summaryrefslogtreecommitdiff
path: root/pynslcd/group.py
diff options
context:
space:
mode:
authorLuke Shumaker <lukeshu@sbcglobal.net>2014-10-04 16:12:13 -0400
committerLuke Shumaker <lukeshu@sbcglobal.net>2014-10-04 16:12:13 -0400
commitbe4588009b7106859e1beae6038aaea8d7f85825 (patch)
treeee0010a7003d23a686888fc9585de4e0ec429547 /pynslcd/group.py
parent8e54633a2b520dff0a237349f5fc4cbcf4719f40 (diff)
remove non-nslcd stuff
Diffstat (limited to 'pynslcd/group.py')
-rw-r--r--pynslcd/group.py229
1 files changed, 0 insertions, 229 deletions
diff --git a/pynslcd/group.py b/pynslcd/group.py
deleted file mode 100644
index c8abfe5..0000000
--- a/pynslcd/group.py
+++ /dev/null
@@ -1,229 +0,0 @@
-
-# group.py - group entry lookup routines
-#
-# Copyright (C) 2010-2014 Arthur de Jong
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-# 02110-1301 USA
-
-import logging
-
-from ldap.filter import escape_filter_chars
-import ldap
-
-import cache
-import cfg
-import common
-import constants
-import passwd
-import search
-
-
-def clean(lst):
- if lst:
- for i in lst:
- yield i.replace('\0', '')
-
-
-attmap = common.Attributes(cn='cn',
- userPassword='"*"',
- gidNumber='gidNumber',
- memberUid='memberUid',
- member='member')
-filter = '(objectClass=posixGroup)'
-
-
-class Search(search.LDAPSearch):
-
- case_sensitive = ('cn', )
- limit_attributes = ('cn', 'gidNumber')
-
- def __init__(self, *args, **kwargs):
- super(Search, self).__init__(*args, **kwargs)
- if 'memberUid' in self.parameters or 'member' in self.parameters:
- # set up our own attributes that leave out membership attributes
- self.attributes = list(self.attributes)
- if attmap['memberUid'] in self.attributes:
- self.attributes.remove(attmap['memberUid'])
- if attmap['member'] in self.attributes:
- self.attributes.remove(attmap['member'])
-
- def mk_filter(self):
- # we still need a custom mk_filter because this is an | query
- if attmap['member'] and 'memberUid' in self.parameters:
- memberuid = self.parameters['memberUid']
- entry = passwd.uid2entry(self.conn, memberuid)
- if entry:
- return '(&%s(|(%s=%s)(%s=%s)))' % (
- self.filter,
- attmap['memberUid'], escape_filter_chars(memberuid),
- attmap['member'], escape_filter_chars(entry[0])
- )
- return super(Search, self).mk_filter()
-
-
-class Cache(cache.Cache):
-
- tables = ('group_cache', 'group_member_cache')
-
- create_sql = '''
- CREATE TABLE IF NOT EXISTS `group_cache`
- ( `cn` TEXT PRIMARY KEY,
- `userPassword` TEXT,
- `gidNumber` INTEGER NOT NULL UNIQUE,
- `mtime` TIMESTAMP NOT NULL );
- CREATE TABLE IF NOT EXISTS `group_member_cache`
- ( `group` TEXT NOT NULL,
- `memberUid` TEXT NOT NULL,
- FOREIGN KEY(`group`) REFERENCES `group_cache`(`cn`)
- ON DELETE CASCADE ON UPDATE CASCADE );
- CREATE INDEX IF NOT EXISTS `group_member_idx` ON `group_member_cache`(`group`);
- '''
-
- retrieve_sql = '''
- SELECT `group_cache`.`cn` AS `cn`, `userPassword`, `gidNumber`,
- `memberUid`, `mtime`
- FROM `group_cache`
- LEFT JOIN `group_member_cache`
- ON `group_member_cache`.`group` = `group_cache`.`cn`
- '''
-
- retrieve_by = dict(
- memberUid='''
- `cn` IN (
- SELECT `a`.`group`
- FROM `group_member_cache` `a`
- WHERE `a`.`memberUid` = ?)
