def create_filegroup_object(self, group_id): assert group_id not in self.filegroupcache cache = self.groupcache[group_id] entry = {'objectClass': ('top', 'posixGroup'), 'cn': LDIFutils.iso2utf(cache['name']), 'gidNumber': self.group2gid[group_id], } if 'description' in cache: entry['description'] = (LDIFutils.iso2utf(cache['description']),) self.filegroupcache[group_id] = entry
def create_filegroup_object(self, group_id): assert group_id not in self.filegroupcache cache = self.groupcache[group_id] entry = { 'objectClass': ('top', 'posixGroup'), 'cn': LDIFutils.iso2utf(cache['name']), 'gidNumber': self.group2gid[group_id], } if 'description' in cache: entry['description'] = (LDIFutils.iso2utf(cache['description']), ) self.filegroupcache[group_id] = entry
def dump(self): fd = LDIFutils.ldif_outfile('RADIUS') fd.write(LDIFutils.container_entry_string('RADIUS')) noAuth = (None, None) for account_id, vlan_vpn in self.id2vlan_vpn.iteritems(): info = self.auth[account_id] uname = LDIFutils.iso2utf(str(info[0])) auth = info[1] ntAuth = self.md4_auth.get(account_id, noAuth)[1] if account_id in self.quarantines: qh = QuarantineHandler(self.db, self.quarantines[account_id]) if qh.should_skip(): continue if qh.is_locked(): auth = ntAuth = None dn = ','.join(('uid=' + uname, self.radius_dn)) entry = { # Ikke endelig innhold 'objectClass': ['top', 'account', 'uiaRadiusAccount'], 'uid': (uname,), 'radiusTunnelType': ('VLAN',), 'radiusTunnelMediumType': ('IEEE-802',), 'radiusTunnelPrivateGroupId': (vlan_vpn[0],), 'radiusClass': (vlan_vpn[1],)} if auth: entry['objectClass'].append('simpleSecurityObject') entry['userPassword'] = ('{crypt}' + auth,) if ntAuth: entry['ntPassword'] = (ntAuth,) fd.write(LDIFutils.entry_string(dn, entry, False)) LDIFutils.end_ldif_outfile('RADIUS', fd)
def create_netgroup_object(self, group_id): assert group_id not in self.netgroupcache cache = self.groupcache[group_id] entry = {'objectClass': ('top', 'nisNetGroup'), 'cn': LDIFutils.iso2utf(cache['name'],) } if 'description' in cache: entry['description'] = \ latin1_to_iso646_60(cache['description']).rstrip(), self.netgroupcache[group_id] = entry
def create_netgroup_object(self, group_id): assert group_id not in self.netgroupcache cache = self.groupcache[group_id] entry = { 'objectClass': ('top', 'nisNetGroup'), 'cn': LDIFutils.iso2utf(cache['name'], ) } if 'description' in cache: entry['description'] = \ latin1_to_iso646_60(cache['description']).rstrip(), self.netgroupcache[group_id] = entry
def dump(self): fd = LDIFutils.ldif_outfile('USER') fd.write(LDIFutils.container_entry_string('USER')) for row in self.account.search(): account_id = row['account_id'] info = self.auth[account_id] uname = LDIFutils.iso2utf(str(info[0])) auth = info[1] if account_id in self.quarantines: qh = QuarantineHandler(self.db, self.quarantines[account_id]) if qh.should_skip(): continue if qh.is_locked(): auth = None dn = ','.join(('uid=' + uname, self.user_dn)) entry = { 'objectClass': ['account'], 'uid': (uname,),} if auth: entry['objectClass'].append('simpleSecurityObject') entry['userPassword'] = ('{crypt}' + auth,) fd.write(LDIFutils.entry_string(dn, entry, False)) LDIFutils.end_ldif_outfile('USER', fd)
def dump(self): fd = LDIFutils.ldif_outfile('USER') fd.write(LDIFutils.container_entry_string('USER')) for row in self.account.search(): account_id = row['account_id'] info = self.auth[account_id] uname = LDIFutils.iso2utf(str(info[0])) auth = info[1] if account_id in self.quarantines: qh = QuarantineHandler(self.db, self.quarantines[account_id]) if qh.should_skip(): continue if qh.is_locked(): auth = None dn = ','.join(('uid=' + uname, self.user_dn)) entry = { 'objectClass': ['account'], 'uid': (uname, ), } if auth: entry['objectClass'].append('simpleSecurityObject') entry['userPassword'] = ('{crypt}' + auth, ) fd.write(LDIFutils.entry_string(dn, entry, False)) LDIFutils.end_ldif_outfile('USER', fd)
