133 lines
5.1 KiB
Python
133 lines
5.1 KiB
Python
'''
|
|
VERIDIC - Towards a centralized access control system
|
|
|
|
Copyright (C) 2011 Mikael Ates
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU Affero General Public License as
|
|
published by the Free Software Foundation, either version 3 of the
|
|
License, or (at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU Affero General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Affero General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
'''
|
|
|
|
|
|
import logging
|
|
import ldap
|
|
|
|
from attribute_aggregator.core import get_user_alias_in_source, \
|
|
get_attribute_name_in_namespace
|
|
|
|
|
|
logger = logging.getLogger('acs')
|
|
|
|
|
|
def get_all_attributes(user, definitions=None, **kwargs):
|
|
'''
|
|
Dictionnary format:
|
|
attributes = dict()
|
|
data_from_source = list()
|
|
a1 = dict()
|
|
a1['definition'] = definition_name
|
|
a1['name'] = attribute_name_in_ns
|
|
a1['namespace'] = ns_name
|
|
a1['values'] = list_of_values
|
|
data_from_source.append(a1)
|
|
...
|
|
data_from_source.append(a2)
|
|
attributes[source_name] = data_from_source
|
|
|
|
First attempt on 'definition' key.
|
|
Else, definition is searched by 'name' and 'namespece' keys.
|
|
'''
|
|
if not user:
|
|
logger.error('get_all_attributes: No user provided')
|
|
return None
|
|
logger.debug('get_all_attributes: Searching attributes for user %s' % user)
|
|
|
|
from attribute_aggregator.models import LdapSource
|
|
sources = LdapSource.objects.all()
|
|
if not sources:
|
|
logger.debug('get_all_attributes: No LDAP source configured')
|
|
return None
|
|
|
|
attributes = {}
|
|
|
|
for source in sources:
|
|
logger.debug('get_all_attributes: The LDAP source is known as %s' \
|
|
% source.name)
|
|
|
|
identifier = get_user_alias_in_source(user, source)
|
|
if not identifier:
|
|
logger.error('get_all_attributes: No user identifier known into that \
|
|
source')
|
|
else:
|
|
logger.debug('get_all_attributes: the user is known as %s in source %s' \
|
|
% (identifier, source.name))
|
|
|
|
try:
|
|
l = ldap.open(source.server)
|
|
l.protocol_version = ldap.VERSION3
|
|
username = source.user
|
|
password = source.password
|
|
if username and password:
|
|
l.simple_bind(username, password)
|
|
except ldap.LDAPError, err:
|
|
logger.error('get_all_attributes: an error occured at binding due \
|
|
to %s' % err)
|
|
else:
|
|
base_dn = source.base
|
|
search_scope = ldap.SCOPE_SUBTREE
|
|
retrieve_attributes = None
|
|
if definitions:
|
|
retrieve_attributes = [\
|
|
get_attribute_name_in_namespace(definition,
|
|
'X500') for definition in definitions]
|
|
dn = ldap.dn.explode_dn(identifier,
|
|
flags=ldap.DN_FORMAT_LDAPV3)
|
|
search_filter = dn[0]
|
|
logger.debug('get_all_attributes: rdn is %s' % search_filter)
|
|
|
|
data = []
|
|
try:
|
|
ldap_result_id = l.search(base_dn, search_scope,
|
|
search_filter, retrieve_attributes)
|
|
result_type, result_data = l.result(ldap_result_id, 0)
|
|
logger.debug('get_all_attributes: result %s %s' % (result_type,
|
|
result_data))
|
|
for d, dic in result_data:
|
|
logger.debug('get_all_attributes: found %s' % d)
|
|
if d == identifier:
|
|
logger.debug('get_all_attributes: Attributes are %s' \
|
|
% dic)
|
|
for key in dic.keys():
|
|
attr = {}
|
|
attr['name'] = key
|
|
attr['values'] = [\
|
|
a.decode('utf-8'). \
|
|
encode('ascii', 'ignore') \
|
|
for a in dic[key]]
|
|
attr['namespace'] = 'X500'
|
|
data.append(attr)
|
|
except ldap.LDAPError, err:
|
|
logger.error('get_all_attributes: an error occured at searching \
|
|
due to %s' % err)
|
|
else:
|
|
if not data:
|
|
logger.error('get_all_attributes: no attribute found')
|
|
else:
|
|
attributes[source.name] = data
|
|
|
|
logger.debug('get_all_attributes: the attributes returned are %s' % attributes)
|
|
return attributes
|
|
|
|
|
|
def get_listed_attributes(user, definitions, **kwargs):
|
|
return get_all_attributes(user, definitions=definitions, **kwargs)
|