LILiK
/
lilik_users3
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
LILiK login and user managment web interface
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
81 KiB
Tree: 713ba216e9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '713ba216e9'
${ noResults }
lilik_users3/lilikusers.py

201 lines
8.8 KiB
Raw Normal View History

api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
permit password change
7 years ago
api works, admin check not implemented yet
8 years ago
permit password change
7 years ago
add password hashing to changes to user
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
unauthenticated errors string
7 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
permit password change
7 years ago
api works, admin check not implemented yet
8 years ago
permit password change
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
add new user api, fix previous api
7 years ago
api works, admin check not implemented yet
8 years ago
 
  1. #!/bin/usr/env python3
  2. import ldap3
  3. import utils
  4. import config
  5. import time
  6. 

  7. def check_result(conn):
  8.     if conn.result['result'] != 0: #see https://www.ietf.org/rfc/rfc4511.txt 4.1.9
  9.         raise RuntimeError(str(conn.result))
  10. 

  11. def connection_decorator(f):
  12.     with ldap3.Connection(config.SERVER, auto_bind=True, client_strategy=ldap3.STRATEGY_SYNC_RESTARTABLE) as conn:
  13.         def wrapped_f(*args, **kwargs):
  14.             return f(args[0], conn, *args[1:], **kwargs)
  15.         return wrapped_f
  16. 

  17. def admin_connection_decorator(f):
  18.     with ldap3.Connection(config.SERVER, user=config.ADMIN_CN, password=config.ADMIN_PASSWORD, auto_bind=True, client_strategy=ldap3.STRATEGY_SYNC_RESTARTABLE) as conn:
  19.         def wrapped_f(*args, **kwargs):
  20.             return f(args[0], conn, *args[1:], **kwargs)
  21.         return wrapped_f
  22. 

  23. class LILiK_USER(object):
  24.     _attributes = ['cn']
  25.     _read_only_attributes = ['uid']
  26.     _flags = {'mail': 'accountActive'}
  27.     _hosts = ['ltsp',
  28.     		 'users']
  29.     _groups = ['admin',
  30.     			'wiki',
  31.     			'lilik.it',
  32.     			'cloud',
  33.     			'projects',
  34.     			'teambox',
  35.     			'im']
  36.     _posix_groups = ['users_sites']
  37.     def __init__(self, entry, posix_groups):
  38.         results = {}
  39.         for attribute in self._attributes + self._read_only_attributes:
  40.             self.__setattr__(attribute, str(entry.__getattr__(attribute)))
  41.         services = {}
  42. 

  43.         for service, flag in self._flags.items():
  44.             services[service] = flag in entry and str(entry[flag]) == 'TRUE'
  45.         for host in self._hosts:
  46.             services[host] = 'host' in entry and host in entry['host']
  47.         for group in self._groups:
  48.             services[group] = 'memberOf' in entry and utils.ldap_path("cn=%s"%utils.clean_value(group), config.GROUP, config.DOMAIN) in list(entry['memberOf'])
  49.         for posix_group in self._posix_groups:
  50.             services[posix_group] = posix_group in posix_groups and str(entry.uid) in list(posix_groups[posix_group])
  51.         self.__setattr__('services', services)
  52. 

  53.     def to_json(self):
  54.         return json.dumps(self, default=lambda o: o.__dict__,)
  55. 

  56.     def to_dict(self):
  57.         return self.__dict__
  58. 

  59.     @admin_connection_decorator
  60.     def diff(self, conn, new_lilik_user):
  61.         user_cn = utils.ldap_path('uid=%s'%self.uid, config.PEOPLE, config.DOMAIN)
  62.         return utils.DictDiffer(new_lilik_user, self.__dict__)
  63. 

  64.     @admin_connection_decorator
  65.     def update(self, conn, new_lilik_user):
  66.         user_cn = utils.ldap_path('uid=%s'%self.uid, config.PEOPLE, config.DOMAIN)
  67.         diff = utils.DictDiffer(new_lilik_user, self.__dict__)
  68.         modifiers = {user_cn: {}}
  69.         if 'userPassword' in diff.added() and new_lilik_user['userPassword']:
  70.             action = ldap3.MODIFY_REPLACE
  71.             hashed = ldap3.utils.hashed(HASHED_SALTED_SHA, new_lilik_user['userPassword'])
  72.             modifiers[user_cn]['userPassword'] = [(action, [hashed])]
  73.         for changed in diff.changed():
  74.             if changed == 'services':
  75.                 services_diff = utils.DictDiffer(self.__dict__[changed], new_lilik_user[changed])
  76.                 for service_changed in services_diff.changed():
  77.                     if service_changed in self._flags:
  78.                         flag = self._flags[service_changed]
  79.                         modifiers[user_cn][flag] = [(ldap3.MODIFY_REPLACE, [str(new_lilik_user['services'][service_changed]).upper()])]
  80. 

  81.                     elif service_changed in self._hosts:
  82.                         action = ldap3.MODIFY_ADD if new_lilik_user['services'][service_changed] else ldap3.MODIFY_DELETE
  83.                         modifiers[user_cn]['host'] = [(action, [service_changed])]
  84. 

  85.                     elif service_changed in self._groups:
  86.                         group_cn = utils.ldap_path('cn=%s'%service_changed, config.GROUP, config.DOMAIN)
  87.                         action = ldap3.MODIFY_ADD if new_lilik_user['services'][service_changed] else ldap3.MODIFY_DELETE
  88.                         modifiers[group_cn] = {'member': [(action, [user_cn])]}
  89. 

