diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2011-05-13 07:04:13 +0000 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2011-05-13 07:04:13 +0000 |
| commit | 3071301ee48117e25fd3baea683cc1e724ae6c76 (patch) | |
| tree | 506ca35939abfd10fee95f1de80afa5a076e5a58 | |
| parent | 4c19151250e318fa38dac33e5db1397b9d95a43e (diff) | |
simplify request handling by passing read parameters around in a dict instead of setting object properties (this mainly simplifies search filter building)
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1455 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | pynslcd/alias.py | 13 | ||||
| -rw-r--r-- | pynslcd/common.py | 30 | ||||
| -rw-r--r-- | pynslcd/ether.py | 31 | ||||
| -rw-r--r-- | pynslcd/group.py | 40 | ||||
| -rw-r--r-- | pynslcd/host.py | 12 | ||||
| -rw-r--r-- | pynslcd/netgroup.py | 13 | ||||
| -rw-r--r-- | pynslcd/network.py | 16 | ||||
| -rw-r--r-- | pynslcd/pam.py | 54 | ||||
| -rw-r--r-- | pynslcd/passwd.py | 24 | ||||
| -rw-r--r-- | pynslcd/protocol.py | 14 | ||||
| -rw-r--r-- | pynslcd/rpc.py | 14 | ||||
| -rw-r--r-- | pynslcd/service.py | 48 | ||||
| -rw-r--r-- | pynslcd/shadow.py | 13 |
13 files changed, 144 insertions, 178 deletions
diff --git a/pynslcd/alias.py b/pynslcd/alias.py index d432945..b35e009 100644 --- a/pynslcd/alias.py +++ b/pynslcd/alias.py @@ -30,16 +30,16 @@ filter = '(objectClass=nisMailAlias)' class AliasRequest(common.Request): - def write(self, dn, attributes): + def write(self, dn, attributes, parameters): # get name and check against requested name names = attributes['cn'] if not names: logging.error('Error: entry %s does not contain %s value', dn, attmap['cn']) return - if self.name: - if self.name.lower() not in (x.lower() for x in names): + if 'cn' in parameters: + if parameters['cn'].lower() not in (x.lower() for x in names): return - names = ( self.name, ) + names = ( parameters['cn'], ) # get the members of the alias members = attributes['rfc822MailMember'] if not members: @@ -55,10 +55,9 @@ class AliasRequest(common.Request): class AliasByNameRequest(AliasRequest): action = constants.NSLCD_ACTION_ALIAS_BYNAME - filter_attrs = dict(cn='name') - def read_parameters(self): - self.name = self.fp.read_string() + def read_parameters(self, fp): + return dict(cn=fp.read_string()) class AliasAllRequest(AliasRequest): diff --git a/pynslcd/common.py b/pynslcd/common.py index acf0725..1f50584 100644 --- a/pynslcd/common.py +++ b/pynslcd/common.py @@ -69,18 +69,14 @@ class Request(object): self.fp = fp self.conn = conn self.calleruid = calleruid - # have default empty values for these - self.name = None - self.uid = None - self.gid = None - self.address = None + # load information from module that defines the class module = sys.modules[self.__module__] - self.attmap = module.attmap - self.filter = module.filter + self.attmap = getattr(module, 'attmap', None) + self.filter = getattr(module, 'filter', None) self.bases = getattr(module, 'bases', cfg.bases) self.scope = getattr(module, 'scope', cfg.scope) - def read_parameters(self): + def read_parameters(self, fp): """This method should read the parameters from ths stream and store them in self.""" pass @@ -89,26 +85,26 @@ class Request(object): """Return the attributes that should be used in the LDAP search.""" return self.attmap.attributes() - def mk_filter(self): + def mk_filter(self, parameters): """Return the active search filter (based on the read parameters).""" - if hasattr(self, 'filter_attrs'): + if parameters: return '(&%s(%s))' % ( self.filter, ')('.join('%s=%s' % (self.attmap[attribute], - ldap.filter.escape_filter_chars(str(getattr(self, name)))) - for attribute, name in self.filter_attrs.items()) ) + ldap.filter.escape_filter_chars(str(value))) + for attribute, value in parameters.items()) ) return self.filter - def handle_request(self): + def handle_request(self, parameters): """This method handles the request based on the parameters read with read_parameters().""" # get search results for base in self.bases: # do the LDAP search try: - res = self.conn.search_s(base, self.scope, self.mk_filter(), self.attributes()) + res = self.conn.search_s(base, self.scope, self.mk_filter(parameters), self.attributes()) for entry in res: if entry[0]: - self.write(entry[0], self.attmap.mapped(entry[1])) + self.write(entry[0], self.attmap.mapped(entry[1]), parameters) except ldap.NO_SUCH_OBJECT: # FIXME: log message pass @@ -116,11 +112,11 @@ class Request(object): self.fp.write_int32(constants.NSLCD_RESULT_END) def __call__(self): - self.read_parameters() + parameters = self.read_parameters(self.fp) or {} # TODO: log call with parameters self.fp.write_int32(constants.NSLCD_VERSION) self.fp.write_int32(self.action) - self.handle_request() + self.handle_request(parameters) def get_handlers(module): diff --git a/pynslcd/ether.py b/pynslcd/ether.py index e1ab05e..756e572 100644 --- a/pynslcd/ether.py +++ b/pynslcd/ether.py @@ -40,27 +40,23 @@ filter = '(objectClass=ieee802Device)' class EtherRequest(common.Request): - def __init__(self, *args): - super(EtherRequest, self).__init__(*args) - self.ether = None - - def write(self, dn, attributes): + def write(self, dn, attributes, parameters): # get name and check against requested name names = attributes['cn'] if not names: print 'Error: entry %s does not contain %s value' % ( dn, attmap['cn']) - if self.name: - if self.name.lower() not in (x.lower() for x in names): + if 'cn' in parameters: + if parameters['cn'].lower() not in (x.lower() for x in names): return # skip entry - names = ( self.name, ) + names = ( parameters['cn'], ) # get addresses and convert to binary form addresses = [ether_aton(x) for x in attributes['macAddress']] if not addresses: print 'Error: entry %s does not contain %s value' % ( dn, attmap['macAddress']) - if self.ether: - if self.ether not in addresses: + if 'macAddress' in parameters: + if ether_aton(parameters['macAddress']) not in addresses: return - addresses = ( self.ether, ) + addresses = ( ether_aton(parameters['macAddress']), ) # write results for name in names: for ether in addresses: @@ -72,22 +68,17 @@ class EtherRequest(common.Request): class EtherByNameRequest(EtherRequest): action = constants.NSLCD_ACTION_ETHER_BYNAME - filter_attrs = dict(cn='name') - def read_parameters(self): - self.name = self.fp.read_string() + def read_parameters(self, fp): + return dict(cn=fp.read_string()) class EtherByEtherRequest(EtherRequest): action = constants.NSLCD_ACTION_ETHER_BYETHER - def read_parameters(self): - self.ether = self.fp.read(6) - - def mk_filter(self): - return '(&%s(%s=%s))' % ( self.filter, - attmap['macAddress'], ether_ntoa(self.ether) ) + def read_parameters(self, fp): + return dict(macAddress=ether_ntoa(fp.read(6))) class EtherAllRequest(EtherRequest): diff --git a/pynslcd/group.py b/pynslcd/group.py index 361153a..f4519e2 100644 --- a/pynslcd/group.py +++ b/pynslcd/group.py @@ -44,17 +44,17 @@ class GroupRequest(common.Request): wantmembers = True - def write(self, dn, attributes): + def write(self, dn, attributes, parameters): # get group names and check against requested group name names = attributes['cn'] - if self.name: - if self.name not in names: + if 'cn' in parameters: + if parameters['cn'] not in names: return - names = ( self.name, ) + names = ( parameters['cn'], ) # get group group password passwd = attributes['userPassword'][0] # get group id(s) - gids = ( self.gid, ) if self.gid else attributes['gidNumber'] + gids = ( parameters['gidNumber'], ) if 'gidNumber' in parameters else attributes['gidNumber'] gids = [ int(x) for x in gids ] # build member list members = set() @@ -84,20 +84,19 @@ class GroupRequest(common.Request): class GroupByNameRequest(GroupRequest): action = constants.NSLCD_ACTION_GROUP_BYNAME - filter_attrs = dict(cn='name') - def read_parameters(self): - self.name = self.fp.read_string() - common.validate_name(self.name) + def read_parameters(self, fp): + name = fp.read_string() + common.validate_name(name) + return dict(cn=name) class GroupByGidRequest(GroupRequest): action = constants.NSLCD_ACTION_GROUP_BYGID - filter_attrs = dict(gidNumber='gid') - def read_parameters(self): - self.gid = self.fp.read_gid_t() + def read_parameters(self, fp): + return dict(gidNumber=fp.read_gid_t()) class GroupByMemberRequest(GroupRequest): @@ -112,22 +111,25 @@ class GroupByMemberRequest(GroupRequest): del self.attmap['memberUid'] del self.attmap['uniqueMember'] - def read_parameters(self): - self.memberuid = self.fp.read_string() - common.validate_name(self.memberuid) + def read_parameters(self, fp): + memberuid = fp.read_string() + common.validate_name(memberuid) + return dict(memberUid=memberuid) def attributes(self): return self.attmap.attributes() - def mk_filter(self): + def mk_filter(self, parameters): + # we still need a custom mk_filter because this is an | query + memberuid = parameters['memberUid'] if attmap['uniqueMember']: - dn = uid2dn(self.conn, self.memberuid) + dn = uid2dn(self.conn, memberuid) if dn: return '(&%s(|(%s=%s)(%s=%s)))' % ( self.filter, - attmap['memberUid'], ldap.filter.escape_filter_chars(self.memberuid), + attmap['memberUid'], ldap.filter.escape_filter_chars(memberuid), attmap['uniqueMember'], ldap.filter.escape_filter_chars(dn) ) return '(&%s(%s=%s))' % ( self.filter, - attmap['memberUid'], ldap.filter.escape_filter_chars(self.memberuid) ) + attmap['memberUid'], ldap.filter.escape_filter_chars(memberuid) ) class GroupAllRequest(GroupRequest): diff --git a/pynslcd/host.py b/pynslcd/host.py index 5fcbc31..85e88a6 100644 --- a/pynslcd/host.py +++ b/pynslcd/host.py @@ -30,7 +30,7 @@ filter = '(objectClass=ipHost)' class HostRequest(common.Request): - def write(self, dn, attributes): + def write(self, dn, attributes, parameters): hostname = common.get_rdn_value(dn, attmap['cn']) hostnames = attributes['cn'] if not hostnames: @@ -54,19 +54,17 @@ class HostRequest(common.Request): class HostByNameRequest(HostRequest): action = constants.NSLCD_ACTION_HOST_BYNAME - filter_attrs = dict(cn='name') - def read_parameters(self): - self.name = self.fp.read_string() + def read_parameters(self, fp): + return dict(cn=fp.read_string()) class HostByAddressRequest(HostRequest): action = constants.NSLCD_ACTION_HOST_BYADDR - filter_attrs = dict(ipHostNumber='address') - def read_parameters(self): - self.address = self.fp.read_address() + def read_parameters(self, fp): + return dict(ipHostNumber=fp.read_address()) class HostAllRequest(HostRequest): diff --git a/pynslcd/netgroup.py b/pynslcd/netgroup.py index 21be7a8..0f44660 100644 --- a/pynslcd/netgroup.py +++ b/pynslcd/netgroup.py @@ -36,13 +36,13 @@ filter = '(objectClass=nisNetgroup)' class NetgroupRequest(common.Request): - def write(self, dn, attributes): + def write(self, dn, attributes, parameters): # get names and check against requested user name names = attributes['cn'] - if self.name: - if self.name not in names: + if 'cn' in parameters: + if parameters['cn'] not in names: return - names = ( self.name, ) + names = ( parameters['cn'], ) if not names: print 'Error: entry %s does not contain %s value' % (dn, attmap['cn']) # write the netgroup triples @@ -66,7 +66,6 @@ class NetgroupRequest(common.Request): class NetgroupByNameRequest(NetgroupRequest): action = constants.NSLCD_ACTION_NETGROUP_BYNAME - filter_attrs = dict(cn='name') - def read_parameters(self): - self.name = self.fp.read_string() + def read_parameters(self, fp): + return dict(cn=fp.read_string()) diff --git a/pynslcd/network.py b/pynslcd/network.py index a056327..dea01bd 100644 --- a/pynslcd/network.py +++ b/pynslcd/network.py @@ -31,18 +31,18 @@ filter = '(objectClass=ipNetwork)' class NetworkRequest(common.Request): - def write(self, dn, attributes): + def write(self, dn, attributes, parameters): networkname = common.get_rdn_value(dn, attmap['cn']) networknames = attributes['cn'] if not networknames: - print 'Error: entry %s does not contain %s value' % ( dn, attmap['cn']) + print 'Error: entry %s does not contain %s value' % (dn, attmap['cn']) if not networkname: networkname = networknames.pop(0) elif networkname in networknames: networknames.remove(networkname) addresses = attributes['ipNetworkNumber'] if not addresses: - print 'Error: entry %s does not contain %s value' % ( dn, attmap['ipNetworkNumber']) + print 'Error: entry %s does not contain %s value' % (dn, attmap['ipNetworkNumber']) # write result self.fp.write_int32(constants.NSLCD_RESULT_BEGIN) self.fp.write_string(networkname) @@ -55,19 +55,17 @@ class NetworkRequest(common.Request): class NetworkByNameRequest(NetworkRequest): action = constants.NSLCD_ACTION_NETWORK_BYNAME - filter_attrs = dict(cn='name') - def read_parameters(self): - self.name = self.fp.read_string() + def read_parameters(self, fp): + return dict(cn=fp.read_string()) class NetworkByAddressRequest(NetworkRequest): action = constants.NSLCD_ACTION_NETWORK_BYADDR - filter_attrs = dict(ipNetworkNumber='address') - def read_parameters(self): - self.address = self.fp.read_address() + def read_parameters(self, fp): + return dict(ipNetworkNumber=fp.read_address()) class NetworkAllRequest(NetworkRequest): diff --git a/pynslcd/pam.py b/pynslcd/pam.py index 8149e87..316be96 100644 --- a/pynslcd/pam.py +++ b/pynslcd/pam.py @@ -42,18 +42,18 @@ def try_bind(userdn, password): class PAMRequest(common.Request): - def validate_request(self): + def validate_request(self, parameters): """This method checks the provided username for validity and fills in the DN if needed.""" # check username for validity - common.validate_name(self.username) + common.validate_name(parameters['username']) # look up user DN if not known - if not self.userdn: - entry = passwd.uid2entry(self.conn, self.username) + if not parameters['userdn']: + entry = passwd.uid2entry(self.conn, parameters['username']) if not entry: - raise ValueError('%r: user not found' % self.username) + raise ValueError('%r: user not found' % parameters['username']) # save the DN - self.userdn = entry[0] + parameters['userdn'] = entry[0] # get the "real" username value = common.get_rdn_value(entry[0], passwd.attmap['uid']) if not value: @@ -66,55 +66,57 @@ class PAMRequest(common.Request): if value and not common.isvalidname(value): raise ValueError('%s: has invalid %s attribute', dn, passwd.attmap['uid']) # check if the username is different and update it if needed - if value != self.username: - logging.info('username changed from %r to %r', self.username, value) - self.username = value + if value != parameters['username']: + logging.info('username changed from %r to %r', parameters['username'], value) + parameters['username'] = value class PAMAuthenticationRequest(PAMRequest): action = constants.NSLCD_ACTION_PAM_AUTHC - def read_parameters(self): - self.username = self.fp.read_string() - self.userdn = self.fp.read_string() - self.servicename = self.fp.read_string() - self.password = self.fp.read_string() + def read_parameters(self, fp): + return dict(username=fp.read_string(), + userdn=fp.read_string(), + servicename=fp.read_string(), + password=fp.read_string()) #self.validate_request() # TODO: log call with parameters - def write(self, code=constants.NSLCD_PAM_SUCCESS, msg=''): + def write(self, parameters, code=constants.NSLCD_PAM_SUCCESS, msg=''): self.fp.write_int32(constants.NSLCD_RESULT_BEGIN) - self.fp.write_string(self.username) - self.fp.write_string(self.userdn) + self.fp.write_string(parameters['username']) + self.fp.write_string(parameters['userdn']) self.fp.write_int32(code) # authc self.fp.write_int32(constants.NSLCD_PAM_SUCCESS) # authz self.fp.write_string(msg) # authzmsg self.fp.write_int32(constants.NSLCD_RESULT_END) - def handle_request(self): + def handle_request(self, parameters): # if the username is blank and rootpwmoddn is configured, try to # authenticate as administrator, otherwise validate request as usual - if not self.username and cfg.rootpwmoddn: + if not parameters['username'] and cfg.rootpwmoddn: # authenticate as rootpwmoddn - self.userdn = cfg.rootpwmoddn + userdn = cfg.rootpwmoddn # if the caller is root we will allow the use of rootpwmodpw - if not self.password and self.calleruid == 0 and cfg.rootpwmodpw: - self.password = cfg.rootpwmodpw + if not parameters['password'] and self.calleruid == 0 and cfg.rootpwmodpw: + password = cfg.rootpwmodpw else: - self.validate_request() + self.validate_request(parameters) + userdn = parameters['userdn'] + password = parameters['password'] # try authentication try: - try_bind(self.userdn, self.password) + try_bind(userdn, password) logging.debug('bind successful') - self.write() + self.write(parameters) except ldap.INVALID_CREDENTIALS, e: try: msg = e[0]['desc'] except: msg = str(e) logging.debug('bind failed: %s', msg) - self.write(constants.NSLCD_PAM_AUTH_ERR, msg) + self.write(parameters, constants.NSLCD_PAM_AUTH_ERR, msg) #class PAMAuthorisationRequest(PAMRequest): diff --git a/pynslcd/passwd.py b/pynslcd/passwd.py index 406e614..cab2022 100644 --- a/pynslcd/passwd.py +++ b/pynslcd/passwd.py @@ -39,20 +39,20 @@ bases = ( 'ou=people,dc=test,dc=tld', ) class PasswdRequest(common.Request): - def write(self, dn, attributes): + def write(self, dn, attributes, parameters): # get uid attribute and check against requested user name names = attributes['uid'] - if self.name: - if self.name not in names: + if 'uid' in parameters: + if parameters['uid'] not in names: return - names = ( self.name, ) + names = ( parameters['uid'], ) # get user password entry if 'shadowAccount' in attributes['objectClass']: passwd = 'x' else: passwd = attributes['userPassword'][0] # get numeric user and group ids - uids = ( self.uid, ) if self.uid else attributes['uidNumber'] + uids = ( parameters['uidNumber'], ) if 'uidNumber' in parameters else attributes['uidNumber'] uids = [ int(x) for x in uids ] # get other passwd properties gid = int(attributes['gidNumber'][0]) @@ -78,20 +78,19 @@ class PasswdRequest(common.Request): class PasswdByNameRequest(PasswdRequest): action = constants.NSLCD_ACTION_PASSWD_BYNAME - filter_attrs = dict(uid='name') - def read_parameters(self): - self.name = self.fp.read_string() - common.validate_name(self.name) + def read_parameters(self, fp): + name = fp.read_string() + common.validate_name(name) + return dict(uid=name) class PasswdByUidRequest(PasswdRequest): action = constants.NSLCD_ACTION_PASSWD_BYUID - filter_attrs = dict(uidNumber='uid') - def read_parameters(self): - self.uid = self.fp.read_uid_t() + def read_parameters(self, fp): + return dict(uidNumber=fp.read_uid_t()) class PasswdAllRequest(PasswdRequest): @@ -99,6 +98,7 @@ class PasswdAllRequest(PasswdRequest): action = constants.NSLCD_ACTION_PASSWD_ALL +# FIXME: have something in common that does this def do_search(conn, flt=None, base=None): mybases = ( base, ) if base else bases flt = flt or filter diff --git a/pynslcd/protocol.py b/pynslcd/protocol.py index a37e633..0e29f6b 100644 --- a/pynslcd/protocol.py +++ b/pynslcd/protocol.py @@ -30,13 +30,13 @@ filter = '(objectClass=ipProtocol)' class ProtocolRequest(common.Request): - def write(self, dn, attributes): + def write(self, dn, attributes, parameters): # get name name = common.get_rdn_value(dn, attmap['cn']) names = attributes['cn'] if not names: print 'Error: entry %s does not contain %s value' % (dn, attmap['cn']) - if self.name and self.name not in names: + if 'cn' in parameters and parameters['cn'] not in names: return # case of result entry did not match if not name: name = names.pop(0) @@ -57,19 +57,17 @@ class ProtocolRequest(common.Request): class ProtocolByNameRequest(ProtocolRequest): action = constants.NSLCD_ACTION_PROTOCOL_BYNAME - filter_attrs = dict(cn='name') - def read_parameters(self): - self.name = self.fp.read_string() + def read_parameters(self, fp): + return dict(cn=fp.read_string()) class ProtocolByNumberRequest(ProtocolRequest): action = constants.NSLCD_ACTION_PROTOCOL_BYNUMBER - filter_attrs = dict(ipProtocolNumber='number') - def read_parameters(self): - self.number = self.fp.read_int32() + def read_parameters(self, fp): + return dict(ipProtocolNumber=fp.read_int32()) class ProtocolAllRequest(ProtocolRequest): diff --git a/pynslcd/rpc.py b/pynslcd/rpc.py index 9e71893..74a230d 100644 --- a/pynslcd/rpc.py +++ b/pynslcd/rpc.py @@ -30,13 +30,13 @@ filter = '(objectClass=oncRpc)' class RpcRequest(common.Request): - def write(self, dn, attributes): + def write(self, dn, attributes, parameters): # get name name = common.get_rdn_value(dn, attmap['cn']) names = attributes['cn'] if not names: print 'Error: entry %s does not contain %s value' % ( dn, attmap['cn'] ) - if self.name and self.name not in names: + if 'cn' in parameters and parameters['cn'] not in names: return # case of result entry did not match if not name: name = names.pop(0) @@ -57,19 +57,17 @@ class RpcRequest(common.Request): class RpcByNameRequest(RpcRequest): action = constants.NSLCD_ACTION_RPC_BYNAME - filter_attrs = dict(cn='name') - def read_parameters(self): - self.name = self.fp.read_string() + def read_parameters(self, fp): + return dict(cn=fp.read_string()) class RpcByNumberRequest(RpcRequest): action = constants.NSLCD_ACTION_RPC_BYNUMBER - filter_attrs = dict(oncRpcNumber='number') - def read_parameters(self): - self.number = self.fp.read_int32() + def read_parameters(self, fp): + return dict(oncRpcNumber=fp.read_int32()) class RpcAllRequest(RpcRequest): diff --git a/pynslcd/service.py b/pynslcd/service.py index 6d97b87..08b0ebe 100644 --- a/pynslcd/service.py +++ b/pynslcd/service.py @@ -33,17 +33,13 @@ filter = '(objectClass=ipService)' class ServiceRequest(common.Request): - def __init__(self, *args): - super(ServiceRequest, self).