- ''',
- )
-
- group_by = (0, ) # cn
- group_columns = (3, ) # memberUid
-
-
-class GroupRequest(common.Request):
-
- def write(self, name, passwd, gid, members):
- self.fp.write_string(name)
- self.fp.write_string(passwd)
- self.fp.write_int32(gid)
- self.fp.write_stringlist(members)
-
- def get_members(self, attributes, members, subgroups, seen):
- # add the memberUid values
- for member in clean(attributes['memberUid']):
- if common.is_valid_name(member):
- members.add(member)
- # translate and add the member values
- if attmap['member']:
- for memberdn in clean(attributes['member']):
- if memberdn in seen:
- continue
- seen.add(memberdn)
- member = passwd.dn2uid(self.conn, memberdn)
- if member and common.is_valid_name(member):
- members.add(member)
- elif cfg.nss_nested_groups:
- subgroups.append(memberdn)
-
- def convert(self, dn, attributes, parameters):
- # get group names and check against requested group name
- names = attributes['cn']
- # get group password
- try:
- passwd = attributes['userPassword'][0]
- except IndexError:
- passwd = None
- if not passwd or self.calleruid != 0:
- passwd = '*'
- # get group id(s)
- gids = [int(x) for x in attributes['gidNumber']]
- # build member list
- members = set()
- subgroups = []
- seen = set([dn])
- self.get_members(attributes, members, subgroups, seen)
- # go over subgroups to find more members
- while subgroups:
- memberdn = subgroups.pop(0)
- for dn2, attributes2 in self.search(self.conn, base=memberdn, scope=ldap.SCOPE_BASE):
- self.get_members(attributes2, members, subgroups, seen)
- # actually return the results
- for name in names:
- if not common.is_valid_name(name):
- logging.warning('%s: %s: denied by validnames option', dn,
- attmap['cn'])
- else:
- for gid in gids:
- yield (name, passwd, gid, members)
-
-
-class GroupByNameRequest(GroupRequest):
-
- action = constants.NSLCD_ACTION_GROUP_BYNAME
-
- def read_parameters(self, fp):
- name = fp.read_string()
- common.validate_name(name)
- return dict(cn=name)
-
-
-class GroupByGidRequest(GroupRequest):
-
- action = constants.NSLCD_ACTION_GROUP_BYGID
-
- def read_parameters(self, fp):
- return dict(gidNumber=fp.read_int32())
-
-
-class GroupByMemberRequest(GroupRequest):
-
- action = constants.NSLCD_ACTION_GROUP_BYMEMBER
-
- def read_parameters(self, fp):
- memberuid = fp.read_string()
- common.validate_name(memberuid)
- return dict(memberUid=memberuid)
-
- def get_results(self, parameters):
- seen = set()
- for dn, attributes in self.search(self.conn, parameters=parameters):
- seen.add(dn)
- for values in self.convert(dn, attributes, parameters):
- yield values
- if cfg.nss_nested_groups and attmap['member']:
- tocheck = list(seen)
- # find parent groups
- while tocheck:
- group = tocheck.pop(0)
- for dn, attributes in self.search(self.conn, parameters=dict(member=group)):
- if dn not in seen:
- seen.add(dn)
- tocheck.append(dn)
- for result in self.convert(dn, attributes, parameters):
- yield result
-
- def handle_request(self, parameters):
- # check whether requested user is in nss_initgroups_ignoreusers
- if parameters['memberUid'] in cfg.nss_initgroups_ignoreusers:
- # write the final result code to signify empty results
- self.fp.write_int32(constants.NSLCD_RESULT_END)
- return
- return super(GroupByMemberRequest, self).handle_request(parameters)
-
-
-class GroupAllRequest(GroupRequest):
-
- action = constants.NSLCD_ACTION_GROUP_ALL
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2025-08-17 04:06:23 +0000