LILiK
/
lilik_users3
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
LILiK login and user managment web interface
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
81 KiB
Tree: 2d8f019617
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2d8f019617'
${ noResults }
lilik_users3/lilikusers.py

199 lines
8.8 KiB
Raw Normal View History

api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
permit password change
7 years ago
api works, admin check not implemented yet
8 years ago
permit password change
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
unauthenticated errors string
7 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
permit password change
7 years ago
api works, admin check not implemented yet
8 years ago
permit password change
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
 
  1. #!/bin/usr/env python3
  2. import ldap3
  3. import utils
  4. import config
  5. import time
  6. 

  7. def check_result(conn):
  8.     if conn.result['result'] != 0: #see https://www.ietf.org/rfc/rfc4511.txt 4.1.9
  9.         raise RuntimeError(str(conn.result))
  10. 

  11. def connection_decorator(f):
  12.     with ldap3.Connection(config.SERVER, auto_bind=True, client_strategy=ldap3.STRATEGY_SYNC_RESTARTABLE) as conn:
  13.         def wrapped_f(*args, **kwargs):
  14.             return f(args[0], conn, *args[1:], **kwargs)
  15.         return wrapped_f
  16. 

  17. def admin_connection_decorator(f):
  18.     with ldap3.Connection(config.SERVER, user=config.ADMIN_CN, password=config.ADMIN_PASSWORD, auto_bind=True, client_strategy=ldap3.STRATEGY_SYNC_RESTARTABLE) as conn:
  19.         def wrapped_f(*args, **kwargs):
  20.             return f(args[0], conn, *args[1:], **kwargs)
  21.         return wrapped_f
  22. 

  23. class LILiK_USER(object):
  24.     _attributes = ['cn']
  25.     _read_only_attributes = ['uid']
  26.     _flags = {'mail': 'accountActive'}
  27.     _hosts = ['ltsp',
  28.     		 'users']
  29.     _groups = ['admin',
  30.     			'wiki',
  31.     			'lilik.it',
  32.     			'cloud',
  33.     			'projects',
  34.     			'teambox',
  35.     			'im']
  36.     _posix_groups = ['users_sites']
  37.     def __init__(self, entry, posix_groups):
  38.         results = {}
  39.         for attribute in self._attributes + self._read_only_attributes:
  40.             self.__setattr__(attribute, str(entry.__getattr__(attribute)))
  41.         services = {}
  42. 

  43.         for service, flag in self._flags.items():
  44.             services[service] = flag in entry and str(entry[flag]) == 'TRUE'
  45.         for host in self._hosts:
  46.             services[host] = 'host' in entry and host in entry['host']
  47.         for group in self._groups:
  48.             services[group] = 'memberOf' in entry and utils.ldap_path("cn=%s"%utils.clean_value(group), config.GROUP, config.DOMAIN) in list(entry['memberOf'])
  49.         for posix_group in self._posix_groups:
  50.             services[posix_group] = posix_group in posix_groups and str(entry.uid) in list(posix_groups[posix_group])
  51.         self.__setattr__('services', services)
  52. 

  53.     def to_json(self):
  54.         return json.dumps(self, default=lambda o: o.__dict__,)
  55. 

  56.     def to_dict(self):
  57.         return self.__dict__
  58. 

  59.     @admin_connection_decorator
  60.     def diff(self, conn, new_lilik_user):
  61.         user_cn = utils.ldap_path('uid=%s'%self.uid, config.PEOPLE, config.DOMAIN)
  62.         return utils.DictDiffer(new_lilik_user, self.__dict__)
  63. 

  64.     @admin_connection_decorator
  65.     def update(self, conn, new_lilik_user):
  66.         user_cn = utils.ldap_path('uid=%s'%self.uid, config.PEOPLE, config.DOMAIN)
  67.         diff = utils.DictDiffer(new_lilik_user, self.__dict__)
  68.         modifiers = {user_cn: {}}
  69.         if 'userPassword' in diff.added() and new_lilik_user['userPassword']:
  70.             modifiers[user_cn]['userPassword'] = [(ldap3.MODIFY_REPLACE, [new_lilik_user['userPassword']])] #TODO add hash encryption?
  71.         for changed in diff.changed():
  72.             if changed == 'services':
  73.                 services_diff = utils.DictDiffer(self.__dict__[changed], new_lilik_user[changed])
  74.                 for service_changed in services_diff.changed():
  75.                     if service_changed in self._flags:
  76.                         flag = self._flags[service_changed]
  77.                         modifiers[user_cn][flag] = [(ldap3.MODIFY_REPLACE, [str(new_lilik_user['services'][service_changed]).upper()])]
  78. 

  79.                     elif service_changed in self._hosts:
  80.                         action = ldap3.MODIFY_ADD if new_lilik_user['services'][service_changed] else ldap3.MODIFY_DELETE
  81.                         modifiers[user_cn]['host'] = [(action, [service_changed])]
  82. 

  83.                     elif service_changed in self._groups:
  84.                         group_cn = utils.ldap_path('cn=%s'%service_changed, config.GROUP, config.DOMAIN)
  85.                         action = ldap3.MODIFY_ADD if new_lilik_user['services'][service_changed] else ldap3.MODIFY_DELETE
  86.                         modifiers[group_cn] = {'member': [(action, [user_cn])]}
  87. 

