diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2013-08-21 21:52:41 +0200 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2013-08-21 21:52:41 +0200 |
| commit | 7b474d0d1cf1a5c7a7b59e55b29a9778d5925742 (patch) | |
| tree | b6f7cf72f20b3a5dbb4a4fc21962f0f1e6ddde5f /pynslcd | |
| parent | b0358f74944cd5d7e984700d61da989b5f98cb18 (diff) | |
Have pynslcd handle mapped userPassword
This fixes an error that could occur when the userPassword was retrieved
from LDAP and insufficient privileges were available for reading the
attribute.
Diffstat (limited to 'pynslcd')
| -rw-r--r-- | pynslcd/group.py | 9 | ||||
| -rw-r--r-- | pynslcd/passwd.py | 7 | ||||
| -rw-r--r-- | pynslcd/shadow.py | 5 |
3 files changed, 17 insertions, 4 deletions
diff --git a/pynslcd/group.py b/pynslcd/group.py index 965148d..375af57 100644 --- a/pynslcd/group.py +++ b/pynslcd/group.py @@ -139,8 +139,13 @@ class GroupRequest(common.Request): def convert(self, dn, attributes, parameters): # get group names and check against requested group name names = attributes['cn'] - # get group group password - passwd = attributes['userPassword'][0] + # get group password + try: + passwd = attributes['userPassword'][0] + except IndexError: + passwd = None + if not passwd or self.calleruid != 0: + passwd = '*' # get group id(s) gids = [int(x) for x in attributes['gidNumber']] # build member list diff --git a/pynslcd/passwd.py b/pynslcd/passwd.py index a5e4d1f..d65e556 100644 --- a/pynslcd/passwd.py +++ b/pynslcd/passwd.py @@ -77,7 +77,12 @@ class PasswdRequest(common.Request): if 'shadowAccount' in attributes['objectClass']: passwd = 'x' else: - passwd = attributes['userPassword'][0] + try: + passwd = attributes['userPassword'][0] + except IndexError: + passwd = None + if not passwd or self.calleruid != 0: + passwd = '*' uids = [int(x) for x in attributes['uidNumber']] gid = int(attributes['gidNumber'][0]) gecos = attributes['gecos'][0] diff --git a/pynslcd/shadow.py b/pynslcd/shadow.py index 5fd0aa9..89dbbfa 100644 --- a/pynslcd/shadow.py +++ b/pynslcd/shadow.py @@ -76,7 +76,10 @@ class ShadowRequest(common.Request): def convert(self, dn, attributes, parameters): names = attributes['uid'] - passwd = attributes['userPassword'][0] + try: + passwd = attributes['userPassword'][0] + except IndexError: + passwd = None if not passwd or self.calleruid != 0: passwd = '*' # function for making an int |