Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/pynslcd/group.py
diff options
context:
space:
mode:
authorArthur de Jong <arthur@arthurdejong.org>2010-12-29 22:50:17 +0100
committerArthur de Jong <arthur@arthurdejong.org>2010-12-29 22:50:17 +0100
commit5f32ec0a16b5a07c401493032c7402a8289a2878 (patch)
tree8d3248e2ffa6b777136c7797d36ba9f631f41dd1 /pynslcd/group.py
parenta215b08a303a1412b645f00c5ee139671be9fbbb (diff)
add an experimental (currently partial) Python implementation of nslcd to see if we can get the same features with easier to maintain code
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1347 ef36b2f9-881f-0410-afb5-c4e39611909c
Diffstat (limited to 'pynslcd/group.py')
-rw-r--r--pynslcd/group.py174
1 files changed, 174 insertions, 0 deletions
diff --git a/pynslcd/group.py b/pynslcd/group.py
new file mode 100644
index 0000000..4f85441
--- /dev/null
+++ b/pynslcd/group.py
@@ -0,0 +1,174 @@
+
+# group.py - group entry lookup routines
+#
+# Copyright (C) 2010 Arthur de Jong
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA
+
+import constants
+import common
+import cfg
+
+import logging
+import ldap
+import ldap.filter
+
+
+def clean(lst):
+ for i in lst:
+ yield i.replace('\0', '')
+
+class GroupRequest(common.Request):
+
+ filter = '(|(objectClass=posixGroup)(objectClass=groupOfUniqueNames))'
+
+ attmap_group_cn = 'cn'
+ attmap_group_userPassword = 'userPassword'
+ attmap_group_gidNumber = 'gidNumber'
+ attmap_group_memberUid = 'memberUid'
+ attmap_group_uniqueMember = 'uniqueMember'
+
+ attributes = ( 'cn', 'userPassword', 'gidNumber', 'memberUid',
+ 'uniqueMember' )
+
+ wantmembers = True
+
+ def write(self, entry):
+ dn, attributes = entry
+ # get uid attribute and check against requested user name
+ names = attributes.get('uid', [])
+ if self.name:
+ if self.name not in names:
+ return
+ names = ( self.name, )
+ # get user password entry
+ passwd = '*'
+ # get numeric user and group ids
+ uids = ( self.uid, ) if self.uid else attributes.get(self.attmap_group_uidNumber, [])
+ uids = [ int(x) for x in uids ]
+ ( gid, ) = attributes[self.attmap_group_gidNumber]
+ gid = int(gid)
+ # FIXME: use expression here
+ gecos = attributes.get(self.attmap_group_gecos, [None])[0] or attributes.get(self.attmap_group_cn, [''])[0]
+ ( home, ) = attributes.get(self.attmap_group_homeDirectory, [''])
+ ( shell, ) = attributes.get(self.attmap_group_loginShell, [''])
+ for name in names:
+ if not common.isvalidname(name):
+ print 'Warning: group entry %s contains invalid user name: "%s"' % ( dn, name )
+ else:
+ for uid in uids:
+ self.fp.write_int32(constants.NSLCD_RESULT_BEGIN)
+ self.fp.write_string(name)
+ self.fp.write_string(passwd)
+ self.fp.write_uid_t(uid)
+ self.fp.write_gid_t(gid)
+ self.fp.write_string(gecos)
+ self.fp.write_string(home)
+ self.fp.write_string(shell)
+
+ def write(self, entry):
+ dn, attributes = entry
+ # get group names and check against requested group name
+ names = attributes.get(self.attmap_group_cn, [])
+ if self.name:
+ if self.name not in names:
+ return
+ names = ( self.name, )
+ # get group group password
+ ( passwd, ) = attributes.get(self.attmap_group_userPassword, ['*'])
+ # get group id(s)
+ gids = ( self.gid, ) if self.gid else attributes.get(self.attmap_group_gidNumber, [])
+ gids = [ int(x) for x in gids ]
+ # build member list
+ members = set()
+ if self.wantmembers:
+ # add the memberUid values
+ for member in clean(attributes.get(self.attmap_group_memberUid, [])):
+ #print 'found member %r' % member
+ if common.isvalidname(member):
+ members.add(member)
+ # translate and add the uniqueMember values
+ from passwd import dn2uid
+ for memberdn in clean(attributes.get(self.attmap_group_uniqueMember, [])):
+ member = dn2uid(self.conn, memberdn)
+ #print 'found memberdn %r, member=%r' % ( memberdn, member)
+ if member:
+ members.add(member)
+ # actually return the results
+ for name in names:
+ if not common.isvalidname(name):
+ print 'Warning: group entry %s contains invalid group name: "%s"' % ( dn, name )
+ else:
+ for gid in gids:
+ self.fp.write_int32(constants.NSLCD_RESULT_BEGIN)
+ self.fp.write_string(name)
+ self.fp.write_string(passwd)
+ self.fp.write_gid_t(gid)
+ self.fp.write_stringlist(members)
+
+
+class GroupByNameRequest(GroupRequest):
+
+ action = constants.NSLCD_ACTION_GROUP_BYNAME
+
+ def read_parameters(self):
+ self.name = self.fp.read_string()
+ common.validate_name(self.name)
+
+ def mk_filter(self):
+ return '(&%s(%s=%s))' % ( self.filter,
+ self.attmap_group_cn, ldap.filter.escape_filter_chars(self.name) )
+
+
+class GroupByGidRequest(GroupRequest):
+
+ action = constants.NSLCD_ACTION_GROUP_BYGID
+
+ def read_parameters(self):
+ self.gid = self.fp.read_gid_t()
+
+ def mk_filter(self):
+ return '(&%s(%s=%d))' % ( self.filter,
+ self.attmap_group_gidNumber, self.gid )
+
+
+class GroupByMemberRequest(GroupRequest):
+
+ action = constants.NSLCD_ACTION_GROUP_BYMEMBER
+ wantmembers = False
+ attributes = ( 'cn', 'userPassword', 'gidNumber' )
+
+ def read_parameters(self):
+ self.memberuid = self.fp.read_string()
+ common.validate_name(self.memberuid)
+
+ def mk_filter(self):
+ # try to translate uid to DN
+ # TODO: only do this if memberuid attribute is mapped
+ import passwd
+ dn = passwd.uid2dn(self.conn, self.memberuid)
+ if dn:
+ return '(&%s(|(%s=%s)(%s=%s)))' % ( self.filter,
+ self.attmap_group_memberUid, ldap.filter.escape_filter_chars(self.memberuid),
+ self.attmap_group_uniqueMember, ldap.filter.escape_filter_chars(dn) )
+ else:
+ return '(&%s(%s=%s))' % ( self.filter,
+ self.attmap_group_memberUid, ldap.filter.escape_filter_chars(self.memberuid) )
+
+
+class GroupAllRequest(GroupRequest):
+
+ action = constants.NSLCD_ACTION_GROUP_ALL