From ffcd4f70e2561dfd67d6788f2351f1ba56025d8e Mon Sep 17 00:00:00 2001 Message-Id: From: Philipp Hahn Date: Fri, 15 Mar 2013 18:50:51 +0100 Subject: [PATCH 01/13] Bug #25279: Change pwExpiry unset Organization: Univention GmbH, Bremen, Germany Catch TypeError for single-valued attributes. Explicitly test for None value when pwExpiry is unset. --- .../modules/univention/admin/syntax.py | 6 +++--- .../umc/python/udm/__init__.py | 19 +++++++++++++++---- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/syntax.py b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/syntax.py index a75e860..05f1732 100644 --- a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/syntax.py +++ b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/syntax.py @@ -1036,11 +1036,11 @@ class date(simple): @classmethod def parse(self, text): - if self._re_iso.match(text) != None: + if text and self._re_iso.match(text): year, month, day = map(lambda(x): int(x), text.split('-')) if 1960 < year < 2100 and 1 <= month <= 12 and 1 <= day <= 31: - return '%02d.%02d.%s' % ( day, month, str( year )[ 2 : ] ) - if self._re_de.match(text) != None: + return '%02d.%02d.%02d' % (day, month, year % 100) + if text and self._re_de.match(text): day, month, year = map(lambda(x): int(x), text.split('.')) if 0 <= year <= 99 and 1 <= month <= 12 and 1 <= day <= 31: return text diff --git a/branches/ucs-3.1/ucs/management/univention-management-console-module-udm/umc/python/udm/__init__.py b/branches/ucs-3.1/ucs/management/univention-management-console-module-udm/umc/python/udm/__init__.py index 4a7579c..bd2a588 100644 --- a/branches/ucs-3.1/ucs/management/univention-management-console-module-udm/umc/python/udm/__init__.py +++ b/branches/ucs-3.1/ucs/management/univention-management-console-module-udm/umc/python/udm/__init__.py @@ -799,14 +799,25 @@ class Instance( Base ): except ( udm_errors.valueInvalidSyntax, udm_errors.valueError, TypeError ), e: subResults.append( False ) subDetails.append( str(e) ) - result.append( { 'property' : property_name, 'valid' : subResults, 'details' : subDetails } ) + result.append({ + 'property': property_name, + 'valid': subResults, + 'details': subDetails + }) # otherwise we have a single value else: try: property_obj.syntax.parse( value ) - result.append( { 'property' : property_name, 'valid' : True } ) - except ( udm_errors.valueInvalidSyntax, udm_errors.valueError ), e: - result.append( { 'property' : property_name, 'valid' : False, 'details' : str( e ) } ) + result.append({ + 'property': property_name, + 'valid': True + }) + except (udm_errors.valueInvalidSyntax, udm_errors.valueError, TypeError), ex: + result.append({ + 'property': property_name, + 'valid': False, + 'details' : str(ex) + }) return result -- 1.7.10.4 From 72e804a51c7c7c2fb985569de9cef238a70f73c3 Mon Sep 17 00:00:00 2001 Message-Id: <72e804a51c7c7c2fb985569de9cef238a70f73c3.1363595740.git.hahn@univention.de> In-Reply-To: References: From: Philipp Hahn Date: Fri, 15 Mar 2013 19:28:31 +0100 Subject: [PATCH 02/13] Bug #25279: Fix regression test Organization: Univention GmbH, Bremen, Germany Convert LDAP_Search exmaples to non-testmod cases. Break long lines for DNS SRV name records. Fix RegExp for uid(). --- .../modules/univention/admin/syntax.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/syntax.py b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/syntax.py index 05f1732..df16140 100644 --- a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/syntax.py +++ b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/syntax.py @@ -702,7 +702,7 @@ class uid(simple): """ min_length=1 max_length=16 - regex = re.compile('(?u)(^[a-zA-Z0-9])[a-zA-Z0-9._-]*([a-zA-Z0-9]$)') + regex = re.compile('^(?!admin$)[a-zA-Z0-9][a-zA-Z0-9._-]*[a-zA-Z0-9]$', re.UNICODE) error_message = _("Value must not contain anything other than digits, letters, dots, dash or underscore, must be at least 2 characters long, must start and end with a digit or letter, and must not be admin!") class uid_umlauts(simple): @@ -1111,7 +1111,11 @@ class dnsSRVName(complex): """ min_elements = 2 all_required = False - subsyntaxes = ( ( _( 'Service' ), TwoThirdsString ), ( _( 'Protocol' ), ipProtocolSRV ), ( _( 'Extension' ), string ) ) + subsyntaxes = ( + (_('Service'), TwoThirdsString), + (_('Protocol'), ipProtocolSRV), + (_('Extension'), string) + ) class postalAddress( complex ): delimiter = ', ' @@ -2448,11 +2452,11 @@ class LDAP_Search( select ): Searches can be either defined dynamically via a UDM settings/syntax definition and using - >>> LDAP_Search( syntax_name = '' ) + > LDAP_Search( syntax_name = '' ) - or programmatically by directly instantiating + or programmatically by directly instantiating - >>> LDAP_Search( filter = '', attribute = [ '', ... ], value = '', base = '' ) + > LDAP_Search(filter='', attribute=['', ...], value='', base='') """ FILTER_PATTERN = '(&(objectClass=univentionSyntax)(cn=%s))' -- 1.7.10.4 From 28249c1a3becde030da1f3f89f0a01afca960810 Mon Sep 17 00:00:00 2001 Message-Id: <28249c1a3becde030da1f3f89f0a01afca960810.1363595740.git.hahn@univention.de> In-Reply-To: References: From: Philipp Hahn Date: Fri, 15 Mar 2013 19:37:53 +0100 Subject: [PATCH 03/13] Bug #25279: remove obsolete function Organization: Univention GmbH, Bremen, Germany shift() ist unused. --- .../modules/univention/admin/handlers/users/user.py | 9 --------- 1 file changed, 9 deletions(-) diff --git a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py index d555da9..c3140f8 100644 --- a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py +++ b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py @@ -1087,15 +1087,6 @@ def GMTOffset(): # returns the difference in hours between local time and GMT (is -1 for CET and CEST) return time.timezone/3600 -def shift(string, offset): - # shifts the string #offset chars to the left - if offset<0: - for i in range(0, abs(offset)): - string=string[-1:]+string[:-1] - else: - for i in range(0, offset): - string=string[1:]+string[:1] - return string def load_certificate(user_certificate): """Import a certificate in DER format""" -- 1.7.10.4 From b8b97f3a0f3f3c4a703f6ae4f4e342fa59ee1591 Mon Sep 17 00:00:00 2001 Message-Id: In-Reply-To: References: From: Philipp Hahn Date: Fri, 15 Mar 2013 19:48:34 +0100 Subject: [PATCH 04/13] Bug #25279: Shorten univention.debug Organization: Univention GmbH, Bremen, Germany Use ud. instead of univention.debug. --- .../univention/admin/handlers/users/user.py | 92 ++++++++++---------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py index c3140f8..4868e85 100644 --- a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py +++ b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py @@ -57,7 +57,7 @@ import univention.admin.uldap import univention.admin.mungeddial as mungeddial import univention.admin.handlers.settings.prohibited_username -import univention.debug +import univention.debug as ud import univention.password translation=univention.admin.localization.translation('univention.admin.handlers.users') @@ -1003,11 +1003,11 @@ def posixDaysToDate(days): return time.strftime("%Y-%m-%d",time.gmtime(long(days)*3600*24)) def sambaWorkstationsMap(workstations): - univention.debug.debug(univention.debug.ADMIN, univention.debug.ALL, 'samba: sambaWorkstationMap: in=%s; out=%s' % (workstations,string.join(workstations, ','))) + ud.debug(ud.ADMIN, ud.ALL, 'samba: sambaWorkstationMap: in=%s; out=%s' % (workstations,string.join(workstations, ','))) return string.join(workstations, ',') def sambaWorkstationsUnmap(workstations): - univention.debug.debug(univention.debug.ADMIN, univention.debug.ALL, 