示例#1
0
class LDAPUser(object):
    """LDAP authentication."""

    def __init__(self, ldapuri, users_root='ou=users,dc=mozilla',
                 check_account_state=True,
                 ldap_timeout=10, search_root='dc=mozilla', **kw):
        self.check_account_state = check_account_state
        self.users_root = users_root
        self.search_root = search_root
        self.ldap_timeout = ldap_timeout

        self.conn = ConnectionManager(ldapuri, **kw)

    def _conn(self, bind=None, passwd=None):
        return self.conn.connection(bind, passwd)

    def _purge_conn(self, bind, passwd=None):
        self.conn.purge(bind, passwd=None)

    def get_user_id(self, user):
        """Returns the id for a user name"""
        if user.get('userid'):
            return user['userid']

        #getting the dn gets it as a side effect
        self._get_dn(user)
        return user.get('userid')

    def create_user(self, user_name, password, email):
        """Creates a user. Returns a user object on success."""
        user_name = str(user_name)   # XXX only ASCII

        #First make sure the username isn't taken. There'll still be a race
        #condition, but it's pretty small
        test_user = User()
        test_user['username'] = user_name
        dn = self._get_dn(test_user)
        if dn is not None:
            return False

        user_id = self._get_next_user_id()
        password_hash = ssha(password)
        key = '%s%s' % (random.randint(0, 9999999), user_name)
        key = sha1(key).hexdigest()

        user = {'cn': user_name,
                'sn': user_name,
                'uid': user_name,
                'uidNumber': str(user_id),
                'userPassword': password_hash,
                'primaryNode': 'weave:',
                'accountStatus': '1',
                'account-enabled': 'Yes',
                'mail': email,
                'mail-verified': key,
                'objectClass': ['dataStore', 'inetOrgPerson']}

        dn = "uidNumber=%i,%s" % (user_id, self.users_root)

        #need a copy with some of the info for the return value
        userobj = User()
        userobj['username'] = user['uid']
        userobj['userid'] = user['uidNumber']
        userobj['mail'] = email
        userobj['dn'] = dn

        #need to turn the user hash into tuples
        user = user.items()

        with self._conn() as conn:
            try:
                res, __ = conn.add_s(dn, user)
            except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                logger.debug('Could not create the user.')
                raise BackendError(str(e))

        if res == ldap.RES_ADD:
            return userobj
        else:
            return False
class LDAPAuth(ResetCodeManager):
    """LDAP authentication."""
    def __init__(self,
                 ldapuri,
                 sqluri,
                 use_tls=False,
                 bind_user='******',
                 bind_password='******',
                 admin_user='******',
                 admin_password='******',
                 users_root='ou=users,dc=mozilla',
                 users_base_dn=None,
                 pool_size=100,
                 pool_recycle=3600,
                 reset_on_return=True,
                 single_box=False,
                 ldap_timeout=-1,
                 nodes_scheme='https',
                 check_account_state=True,
                 create_tables=False,
                 ldap_pool_size=10,
                 ldap_use_pool=False,
                 connector_cls=StateConnector,
                 check_node=False,
                 ldap_max_lifetime=600,
                 **kw):
        self.check_account_state = check_account_state
        self.ldapuri = ldapuri
        self.sqluri = sqluri
        self.bind_user = bind_user
        self.bind_password = bind_password
        self.admin_user = admin_user
        self.admin_password = admin_password
        self.use_tls = use_tls
        self.users_root = users_root
        self.users_base_dn = users_base_dn
        self.single_box = single_box
        self.nodes_scheme = nodes_scheme
        self.ldap_timeout = ldap_timeout
        # by default, the ldap connections use the bind user
        self.conn = ConnectionManager(ldapuri,
                                      bind_user,
                                      bind_password,
                                      use_tls=use_tls,
                                      timeout=ldap_timeout,
                                      size=ldap_pool_size,
                                      use_pool=ldap_use_pool,
                                      connector_cls=connector_cls,
                                      max_lifetime=ldap_max_lifetime)
        sqlkw = {
            'pool_size': int(pool_size),
            'pool_recycle': int(pool_recycle),
            'logging_name': 'weaveserver'
        }

        if self.sqluri is not None:
            driver = urlparse.urlparse(self.sqluri).scheme.lower()
            if "mysql" in driver:
                sqlkw['pool_reset_on_return'] = reset_on_return
            engine = create_engine(sqluri, **sqlkw)
            for table in tables:
                table.metadata.bind = engine
                if create_tables:
                    table.create(checkfirst=True)
        else:
            engine = None

        self.check_node = check_node
        self.logger = CLIENT_HOLDER.default_client
        ResetCodeManager.__init__(self, engine, create_tables=create_tables)

    def _conn(self, bind=None, passwd=None):
        return self.conn.connection(bind, passwd)

    def _purge_conn(self, bind, passwd=None):
        self.conn.purge(bind, passwd=None)

    def _get_dn_by_filter(self, filter):
        dn = self.users_root
        scope = ldap.SCOPE_SUBTREE
        with self._conn() as conn:
            try:
                user = conn.search_st(dn,
                                      scope,
                                      filterstr=filter,
                                      attrlist=[],
                                      timeout=self.ldap_timeout)
            except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                self.logger.debug('Could not get the user info from ldap')
                raise BackendError(str(e))
            except ldap.NO_SUCH_OBJECT:
                return None
示例#3
0
class LDAPAuth(ResetCodeManager):
    """LDAP authentication."""

    def __init__(self, ldapuri, sqluri, use_tls=False, bind_user='******',
                 bind_password='******', admin_user='******',
                 admin_password='******', users_root='ou=users,dc=mozilla',
                 users_base_dn=None, pool_size=100, pool_recycle=3600,
                 reset_on_return=True, single_box=False, ldap_timeout=-1,
                 nodes_scheme='https', check_account_state=True,
                 create_tables=False, ldap_pool_size=10, ldap_use_pool=False,
                 connector_cls=StateConnector, check_node=False,
                 ldap_max_lifetime=600, **kw):
        self.check_account_state = check_account_state
        self.ldapuri = ldapuri
        self.sqluri = sqluri
        self.bind_user = bind_user
        self.bind_password = bind_password
        self.admin_user = admin_user
        self.admin_password = admin_password
        self.use_tls = use_tls
        self.users_root = users_root
        self.users_base_dn = users_base_dn
        self.single_box = single_box
        self.nodes_scheme = nodes_scheme
        self.ldap_timeout = ldap_timeout
        # by default, the ldap connections use the bind user
        self.conn = ConnectionManager(ldapuri, bind_user, bind_password,
                                      use_tls=use_tls, timeout=ldap_timeout,
                                      size=ldap_pool_size,
                                      use_pool=ldap_use_pool,
                                      connector_cls=connector_cls,
                                      max_lifetime=ldap_max_lifetime)
        sqlkw = {'pool_size': int(pool_size),
                 'pool_recycle': int(pool_recycle),
                 'logging_name': 'weaveserver'}

        if self.sqluri is not None:
            driver = urlparse.urlparse(self.sqluri).scheme.lower()
            if "mysql" in driver:
                sqlkw['pool_reset_on_return'] = reset_on_return
            engine = create_engine(sqluri, **sqlkw)
            for table in tables:
                table.metadata.bind = engine
                if create_tables:
                    table.create(checkfirst=True)
        else:
            engine = None

        self.check_node = check_node
        self.logger = CLIENT_HOLDER.default_client
        ResetCodeManager.__init__(self, engine, create_tables=create_tables)

    def _conn(self, bind=None, passwd=None):
        return self.conn.connection(bind, passwd)

    def _purge_conn(self, bind, passwd=None):
        self.conn.purge(bind, passwd=None)

    def _get_dn_by_filter(self, filter):
        dn = self.users_root
        scope = ldap.SCOPE_SUBTREE
        with self._conn() as conn:
            try:
                user = conn.search_st(dn, scope, filterstr=filter,
                                      attrlist=[],
                                      timeout=self.ldap_timeout)
            except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                self.logger.debug('Could not get the user info from ldap')
                raise BackendError(str(e))
            except ldap.NO_SUCH_OBJECT:
                return None
示例#4
0
class LDAPUser(object):
    """LDAP authentication."""
    def __init__(self,
                 ldapuri,
                 allow_new_users=True,
                 users_root='ou=users,dc=mozilla',
                 check_account_state=True,
                 ldap_timeout=10,
                 search_root='dc=mozilla',
                 **kw):
        self.allow_new_users = allow_new_users
        self.check_account_state = check_account_state
        self.users_root = users_root
        self.search_root = search_root
        self.ldap_timeout = ldap_timeout
        self.logger = CLIENT_HOLDER.default_client

        kw.pop("check_node", None)
        self.conn = ConnectionManager(ldapuri, **kw)

    def _conn(self, bind=None, passwd=None):
        return self.conn.connection(bind, passwd)

    def _purge_conn(self, bind, passwd=None):
        self.conn.purge(bind, passwd=None)

    def get_user_id(self, user):
        """Returns the id for a user name"""
        if user.get('userid'):
            return user['userid']

        #getting the dn gets it as a side effect
        self._get_dn(user)
        return user.get('userid')

    def create_user(self, user_name, password, email):
        """Creates a user. Returns a user object on success."""
        if not self.allow_new_users:
            raise BackendError("Creation of new users is disabled")

        # no unicode
        user_name = user_name.encode('utf8')
        password = password.encode('utf8')
        email = email.encode('utf8')

        #First make sure the username isn't taken. There'll still be a race
        #condition, but it's pretty small
        test_user = User()
        test_user['username'] = user_name
        dn = self._get_dn(test_user)
        if dn is not None:
            return False

        user_id = self._get_next_user_id()
        password_hash = ssha(password)
        key = '%s%s' % (random.randint(0, 9999999), user_name)
        key = sha1(key).hexdigest()

        user = {
            'cn': user_name,
            'sn': user_name,
            'uid': user_name,
            'uidNumber': str(user_id),
            'userPassword': password_hash,
            'primaryNode': 'weave:',
            'accountStatus': '1',
            'account-enabled': 'Yes',
            'mail': email,
            'mail-verified': key,
            'objectClass': ['dataStore', 'inetOrgPerson']
        }

        dn = "uidNumber=%i,%s" % (user_id, self.users_root)

        #need a copy with some of the info for the return value
        userobj = User()
        userobj['username'] = user['uid']
        userobj['userid'] = user['uidNumber']
        userobj['mail'] = email
        userobj['dn'] = dn

        #need to turn the user hash into tuples
        user = user.items()

        with self._conn() as conn:
            try:
                res, __ = conn.add_s(dn, user)
            except (ldap.TIMEOUT, ldap.SERVER_DOWN, ldap.OTHER), e:
                self.logger.debug('Could not create the user.')
                raise BackendError(str(e))

        if res == ldap.RES_ADD:
            return userobj
        else:
            return False