X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=UDLdap.py;h=a12371ab095e02c6c05bf65f105d2326f447b87a;hp=b546112af6a3abb636e5f0a4b0f62a6fd00cb4c4;hb=HEAD;hpb=6da780be4bcbe8e5667d22d24431440e1c55221b diff --git a/UDLdap.py b/UDLdap.py index b546112..a12371a 100644 --- a/UDLdap.py +++ b/UDLdap.py @@ -4,46 +4,51 @@ import datetime import userdir_ldap import sys + class Account: array_values = ['objectClass', 'keyFingerPrint', 'mailWhitelist', 'mailRBL', 'mailRHSBL', 'supplementaryGid', 'sshRSAAuthKey', 'sudoPassword', 'dnsZoneEntry', 'allowedHost'] int_values = ['shadowExpire', 'gidNumber', 'uidNumber'] defaults = { - 'accountStatus': 'active', - 'keyFingerPrint': [] - } + 'accountStatus': 'active', + 'keyFingerPrint': [] + } @staticmethod def from_search(ldap_connection, base, user): - searchresult = ldap_connection.search_s(base, ldap.SCOPE_SUBTREE, 'uid=%s'%(user)) + searchresult = ldap_connection.search_s(base, ldap.SCOPE_SUBTREE, 'uid=%s' % (user,)) if len(searchresult) < 1: - raise IndexError, "No such user: %s\n"%(user) + raise IndexError("No such user: %s\n" % (user,)) elif len(searchresult) > 1: - raise IndexError, "More than one hit when getting %s\n"%(user) + raise IndexError("More than one hit when getting %s\n" % (user,)) else: return Account(searchresult[0][0], searchresult[0][1]) def __init__(self, dn, attributes): self.dn = dn self.attributes = attributes + self.cache = {} def __getitem__(self, key): + if key in self.cache: + return self.cache[key] + if key in self.attributes: if key in self.array_values: - return self.attributes[key] - - if not len(self.attributes[key]) == 1: - raise ValueError, 'non-array value has not exactly one value' - - if key in self.int_values: - return int(self.attributes[key][0]) + self.cache[key] = self.attributes[key] + elif not len(self.attributes[key]) == 1: + raise ValueError, 'non-array value for %s has not exactly one value'%(key,) + elif key in self.int_values: + self.cache[key] = int(self.attributes[key][0]) else: - return self.attributes[key][0] + self.cache[key] = self.attributes[key][0] elif key in self.defaults: - return self.defaults[key] + self.cache[key] = self.defaults[key] else: - raise IndexError, "No such key: %s (dn: %s)"%(key, self.dn) + raise IndexError("No such key: %s (dn: %s)" % (key, self.dn)) + + return self.cache[key] def __contains__(self, key): return key in self.attributes @@ -55,7 +60,7 @@ class Account: # not locked locked, just reset to something invalid like {crypt}*SSLRESET* is still active def pw_active(self): - if not 'userPassword' in self: + if 'userPassword' not in self: return False if self['userPassword'].upper() == '{CRYPT}*LK*': return False @@ -73,7 +78,7 @@ class Account: # not expired def shadow_active(self): if 'shadowExpire' in self and \ - self['shadowExpire'] < (time.time() / 3600 / 24): + self['shadowExpire'] < (time.time() / 3600 / 24): return False return True @@ -83,20 +88,24 @@ class Account: def is_active_user(self): return self['accountStatus'] == 'active' and self.numkeys() != 0 + def is_guest_account(self): + return 'supplementaryGid' in self and 'guest' in self['supplementaryGid'] + def latitude_dec(self, anonymized=False): return userdir_ldap.DecDegree(self['latitude'], anonymized) + def longitude_dec(self, anonymized=False): return userdir_ldap.DecDegree(self['longitude'], anonymized) def verbose_status(self): status = [] - status.append('mail: %s' %(['disabled', 'active'][ self.has_mail() ])) - status.append('pw: %s' %(['locked', 'active'][ self.pw_active() ])) - status.append('shadow: %s'%(['expired', 'active'][ self.shadow_active() ])) - status.append('keys: %d' %( self.numkeys() )) - status.append('status: %s'%( self['accountStatus'] )) + status.append('mail: %s' % (['disabled', 'active'][self.has_mail()])) + status.append('pw: %s' % (['locked', 'active'][self.pw_active()])) + status.append('shadow: %s' % (['expired', 'active'][self.shadow_active()])) + status.append('keys: %d' % (self.numkeys())) + status.append('status: %s' % (self['accountStatus'])) - return '(%s)'%(', '.join(status)) + return '(%s)' % (', '.join(status)) def delete_mailforward(self): del self.attributes['emailForward'] @@ -107,24 +116,30 @@ class Account: def email_address(self): mailbox = "<%s@%s>" % (self['uid'], userdir_ldap.EmailAppend) tokens = [] - if 'cn' in self: tokens.append(self['cn']) - if 'sn' in self: tokens.append(self['sn']) + if 'cn' in self: + tokens.append(self['cn']) + if 'sn' in self: + tokens.append(self['sn']) tokens.append(mailbox) return ' '.join(tokens) def is_allowed_by_hostacl(self, host): - if not 'allowedHost' in self: return False - if host in self['allowedHost']: return True + if 'allowedHost' not in self: + return False + if host in self['allowedHost']: + return True # or maybe it's a date limited ACL for entry in self['allowedHost']: - list = entry.split(None,1) - if len(list) == 1: continue + list = entry.split(None, 1) + if len(list) == 1: + continue (h, expire) = list - if host != h: continue + if host != h: + continue try: parsed = datetime.datetime.strptime(expire, '%Y%m%d') except ValueError: - print >>sys.stderr, "Cannot parse expiry date in '%s' in hostACL entry for %s."%(entry, self['uid']) + print >>sys.stderr, "Cannot parse expiry date in '%s' in hostACL entry for %s." % (entry, self['uid']) return False return parsed >= datetime.datetime.now() return False