'samba: sambaWorkstationUnmap: in=%s; out=%s' % (workstations[0],string.split(workstations[0],','))) + ud.debug(ud.ADMIN, ud.ALL, 'samba: sambaWorkstationUnmap: in=%s; out=%s' % (workstations[0],string.split(workstations[0],','))) return string.split(workstations[0],',') def logonHoursMap(logontimes): @@ -1173,7 +1173,7 @@ def load_certificate(user_certificate): elif re.match('^emailAddress=', i): value['certificateSubjectMail']=string.split(i, '=')[1] - univention.debug.debug(univention.debug.ADMIN, univention.debug.ERROR, 'value=%s' % value) + ud.debug(ud.ADMIN, ud.ERROR, 'value=%s' % value) return value def mapHomePostalAddress(old): @@ -1244,7 +1244,7 @@ def unmapBase64( value ): try: return base64.encodestring( value[ 0 ] ) except Exception, e: - univention.debug.debug(univention.debug.ADMIN, univention.debug.ERROR, 'ERROR in users.user.mapBase64(): %s' % e) + ud.debug(ud.ADMIN, ud.ERROR, 'ERROR in users.user.mapBase64(): %s' % e) return "" def mapBase64( value ): @@ -1254,7 +1254,7 @@ def mapBase64( value ): try: return base64.decodestring( value ) except Exception, e: - univention.debug.debug(univention.debug.ADMIN, univention.debug.ERROR, 'ERROR in users.user.mapBase64(): %s' % e) + ud.debug(ud.ADMIN, ud.ERROR, 'ERROR in users.user.mapBase64(): %s' % e) return "" mapping.register('userCertificate', 'userCertificate;binary', mapBase64, unmapBase64 ) @@ -1360,7 +1360,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): if options[opt].matches(ocs): self.options.append(opt) else: - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'users/user.py: reset options to default by _define_options' ) + ud.debug(ud.ADMIN, ud.INFO, 'users/user.py: reset options to default by _define_options' ) self._define_options( options ) if 'posix' in self.options: @@ -1370,25 +1370,25 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): # shadowExpire contains the absolute date to expire the account. if 'shadowExpire' in self.oldattr and len(self.oldattr['shadowExpire']) > 0 : - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'userexpiry: %s' % posixDaysToDate(self.oldattr['shadowExpire'][0])) + ud.debug(ud.ADMIN, ud.INFO, 'userexpiry: %s' % posixDaysToDate(self.oldattr['shadowExpire'][0])) if self.oldattr['shadowExpire'][0] != '1': self.info['userexpiry'] = posixDaysToDate(self.oldattr['shadowExpire'][0]) if 'shadowLastChange' in self.oldattr and 'shadowMax' in self.oldattr and len(self.oldattr['shadowLastChange']) > 0 and len(self.oldattr['shadowMax']) > 0: try: self.info['passwordexpiry'] = posixDaysToDate(int(self.oldattr['shadowLastChange'][0]) + int(self.oldattr['shadowMax'][0])) except: - univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'users/user: failed to calculate password expiration correctly, use only shadowMax instead') + ud.debug(ud.ADMIN, ud.WARN, 'users/user: failed to calculate password expiration correctly, use only shadowMax instead') self.info['passwordexpiry'] = posixDaysToDate(int(self.oldattr['shadowMax'][0])) if 'kerberos' in self.options: if self.oldattr.has_key('krb5ValidEnd'): krb5validend=self.oldattr['krb5ValidEnd'][0] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'krb5validend is: %s' % + ud.debug(ud.ADMIN, ud.INFO, 'krb5validend is: %s' % krb5validend) self.info['userexpiry']="%s-%s-%s"%(krb5validend[0:4],krb5validend[4:6],krb5validend[6:8]) elif 'samba' in self.options: if self.oldattr.has_key('sambaKickoffTime'): - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'sambaKickoffTime is: %s' % + ud.debug(ud.ADMIN, ud.INFO, 'sambaKickoffTime is: %s' % self.oldattr['sambaKickoffTime'][0]) self.info['userexpiry']=time.strftime("%Y-%m-%d",time.gmtime(long(self.oldattr['sambaKickoffTime'][0])+(3600*24))) @@ -1404,8 +1404,8 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): # FIXME: we should NEVER catch all exceptions except Exception, e: # at least write some debuging output.. - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Caught exception: %s' % e ) - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Continuing without dn..') + ud.debug(ud.ADMIN, ud.INFO, 'Caught exception: %s' % e ) + ud.debug(ud.ADMIN, ud.INFO, 'Continuing without dn..') self.dn=None return @@ -1418,8 +1418,8 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): self['lastname']=sn except Exception, e: # FIXME: we should NEVER catch all exceptions # at least write some debuging output.. - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Caught exception: %s' % e ) - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'Continuing without dn..') + ud.debug(ud.ADMIN, ud.INFO, 'Caught exception: %s' % e ) + ud.debug(ud.ADMIN, ud.INFO, 'Continuing without dn..') self.dn=None return @@ -1461,7 +1461,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): self['groups']=self.lo.searchDn(filter='(&(cn=*)(|(objectClass=univentionGroup)(objectClass=sambaGroupMapping))(uniqueMember=%s))' % univention.admin.filter.escapeForLdapFilter(self.dn)) else: self.groupsLoaded=0 - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'user: open with loadGroups=false for user %s'%self['username']) + ud.debug(ud.ADMIN, ud.INFO, 'user: open with loadGroups=false for user %s'%self['username']) primaryGroupNumber=self.oldattr.get('gidNumber',[''])[0] if primaryGroupNumber: primaryGroupResult=self.lo.searchDn('(&(cn=*)(|(objectClass=posixGroup)(objectClass=sambaGroupMapping))(gidNumber='+primaryGroupNumber+'))') @@ -1477,7 +1477,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): except: primaryGroup = None - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'user: could not find primaryGroup, setting primaryGroup to %s' % primaryGroup) + ud.debug(ud.ADMIN, ud.INFO, 'user: could not find primaryGroup, setting primaryGroup to %s' % primaryGroup) self['primaryGroup']=primaryGroup self.newPrimaryGroupDn=primaryGroup @@ -1689,26 +1689,26 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): # change memberUid if we have a new username if not old_uid == new_uid and self.exists(): - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'users/user: rewrite memberuid after rename') + ud.debug(ud.ADMIN, ud.INFO, 'users/user: rewrite memberuid after rename') for group in new_groups: self.__rewrite_member_uid( group ) group_mod = univention.admin.modules.get('groups/group') - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'users/user: check groups in old_groups') + ud.debug(ud.ADMIN, ud.INFO, 'users/user: check groups in old_groups') for group in old_groups: if group and not case_insensitive_in_list(group, self.info.get('groups', [])) and group.lower() != self['primaryGroup'].lower(): grpobj = group_mod.object(None, self.lo, self.position, group) grpobj.fast_member_remove( [ self.dn ], [ old_uid ] ) - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'users/user: check groups in info[groups]') + ud.debug(ud.ADMIN, ud.INFO, 'users/user: check groups in info[groups]') for group in self.info.get('groups', []): if group and not case_insensitive_in_list(group, old_groups): grpobj = group_mod.object(None, self.lo, self.position, group) grpobj.fast_member_add( [ self.dn ], [ new_uid ] ) if univention.admin.baseConfig.is_true("directory/manager/user/primarygroup/update", True): - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'users/user: check primaryGroup') + ud.debug(ud.ADMIN, ud.INFO, 'users/user: check primaryGroup') if not self.exists() and self.info.get('primaryGroup'): grpobj = group_mod.object(None, self.lo, self.position, self.info.get('primaryGroup')) grpobj.fast_member_add( [ self.dn ], [ new_uid ] ) @@ -1727,7 +1727,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): if UIDs: new_uids.append(UIDs[0]) if len(UIDs) > 1: - univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'users/user: A groupmember has multiple UIDs (%s %s)' % (memberDNstr, repr(uid_list))) + ud.debug(ud.ADMIN, ud.WARN, 'users/user: A groupmember has multiple UIDs (%s %s)' % (memberDNstr, repr(uid_list))) self.lo.modify(group, [ ( 'memberUid', uids, new_uids ) ] ) def __primary_group(self): @@ -1751,19 +1751,19 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): searchResult=self.lo.search(base=self.oldinfo['primaryGroup'], attr=['gidNumber']) for tmp,number in searchResult: oldPrimaryGroup = number['gidNumber'] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'users/user: set gidNumber by oldinfo') + ud.debug(ud.ADMIN, ud.INFO, 'users/user: set gidNumber by oldinfo') self.lo.modify(self.dn, [('gidNumber',oldPrimaryGroup[0], primaryGroupNumber[0])]) if 'samba' in self.options: - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'users/user: set sambaPrimaryGroupSID by oldinfo') + ud.debug(ud.ADMIN, ud.INFO, 'users/user: set sambaPrimaryGroupSID by oldinfo') self.lo.modify(self.dn, [('sambaPrimaryGroupSID',oldPrimaryGroup[0], primaryGroupSambaNumber[0])]) else: searchResult=self.lo.search(base=self.dn, scope='base', attr=['gidNumber']) for tmp,number in searchResult: oldNumber = number['gidNumber'] - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'users/user: set gidNumber') + ud.debug(ud.ADMIN, ud.INFO, 'users/user: set gidNumber') self.lo.modify(self.dn, [('gidNumber',oldNumber, primaryGroupNumber[0])]) if 'samba' in self.options: - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'users/user: set sambaPrimaryGroupSID') + ud.debug(ud.ADMIN, ud.INFO, 'users/user: set sambaPrimaryGroupSID') self.lo.modify(self.dn, [('sambaPrimaryGroupSID',oldNumber, primaryGroupSambaNumber[0])]) @@ -1772,7 +1772,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): group_mod = univention.admin.modules.get('groups/group') grpobj = group_mod.object(None, self.lo, self.position, self.newPrimaryGroupDn) grpobj.fast_member_add( [ self.dn ], [ new_uid ] ) - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'users/user: adding to new primaryGroup %s (uid=%s)' % (self.newPrimaryGroupDn, new_uid)) + ud.debug(ud.ADMIN, ud.INFO, 'users/user: adding to new primaryGroup %s (uid=%s)' % (self.newPrimaryGroupDn, new_uid)) self.save() @@ -1782,10 +1782,10 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): return self['username']+'@'+realm def _ldap_pre_create(self): - _d=univention.debug.function('admin.handlers.users.user.object._ldap_pre_create') + _d=ud.function('admin.handlers.users.user.object._ldap_pre_create') self.dn='uid=%s,%s' % ( self['username'], self.position.getDn()) - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'users/user: dn was set to %s'%self.dn) + ud.debug(ud.ADMIN, ud.INFO, 'users/user: dn was set to %s'%self.dn) if not self['password']: self['password']=self.oldattr.get('password',[''])[0] self.modifypassword=0 @@ -1990,16 +1990,16 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): sambaPwdLastSetValue = '' # if is filled, it will be added to ml in the end if self.options != self.old_options: - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'options: %s' % self.options) - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'old_options: %s' % self.old_options) + ud.debug(ud.ADMIN, ud.INFO, 'options: %s' % self.options) + ud.debug(ud.ADMIN, ud.INFO, 'old_options: %s' % self.old_options) # pki option add / remove if 'pki' in self.options and not 'pki' in self.old_options: - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'added pki option') + ud.debug(ud.ADMIN, ud.INFO, 'added pki option') ocs=self.oldattr.get('objectClass', []) if not 'pkiUser' in ocs: ml.insert(0, ('objectClass', '', 'pkiUser')) if not 'pki' in self.options and 'pki' in self.old_options: - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'remove pki option') + ud.debug(ud.ADMIN, ud.INFO, 'remove pki option') ocs=self.oldattr.get('objectClass', []) if 'pkiUser' in ocs: ml.insert(0, ('objectClass', 'pkiUser', '')) @@ -2007,13 +2007,13 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): ml=self._remove_attr(ml,attr) # ldap_pwd option add / remove if 'ldap_pwd' in self.options and not 'ldap_pwd' in self.old_options: - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'added ldap_pwd option') + ud.debug(ud.ADMIN, ud.INFO, 'added ldap_pwd option') ocs=self.oldattr.get('objectClass', []) if not 'simpleSecurityObject' in ocs: ml.insert(0, ('objectClass', '', 'simpleSecurityObject')) ml.insert(0, ('objectClass', '', 'uidObject')) if not 'ldap_pwd' in self.options and 'ldap_pwd' in self.old_options: - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'remove ldap_pwd option') + ud.debug(ud.ADMIN, ud.INFO, 'remove ldap_pwd option') ocs=self.oldattr.get('objectClass', []) if 'simpleSecurityObject' in ocs: ml.insert(0, ('objectClass', 'simpleSecurityObject', '')) @@ -2114,7 +2114,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): shadowLastChangeValue = str(int(now)) - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'shadowMax: %s' % shadowMax) + ud.debug(ud.ADMIN, ud.INFO, 'shadowMax: %s' % shadowMax) old_shadowMax=self.oldattr.get('shadowMax', '') if old_shadowMax != shadowMax: ml.append(('shadowMax',self.oldattr.get('shadowMax', [''])[0], shadowMax)) @@ -2130,7 +2130,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): krb5PasswordEnd='' else: krb5PasswordEnd="%s" % "20"+expiry[6:8]+expiry[3:5]+expiry[0:2]+"000000Z" - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'krb5PasswordEnd: %s' % krb5PasswordEnd) + ud.debug(ud.ADMIN, ud.INFO, 'krb5PasswordEnd: %s' % krb5PasswordEnd) old_krb5PasswordEnd=self.oldattr.get('krb5PasswordEnd', '') if old_krb5PasswordEnd != krb5PasswordEnd: ml.append(('krb5PasswordEnd',self.oldattr.get('krb5PasswordEnd', [''])[0], krb5PasswordEnd)) @@ -2271,7 +2271,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): shadowExpire='' if self['userexpiry']: shadowExpire="%d" % long(time.mktime(time.strptime(self['userexpiry'],"%d.%m.%y"))/3600/24+1) - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'shadowExpire: %s' % shadowExpire) + ud.debug(ud.ADMIN, ud.INFO, 'shadowExpire: %s' % shadowExpire) old_shadowExpire=self.oldattr.get('shadowExpire', '') if old_shadowExpire != shadowExpire: ml.append(('shadowExpire',self.oldattr.get('shadowExpire', [''])[0], shadowExpire)) @@ -2279,7 +2279,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): sambaKickoffTime='' if self['userexpiry']: sambaKickoffTime="%d" % long(time.mktime(time.strptime(self['userexpiry'],"%d.%m.%y"))) - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'sambaKickoffTime: %s' % sambaKickoffTime) + ud.debug(ud.ADMIN, ud.INFO, 'sambaKickoffTime: %s' % sambaKickoffTime) old_sambaKickoffTime=self.oldattr.get('sambaKickoffTime', '') if old_sambaKickoffTime != sambaKickoffTime: ml.append(('sambaKickoffTime',self.oldattr.get('sambaKickoffTime', [''])[0], sambaKickoffTime)) @@ -2287,7 +2287,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): krb5ValidEnd='' if self['userexpiry']: krb5ValidEnd="%s" % "20"+self['userexpiry'][6:8]+self['userexpiry'][3:5]+self['userexpiry'][0:2]+"000000Z" - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'krb5ValidEnd: %s' % krb5ValidEnd) + ud.debug(ud.ADMIN, ud.INFO, 'krb5ValidEnd: %s' % krb5ValidEnd) old_krb5ValidEnd=self.oldattr.get('krb5ValidEnd', '') if old_krb5ValidEnd != krb5ValidEnd: if not self['userexpiry']: @@ -2331,7 +2331,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): if 'kerberos' in self.options: expiry=time.strftime("%d.