blob: ae4c6c021f2f991c9bbefeb8388a8e4aa75d9c91 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
"""Checks with NIS to see if the current user is in the support group"""
import os
import crypt, nis
from Bcfg2.Server.Hostbase.settings import AUTHORIZED_GROUP
class NISAUTHError(Exception):
"""NISAUTHError is raised when somehting goes boom."""
pass
class nisauth(object):
group_test = False
# check_member_of = os.environ['LDAP_CHECK_MBR_OF_GRP']
samAcctName = None
distinguishedName = None
sAMAccountName = None
telephoneNumber = None
title = None
memberOf = None
department = None #this will be a list
mail = None
extensionAttribute1 = None #badgenumber
badge_no = None
uid = None
def __init__(self,login,passwd=None):
"""get user profile from NIS"""
try:
p = nis.match(login, 'passwd.byname').split(":")
except:
raise NISAUTHError('username')
# check user password using crypt and 2 character salt from passwd file
if p[1] == crypt.crypt(passwd, p[1][:2]):
# check to see if user is in valid support groups
# will have to include these groups in a settings file eventually
if not login in nis.match(AUTHORIZED_GROUP, 'group.byname').split(':')[-1].split(',') and p[3] != nis.match(AUTHORIZED_GROUP, 'group.byname').split(':')[2]:
raise NISAUTHError('group')
self.uid = p[2]
else:
raise NISAUTHError('password')
|