shengyudong/baijiahao_data_crawl
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2025-12-25 upload

Browse Source
This commit is contained in:
“shengyudong”
2025-12-25 11:16:59 +08:00
commit 322ac74336
2241 changed files with 639966 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
venv/Lib/site-packages/ldap3/extend/novell/__init__.py Normal file
View File

167
venv/Lib/site-packages/ldap3/extend/novell/addMembersToGroups.py Normal file
View File

@@ -0,0 +1,167 @@
"""
"""
# Created on 2016.04.16
#
# Author: Giovanni Cannata
#
# Copyright 2016 - 2020 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.
from ...core.exceptions import LDAPInvalidDnError
from ... import SEQUENCE_TYPES, MODIFY_ADD, BASE, DEREF_NEVER
from ...utils.dn import safe_dn
def edir_add_members_to_groups(connection,
members_dn,
groups_dn,
fix,
transaction):
"""
:param connection: a bound Connection object
:param members_dn: the list of members to add to groups
:param groups_dn: the list of groups where members are to be added
:param fix: checks for inconsistences in the users-groups relation and fixes them
:param transaction: activates an LDAP transaction
:return: a boolean where True means that the operation was successful and False means an error has happened
Establishes users-groups relations following the eDirectory rules: groups are added to securityEquals and groupMembership
attributes in the member object while members are added to member and equivalentToMe attributes in the group object.
Raises LDAPInvalidDnError if members or groups are not found in the DIT.
"""
if not isinstance(members_dn, SEQUENCE_TYPES):
members_dn = [members_dn]
if not isinstance(groups_dn, SEQUENCE_TYPES):
groups_dn = [groups_dn]
transaction_control = None
error = False
if connection.check_names: # builds new lists with sanitized dn
safe_members_dn = []
safe_groups_dn = []
for member_dn in members_dn:
safe_members_dn.append(safe_dn(member_dn))
for group_dn in groups_dn:
safe_groups_dn.append(safe_dn(group_dn))
members_dn = safe_members_dn
groups_dn = safe_groups_dn
if transaction:
transaction_control = connection.extend.novell.start_transaction()
if not error:
for member in members_dn:
if fix: # checks for existance of member and for already assigned groups
result = connection.search(member, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['securityEquals', 'groupMembership'])
if not connection.strategy.sync:
response, result = connection.get_response(result)
else:
if connection.strategy.thread_safe:
_, result, response, _ = result
else:
result = connection.result
response = connection.response
if not result['description'] == 'success':
raise LDAPInvalidDnError(member + ' not found')
existing_security_equals = response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else []
existing_group_membership = response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else []
existing_security_equals = [element.lower() for element in existing_security_equals]
existing_group_membership = [element.lower() for element in existing_group_membership]
else:
existing_security_equals = []
existing_group_membership = []
changes = dict()
security_equals_to_add = [element for element in groups_dn if element.lower() not in existing_security_equals]
group_membership_to_add = [element for element in groups_dn if element.lower() not in existing_group_membership]
if security_equals_to_add:
changes['securityEquals'] = (MODIFY_ADD, security_equals_to_add)
if group_membership_to_add:
changes['groupMembership'] = (MODIFY_ADD, group_membership_to_add)
if changes:
result = connection.modify(member, changes, controls=[transaction_control] if transaction else None)
if not connection.strategy.sync:
_, result = connection.get_response(result)
else:
if connection.strategy.thread_safe:
_, result, _, _ = result
else:
result = connection.result
if result['description'] != 'success':
error = True
break
if not error:
for group in groups_dn:
if fix: # checks for existance of group and for already assigned members
result = connection.search(group, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['member', 'equivalentToMe'])
if not connection.strategy.sync:
response, result = connection.get_response(result)
else:
if connection.strategy.thread_safe:
_, result, response, _ = result
else:
result = connection.result
response = connection.response
if not result['description'] == 'success':
raise LDAPInvalidDnError(group + ' not found')
existing_members = response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else []
existing_equivalent_to_me = response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else []
existing_members = [element.lower() for element in existing_members]
existing_equivalent_to_me = [element.lower() for element in existing_equivalent_to_me]
else:
existing_members = []
existing_equivalent_to_me = []
changes = dict()
member_to_add = [element for element in members_dn if element.lower() not in existing_members]
equivalent_to_me_to_add = [element for element in members_dn if element.lower() not in existing_equivalent_to_me]
if member_to_add:
changes['member'] = (MODIFY_ADD, member_to_add)
if equivalent_to_me_to_add:
changes['equivalentToMe'] = (MODIFY_ADD, equivalent_to_me_to_add)
if changes:
result = connection.modify(group, changes, controls=[transaction_control] if transaction else None)
if not connection.strategy.sync:
_, result = connection.get_response(result)
else:
if connection.strategy.thread_safe:
_, result, _, _ = result
else:
result = connection.result
if result['description'] != 'success':
error = True
break
if transaction:
if error: # aborts transaction in case of error in the modify operations
result = connection.extend.novell.end_transaction(commit=False, controls=[transaction_control])
else:
result = connection.extend.novell.end_transaction(commit=True, controls=[transaction_control])
if result['description'] != 'success':
error = True
return not error # returns True if no error is raised in the LDAP operations

180
venv/Lib/site-packages/ldap3/extend/novell/checkGroupsMemberships.py Normal file
View File

@@ -0,0 +1,180 @@
"""
"""
# Created on 2016.05.14
#
# Author: Giovanni Cannata
#
# Copyright 2016 - 2020 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.
from .addMembersToGroups import edir_add_members_to_groups
from ...core.exceptions import LDAPInvalidDnError
from ... import SEQUENCE_TYPES, BASE, DEREF_NEVER
from ...utils.dn import safe_dn
def _check_members_have_memberships(connection,
members_dn,
groups_dn):
"""
:param connection: a bound Connection object
:param members_dn: the list of members to add to groups
:param groups_dn: the list of groups where members are to be added
:return: two booleans. The first when True means that all members have membership in all groups, The second when True means that
there are inconsistences in the securityEquals attribute
Checks user's group membership.
Raises LDAPInvalidDNError if member is not found in the DIT.
"""
if not isinstance(members_dn, SEQUENCE_TYPES):
members_dn = [members_dn]
if not isinstance(groups_dn, SEQUENCE_TYPES):
groups_dn = [groups_dn]
partial = False # True when a member has groupMembership but doesn't have securityEquals
for member in members_dn:
result = connection.search(member, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['groupMembership', 'securityEquals'])
if not connection.strategy.sync:
response, result = connection.get_response(result)
else:
if connection.strategy.thread_safe:
_, result, response, _ = result
else:
result = connection.result
response = connection.response
if not result['description'] == 'success': # member not found in DIT
raise LDAPInvalidDnError(member + ' not found')
existing_security_equals = response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else []
existing_group_membership = response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else []
existing_security_equals = [element.lower() for element in existing_security_equals]
existing_group_membership = [element.lower() for element in existing_group_membership]
for group in groups_dn:
if group.lower() not in existing_group_membership:
return False, False
if group.lower() not in existing_security_equals:
partial = True
return True, partial
def _check_groups_contain_members(connection,
groups_dn,
members_dn):
"""
:param connection: a bound Connection object
:param members_dn: the list of members to add to groups
:param groups_dn: the list of groups where members are to be added
:return: two booleans. The first when True means that all members have membership in all groups, The second when True means that
there are inconsistences in the EquivalentToMe attribute
Checks if groups have members in their 'member' attribute.
Raises LDAPInvalidDNError if member is not found in the DIT.
"""
if not isinstance(groups_dn, SEQUENCE_TYPES):
groups_dn = [groups_dn]
if not isinstance(members_dn, SEQUENCE_TYPES):
members_dn = [members_dn]
partial = False # True when a group has member but doesn't have equivalentToMe
for group in groups_dn:
result = connection.search(group, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['member', 'equivalentToMe'])
if not connection.strategy.sync:
response, result = connection.get_response(result)
else:
if connection.strategy.thread_safe:
_, result, response, _ = result
else:
result = connection.result
response = connection.response
if not result['description'] == 'success':
raise LDAPInvalidDnError(group + ' not found')
existing_members = response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else []
existing_equivalent_to_me = response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else []
existing_members = [element.lower() for element in existing_members]
existing_equivalent_to_me = [element.lower() for element in existing_equivalent_to_me]
for member in members_dn:
if member.lower() not in existing_members:
return False, False
if member.lower() not in existing_equivalent_to_me:
partial = True
return True, partial
def edir_check_groups_memberships(connection,
members_dn,
groups_dn,
fix,
transaction):
"""
:param connection: a bound Connection object
:param members_dn: the list of members to check
:param groups_dn: the list of groups to check
:param fix: checks for inconsistences in the users-groups relation and fixes them
:param transaction: activates an LDAP transaction when fixing
:return: a boolean where True means that the operation was successful and False means an error has happened
Checks and fixes users-groups relations following the eDirectory rules: groups are checked against 'groupMembership'
attribute in the member object while members are checked against 'member' attribute in the group object.
Raises LDAPInvalidDnError if members or groups are not found in the DIT.
"""
if not isinstance(groups_dn, SEQUENCE_TYPES):
groups_dn = [groups_dn]
if not isinstance(members_dn, SEQUENCE_TYPES):
members_dn = [members_dn]
if connection.check_names: # builds new lists with sanitized dn
safe_members_dn = []
safe_groups_dn = []
for member_dn in members_dn:
safe_members_dn.append(safe_dn(member_dn))
for group_dn in groups_dn:
safe_groups_dn.append(safe_dn(group_dn))
members_dn = safe_members_dn
groups_dn = safe_groups_dn
try:
members_have_memberships, partial_member_security = _check_members_have_memberships(connection, members_dn, groups_dn)
groups_contain_members, partial_group_security = _check_groups_contain_members(connection, groups_dn, members_dn)
except LDAPInvalidDnError:
return False
if not members_have_memberships and not groups_contain_members:
return False
if fix: # fix any inconsistences
if (members_have_memberships and not groups_contain_members) \
or (groups_contain_members and not members_have_memberships) \
or partial_group_security \
or partial_member_security:
for member in members_dn:
for group in groups_dn:
edir_add_members_to_groups(connection, member, group, True, transaction)
return True

58
venv/Lib/site-packages/ldap3/extend/novell/endTransaction.py Normal file
View File

@@ -0,0 +1,58 @@
"""
"""
# Created on 2016.04.14
#
# Author: Giovanni Cannata
#
# Copyright 2016 - 2020 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.
from ...extend.operation import ExtendedOperation
from ...protocol.novell import EndGroupTypeRequestValue, EndGroupTypeResponseValue, Sequence
from ...utils.asn1 import decoder
class EndTransaction(ExtendedOperation):
def config(self):
self.request_name = '2.16.840.1.113719.1.27.103.2'
self.response_name = '2.16.840.1.113719.1.27.103.2'
self.request_value = EndGroupTypeRequestValue()
self.asn1_spec = EndGroupTypeResponseValue()
def __init__(self, connection, commit=True, controls=None):
if controls and len(controls) == 1:
group_cookie = decoder.decode(controls[0][2], asn1Spec=Sequence())[0][0] # get the cookie from the built groupingControl
else:
group_cookie = None
controls = None
ExtendedOperation.__init__(self, connection, controls) # calls super __init__()
if group_cookie:
self.request_value['endGroupCookie'] = group_cookie # transactionGroupingType
if not commit:
self.request_value['endGroupValue'] = '' # an empty endGroupValue means abort transaction
def populate_result(self):
try:
self.result['value'] = self.decoded_response['endGroupValue']
except TypeError:
self.result['value'] = None
def set_response(self):
self.response_value = self.result

