# group.py - group entry lookup routines # # Copyright (C) 2010, 2011, 2012, 2013 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA import itertools import logging from passwd import dn2uid, uid2dn import cache import common import constants import search def clean(lst): if lst: for i in lst: yield i.replace('\0', '') attmap = common.Attributes(cn='cn', userPassword='"*"', gidNumber='gidNumber', memberUid='memberUid', member='member') filter = '(objectClass=posixGroup)' class Search(search.LDAPSearch): case_sensitive = ('cn', ) limit_attributes = ('cn', 'gidNumber') def __init__(self, *args, **kwargs): super(Search, self).__init__(*args, **kwargs) if 'memberUid' in self.parameters: # set up our own attributes that leave out membership attributes self.attributes = list(self.attributes) self.attributes.remove(attmap['memberUid']) self.attributes.remove(attmap['member']) def mk_filter(self): # we still need a custom mk_filter because this is an | query if attmap['member'] and 'memberUid' in self.parameters: memberuid = self.parameters['memberUid'] dn = uid2dn(self.conn, memberuid) if dn: return '(&%s(|(%s=%s)(%s=%s)))' % (self.filter, attmap['memberUid'], self.escape(memberuid), attmap['member'], self.escape(dn)) return super(Search, self).mk_filter() class Cache(cache.Cache): retrieve_sql = ''' SELECT `cn`, `userPassword`, `gidNumber`, `memberUid` FROM `group_cache` LEFT JOIN `group_3_cache` ON `group_3_cache`.`group` = `group_cache`.`cn` ''' def retrieve(self, parameters): query = cache.Query(self.retrieve_sql, parameters) # return results returning the members as a set q = itertools.groupby(query.execute(self.con), key=lambda x: (x['cn'], x['userPassword'], x['gidNumber'])) for k, v in q: yield k + (set(x['memberUid'] for x in v if x['memberUid'] is not None), ) class GroupRequest(common.Request): def write(self, name, passwd, gid, members): self.fp.write_string(name) self.fp.write_string(passwd) self.fp.write_int32(gid) self.fp.write_stringlist(members) def convert(self, dn, attributes, parameters): # get group names and check against requested group name names = attributes['cn'] # get group group password passwd = attributes['userPassword'][0] # get group id(s) gids = [int(x) for x in attributes['gidNumber']] # build member list members = set() # add the memberUid values for member in clean(attributes['memberUid']): if common.isvalidname(member): members.add(member) # translate and add the member values for memberdn in clean(attributes['member']): member = dn2uid(self.conn, memberdn) if member and common.isvalidname(member): members.add(member) # actually return the results for name in names: if not common.isvalidname(name): logging.warning('%s: %s: denied by validnames option', dn, attmap['cn']) else: for gid in gids: yield (name, passwd, gid, members) class GroupByNameRequest(GroupRequest): action = constants.NSLCD_ACTION_GROUP_BYNAME def read_parameters(self, fp): name = fp.read_string() common.validate_name(name) return dict(cn=name) class GroupByGidRequest(GroupRequest): action = constants.NSLCD_ACTION_GROUP_BYGID def read_parameters(self, fp): return dict(gidNumber=fp.read_int32()) class GroupByMemberRequest(GroupRequest): action = constants.NSLCD_ACTION_GROUP_BYMEMBER def read_parameters(self, fp): memberuid = fp.read_string() common.validate_name(memberuid) return dict(memberUid=memberuid) class GroupAllRequest(GroupRequest): action = constants.NSLCD_ACTION_GROUP_ALL