|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# shadow.py - lookup functions for shadow information
|
|
Packit |
6bd9ab |
#
|
|
Packit |
6bd9ab |
# Copyright (C) 2010, 2011, 2012, 2013 Arthur de Jong
|
|
Packit |
6bd9ab |
#
|
|
Packit |
6bd9ab |
# This library is free software; you can redistribute it and/or
|
|
Packit |
6bd9ab |
# modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
# License as published by the Free Software Foundation; either
|
|
Packit |
6bd9ab |
# version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6bd9ab |
#
|
|
Packit |
6bd9ab |
# This library is distributed in the hope that it will be useful,
|
|
Packit |
6bd9ab |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6bd9ab |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6bd9ab |
# Lesser General Public License for more details.
|
|
Packit |
6bd9ab |
#
|
|
Packit |
6bd9ab |
# You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
# License along with this library; if not, write to the Free Software
|
|
Packit |
6bd9ab |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
Packit |
6bd9ab |
# 02110-1301 USA
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
import cache
|
|
Packit |
6bd9ab |
import cfg
|
|
Packit |
6bd9ab |
import common
|
|
Packit |
6bd9ab |
import constants
|
|
Packit |
6bd9ab |
import search
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
attmap = common.Attributes(uid='uid',
|
|
Packit |
6bd9ab |
userPassword='"*"',
|
|
Packit |
6bd9ab |
shadowLastChange='"${shadowLastChange:--1}"',
|
|
Packit |
6bd9ab |
shadowMin='"${shadowMin:--1}"',
|
|
Packit |
6bd9ab |
shadowMax='"${shadowMax:--1}"',
|
|
Packit |
6bd9ab |
shadowWarning='"${shadowWarning:--1}"',
|
|
Packit |
6bd9ab |
shadowInactive='"${shadowInactive:--1}"',
|
|
Packit |
6bd9ab |
shadowExpire='"${shadowExpire:--1}"',
|
|
Packit |
6bd9ab |
shadowFlag='"${shadowFlag:-0}"')
|
|
Packit |
6bd9ab |
filter = '(objectClass=shadowAccount)'
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
class Search(search.LDAPSearch):
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
case_sensitive = ('uid', )
|
|
Packit |
6bd9ab |
limit_attributes = ('uid', )
|
|
Packit |
6bd9ab |
required = ('uid', )
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
class Cache(cache.Cache):
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
create_sql = '''
|
|
Packit |
6bd9ab |
CREATE TABLE IF NOT EXISTS `shadow_cache`
|
|
Packit |
6bd9ab |
( `uid` TEXT PRIMARY KEY,
|
|
Packit |
6bd9ab |
`userPassword` TEXT,
|
|
Packit |
6bd9ab |
`shadowLastChange` INTEGER,
|
|
Packit |
6bd9ab |
`shadowMin` INTEGER,
|
|
Packit |
6bd9ab |
`shadowMax` INTEGER,
|
|
Packit |
6bd9ab |
`shadowWarning` INTEGER,
|
|
Packit |
6bd9ab |
`shadowInactive` INTEGER,
|
|
Packit |
6bd9ab |
`shadowExpire` INTEGER,
|
|
Packit |
6bd9ab |
`shadowFlag` INTEGER,
|
|
Packit |
6bd9ab |
`mtime` TIMESTAMP NOT NULL );
|
|
Packit |
6bd9ab |
'''
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
class ShadowRequest(common.Request):
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
def write(self, name, passwd, lastchangedate, mindays, maxdays, warndays,
|
|
Packit |
6bd9ab |
inactdays, expiredate, flag):
|
|
Packit |
6bd9ab |
self.fp.write_string(name)
|
|
Packit |
6bd9ab |
self.fp.write_string(passwd)
|
|