41
venv/Lib/site-packages/ldap3/extend/novell/getBindDn.py Normal file
View File

@@ -0,0 +1,41 @@
"""
"""
# Created on 2014.04.30
#
# Author: Giovanni Cannata
#
# Copyright 2014 - 2020 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.
from ...protocol.novell import Identity
from ...extend.operation import ExtendedOperation
class GetBindDn(ExtendedOperation):
def config(self):
self.request_name = '2.16.840.1.113719.1.27.100.31'
self.response_name = '2.16.840.1.113719.1.27.100.32'
self.response_attribute = 'identity'
self.asn1_spec = Identity()
def populate_result(self):
try:
self.result['identity'] = str(self.decoded_response) if self.decoded_response else None
except TypeError:
self.result['identity'] = None

50
venv/Lib/site-packages/ldap3/extend/novell/listReplicas.py Normal file
View File

@@ -0,0 +1,50 @@
"""
"""
# Created on 2014.07.03
#
# Author: Giovanni Cannata
#
# Copyright 2014 - 2020 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.
from ...extend.operation import ExtendedOperation
from ...protocol.novell import ReplicaList
from ...protocol.rfc4511 import LDAPDN
from ...utils.dn import safe_dn
class ListReplicas(ExtendedOperation):
def config(self):
self.request_name = '2.16.840.1.113719.1.27.100.19'
self.response_name = '2.16.840.1.113719.1.27.100.20'
self.request_value = LDAPDN()
self.asn1_spec = ReplicaList()
self.response_attribute = 'replicas'
def __init__(self, connection, server_dn, controls=None):
ExtendedOperation.__init__(self, connection, controls) # calls super __init__()
if connection.check_names:
server_dn = safe_dn(server_dn)
self.request_value = LDAPDN(server_dn)
def populate_result(self):
try:
self.result['replicas'] = [str(replica) for replica in self.decoded_response] if self.decoded_response else None
except TypeError:
self.result['replicas'] = None

56
venv/Lib/site-packages/ldap3/extend/novell/nmasGetUniversalPassword.py Normal file
View File

@@ -0,0 +1,56 @@
"""
"""
# Created on 2014.07.03
#
# Author: Giovanni Cannata
#
# Copyright 2014 - 2020 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.
from ...extend.operation import ExtendedOperation
from ...protocol.novell import NmasGetUniversalPasswordRequestValue, NmasGetUniversalPasswordResponseValue, NMAS_LDAP_EXT_VERSION
from ...utils.dn import safe_dn
class NmasGetUniversalPassword(ExtendedOperation):
def config(self):
self.request_name = '2.16.840.1.113719.1.39.42.100.13'
self.response_name = '2.16.840.1.113719.1.39.42.100.14'
self.request_value = NmasGetUniversalPasswordRequestValue()
self.asn1_spec = NmasGetUniversalPasswordResponseValue()
self.response_attribute = 'password'
def __init__(self, connection, user, controls=None):
ExtendedOperation.__init__(self, connection, controls) # calls super __init__()
if connection.check_names:
user = safe_dn(user)
self.request_value['nmasver'] = NMAS_LDAP_EXT_VERSION
self.request_value['reqdn'] = user
def populate_result(self):
if self.decoded_response:
self.result['nmasver'] = int(self.decoded_response['nmasver'])
self.result['error'] = int(self.decoded_response['err'])
try:
self.result['password'] = str(self.decoded_response['passwd']) if self.decoded_response['passwd'].hasValue() else None
except TypeError:
self.result['password'] = None

52
venv/Lib/site-packages/ldap3/extend/novell/nmasSetUniversalPassword.py Normal file
View File

