|
|
|---|
| 32 |
|
32 |
|
| 33 |
import hashlib |
33 |
import hashlib |
| 34 |
import os |
34 |
import os |
| 35 |
import string |
|
|
| 36 |
import re |
35 |
import re |
| 37 |
import copy |
36 |
import copy |
| 38 |
import time |
37 |
import time |
| 39 |
import types |
|
|
| 40 |
import struct |
38 |
import struct |
| 41 |
import tempfile |
39 |
import tempfile |
| 42 |
from M2Crypto import X509 |
40 |
from M2Crypto import X509 |
|
Lines 193-199
property_descriptions={
|
Link Here
|
|---|
|
|---|
| 193 |
short_description=_('Display name'), |
191 |
short_description=_('Display name'), |
| 194 |
long_description='', |
192 |
long_description='', |
| 195 |
syntax=univention.admin.syntax.string, |
193 |
syntax=univention.admin.syntax.string, |
| 196 |
options=['posix'], |
194 |
options=['person', 'samba'], |
| 197 |
multivalue=0, |
195 |
multivalue=0, |
| 198 |
required=0, |
196 |
required=0, |
| 199 |
may_change=1, |
197 |
may_change=1, |
|
|
|---|
| 888 |
[ 'title', 'firstname', 'lastname'], |
886 |
[ 'title', 'firstname', 'lastname'], |
| 889 |
[ 'username', 'description' ], |
887 |
[ 'username', 'description' ], |
| 890 |
'password', |
888 |
'password', |
| 891 |
[ 'overridePWHistory', 'overridePWLength' ] , |
889 |
[ 'overridePWHistory', 'overridePWLength' ] , |
| 892 |
'mailPrimaryAddress', |
890 |
'mailPrimaryAddress', |
| 893 |
] ), |
891 |
] ), |
| 894 |
Group( _( 'Personal information' ), layout = [ |
892 |
Group( _( 'Personal information' ), layout = [ |
|
Lines 994-1005
def posixDaysToDate(days):
|
Link Here
|
|---|
|
|---|
| 994 |
return time.strftime("%Y-%m-%d",time.gmtime(long(days)*3600*24)) |
992 |
return time.strftime("%Y-%m-%d",time.gmtime(long(days)*3600*24)) |
| 995 |
|
993 |
|
| 996 |
def sambaWorkstationsMap(workstations): |
994 |
def sambaWorkstationsMap(workstations): |
| 997 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.ALL, 'samba: sambaWorkstationMap: in=%s; out=%s' % (workstations,string.join(workstations, ','))) |
995 |
val = ','.join(workstations) |
| 998 |
return string.join(workstations, ',') |
996 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.ALL, 'samba: sambaWorkstationMap: in=%s; out=%s' % (workstations, val)) |
|
|
997 |
return val |
| 999 |
|
998 |
|
| 1000 |
def sambaWorkstationsUnmap(workstations): |
999 |
def sambaWorkstationsUnmap(workstations): |
| 1001 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.ALL, 'samba: sambaWorkstationUnmap: in=%s; out=%s' % (workstations[0],string.split(workstations[0],','))) |
1000 |
val_in = workstations[0] |
| 1002 |
return string.split(workstations[0],',') |
1001 |
val_out = val_in.split(',') |
|
|
1002 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.ALL, 'samba: sambaWorkstationUnmap: in=%s; out=%s' % (val_in, val_out)) |
| 1003 |
return val_out |
| 1003 |
|
1004 |
|
| 1004 |
def logonHoursMap(logontimes): |
1005 |
def logonHoursMap(logontimes): |
| 1005 |
"converts the bitfield 001110010110...100 to the respective string" |
1006 |
"converts the bitfield 001110010110...100 to the respective string" |
|
Lines 1009-1015
def logonHoursMap(logontimes):
|
Link Here
|
|---|
|
|---|
| 1009 |
bitstring = ''.join( map( lambda x: x in logontimes and '1' or '0', range( 168 ) ) ) |
1010 |
bitstring = ''.join( map( lambda x: x in logontimes and '1' or '0', range( 168 ) ) ) |
| 1010 |
|
1011 |
|
| 1011 |
# for idx in logontimes: |
1012 |
# for idx in logontimes: |
| 1012 |
# bitstring[ idx ] = '1' |
1013 |
# bitstring[ idx ] = '1' |
| 1013 |
|
1014 |
|
| 1014 |
logontimes = bitstring |
1015 |
logontimes = bitstring |
| 1015 |
|
1016 |
|
