mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-22 09:24:21 +01:00
Merge branch 'master' of https://github.com/kakwa/ldapcherry
This commit is contained in:
commit
ffac99994c
22
.travis.yml
22
.travis.yml
@ -1,30 +1,26 @@
|
|||||||
|
sudo: required
|
||||||
|
dist: trusty
|
||||||
|
language: python
|
||||||
|
|
||||||
env:
|
env:
|
||||||
- TRAVIS="yes"
|
- TRAVIS="yes"
|
||||||
|
|
||||||
before_install:
|
before_install:
|
||||||
- '[ "$TEST_PEP8" == "1" ] || curl https://ftp-master.debian.org/keys/archive-key-7.0.asc | sudo apt-key add -'
|
|
||||||
- '[ "$TEST_PEP8" == "1" ] || echo "deb http://http.debian.net/debian wheezy-backports main" | sudo tee -a /etc/apt/sources.list'
|
|
||||||
- '[ "$TEST_PEP8" == "1" ] || echo "deb http://http.debian.net/debian wheezy main" | sudo tee -a /etc/apt/sources.list'
|
|
||||||
- '[ "$TEST_PEP8" == "1" ] || sudo /sbin/ifconfig'
|
|
||||||
- '[ "$TEST_PEP8" == "1" ] || sudo apt-get update -qq'
|
|
||||||
- '[ "$TEST_PEP8" == "1" ] || sudo rm /etc/dpkg/dpkg.cfg.d/multiarch'
|
|
||||||
- '[ "$TEST_PEP8" == "1" ] || sudo ./tests/test_env/deploy.sh'
|
- '[ "$TEST_PEP8" == "1" ] || sudo ./tests/test_env/deploy.sh'
|
||||||
|
|
||||||
language: python
|
|
||||||
python:
|
python:
|
||||||
- "2.7"
|
- "2.7"
|
||||||
# - "3.2"
|
|
||||||
# - "3.3"
|
|
||||||
# command to install dependencies
|
|
||||||
install:
|
install:
|
||||||
- pip install -e .
|
- pip install -e .
|
||||||
- "if [[ $TEST_PEP8 == '1' ]]; then pip install pep8; fi"
|
- "if [[ $TEST_PEP8 == '1' ]]; then pip install pep8; fi"
|
||||||
- pip install passlib
|
- pip install passlib
|
||||||
- pip install coveralls
|
- pip install coveralls
|
||||||
|
|
||||||
# command to run tests
|
# command to run tests
|
||||||
script:
|
#
|
||||||
- coverage run --source=ldapcherry setup.py test
|
#script:
|
||||||
- "if [[ $TEST_HIREDIS == '1' ]]; then pip install hiredis; fi"
|
# - coverage run --source=ldapcherry setup.py test
|
||||||
script: "if [[ $TEST_PEP8 == '1' ]]; then pep8 --repeat --show-source --exclude=.venv,.tox,dist,docs,build,*.egg,tests,misc . scripts/ldapcherryd; else coverage run --source=ldapcherry setup.py test; fi"
|
script: "if [[ $TEST_PEP8 == '1' ]]; then pep8 --repeat --show-source --exclude=.venv,.tox,dist,docs,build,*.egg,tests,misc . scripts/ldapcherryd; else coverage run --source=ldapcherry setup.py test; fi"
|
||||||
matrix:
|
matrix:
|
||||||
include:
|
include:
|
||||||
|
@ -26,7 +26,7 @@ class CaFileDontExist(Exception):
|
|||||||
class MissingAttr(Exception):
|
class MissingAttr(Exception):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self.log = 'attributes "cn" and "unicodePwd" must be declared ' \
|
self.log = 'attributes "cn" and "unicodePwd" must be declared ' \
|
||||||
'in attributes.yml for all Active Directory backends.'
|
'in attributes.yml for all Active Directory backends.'