%m.%y",time.gmtime((long(time.time())))) krb5PasswordEnd="%s" % "20"+expiry[6:8]+expiry[3:5]+expiry[0:2]+"000000Z" - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'krb5PasswordEnd: %s' % krb5PasswordEnd) + ud.debug(ud.ADMIN, ud.INFO, 'krb5PasswordEnd: %s' % krb5PasswordEnd) old_krb5PasswordEnd=self.oldattr.get('krb5PasswordEnd', '') if old_krb5PasswordEnd != krb5PasswordEnd: ml.append(('krb5PasswordEnd',self.oldattr.get('krb5PasswordEnd', [''])[0], krb5PasswordEnd)) @@ -2358,7 +2358,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): now=(long(time.time())/3600/24) shadowLastChangeValue = str(int(now)) - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'shadowMax: %s' % shadowMax) + ud.debug(ud.ADMIN, ud.INFO, 'shadowMax: %s' % shadowMax) old_shadowMax=self.oldattr.get('shadowMax', [''])[0] if old_shadowMax != shadowMax: ml.append(('shadowMax', old_shadowMax, shadowMax)) @@ -2367,7 +2367,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): if 'samba' in self.options: sambaPwdLastSetValue = str(long(time.time())) # transfered into ml below - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'sambaPwdLastSetValue: %s' % sambaPwdLastSetValue) + ud.debug(ud.ADMIN, ud.INFO, 'sambaPwdLastSetValue: %s' % sambaPwdLastSetValue) # 4. set kerberos attribute if 'kerberos' in self.options: @@ -2376,7 +2376,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): else: expiry=time.strftime("%d.%m.%y",time.gmtime((long(time.time()) + (expiryInterval*3600*24)))) krb5PasswordEnd="%s" % "20"+expiry[6:8]+expiry[3:5]+expiry[0:2]+"000000Z" - univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'krb5PasswordEnd: %s' % krb5PasswordEnd) + ud.debug(ud.ADMIN, ud.INFO, 'krb5PasswordEnd: %s' % krb5PasswordEnd) old_krb5PasswordEnd=self.oldattr.get('krb5PasswordEnd', [''])[0] if old_krb5PasswordEnd != krb5PasswordEnd: ml.append(('krb5PasswordEnd',old_krb5PasswordEnd, krb5PasswordEnd)) @@ -2393,9 +2393,9 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): else: try: self.alloc.append( ( 'mailPrimaryAddress', self[ 'mailPrimaryAddress' ] ) ) - univention.debug.debug( univention.debug.ADMIN, univention.debug.INFO, "LOCKING: %s" % self[ 'mailPrimaryAddress' ] ) + ud.debug( ud.ADMIN, ud.INFO, "LOCKING: %s" % self[ 'mailPrimaryAddress' ] ) univention.admin.allocators.request( self.lo, self.position, 'mailPrimaryAddress', value = self[ 'mailPrimaryAddress' ] ) - univention.debug.debug( univention.debug.ADMIN, univention.debug.INFO, "LOCKING DONE: %s" % self[ 'mailPrimaryAddress' ] ) + ud.debug( ud.ADMIN, ud.INFO, "LOCKING DONE: %s" % self[ 'mailPrimaryAddress' ] ) except univention.admin.uexceptions.noLock: self.cancel() raise univention.admin.uexceptions.mailAddressUsed -- 1.7.10.4 From 6c43e26f8300d7693c0f35ba838b19e4ac4c100a Mon Sep 17 00:00:00 2001 Message-Id: <6c43e26f8300d7693c0f35ba838b19e4ac4c100a.1363595740.git.hahn@univention.de> In-Reply-To: References: From: Philipp Hahn Date: Fri, 15 Mar 2013 19:33:04 +0100 Subject: [PATCH 05/13] Bug #25279: Simplify string handling Organization: Univention GmbH, Bremen, Germany string.join(_, '_') -> '_'.join(_) string.split(_, '_') -> _.split('_') string.find(_, '_') -> _.find('_') --- .../univention/admin/handlers/users/user.py | 120 +++++++++----------- 1 file changed, 55 insertions(+), 65 deletions(-) diff --git a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py index 4868e85..2e7d469 100644 --- a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py +++ b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py @@ -1003,12 +1003,14 @@ def posixDaysToDate(days): return time.strftime("%Y-%m-%d",time.gmtime(long(days)*3600*24)) def sambaWorkstationsMap(workstations): - ud.debug(ud.ADMIN, ud.ALL, 'samba: sambaWorkstationMap: in=%s; out=%s' % (workstations,string.join(workstations, ','))) - return string.join(workstations, ',') + tmp = ','.join(workstations) + ud.debug(ud.ADMIN, ud.ALL, 'samba: sambaWorkstationMap: in=%s; out=%s' % (workstations, tmp)) + return tmp def sambaWorkstationsUnmap(workstations): - ud.debug(ud.ADMIN, ud.ALL, 'samba: sambaWorkstationUnmap: in=%s; out=%s' % (workstations[0],string.split(workstations[0],','))) - return string.split(workstations[0],',') + tmp = workstations[0].split(',') + ud.debug(ud.ADMIN, ud.ALL, 'samba: sambaWorkstationUnmap: in=%s; out=%s' % (workstations[0], tmp)) + return tmp def logonHoursMap(logontimes): "converts the bitfield 001110010110...100 to the respective string" @@ -1110,7 +1112,7 @@ def load_certificate(user_certificate): def convert_certdate (certdate): datestring=str(certdate) - dl=string.split(datestring) + dl = datestring.split() month=[None, 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec' ] try: dl[0]=month.index(dl[0]) @@ -1134,44 +1136,41 @@ def load_certificate(user_certificate): if not serial: return {} - - value={} - - value['certificateDateNotBefore']=convert_certdate(not_before) - value['certificateDateNotAfter']=convert_certdate(not_after) - value['certificateVersion']=str(version) - value['certificateSerial']=str(serial) - + ATTR = { + "C": "Country", + "ST": "State", + "L": "Location", + "O": "Organisation", + "OU": "OrganisationalUnit", + "CN": "CommonName", + "emailAddress": "Mail", + }[key] + value = { + 'certificateDateNotBefore': convert_certdate(not_before), + 'certificateDateNotAfter': convert_certdate(not_after), + 'certificateVersion': str(version), + 'certificateSerial': str(serial), + } for i in issuer.split('/'): - if re.match('^C=', i): - value['certificateIssuerCountry']=string.split(i, '=')[1] - elif re.match('^ST=', i): - value['certificateIssuerState']=string.split(i, '=')[1] - elif re.match('^L=', i): - value['certificateIssuerLocation']=string.split(i, '=')[1] - elif re.match('^O=', i): - value['certificateIssuerOrganisation']=string.split(i, '=')[1] - elif re.match('^OU=', i): - value['certificateIssuerOrganisationalUnit']=string.split(i, '=')[1] - elif re.match('^CN=', i): - value['certificateIssuerCommonName']=string.split(i, '=')[1] - elif re.match('^emailAddress=', i): - value['certificateIssuerMail']=string.split(i, '=')[1] + try: + key, val = i.split('=', 1) + except ValueError: + continue + try: + attr = "certificateIssuer%s" % ATTR[key] + except KeyError: + continue + value[attr] = val for i in subject.split('/'): - if re.match('^C=', i): - value['certificateSubjectCountry']=string.split(i, '=')[1] - elif re.match('^ST=', i): - value['certificateSubjectState']=string.split(i, '=')[1] - elif re.match('^L=', i): - value['certificateSubjectLocation']=string.split(i, '=')[1] - elif re.match('^O=', i): - value['certificateSubjectOrganisation']=string.split(i, '=')[1] - elif re.match('^OU=', i): - value['certificateSubjectOrganisationalUnit']=string.split(i, '=')[1] - elif re.match('^CN=', i): - value['certificateSubjectCommonName']=string.split(i, '=')[1] - elif re.match('^emailAddress=', i): - value['certificateSubjectMail']=string.split(i, '=')[1] + try: + key, val = i.split('=', 1) + except ValueError: + continue + try: + attr = "certificateSubject%s" % ATTR[key] + except KeyError: + continue + value[attr] = val ud.debug(ud.ADMIN, ud.ERROR, 'value=%s' % value) return value @@ -1306,17 +1305,13 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): self['disabled']='all' def __is_kerberos_disabled(self): - if self['disabled'] in ['all', 'kerberos', 'posix_kerberos', 'windows_kerberos']: - return True - return False + return self['disabled'] in ('all', 'kerberos', 'posix_kerberos', 