@@ -0,0 +1,52 @@
"""
"""
# Created on 2014.07.03
#
# Author: Giovanni Cannata
#
# Copyright 2014 - 2020 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.
from ...extend.operation import ExtendedOperation
from ...protocol.novell import NmasSetUniversalPasswordRequestValue, NmasSetUniversalPasswordResponseValue, NMAS_LDAP_EXT_VERSION
from ...utils.dn import safe_dn
class NmasSetUniversalPassword(ExtendedOperation):
def config(self):
self.request_name = '2.16.840.1.113719.1.39.42.100.11'
self.response_name = '2.16.840.1.113719.1.39.42.100.12'
self.request_value = NmasSetUniversalPasswordRequestValue()
self.asn1_spec = NmasSetUniversalPasswordResponseValue()
self.response_attribute = 'password'
def __init__(self, connection, user, new_password, controls=None):
ExtendedOperation.__init__(self, connection, controls) # calls super __init__()
if connection.check_names and user:
user = safe_dn(user)
self.request_value['nmasver'] = NMAS_LDAP_EXT_VERSION
if user:
self.request_value['reqdn'] = user
if new_password:
self.request_value['new_passwd'] = new_password
def populate_result(self):
self.result['nmasver'] = int(self.decoded_response['nmasver'])
self.result['error'] = int(self.decoded_response['err'])

57
venv/Lib/site-packages/ldap3/extend/novell/partition_entry_count.py Normal file
View File

@@ -0,0 +1,57 @@
"""
"""
# Created on 2014.08.05
#
# Author: Giovanni Cannata
#
# Copyright 2014 - 2020 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.
from pyasn1.type.univ import Integer
from ...core.exceptions import LDAPExtensionError
from ..operation import ExtendedOperation
from ...protocol.rfc4511 import LDAPDN
from ...utils.asn1 import decoder
from ...utils.dn import safe_dn
class PartitionEntryCount(ExtendedOperation):
def config(self):
self.request_name = '2.16.840.1.113719.1.27.100.13'
self.response_name = '2.16.840.1.113719.1.27.100.14'
self.request_value = LDAPDN()
self.response_attribute = 'entry_count'
def __init__(self, connection, partition_dn, controls=None):
ExtendedOperation.__init__(self, connection, controls) # calls super __init__()
if connection.check_names:
partition_dn = safe_dn(partition_dn)
self.request_value = LDAPDN(partition_dn)
def populate_result(self):
substrate = self.decoded_response
try:
decoded, substrate = decoder.decode(substrate, asn1Spec=Integer())
self.result['entry_count'] = int(decoded)
except Exception:
raise LDAPExtensionError('unable to decode substrate')
if substrate:
raise LDAPExtensionError('unknown substrate remaining')

170
venv/Lib/site-packages/ldap3/extend/novell/removeMembersFromGroups.py Normal file
View File

@@ -0,0 +1,170 @@
"""
"""
# Created on 2016.04.17
#
# Author: Giovanni Cannata
#
# Copyright 2016 - 2020 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.
from ...core.exceptions import LDAPInvalidDnError
from ... import SEQUENCE_TYPES, MODIFY_DELETE, BASE, DEREF_NEVER
from ...utils.dn import safe_dn
def edir_remove_members_from_groups(connection,
members_dn,
groups_dn,
fix,
transaction):
"""
:param connection: a bound Connection object
:param members_dn: the list of members to remove from groups
:param groups_dn: the list of groups where members are to be removed
:param fix: checks for inconsistences in the users-groups relation and fixes them
:param transaction: activates an LDAP transaction
:return: a boolean where True means that the operation was successful and False means an error has happened
Removes users-groups relations following the eDirectory rules: groups are removed from securityEquals and groupMembership
attributes in the member object while members are removed from member and equivalentToMe attributes in the group object.
Raises LDAPInvalidDnError if members or groups are not found in the DIT.
"""
if not isinstance(members_dn, SEQUENCE_TYPES):
members_dn = [members_dn]
if not isinstance(groups_dn, SEQUENCE_TYPES):
groups_dn = [groups_dn]
if connection.check_names: # builds new lists with sanitized dn
safe_members_dn = []
safe_groups_dn = []
for member_dn in members_dn:
safe_members_dn.append(safe_dn(member_dn))
for group_dn in groups_dn:
safe_groups_dn.append(safe_dn(group_dn))
members_dn = safe_members_dn
groups_dn = safe_groups_dn
transaction_control = None
error = False
if transaction:
transaction_control = connection.extend.novell.start_transaction()
if not error:
for member in members_dn:
if fix: # checks for existance of member and for already assigned groups
result = connection.search(member, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['securityEquals', 'groupMembership'])
if not connection.strategy.sync:
response, result = connection.get_response(result)
else:
if connection.strategy.thread_safe:
_, result, response, _ = result
else:
response = connection.response
result = connection.result
if not result['description'] == 'success':
raise LDAPInvalidDnError(member + ' not found')
existing_security_equals = response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else []
existing_group_membership = response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else []
else:
existing_security_equals = groups_dn
existing_group_membership = groups_dn
existing_security_equals = [element.lower() for element in existing_security_equals]
existing_group_membership = [element.lower() for element in existing_group_membership]
changes = dict()
security_equals_to_remove = [element for element in groups_dn if element.lower() in existing_security_equals]
group_membership_to_remove = [element for element in groups_dn if element.lower() in existing_group_membership]
if security_equals_to_remove:
changes['securityEquals'] = (MODIFY_DELETE, security_equals_to_remove)
if group_membership_to_remove:
changes['groupMembership'] = (MODIFY_DELETE, group_membership_to_remove)
if changes:
result = connection.modify(member, changes, controls=[transaction_control] if transaction else None)
if not connection.strategy.sync:
_, result = connection.get_response(result)
else:
if connection.strategy.thread_safe:
_, result, _, _ = result
else:
result = connection.result
if result['description'] != 'success':
error = True
break
if not error:
for group in groups_dn:
if fix: # checks for existance of group and for already assigned members
result = connection.search(group, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['member', 'equivalentToMe'])
if not connection.strategy.sync:
response, result = connection.get_response(result)
else:
if connection.strategy.thread_safe:
_, result, response, _ = result
else:
response = connection.response
result = connection.result
if not result['description'] == 'success':
raise LDAPInvalidDnError(group + ' not found')
existing_members = response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else []
existing_equivalent_to_me = response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else []
else:
existing_members = members_dn
existing_equivalent_to_me = members_dn
existing_members = [element.lower() for element in existing_members]
existing_equivalent_to_me = [element.lower() for element in existing_equivalent_to_me]
changes = dict()
member_to_remove = [element for element in members_dn if element.lower() in existing_members]
equivalent_to_me_to_remove = [element for element in members_dn if element.lower() in existing_equivalent_to_me]
if member_to_remove:
changes['member'] = (MODIFY_DELETE, member_to_remove)
if equivalent_to_me_to_remove:
changes['equivalentToMe'] = (MODIFY_DELETE, equivalent_to_me_to_remove)
if changes:
result = connection.modify(group, changes, controls=[transaction_control] if transaction else None)
if not connection.strategy.sync:
_, result = connection.get_response(result)
else:
if connection.strategy.thread_safe:
_, result, _, _ = result
else:
result = connection.result
if result['description'] != 'success':
error = True
break
if transaction:
if error: # aborts transaction in case of error in the modify operations
result = connection.extend.novell.end_transaction(commit=False, controls=[transaction_control])
else:
result = connection.extend.novell.end_transaction(commit=True, controls=[transaction_control])
if result['description'] != 'success':
error = True
return not error # return True if no error is raised in the LDAP operations

79
venv/Lib/site-packages/ldap3/extend/novell/replicaInfo.py Normal file
View File