def user_object(self, row): account_id = int(row['account_id']) uname = row['entity_name'] passwd = '{crypt}*Invalid' if row['auth_data']: if self.auth_format[self.user_auth]['format']: passwd = self.auth_format[self.user_auth]['format'] % \ row['auth_data'] else: passwd = row['auth_data'] else: for uauth in [x for x in self.a_meth if x in self.auth_format]: try: if self.auth_format[uauth]['format']: passwd = self.auth_format[uauth]['format'] % \ self.auth_data[account_id][uauth] else: passwd = self.auth_data[account_id][uauth] except KeyError: pass if not row['shell']: self.logger.warn("User %s have no posix-shell!" % uname) return None, None else: shell = self.shell_tab[int(row['shell'])] if account_id in self.quarantines: self.qh.quarantines = self.quarantines[account_id] if self.qh.should_skip(): return None, None if self.qh.is_locked(): passwd = '{crypt}' + '*Locked' qshell = self.qh.get_shell() if qshell is not None: shell = qshell try: if row['disk_id']: disk_path = self.disk_tab[int(row['disk_id'])] else: disk_path = None home = self.posuser.resolve_homedir(account_name=uname, home=row['home'], disk_path=disk_path) # 22.07.2013: Jira, CRB-98 # Quick fix, treat empty "home" as an error, to make # generate_posix_ldif complete if not home: # This event should be treated the same way as a disk_id # NotFoundError -- it means that a PosixUser has no home # directory set. raise Exception() except (Errors.NotFoundError, Exception): self.logger.warn("User %s has no home-directory!" % uname) return None, None cn = row['name'] or row['gecos'] or uname gecos = latin1_to_iso646_60(row['gecos'] or cn) entry = { 'objectClass': ['top', 'account', 'posixAccount'], 'cn': (LDIFutils.iso2utf(cn), ), 'uid': (uname, ), 'uidNumber': (str(int(row['posix_uid'])), ), 'gidNumber': (str(int(row['posix_gid'])), ), 'homeDirectory': (home, ), 'userPassword': (passwd, ), 'loginShell': (shell, ), 'gecos': (gecos, ) } self.update_user_entry(account_id, entry, row) if not account_id in self.id2uname: self.id2uname[account_id] = uname else: self.logger.warn('Duplicate user-entry: (%s,%s)!', account_id, uname) return None, None dn = ','.join((('uid=' + uname), self.user_dn)) return dn, entry
def prep(self): # This function collects the information that should be exported. # It also enforces quarantines. aff_to_select = [self.const.PersonAffiliation(x) for x in cereconf.LDAP_SAMSON3["affiliation"]] # We select all persons with a specific affiliation: for ac in self.account.list_accounts_by_type(affiliation=aff_to_select): # We get the account name and password hash self.account.clear() self.account.find(ac["account_id"]) auth = self.auth[self.account.entity_id] auth = "{crypt}" + auth[1] # Set the hash to None if the account is quarantined. if ac["account_id"] in self.quarantines: # FIXME: jsama, 2012-03-21: # Commenting out these lines is a quick fix. Spreads might not # be totally sane as of this writing, so if anyone has a # quarantine, don't export the password hash. We don't care # about them rules defined in cereconf. # qh = QuarantineHandler(self.db, self.quarantines[ac['account_id']], # spreads=[self.const.spread_ldap_account]) # if qh.should_skip(): # continue # if qh.is_locked(): # auth = None auth = None # Get the persons names self.person.clear() self.person.find(self.account.owner_id) surname = self.person.get_name(self.const.system_cached, self.const.name_last) given_name = self.person.get_name(self.const.system_cached, self.const.name_first) common_name = self.person.get_name(self.const.system_cached, self.const.name_full) # We convert to utf surname = LDIFutils.iso2utf(surname) given_name = LDIFutils.iso2utf(given_name) common_name = LDIFutils.iso2utf(common_name) username = LDIFutils.iso2utf(self.account.account_name) # Get the email address email = self.account.get_primary_mailaddress() # Construct the distinguished name dn = ",".join(("uid=" + username, self.samson3_dn)) # Stuff all data in a dict entry = { "uid": username, "mail": email, "cn": common_name, "sn": surname, "givenName": given_name, "objectClass": "inetOrgPerson", } if auth: # Export password attribute unless quarantine entry["userPassword"] = auth # Put the DN and dict in a list, to be written to file later. self.entries.append({"dn": dn, "entry": entry})
