def load_auth_tab(self): # Only populate the cache if cache is empty if self.auth_data: return self.a_meth = [] if self.opts.ldif: self.a_meth = self.ldif_auth_methods() if self.opts.passwd or True: # DEBUG # Need to fetch a crypt to check if password should be squashed # or 'x'ed. if self.opts.auth_method == 'NOCRYPT': meth = self.co.auth_type_crypt3_des else: meth = map_constants('_AuthenticationCode', self.opts.auth_method) if meth not in self.a_meth: self.a_meth.append(meth) if self.a_meth: for row in self.posix_user.list_account_authentication( auth_type=self.a_meth): if not (row['account_id'] and row['method']): continue acc_id, meth = int(row['account_id']), int(row['method']) if acc_id not in self.auth_data: self.auth_data[acc_id] = {meth: row['auth_data']} else: self.auth_data[acc_id][meth] = row['auth_data']
def ldif_auth_methods(self): """Which authentication methods to fetch. Mixin-support. If all only one entry, it will prefect any in auth_table. If None, it will use default API authentication (crypt3des). """ self.auth_format = {} auth_meth_l = [] self.user_auth = None code = '_AuthenticationCode' # Priority is arg, else cereconf default value # auth_meth_l is a list sent to load_auth_tab and contains # all methods minus primary which is called by auth = posixconf.LDAP['auth_attr'] if isinstance(auth, dict): if not 'userPassword' in auth: self.logger.warn("Only support 'userPassword'-attribute") return None default_auth = auth['userPassword'][:1][0] self.user_auth = map_constants(code, default_auth[0]) if len(default_auth) == 2: format = default_auth[1] else: format = None self.auth_format[int(self.user_auth)] = { 'attr': 'userPassword', 'format': format } for entry in auth['userPassword'][1:]: auth_t = map_constants(code, entry[0]) if len(entry) == 2: format = entry[1] else: format = None auth_meth_l.append(auth_t) self.auth_format[int(auth_t)] = { 'attr': 'userPassword', 'format': format } if isinstance(auth, (list, tuple)): self.user_auth = int(getattr(self.co, auth[:1][0])) for entry in auth[1:]: auth_meth_l.append(int(getattr(self.co, entry))) elif isinstance(auth, str): self.user_auth = int(getattr(self.co, auth)) return auth_meth_l
def ldif_auth_methods(self): """Which authentication methods to fetch. Mixin-support. If all only one entry, it will prefect any in auth_table. If None, it will use default API authentication (crypt3des). """ self.auth_format = {} auth_meth_l = [] self.user_auth = None code = '_AuthenticationCode' # Priority is arg, else cereconf default value # auth_meth_l is a list sent to load_auth_tab and contains # all methods minus primary which is called by auth = posixconf.LDAP['auth_attr'] if isinstance(auth,dict): if not 'userPassword' in auth: self.logger.warn("Only support 'userPassword'-attribute") return None default_auth = auth['userPassword'][:1][0] self.user_auth = map_constants(code, default_auth[0]) if len(default_auth) == 2: format = default_auth[1] else: format = None self.auth_format[int(self.user_auth)] = {'attr':'userPassword', 'format':format} for entry in auth['userPassword'][1:]: auth_t = map_constants(code, entry[0]) if len(entry) == 2: format = entry[1] else: format = None auth_meth_l.append(auth_t) self.auth_format[int(auth_t)] = {'attr':'userPassword', 'format':format} if isinstance(auth,(list,tuple)): self.user_auth = int(getattr(self.co, auth[:1][0])) for entry in auth[1:]: auth_meth_l.append(int(getattr(self.co, entry))) elif isinstance(auth,str): self.user_auth = int(getattr(self.co, auth)) return auth_meth_l