1 files changed, 40 insertions, 0 deletions

diff --git a/src/lib/Bcfg2/Server/Hostbase/nisauth.py b/src/lib/Bcfg2/Server/Hostbase/nisauth.py
new file mode 100644
index 000000000..ae4c6c021
--- /dev/null
+++ b/src/lib/Bcfg2/Server/Hostbase/nisauth.py
@@ -0,0 +1,40 @@
+"""Checks with NIS to see if the current user is in the support group"""
+import os
+import crypt, nis
+from Bcfg2.Server.Hostbase.settings import AUTHORIZED_GROUP
+
+
+class NISAUTHError(Exception):
+    """NISAUTHError is raised when somehting goes boom."""
+    pass
+
+class nisauth(object):
+    group_test = False
+#    check_member_of = os.environ['LDAP_CHECK_MBR_OF_GRP']
+    samAcctName = None
+    distinguishedName = None
+    sAMAccountName = None
+    telephoneNumber = None
+    title = None
+    memberOf = None
+    department = None #this will be a list
+    mail = None
+    extensionAttribute1 = None #badgenumber
+    badge_no = None
+    uid = None
+
+    def __init__(self,login,passwd=None):
+        """get user profile from NIS"""
+        try:
+            p = nis.match(login, 'passwd.byname').split(":")
+        except:
+            raise NISAUTHError('username')
+        # check user password using crypt and 2 character salt from passwd file
+        if p[1] == crypt.crypt(passwd, p[1][:2]):
+            # check to see if user is in valid support groups
+            # will have to include these groups in a settings file eventually
+            if not login in nis.match(AUTHORIZED_GROUP, 'group.byname').split(':')[-1].split(',') and p[3] != nis.match(AUTHORIZED_GROUP, 'group.byname').split(':')[2]:
+                raise NISAUTHError('group')
+            self.uid = p[2]
+        else:
+            raise NISAUTHError('password')