X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=UDLdap.py;h=f19703fd94a14cecbd3191e9507c9050421583a7;hp=ce25bbbac2d43763098ab89f0ad251986eaa17b4;hb=606067cc38aa39ca0acbb7169f5e9cf87c351e1b;hpb=521c785c598eb9981c6c0f81a3c3b680e1f0300d diff --git a/UDLdap.py b/UDLdap.py index ce25bbb..f19703f 100644 --- a/UDLdap.py +++ b/UDLdap.py @@ -1,16 +1,56 @@ +import ldap +import time +import datetime +import userdir_ldap +import sys class Account: - def __init__(self, user): - searchresult = lc.search_s(BaseDn,ldap.SCOPE_SUBTREE, 'uid=%s'%(user)) + array_values = ['objectClass', 'keyFingerPrint', 'mailWhitelist', 'mailRBL', + 'mailRHSBL', 'supplementaryGid', 'sshRSAAuthKey', + 'sudoPassword', 'dnsZoneEntry', 'allowedHost'] + int_values = ['shadowExpire', 'gidNumber', 'uidNumber'] + defaults = { + 'accountStatus': 'active', + 'keyFingerPrint': [] + } + + @staticmethod + def from_search(ldap_connection, base, user): + searchresult = ldap_connection.search_s(base, ldap.SCOPE_SUBTREE, 'uid=%s'%(user)) if len(searchresult) < 1: - sys.stderr.write("No such user: %s\n"%(user)) - return + raise IndexError, "No such user: %s\n"%(user) elif len(searchresult) > 1: - sys.stderr.write("More than one hit when getting %s\n"%(user)) - return + raise IndexError, "More than one hit when getting %s\n"%(user) + else: + return Account(searchresult[0][0], searchresult[0][1]) + + def __init__(self, dn, attributes): + self.dn = dn + self.attributes = attributes + self.cache = {} + + def __getitem__(self, key): + if key in self.cache: + return self.cache[key] - self.dn, self.attributes = searchresult[0] + if key in self.attributes: + if key in self.array_values: + self.cache[key] = self.attributes[key] + elif not len(self.attributes[key]) == 1: + raise ValueError, 'non-array value has not exactly one value' + elif key in self.int_values: + self.cache[key] = int(self.attributes[key][0]) + else: + self.cache[key] = self.attributes[key][0] + elif key in self.defaults: + self.cache[key] = self.defaults[key] + else: + raise IndexError, "No such key: %s (dn: %s)"%(key, self.dn) + return self.cache[key] + + def __contains__(self, key): + return key in self.attributes def has_mail(self): if 'mailDisableMessage' in self.attributes: @@ -19,27 +59,41 @@ class Account: # not locked locked, just reset to something invalid like {crypt}*SSLRESET* is still active def pw_active(self): - if self.attributes['userPassword'][0] == '{crypt}*LK*': + if not 'userPassword' in self: + return False + if self['userPassword'].upper() == '{CRYPT}*LK*': + return False + if self['userPassword'].upper().startswith("{CRYPT}!"): return False return True + def get_password(self): + p = self['userPassword'] + if not p.upper().startswith('{CRYPT}') or len(p) > 50: + return p + else: + return p[7:] + # not expired def shadow_active(self): - if 'shadowExpire' in self.attributes and \ - int(self.attributes['shadowExpire'][0]) < (time.time() / 3600 / 24): + if 'shadowExpire' in self and \ + self['shadowExpire'] < (time.time() / 3600 / 24): return False return True def numkeys(self): - if 'keyFingerPrint' in self.attributes: - return len(self.attributes['keyFingerPrint']) - return 0 + return len(self['keyFingerPrint']) + + def is_active_user(self): + return self['accountStatus'] == 'active' and self.numkeys() != 0 - def account_status(self): - if 'accountStatus' in self.attributes: - return self.attributes['accountStatus'][0] - return 'active' + def is_guest_account(self): + return self['gidNumber'] == 60000 + def latitude_dec(self, anonymized=False): + return userdir_ldap.DecDegree(self['latitude'], anonymized) + def longitude_dec(self, anonymized=False): + return userdir_ldap.DecDegree(self['longitude'], anonymized) def verbose_status(self): status = [] @@ -47,13 +101,42 @@ class Account: status.append('pw: %s' %(['locked', 'active'][ self.pw_active() ])) status.append('shadow: %s'%(['expired', 'active'][ self.shadow_active() ])) status.append('keys: %d' %( self.numkeys() )) - status.append('status: %s'%( self.account_status() )) + status.append('status: %s'%( self['accountStatus'] )) return '(%s)'%(', '.join(status)) + def delete_mailforward(self): + del self.attributes['emailForward'] + def get_dn(self): return self.dn + def email_address(self): + mailbox = "<%s@%s>" % (self['uid'], userdir_ldap.EmailAppend) + tokens = [] + if 'cn' in self: tokens.append(self['cn']) + if 'sn' in self: tokens.append(self['sn']) + tokens.append(mailbox) + return ' '.join(tokens) + + def is_allowed_by_hostacl(self, host): + if not 'allowedHost' in self: return False + if host in self['allowedHost']: return True + # or maybe it's a date limited ACL + for entry in self['allowedHost']: + list = entry.split(None,1) + if len(list) == 1: continue + (h, expire) = list + if host != h: continue + try: + parsed = datetime.datetime.strptime(expire, '%Y%m%d') + except ValueError: + print >>sys.stderr, "Cannot parse expiry date in '%s' in hostACL entry for %s."%(entry, self['uid']) + return False + return parsed >= datetime.datetime.now() + return False + + # vim:set et: # vim:set ts=4: # vim:set shiftwidth=4: