+ Delete entry {text_dn}.
+ {text_num_sub_ordinates} + {text_num_all_sub_ordinates}

%s

- %s\n%s\n%s\n%s\n%s\n%s\n%s\n%s + %s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s """ % ( form.utf2display(title_msg), login_msg_html, - form.beginFormHTML(command,sid,'POST',None), + form.beginFormHTML(command,None,'POST',None), form.hiddenFieldHTML('ldapurl',ls.uri.decode('ascii'),u''), form.hiddenFieldHTML('dn',dn,u''), + form.hiddenFieldHTML('delsid',sid.decode('ascii'),u''), scope_hidden_field, filterstr_hidden_field, login_fields, @@ -110,7 +109,8 @@ form.hiddenInputFields( outf=outf, ignoreFieldNames=[ - 'sid','ldapurl','host','who','cred','dn','scope','filterstr','search_attrs', + 'sid','delsid', + 'ldapurl','host','who','cred','dn','scope','filterstr','search_attrs', 'login_mech','login_authzid','login_authzid_prefix','login_realm', 'login_search_root','login_filterstr' ] diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/modify.py web2ldap-1.1.43~dfsg/pylib/w2lapp/modify.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/modify.py 2012-04-18 20:00:15.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/modify.py 2013-08-30 17:13:19.000000000 +0000 @@ -10,8 +10,6 @@ This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) - -$Id: modify.py,v 1.111 2012/04/18 20:00:15 michael Exp $ """ import ldap,ldif,ldap.schema, \ @@ -104,14 +102,14 @@ sub_schema = ls.retrieveSubSchema(dn,w2lapp.cnf.GetParam(ls,'_schema',None)) - new_entry,invalid_attrs,in_binattrs = GetEntryfromInputForm(form,ls,dn,sub_schema) - in_wrtattroids = form.getInputValue('in_wrtattroids',[]) if in_wrtattroids==['nonePseudoValue;x-web2ldap-None']: writeable_attr_oids = None else: writeable_attr_oids = set([ a.encode(ls.charset) for a in in_wrtattroids ]) + new_entry,invalid_attrs,in_binattrs = GetEntryfromInputForm(form,ls,dn,sub_schema) + # Check if the user just switched input type form if 'input_formtype' in form.inputFieldNames: input_addattrtypes = form.getInputValue('input_addattrtype',[]) diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/monitor.py web2ldap-1.1.43~dfsg/pylib/w2lapp/monitor.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/monitor.py 2012-12-16 15:53:30.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/monitor.py 2013-06-22 15:38:52.000000000 +0000 @@ -10,8 +10,6 @@ This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) - -$Id: monitor.py,v 1.30 2012/12/16 15:53:30 michael Exp $ """ import time,threading,utctime,web2ldapcnf.misc,web2ldapcnf.monitor,w2lapp.core,w2lapp.gui diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/passwd.py web2ldap-1.1.43~dfsg/pylib/w2lapp/passwd.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/passwd.py 2012-12-12 21:11:24.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/passwd.py 2013-06-24 15:33:06.000000000 +0000 @@ -10,8 +10,6 @@ This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) - -$Id: passwd.py,v 1.104 2012/12/12 21:11:24 michael Exp $ """ import time,string,binascii,random,hashlib,ldap,ldaputil.base,ldaputil.passwd, \ @@ -189,7 +187,7 @@ ] form.field['passwd_scheme'].options = default_hashtypes - nthash_available = all_attrs_dict.has_key('1.3.6.1.4.1.7165.2.1.2') or all_attrs_dict.has_key('1.3.6.1.4.1.7165.2.1.25') + nthash_available = all_attrs_dict.has_key('1.3.6.1.4.1.7165.2.1.25') show_clientside_pw_fields = passwd_action=='setuserpassword' and not unicode_pwd_avail passwd_template_str = w2lapp.gui.ReadTemplate(form,ls,'passwd_template',u'password form') @@ -280,11 +278,21 @@ password_attr_types_msg = '' + passwd_modlist = w2lapp.cnf.GetParam(ls,'passwd_modlist',[]) + + # Extend with appropriate user-must-change-password-after-reset attribute + if passwd_forcechange: + # draft-behera-password-policy + if sub_schema.sed[AttributeType].has_key('1.3.6.1.4.1.42.2.27.8.1.22'): + passwd_modlist.append((ldap.MOD_REPLACE,'pwdReset','TRUE')) + # MS AD + elif all_attrs_dict.has_key('1.2.840.113556.1.4.96'): + passwd_modlist.append((ldap.MOD_REPLACE,'pwdLastSet','0')) + if not passwd_action: raise w2lapp.core.ErrorExit(u'No password action chosen.') - elif passwd_action=='passwdextop': #------------------------------------------------------- @@ -306,10 +314,8 @@ ) return else: - if passwd_forcechange: - # Check for draft-behera-password-policy - if sub_schema.sed[AttributeType].has_key('1.3.6.1.4.1.42.2.27.8.1.22'): - ls.modifyEntry(passwd_who,[(ldap.MOD_REPLACE,'pwdReset','TRUE')]) + if passwd_modlist: + ls.modifyEntry(passwd_who,passwd_modlist) if no_passwd_input: password_attr_types_msg = 'Generated password set by the server: %s' % (form.utf2display(passwd_input)) else: @@ -321,8 +327,6 @@ # Modify password via Modify Request #------------------------------------------------------- - modlist = [] - all_attrs_dict = GetAllAllowedAttributes(sub_schema,user_objectclasses) if not all_attrs_dict.has_key('2.5.4.35'): @@ -333,7 +337,7 @@ if user_objectclasses and \ not userpassword_class.lower() in user_objectclasses and \ sub_schema.get_inheritedattr(ldap.schema.ObjectClass,userpassword_class,'kind')==2: - modlist.append((ldap.MOD_ADD,'objectClass',userpassword_class)) + passwd_modlist.append((ldap.MOD_ADD,'objectClass',userpassword_class)) break except KeyError: pass @@ -368,12 +372,12 @@ old_passwd_value = userPassword.encodePassword(old_password,'') if OwnPwdChange(ls,passwd_who) and old_password: - modlist.extend(( + passwd_modlist.extend(( (ldap.MOD_DELETE,passwd_attr_type,[old_passwd_value]), (ldap.MOD_ADD,passwd_attr_type,[new_passwd_value]), )) else: - modlist.append( + passwd_modlist.append( (ldap.MOD_REPLACE,passwd_attr_type,[new_passwd_value]), ) @@ -382,39 +386,20 @@ pwd_change_timestamp = time.time() if passwd_settimesync and all_attrs_dict.has_key('1.3.6.1.1.1.1.5'): - modlist.append((ldap.MOD_REPLACE,'shadowLastChange',str(int(pwd_change_timestamp/86400)))) - - if passwd_forcechange: - # draft-behera-password-policy - if sub_schema.sed[AttributeType].has_key('1.3.6.1.4.1.42.2.27.8.1.22'): - modlist.append((ldap.MOD_REPLACE,'pwdReset','TRUE')) - # MS AD - elif all_attrs_dict.has_key('1.2.840.113556.1.4.96'): - modlist.append((ldap.MOD_REPLACE,'pwdLastSet','0')) + passwd_modlist.append((ldap.MOD_REPLACE,'shadowLastChange',str(int(pwd_change_timestamp/86400)))) passwd_ntpasswordsync = form.getInputValue('passwd_ntpasswordsync',['no'])[0]=='yes' # Samba password synchronization if requested - if passwd_ntpasswordsync: - - if all_attrs_dict.has_key('1.3.6.1.4.1.7165.2.1.2'): - modlist.append((ldap.MOD_REPLACE,'ntPassword',NtPasswordHash(passwd_input))) - - if all_attrs_dict.has_key('1.3.6.1.4.1.7165.2.1.25'): - modlist.append((ldap.MOD_REPLACE,'sambaNTPassword',NtPasswordHash(passwd_input))) - - if passwd_settimesync and passwd_ntpasswordsync: - - if all_attrs_dict.has_key('1.3.6.1.4.1.7165.2.1.3'): - modlist.append((ldap.MOD_REPLACE,'pwdLastSet',str(int(pwd_change_timestamp)))) - - if all_attrs_dict.has_key('1.3.6.1.4.1.7165.2.1.27'): - modlist.append((ldap.MOD_REPLACE,'sambaPwdLastSet',str(int(pwd_change_timestamp)))) + if passwd_ntpasswordsync and all_attrs_dict.has_key('1.3.6.1.4.1.7165.2.1.25'): + passwd_modlist.append((ldap.MOD_REPLACE,'sambaNTPassword',NtPasswordHash(passwd_input))) + if passwd_settimesync and all_attrs_dict.has_key('1.3.6.1.4.1.7165.2.1.27'): + passwd_modlist.append((ldap.MOD_REPLACE,'sambaPwdLastSet',str(int(pwd_change_timestamp)))) password_attr_types_msg = 'Password-related attributes set: %s' % (', '.join( [ - '%s' % (attr_type) - for mod, attr_type, attr_values in modlist + form.utf2display(unicode(attr_type)) + for mod, attr_type, attr_values in passwd_modlist ] )) if no_passwd_input: @@ -422,7 +407,7 @@ # Modify password try: - ls.modifyEntry(passwd_who,modlist) + ls.modifyEntry(passwd_who,passwd_modlist) except (ldap.CONSTRAINT_VIOLATION,ldap.UNWILLING_TO_PERFORM),e: PasswdForm( sid,outf,command,form,ls,dn,sub_schema, diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/read.py web2ldap-1.1.43~dfsg/pylib/w2lapp/read.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/read.py 2013-01-02 17:47:47.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/read.py 2013-08-25 13:14:45.000000000 +0000 @@ -10,8 +10,6 @@ This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) - -$Id: read.py,v 1.174 2013/01/02 17:47:47 michael Exp $ """ import pyweblib.forms,ldap.schema,ldaputil.schema,pyweblib.httphelper, \ @@ -48,7 +46,6 @@ except IOError: outf.write('

I/O error during reading template file for object class %s.

' % oc) else: - display_entry.sep = '
' try: template_attr_oid_set = set([ sub_schema.getoid(ldap.schema.AttributeType,attr_type_name) @@ -110,15 +107,17 @@ class DisplayEntry(ldaputil.schema.Entry): - def __init__(self,sid,form,ls,dn,schema,entry): - ldaputil.schema.Entry.__init__(self,schema,None,entry) - self.entry = ldaputil.schema.Entry(schema,None,entry) + def __init__(self,sid,form,ls,dn,schema,entry,sep_attr,commandbutton): + assert type(dn)==type(u'') + ldaputil.schema.Entry.__init__(self,schema,dn.encode(ls.charset),entry) + self.entry = ldaputil.schema.Entry(schema,dn.encode(ls.charset),entry) self.sid = sid self.form = form self.ls = ls self.dn = dn - self.sep = None self.invalid_attrs = set() + self.sep_attr = sep_attr + self.commandbutton = commandbutton def __getitem__(self,nameoroid): oid = self._at2key(nameoroid)[0] @@ -132,7 +131,7 @@ for i in range(len(values)): attr_instance = syntax_se(self.sid,self.form,self.ls,self.dn,self._s,nameoroid,values[i],self.entry) try: - attr_value_html = attr_instance.displayValue(valueindex=i,commandbutton=1) + attr_value_html = attr_instance.displayValue(valueindex=i,commandbutton=self.commandbutton) except UnicodeError: # Fall back to hex-dump output attr_instance = w2lapp.schema.syntaxes.OctetString(self.sid,self.form,self.ls,self.dn,self._s,nameoroid,values[i],self.entry) @@ -143,10 +142,11 @@ attr_value_html = '%s' % (attr_value_html) self.invalid_attrs.add(nameoroid) result.append(attr_value_html) - if self.sep is None: - return result + if self.sep_attr!=None: + value_sep = getattr(attr_instance,self.sep_attr) + return value_sep.join(result) else: - return self.sep.join(result) + return result def getOperationAttrsTemplate(ls,accept_language): @@ -304,12 +304,13 @@ if search_result: entry.update(search_result[0][1]) - display_entry = DisplayEntry(sid,form,ls,dn,sub_schema,entry) + display_entry = DisplayEntry(sid,form,ls,dn,sub_schema,entry,'readSep',1) # Save session into database mainly for storing LDAPSession cache session.storeSession(sid,ls) - if len(wanted_attrs)==1: + if len(wanted_attrs)==1 and \ + not wanted_attrs[0] in ('*','+'): # Display a single binary attribute either with a registered # viewer or just by sending the data blob with appropriate MIME-type @@ -445,10 +446,12 @@ else: nomatching_attrs.append(a) + display_entry.sep_attr = None PrintAttrList(sid,outf,ls,form,dn,sub_schema,display_entry,required_attrs,'Required Attributes') PrintAttrList(sid,outf,ls,form,dn,sub_schema,display_entry,allowed_attrs,'Allowed Attributes') PrintAttrList(sid,outf,ls,form,dn,sub_schema,display_entry,collective_attrs,'Collective Attributes') PrintAttrList(sid,outf,ls,form,dn,sub_schema,display_entry,nomatching_attrs,'Various Attributes') + display_entry.sep_attr = 'readSep' # Display operational attributes with template as footer if read_output==u'template': diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/referral.py web2ldap-1.1.43~dfsg/pylib/w2lapp/referral.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/referral.py 2012-04-20 19:23:46.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/referral.py 2013-06-22 15:38:52.000000000 +0000 @@ -10,8 +10,6 @@ This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) - -$Id: referral.py,v 1.46 2012/04/20 19:23:46 michael Exp $ """ import ldaputil.base,w2lapp.core,w2lapp.gui,w2lapp.cnf diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/rename.py web2ldap-1.1.43~dfsg/pylib/w2lapp/rename.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/rename.py 2012-04-20 19:16:00.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/rename.py 2013-08-24 18:17:11.000000000 +0000 @@ -10,8 +10,6 @@ This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) - -$Id: rename.py,v 1.39 2012/04/20 19:16:00 michael Exp $ """ import ldap,ldapurl,pyweblib.forms,ldaputil.base, \ @@ -142,7 +140,7 @@ # Determine LDAP search filter for building a select list for new superior DN # based on governing structure rule - dit_structure_ruleids = entry.get_possible_dit_structure_rules(dn) + dit_structure_ruleids = entry.get_possible_dit_structure_rules(dn.encode(ls.charset)) for dit_structure_ruleid in dit_structure_ruleids: sup_structural_ruleids,sup_structural_oc = sub_schema.get_superior_structural_oc_names(dit_structure_ruleid) if sup_structural_oc: diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/__init__.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/__init__.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/__init__.py 2012-01-30 13:32:50.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/__init__.py 2013-08-31 23:44:39.000000000 +0000 @@ -11,8 +11,6 @@ This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) - -$Id: __init__.py,v 1.40 2012/01/30 13:32:50 michael Exp $ """ import sys,ldap,ldap.schema,ldaputil.schema,msbase @@ -26,21 +24,21 @@ }) # OIDs of syntaxes and attribute types which need ;binary -NEEDS_BINARY_TAG = { +NEEDS_BINARY_TAG = set(( # attribute types - '2.5.4.37':None, # caCertificate - '2.5.4.36':None, # userCertificate - '2.5.4.40':None, # crossCertificatePair - '2.5.4.52':None, # supportedAlgorithms - '2.5.4.38':None, # authorityRevocationList - '2.5.4.39':None, # certificateRevocationList - '2.5.4.53':None, # deltaRevocationList + '2.5.4.37', # caCertificate + '2.5.4.36', # userCertificate + '2.5.4.40', # crossCertificatePair + '2.5.4.52', # supportedAlgorithms + '2.5.4.38', # authorityRevocationList + '2.5.4.39', # certificateRevocationList + '2.5.4.53', # deltaRevocationList # LDAP syntaxes - '1.3.6.1.4.1.1466.115.121.1.8':None, # Certificate - '1.3.6.1.4.1.1466.115.121.1.10':None, # Certificate Pair - '1.3.6.1.4.1.1466.115.121.1.49':None, # Supported Algorithm - '1.3.6.1.4.1.1466.115.121.1.9':None, # Certificate List -} + '1.3.6.1.4.1.1466.115.121.1.8', # Certificate + '1.3.6.1.4.1.1466.115.121.1.9', # Certificate List + '1.3.6.1.4.1.1466.115.121.1.10', # Certificate Pair + '1.3.6.1.4.1.1466.115.121.1.49', # Supported Algorithm +)) def no_userapp_attr(schema,attr_type_name): """ diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/__init__.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/__init__.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/__init__.py 2009-08-18 23:44:31.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/__init__.py 2013-06-22 15:51:05.000000000 +0000 @@ -1,7 +1,4 @@ # -*- coding: utf-8 -*- """ Package for various plugin modules - -$Id: __init__.py,v 1.2 2009/08/18 23:44:31 michael Exp $ """ - diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/acp133.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/acp133.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/acp133.py 2012-12-12 21:11:24.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/acp133.py 2013-06-22 15:38:52.000000000 +0000 @@ -4,8 +4,6 @@ (see draft-dally-acp133-and-ldap) Currently untested! - -$Id: acp133.py,v 1.7 2012/12/12 21:11:24 michael Exp $ """ diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/activedirectory.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/activedirectory.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/activedirectory.py 2012-06-01 20:48:26.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/activedirectory.py 2013-07-15 08:25:49.000000000 +0000 @@ -1,11 +1,9 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for Active Directory (for some information see draft-armijo-ldap-syntax) - -$Id: activedirectory.py,v 1.48 2012/06/01 20:48:26 michael Exp $ """ -import time,utctime,struct,pyweblib,ldap.cidict,w2lapp.cnf,mspki.util +import time,utctime,struct,uuid,pyweblib,ldap.cidict,w2lapp.cnf,w2lapp.searchform,mspki.util from w2lapp.gui import DisplayDN @@ -196,11 +194,10 @@ 'searchform','»',self._sid, [ ('dn',self._dn), - ('filterstr', '(objectSid=%s)' % ( - self._form.utf2display(sddl_str) - ) - ), - ('searchform_mode','exp'), + ('searchform_mode',u'adv'), + ('search_attr',u'objectSid'), + ('search_option',w2lapp.searchform.SEARCH_OPT_IS_EQUAL), + ('search_string',sddl_str), ], title=u'Search by SID', ) @@ -599,6 +596,35 @@ desc = 'Object-Security-Descriptor' +class MsAdGUID(OctetString): + oid = 'MsAdGUID-oid' + desc = 'GUID in Active Directory' + + def sanitizeInput(self,attrValue): + try: + object_guid_uuid = uuid.UUID(attrValue.replace(':','')) + except ValueError: + return OctetString.sanitizeInput(self,attrValue) + else: + return object_guid_uuid.bytes + + def displayValue(self,valueindex=0,commandbutton=0): + object_guid_uuid = uuid.UUID(bytes=self.attrValue) + return '{%s}
%s' % ( + str(object_guid_uuid), + OctetString.displayValue(self,valueindex=0,commandbutton=0), + ) + +syntax_registry.registerAttrType( + MsAdGUID.oid,[ + '1.2.840.113556.1.4.2', # objectGUID + '1.2.840.113556.1.4.1224', # parentGUID + '1.2.840.113556.1.4.340', # rightsGuid + '1.2.840.113556.1.4.362', # siteGUID + ] +) + + class Interval(MicrosoftLargeInteger): oid = 'Interval-oid' desc = 'Large integer with timestamp expressed as 100 nanoseconds since 1601-01-01 00:00' @@ -758,6 +784,23 @@ ) +class MsDSSupportedEncryptionTypes(BitArrayInteger): + oid = 'MsDSSupportedEncryptionTypes-oid' + flag_desc_table = ( + (u'KERB_ENCTYPE_DES_CBC_CRC',0x00000001), + (u'KERB_ENCTYPE_DES_CBC_MD5',0x00000002), + (u'KERB_ENCTYPE_RC4_HMAC_MD5',0x00000004), + (u'KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96',0x00000008), + (u'KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96',0x00000010), + ) + +syntax_registry.registerAttrType( + MsDSSupportedEncryptionTypes.oid,[ + '1.2.840.113556.1.4.1963', # msDS-SupportedEncryptionTypes + ] +) + + # Register all syntax classes in this module for symbol_name in dir(): syntax_registry.registerSyntaxClass(eval(symbol_name)) diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/apple.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/apple.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/apple.py 2011-01-06 12:07:31.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/apple.py 2013-07-15 08:25:49.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for attributes defined in apple.schema - -$Id: apple.py,v 1.4 2011/01/06 12:07:31 michael Exp $ """ from w2lapp.schema.syntaxes import XmlValue,UUID,DynamicValueSelectList,syntax_registry @@ -27,11 +25,10 @@ 'searchform','»',self._sid, ( ('dn',self._dn), - ( - 'filterstr', - '(apple-generateduid=%s)' % (value_disp) - ), - ('searchform_mode','exp'), + ('searchform_mode',u'adv'), + ('search_attr',u'apple-generateduid'), + ('search_option',w2lapp.searchform.SEARCH_OPT_IS_EQUAL), + ('search_string',value_disp), ), title=u'Search entry by UUID', ) diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/asn1objects.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/asn1objects.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/asn1objects.py 2009-08-18 23:44:31.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/asn1objects.py 2013-08-31 23:44:39.000000000 +0000 @@ -1,24 +1,18 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for ASN.1 objects - -$Id: asn1objects.py,v 1.2 2009/08/18 23:44:31 michael Exp $ """ -from w2lapp.schema.syntaxes import syntax_registry +from w2lapp.schema.syntaxes import ASN1Object,syntax_registry + -try: - from w2lapp.schema.syntaxes import ASN1Object -except ImportError: - pass -else: - syntax_registry.registerAttrType( - ASN1Object.oid,[ - '1.3.6.1.4.1.8301.3.6.1.1', # signatureRenewal - '1.3.6.1.4.1.8301.3.6.1.2', # signatureRenewals - '0.2.262.1.10.7.124', # signatureRenewals - ] - ) +syntax_registry.registerAttrType( + ASN1Object.oid,[ + '1.3.6.1.4.1.8301.3.6.1.1', # signatureRenewal + '1.3.6.1.4.1.8301.3.6.1.2', # signatureRenewals + '0.2.262.1.10.7.124', # signatureRenewals + ] +) # Register all syntax classes in this module diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/dds.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/dds.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/dds.py 2011-11-29 13:36:43.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/dds.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,24 +1,22 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes dynamic entries (see RFC 2589) - -$Id: dds.py,v 1.1 2011/11/29 13:36:43 michael Exp $ """ import time,utctime,ldap.cidict,ldapurl from w2lapp.schema.syntaxes import LDAPSyntax,DirectoryString, \ - Integer,DistinguishedName,GeneralizedTime,syntax_registry + Integer,Timespan,DistinguishedName,GeneralizedTime,syntax_registry -class EntryTTL(Integer): +class EntryTTL(Timespan): oid = 'EntryTTL-oid' desc = 'Time-to-live of dynamic entry' def displayValue(self,valueindex=0,commandbutton=0): expiration_time = time.time()+int(self.attrValue) - return '%s seconds, expires %s' % ( - Integer.displayValue(self,valueindex,commandbutton), + return '%s, expires %s' % ( + Timespan.displayValue(self,valueindex,commandbutton), utctime.strftimeiso8601(time.gmtime(expiration_time)), ) diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/demail.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/demail.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/demail.py 2012-04-24 16:48:59.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/demail.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for attributes defined for DE-Mail - -$Id: demail.py,v 1.1 2012/04/24 16:48:59 michael Exp $ """ import os.path,web2ldapcnf diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/dhcp.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/dhcp.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/dhcp.py 2013-02-08 18:50:11.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/dhcp.py 2013-06-22 15:38:52.000000000 +0000 @@ -3,8 +3,6 @@ web2ldap plugin classes for attributes defined for DHCP service See http://tools.ietf.org/draft/draft-ietf-dhc-ldap-schema/ - -$Id: dhcp.py,v 1.17 2013/02/08 18:50:11 michael Exp $ """ import re diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/dirx.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/dirx.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/dirx.py 2011-10-17 17:57:59.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/dirx.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for Siemens DirX - -$Id: dirx.py,v 1.3 2011/10/17 17:57:59 michael Exp $ """ from w2lapp.schema.syntaxes import DirectoryString,DistinguishedName,syntax_registry diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/dyngroup.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/dyngroup.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/dyngroup.py 2013-02-14 08:54:01.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/dyngroup.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,7 +1,5 @@ """ web2ldap plugin classes for attributes defined for so-called dynamic groups - -$Id: dyngroup.py,v 1.3 2013/02/14 08:54:01 michael Exp $ """ import ldap,ldapurl,ldaputil.base diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/edirectory.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/edirectory.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/edirectory.py 2012-12-12 21:11:24.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/edirectory.py 2013-08-31 23:44:39.000000000 +0000 @@ -2,8 +2,6 @@ """ web2ldap plugin classes for Novell eDirectory/DirXML (see draft-sermersheim-nds-ldap-schema) - -$Id: edirectory.py,v 1.35 2012/12/12 21:11:24 michael Exp $ """ import uuid,ldap.filter @@ -13,9 +11,10 @@ from pyweblib.forms import escapeHTML from w2lapp.schema.syntaxes import DirectoryString,Integer,OctetString, \ - PostalAddress,PrintableString,Certificate,CertificateRevocationList, \ + PostalAddress,PrintableString, \ MultilineText,OID,SelectList,DynamicDNSelectList,NullTerminatedDirectoryString, \ Binary,BitArrayInteger,XmlValue,PreformattedMultilineText,syntax_registry +from w2lapp.schema.plugins.x509 import Certificate,CertificateList from w2lapp.gui import DisplayDN @@ -396,7 +395,7 @@ ) syntax_registry.registerAttrType( - CertificateRevocationList.oid,[ + CertificateList.oid,[ '2.16.840.1.113719.1.48.4.1.34', # certificateRevocationList in Novell eDirectory ] ) diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/eduperson.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/eduperson.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/eduperson.py 2009-08-18 23:44:31.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/eduperson.py 2013-06-22 15:38:52.000000000 +0000 @@ -3,8 +3,6 @@ web2ldap plugin classes for attributes defined eduPerson See http://middleware.internet2.edu/eduperson/ - -$Id: eduperson.py,v 1.4 2009/08/18 23:44:31 michael Exp $ """ import re diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/entrust.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/entrust.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/entrust.py 2009-12-13 12:47:25.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/entrust.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for Entrust PKI - -$Id: entrust.py,v 1.3 2009/12/13 12:47:25 michael Exp $ """ from w2lapp.schema.syntaxes import Binary,syntax_registry diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/exchange.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/exchange.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/exchange.py 2009-08-18 23:44:31.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/exchange.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for MS Exchange 5.5 - -$Id: exchange.py,v 1.2 2009/08/18 23:44:31 michael Exp $ """ from w2lapp.gui import DisplayDN diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/freeradius.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/freeradius.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/freeradius.py 1970-01-01 00:00:00.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/freeradius.py 2013-06-22 15:38:52.000000000 +0000 @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- +""" +web2ldap plugin classes for FreeRADIUS/LDAP schema +""" + +from w2lapp.schema.syntaxes import DynamicDNSelectList,syntax_registry + + +class RadiusProfileDN(DynamicDNSelectList): + oid = 'RadiusProfileDN-oid' + desc = 'DN of a radius profile entry with real data' + ldap_url = 'ldap:///_??sub?(&(objectClass=radiusprofile)(!(radiusProfileDn=*)))' + +syntax_registry.registerAttrType( + RadiusProfileDN.oid,[ + '1.3.6.1.4.1.3317.4.3.1.49' , # radiusProfileDn + ] +) + + +# Register all syntax classes in this module +for name in dir(): + syntax_registry.registerSyntaxClass(eval(name)) diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/ibmds.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/ibmds.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/ibmds.py 2009-08-18 23:44:31.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/ibmds.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for IBM Tivoliy Directory Server - -$Id: ibmds.py,v 1.2 2009/08/18 23:44:31 michael Exp $ """ from w2lapp.gui import DisplayDN diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/krb5.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/krb5.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/krb5.py 2012-12-12 21:11:24.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/krb5.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for Kerberos (see krb5-kdc.schema) - -$Id: krb5.py,v 1.10 2012/12/12 21:11:24 michael Exp $ """ from w2lapp.schema.syntaxes import \ diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/ldapns.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/ldapns.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/ldapns.py 2009-08-18 23:44:31.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/ldapns.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for LDAP-based naming service (ldapns.schema) - -$Id: ldapns.py,v 1.3 2009/08/18 23:44:31 michael Exp $ """ from w2lapp.schema.syntaxes import LDAPSyntax,SelectList,syntax_registry diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/lotusdomino.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/lotusdomino.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/lotusdomino.py 2012-05-26 14:58:42.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/lotusdomino.py 2013-09-01 01:59:16.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for PGP key server - -$Id: lotusdomino.py,v 1.11 2012/05/26 14:58:42 michael Exp $ """ import re @@ -30,7 +28,7 @@ def displayValue(self,valueindex=0,commandbutton=0): lines = [ self._form.utf2display(l) - for l in self._split_lines(self.attrValue) + for l in self._split_lines(self.attrValue.decode('ascii')) ] return '%s' % '
'.join(lines) diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/msperson.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/msperson.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/msperson.py 2012-04-24 16:49:47.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/msperson.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for attributes defined for msPerson - -$Id: msperson.py,v 1.15 2012/04/24 16:49:47 michael Exp $ """ import re,os.path,datetime, \ diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/mssfu30.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/mssfu30.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/mssfu30.py 2012-03-21 22:48:52.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/mssfu30.py 2013-06-22 15:38:52.000000000 +0000 @@ -2,8 +2,6 @@ """ web2ldap plugin classes for schema elements defined for MS Identity Management for Unix (formerly known as MS Services for Unix) - -$Id: mssfu30.py,v 1.4 2012/03/21 22:48:52 michael Exp $ """ from w2lapp.schema.syntaxes import DynamicValueSelectList,syntax_registry diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/nis.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/nis.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/nis.py 2013-02-08 18:50:11.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/nis.py 2013-07-15 08:25:49.000000000 +0000 @@ -1,11 +1,9 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for schema elements defined in RFC2307 - -$Id: nis.py,v 1.26 2013/02/08 18:50:11 michael Exp $ """ -import re,pyweblib.forms,ldap.schema,ldaputil.schema +import re,pyweblib.forms,ldap.schema,ldaputil.schema,w2lapp.searchform from w2lapp.schema.syntaxes import SelectList,IA5String,IntegerRange, \ IPHostAddress,IPNetworkAddress,IPServicePortNumber,MacAddress, \ @@ -50,20 +48,23 @@ return r[0] if 'posixGroup' in ocs: title = u'Search group members' - filterstr_template = '(&(|(objectClass=posixAccount)(objectClass=shadowAccount))(gidNumber=%s))' + searchform_params = [ + ('dn',self._dn), + ('searchform_mode',u'adv'), + ('search_attr',u'objectClass'), + ('search_option',w2lapp.searchform.SEARCH_OPT_IS_EQUAL), + ('search_string',u'posixGroup'), + ('search_attr',u'gidNumber'), + ('search_option',w2lapp.searchform.SEARCH_OPT_IS_EQUAL), + ('search_string',self._ls.uc_decode(self.attrValue)[0]), + ] else: title = None - filterstr_template = None - if title and filterstr_template: + searchform_params = None + if title and searchform_params: r.append(self._form.applAnchor( 'searchform','»',self._sid, - [ - ('dn',self._dn), - ('filterstr', filterstr_template % ( - escape_filter_chars(self._ls.uc_decode(self.attrValue)[0]) - )), - ('searchform_mode','exp'), - ], + searchform_params, title=title, )) return ' '.join(r) diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/opends.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/opends.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/opends.py 2012-11-16 23:06:19.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/opends.py 2013-08-31 23:44:39.000000000 +0000 @@ -1,14 +1,12 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for OpenDS and OpenDJ - -$Id: opends.py,v 1.29 2012/11/16 23:06:19 michael Exp $ """ import re,mspki.util,ldap,ldap.cidict,w2lapp.schema -from w2lapp.schema.syntaxes import LDAPSyntax,DirectoryString,OctetString,SelectList,DynamicDNSelectList,MultilineText,Certificate,BindDN,syntax_registry - +from w2lapp.schema.syntaxes import LDAPSyntax,DirectoryString,OctetString,SelectList,DynamicDNSelectList,MultilineText,BindDN,syntax_registry +from w2lapp.schema.plugins.x509 import Certificate from ldaputil.base import explode_dn,rdn_dict diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/openldap.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/openldap.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/openldap.py 2012-05-26 14:58:42.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/openldap.py 2013-09-01 00:26:22.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for OpenLDAP - -$Id: openldap.py,v 1.22 2012/05/26 14:58:42 michael Exp $ """ from w2lapp.schema.syntaxes import \ @@ -23,10 +21,33 @@ # slapo-syncprov #--------------------------------------------------------------------------- +# see http://www.openldap.org/faq/data/cache/1145.html +class CSN_SID(IA5String): + oid = '1.3.6.1.4.1.4203.666.11.2.4' + desc = 'change sequence number SID (CSN SID)' + minLen = 3 + maxLen = 3 + reObj = re.compile('^[a-fA-F0-9]{3}$') + + +# see http://www.openldap.org/faq/data/cache/1145.html +class CSN(IA5String): + oid = '1.3.6.1.4.1.4203.666.11.2.1' + desc = 'change sequence number (CSN)' + minLen = 40 + maxLen = 40 + reObj = re.compile('^[0-9]{14}\\.[0-9]{6}Z#[a-fA-F0-9]{6}#[a-fA-F0-9]{3}#[a-fA-F0-9]{6}$') + -class EntryCSN(DirectoryString): - oid = '1.3.6.1.4.1.4203.666.1.7' - desc = 'OpenLDAP EntryCSN' +syntax_registry.registerAttrType( + CSN.oid,[ + '1.3.6.1.4.1.4203.666.1.25', # contextCSN + '1.3.6.1.4.1.4203.666.1.7', # entryCSN + '1.3.6.1.4.1.4203.666.1.13', # namingCSN + # also register by name in case OpenLDAP was built without -DSLAP_SCHEMA_EXPOSE + 'contextCSN','entryCSN','namingCSN', + ] +) #--------------------------------------------------------------------------- @@ -268,9 +289,13 @@ except (KeyError,ValueError,IndexError): pass else: + try: + decoded_control_value = ber_decoder.decode(ctrl_value) + except: + decoded_control_value = ctrl_value result_lines.append('controlValue %s' % ( self._form.utf2display( - repr(ber_decoder.decode(ctrl_value)).decode('ascii') + repr(decoded_control_value).decode('ascii') ).replace('\n','
') )) return '
'.join(result_lines) @@ -315,6 +340,16 @@ #--------------------------------------------------------------------------- +class Authz(DirectoryString): + oid = '1.3.6.1.4.1.4203.666.2.7' + desc = 'OpenLDAP authz' + + +class OpenLDAPACI(DirectoryString): + oid = '1.3.6.1.4.1.4203.666.2.1' + desc = 'OpenLDAP ACI' + + # Register all syntax classes in this module for symbol_name in dir(): syntax_registry.registerSyntaxClass(eval(symbol_name)) diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/opensshlpk.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/opensshlpk.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/opensshlpk.py 2012-05-02 18:27:11.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/opensshlpk.py 2013-06-22 15:38:52.000000000 +0000 @@ -2,8 +2,6 @@ """ web2ldap plugin classes for OpenSSH-LPK (see http://code.google.com/p/openssh-lpk/) - -$Id: opensshlpk.py,v 1.2 2012/05/02 18:27:11 michael Exp $ """ import re @@ -22,6 +20,7 @@ syntax_registry.registerAttrType( SshPublicKey.oid,[ '1.3.6.1.4.1.24552.500.1.1.1.13', # sshPublicKey + '2.16.840.1.113730.3.8.11.31', # ipaSshPubKey ] ) diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/pgpkeysrv.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/pgpkeysrv.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/pgpkeysrv.py 2013-01-12 21:43:59.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/pgpkeysrv.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for PGP key server - -$Id: pgpkeysrv.py,v 1.7 2013/01/12 21:43:59 michael Exp $ """ import re diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/pilotperson.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/pilotperson.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/pilotperson.py 2009-08-18 23:44:31.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/pilotperson.py 2013-06-22 15:38:52.000000000 +0000 @@ -3,8 +3,6 @@ web2ldap plugin classes for attributes defined for pilotPerson see also RFC1274 - -$Id: pilotperson.py,v 1.4 2009/08/18 23:44:31 michael Exp $ """ from w2lapp.schema.syntaxes import SelectList,syntax_registry diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/pkcschema.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/pkcschema.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/pkcschema.py 2012-12-06 18:38:21.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/pkcschema.py 2013-06-22 15:38:52.000000000 +0000 @@ -4,8 +4,6 @@ See also: http://tools.ietf.org/draft/draft-ietf-pkix-ldap-pkc-schema - -$Id: pkcschema.py,v 1.5 2012/12/06 18:38:21 michael Exp $ """ from w2lapp.schema.syntaxes import DistinguishedName,SelectList,DynamicValueSelectList,syntax_registry diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/posixautogen.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/posixautogen.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/posixautogen.py 2012-12-12 21:11:24.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/posixautogen.py 2013-06-22 15:38:52.000000000 +0000 @@ -3,8 +3,6 @@ Status: Experimental => you have to understand what it internally does when enabling it! - -$Id: posixautogen.py,v 1.7 2012/12/12 21:11:24 michael Exp $ """ import ldap diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/ppolicy.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/ppolicy.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/ppolicy.py 2012-05-26 14:58:42.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/ppolicy.py 2013-07-17 17:07:07.000000000 +0000 @@ -1,15 +1,16 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for attributes defined in draft-behera-ldap-password-policy - -$Id: ppolicy.py,v 1.10 2012/05/26 14:58:42 michael Exp $ """ -import pyweblib.forms +import time,datetime,pyweblib.forms,utctime,w2lapp.gui,w2lapp.searchform -from w2lapp.schema.syntaxes import SelectList,DynamicDNSelectList,syntax_registry -from w2lapp.schema.plugins.quirks import UserPassword +from calendar import timegm +from w2lapp.schema.syntaxes import SelectList,DynamicDNSelectList,Timespan,GeneralizedTime,syntax_registry +from w2lapp.schema.plugins.quirks import UserPassword +from ldap.filter import escape_filter_chars +from ldap import LDAPError class PwdCheckQuality(SelectList): oid = 'PwdCheckQuality-oid' @@ -56,6 +57,133 @@ ) +class PwdMaxAge(Timespan): + oid = 'PwdMaxAge-oid' + desc = 'pwdPolicy entry: Maximum age of user password' + link_text = 'Search expired' + title_text = u'Search for entries with this password policy and expired password' + + def _search_timestamp(self,diff_secs): + return unicode(time.strftime('%Y%m%d%H%M%SZ',time.gmtime(time.time()-diff_secs))) + + def _timespan_search_params(self): + return ( + ('search_attr','pwdChangedTime'), + ('search_option',w2lapp.searchform.SEARCH_OPT_LE_THAN), + ('search_string',self._search_timestamp(int(self.attrValue.strip()))), + ) + + def displayValue(self,valueindex=0,commandbutton=0): + ts_dv = Timespan.displayValue(self,valueindex,commandbutton) + # Possibly display a link + ocs = self._entry.object_class_oid_set() + if not commandbutton or not 'pwdPolicy' in ocs: + return ts_dv + try: + ts_search_params = self._timespan_search_params() + except ValueError,KeyError: + return ts_dv + search_link = self._form.applAnchor( + 'searchform',self.link_text,self._sid, + ( + ('dn',self._dn), + ('searchform_mode','adv'), + ('search_attr','pwdPolicySubentry'), + ('search_option',w2lapp.searchform.SEARCH_OPT_IS_EQUAL), + ('search_string',self._dn), + ) + ts_search_params, + title=self.title_text, + ) + return ' '.join((ts_dv,search_link)) + +syntax_registry.registerAttrType( + PwdMaxAge.oid,[ + '1.3.6.1.4.1.42.2.27.8.1.3', # pwdMaxAge + ] +) + + +class PwdExpireWarning(PwdMaxAge): + oid = 'PwdExpireWarning-oid' + desc = 'pwdPolicy entry: Password warning period' + link_text = 'Search soon to expire' + title_text = u'Search for entries with this password policy and soon to expire password' + + def _timespan_search_params(self): + pwd_expire_warning = int(self.attrValue.strip()) + pwd_max_age = int(self._entry['pwdMaxAge'][0].strip()) + warn_timestamp = pwd_max_age-pwd_expire_warning + return ( + ('search_attr','pwdChangedTime'), + ('search_option',w2lapp.searchform.SEARCH_OPT_GE_THAN), + ('search_string',self._search_timestamp(pwd_max_age)), + ('search_attr','pwdChangedTime'), + ('search_option',w2lapp.searchform.SEARCH_OPT_LE_THAN), + ('search_string',self._search_timestamp(warn_timestamp)), + ) + +syntax_registry.registerAttrType( + PwdExpireWarning.oid,[ + '1.3.6.1.4.1.42.2.27.8.1.7', # pwdExpireWarning + ] +) + + +class PwdChangedTime(GeneralizedTime): + oid = 'PwdChangedTime-oid' + desc = 'user entry: Last password change time' + time_divisors = ( + (u'weeks',604800), + (u'days',86400), + (u'hours',3600), + (u'mins',60), + (u'secs',1), + ) + + def displayValue(self,valueindex=0,commandbutton=0): + gt_disp_html = GeneralizedTime.displayValue(self,valueindex,commandbutton) + try: + pwd_changed_timestamp = timegm(utctime.strptime(self.attrValue)) + except ValueError: + return gt_disp_html + try: + pwd_policy_subentry_dn = self._entry['pwdPolicySubentry'][0].decode(self._ls.charset) + except KeyError: + return gt_disp_html + try: + _,pwd_policy_entry = self._ls.readEntry(pwd_policy_subentry_dn,attrtype_list=['pwdMaxAge','pwdExpireWarning'])[0] + except (LDAPError,TypeError,IndexError),e: + return gt_disp_html + try: + pwd_max_age = int(pwd_policy_entry['pwdMaxAge'][0]) + except KeyError: + expire_msg = 'will never expire' + except ValueError: + return gt_disp_html + else: + if pwd_max_age: + current_time = time.time() + expire_timestamp = pwd_changed_timestamp+pwd_max_age + expired_since = current_time - expire_timestamp + expire_msg = '%s %s / %s' % ( + { + True:'expired since', + False:'will expire', + }[expired_since>0], + utctime.strftimeiso8601(time.gmtime(expire_timestamp)), + self._form.utf2display(w2lapp.gui.ts2repr(Timespan.time_divisors,u' ',abs(expired_since))), + ) + else: + expire_msg = 'will never expire' + return '
'.join((gt_disp_html,expire_msg)) + +syntax_registry.registerAttrType( + PwdChangedTime.oid,[ + '1.3.6.1.4.1.42.2.27.8.1.16', # pwdChangedTime + ] +) + + syntax_registry.registerAttrType( UserPassword.oid,[ '1.3.6.1.4.1.42.2.27.8.1.20', # pwdHistory @@ -63,6 +191,13 @@ ) +syntax_registry.registerAttrType( + Timespan.oid,[ + '1.3.6.1.4.1.42.2.27.8.1.2', # pwdMinAge + ] +) + + # Register all syntax classes in this module for name in dir(): syntax_registry.registerSyntaxClass(eval(name)) diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/quirks.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/quirks.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/quirks.py 2011-11-03 19:44:12.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/quirks.py 2013-09-01 02:01:55.000000000 +0000 @@ -3,13 +3,11 @@ Special syntax and attribute type registrations for enforcing standard-compliant behaviour even if current subschema of a server is errornous or could not be retrieved. - -$Id: quirks.py,v 1.8 2011/11/03 19:44:12 michael Exp $ """ from w2lapp.schema.syntaxes import syntax_registry,OID,RFC822Address, \ JPEGImage,PhotoG3Fax,Audio,Uri,Boolean,PostalAddress, \ - LDAPUrl,Certificate,CACertificate,CertificateRevocationList,UTCTime, \ + LDAPUrl,UTCTime, \ DNSDomain,DomainComponent,CountryString,Binary,DistinguishedName, \ DirectoryString,OctetString @@ -33,7 +31,6 @@ '2.16.840.1.113730.3.1.30', # mgrpRFC822MailMember '2.16.840.1.113730.3.1.47', # mailRoutingAddress '1.2.840.113549.1.9.1', # email, emailAddress, pkcs9email - '2.16.840.1.113678.2.2.2.2.15', # Domino/LDAP: MailAddress ] ) @@ -85,31 +82,6 @@ ) syntax_registry.registerAttrType( - Certificate.oid,[ - '2.5.4.36', # userCertificate - 'userCertificate','userCertificate;binary', - ] -) - -syntax_registry.registerAttrType( - CACertificate.oid,[ - '2.5.4.37', # cACertificate - 'cACertificate','cACertificate;binary', - ] -) - -syntax_registry.registerAttrType( - CertificateRevocationList.oid,[ - '2.5.4.38', # authorityRevocationList - '2.5.4.39', # certificateRevocationList - '2.5.4.53', # deltaRevocationList - 'authorityRevocationList','authorityRevocationList;binary', - 'certificateRevocationList','certificateRevocationList;binary', - 'deltaRevocationList','deltaRevocationList;binary', - ] -) - -syntax_registry.registerAttrType( UTCTime.oid,[ '2.5.18.1', # createTimestamp '2.5.18.2', # modifyTimestamp diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/samba.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/samba.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/samba.py 2013-01-15 17:52:55.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/samba.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for Samba 3 - -$Id: samba.py,v 1.23 2013/01/15 17:52:55 michael Exp $ """ import ldap,time,string,re,utctime diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/schac.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/schac.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/schac.py 2012-02-29 19:50:16.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/schac.py 2013-06-22 15:38:52.000000000 +0000 @@ -3,8 +3,6 @@ web2ldap plugin classes for attributes defined in SCHAC See http://www.terena.org/activities/tf-emc2/schac.html - -$Id: schac.py,v 1.11 2012/02/29 19:50:16 michael Exp $ """ import re,datetime diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/subentries.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/subentries.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/subentries.py 2012-05-26 14:58:42.