %s, %s, %s, 1)",
            (id, hash.unix(request.form.get("password")),
             hash.samba(request.form.get("password")),
             request.form.get("pwhint"), request.form.get("password")))
        if not dbconn.commit():
            return "ERR_DATABASE_ERROR", 500
    else:
        dbconn.execute(
            "INSERT INTO userpassword (people_id, unix_hash, smb_hash, hint, autogen) VALUES (%s, %s, %s, %s, 0)",
            (id, hash.unix(request.form.get("password")),
             hash.samba(
                 request.form.get("password")), request.form.get("pwhint")))
        if not dbconn.commit():
            return "ERR_DATABASE_ERROR", 500
    failed = False
    for group in json.loads(request.form.get("groups")):
        dbconn.execute(
            "INSERT INTO people_has_groups (people_id, group_id) VALUES (%s, %s)",
            (id, group))
        if not dbconn.commit():
            failed = True
        if not lg.addUser(id, group) == 0:
            failed = True
    if failed:
        return "ERR_DATABASE_ERROR", 500
    dircode = dir.create(request.form.get("username"), "users")
    if dircode == 0 and dir.setMode(request.form.get("username"), "users",
                                    "511"):  # 511 in octal gives 777
        if not lu.update(id) == 0:
            return "ERR_LDAP_ERROR", 500
        dbconn.execute("SELECT unix_userid FROM people WHERE id = %s LIMIT 1",
                       (id, ))
        result = dbconn.fetchone()
        if not dir.setOwner(request.form.get("username"), "users",
                            result["unix_userid"]):
            return "ERR_DATABASE_ERROR", 500
    elif dircode == -1:
        return "ERR_FOLDER_PLACE_INVALID", 500
    elif dircode == -4:
        return "ERR_FOLDER_EXISTS", 500
    else:
        return "ERR_CREATE_HOMEFOLDER", 500
    return "SUCCESS", 201
 def __init__(self):
     self.__ldapUsers = ldap.users()
     self.__ldapGroups = ldap.groups()
     self.__dir = directory.directory()