From 5f32ec0a16b5a07c401493032c7402a8289a2878 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Wed, 29 Dec 2010 21:50:17 +0000
Subject: add an experimental (currently partial) Python implementation of
 nslcd to see if we can get the same features with easier to maintain code

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1347 ef36b2f9-881f-0410-afb5-c4e39611909c
---
 pynslcd/group.py | 174 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 174 insertions(+)
 create mode 100644 pynslcd/group.py

(limited to 'pynslcd/group.py')

diff --git a/pynslcd/group.py b/pynslcd/group.py
new file mode 100644
index 0000000..4f85441
--- /dev/null
+++ b/pynslcd/group.py
@@ -0,0 +1,174 @@
+
+# group.py - group entry lookup routines
+#
+# Copyright (C) 2010 Arthur de Jong
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA
+
+import constants
+import common
+import cfg
+
+import logging
+import ldap
+import ldap.filter
+
+
+def clean(lst):
+    for i in lst:
+        yield i.replace('\0', '')
+
+class GroupRequest(common.Request):
+
+    filter = '(|(objectClass=posixGroup)(objectClass=groupOfUniqueNames))'
+
+    attmap_group_cn           = 'cn'
+    attmap_group_userPassword = 'userPassword'
+    attmap_group_gidNumber    = 'gidNumber'
+    attmap_group_memberUid    = 'memberUid'
+    attmap_group_uniqueMember = 'uniqueMember'
+
+    attributes = ( 'cn', 'userPassword', 'gidNumber', 'memberUid',
+                   'uniqueMember' )
+
+    wantmembers = True
+
+    def write(self, entry):
+        dn, attributes = entry
+        # get uid attribute and check against requested user name
+        names = attributes.get('uid', [])
+        if self.name:
+            if self.name not in names:
+                return
+            names = ( self.name, )
+        # get user password entry
+        passwd = '*'
+        # get numeric user and group ids
+        uids = ( self.uid, ) if self.uid else attributes.get(self.attmap_group_uidNumber, [])
+        uids = [ int(x) for x in uids ]
+        ( gid, ) = attributes[self.attmap_group_gidNumber]
+        gid = int(gid)
+        # FIXME: use expression here
+        gecos = attributes.get(self.attmap_group_gecos, [None])[0] or attributes.get(self.attmap_group_cn, [''])[0]
+        ( home, ) = attributes.get(self.attmap_group_homeDirectory, [''])
+        ( shell, ) = attributes.get(self.attmap_group_loginShell, [''])
+        for name in names:
+            if not common.isvalidname(name):
+                print 'Warning: group entry %s contains invalid user name: "%s"' % ( dn, name )
+            else:
+                for uid in uids:
+                    self.fp.write_int32(constants.NSLCD_RESULT_BEGIN)
+                    self.fp.write_string(name)
+                    self.fp.write_string(passwd)
+                    self.fp.write_uid_t(uid)
+                    self.fp.write_gid_t(gid)
+                    self.fp.write_string(gecos)
+                    self.fp.write_string(home)
+                    self.fp.write_string(shell)
+
+    def write(self, entry):
+        dn, attributes = entry
+        # get group names and check against requested group name
+        names = attributes.get(self.attmap_group_cn, [])
+        if self.name:
+            if self.name not in names:
+                return
+            names = ( self.name, )
+        # get group group password
+        ( passwd, ) = attributes.get(self.attmap_group_userPassword, ['*'])
+        # get group id(s)
+        gids = ( self.gid, ) if self.gid else attributes.get(self.attmap_group_gidNumber, [])
+        gids = [ int(x) for x in gids ]
+        # build member list
+        members = set()
+        if self.wantmembers:
+            # add the memberUid values
+            for member in clean(attributes.get(self.attmap_group_memberUid, [])):
+                #print 'found member %r' % member
+                if common.isvalidname(member):
+                    members.add(member)
+            # translate and add the uniqueMember values
+            from passwd import dn2uid
+            for memberdn in clean(attributes.get(self.attmap_group_uniqueMember, [])):
+                member = dn2uid(self.conn, memberdn)
+                #print 'found memberdn %r, member=%r' % ( memberdn, member)
+                if member:
+                    members.add(member)
+        # actually return the results
+        for name in names:
+            if not common.isvalidname(name):
+                print 'Warning: group entry %s contains invalid group name: "%s"' % ( dn, name )
+            else:
+                for gid in gids:
+                    self.fp.write_int32(constants.NSLCD_RESULT_BEGIN)
+                    self.fp.write_string(name)
+                    self.fp.write_string(passwd)
+                    self.fp.write_gid_t(gid)
+                    self.fp.write_stringlist(members)
+
+
+class GroupByNameRequest(GroupRequest):
+
+    action = constants.NSLCD_ACTION_GROUP_BYNAME
+
+    def read_parameters(self):
+        self.name = self.fp.read_string()
+        common.validate_name(self.name)
+
+    def mk_filter(self):
+        return '(&%s(%s=%s))' % ( self.filter,
+                  self.attmap_group_cn, ldap.filter.escape_filter_chars(self.name) )
+
+
+class GroupByGidRequest(GroupRequest):
+
+    action = constants.NSLCD_ACTION_GROUP_BYGID
+
+    def read_parameters(self):
+        self.gid = self.fp.read_gid_t()
+
+    def mk_filter(self):
+        return '(&%s(%s=%d))' % ( self.filter,
+                  self.attmap_group_gidNumber, self.gid )
+
+
+class GroupByMemberRequest(GroupRequest):
+
+    action = constants.NSLCD_ACTION_GROUP_BYMEMBER
+    wantmembers = False
+    attributes = ( 'cn', 'userPassword', 'gidNumber' )
+
+    def read_parameters(self):
+        self.memberuid = self.fp.read_string()
+        common.validate_name(self.memberuid)
+
+    def mk_filter(self):
+        # try to translate uid to DN
+        # TODO: only do this if memberuid attribute is mapped
+        import passwd
+        dn = passwd.uid2dn(self.conn, self.memberuid)
+        if dn:
+            return '(&%s(|(%s=%s)(%s=%s)))' % ( self.filter,
+                      self.attmap_group_memberUid, ldap.filter.escape_filter_chars(self.memberuid),
+                      self.attmap_group_uniqueMember, ldap.filter.escape_filter_chars(dn) )
+        else:
+            return '(&%s(%s=%s))' % ( self.filter,
+                      self.attmap_group_memberUid, ldap.filter.escape_filter_chars(self.memberuid) )
+
+
+class GroupAllRequest(GroupRequest):
+
+    action = constants.NSLCD_ACTION_GROUP_ALL
-- 
cgit v1.2.3