  88.                     elif service_changed in self._posix_groups:
  89.                         group_cn = utils.ldap_path('cn=%s'%service_changed, config.GROUP, config.DOMAIN)
  90.                         action = ldap3.MODIFY_ADD if new_lilik_user['services'][service_changed] else ldap3.MODIFY_DELETE
  91.                         modifiers[group_cn] = {'memberUid': [(action, [self.uid])]}
  92.                     else:
  93.                         raise NameError('Unknown user attribute: %s'%service_changed)
  94.             elif changed in self._attributes:
  95.                 if changed == 'cn':
  96.                     try:
  97.                         firstname, surname = new_lilik_user[changed].strip().rsplit(' ', 1)
  98.                     except ValueError:
  99.                         firstname = new_lilik_user[changed].strip()
  100.                         surname = " "
  101.                     modifiers[user_cn]['sn'] = [(ldap3.MODIFY_REPLACE, [surname])]
  102.                     modifiers[user_cn]['givenname'] = [(ldap3.MODIFY_REPLACE, [firstname])]
  103.                 modifiers[user_cn][changed] = [(ldap3.MODIFY_REPLACE, [new_lilik_user[changed]])]
  104.         for entry_cn, modifier in modifiers.items():
  105.             print(modifier.keys())
  106.             if modifier:
  107.                 if 'userPassword' in modifier.keys():
  108.                     print(entry_cn, list(modifier.keys())[0], '****** (HIDDEN)')
  109.                 else:
  110.                     print(entry_cn, modifier)
  111.                 conn.modify(entry_cn, modifier)
  112.                 check_result(conn)
  113.                 print(conn.result)
  114.                 if conn.result['result'] != 0:
  115.                     return False
  116.         return True
  117. 

  118. class LILiK_LDAP(object):
  119. 

  120.     def login(self, user_name, password):
  121.         bind_dn = utils.ldap_path('uid=%s'%utils.clean_user_name(user_name), config.PEOPLE, config.DOMAIN)
  122.         c = ldap3.Connection(config.SERVER, user=bind_dn, password=password)
  123.         return c.bind()
  124. 

  125.     @admin_connection_decorator
  126.     def get_users(self, conn):
  127.         conn.search(utils.ldap_path(config.PEOPLE, config.DOMAIN), '(objectclass=posixAccount)', attributes=['uid'])
  128.         check_result(conn)
  129.         return [str(a.uid) for a in conn.entries]
  130. 

  131.     @admin_connection_decorator
  132.     def get_user(self, conn, user_name):
  133.         conn.search(utils.ldap_path(config.PEOPLE, config.DOMAIN), '(&(objectclass=posixAccount)(uid=%s))'%utils.clean_user_name(user_name), attributes=['*', 'memberOf'])
  134.         check_result(conn)
  135.         if len(conn.entries) == 0:
  136.             raise IndexError("no user found for %s"%user_name)
  137.         entry = conn.entries[0]
  138.         return LILiK_USER(entry, self.get_posix_groups())
  139. 

  140.     @connection_decorator
  141.     def get_max_uidnumber(self, conn):
  142.         conn.search(utils.ldap_path(config.PEOPLE, config.DOMAIN),
  143.            "(objectClass=posixAccount)",
  144.            attributes=['uidnumber'])
  145.         check_result(conn)
  146.         max = 0
  147.         for entry in conn.response:
  148.             max = int(entry['attributes']['uidnumber'][0]) if int(entry['attributes']['uidnumber'][0]) > max else max
  149.         return max
  150. 

  151.     @admin_connection_decorator
  152.     def new_user(self, conn, user_dict):
  153.         username = utils.clean_user_name(user_dict['uid'])
  154.         user_dn = "uid=%s,o=People,dc=lilik,dc=it"%username
  155.         mail_dn = "mail=%s,vd=lilik.it,o=hosting,dc=lilik,dc=it"%username
  156.         # print("delete user")
  157.         # conn.delete(user_dn)
  158.         # print("delete mail")
  159.         # conn.delete(mail_dn)
  160.         print(" creating")
  161.         conn.add(user_dn,
  162.                 ['top', 'inetOrgPerson', 'VirtualMailAccount', 'posixAccount', 'shadowAccount'],
  163.                 {'accountactive': "FALSE",
  164.                 'cn': 'undefined',
  165.                 'delete': "FALSE",
  166.                 'gidnumber': 100,
  167.                 'givenname': 'undefined',
  168.                 'homedirectory': "/home/%s"%username,
  169.                 'loginshell': '/bin/bash',
  170.                 'mail': username,
  171.                 'othertransport': 'phamm:',
  172.                 'quota': 1024000,
  173.                 'smtpauth': "FALSE",
  174.                 'sn': 'undefined',
  175.                 'uid': username,
  176.                 'uidnumber': self.get_max_uidnumber() + 1,
  177.                 'userpassword': '',
  178.                 'vdhome': 'undefined',
  179.                 'mailbox': 'undefined',
  180.                 'lastChange': int(time.time())}
  181.                 )
  182.         check_result(conn)
  183.         print(conn.result)
  184.         print("user created")
  185.         conn.add(mail_dn,
  186.                 ['alias', 'extensibleObject'],
  187.                 {'aliasedobjectname': user_dn}
  188.                 )
  189.         check_result(conn)
  190.         print(conn.result)
  191. 

  192.     @connection_decorator
  193.     def get_posix_groups(self, conn):
  194.         conn.search(utils.ldap_path(config.GROUP, config.DOMAIN), '(objectclass=posixGroup)', attributes=['*'])
  195.         check_result(conn)
  196.         results = {}
  197.         for group in conn.entries:
  198.             results[str(group.cn)] = list(group.memberUid) if 'memberUid' in group else []
  199.         return results