示例#1
0
def update_obj(entity):
    conn = None
    try:
        attrs = {}
        if entity.ou:
            attrs.update({global_ids.OU: [(MOD_REPLACE, [entity.ou])]})
        if entity.description:
            attrs.update(
                {global_ids.DESC: [(MOD_REPLACE, [entity.description])]})
        if entity.type:
            attrs.update({TYPE: [(MOD_REPLACE, [entity.type])]})
        # list of comma delimited strings:
        if entity.props is not None and len(entity.props) > 0:
            attrs.update({global_ids.PROPS: [(MOD_REPLACE, entity.props)]})
        if len(attrs) > 0:
            conn = ldaphelper.open()
            conn.modify_s(__get_obj_dn(entity), attrs_to_modlist(attrs))
    except ldap.NO_SUCH_OBJECT:
        raise NotFound(msg='PermObj update failed, not found:' +
                       entity.obj_name,
                       id=global_ids.PERM_OBJ_NOT_FOUND)
    except ldap.LDAPError as e:
        raise FortressError(msg='PermObj update failed result=' + str(e),
                            id=global_ids.PERM_UPDATE_FAILED)
    except Exception as e:
        raise FortressError(msg='PermObj update error=' + str(e),
                            id=global_ids.PERM_UPDATE_FAILED)
    return entity
示例#2
0
def get_members_constraint(entity):
    conn = None
    mList = []
    search_filter = '(&(objectClass=' + ROLE_OC_NAME + ')'
    search_filter += '(' + ROLE_NAME + '=' + entity.name + '))'
    try:
        conn = ldaphelper.open()
        # TODO: use sizelimit=1
        entries = conn.search_s(__CONTAINER_DN,
                                scope=ldap.SCOPE_SUBTREE,
                                filterstr=search_filter,
                                attrlist=[MEMBER, global_ids.CONSTRAINT])

        if not entries:
            raise NotFound(msg="Role not found, name=" + entity.name,
                           id=global_ids.ROLE_NOT_FOUND)
        elif len(entries) > 1:
            raise NotUnique(msg="Role not unique, name=" + entity.name,
                            id=global_ids.ROLE_SEARCH_FAILED)

        dn, attrs = entries[0]

