security-and-privacy/ldapcherry
security-and-privacy
/
ldapcherry
mirror of https://github.com/kakwa/ldapcherry
1
0
Fork 0
Code Releases Activity

various changes to support python3 

* changes in urllib imports since quote_plus in urllib with python 2 and
in urllib.parse in python 3
* changes in imports for Sets since set is a native type in python 3 and
doesn't requires an import
* fix in __import__, '-1' level for module path discovery is not supported
anymore, switching to 0 (absolute import only).
This commit is contained in:
kakwa 2019-02-06 22:32:40 +01:00
parent 69526610f3
commit 74dc6c5894
5 changed files with 70 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
ldapcherry/__init__.py
View File

@ -15,10 +15,9 @@ import logging
import logging.handlers
from operator import itemgetter
from socket import error as socket_error
import urllib
import cgi
from exceptions import *
from ldapcherry.exceptions import *
from ldapcherry.lclogging import *
from ldapcherry.roles import Roles
from ldapcherry.attributes import Attributes
@ -31,7 +30,13 @@ from cherrypy.lib.httputil import parse_query_string
from mako.template import Template
from mako import lookup
from mako import exceptions
from sets import Set
if sys.version < '3':
from sets import Set as set
from urllib import quote_plus
else:
from urllib.parse import quote_plus
SESSION_KEY = '_cp_username'
@ -68,8 +73,8 @@ class LdapCherry(object):
data[d] = self._escape_list(data[d])
elif isinstance(data[d], dict):
data[d] = self._escape_dict(data[d])
elif isinstance(data[d], Set):
data[d] = Set(self._escape_list(data[d]))
elif isinstance(data[d], set):
data[d] = set(self._escape_list(data[d]))
else:
data[d] = cgi.escape(data[d], True)
return data
@ -178,7 +183,7 @@ class LdapCherry(object):
except Exception as e:
raise MissingParameter('backends', backend + '.module')
try:
bc = __import__(module, globals(), locals(), ['Backend'], -1)
bc = __import__(module, globals(), locals(), ['Backend'], 0)
except Exception as e:
self._handle_exception(e)
raise BackendModuleLoadingFail(module)
@ -219,7 +224,7 @@ class LdapCherry(object):
'ldapcherry.ppolicy'
)
try:
pp = __import__(module, globals(), locals(), ['PPolicy'], -1)
pp = __import__(module, globals(), locals(), ['PPolicy'], 0)
except:
raise BackendModuleLoadingFail(module)
if 'ppolicy' in config:
@ -590,7 +595,7 @@ class LdapCherry(object):
else:
qs = '?' + cherrypy.request.query_string
# Escaped version of the requested URL
quoted_requrl = urllib.quote_plus(cherrypy.url() + qs)
quoted_requrl = quote_plus(cherrypy.url() + qs)
if not username:
# return to login page (with quoted url in query string)
if redir_login:
@ -695,7 +700,7 @@ class LdapCherry(object):
roles.append(r)
groups = self.roles.get_groups(roles)
for b in groups:
self.backends[b].add_to_groups(username, Set(groups[b]))
self.backends[b].add_to_groups(username, set(groups[b]))
cherrypy.log.error(
msg="user '" + username + "' made member of " +
@ -823,10 +828,10 @@ class LdapCherry(object):
if b not in g:
g[b] = []
tmp = \
Set(groups_add[b]) - \
Set(groups_keep[b]) - \
Set(groups_current[b]) - \
Set(lonely_groups[b])
set(groups_add[b]) - \
set(groups_keep[b]) - \
set(groups_current[b]) - \
set(lonely_groups[b])
cherrypy.log.error(
msg="user '" + username + "' added to groups: " +
str(list(tmp)) + " in backend '" + b + "'",
@ -840,11 +845,11 @@ class LdapCherry(object):
g[b] = []
tmp = \
(
(Set(groups_rm[b]) | Set(groups_remove[b])) -
(Set(groups_keep[b]) | Set(groups_add[b]))
(set(groups_rm[b]) | set(groups_remove[b])) -
(set(groups_keep[b]) | set(groups_add[b]))
) & \
(
Set(groups_current[b]) | Set(lonely_groups[b])
set(groups_current[b]) | set(lonely_groups[b])
)
cherrypy.log.error(
msg="user '" + username + "' removed from groups: " +
@ -933,7 +938,7 @@ class LdapCherry(object):
if url is None:
qs = ''
else:
qs = '?url=' + urllib.quote_plus(url)
qs = '?url=' + quote_plus(url)
raise cherrypy.HTTPRedirect("/signin" + qs)
@cherrypy.expose

