|
|
|---|
| 42 |
userToGroup = {} # { "user": ["group1", "group2", ], } |
42 |
userToGroup = {} # { "user": ["group1", "group2", ], } |
| 43 |
groupInfo = {} # { "group1": (23, True, ), } |
43 |
groupInfo = {} # { "group1": (23, True, ), } |
| 44 |
|
44 |
|
|
|
45 |
logfd = open('/tmp/FOO', 'a+') |
| 46 |
def debug(msg): |
| 47 |
print >>logfd, '%s\n' % msg |
| 45 |
|
48 |
|
| 46 |
def loadInfo(): |
49 |
def loadInfo(): |
| 47 |
configRegistry = univention.config_registry.ConfigRegistry() |
50 |
configRegistry = univention.config_registry.ConfigRegistry() |
|
|
|---|
| 74 |
|
77 |
|
| 75 |
def getNTPasswordHash(username, stationId): |
78 |
def getNTPasswordHash(username, stationId): |
| 76 |
'stationId may be None if it was not supplied to the program' |
79 |
'stationId may be None if it was not supplied to the program' |
|
|
80 |
if username.startswith('host/'): |
| 81 |
username = username.split('/', 1)[1] |
| 82 |
if '.' in username: |
| 83 |
username = username.split('.')[0] |
| 84 |
if not '$' in username: |
| 85 |
username += '$' |
| 77 |
groups = userToGroup.get(username) |
86 |
groups = userToGroup.get(username) |
| 78 |
if groups is None: |
87 |
if groups is None: |
|
|
88 |
debug('1 user = %r' % (username,)) |
| 89 |
# debug('1 keys = %r' % (userToGroup.keys(),)) |
| 90 |
debug('1 groups is None') |
| 79 |
return None |
91 |
return None |
| 80 |
groups = [groupInfo[group] for group in groups if group in groupInfo] |
92 |
groups = [groupInfo[group] for group in groups if group in groupInfo] |
| 81 |
if not groups: |
93 |
if not groups: |
|
|
94 |
debug('1 not groups') |
| 82 |
return None |
95 |
return None |
| 83 |
(maxPriority, _, ) = max(groups) |
96 |
(maxPriority, _, ) = max(groups) |
| 84 |
if True not in [wlanEnabled for (priority, wlanEnabled, ) in groups if priority == maxPriority]: |
97 |
if True not in [wlanEnabled for (priority, wlanEnabled, ) in groups if priority == maxPriority]: |
|
|
98 |
debug('1 True not found') |
| 85 |
return None |
99 |
return None |
| 86 |
# user is authorized to use the W-LAN, retrieve NT-password-hash from LDAP and return it |
100 |
# user is authorized to use the W-LAN, retrieve NT-password-hash from LDAP and return it |
| 87 |
result = ldapConnection.search(filter=str(univention.admin.filter.expression('uid', username)), attr=['sambaNTPassword', 'sambaAcctFlags']) |
101 |
result = ldapConnection.search(filter=str(univention.admin.filter.expression('uid', username)), attr=['sambaNTPassword', 'sambaAcctFlags']) |
| 88 |
if not result: |
102 |
if not result: |
|
|
103 |
debug('1 uid %r not found' % (username,)) |
| 89 |
return None |
104 |
return None |
| 90 |
sambaAccountFlags = frozenset(result[0][1]['sambaAcctFlags'][0]) |
105 |
sambaAccountFlags = frozenset(result[0][1]['sambaAcctFlags'][0]) |
| 91 |
if sambaAccountFlags & DISALLOWED_SAMBA_ACCOUNT_FLAGS: |
106 |
if sambaAccountFlags & DISALLOWED_SAMBA_ACCOUNT_FLAGS: |
|
|
107 |
debug('1 wrong flags') |
| 92 |
return None |
108 |
return None |
|
|
109 |
debug('1 got hash') |
| 93 |
return result[0][1]['sambaNTPassword'][0].decode('hex') |
110 |
return result[0][1]['sambaNTPassword'][0].decode('hex') |
| 94 |
|
111 |
|
| 95 |
|
112 |
|