  90.                     elif service_changed in self._posix_groups:
  91.                         group_cn = utils.ldap_path('cn=%s'%service_changed, config.GROUP, config.DOMAIN)
  92.                         action = ldap3.MODIFY_ADD if new_lilik_user['services'][service_changed] else ldap3.MODIFY_DELETE
  93.                         modifiers[group_cn] = {'memberUid': [(action, [self.uid])]}
  94.                     else:
  95.                         raise NameError('Unknown user attribute: %s'%service_changed)
  96.             elif changed in self._attributes:
  97.                 if changed == 'cn':
  98.                     try:
  99.                         firstname, surname = new_lilik_user[changed].strip().rsplit(' ', 1)
  100.                     except ValueError:
  101.                         firstname = new_lilik_user[changed].strip()
  102.                         surname = " "
  103.                     modifiers[user_cn]['sn'] = [(ldap3.MODIFY_REPLACE, [surname])]
  104.                     modifiers[user_cn]['givenname'] = [(ldap3.MODIFY_REPLACE, [firstname])]
  105.                 modifiers[user_cn][changed] = [(ldap3.MODIFY_REPLACE, [new_lilik_user[changed]])]
  106.         for entry_cn, modifier in modifiers.items():
  107.             print(modifier.keys())
  108.             if modifier:
  109.                 if 'userPassword' in modifier.keys():
  110.                     print(entry_cn, list(modifier.keys())[0], '****** (HIDDEN)')
  111.                 else:
  112.                     print(entry_cn, modifier)
  113.                 conn.modify(entry_cn, modifier)
  114.                 check_result(conn)
  115.                 print(conn.result)
  116.                 if conn.result['result'] != 0:
  117.                     return False
  118.         return True
  119. 

  120. class LILiK_LDAP(object):
  121. 

  122.     def login(self, user_name, password):
  123.         bind_dn = utils.ldap_path('uid=%s'%utils.clean_user_name(user_name), config.PEOPLE, config.DOMAIN)
  124.         c = ldap3.Connection(config.SERVER, user=bind_dn, password=password)
  125.         return c.bind()
  126. 

  127.     @admin_connection_decorator
  128.     def get_users(self, conn):
  129.         conn.search(utils.ldap_path(config.PEOPLE, config.DOMAIN), '(objectclass=posixAccount)', attributes=['uid'])
  130.         check_result(conn)
  131.         return [str(a.uid) for a in conn.entries]
  132. 

  133.     @admin_connection_decorator
  134.     def get_user(self, conn, user_name):
  135.         conn.search(utils.ldap_path(config.PEOPLE, config.DOMAIN), '(&(objectclass=posixAccount)(uid=%s))'%utils.clean_user_name(user_name), attributes=['*', 'memberOf'])
  136.         check_result(conn)
  137.         if len(conn.entries) == 0:
  138.             raise IndexError("no user found for %s"%user_name)
  139.         entry = conn.entries[0]
  140.         return LILiK_USER(entry, self.get_posix_groups())
  141. 

  142.     @connection_decorator
  143.     def get_max_uidnumber(self, conn):
  144.         conn.search(utils.ldap_path(config.PEOPLE, config.DOMAIN),
  145.            "(objectClass=posixAccount)",
  146.            attributes=['uidnumber'])
  147.         check_result(conn)
  148.         max = 0
  149.         for entry in conn.response:
  150.             max = int(entry['attributes']['uidnumber'][0]) if int(entry['attributes']['uidnumber'][0]) > max else max
  151.         return max
  152. 

  153.     @admin_connection_decorator
  154.     def new_user(self, conn, user_dict):
  155.         username = utils.clean_user_name(user_dict['uid'])
  156.         user_dn = "uid=%s,o=People,dc=lilik,dc=it"%username
  157.         mail_dn = "mail=%s,vd=lilik.it,o=hosting,dc=lilik,dc=it"%username
  158.         # print("delete user")
  159.         # conn.delete(user_dn)
  160.         # print("delete mail")
  161.         # conn.delete(mail_dn)
  162.         print(" creating")
  163.         conn.add(user_dn,
  164.                 ['top', 'inetOrgPerson', 'VirtualMailAccount', 'posixAccount', 'shadowAccount'],
  165.                 {'accountactive': "FALSE",
  166.                 'cn': 'undefined',
  167.                 'delete': "FALSE",
  168.                 'gidnumber': 100,
  169.                 'givenname': 'undefined',
  170.                 'homedirectory': "/home/%s"%username,
  171.                 'loginshell': '/bin/bash',
  172.                 'mail': username,
  173.                 'othertransport': 'phamm:',
  174.                 'quota': 1024000,
  175.                 'smtpauth': "FALSE",
  176.                 'sn': 'undefined',
  177.                 'uid': username,
  178.                 'uidnumber': self.get_max_uidnumber() + 1,
  179.                 'userpassword': '',
  180.                 'vdhome': 'undefined',
  181.                 'mailbox': 'undefined',
  182.                 'lastChange': int(time.time())}
  183.                 )
  184.         check_result(conn)
  185.         print(conn.result)
  186.         print("user created")
  187.         conn.add(mail_dn,
  188.                 ['alias', 'extensibleObject'],
  189.                 {'aliasedobjectname': user_dn}
  190.                 )
  191.         check_result(conn)
  192.         print(conn.result)
  193. 

  194.     @connection_decorator
  195.     def get_posix_groups(self, conn):
  196.         conn.search(utils.ldap_path(config.GROUP, config.DOMAIN), '(objectclass=posixGroup)', attributes=['*'])
  197.         check_result(conn)
  198.         results = {}
  199.         for group in conn.entries:
  200.             results[str(group.cn)] = list(group.memberUid) if 'memberUid' in group else []
  201.         return results