@@ -0,0 +1,79 @@
"""
"""
# Created on 2014.08.07
#
# Author: Giovanni Cannata
#
# Copyright 2014 - 2020 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.
from datetime import datetime
from pyasn1.type.univ import Integer
from ...core.exceptions import LDAPExtensionError
from ...protocol.novell import LDAPDN, ReplicaInfoRequestValue
from ..operation import ExtendedOperation
from ...utils.asn1 import decoder
from ...utils.dn import safe_dn
class ReplicaInfo(ExtendedOperation):
def config(self):
self.request_name = '2.16.840.1.113719.1.27.100.17'
self.response_name = '2.16.840.1.113719.1.27.100.18'
# self.asn1_spec = ReplicaInfoResponseValue()
self.request_value = ReplicaInfoRequestValue()
self.response_attribute = 'partition_dn'
def __init__(self, connection, server_dn, partition_dn, controls=None):
if connection.check_names:
if server_dn:
server_dn = safe_dn(server_dn)
if partition_dn:
partition_dn = safe_dn(partition_dn)
ExtendedOperation.__init__(self, connection, controls) # calls super __init__()
self.request_value['server_dn'] = server_dn
self.request_value['partition_dn'] = partition_dn
def populate_result(self):
substrate = self.decoded_response
try:
decoded, substrate = decoder.decode(substrate, asn1Spec=Integer())
self.result['partition_id'] = int(decoded)
decoded, substrate = decoder.decode(substrate, asn1Spec=Integer())
self.result['replica_state'] = int(decoded)
decoded, substrate = decoder.decode(substrate, asn1Spec=Integer())
self.result['modification_time'] = datetime.utcfromtimestamp(int(decoded))
decoded, substrate = decoder.decode(substrate, asn1Spec=Integer())
self.result['purge_time'] = datetime.utcfromtimestamp(int(decoded))
decoded, substrate = decoder.decode(substrate, asn1Spec=Integer())
self.result['local_partition_id'] = int(decoded)
decoded, substrate = decoder.decode(substrate, asn1Spec=LDAPDN())
self.result['partition_dn'] = str(decoded)
decoded, substrate = decoder.decode(substrate, asn1Spec=Integer())
self.result['replica_type'] = int(decoded)
decoded, substrate = decoder.decode(substrate, asn1Spec=Integer())
self.result['flags'] = int(decoded)
except Exception:
raise LDAPExtensionError('unable to decode substrate')
if substrate:
raise LDAPExtensionError('unknown substrate remaining')

56
venv/Lib/site-packages/ldap3/extend/novell/startTransaction.py Normal file
View File

@@ -0,0 +1,56 @@
"""
"""
# Created on 2016.04.14
#
# Author: Giovanni Cannata
#
# Copyright 2016 - 2020 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.
from ...extend.operation import ExtendedOperation
from ...protocol.novell import CreateGroupTypeRequestValue, CreateGroupTypeResponseValue, GroupingControlValue
from ...protocol.controls import build_control
class StartTransaction(ExtendedOperation):
def config(self):
self.request_name = '2.16.840.1.113719.1.27.103.1'
self.response_name = '2.16.840.1.113719.1.27.103.1'
self.request_value = CreateGroupTypeRequestValue()
self.asn1_spec = CreateGroupTypeResponseValue()
def __init__(self, connection, controls=None):
ExtendedOperation.__init__(self, connection, controls) # calls super __init__()
self.request_value['createGroupType'] = '2.16.840.1.113719.1.27.103.7' # transactionGroupingType
def populate_result(self):
self.result['cookie'] = int(self.decoded_response['createGroupCookie'])
try:
self.result['value'] = self.decoded_response['createGroupValue']
except TypeError:
self.result['value'] = None
def set_response(self):
try:
grouping_cookie_value = GroupingControlValue()
grouping_cookie_value['groupingCookie'] = self.result['cookie']
self.response_value = build_control('2.16.840.1.113719.1.27.103.7', True, grouping_cookie_value, encode_control_value=True) # groupingControl
except TypeError:
self.response_value = None