|
Lines 1110-1116
def load_certificate(user_certificate):
|
Link Here
|
|---|
|
|---|
| 1110 |
|
1111 |
|
| 1111 |
def convert_certdate (certdate): |
1112 |
def convert_certdate (certdate): |
| 1112 |
datestring=str(certdate) |
1113 |
datestring=str(certdate) |
| 1113 |
dl=string.split(datestring) |
1114 |
dl = datestring.split() |
| 1114 |
month=[None, 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec' ] |
1115 |
month=[None, 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec' ] |
| 1115 |
try: |
1116 |
try: |
| 1116 |
dl[0]=month.index(dl[0]) |
1117 |
dl[0]=month.index(dl[0]) |
|
Lines 1135-1177
def load_certificate(user_certificate):
|
Link Here
|
|---|
|
|---|
| 1135 |
return {} |
1136 |
return {} |
| 1136 |
|
1137 |
|
| 1137 |
|
1138 |
|
| 1138 |
value={} |
1139 |
value = { |
| 1139 |
|
1140 |
'certificateDateNotBefore': convert_certdate(not_before), |
| 1140 |
value['certificateDateNotBefore']=convert_certdate(not_before) |
1141 |
'certificateDateNotAfter': convert_certdate(not_after), |
| 1141 |
value['certificateDateNotAfter']=convert_certdate(not_after) |
1142 |
'certificateVersion': str(version), |
| 1142 |
value['certificateVersion']=str(version) |
1143 |
'certificateSerial': str(serial), |
| 1143 |
value['certificateSerial']=str(serial) |
1144 |
} |
| 1144 |
|
|
|
| 1145 |
for i in issuer.split('/'): |
1145 |
for i in issuer.split('/'): |
| 1146 |
if re.match('^C=', i): |
1146 |
try: |
| 1147 |
value['certificateIssuerCountry']=string.split(i, '=')[1] |
1147 |
key, val = i.split('=', 1) |
| 1148 |
elif re.match('^ST=', i): |
1148 |
except ValueError: |
| 1149 |
value['certificateIssuerState']=string.split(i, '=')[1] |
1149 |
continue |
| 1150 |
elif re.match('^L=', i): |
1150 |
if key == 'C': |
| 1151 |
value['certificateIssuerLocation']=string.split(i, '=')[1] |
1151 |
value['certificateIssuerCountry'] = val |
| 1152 |
elif re.match('^O=', i): |
1152 |
elif key == 'ST': |
| 1153 |
value['certificateIssuerOrganisation']=string.split(i, '=')[1] |
1153 |
value['certificateIssuerState'] = val |
| 1154 |
elif re.match('^OU=', i): |
1154 |
elif key == 'L': |
| 1155 |
value['certificateIssuerOrganisationalUnit']=string.split(i, '=')[1] |
1155 |
value['certificateIssuerLocation'] = val |
| 1156 |
elif re.match('^CN=', i): |
1156 |
elif key == 'O': |
| 1157 |
value['certificateIssuerCommonName']=string.split(i, '=')[1] |
1157 |
value['certificateIssuerOrganisation'] = val |
| 1158 |
elif re.match('^emailAddress=', i): |
1158 |
elif key == 'OU': |
| 1159 |
value['certificateIssuerMail']=string.split(i, '=')[1] |
1159 |
value['certificateIssuerOrganisationalUnit'] = val |
|
|
1160 |
elif key == 'CN': |
| 1161 |
value['certificateIssuerCommonName'] = val |
| 1162 |
elif key == 'emailAddress': |
| 1163 |
value['certificateIssuerMail'] = val |
| 1160 |
for i in subject.split('/'): |
1164 |
for i in subject.split('/'): |
| 1161 |
if re.match('^C=', i): |
1165 |
try: |
| 1162 |
value['certificateSubjectCountry']=string.split(i, '=')[1] |
1166 |
key, val = i.split('=', 1) |
| 1163 |
elif re.match('^ST=', i): |
1167 |
except ValueError: |
| 1164 |
value['certificateSubjectState']=string.split(i, '=')[1] |
1168 |
continue |
| 1165 |
elif re.match('^L=', i): |
1169 |
if key == 'C': |
| 1166 |
value['certificateSubjectLocation']=string.split(i, '=')[1] |
1170 |
value['certificateSubjectCountry'] = val |
| 1167 |
elif re.match('^O=', i): |
1171 |
elif key == 'ST': |
| 1168 |
value['certificateSubjectOrganisation']=string.split(i, '=')[1] |
1172 |
value['certificateSubjectState'] = val |
| 1169 |
elif re.match('^OU=', i): |
