X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=UDLdap.py;h=97fd2fbdcb665800a3746b3f6c79f32a7d10bb2e;hb=eb3223d5f08ccd7cf9594a1f2f60fd2e75773413;hp=74313b20008277da1b542b6a37ff096672d21059;hpb=81d4f79a7431c4061147f3ed1c1c17c2d38ed4eb;p=mirror%2Fuserdir-ldap.git diff --git a/UDLdap.py b/UDLdap.py index 74313b2..97fd2fb 100644 --- a/UDLdap.py +++ b/UDLdap.py @@ -1,10 +1,14 @@ import ldap import time +import datetime import userdir_ldap +import sys class Account: - array_values = ['keyFingerPrint'] - int_values = ['shadowExpire'] + array_values = ['objectClass', 'keyFingerPrint', 'mailWhitelist', 'mailRBL', + 'mailRHSBL', 'supplementaryGid', 'sshRSAAuthKey', + 'sudoPassword', 'dnsZoneEntry', 'allowedHost'] + int_values = ['shadowExpire', 'gidNumber', 'uidNumber'] defaults = { 'accountStatus': 'active', 'keyFingerPrint': [] @@ -14,11 +18,9 @@ class Account: def from_search(ldap_connection, base, user): searchresult = ldap_connection.search_s(base, ldap.SCOPE_SUBTREE, 'uid=%s'%(user)) if len(searchresult) < 1: - sys.stderr.write("No such user: %s\n"%(user)) - return + raise IndexError, "No such user: %s\n"%(user) elif len(searchresult) > 1: - sys.stderr.write("More than one hit when getting %s\n"%(user)) - return + raise IndexError, "More than one hit when getting %s\n"%(user) else: return Account(searchresult[0][0], searchresult[0][1]) @@ -30,11 +32,12 @@ class Account: if key in self.attributes: if key in self.array_values: return self.attributes[key] - elif key in self.int_values: - if len(self.attributes[key]) == 1: - return int(self.attributes[key][0]) - else: - raise ValueError, 'non-array value has not exactly one value' + + if not len(self.attributes[key]) == 1: + raise ValueError, 'non-array value has not exactly one value' + + if key in self.int_values: + return int(self.attributes[key][0]) else: return self.attributes[key][0] elif key in self.defaults: @@ -54,8 +57,17 @@ class Account: def pw_active(self): if self['userPassword'] == '{crypt}*LK*': return False + if self['userPassword'].startswith("{crypt}!"): + return False return True + def get_password(self): + p = self['userPassword'] + if not p.startswith('{crypt}') or len(p) > 50: + return p + else: + return p[7:] + # not expired def shadow_active(self): if 'shadowExpire' in self and \ @@ -84,9 +96,38 @@ class Account: return '(%s)'%(', '.join(status)) + def delete_mailforward(self): + del self.attributes['emailForward'] + def get_dn(self): return self.dn + def email_address(self): + mailbox = "<%s@%s>" % (self['uid'], userdir_ldap.EmailAppend) + tokens = [] + if 'cn' in self: tokens.append(self['cn']) + if 'sn' in self: tokens.append(self['sn']) + tokens.append(mailbox) + return ' '.join(tokens) + + def is_allowed_by_hostacl(self, host): + if not 'allowedHost' in self: return False + if host in self['allowedHost']: return True + # or maybe it's a date limited ACL + for entry in self['allowedHost']: + list = entry.split(None,1) + if len(list) == 1: continue + (h, expire) = list + if host != h: continue + try: + parsed = datetime.datetime.strptime(expire, '%Y%m%d') + except ValueError: + print >>sys.stderr, "Cannot parse expiry date in '%s' in hostACL entry for %s."%(entry, self['uid']) + return False + return parsed >= datetime.datetime.now() + return False + + # vim:set et: # vim:set ts=4: # vim:set shiftwidth=4: