1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 or later
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import re
import urllib
import ipa.ipautil
class ACI:
"""
Holds the basic data for an ACI entry, as stored in the cn=accounts
entry in LDAP. Has methods to parse an ACI string and export to an
ACI String.
"""
def __init__(self,acistr=None):
self.name = ''
self.source_group = ''
self.dest_group = ''
self.attrs = []
self.orig_acistr = acistr
if acistr is not None:
self.parse_acistr(acistr)
def export_to_string(self):
"""Converts the ACI to a string suitable for an LDAP aci attribute."""
attrs_str = ' || '.join(self.attrs)
# dest_group and source_group are assumed to be pre-escaped.
# dn's aren't typed in, but searched for, and the search results
# will return escaped dns
acistr = ('(targetattr="%s")' +
'(targetfilter="(memberOf=%s)")' +
'(version 3.0;' +
'acl "%s";' +
'allow (write) ' +
'groupdn="ldap:///%s";)') % (attrs_str,
self.dest_group,
self.name,
urllib.quote(self.source_group, "/=, "))
return acistr
def to_dict(self):
result = ipa.ipautil.CIDict()
result['name'] = self.name
result['source_group'] = self.source_group
result['dest_group'] = self.dest_group
result['attrs'] = self.attrs
result['orig_acistr'] = self.orig_acistr
return result
def _match(self, prefix, inputstr):
"""Returns inputstr with prefix removed, or else raises a
SyntaxError."""
if inputstr.startswith(prefix):
return inputstr[len(prefix):]
else:
raise SyntaxError, "'%s' not found at '%s'" % (prefix, inputstr)
def _match_str(self, inputstr):
"""Tries to extract a " delimited string from the front of inputstr.
Returns (string, inputstr) where:
- string is the extracted string (minus the enclosing " chars)
- inputstr is the parameter with the string removed.
Raises SyntaxError is a string is not found."""
if not inputstr.startswith('"'):
raise SyntaxError, "string not found at '%s'" % inputstr
found = False
start_index = 1
final_index = 1
while not found and (final_index < len(inputstr)):
if inputstr[final_index] == '\\':
final_index += 2
elif inputstr[final_index] == '"':
found = True
else:
final_index += 1
if not found:
raise SyntaxError, "string not found at '%s'" % inputstr
match = inputstr[start_index:final_index]
inputstr = inputstr[final_index + 1:]
return(match, inputstr)
def parse_acistr(self, acistr):
"""Parses the acistr. If the string isn't recognized, a SyntaxError
is raised."""
self.orig_acistr = acistr
acistr = self._match('(targetattr=', acistr)
(attrstr, acistr) = self._match_str(acistr)
self.attrs = attrstr.split(' || ')
acistr = self._match(')(targetfilter=', acistr)
(target_dn_str, acistr) = self._match_str(acistr)
target_dn_str = self._match('(memberOf=', target_dn_str)
if target_dn_str.endswith(')'):
self.dest_group = target_dn_str[:-1]
else:
raise SyntaxError, "illegal dest_group at '%s'" % target_dn_str
acistr = self._match(')(version 3.0;acl ', acistr)
(name_str, acistr) = self._match_str(acistr)
self.name = name_str
acistr = self._match(';allow (write) groupdn=', acistr)
(src_dn_str, acistr) = self._match_str(acistr)
src_dn_str = self._match('ldap:///', src_dn_str)
self.source_group = urllib.unquote(src_dn_str)
acistr = self._match(';)', acistr)
if len(acistr) > 0:
raise SyntaxError, "unexpected aci suffix at '%s'" % acistr
|