        member_dns = ldaphelper.get_list(attrs.get(MEMBER, []))
        constraint = Constraint(
            ldaphelper.get_attr_val(attrs.get(global_ids.CONSTRAINT, [])))
        mList = __convert_list(member_dns)
    except Exception as e:  # FIXME: change to LDAPError
        raise RbacError(msg='Get members search error=' + str(e),
                        id=global_ids.ROLE_OCCUPANT_SEARCH_FAILED)
    finally:
        if conn:
            ldaphelper.close(conn)
    return [mList, constraint]
示例#3
0
def update(entity):
    try:
        attrs = {}
        if entity.description:
            attrs.update(
                {global_ids.DESC: [(MOD_REPLACE, [entity.description])]})
        # list of srings:
        if entity.props is not None and len(entity.props) > 0:
            attrs.update({global_ids.PROPS: [(MOD_REPLACE, [entity.props])]})
        # list of comma delimited strings:
        if entity.constraint is not None:
            attrs.update({
                global_ids.CONSTRAINT:
                [(MOD_REPLACE, [entity.constraint.get_raw()])]
            })
        if len(attrs) > 0:
            conn = ldaphelper.open()
            conn.modify_s(__get_dn(entity), mods_to_modlist(attrs))
    except ldap.NO_SUCH_OBJECT:
        raise NotFound(msg='Role update failed, not found:' + entity.name,
                       id=global_ids.ROLE_NOT_FOUND)
    except ldap.LDAPError as e:
        raise RbacError('Role update failed result=' + str(e),
                        global_ids.ROLE_UPDATE_FAILED)
    except Exception as e:
        raise RbacError(msg='Role update error=' + str(e),
                        id=global_ids.ROLE_UPDATE_FAILED)
    return entity
示例#4
0
def update(entity):
    try:
        attrs = {}
        if entity.description:
            attrs.update(
                {global_ids.DESC: [(MOD_REPLACE, [entity.description])]})
        if entity.type:
            attrs.update({TYPE: [(MOD_REPLACE, [entity.type])]})
        # list of strings:
        if entity.props is not None and len(entity.props) > 0:
            attrs.update({global_ids.PROPS: [(MOD_REPLACE, entity.props)]})
        if entity.users is not None and len(entity.users) > 0:
            attrs.update({USERS: [(MOD_REPLACE, entity.users)]})
        if entity.roles is not None and len(entity.roles) > 0:
            attrs.update({ROLES: [(MOD_REPLACE, entity.roles)]})
        if len(attrs) > 0:
            conn = ldaphelper.open()
            conn.modify_s(__get_dn(entity), attrs_to_modlist(attrs))
    except ldap.NO_SUCH_OBJECT:
        raise NotFound(msg='Perm update failed, not found:' + entity.obj_name,
                       id=global_ids.PERM_OP_NOT_FOUND)
    except ldap.LDAPError as e:
        raise RbacError(msg='Perm update failed result=' + str(e),
                        id=global_ids.PERM_UPDATE_FAILED)
    except Exception as e:
        raise RbacError(msg='Perm update error=' + str(e),
                        id=global_ids.PERM_UPDATE_FAILED)
    return entity
示例#5
0
def read(entity):
    userList = search(entity)
    if userList is None or len(userList) == 0:
        raise NotFound(msg="User Read not found, uid=" + entity.uid,
                       id=global_ids.USER_NOT_FOUND)
    elif len(userList) > 1:
        raise NotUnique(msg="User Read not unique, uid=" + entity.uid,
                        id=global_ids.USER_READ_FAILED)
    else:
        return userList[0]
示例#6
0
def read(entity):
    roleList = search(entity)
    if roleList is None or len(roleList) == 0:
        raise NotFound(msg="Role Read not found, name=" + entity.name,
                       id=global_ids.ROLE_NOT_FOUND)
    elif len(roleList) > 1:
        raise NotUnique(msg="Role Read not unique, name=" + entity.name,
                        id=global_ids.ROLE_READ_FAILED)
    else:
        return roleList[0]
示例#7
0
def read_obj(entity):
    objList = search_objs(entity)
    if objList is None or len(objList) == 0:
        raise NotFound(msg="PermObj Read not found, obj name=" +
                       entity.obj_name,
                       id=global_ids.PERM_OBJ_NOT_FOUND)
    elif len(objList) > 1:
        raise NotUnique(msg="PermObj Read not unique, obj name=" +
                        entity.obj_name,
                        id=global_ids.PERM_READ_OBJ_FAILED)
    else:
        return objList[0]
示例#8
0
def read(entity):
    permList = search(entity)
    if permList is None or len(permList) == 0:
        raise NotFound(msg="Perm Read not found, obj name=" + entity.obj_name +
                       ', op name=' + entity.op_name,
                       id=global_ids.PERM_NOT_EXIST)
    elif len(permList) > 1:
        raise NotUnique(msg="Perm Read not unique, obj name=" +
                        entity.obj_name + ', op name=' + entity.op_name,
                        id=global_ids.PERM_READ_OP_FAILED)
    else:
        return permList[0]
示例#9
0
def delete(entity):
    try:
        conn = ldaphelper.open()
        conn.delete_s(__get_dn(entity))
    except ldap.NO_SUCH_OBJECT:
        raise NotFound(msg='Role delete not found:' + entity.name,
                       id=global_ids.ROLE_NOT_FOUND)
    except ldap.LDAPError as e:
        raise RbacError(msg='Role delete failed result=' + str(e),
                        id=global_ids.ROLE_DELETE_FAILED)
    except Exception as e:
        raise RbacError(msg='Role delete error=' + str(e),
                        id=global_ids.ROLE_DELETE_FAILED)
    return entity
示例#10
0
def delete_ou(name):
    __validate(name)
    try:
        conn = ldaphelper.open()
        conn.delete_s(ldaphelper.get_container_dn(name))
    except ldap.NO_SUCH_OBJECT:
        raise NotFound(msg='OU delete not found:' + name,
                       id=global_ids.CNTR_NOT_FOUND)
    except ldap.LDAPError as e:
        raise RbacError(msg='OU delete failed result=' + str(e),
                        id=global_ids.CNTR_DELETE_FAILED)
    except Exception as e:
        raise RbacError(msg='OU delete error=' + str(e),
                        id=global_ids.CNTR_DELETE_FAILED)
示例#11
0
def delete_obj(entity):
    try:
        conn = ldaphelper.open()
        conn.delete_s(__get_obj_dn(entity))
    except ldap.NO_SUCH_OBJECT:
        raise NotFound(msg='PermObj delete not found:' + entity.obj_name,
                       id=global_ids.PERM_OBJ_NOT_FOUND)
    except ldap.LDAPError as e:
        raise FortressError(msg='PermObj delete failed result=' + str(e),
                            id=global_ids.PERM_DELETE_FAILED)
    except Exception as e:
        raise FortressError(msg='PermObj delete error=' + str(e),
                            id=global_ids.PERM_DELETE_FAILED)
    return entity
示例#12
0
def delete_suffix():
    try:
        conn = ldaphelper.open()
        conn.delete_s(__SUFX_DN)
    except ldap.NO_SUCH_OBJECT:
        raise NotFound(msg='Suffix delete not found dn=' + __SUFX_DN,
                       id=global_ids.SUFX_NOT_EXIST)
    except ldap.LDAPError as e:
        raise RbacError(msg='Suffix delete failed, dn=' + __SUFX_DN +
                        ', result=' + str(e),
                        id=global_ids.SUFX_DELETE_FAILED)
    except Exception as e:
        raise RbacError(msg='Suffix delete failed, dn=' + __SUFX_DN +
                        ', error=' + str(e),
                        id=global_ids.SUFX_DELETE_FAILED)
示例#13
0
def add_member(entity, uid):
    try:
        attrs = {}
        if uid:
            user_dn = __get_user_dn(uid)
            attrs.update({MEMBER: [(MOD_ADD, user_dn)]})
            conn = ldaphelper.open()
            conn.modify_s(__get_dn(entity), mods_to_modlist(attrs))
    except ldap.NO_SUCH_OBJECT:
        raise NotFound(msg='Add member failed, not found, role=' +
                       entity.name + ', member dn=' + user_dn,
                       id=global_ids.ROLE_NOT_FOUND)
    except ldap.LDAPError as e:
        raise RbacError(msg='Add member failed result=' + str(e),
                        id=global_ids.ROLE_USER_ASSIGN_FAILED)
    except Exception as e:
        raise RbacError(msg='Add member error=' + str(e),
                        id=global_ids.ROLE_USER_ASSIGN_FAILED)
    return entity
示例#14
0
def grant(entity, role):
    try:
        attrs = {}
        # constraint type:
        if role is not None:
            attrs.update({ROLES: [(MOD_ADD, role.name)]})
            conn = ldaphelper.open()
            conn.modify_s(__get_dn(entity), attrs_to_modlist(attrs))
    except ldap.NO_SUCH_OBJECT:
        raise NotFound(msg='Perm grant failed, not found, obj name=' +
                       entity.obj_name + ', op_name=' + entity.op_name +
                       ', op id=' + entity.obj_id + ', role=' + role.name,
                       id=global_ids.PERM_OP_NOT_FOUND)
    except ldap.LDAPError as e:
        raise RbacError(msg='Perm grant failed result=' + str(e),
                        id=global_ids.PERM_GRANT_FAILED)
    except Exception as e:
        raise RbacError(msg='Perm grant error=' + str(e),
                        id=global_ids.PERM_GRANT_FAILED)
    return entity
示例#15
0
def update(entity):
    try:
        attrs = {}
        # strings:
        if entity.cn:
            attrs.update({global_ids.CN: [(MOD_REPLACE, [entity.cn])]})
        if entity.sn:
            attrs.update({global_ids.SN: [(MOD_REPLACE, [entity.sn])]})
        if entity.password:
            attrs.update({PW: [(MOD_REPLACE, [entity.password])]})
        if entity.description:
            attrs.update(
                {global_ids.DESC: [(MOD_REPLACE, [entity.description])]})
        if entity.ou:
            attrs.update({global_ids.OU: [(MOD_REPLACE, [entity.ou])]})
        if entity.display_name:
            attrs.update(
                {DISPLAY_NAME: [(MOD_REPLACE, [entity.display_name])]})
        if entity.employee_type:
            attrs.update(
                {EMPLOYEE_TYPE: [(MOD_REPLACE, entity.employee_type)]})
        if entity.title:
            attrs.update({TITLE: [(MOD_REPLACE, [entity.title])]})
        if entity.department_number:
            attrs.update({DEPT_NUM: [(MOD_REPLACE, entity.department_number)]})
        if entity.l:
            attrs.update({LOCATION: [(MOD_REPLACE, entity.l)]})
        if entity.physical_delivery_office_name:
            attrs.update({
                PHYSICAL_OFFICE_NM:
                [(MOD_REPLACE, entity.physical_delivery_office_name)]
            })
        if entity.postal_code:
            attrs.update({POSTAL_CODE: [(MOD_REPLACE, entity.postal_code)]})
        if entity.room_number:
            attrs.update({RM_NUM: [(MOD_REPLACE, entity.room_number)]})
        if entity.pw_policy:
            attrs.update({PW_POLICY: [(MOD_REPLACE, entity.pw_policy)]})

