# group.py - group entry lookup routines
#
# Copyright (C) 2010 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA
import constants
import common
import cfg
import logging
import ldap
import ldap.filter
def clean(lst):
for i in lst:
yield i.replace('\0', '')
class GroupRequest(common.Request):
filter = '(|(objectClass=posixGroup)(objectClass=groupOfUniqueNames))'
attmap_group_cn = 'cn'
attmap_group_userPassword = 'userPassword'
attmap_group_gidNumber = 'gidNumber'
attmap_group_memberUid = 'memberUid'
attmap_group_uniqueMember = 'uniqueMember'
attributes = ( 'cn', 'userPassword', 'gidNumber', 'memberUid',
'uniqueMember' )
wantmembers = True
def write(self, entry):
dn, attributes = entry
# get uid attribute and check against requested user name
names = attributes.get('uid', [])
if self.name:
if self.name not in names:
return
names = ( self.name, )
# get user password entry
passwd = '*'
# get numeric user and group ids
uids = ( self.uid, ) if self.uid else attributes.get(self.attmap_group_uidNumber, [])
uids = [ int(x) for x in uids ]
( gid, ) = attributes[self.attmap_group_gidNumber]
gid = int(gid)
# FIXME: use expression here
gecos = attributes.get(self.attmap_group_gecos, [None])[0] or attributes.get(self.attmap_group_cn, [''])[0]
( home, ) = attributes.get(self.attmap_group_homeDirectory, [''])
( shell, ) = attributes.get(self.attmap_group_loginShell, [''])
for name in names:
if not common.isvalidname(name):
print 'Warning: group entry %s contains invalid user name: "%s"' % ( dn, name )
else:
for uid in uids:
self.fp.write_int32(constants.NSLCD_RESULT_BEGIN)
self.fp.write_string(name)
self.fp.write_string(passwd)
self.fp.write_uid_t(uid)
self.fp.write_gid_t(gid)
self.fp.write_string(gecos)
self.fp.write_string(home)
self.fp.write_string(shell)
def write(self, entry):
dn, attributes = entry
# get group names and check against requested group name
names = attributes.get(self.attmap_group_cn, [])
if self.name:
if self.name not in names:
return
names = ( self.name, )
# get group group password
( passwd, ) = attributes.get(self.attmap_group_userPassword, ['*'])
# get group id(s)
gids = ( self.gid, ) if self.gid else attributes.get(self.attmap_group_gidNumber, [])
gids = [ int(x) for x in gids ]
# build member list
members = set()
if self.wantmembers:
# add the memberUid values
for member in clean(attributes.get(self.attmap_group_memberUid, [])):
#print 'found member %r' % member
if common.isvalidname(member):
members.add(member)
# translate and add the uniqueMember values
from passwd import dn2uid
for memberdn in clean(attributes.get(self.attmap_group_uniqueMember, [])):
member = dn2uid(self.conn, memberdn)
#print 'found memberdn %r, member=%r' % ( memberdn, member)
if member:
members.add(member)
# actually return the results
for name in names:
if not common.isvalidname(name):
print 'Warning: group entry %s contains invalid group name: "%s"' % ( dn, name )
else:
for gid in gids:
self.fp.write_int32(constants.NSLCD_RESULT_BEGIN)
self.fp.write_string(name)
self.fp.write_string(passwd)
self.fp.write_gid_t(gid)
self.fp.write_stringlist(members)
class GroupByNameRequest(GroupRequest):
action = constants.NSLCD_ACTION_GROUP_BYNAME
def read_parameters(self):
self.name = self.fp.read_string()
common.validate_name(self.name)
def mk_filter(self):
return '(&%s(%s=%s))' % ( self.filter,
self.attmap_group_cn, ldap.filter.escape_filter_chars(self.name) )
class GroupByGidRequest(GroupRequest):
action = constants.NSLCD_ACTION_GROUP_BYGID
def read_parameters(self):
self.gid = self.fp.read_gid_t()
def mk_filter(self):
return '(&%s(%s=%d))' % ( self.filter,
self.attmap_group_gidNumber, self.gid )
class GroupByMemberRequest(GroupRequest):
action = constants.NSLCD_ACTION_GROUP_BYMEMBER
wantmembers = False
attributes = ( 'cn', 'userPassword', 'gidNumber' )
def read_parameters(self):
self.memberuid = self.fp.read_string()
common.validate_name(self.memberuid)
def mk_filter(self):
# try to translate uid to DN
# TODO: only do this if memberuid attribute is mapped
import passwd
dn = passwd.uid2dn(self.conn, self.memberuid)
if dn:
return '(&%s(|(%s=%s)(%s=%s)))' % ( self.filter,
self.attmap_group_memberUid, ldap.filter.escape_filter_chars(self.memberuid),
self.attmap_group_uniqueMember, ldap.filter.escape_filter_chars(dn) )
else:
return '(&%s(%s=%s))' % ( self.filter,
self.attmap_group_memberUid, ldap.filter.escape_filter_chars(self.memberuid) )
class GroupAllRequest(GroupRequest):
action = constants.NSLCD_ACTION_GROUP_ALL