|
||||||
|
|
||||||
NO_ATTR = 0
|
NO_ATTR = 0
|
||||||
DISPLAYED_ATTRS = 1
|
DISPLAYED_ATTRS = 1
|
||||||
@ -35,7 +35,7 @@ ALL_ATTRS = 3
|
|||||||
|
|
||||||
# UserAccountControl Attribute/Flag Values
|
# UserAccountControl Attribute/Flag Values
|
||||||
# For details, look at:
|
# For details, look at:
|
||||||
# https://support.microsoft.com/en-us/kb/305144
|
# https://support.microsoft.com/en-us/kb/305144
|
||||||
SCRIPT = 0x0001
|
SCRIPT = 0x0001
|
||||||
ACCOUNTDISABLE = 0x0002
|
ACCOUNTDISABLE = 0x0002
|
||||||
HOMEDIR_REQUIRED = 0x0008
|
HOMEDIR_REQUIRED = 0x0008
|
||||||
@ -58,7 +58,6 @@ DONT_REQ_PREAUTH = 0x400000
|
|||||||
PASSWORD_EXPIRED = 0x800000
|
PASSWORD_EXPIRED = 0x800000
|
||||||
TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000
|
TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000
|
||||||
PARTIAL_SECRETS_ACCOUNT = 0x04000000
|
PARTIAL_SECRETS_ACCOUNT = 0x04000000
|
||||||
|
|
||||||
# Generated by the followin command:
|
# Generated by the followin command:
|
||||||
|
|
||||||
# samba-tool group list | \
|
# samba-tool group list | \
|
||||||
@ -143,11 +142,11 @@ class Backend(ldapcherry.backend.backendLdap.Backend):
|
|||||||
for a in attrslist:
|
for a in attrslist:
|
||||||
self.attrlist.append(self._str(a))
|
self.attrlist.append(self._str(a))
|
||||||
|
|
||||||
if 'cn' not in self.attrlist:
|
if 'cn' not in self.attrlist:
|
||||||
raise MissingAttr()
|
raise MissingAttr()
|
||||||
|
|
||||||
if 'unicodePwd' not in self.attrlist:
|
if 'unicodePwd' not in self.attrlist:
|
||||||
raise MissingAttr()
|
raise MissingAttr()
|
||||||
|
|
||||||
def _search_group(self, searchfilter, groupdn):
|
def _search_group(self, searchfilter, groupdn):
|
||||||
searchfilter = self._str(searchfilter)
|
searchfilter = self._str(searchfilter)
|
||||||
@ -176,42 +175,40 @@ class Backend(ldapcherry.backend.backendLdap.Backend):
|
|||||||
return ad_groups
|
return ad_groups
|
||||||
|
|
||||||
def _set_password(self, cn, password):
|
def _set_password(self, cn, password):
|
||||||
unicode_pass = '\"' + password + '\"'
|
unicode_pass = '\"' + password + '\"'
|
||||||
password_value = unicode_pass.encode('utf-16-le')
|
password_value = unicode_pass.encode('utf-16-le')
|
||||||
|
|
||||||
ldap_client = self._bind()
|
|
||||||
|
|
||||||
dn = str('CN=%(cn)s,%(user_dn)s' % {
|
|
||||||
'cn': cn,
|
|
||||||
'user_dn': self.userdn
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
attrs = {}
|
|
||||||
|
|
||||||
attrs['unicodePwd'] = str(password_value)
|
|
||||||
|
|
||||||
#ldif = modlist.modifyModlist({'unicodePwd': 'asad'}, attrs)
|
|
||||||
ldif = modlist.modifyModlist({'unicodePwd': 'tmp'}, attrs)
|
|
||||||
ldap_client.modify_s(dn,ldif)
|
|
||||||
|
|
||||||
del(attrs['unicodePwd'])
|
ldap_client = self._bind()
|
||||||
attrs['UserAccountControl'] = str(NORMAL_ACCOUNT)
|
|
||||||
ldif = modlist.modifyModlist({'UserAccountControl': 'tmp'}, attrs)
|
dn = str('CN=%(cn)s,%(user_dn)s' % {
|
||||||
ldap_client.modify_s(dn,ldif)
|
'cn': cn,
|
||||||
|
'user_dn': self.userdn
|
||||||
|
})
|
||||||
|
|
||||||
|
attrs = {}
|
||||||
|
|
||||||
|
attrs['unicodePwd'] = str(password_value)
|
||||||
|
|
||||||
|
ldif = modlist.modifyModlist({'unicodePwd': 'tmp'}, attrs)
|
||||||
|
ldap_client.modify_s(dn, ldif)
|
||||||
|
|
||||||
|
del(attrs['unicodePwd'])
|
||||||
|
attrs['UserAccountControl'] = str(NORMAL_ACCOUNT)
|
||||||
|
ldif = modlist.modifyModlist({'UserAccountControl': 'tmp'}, attrs)
|
||||||
|
ldap_client.modify_s(dn, ldif)
|
||||||
|
|
||||||
def add_user(self, attrs):
|
def add_user(self, attrs):
|
||||||
password = attrs['unicodePwd']
|
password = attrs['unicodePwd']
|
||||||
del(attrs['unicodePwd'])
|
del(attrs['unicodePwd'])
|
||||||
super(Backend, self).add_user(attrs)
|
super(Backend, self).add_user(attrs)
|
||||||
self._set_password(attrs['cn'], password)
|
self._set_password(attrs['cn'], password)
|
||||||
|
|
||||||
def set_attrs(self, username, attrs):
|
def set_attrs(self, username, attrs):
|
||||||
if 'unicodePwd' in attrs:
|
if 'unicodePwd' in attrs:
|
||||||
password = attrs['unicodePwd']
|
password = attrs['unicodePwd']
|
||||||
del(attrs['unicodePwd'])
|
del(attrs['unicodePwd'])
|
||||||
self._set_password(attrs['cn'], password)
|
self._set_password(attrs['cn'], password)
|
||||||
super(Backend, self).set_attrs(username, attrs)
|
super(Backend, self).set_attrs(username, attrs)
|
||||||
|
|
||||||
def add_to_groups(self, username, groups):
|
def add_to_groups(self, username, groups):
|