def user_object(self, row): account_id = int(row['account_id']) uname = row['entity_name'] passwd = '{crypt}*Invalid' if row['auth_data']: if self.auth_format[self.user_auth]['format']: passwd = self.auth_format[self.user_auth]['format'] % \ row['auth_data'] else: passwd = row['auth_data'] else: for uauth in [x for x in self.a_meth if x in self.auth_format]: try: if self.auth_format[uauth]['format']: passwd = self.auth_format[uauth]['format'] % \ self.auth_data[account_id][uauth] else: passwd = self.auth_data[account_id][uauth] except KeyError: pass if not row['shell']: self.logger.warn("User %s have no posix-shell!" % uname) return None, None else: shell = self.shell_tab[int(row['shell'])] if account_id in self.quarantines: self.qh.quarantines = self.quarantines[account_id] if self.qh.should_skip(): return None, None if self.qh.is_locked(): passwd = '{crypt}' + '*Locked' qshell = self.qh.get_shell() if qshell is not None: shell = qshell try: if row['disk_id']: disk_path = self.disk_tab[int(row['disk_id'])] else: disk_path = None home = self.posuser.resolve_homedir(account_name=uname, home=row['home'], disk_path=disk_path) # 22.07.2013: Jira, CRB-98 # Quick fix, treat empty "home" as an error, to make # generate_posix_ldif complete if not home: # This event should be treated the same way as a disk_id # NotFoundError -- it means that a PosixUser has no home # directory set. raise Exception() except (Errors.NotFoundError, Exception): self.logger.warn("User %s has no home-directory!" % uname) return None, None cn = row['name'] or row['gecos'] or uname gecos = latin1_to_iso646_60(row['gecos'] or cn) entry = {'objectClass': ['top', 'account', 'posixAccount'], 'cn': (LDIFutils.iso2utf(cn),), 'uid': (uname,), 'uidNumber': (str(int(row['posix_uid'])),), 'gidNumber': (str(int(row['posix_gid'])),), 'homeDirectory': (home,), 'userPassword': (passwd,), 'loginShell': (shell,), 'gecos': (gecos,)} self.update_user_entry(account_id, entry, row) if not account_id in self.id2uname: self.id2uname[account_id] = uname else: self.logger.warn('Duplicate user-entry: (%s,%s)!', account_id, uname) return None, None dn = ','.join((('uid=' + uname), self.user_dn)) return dn, entry
def prep(self): # This function collects the information that should be exported. # It also enforces quarantines. aff_to_select = [self.const.PersonAffiliation(x) for x in \ cereconf.LDAP_SAMSON3['affiliation']] # We select all persons with a specific affiliation: for ac in self.account.list_accounts_by_type( affiliation=aff_to_select): # We get the account name and password hash self.account.clear() self.account.find(ac['account_id']) auth = self.auth[self.account.entity_id] auth = '{crypt}' + auth[1] # Set the hash to None if the account is quarantined. if ac['account_id'] in self.quarantines: # FIXME: jsama, 2012-03-21: # Commenting out these lines is a quick fix. Spreads might not # be totally sane as of this writing, so if anyone has a # quarantine, don't export the password hash. We don't care # about them rules defined in cereconf. #qh = QuarantineHandler(self.db, self.quarantines[ac['account_id']], # spreads=[self.const.spread_ldap_account]) #if qh.should_skip(): # continue #if qh.is_locked(): # auth = None auth = None # Get the persons names self.person.clear() self.person.find(self.account.owner_id) surname = self.person.get_name(self.const.system_cached, self.const.name_last) given_name = self.person.get_name(self.const.system_cached, self.const.name_first) common_name = self.person.get_name(self.const.system_cached, self.const.name_full) # We convert to utf surname = LDIFutils.iso2utf(surname) given_name = LDIFutils.iso2utf(given_name) common_name = LDIFutils.iso2utf(common_name) username = LDIFutils.iso2utf(self.account.account_name) # Get the email address email = self.account.get_primary_mailaddress() # Construct the distinguished name dn = ','.join(('uid=' + username, self.samson3_dn)) # Stuff all data in a dict entry = { 'uid': username, 'mail': email, 'cn': common_name, 'sn': surname, 'givenName': given_name, 'objectClass': 'inetOrgPerson', } if auth: # Export password attribute unless quarantine entry['userPassword'] = auth # Put the DN and dict in a list, to be written to file later. self.entries.append({'dn': dn, 'entry': entry})