'windows_kerberos') + def __is_windows_disabled(self): - if self['disabled'] in ['all', 'windows', 'windows_posix', 'windows_kerberos']: - return True - return False + return self['disabled'] in ('all', 'windows', 'windows_posix', 'windows_kerberos') + def __is_posix_disabled(self): - if self['disabled'] in ( 'all', 'posix', 'posix_kerberos', 'windows_posix' ): - return True - return False + return self['disabled'] in ('all', 'posix', 'posix_kerberos', 'windows_posix') def __pwd_is_auth_saslpassthrough(self, password): if password.startswith('{SASL}') and univention.admin.baseConfig.get('directory/manager/web/modules/users/user/auth/saslpassthrough','no').lower() == 'keep': @@ -1494,9 +1489,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): if self['passwordexpiry']: today=time.strftime('%Y-%m-%d').split('-') expiry=self['passwordexpiry'].split('-') - # expiry.reverse() - # today.reverse() - if int(string.join(today,''))>=int(string.join(expiry,'')): + if int(''.join(today)) >= int(''.join(expiry)): self['pwdChangeNextLogin']='1' if 'samba' in self.options: @@ -2546,20 +2539,17 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): def __passwordInHistory(self, newpassword, pwhistory): # first calc hash for the new pw s = hashlib.sha1( newpassword.encode( 'utf-8' ) ) - newpwhash = string.upper(s.hexdigest()) - if not string.find(pwhistory, newpwhash) < 0: - # password has already been used. - return 1 - return 0 + newpwhash = s.hexdigest().upper() + return pwhistory.find(newpwhash) >= 0 def __getPWHistory(self, newpassword, pwhistory, pwhlen): # first calc hash for the new pw s = hashlib.sha1( newpassword.encode( 'utf-8' ) ) - newpwhash = string.upper(s.hexdigest()) + newpwhash = s.hexdigest().upper() # split the history - if len(string.strip(pwhistory)): - pwlist = string.split(pwhistory, ' ') + if len(pwhistory.strip()): + pwlist = pwhistory.split(' ') else: pwlist = [] @@ -2583,13 +2573,13 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): else: pwlist.append(newpwhash) # and build the new history - res = string.join(pwlist) + res = ' '.join(pwlist) return res def __getsmbPWHistory(self, newpassword, smbpwhistory, smbpwhlen): # split the history - if len(string.strip(smbpwhistory)): - pwlist = string.split(smbpwhistory, ' ') + if len(smbpwhistory.strip()): + pwlist = smbpwhistory.split(' ') else: pwlist = [] @@ -2632,7 +2622,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): pwlist.append(smbpwhash) # and build the new history - res = string.join(pwlist, '') + res = ''.join(pwlist) return res def __generate_user_sid(self, uidNum): -- 1.7.10.4 From e58ef69230f2276bd77c5e7088fbb71eb21fc495 Mon Sep 17 00:00:00 2001 Message-Id: In-Reply-To: References: From: Philipp Hahn Date: Fri, 15 Mar 2013 19:40:50 +0100 Subject: [PATCH 06/13] Bug #25279: Simplify list comprehension Organization: Univention GmbH, Bremen, Germany Simplify mapAddress() Simplify mapKeyAndValue() Simplify unmapKeyAndValue() --- .../univention/admin/handlers/users/user.py | 37 +++++++++++++------- 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py index 2e7d469..17b8cac 100644 --- a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py +++ b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py @@ -1176,12 +1176,19 @@ def load_certificate(user_certificate): return value def mapHomePostalAddress(old): - new=[] - for i in old: - new.append(string.join(i, '$' )) - return new + """Map address to LDAP encoding. + >>> mapHomePostalAddress(["a", "b", "c"]) + 'a$b$c' + """ + return '$'.join(old) def unmapHomePostalAddress(old): + """Expand LDAP encoded address. + >>> unmapHomePostalAddress(['foo']) + [['foo', ' ', ' ']] + >>> unmapHomePostalAddress(['foo$bar$baz']) + [['foo', 'bar', 'baz']] + """ new=[] for i in old: if '$' in i: @@ -1228,16 +1235,18 @@ mapping.register('displayName', 'displayName', None, univention.admin.mapping.Li mapping.register('birthday', 'univentionBirthday', None, univention.admin.mapping.ListToString) def mapKeyAndValue(old): - lst = [] - for entry in old: - lst.append( '%s=%s' % (entry[0], entry[1]) ) - return lst + """Map (key, value) list to key=value list. + >>> mapKeyAndValue([("a", "b")]) + ['a=b'] + """ + return ["%s=%s" % tuple(entry) for entry in old] def unmapKeyAndValue(old): - lst = [] - for entry in old: - lst.append( entry.split('=', 1) ) - return lst + """Map (key=value) list to (key, value) list. + >>> unmapKeyAndValue(["a=b"]) + [('a', 'b')] + """ + return [tuple(entry.split('=', 1)) for entry in old] def unmapBase64( value ): try: @@ -2786,3 +2795,7 @@ def identify(dn, attr, canonical=0): and not '$' in attr.get('uid',[]) and not 'univentionHost' in attr.get('objectClass', []) ) + +if __name__ == '__main__': + import doctest + doctest.testmod() -- 1.7.10.4 From 4c2ac16f94490bb9d1033ceaf2a6eaaaaf121250 Mon Sep 17 00:00:00 2001 Message-Id: <4c2ac16f94490bb9d1033ceaf2a6eaaaaf121250.1363595740.git.hahn@univention.de> In-Reply-To: References: From: Philipp Hahn Date: Fri, 15 Mar 2013 19:59:16 +0100 Subject: [PATCH 07/13] Bug #28496: Simplify samba-logonhour Organization: Univention GmbH, Bremen, Germany Fix possible infinite loop --- .../univention/admin/handlers/users/user.py | 85 +++++--------------- 1 file changed, 18 insertions(+), 67 deletions(-) diff --git a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py index 17b8cac..b855c3c 100644 --- a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py +++ b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py @@ -1013,77 +1013,28 @@ def sambaWorkstationsUnmap(workstations): return tmp def logonHoursMap(logontimes): - "converts the bitfield 001110010110...100 to the respective string" - - # convert list of bit numbers to bit-string - # bitstring = '0' * 168 - bitstring = ''.join( map( lambda x: x in logontimes and '1' or '0', range( 168 ) ) ) - - # for idx in logontimes: - # bitstring[ idx ] = '1' - - logontimes = bitstring - + """Converts array of bits set to an hex-string.""" + octets = [0] * (24 * 7 / 8) # the order of the bits of each byte has to be reversed. The reason for this is that - # consecutive bytes mean consecutive 8-hrs-intervals, but the leftmost bit stands for - # the last hour in that interval, the 2nd but leftmost bit for the second-but-last + # consecutive bytes mean consecutive 8-hrs-intervals, but the MSB stands for + # the last hour in that interval, the 2nd leftmost bit for the second-to-last # hour and so on. We want to hide this from anybody using this feature. - # See http://ma.ph-freiburg.de/tng/tng-technical/2003-04/msg00015.html for details. - - newtimes = "" - for i in range(0,21): - bitlist=list(logontimes[(i*8):(i*8)+8]) - bitlist.reverse() - newtimes+="".join(bitlist) - logontimes = newtimes - - # create a hexnumber from each 8-bit-segment - ret="" - for i in range(0,21): - val=0 - exp=7 - for j in range((i*8), (i*8)+8): - if not (logontimes[j]=="0"): - val+=2**exp - exp-=1 - # we now have: 0<=val<=255 - hx=hex(val)[2:4] - if len(hx)==1: hx="0"+hx - ret+=hx - - return ret + # See for details. + for hour in logontimes: + idx, bit = divmod(hour, 8) + octets[idx] |= 1 << bit + return ''.join(['%02x' % _ for _ in octets]) def logonHoursUnmap(logontimes): - "converts the string to a bit array" - - times=logontimes[0][:42] - while len(times)<42: - times=times - ret="" - for i in range(0,42,2): - val=int(times[i:i+2],16) - ret+=intToBinary(val) - - # reverse order of the bits in each byte. See above for details - newtime = "" - for i in range(0, 21): - bitlist=list(ret[(i*8):(i*8)+8]) - bitlist.reverse() - newtime+="".join(bitlist) - - # convert