        # list of strings:
        if entity.phones is not None and len(entity.phones) > 0:
            attrs.update({TELEPHONE_NUMBER: [(MOD_REPLACE, entity.phones)]})
        if entity.mobiles is not None and len(entity.mobiles) > 0:
            attrs.update({MOBILE: [(MOD_REPLACE, entity.mobiles)]})
        if entity.emails is not None and len(entity.emails) > 0:
            attrs.update({MAIL: [(MOD_REPLACE, entity.emails)]})
        if entity.system is not None:
            attrs.update({
                IS_SYSTEM:
                [(MOD_REPLACE, 'TRUE' if entity.system else 'FALSE')]
            })

        # list of delimited strings::
        if entity.constraint is not None:
            attrs.update({
                global_ids.CONSTRAINT:
                [(MOD_REPLACE, entity.constraint.get_raw())]
            })

        # boolean:
        if entity.props is not None and len(entity.props) > 0:
            attrs.update({global_ids.PROPS: [(MOD_REPLACE, entity.props)]})

        if len(attrs) > 0:
            conn = ldaphelper.open()
            conn.modify_s(__get_dn(entity), mods_to_modlist(attrs))
    except ldap.NO_SUCH_OBJECT:
        raise NotFound(msg='User update failed, not found:' + entity.name,
                       id=global_ids.USER_UPDATE_FAILED)
    except ldap.LDAPError as e:
        raise RbacError(msg='User update failed result=' + str(e),
                        id=global_ids.USER_UPDATE_FAILED)
    except Exception as e:
        raise RbacError(msg='User update error=' + str(e),
                        id=global_ids.USER_UPDATE_FAILED)
    return entity