summaryrefslogtreecommitdiffstats
path: root/src/lib/Bcfg2/Server/Hostbase/nisauth.py
blob: ae4c6c021f2f991c9bbefeb8388a8e4aa75d9c91 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
"""Checks with NIS to see if the current user is in the support group"""
import os
import crypt, nis
from Bcfg2.Server.Hostbase.settings import AUTHORIZED_GROUP


class NISAUTHError(Exception):
    """NISAUTHError is raised when somehting goes boom."""
    pass

class nisauth(object):
    group_test = False
#    check_member_of = os.environ['LDAP_CHECK_MBR_OF_GRP']
    samAcctName = None
    distinguishedName = None
    sAMAccountName = None
    telephoneNumber = None
    title = None
    memberOf = None
    department = None #this will be a list
    mail = None
    extensionAttribute1 = None #badgenumber
    badge_no = None
    uid = None

    def __init__(self,login,passwd=None):
        """get user profile from NIS"""
        try:
            p = nis.match(login, 'passwd.byname').split(":")
        except:
            raise NISAUTHError('username')
        # check user password using crypt and 2 character salt from passwd file
        if p[1] == crypt.crypt(passwd, p[1][:2]):
            # check to see if user is in valid support groups
            # will have to include these groups in a settings file eventually
            if not login in nis.match(AUTHORIZED_GROUP, 'group.byname').split(':')[-1].split(',') and p[3] != nis.match(AUTHORIZED_GROUP, 'group.byname').split(':')[2]:
                raise NISAUTHError('group')
            self.uid = p[2]
        else:
            raise NISAUTHError('password')