1173 |
elif key == 'L': |
| 1170 |
value['certificateSubjectOrganisationalUnit']=string.split(i, '=')[1] |
1174 |
value['certificateSubjectLocation'] = val |
| 1171 |
elif re.match('^CN=', i): |
1175 |
elif key == 'O': |
| 1172 |
value['certificateSubjectCommonName']=string.split(i, '=')[1] |
1176 |
value['certificateSubjectOrganisation'] = val |
| 1173 |
elif re.match('^emailAddress=', i): |
1177 |
elif key == 'OU': |
| 1174 |
value['certificateSubjectMail']=string.split(i, '=')[1] |
1178 |
value['certificateSubjectOrganisationalUnit'] = val |
|
|
1179 |
elif key == 'CN': |
| 1180 |
value['certificateSubjectCommonName'] = val |
| 1181 |
elif key == 'emailAddress': |
| 1182 |
value['certificateSubjectMail'] = val |
| 1175 |
|
1183 |
|
| 1176 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.ERROR, 'value=%s' % value) |
1184 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.ERROR, 'value=%s' % value) |
| 1177 |
return value |
1185 |
return value |
|
Lines 1179-1185
def load_certificate(user_certificate):
|
Link Here
|
|---|
|
|---|
| 1179 |
def mapHomePostalAddress(old): |
1187 |
def mapHomePostalAddress(old): |
| 1180 |
new=[] |
1188 |
new=[] |
| 1181 |
for i in old: |
1189 |
for i in old: |
| 1182 |
new.append(string.join(i, '$' )) |
1190 |
new.append('$'.join(i)) |
| 1183 |
return new |
1191 |
return new |
| 1184 |
|
1192 |
|
| 1185 |
def unmapHomePostalAddress(old): |
1193 |
def unmapHomePostalAddress(old): |
|
Lines 1472-1478
class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
|
Link Here
|
|---|
|
|---|
| 1472 |
expiry=self['passwordexpiry'].split('-') |
1480 |
expiry=self['passwordexpiry'].split('-') |
| 1473 |
# expiry.reverse() |
1481 |
# expiry.reverse() |
| 1474 |
# today.reverse() |
1482 |
# today.reverse() |
| 1475 |
if int(string.join(today,''))>=int(string.join(expiry,'')): |
1483 |
if int(''.join(today)) >= int(''.join(expiry)): |
| 1476 |
self['pwdChangeNextLogin']='1' |
1484 |
self['pwdChangeNextLogin']='1' |
| 1477 |
|
1485 |
|
| 1478 |
if 'samba' in self.options: |
1486 |
if 'samba' in self.options: |
|
Lines 1859-1865
class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
|
Link Here
|
|---|
|
|---|
| 1859 |
ocs.extend(['organizationalPerson','inetOrgPerson']) |
1867 |
ocs.extend(['organizationalPerson','inetOrgPerson']) |
| 1860 |
if 'ldap_pwd' in self.options: |
1868 |
if 'ldap_pwd' in self.options: |
| 1861 |
ocs.extend(['simpleSecurityObject','uidObject']) |
1869 |
ocs.extend(['simpleSecurityObject','uidObject']) |
| 1862 |
if 'kerberos' in self.options: |
1870 |
if 'kerberos' in self.options: |
| 1863 |
domain=univention.admin.uldap.domain(self.lo, self.position) |
1871 |
domain=univention.admin.uldap.domain(self.lo, self.position) |
| 1864 |
realm=domain.getKerberosRealm() |
1872 |
realm=domain.getKerberosRealm() |
| 1865 |
if realm: |
1873 |
if realm: |
|
Lines 2018-2024
class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
|
Link Here
|
|---|
|
|---|
| 2018 |
pwd_change_next_login=2 |
2026 |
pwd_change_next_login=2 |
| 2019 |
|
2027 |
|
| 2020 |
if self.hasChanged('username'): |
2028 |
if self.hasChanged('username'): |
| 2021 |
if 'kerberos' in self.options: |
2029 |
if 'kerberos' in self.options: |
| 2022 |
ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) |
2030 |
ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()])) |
| 2023 |
|
2031 |
|
| 2024 |
if self.modifypassword: |
2032 |
if self.modifypassword: |
|
Lines 2388-2394
class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
|
Link Here
|
|---|
|
|---|
| 2388 |
ml.insert(0, ('objectClass', '', 'automount')) |
