def change_passwd(l, r): if len(r) != 1: raise ValueError(_("user %s not found)" % (username,))) # Bind using the user credentials. Throws an exception in case of # error. if old_password is not None: l.simple_bind_s(r[0][0], encode_s(old_password)) l.passwd_s(r[0][0], encode_s(old_password), encode_s(password)) l.unbind_s() logger.info("password for user [%s] is updated in LDAP" % username) # User updated, return False return False
def render_prefs_panel(self, panelid, **kwargs): # @UnusedVariable # Get user root directory user_root = self.app.userdb.get_user_root(self.app.currentuser.username) user_root_b = encode_s(user_root) filename = os.path.join(user_root_b, b'.ssh', b'authorized_keys') # Handle action params = {} if 'action' in kwargs: try: action = kwargs['action'] if action == 'add': self._handle_add(filename, **kwargs) elif action == 'delete': self._handle_delete(filename, **kwargs) except ValueError as e: params['error'] = unicode(e) except Exception as e: _logger.warn("unknown error processing action", exc_info=True) params['error'] = _("Unknown error") # Get SSH keys if file exists. params["sshkeys"] = [] if os.access(filename, os.R_OK): try: params["sshkeys"] = [ {'title': key.comment or (key.keytype + ' ' + key.key[:18]), 'fingerprint': key.fingerprint, 'lineno': key.lineno} for key in authorizedkeys.read(filename)] except IOError: params['error'] = _("error reading SSH keys file") _logger.warn("error reading SSH keys file [%s]", filename) return "prefs_sshkeys.html", params
def _hash_password(self, password): # At this point the password should be unicode. We converted it into # system encoding. password_b = encode_s(password) import sha hasher = sha.new() hasher.update(password_b) return decode_s(hasher.hexdigest())
def _execute(self, username, function): assert isinstance(username, unicode) """Reusable method to run LDAP operation.""" # try STARTLS if configured if self.tls: ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) # Check LDAP credential only. l = ldap.initialize(self.uri) # Set v2 or v3 if self.version == 2: l.protocol_version = ldap.VERSION2 else: l.protocol_version = ldap.VERSION3 try: # Bind to the LDAP server logger.debug("binding to ldap server {}".format(self.uri)) l.simple_bind_s(self.bind_dn, self.bind_password) # Search the LDAP server search_filter = "(&{}({}={}))".format( self.filter, self.attribute, username) logger.debug("search ldap server: {}/{}?{}?{}?{}".format( self.uri, self.base_dn, self.attribute, self.scope, search_filter)) r = l.search_s(encode_s(self.base_dn), self.scope, encode_s(search_filter)) # Execute operation return function(l, r) except ldap.LDAPError as e: l.unbind_s() logger.warn('ldap error', exc_info=1) if isinstance(e.message, dict) and 'desc' in e.message: raise RdiffError(decode_s(e.message['desc'])) raise RdiffError(unicode(repr(e)))
def find_repos_for_user(user, userdb): logger.debug("find repos for [%s]" % user) user_root = encode_s(userdb.get_user_root(user)) repo_paths = list(_find_repos(user_root)) def striproot(path): if not path[len(user_root):]: return "/" return path[len(user_root):] repo_paths = map(striproot, repo_paths) logger.debug("set user [%s] repos: %s " % (user, repo_paths)) userdb.set_repos(user, repo_paths)
def check_crendential(l, r): # Check results if len(r) != 1: logger.debug("user [%s] not found in LDAP" % username) return None # Bind using the user credentials. Throws an exception in case of # error. l.simple_bind_s(r[0][0], encode_s(password)) l.unbind_s() logger.info("user [%s] found in LDAP" % username) # Return the username return decode_s(r[0][1][self.attribute][0])