diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2013-08-21 21:52:41 +0200 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2013-08-21 21:52:41 +0200 |
| commit | 7b474d0d1cf1a5c7a7b59e55b29a9778d5925742 (patch) | |
| tree | b6f7cf72f20b3a5dbb4a4fc21962f0f1e6ddde5f | |
| parent | b0358f74944cd5d7e984700d61da989b5f98cb18 (diff) | |
Have pynslcd handle mapped userPassword
This fixes an error that could occur when the userPassword was retrieved
from LDAP and insufficient privileges were available for reading the
attribute.
| -rw-r--r-- | pynslcd/group.py | 9 | ||||
| -rw-r--r-- | pynslcd/passwd.py | 7 | ||||
| -rw-r--r-- | pynslcd/shadow.py | 5 |
3 files changed, 17 insertions, 4 deletions
diff --git a/pynslcd/group.py b/pynslcd/group.py index 965148d..375af57 100644 --- a/pynslcd/group.py +++ b/pynslcd/group.py @@ -139,8 +139,13 @@ class GroupRequest(common.Request): def convert(self, dn, attributes, parameters): # get group names and check against requested group name names = attributes['cn'] - # get group group password - passwd = attributes['userPassword'][0] + # get group password + try: + passwd = attributes['userPassword'][0] + except IndexError: + passwd = None + if not passwd or self.calleruid != 0: + passwd = '*' # get group id(s) gids = [int(x) for x in attributes['gidNumber']] # build member list diff --git a/pynslcd/passwd.py b/pynslcd/passwd.py index a5e4d1f..d65e556 100644 --- a/pynslcd/passwd.py +++ b/pynslcd/passwd.py @@ -77,7 +77,12 @@ class PasswdRequest(common.Request): if 'shadowAccount' in attributes['objectClass']: passwd = 'x' else: - passwd = attributes['userPassword'][0] + try: + passwd = attributes['userPassword'][0] + except IndexError: + passwd = None + if not passwd or self.calleruid != 0: + passwd = '*' uids = [int(x) for x in attributes['uidNumber']] gid = int(attributes['gidNumber'][0]) gecos = attributes['gecos'][0] diff --git a/pynslcd/shadow.py b/pynslcd/shadow.py index 5fd0aa9..89dbbfa 100644 --- a/pynslcd/shadow.py +++ b/pynslcd/shadow.py @@ -76,7 +76,10 @@ class ShadowRequest(common.Request): def convert(self, dn, attributes, parameters): names = attributes['uid'] - passwd = attributes['userPassword'][0] + try: + passwd = attributes['userPassword'][0] + except IndexError: + passwd = None if not passwd or self.calleruid != 0: passwd = '*' # function for making an int |