2396 |
ml.insert(0, ('objectClass', '', 'automount')) |
| 2389 |
|
2397 |
|
| 2390 |
am_host=share['host'] |
2398 |
am_host=share['host'] |
| 2391 |
if not self['homeSharePath'] or type(self['homeSharePath']) not in [types.StringType, types.UnicodeType]: |
2399 |
if not self['homeSharePath'] or not isinstance(self['homeSharePath'], basestring): |
| 2392 |
am_path=os.path.join(share['path']) |
2400 |
am_path=os.path.join(share['path']) |
| 2393 |
else: |
2401 |
else: |
| 2394 |
am_path=os.path.join(share['path'], self['homeSharePath']) |
2402 |
am_path=os.path.join(share['path'], self['homeSharePath']) |
|
Lines 2514-2533
class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
|
Link Here
|
|---|
|
|---|
| 2514 |
def __passwordInHistory(self, newpassword, pwhistory): |
2522 |
def __passwordInHistory(self, newpassword, pwhistory): |
| 2515 |
# first calc hash for the new pw |
2523 |
# first calc hash for the new pw |
| 2516 |
s = hashlib.sha1( newpassword.encode( 'utf-8' ) ) |
2524 |
s = hashlib.sha1( newpassword.encode( 'utf-8' ) ) |
| 2517 |
newpwhash = string.upper(s.hexdigest()) |
2525 |
newpwhash = s.hexdigest().upper() |
| 2518 |
if not string.find(pwhistory, newpwhash) < 0: |
2526 |
# check if password has already been used |
| 2519 |
# password has already been used. |
2527 |
return pwhistory.find(newpwhash) < 0 |
| 2520 |
return 1 |
|
|
| 2521 |
return 0 |
| 2522 |
|
2528 |
|
| 2523 |
def __getPWHistory(self, newpassword, pwhistory, pwhlen): |
2529 |
def __getPWHistory(self, newpassword, pwhistory, pwhlen): |
| 2524 |
# first calc hash for the new pw |
2530 |
# first calc hash for the new pw |
| 2525 |
s = hashlib.sha1( newpassword.encode( 'utf-8' ) ) |
2531 |
s = hashlib.sha1( newpassword.encode( 'utf-8' ) ) |
| 2526 |
newpwhash = string.upper(s.hexdigest()) |
2532 |
newpwhash = s.hexdigest().upper() |
| 2527 |
|
2533 |
|
| 2528 |
# split the history |
2534 |
# split the history |
| 2529 |
if len(string.strip(pwhistory)): |
2535 |
if len(pwhistory.strip()): |
| 2530 |
pwlist = string.split(pwhistory, ' ') |
2536 |
pwlist = pwhistory.split(' ') |
| 2531 |
else: |
2537 |
else: |
| 2532 |
pwlist = [] |
2538 |
pwlist = [] |
| 2533 |
|
2539 |
|
|
Lines 2551-2563
class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
|
Link Here
|
|---|
|
|---|
| 2551 |
else: |
2557 |
else: |
| 2552 |
pwlist.append(newpwhash) |
2558 |
pwlist.append(newpwhash) |
| 2553 |
# and build the new history |
2559 |
# and build the new history |
| 2554 |
res = string.join(pwlist) |
2560 |
res = ' '.join(pwlist) |
| 2555 |
return res |
2561 |
return res |
| 2556 |
|
2562 |
|
| 2557 |
def __getsmbPWHistory(self, newpassword, smbpwhistory, smbpwhlen): |
2563 |
def __getsmbPWHistory(self, newpassword, smbpwhistory, smbpwhlen): |
| 2558 |
# split the history |
2564 |
# split the history |
| 2559 |
if len(string.strip(smbpwhistory)): |
2565 |
if len(smbpwhistory.strip()): |
| 2560 |
pwlist = string.split(smbpwhistory, ' ') |
2566 |
pwlist = smbpwhistory.split(' ') |
| 2561 |
else: |
2567 |
else: |
| 2562 |
pwlist = [] |
2568 |
pwlist = [] |
| 2563 |
|
2569 |
|
|
Lines 2600-2606
class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
|
Link Here
|
|---|
|
|---|
| 2600 |
pwlist.append(smbpwhash) |
2606 |
pwlist.append(smbpwhash) |
| 2601 |
|
2607 |
|
| 2602 |
# and build the new history |
2608 |
# and build the new history |
| 2603 |
res = string.join(pwlist, '') |
2609 |
res = ''.join(pwlist) |
| 2604 |
return res |
2610 |
return res |
| 2605 |
|
2611 |
|
| 2606 |
def __generate_user_sid(self, uidNum): |
2612 |
def __generate_user_sid(self, uidNum): |