bit-string to list - return filter( lambda i: newtime[ i ] == '1', range( 168 ) ) - -def intToBinary(val): - ret="" - while val>0: - ret=str(val&1)+ret - val=val>>1 - # pad with leading 0s until length is n*8 - if ret=="": ret="0" - while not (len(ret)%8==0): - ret="0"+ret - return ret + """Converts hex-string to an array of bits set.""" + times = logontimes[0].ljust(42, '0')[:42] + assert len(times) == 24 * 7 / 4 + octets = [int(times[i : i + 2], 16) for i in range(0, len(times), 2)] + assert len(octets) == 24 * 7 / 8 + return [idx * 8 + bit + for (idx, value) in enumerate(octets) + for bit in range(8) + if value & (1 << bit)] def GMTOffset(): # returns the difference in hours between local time and GMT (is -1 for CET and CEST) -- 1.7.10.4 From 743c09b7cb1e87ca249fed73bd62e4fb9037af97 Mon Sep 17 00:00:00 2001 Message-Id: <743c09b7cb1e87ca249fed73bd62e4fb9037af97.1363595740.git.hahn@univention.de> In-Reply-To: References: From: Philipp Hahn Date: Fri, 15 Mar 2013 20:37:50 +0100 Subject: [PATCH 08/13] Bug #25279: simplify __getPwHistory Organization: Univention GmbH, Bremen, Germany Code refacturing --- .../univention/admin/handlers/users/user.py | 89 ++++++++------------ 1 file changed, 35 insertions(+), 54 deletions(-) diff --git a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py index b855c3c..ca481c0 100644 --- a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py +++ b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py @@ -2020,7 +2020,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): return [] if pwhistoryPolicy and pwhistoryPolicy.has_key('length') and pwhistoryPolicy['length']: pwhlen = int(pwhistoryPolicy['length']) - newPWHistory = self.__getPWHistory(self['password'], pwhistory, pwhlen) + newPWHistory = object.__getPWHistory(self['password'], pwhistory, pwhlen) ml.append(('pwhistory', self.oldattr.get('pwhistory', [''])[0], newPWHistory)) if pwhistoryPolicy != None and pwhistoryPolicy['pwLength'] != None and pwhistoryPolicy['pwLength'] != 0 and self['overridePWLength'] != '1': if len(self['password']) < int(pwhistoryPolicy['pwLength']): @@ -2502,39 +2502,33 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): newpwhash = s.hexdigest().upper() return pwhistory.find(newpwhash) >= 0 - def __getPWHistory(self, newpassword, pwhistory, pwhlen): - # first calc hash for the new pw - s = hashlib.sha1( newpassword.encode( 'utf-8' ) ) - newpwhash = s.hexdigest().upper() - - # split the history - if len(pwhistory.strip()): - pwlist = pwhistory.split(' ') - else: - pwlist = [] - + @staticmethod + def __getPWHistory(newpassword, pwhistory, pwhlen): + """Save history of previopusly used passwords. + >>> object.__getPWHistory("a", "b", 0) + "b" + >>> object.__getPWHistory("a", "", 1) + "86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8" + >>> object.__getPWHistory("a", "b", 1) + "86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8" + >>> object.__getPWHistory("a", "b", 2) + "b 86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8" + """ #this preserves a temporary disabled history if pwhlen > 0: - if len(pwlist) < pwhlen: - pwlist.append(newpwhash) - else: - # calc entries to cut out - cut = 1 + len(pwlist) - pwhlen - pwlist[0:cut] = [] - if pwhlen > 1: - # and append to shortened history - pwlist.append(newpwhash) - else: - # or replace the history completely - if len(pwlist) > 0: - pwlist[0] = newpwhash - # just to be sure... - pwlist[1:] = [] - else: - pwlist.append(newpwhash) - # and build the new history - res = ' '.join(pwlist) - return res + # first calc hash for the new pw + s = hashlib.sha1(newpassword.encode('utf-8')) + newpwhash = s.hexdigest().upper() + + # split the history + pwlist = pwhistory.strip().split(' ') + # append new hash + pwlist.append(newpwhash) + # strip old hashes + pwlist = pwlist[-pwhlen:] + # build histroy + pwhistory = ' '.join(pwlist) + return pwhistory def __getsmbPWHistory(self, newpassword, smbpwhistory, smbpwhlen): # split the history @@ -2562,28 +2556,15 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): pwdhash = hashlib.md5(salt + pwd).hexdigest().upper() smbpwhash = hexsalt+pwdhash - if len(pwlist) < smbpwhlen: - #just append - pwlist.append(smbpwhash) - else: - #calc entries to cut out - cut = 1 + len(pwlist) - smbpwhlen - pwlist[0:cut] = [] - if smbpwhlen > 1: - #and append to shortened history - pwlist.append(smbpwhash) - else: - # or replace the history completely - if len(pwlist) > 0: - pwlist[0] = smbpwhash - # just to be sure... - pwlist[1:] = [] - else: - pwlist.append(smbpwhash) - - # and build the new history - res = ''.join(pwlist) - return res + # split the history + pwlist = smbpwhistory.strip().split(' ') + # append new hash + pwlist.append(smbpwhash) + # strip old hashes + pwlist = pwlist[-smbpwhlen:] + # build history + smbpwhistory = ''.join(pwlist) + return smbpwhistory def __generate_user_sid(self, uidNum): # TODO: cleanup function -- 1.7.10.4 From c482f369666ba4ef475856b8f31bf96f8bd1597f Mon Sep 17 00:00:00 2001 Message-Id: In-Reply-To: References: From: Philipp Hahn Date: Fri, 15 Mar 2013 21:31:54 +0100 Subject: [PATCH 09/13] Bug #25279: Cleanup password function Organization: Univention GmbH, Bremen, Germany --- .../modules/univention/admin/password.py | 54 +++++++++++--------- 1 file changed, 29 insertions(+), 25 deletions(-) diff --git a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/password.py b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/password.py index c0fd62b..9396a83 100644 --- a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/password.py +++ b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/password.py @@ -30,39 +30,43 @@ # /usr/share/common-licenses/AGPL-3; if not, see # . -import os, heimdal, codecs, types, string, sys +import heimdal import smbpasswd -import univention.config_registry +from univention.config_registry import ConfigRegistry +from crypt import crypt as _crypt -configRegistry=univention.config_registry.ConfigRegistry() +configRegistry = ConfigRegistry() configRegistry.load() def crypt(password): """return crypt hash""" - - valid = ['.', '/', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', - 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', - 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', - 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', - 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1', '2', '3', '4', '5', - '6', '7', '8', '9' ] salt = '' urandom = open("/dev/urandom", "r") for i in xrange(0, 16): # up to 16 bytes of salt are evaluated by crypt(3), overhead is ignored o = ord(urandom.read(1)) - while not o < 256 / len(valid) * len(valid): # make sure not to skew the distribution when using modulo + while not o < 256 / len(crypt.VALID) * len(crypt.VALID): # make sure not to skew the distribution when using modulo o = ord(urandom.read(1)) - salt = salt + valid[(o % len(valid))] + salt = salt + crypt.VALID[(o % len(crypt.VALID))] urandom.close() - import crypt # UCRV - method_id = {'MD5': '1', - 'SHA256': '5', - 'SHA-256': '5', - 'SHA512': '6', - 'SHA-512': '6', - }.get(configRegistry.get('password/hashing/method', 'sha-512').upper(), 6) - return crypt.crypt(password.encode('utf-8'), '$%s$%s$' % (method_id, salt, )) + method = configRegistry.get('password/hashing/method', 'sha-512').upper() + method_id = crypt.METHOD.get(method, 6) + return _crypt(password.encode('utf-8'), '$%s$%s$' % (method_id, salt, )) +crypt.VALID = ( + '.', '/', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', + 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', + 