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/subentries.py 2013-09-01 00:31:55.000000000 +0000 @@ -1,11 +1,14 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for attributes defined for subentries (see RFC 3672) - -$Id: subentries.py,v 1.4 2012/05/26 14:58:42 michael Exp $ """ -from w2lapp.schema.syntaxes import LDAPSyntax,SelectList,syntax_registry +from w2lapp.schema.syntaxes import LDAPSyntax,GSER,SelectList,syntax_registry + + +class SubtreeSpecification(GSER): + oid = '1.3.6.1.4.1.1466.115.121.1.45' + desc = 'SubtreeSpecification' class AdministrativeRole(SelectList): diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/sudoers.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/sudoers.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/sudoers.py 2013-02-08 19:37:02.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/sudoers.py 2013-06-22 15:38:52.000000000 +0000 @@ -2,8 +2,6 @@ """ web2ldap plugin classes for sudo-ldap (see http://www.sudo.ws/sudoers.ldap.man.html) - -$Id: sudoers.py,v 1.1 2013/02/08 19:37:02 michael Exp $ """ diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/vchupwdpolicy.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/vchupwdpolicy.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/vchupwdpolicy.py 2009-08-18 23:44:31.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/vchupwdpolicy.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for attributes defined in draft-vchu-ldap-pwd-policy - -$Id: vchupwdpolicy.py,v 1.2 2009/08/18 23:44:31 michael Exp $ """ from w2lapp.schema.syntaxes import OnOffFlag,syntax_registry diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/vpim.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/vpim.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/vpim.py 2012-12-12 21:11:24.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/vpim.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for attributes defined in VPIM (see RFC 4237) - -$Id: vpim.py,v 1.6 2012/12/12 21:11:24 michael Exp $ """ from w2lapp.schema.syntaxes import LDAPSyntax,IA5String,SelectList,RFC822Address,syntax_registry diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/x500dsa.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/x500dsa.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/x500dsa.py 2009-08-18 23:44:31.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/x500dsa.py 2013-06-22 15:38:52.000000000 +0000 @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- """ web2ldap plugin classes for X.500 DSAs - -$Id: x500dsa.py,v 1.2 2009/08/18 23:44:31 michael Exp $ """ from w2lapp.schema.syntaxes import OctetString,syntax_registry diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/x509.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/x509.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/plugins/x509.py 1970-01-01 00:00:00.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/plugins/x509.py 2013-08-31 23:44:39.000000000 +0000 @@ -0,0 +1,207 @@ +# -*- coding: utf-8 -*- +""" +web2ldap plugin classes for +GSER-based LDAP syntaxes defined in +http://tools.ietf.org/html/rfc4523 + +At this time this is mainly a stub module. +Currently untested! +""" + +import mspki.util + +from w2lapp.schema.syntaxes import ASN1Object,Binary,GSER,syntax_registry + +from ldap.dn import explode_dn + + +class CertificateSimpleClass(Binary): + oid = '1.3.6.1.4.1.1466.115.121.1.8' + desc = 'X.509 Certificate' + mimeType = 'application/pkix-cert' + fileExt = 'cer' + + def sanitizeInput(self,attrValue): + try: + return mspki.util.pem2der(attrValue) + except (ValueError,IndexError): + return attrValue + + def getMimeType(self): + if self._form.browser_type in ['Mozilla','Opera']: + return 'application/x-x509-email-cert' + return self.mimeType + + def displayValue(self,valueindex=0,commandbutton=0): + return '%d bytes | %s' % ( + len(self.attrValue), + self._form.applAnchor( + 'read','View/Load',self._sid, + [ + ('dn',self._dn), + ('read_attr',self.attrType), + ('read_attrindex',str(valueindex)), + ('read_attrmode','view'), + ] + ) + ) + + +try: + import M2Crypto +except ImportError: + Certificate = CertificateSimpleClass +else: + + class CertificateM2Class(CertificateSimpleClass): + cert_display_template = """ +

Issuer:: {cert_issuer_dn}
Subject: {cert_subject_dn}
Serial No.: {cert_serial_number_dec} ({cert_serial_number_hex})
Validity period: from {cert_not_before} until {cert_not_after}

+ """ + + def displayValue(self,valueindex=0,commandbutton=0): + links_html = CertificateSimpleClass.displayValue(self,valueindex,commandbutton) + try: + x509 = M2Crypto.X509.load_cert_string(self.attrValue,M2Crypto.X509.FORMAT_DER) + except M2Crypto.X509.X509Error: + cert_html = '' + else: + cert_issuer_dn = ','.join( + explode_dn(x509.get_issuer().as_text(flags=M2Crypto.m2.XN_FLAG_RFC2253)) + ).decode('utf-8') + cert_subject_dn = ','.join( + explode_dn(x509.get_subject().as_text(flags=M2Crypto.m2.XN_FLAG_RFC2253)) + ).decode('utf-8') + cert_serial_number = int(x509.get_serial_number()) + try: + cert_not_before = x509.get_not_before().get_datetime() + except (ValueError,NameError): + cert_not_before = 'ValueError' + else: + cert_not_before = cert_not_before.strftime('%Y-%m-%dT%H-%M-%S %Z') + try: + cert_not_after = x509.get_not_after().get_datetime() + except (ValueError,NameError): + cert_not_after = 'ValueError' + else: + cert_not_after = cert_not_after.strftime('%Y-%m-%dT%H-%M-%S %Z') + cert_html = self.cert_display_template.format( + cert_issuer_dn = self._form.utf2display(cert_issuer_dn), + cert_subject_dn = self._form.utf2display(cert_subject_dn), + cert_serial_number_dec = str(cert_serial_number), + cert_serial_number_hex = hex(cert_serial_number), + cert_not_before = cert_not_before, + cert_not_after = cert_not_after, + ) + return ''.join((cert_html,links_html)) + + Certificate = CertificateM2Class + + +class CACertificate(Certificate): + oid = 'CACertificate-oid' + desc = 'X.509 CA Certificate' + mimeType = 'application/x-x509-ca-cert' + + def getMimeType(self): + return self.mimeType + + +class CertificateList(CertificateSimpleClass): + oid = '1.3.6.1.4.1.1466.115.121.1.9' + desc = 'Certificate Revocation List' + mimeType = 'application/pkix-crl' + fileExt = 'crl' + + def getMimeType(self): + if self._form.browser_type in ['Mozilla','Opera']: + return 'application/x-pkcs7-crl' + return self.mimeType + + +class CertificatePair(ASN1Object): + oid = '1.3.6.1.4.1.1466.115.121.1.10' + desc = 'X.509 Certificate Pair' + mimeType = 'application/pkix-cert' + fileExt = 'cer' + + +class SupportedAlgorithm(ASN1Object): + oid = '1.3.6.1.4.1.1466.115.121.1.49' + desc = 'X.509 Supported Algorithm' + + +class X509CertificateExactAssertion(GSER): + oid = '1.3.6.1.1.15.1' + desc = 'X.509 Certificate Exact Assertion' + + +class X509CertificateAssertion(GSER): + oid = '1.3.6.1.1.15.2' + desc = 'X.509 Certificate Assertion' + + +class X509CertificatePairExactAssertion(GSER): + oid = '1.3.6.1.1.15.3' + desc = 'X.509 Certificate Pair Exact Assertion' + + +class X509CertificatePairAssertion(GSER): + oid = '1.3.6.1.1.15.4' + desc = 'X.509 Certificate Pair Assertion' + + +class X509CertificateListExactAssertion(GSER): + oid = '1.3.6.1.1.15.5' + desc = 'X.509 Certificate List Exact Assertion' + + +class X509CertificateListAssertion(GSER): + oid = '1.3.6.1.1.15.6' + desc = 'X.509 Certificate List Assertion' + + +class X509AlgorithmIdentifier(GSER): + oid = '1.3.6.1.1.15.7' + desc = 'X.509 Algorithm Identifier' + + +# Hard-coded registration of some attribute types + +syntax_registry.registerAttrType( + Certificate.oid,[ + '2.5.4.36', # userCertificate + 'userCertificate','userCertificate;binary', + ] +) + +syntax_registry.registerAttrType( + CACertificate.oid,[ + '2.5.4.37', # cACertificate + 'cACertificate','cACertificate;binary', + ] +) + +syntax_registry.registerAttrType( + CertificateList.oid,[ + '2.5.4.38', # authorityRevocationList + '2.5.4.39', # certificateRevocationList + '2.5.4.53', # deltaRevocationList + 'authorityRevocationList','authorityRevocationList;binary', + 'certificateRevocationList','certificateRevocationList;binary', + 'deltaRevocationList','deltaRevocationList;binary', + ] +) + + +# Register all syntax classes in this module +for symbol_name in dir(): + syntax_registry.registerSyntaxClass(eval(symbol_name)) diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/syntaxes.