|
42 |
userToGroup = {} # { "user": ["group1", "group2", ], } |
42 |
userToGroup = {} # { "user": ["group1", "group2", ], } |
43 |
groupInfo = {} # { "group1": (23, True, ), } |
43 |
groupInfo = {} # { "group1": (23, True, ), } |
44 |
|
44 |
|
|
|
45 |
logfd = open('/tmp/FOO', 'a+') |
46 |
def debug(msg): |
47 |
print >>logfd, '%s\n' % msg |
45 |
|
48 |
|
46 |
def loadInfo(): |
49 |
def loadInfo(): |
47 |
configRegistry = univention.config_registry.ConfigRegistry() |
50 |
configRegistry = univention.config_registry.ConfigRegistry() |
|
74 |
|
77 |
|
75 |
def getNTPasswordHash(username, stationId): |
78 |
def getNTPasswordHash(username, stationId): |
76 |
'stationId may be None if it was not supplied to the program' |
79 |
'stationId may be None if it was not supplied to the program' |
|
|
80 |
if username.startswith('host/'): |
81 |
username = username.split('/', 1)[1] |
82 |
if '.' in username: |
83 |
username = username.split('.')[0] |
84 |
if not '$' in username: |
85 |
username += '$' |
77 |
groups = userToGroup.get(username) |
86 |
groups = userToGroup.get(username) |
78 |
if groups is None: |
87 |
if groups is None: |
|
|
88 |
debug('1 user = %r' % (username,)) |
89 |
# debug('1 keys = %r' % (userToGroup.keys(),)) |
90 |
debug('1 groups is None') |
79 |
return None |
91 |
return None |
80 |
groups = [groupInfo[group] for group in groups if group in groupInfo] |
92 |
groups = [groupInfo[group] for group in groups if group in groupInfo] |
81 |
if not groups: |
93 |
if not groups: |
|
|
94 |
debug('1 not groups') |
82 |
return None |
95 |
return None |
83 |
(maxPriority, _, ) = max(groups) |
96 |
(maxPriority, _, ) = max(groups) |
84 |
if True not in [wlanEnabled for (priority, wlanEnabled, ) in groups if priority == maxPriority]: |
97 |
if True not in [wlanEnabled for (priority, wlanEnabled, ) in groups if priority == maxPriority]: |
|
|
98 |
debug('1 True not found') |
85 |
return None |
99 |
return None |
86 |
# user is authorized to use the W-LAN, retrieve NT-password-hash from LDAP and return it |
100 |
# user is authorized to use the W-LAN, retrieve NT-password-hash from LDAP and return it |
87 |
result = ldapConnection.search(filter=str(univention.admin.filter.expression('uid', username)), attr=['sambaNTPassword', 'sambaAcctFlags']) |
101 |
result = ldapConnection.search(filter=str(univention.admin.filter.expression('uid', username)), attr=['sambaNTPassword', 'sambaAcctFlags']) |
88 |
if not result: |
102 |
if not result: |
|
|
103 |
debug('1 uid %r not found' % (username,)) |
89 |
return None |
104 |
return None |
90 |
sambaAccountFlags = frozenset(result[0][1]['sambaAcctFlags'][0]) |
105 |
sambaAccountFlags = frozenset(result[0][1]['sambaAcctFlags'][0]) |
91 |
if sambaAccountFlags & DISALLOWED_SAMBA_ACCOUNT_FLAGS: |
106 |
if sambaAccountFlags & DISALLOWED_SAMBA_ACCOUNT_FLAGS: |
|
|
107 |
debug('1 wrong flags') |
92 |
return None |
108 |
return None |
|
|
109 |
debug('1 got hash') |
93 |
return result[0][1]['sambaNTPassword'][0].decode('hex') |
110 |
return result[0][1]['sambaNTPassword'][0].decode('hex') |
94 |
|
111 |
|
95 |
|
112 |
|