||||||
ad_groups = self._build_groupdn(groups)
|
ad_groups = self._build_groupdn(groups)
|
||||||
|
@ -259,7 +259,6 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
else:
|
else:
|
||||||
dn_entry = r[0]
|
dn_entry = r[0]
|
||||||
return dn_entry
|
return dn_entry
|
||||||
|
|
||||||
# python-ldap talks in bytes,
|
# python-ldap talks in bytes,
|
||||||
# as the rest of ldapcherry talks in unicode utf-8:
|
# as the rest of ldapcherry talks in unicode utf-8:
|
||||||
# * everything passed to python-ldap must be converted to bytes
|
# * everything passed to python-ldap must be converted to bytes
|
||||||
@ -292,7 +291,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
return True
|
return True
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def attrs_pretreatment(self, attrs):
|
def attrs_pretreatment(self, attrs):
|
||||||
attrs_str = {}
|
attrs_str = {}
|
||||||
for a in attrs:
|
for a in attrs:
|
||||||
@ -304,14 +303,14 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
ldap_client = self._bind()
|
ldap_client = self._bind()
|
||||||
# encoding crap
|
# encoding crap
|
||||||
attrs_str = self.attrs_pretreatment(attrs)
|
attrs_str = self.attrs_pretreatment(attrs)
|
||||||
|
|
||||||
attrs_str['objectClass'] = self.objectclasses
|
attrs_str['objectClass'] = self.objectclasses
|
||||||
# construct is DN
|
# construct is DN
|
||||||
dn = \
|
dn = \
|
||||||
self._str(self.dn_user_attr) +\
|
self._str(self.dn_user_attr) + \
|
||||||
'=' +\
|
'=' + \
|
||||||
self._str(attrs[self.dn_user_attr]) +\
|
self._str(attrs[self.dn_user_attr]) + \
|
||||||
',' +\
|
',' + \
|
||||||
self._str(self.userdn)
|
self._str(self.userdn)
|
||||||
# gen the ldif fir add_s and add the user
|
# gen the ldif fir add_s and add the user
|
||||||
ldif = modlist.addModlist(attrs_str)
|
ldif = modlist.addModlist(attrs_str)
|
||||||
|
@ -127,7 +127,7 @@ class WrongParamValue(Exception):
|
|||||||
self.param = param
|
self.param = param
|
||||||
possible_values_str = string.join(possible_values, ', ')
|
possible_values_str = string.join(possible_values, ', ')
|
||||||
self.log = \
|
self.log = \
|
||||||
"wrong value for param '%(param)s' in section '%(section)s'"\
|
"wrong value for param '%(param)s' in section '%(section)s'" \
|
||||||
", possible values are [%(values)s]" % \
|
", possible values are [%(values)s]" % \
|
||||||
{
|
{
|
||||||
'param': param,
|
'param': param,
|
||||||
@ -167,7 +167,7 @@ class PasswordAttributesCollision(Exception):
|
|||||||
self.key = key
|
self.key = key
|
||||||
self.log = \
|
self.log = \
|
||||||
"key '" + key + "' type is password," \
|
"key '" + key + "' type is password," \
|
||||||
" keys '" + key + "1' and '" + key + "2'"\
|
" keys '" + key + "1' and '" + key + "2'" \
|
||||||
" are reserved and cannot be used"
|
" are reserved and cannot be used"
|
||||||
|
|
||||||
|
|
||||||
|
@ -6,20 +6,6 @@ then
|
|||||||
DEBIAN_FRONTEND=noninteractive apt-get install kpartx -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -f -q -y
|
DEBIAN_FRONTEND=noninteractive apt-get install kpartx -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -f -q -y
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install lsb-base libattr1 -t wheezy -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -f -q -y
|
DEBIAN_FRONTEND=noninteractive apt-get install lsb-base libattr1 -t wheezy -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -f -q -y
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install samba python-samba samba-vfs-modules -t wheezy-backports -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -f -q -y
|
DEBIAN_FRONTEND=noninteractive apt-get install samba python-samba samba-vfs-modules -t wheezy-backports -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -f -q -y
|
||||||
truncate -s 512M file.img
|
|
||||||
fdisk file.img <<EOF
|
|
||||||
n
|
|
||||||
p
|
|
||||||
1
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
w
|
|
||||||
q
|
|
||||||
EOF
|
|
||||||
kpartx -a file.img
|
|
||||||
mkfs.ext4 /dev/mapper/loop0p1
|
|
||||||
mount /dev/mapper/loop0p1 /var/lib/samba/
|
|
||||||
else
|
else
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install ldap-utils slapd samba python-samba samba-vfs-modules -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -f -q -y
|
DEBIAN_FRONTEND=noninteractive apt-get install ldap-utils slapd samba python-samba samba-vfs-modules -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -f -q -y
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user