6
ldapcherry/attributes.py
View File

@ -12,9 +12,11 @@ import re
from ldapcherry.pyyamlwrapper import loadNoDump
from ldapcherry.pyyamlwrapper import DumplicatedKey
from ldapcherry.exceptions import *
from sets import Set
import yaml
if sys.version < '3':
from sets import Set as set
# List of available types for form
types = ['string', 'textfield', 'email', 'int', 'stringlist',
'fix', 'password']
@ -24,7 +26,7 @@ class Attributes:
def __init__(self, attributes_file):
self.attributes_file = attributes_file
self.backends = Set([])
self.backends = set([])
self.self_attributes = {}
self.backend_attributes = {}
self.displayed_attributes = {}

24
ldapcherry/backend/backendDemo.py
View File

@ -7,7 +7,11 @@
# This is a demo backend
from sets import Set
import sys
if sys.version < '3':
from sets import Set as set
import ldapcherry.backend
from ldapcherry.exceptions import UserDoesntExist, \
GroupDoesntExist, MissingParameter, \
@ -37,12 +41,12 @@ class Backend(ldapcherry.backend.Backend):
self.backend_name = name
admin_user = self.get_param('admin.user', 'admin')
admin_password = self.get_param('admin.password', 'admin')
admin_groups = Set(re.split('\W+', self.get_param('admin.groups')))
admin_groups = set(self._basic_splitter(self.get_param('admin.groups')))
basic_user = self.get_param('basic.user', 'user')
basic_password = self.get_param('basic.password', 'user')
basic_groups = Set(re.split('\W+', self.get_param('basic.groups')))
basic_groups = set(self._basic_splitter(self.get_param('basic.groups')))
pwd_attr = self.get_param('pwd_attr')
self.search_attrs = Set(
self.search_attrs = set(
re.split('\W+', self.get_param('search_attributes')),
)
self.pwd_attr = pwd_attr
@ -60,6 +64,10 @@ class Backend(ldapcherry.backend.Backend):
'groups': basic_groups,
}
@staticmethod
def _basic_splitter(in_str):
return [re.sub(r'(?<!\\)\\', '', x) for x in re.split(r'(?<!\\),\W*', in_str)]
def _check_fix_users(self, username):
if self.admin_user == username or self.basic_user == username:
raise Exception('User cannot be modified')
@ -91,7 +99,7 @@ class Backend(ldapcherry.backend.Backend):
if username in self.users:
raise UserAlreadyExists(username, self.backend_name)
self.users[username] = attrs
self.users[username]['groups'] = Set([])
self.users[username]['groups'] = set([])
def del_user(self, username):
""" Delete a user from the backend
@ -107,7 +115,7 @@ class Backend(ldapcherry.backend.Backend):
raise UserDoesntExist(username, self.backend_name)
def set_attrs(self, username, attrs):
""" Set a list of attributes for a given user
""" set a list of attributes for a given user
:param username: 'key' attribute of the user
:type username: string
@ -128,7 +136,7 @@ class Backend(ldapcherry.backend.Backend):
"""
self._check_fix_users(username)
current_groups = self.users[username]['groups']
new_groups = current_groups | Set(groups)
new_groups = current_groups | set(groups)
self.users[username]['groups'] = new_groups
def del_from_groups(self, username, groups):
@ -143,7 +151,7 @@ class Backend(ldapcherry.backend.Backend):
"""
self._check_fix_users(username)
current_groups = self.users[username]['groups']
new_groups = current_groups - Set(groups)
new_groups = current_groups - set(groups)
self.users[username]['groups'] = new_groups
def search(self, searchstring):