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', + 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', + 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1', '2', '3', '4', '5', + '6', '7', '8', '9', + ) +crypt.METHOD = { + 'MD5': '1', + 'SHA256': '5', + 'SHA-256': '5', + 'SHA512': '6', + 'SHA-512': '6', + } def ntlm(password): """return tuple with NT and LanMan hash""" @@ -77,18 +81,18 @@ def ntlm(password): return (nt, lm) def krb5_asn1(principal, password, krb5_context=None): - list=[] - if type(principal) == types.UnicodeType: + if isinstance(principal, unicode): principal = str( principal ) - if type(password) == types.UnicodeType: + if isinstance(password, unicode): password = str( password ) if not krb5_context: krb5_context = heimdal.context() + result = [] for krb5_etype in krb5_context.get_permitted_enctypes(): if str(krb5_etype) == 'des3-cbc-md5' and configRegistry.is_false('password/krb5/enctype/des3-cbc-md5', True): continue krb5_principal = heimdal.principal(krb5_context, principal) krb5_keyblock = heimdal.keyblock(krb5_context, krb5_etype, password, krb5_principal) krb5_salt = heimdal.salt(krb5_context, krb5_principal) - list.append(heimdal.asn1_encode_key(krb5_keyblock, krb5_salt, 0)) - return list + result.append(heimdal.asn1_encode_key(krb5_keyblock, krb5_salt, 0)) + return result -- 1.7.10.4 From 1ced12ad1ef2bfc77a28803a8dadd6dd418a6a14 Mon Sep 17 00:00:00 2001 Message-Id: <1ced12ad1ef2bfc77a28803a8dadd6dd418a6a14.1363595740.git.hahn@univention.de> In-Reply-To: References: From: Philipp Hahn Date: Fri, 15 Mar 2013 21:39:27 +0100 Subject: [PATCH 10/13] Bug #25279: Simplify hex decode/encode Organization: Univention GmbH, Bremen, Germany Simplify conversion of binary data to hex string back to binary data. --- .../modules/univention/admin/handlers/users/user.py | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py index ca481c0..d40d1b8 100644 --- a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py +++ b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py @@ -2538,16 +2538,11 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): pwlist = [] #calculate the password hash & salt - salt='' urandom = open('/dev/urandom', 'r') #get 16 bytes from urandom for salting our hash - rand = urandom.read(16) - for i in range(0, len(rand)): - salt = salt + '%.2X' % ord(rand[i]) + salt = urandom.read(16) #we have to have that in hex - hexsalt = salt - #and binary for calculating the md5 - salt = self.getbytes(salt) + hexsalt = salt.encode('hex').upper() #we need the ntpwd binary data to pwd = self.getbytes(newpassword) #calculating hash. sored as a 32byte hex in sambePasswordHistory, -- 1.7.10.4 From 75b36086e3a63c0ba08a6254f13a514a14efa99a Mon Sep 17 00:00:00 2001 Message-Id: <75b36086e3a63c0ba08a6254f13a514a14efa99a.1363595740.git.hahn@univention.de> In-Reply-To: References: From: Philipp Hahn Date: Fri, 15 Mar 2013 21:40:38 +0100 Subject: [PATCH 11/13] Bug #25279: Remove getbytes() Organization: Univention GmbH, Bremen, Germany Use .decode('hex') instead of custom function --- .../modules/univention/admin/handlers/users/user.py | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py index d40d1b8..2b83daf 100644 --- a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py +++ b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py @@ -2544,7 +2544,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): #we have to have that in hex hexsalt = salt.encode('hex').upper() #we need the ntpwd binary data to - pwd = self.getbytes(newpassword) + pwd = newpassword.decode('hex') #calculating hash. sored as a 32byte hex in sambePasswordHistory, #syntax like that: [Salt][MD5(Salt+Hash)] # First 16bytes ^ ^ last 16bytes. @@ -2597,11 +2597,6 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): return userSid - def getbytes(self, string): - #return byte values of a string (for smbPWHistory) - bytes = [int(string[i:i+2], 16) for i in xrange(0, len(string), 2)] - return struct.pack("%iB" % len(bytes), *bytes) - def cancel(self): for i,j in self.alloc: univention.admin.allocators.release(self.lo, self.position, i, j) -- 1.7.10.4 From 7c131d6329c940a9274f9c1d9e13701892259ee7 Mon Sep 17 00:00:00 2001 Message-Id: <7c131d6329c940a9274f9c1d9e13701892259ee7.1363595740.git.hahn@univention.de> In-Reply-To: References: From: Philipp Hahn Date: Fri, 15 Mar 2013 21:42:25 +0100 Subject: [PATCH 12/13] Bug #25279: Code cleanup Organization: Univention GmbH, Bremen, Germany Add test cases. Declare methods as static for easier testing. Rename use of Python internal names. Explicitly close open file handle. Remove now unused imports. --- .../univention/admin/handlers/users/user.py | 70 +++++++++++--------- 1 file changed, 39 insertions(+), 31 deletions(-) diff --git a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py index 2b83daf..67ed4d0 100644 --- a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py +++ b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py @@ -32,11 +32,9 @@ import hashlib import os -import string import re import copy import time -import types import struct import tempfile from M2Crypto import X509 @@ -2015,12 +2013,12 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): pwhistoryPolicy = self.loadPolicyObject('policies/pwhistory') if self['overridePWHistory'] != '1': #TODO: if checkbox "override pwhistory" is not set - if self.__passwordInHistory(self['password'], pwhistory): + if object._passwordInHistory(self['password'], pwhistory): raise univention.admin.uexceptions.pwalreadyused return [] if pwhistoryPolicy and pwhistoryPolicy.has_key('length') and pwhistoryPolicy['length']: pwhlen = int(pwhistoryPolicy['length']) - newPWHistory = object.__getPWHistory(self['password'], pwhistory, pwhlen) + newPWHistory = object._getPWHistory(self['password'], pwhistory, pwhlen) ml.append(('pwhistory', self.oldattr.get('pwhistory', [''])[0], newPWHistory)) if pwhistoryPolicy != None and pwhistoryPolicy['pwLength'] != None and pwhistoryPolicy['pwLength'] != 0 and self['overridePWLength'] != '1': if len(self['password']) < int(pwhistoryPolicy['pwLength']): @@ -2132,10 +2130,10 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): sambaPwdLastSetValue = str(long(time.time())) smbpwhistoryPolicy = self.loadPolicyObject('policies/pwhistory') - if smbpwhistoryPolicy != None and smbpwhistoryPolicy['length'] != None: + if smbpwhistoryPolicy and smbpwhistoryPolicy['length'] != None: smbpwhlen = int(pwhistoryPolicy['length']) smbpwhistory=self.oldattr.get('sambaPasswordHistory',[''])[0] - newsmbPWHistory = self.__getsmbPWHistory(password_nt, smbpwhistory, smbpwhlen) + newsmbPWHistory = object._getsmbPWHistory(password_nt, smbpwhistory, smbpwhlen) ml.append(('sambaPasswordHistory', self.oldattr.get('sambaPasswordHistory', [''])[0], newsmbPWHistory)) if 'kerberos' in self.options: @@ -2371,7 +2369,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): ml.insert(0, ('objectClass', '', 'automount')) am_host=share['host'] - if not self['homeSharePath'] or type(self['homeSharePath']) not in [types.StringType, types.UnicodeType]: + if not self['homeSharePath'] or not isinstance(self['homeSharePath'], basestring): raise univention.admin.uexceptions.missingInformation, _('%(homeSharePath)s must be given if %(homeShare)s is given.') % {'homeSharePath' : _('Home share path'), 'homeShare' : _('Home share')} else: am_path = os.path.abspath(os.path.join(share['path'], self['homeSharePath'])) @@ -2496,23 +2494,33 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): self.move_subelements(tmpdn, olddn, subelements, ignore_license) raise - def __passwordInHistory(self, newpassword, pwhistory): + @staticmethod + def _passwordInHistory(newpassword, pwhistory): + """Check if new password was already used. + >>> object._passwordInHistory('a', '') + False + >>> object._passwordInHistory('a', 'b') + False + >>> object._passwordInHistory('a', 'b 86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8') + True + """ # first calc hash for the new pw - s = hashlib.sha1( newpassword.encode( 'utf-8' ) ) + s = hashlib.sha1(newpassword.encode('utf-8')) newpwhash = s.hexdigest().upper() - return pwhistory.find(newpwhash) >= 0 + pwlist = pwhistory.strip().split(' ') + return newpwhash in pwlist @staticmethod - def __getPWHistory(newpassword, pwhistory, pwhlen): + def _getPWHistory(newpassword, pwhistory, pwhlen): """Save history of previopusly used passwords. - >>> object.