From 7b474d0d1cf1a5c7a7b59e55b29a9778d5925742 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Wed, 21 Aug 2013 21:52:41 +0200
Subject: Have pynslcd handle mapped userPassword

This fixes an error that could occur when the userPassword was retrieved
from LDAP and insufficient privileges were available for reading the
attribute.
---
 pynslcd/group.py  | 9 +++++++--
 pynslcd/passwd.py | 7 ++++++-
 pynslcd/shadow.py | 5 ++++-
 3 files changed, 17 insertions(+), 4 deletions(-)

(limited to 'pynslcd')

diff --git a/pynslcd/group.py b/pynslcd/group.py
index 965148d..375af57 100644
--- a/pynslcd/group.py
+++ b/pynslcd/group.py
@@ -139,8 +139,13 @@ class GroupRequest(common.Request):
     def convert(self, dn, attributes, parameters):
         # get group names and check against requested group name
         names = attributes['cn']
-        # get group group password
-        passwd = attributes['userPassword'][0]
+        # get group password
+        try:
+            passwd = attributes['userPassword'][0]
+        except IndexError:
+            passwd = None
+        if not passwd or self.calleruid != 0:
+            passwd = '*'
         # get group id(s)
         gids = [int(x) for x in attributes['gidNumber']]
         # build member list
diff --git a/pynslcd/passwd.py b/pynslcd/passwd.py
index a5e4d1f..d65e556 100644
--- a/pynslcd/passwd.py
+++ b/pynslcd/passwd.py
@@ -77,7 +77,12 @@ class PasswdRequest(common.Request):
         if 'shadowAccount' in attributes['objectClass']:
             passwd = 'x'
         else:
-            passwd = attributes['userPassword'][0]
+            try:
+                passwd = attributes['userPassword'][0]
+            except IndexError:
+                passwd = None
+            if not passwd or self.calleruid != 0:
+                passwd = '*'
         uids = [int(x) for x in attributes['uidNumber']]
         gid = int(attributes['gidNumber'][0])
         gecos = attributes['gecos'][0]
diff --git a/pynslcd/shadow.py b/pynslcd/shadow.py
index 5fd0aa9..89dbbfa 100644
--- a/pynslcd/shadow.py
+++ b/pynslcd/shadow.py
@@ -76,7 +76,10 @@ class ShadowRequest(common.Request):
 
     def convert(self, dn, attributes, parameters):
         names = attributes['uid']
-        passwd = attributes['userPassword'][0]
+        try:
+            passwd = attributes['userPassword'][0]
+        except IndexError:
+            passwd = None
         if not passwd or self.calleruid != 0:
             passwd = '*'
         # function for making an int
-- 
cgit v1.2.3