11
ldapcherry/backend/backendLdap.py
View File

@ -11,7 +11,10 @@ import ldap.modlist as modlist
import ldap.filter
import logging
import ldapcherry.backend
from sets import Set
import sys
if sys.version < '3':
from sets import Set as set
from ldapcherry.exceptions import UserDoesntExist, \
GroupDoesntExist, \
UserAlreadyExists
@ -74,12 +77,12 @@ class Backend(ldapcherry.backend.Backend):
for o in re.split('\W+', self.get_param('objectclasses')):
self.objectclasses.append(self._str(o))
self.group_attrs = {}
self.group_attrs_keys = Set([])
self.group_attrs_keys = set([])
for param in config:
name, sep, group = param.partition('.')
if name == 'group_attr':
self.group_attrs[group] = self.get_param(param)
self.group_attrs_keys |= Set(
self.group_attrs_keys |= set(
self._extract_format_keys(self.get_param(param))
)
@ -393,7 +396,7 @@ class Backend(ldapcherry.backend.Backend):
ldap_client.unbind_s()
def set_attrs(self, username, attrs):
""" Set user attributes"""
""" set user attributes"""
ldap_client = self._bind()
tmp = self._get_user(self._str(username), ALL_ATTRS)
if tmp is None:

40
ldapcherry/roles.py
View File

@ -9,7 +9,9 @@ import os
import sys
import copy
from sets import Set
if sys.version < '3':
from sets import Set as set
from ldapcherry.pyyamlwrapper import loadNoDump
from ldapcherry.pyyamlwrapper import DumplicatedKey
from ldapcherry.exceptions import *
@ -27,7 +29,7 @@ class Roles:
def __init__(self, role_file):
self.role_file = role_file
self.backends = Set([])
self.backends = set([])
try:
stream = open(role_file, 'r')
except:
@ -51,7 +53,7 @@ class Roles:
for backends in backends_list:
for b in backends:
if b not in ret:
ret[b] = Set([])
ret[b] = set([])
for group in backends[b]:
ret[b].add(group)
for b in ret:
@ -134,8 +136,8 @@ class Roles:
if roleid not in self.graph:
self.graph[roleid] = {
'parent_roles': Set([]),
'sub_roles': Set([])
'parent_roles': set([]),
'sub_roles': set([])
}
# Create the nested groups
@ -147,7 +149,7 @@ class Roles:
if b not in self.group2roles:
self.group2roles[b] = {}
if g not in self.group2roles[b]:
self.group2roles[b][g] = Set([])
self.group2roles[b][g] = set([])
self.group2roles[b][g].add(roleid)
parent_roles[roleid] = []
@ -223,7 +225,7 @@ class Roles:
# add groups of the role to usedgroups
for b in self.roles[role]['backends_groups']:
if b not in usedgroups:
usedgroups[b] = Set([])
usedgroups[b] = set([])
for g in self.roles[role]['backends_groups'][b]:
usedgroups[b].add(g)
@ -254,11 +256,11 @@ class Roles:
"""get groups to remove from list of
roles to remove and current roles
"""
current_roles = Set(current_roles)
current_roles = set(current_roles)
ret = {}
roles_to_remove = Set(roles_to_remove)
tmp = Set([])
roles_to_remove = set(roles_to_remove)
tmp = set([])
# get sub roles of the role to remove that the user belongs to
# if we remove a role, there is no reason to keep the sub roles
for r in roles_to_remove:
@ -267,7 +269,7 @@ class Roles:
tmp.add(sr)
roles_to_remove = roles_to_remove.union(tmp)
roles = current_roles.difference(Set(roles_to_remove))
roles = current_roles.difference(set(roles_to_remove))
groups_roles = self._get_groups(roles)
groups_roles_to_remove = self._get_groups(roles_to_remove)
@ -284,12 +286,12 @@ class Roles:
for b in self.flatten[r]['backends_groups']:
groups = self.flatten[r]['backends_groups'][b]
if b not in ret:
ret[b] = Set(groups)
ret[b] = ret[b].union(Set(groups))
ret[b] = set(groups)
ret[b] = ret[b].union(set(groups))
return ret
def _get_subroles(self, role):
ret = Set([])
ret = set([])
for sr in self.graph[role]['sub_roles']:
tmp = self._get_subroles(sr)
tmp.add(sr)
@ -298,10 +300,10 @@ class Roles:
def get_roles(self, groups):
"""get list of roles and list of standalone groups"""
roles = Set([])
parentroles = Set([])
notroles = Set([])
tmp = Set([])
roles = set([])
parentroles = set([])
notroles = set([])
tmp = set([])
usedgroups = {}
unusedgroups = {}
ret = {}
@ -316,7 +318,7 @@ class Roles:
for g in groups[b]:
if b not in usedgroups or g not in usedgroups[b]:
if b not in unusedgroups:
unusedgroups[b] = Set([])
unusedgroups[b] = set([])
unusedgroups[b].add(g)
ret['roles'] = roles