__getPWHistory("a", "b", 0) - "b" - >>> object.__getPWHistory("a", "", 1) - "86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8" - >>> object.__getPWHistory("a", "b", 1) - "86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8" - >>> object.__getPWHistory("a", "b", 2) - "b 86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8" + >>> object._getPWHistory('a', 'b', 0) + 'b' + >>> object._getPWHistory('a', '', 1) + '86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8' + >>> object._getPWHistory('a', 'b', 1) + '86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8' + >>> object._getPWHistory('a', 'b', 2) + 'b 86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8' """ #this preserves a temporary disabled history if pwhlen > 0: @@ -2530,26 +2538,26 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): pwhistory = ' '.join(pwlist) return pwhistory - def __getsmbPWHistory(self, newpassword, smbpwhistory, smbpwhlen): - # split the history - if len(smbpwhistory.strip()): - pwlist = smbpwhistory.split(' ') - else: - pwlist = [] - + @staticmethod + def _getsmbPWHistory(self, newpassword, smbpwhistory, smbpwhlen): + """Save history of previopusly used passwords. + """ #calculate the password hash & salt urandom = open('/dev/urandom', 'r') - #get 16 bytes from urandom for salting our hash - salt = urandom.read(16) + try: + #get 16 bytes from urandom for salting our hash + salt = urandom.read(16) + finally: + urandom.close() #we have to have that in hex hexsalt = salt.encode('hex').upper() #we need the ntpwd binary data to - pwd = newpassword.decode('hex') + password = newpassword.decode('hex') #calculating hash. sored as a 32byte hex in sambePasswordHistory, #syntax like that: [Salt][MD5(Salt+Hash)] # First 16bytes ^ ^ last 16bytes. - pwdhash = hashlib.md5(salt + pwd).hexdigest().upper() - smbpwhash = hexsalt+pwdhash + pwdhash = hashlib.md5(salt + password).hexdigest().upper() + smbpwhash = hexsalt + pwdhash # split the history pwlist = smbpwhistory.strip().split(' ') -- 1.7.10.4 From fffb75cdc49cc97f02f44c7e7288ccf0b2e9944f Mon Sep 17 00:00:00 2001 Message-Id: In-Reply-To: References: From: Philipp Hahn Date: Sat, 16 Mar 2013 14:01:56 +0100 Subject: [PATCH 13/13] Bug #30722: Fix certificate handling Organization: Univention GmbH, Bremen, Germany Directly access certificate information instead of working on strings. --- .../univention/admin/handlers/users/user.py | 116 ++++++-------------- 1 file changed, 33 insertions(+), 83 deletions(-) diff --git a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py index 67ed4d0..707f7e6 100644 --- a/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py +++ b/branches/ucs-3.1/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py @@ -1041,51 +1041,35 @@ def GMTOffset(): def load_certificate(user_certificate): """Import a certificate in DER format""" - certificate = base64.decodestring( user_certificate ) - - tempf=tempfile.mktemp() - fh=open(tempf,'w') - fh.write( certificate ) - fh.close() - - x509 = X509.load_cert( tempf, format = X509.FORMAT_DER ) - os.unlink( tempf ) - if not x509: + if not user_certificate: return {} - - not_after=x509.get_not_after() - not_before=x509.get_not_before() - - if not not_after or not not_before: - return {} - - def convert_certdate (certdate): - datestring=str(certdate) - dl = datestring.split() - month=[None, 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec' ] - try: - dl[0]=month.index(dl[0]) - except: - return '' - return "%s-%02d-%02d" % ( dl[ 3 ], int( dl[ 0 ] ), int( dl[ 1 ] ) ) - - issuer=str(x509.get_issuer()) - if not issuer: - return {} - - subject=str(x509.get_subject()) - if not subject: - return {} - - version=x509.get_version() - if not version: + try: + certificate = base64.decodestring( user_certificate ) + except base64.binascii.Error, ex: return {} - - serial=x509.get_serial_number() - if not serial: + try: + x509 = X509.load_cert_string(certificate, X509.FORMAT_DER) + + values = { + 'certificateDateNotBefore': x509.get_not_before().get_datetime().date().isoformat(), + 'certificateDateNotAfter': x509.get_not_after().get_datetime().date().isoformat(), + 'certificateVersion': str(x509.get_version()), + 'certificateSerial': str(x509.get_serial_number()), + } + flags = X509.m2.XN_FLAG_SEP_MULTILINE & ~X509.m2.ASN1_STRFLGS_ESC_MSB | X509.m2.ASN1_STRFLGS_UTF8_CONVERT + for entity, prefix in ( + (x509.get_issuer(), "certificateIssuer"), + (x509.get_subject(), "certificateSubject"), + ): + for key, attr in load_certificate.ATTR.items(): + value = getattr(entity, key) + values[prefix + attr] = value + except (X509.X509Error, AttributeError), ex: return {} - ATTR = { + ud.debug(ud.ADMIN, ud.ERROR, 'value=%s' % values) + return values +load_certificate.ATTR = { "C": "Country", "ST": "State", "L": "Location", @@ -1093,36 +1077,7 @@ def load_certificate(user_certificate): "OU": "OrganisationalUnit", "CN": "CommonName", "emailAddress": "Mail", - }[key] - value = { - 'certificateDateNotBefore': convert_certdate(not_before), - 'certificateDateNotAfter': convert_certdate(not_after), - 'certificateVersion': str(version), - 'certificateSerial': str(serial), } - for i in issuer.split('/'): - try: - key, val = i.split('=', 1) - except ValueError: - continue - try: - attr = "certificateIssuer%s" % ATTR[key] - except KeyError: - continue - value[attr] = val - for i in subject.split('/'): - try: - key, val = i.split('=', 1) - except ValueError: - continue - try: - attr = "certificateSubject%s" % ATTR[key] - except KeyError: - continue - value[attr] = val - - ud.debug(ud.ADMIN, ud.ERROR, 'value=%s' % value) - return value def mapHomePostalAddress(old): """Map address to LDAP encoding. @@ -1532,7 +1487,8 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): self.old_options= copy.deepcopy( self.options ) - def __certificate_clean(self): + def reload_certificate(self): + """Reload user certificate.""" self.info['certificateSubjectCountry']='' self.info['certificateSubjectState']='' self.info['certificateSubjectLocation']='' @@ -1551,19 +1507,13 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ): self.info['certificateDateNotAfter']='' self.info['certificateVersion']='' self.info['certificateSerial']='' - self.info['userCertificate']='' - - def reload_certificate(self): - - if self.info.get( 'userCertificate' ): - values=load_certificate(self.info['userCertificate']) - if not values: - self.__certificate_clean() - else: - for i in values.keys(): - self.info[i]=values[i] + certificate = self.info.get('userCertificate') + values = load_certificate(certificate) + if values: + for key, value in values.items(): + self.info[key] = value else: - self.__certificate_clean() + self.info['userCertificate'] = '' def hasChanged(self, key): if key == 'disabled': -- 1.7.10.4