Packit |
6bd9ab |
self.fp.write_int32(lastchangedate)
|
|
Packit |
6bd9ab |
self.fp.write_int32(mindays)
|
|
Packit |
6bd9ab |
self.fp.write_int32(maxdays)
|
|
Packit |
6bd9ab |
self.fp.write_int32(warndays)
|
|
Packit |
6bd9ab |
self.fp.write_int32(inactdays)
|
|
Packit |
6bd9ab |
self.fp.write_int32(expiredate)
|
|
Packit |
6bd9ab |
self.fp.write_int32(flag)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
def convert(self, dn, attributes, parameters):
|
|
Packit |
6bd9ab |
names = attributes['uid']
|
|
Packit |
6bd9ab |
try:
|
|
Packit |
6bd9ab |
passwd = attributes['userPassword'][0]
|
|
Packit |
6bd9ab |
except IndexError:
|
|
Packit |
6bd9ab |
passwd = None
|
|
Packit |
6bd9ab |
if not passwd or self.calleruid != 0:
|
|
Packit |
6bd9ab |
passwd = '*'
|
|
Packit |
6bd9ab |
# function for making an int
|
|
Packit |
6bd9ab |
def mk_int(attr):
|
|
Packit |
6bd9ab |
try:
|
|
Packit |
6bd9ab |
return int(attr)
|
|
Packit |
6bd9ab |
except TypeError:
|
|
Packit |
6bd9ab |
return None
|
|
Packit |
6bd9ab |
# get lastchange date
|
|
Packit |
6bd9ab |
lastchangedate = mk_int(attributes.get('shadowLastChange', [0])[0])
|
|
Packit |
6bd9ab |
# we expect an AD 64-bit datetime value;
|
|
Packit |
6bd9ab |
# we should do date=date/864000000000-134774
|
|
Packit |
6bd9ab |
# but that causes problems on 32-bit platforms,
|
|
Packit |
6bd9ab |
# first we devide by 1000000000 by stripping the
|
|
Packit |
6bd9ab |
# last 9 digits from the string and going from there */
|
|
Packit |
6bd9ab |
if attmap['shadowLastChange'] == 'pwdLastSet':
|
|
Packit |
6bd9ab |
lastchangedate = (lastchangedate / 864000000000) - 134774
|
|
Packit |
6bd9ab |
# get longs
|
|
Packit |
6bd9ab |
mindays = mk_int(attributes.get('shadowMin', [-1])[0])
|
|
Packit |
6bd9ab |
maxdays = mk_int(attributes.get('shadowMax', [-1])[0])
|
|
Packit |
6bd9ab |
warndays = mk_int(attributes.get('shadowWarning', [-1])[0])
|
|
Packit |
6bd9ab |
inactdays = mk_int(attributes.get('shadowInactive', [-1])[0])
|
|
Packit |
6bd9ab |
expiredate = mk_int(attributes.get('shadowExpire', [-1])[0])
|
|
Packit |
6bd9ab |
flag = mk_int(attributes.get('shadowFlag', [0])[0])
|
|
Packit |
6bd9ab |
if attmap['shadowFlag'] == 'pwdLastSet':
|
|
Packit |
6bd9ab |
if flag & 0x10000:
|
|
Packit |
6bd9ab |
maxdays = -1
|
|
Packit |
6bd9ab |
flag = 0
|
|
Packit |
6bd9ab |
# return results
|
|
Packit |
6bd9ab |
for name in names:
|
|
Packit |
6bd9ab |
yield (name, passwd, lastchangedate, mindays, maxdays, warndays,
|
|
Packit |
6bd9ab |
inactdays, expiredate, flag)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
class ShadowByNameRequest(ShadowRequest):
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
action = constants.NSLCD_ACTION_SHADOW_BYNAME
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
def read_parameters(self, fp):
|
|
Packit |
6bd9ab |
return dict(uid=fp.read_string())
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
class ShadowAllRequest(ShadowRequest):
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
action = constants.NSLCD_ACTION_SHADOW_ALL
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
def handle_request(self, parameters):
|
|
Packit |
6bd9ab |
if not cfg.nss_disable_enumeration:
|
|
Packit |
6bd9ab |
return super(ShadowAllRequest, self).handle_request(parameters)
|