__init__(*args) - self.protocol = None - - def write(self, dn, attributes): + def write(self, dn, attributes, parameters): # get name name = common.get_rdn_value(dn, attmap['cn']) names = attributes['cn'] if not names: print 'Error: entry %s does not contain %s value' % (dn, attmap['cn']) - if self.name and self.name not in names + [ name, ]: + if 'cn' in parameters and parameters['cn'] not in names + [ name, ]: return # case of result entry did not match if not name: name = names.pop(0) @@ -56,10 +52,10 @@ class ServiceRequest(common.Request): port = int(port) # get protocol protocols = attributes['ipServiceProtocol'] - if self.protocol: - if self.protocol not in protocols: + if 'ipServiceProtocol' in parameters: + if parameters['ipServiceProtocol'] not in protocols: return - protocols = ( self.protocol, ) + protocols = ( parameters['ipServiceProtocol'], ) # write result for protocol in protocols: self.fp.write_int32(constants.NSLCD_RESULT_BEGIN) @@ -73,36 +69,26 @@ class ServiceByNameRequest(ServiceRequest): action = constants.NSLCD_ACTION_SERVICE_BYNAME - def read_parameters(self): - self.name = self.fp.read_string() - self.protocol = self.fp.read_string() - - def mk_filter(self): - if self.protocol: - return '(&%s(%s=%s)(%s=%s))' % ( self.filter, - attmap['cn'], ldap.filter.escape_filter_chars(self.name), - attmap['ipServiceProtocol'], ldap.filter.escape_filter_chars(self.protocol) ) + def read_parameters(self, fp): + name = fp.read_string() + protocol = fp.read_string() + if protocol: + return dict(cn=name, ipServiceProtocol=protocol) else: - return '(&%s(%s=%s))' % ( self.filter, - attmap['cn'], ldap.filter.escape_filter_chars(self.name) ) + return dict(cn=name) class ServiceByNumberRequest(ServiceRequest): action = constants.NSLCD_ACTION_SERVICE_BYNUMBER - def read_parameters(self): - self.number = self.fp.read_int32() - self.protocol = self.fp.read_string() - - def mk_filter(self): - if self.protocol: - return '(&%s(%s=%d)(%s=%s))' % ( self.filter, - attmap['ipServicePort'], self.number, - attmap['ipServiceProtocol'], ldap.filter.escape_filter_chars(self.protocol) ) + def read_parameters(self, fp): + number = fp.read_int32() + protocol = fp.read_string() + if protocol: + return dict(ipServicePort=number, ipServiceProtocol=protocol) else: - return '(&%s(%s=%d))' % ( self.filter, - attmap['ipServicePort'], self.number ) + return dict(ipServicePort=number) class ServiceAllRequest(ServiceRequest): diff --git a/pynslcd/shadow.py b/pynslcd/shadow.py index 4408c0c..34119b0 100644 --- a/pynslcd/shadow.py +++ b/pynslcd/shadow.py @@ -39,16 +39,16 @@ bases = ( 'ou=people,dc=test,dc=tld', ) class ShadowRequest(common.Request): - def write(self, dn, attributes): + def write(self, dn, attributes, parameters): # get name and check against requested name names = attributes['uid'] if not names: print 'Error: entry %s does not contain %s value' % ( dn, attmap['uid'] ) return - if self.name: - if self.name not in names: + if 'uid' in parameters: + if parameters['uid'] not in names: return - names = ( self.name, ) + names = ( parameters['uid'], ) # get password (passwd, ) = attributes['userPassword'] if not passwd or self.calleruid != 0: @@ -96,10 +96,9 @@ class ShadowRequest(common.Request): class ShadowByNameRequest(ShadowRequest): action = constants.NSLCD_ACTION_SHADOW_BYNAME - filter_attrs = dict(uid='name') - def read_parameters(self): - self.name = self.fp.read_string() + def read_parameters(self, fp): + return dict(uid=fp.read_string()) class ShadowAllRequest(ShadowRequest): |