Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/pynslcd/passwd.py
blob: e78ff644861597baba4f8b1b61da0b693bba61ee (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

# passwd.py - lookup functions for user account information
#
# Copyright (C) 2010, 2011, 2012 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA

import logging

import cache
import common
import constants


attmap = common.Attributes(uid='uid',
                           userPassword='"*"',
                           uidNumber='uidNumber',
                           gidNumber='gidNumber',
                           gecos='"${gecos:-$cn}"',
                           homeDirectory='homeDirectory',
                           loginShell='loginShell',
                           objectClass='objectClass')
filter = '(objectClass=posixAccount)'


class Search(common.Search):

    case_sensitive = ('uid', 'uidNumber', )
    limit_attributes = ('uid', 'uidNumber', )
    required = ('uid', 'uidNumber', 'gidNumber', 'gecos', 'homeDirectory',
                'loginShell')


class Cache(cache.Cache):
    pass


class PasswdRequest(common.Request):

    def write(self, name, passwd, uid, gid, gecos, home, shell):
        self.fp.write_string(name)
        self.fp.write_string(passwd)
        self.fp.write_uid_t(uid)
        self.fp.write_gid_t(gid)
        self.fp.write_string(gecos)
        self.fp.write_string(home)
        self.fp.write_string(shell)

    def convert(self, dn, attributes, parameters):
        names = attributes['uid']
        if 'shadowAccount' in attributes['objectClass']:
            passwd = 'x'
        else:
            passwd = attributes['userPassword'][0]
        uids = [int(x) for x in attributes['uidNumber']]
        gid = int(attributes['gidNumber'][0])
        gecos = attributes['gecos'][0]
        home = attributes['homeDirectory'][0]
        shell = attributes['loginShell'][0]
        for name in names:
            if not common.isvalidname(name):
                logging.warning('%s: %s: denied by validnames option', dn, attmap['uid'])
            else:
                for uid in uids:
                    yield (name, passwd, uid, gid, gecos, home, shell)


class PasswdByNameRequest(PasswdRequest):

    action = constants.NSLCD_ACTION_PASSWD_BYNAME

    def read_parameters(self, fp):
        name = fp.read_string()
        common.validate_name(name)
        return dict(uid=name)


class PasswdByUidRequest(PasswdRequest):

    action = constants.NSLCD_ACTION_PASSWD_BYUID

    def read_parameters(self, fp):
        return dict(uidNumber=fp.read_uid_t())


class PasswdAllRequest(PasswdRequest):

    action = constants.NSLCD_ACTION_PASSWD_ALL


def uid2entry(conn, uid):
    """Look up the user by uid and return the LDAP entry or None if the user
    was not found."""
    for dn, attributes in Search(conn, parameters=dict(uid=uid)):
        return dn, attributes


def uid2dn(conn, uid):
    """Look up the user by uid and return the DN or None if the user was
    not found."""
    x = uid2entry(conn, uid)
    if x is not None:
        return x[0]

# FIXME: use cache of dn2uid and try to use DN to get uid attribute


def dn2uid(conn, dn):
    """Look up the user by dn and return a uid or None if the user was
    not found."""
    for dn, attributes in Search(conn, base=dn):
        return attributes['uid'][0]