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/syntaxes.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/syntaxes.py 2013-02-16 16:38:07.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/syntaxes.py 2013-08-31 23:44:39.000000000 +0000 @@ -10,11 +10,9 @@ This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) - -$Id: syntaxes.py,v 1.285 2013/02/16 16:38:07 michael Exp $ """ -import re,imghdr,sndhdr,urllib,datetime,time,utctime,ldap,ldapurl,pyweblib.forms, \ +import re,imghdr,sndhdr,urllib,uuid,datetime,time,utctime,ldap,ldapurl,pyweblib.forms, \ ldaputil.base,ldap.schema,xml.etree.ElementTree, \ w2lapp.viewer,w2lapp.form,w2lapp.gui,mspki.util,w2lapp.cnf,ldaputil.schema @@ -22,8 +20,6 @@ from ldaputil.base import is_dn -from ldap.dn import explode_dn - try: from netaddr import IPAddress,IPNetwork except ImportError: @@ -112,6 +108,9 @@ fileExt = 'bin' editable = 1 reObj = None + searchSep = '
' + readSep = '
' + fieldSep = '
' def __init__(self,sid,form,ls,dn,schema,attrType,attrValue,entry=None): self.attrType = attrType @@ -248,13 +247,6 @@ ) -class CertificatePair(Binary): - oid = '1.3.6.1.4.1.1466.115.121.1.10' - desc = 'X.509 Certificate Pair' - mimeType = 'application/pkix-cert' - fileExt = 'cer' - - class AttributeCertificate(Binary): oid = '1.3.6.1.4.1.4203.666.11.10.2.1' desc = 'X.509 Attribute Certificate' @@ -262,130 +254,6 @@ fileExt = 'cer' -class CertificateSimpleClass(Binary): - oid = '1.3.6.1.4.1.1466.115.121.1.8' - desc = 'X.509 Certificate' - mimeType = 'application/pkix-cert' - fileExt = 'cer' - pemBeginText = '-----BEGIN CERTIFICATE-----' - pemEndText = '-----END CERTIFICATE-----' - - def sanitizeInput(self,attrValue): - pem_begin_pos = attrValue.find(self.pemBeginText) - if pem_begin_pos>=0: - pem_end_pos = attrValue.find(self.pemEndText,pem_begin_pos+len(self.pemBeginText)) - if pem_end_pos>=0: - return attrValue[pem_begin_pos+len(self.pemBeginText):pem_end_pos].strip().decode('base64') - else: - return attrValue - else: - return attrValue - - def getMimeType(self): - if self._form.browser_type in ['Mozilla','Opera']: - return 'application/x-x509-email-cert' - return self.mimeType - - def displayValue(self,valueindex=0,commandbutton=0): - return '%d bytes | %s' % ( - len(self.attrValue), - self._form.applAnchor( - 'read','View/Load',self._sid, - [ - ('dn',self._dn), - ('read_attr',self.attrType), - ('read_attrindex',str(valueindex)), - ('read_attrmode','view'), - ] - ) - ) - - -try: - import M2Crypto -except ImportError: - Certificate = CertificateSimpleClass -else: - - class CertificateM2Class(CertificateSimpleClass): - cert_display_template = """ -

Issuer:: {cert_issuer_dn}
Subject: {cert_subject_dn}
Serial No.: {cert_serial_number_dec} ({cert_serial_number_hex})
Validity period: from {cert_not_before} until {cert_not_after}

- """ - - def displayValue(self,valueindex=0,commandbutton=0): - links_html = CertificateSimpleClass.displayValue(self,valueindex,commandbutton) - try: - x509 = M2Crypto.X509.load_cert_string(self.attrValue,M2Crypto.X509.FORMAT_DER) - except: - cert_html = '' - raise - else: - cert_issuer_dn = ','.join( - explode_dn(x509.get_issuer().as_text(flags=M2Crypto.m2.XN_FLAG_RFC2253)) - ).decode('utf-8') - cert_subject_dn = ','.join( - explode_dn(x509.get_subject().as_text(flags=M2Crypto.m2.XN_FLAG_RFC2253)) - ).decode('utf-8') - cert_serial_number = int(x509.get_serial_number()) - try: - cert_not_before = x509.get_not_before().get_datetime() - except (ValueError,NameError): - cert_not_before = 'ValueError' - else: - cert_not_before = cert_not_before.strftime('%Y-%m-%dT%H-%M-%S %Z') - try: - cert_not_after = x509.get_not_after().get_datetime() - except (ValueError,NameError): - cert_not_after = 'ValueError' - else: - cert_not_after = cert_not_after.strftime('%Y-%m-%dT%H-%M-%S %Z') - cert_html = self.cert_display_template.format( - cert_issuer_dn = self._form.utf2display(cert_issuer_dn), - cert_subject_dn = self._form.utf2display(cert_subject_dn), - cert_serial_number_dec = str(cert_serial_number), - cert_serial_number_hex = hex(cert_serial_number), - cert_not_before = cert_not_before, - cert_not_after = cert_not_after, - ) - return ''.join((cert_html,links_html)) - - Certificate = CertificateM2Class - - -class CACertificate(Certificate): - oid = 'CACertificate-oid' - desc = 'X.509 CA Certificate' - mimeType = 'application/x-x509-ca-cert' - pemBeginText = '-----BEGIN TRUSTED CERTIFICATE-----' - pemEndText = '-----END TRUSTED CERTIFICATE-----' - - def getMimeType(self): - return self.mimeType - - -class CertificateRevocationList(CertificateSimpleClass): - oid = '1.3.6.1.4.1.1466.115.121.1.9' - desc = 'Certificate Revocation List' - mimeType = 'application/pkix-crl' - fileExt = 'crl' - pemBeginText = '-----BEGIN X509 CRL-----' - pemEndText = '-----END X509 CRL-----' - - def getMimeType(self): - if self._form.browser_type in ['Mozilla','Opera']: - return 'application/x-pkcs7-crl' - return self.mimeType - - class DirectoryString(LDAPSyntax): oid = '1.3.6.1.4.1.1466.115.121.1.15' desc = 'Directory String' @@ -735,7 +603,7 @@ imageFormat = None def _validate(self,attrValue): - return imghdr.test_jpeg(attrValue,None)==self.imageFormat.lower() + return imghdr.what(None,attrValue)==self.imageFormat.lower() def sanitizeInput(self,attrValue): if not self._validate(attrValue) and PILImage: @@ -1110,6 +978,48 @@ return Integer.displayValue(self,valueindex,commandbutton) +class Timespan(Integer): + oid = 'Timespan-oid' + desc = 'Time span in seconds' + time_divisors = ( + (u'weeks',604800), + (u'days',86400), + (u'hours',3600), + (u'mins',60), + (u'secs',1), + ) + sep = u',' + + def sanitizeInput(self,attrValue): + if attrValue: + try: + result = str(w2lapp.gui.repr2ts(self.time_divisors,self.sep,attrValue)) + except ValueError: + result = Integer.sanitizeInput(self,attrValue) + else: + result = attrValue + return result + + def formValue(self): + if not self.attrValue: + return self.attrValue + try: + result = w2lapp.gui.ts2repr(self.time_divisors,self.sep,int(self.attrValue)) + except ValueError: + result = Integer.formValue(self) + return result + + def displayValue(self,valueindex=0,commandbutton=0): + try: + result = self._form.utf2display('%s (%s)' % ( + w2lapp.gui.ts2repr(self.time_divisors,self.sep,int(self.attrValue)), + Integer.displayValue(self,valueindex,commandbutton) + )) + except ValueError: + result = Integer.displayValue(self,valueindex,commandbutton) + return result + + class SelectList(DirectoryString): """ Base class for dictionary based select lists which @@ -1367,7 +1277,7 @@ def _readReferencedEntry(self,dn): try: ldap_result = self._ls.readEntry( - dn, + dn.decode(self._ls.charset), attrtype_list=self.lu_obj.attrs, search_filter=self.lu_obj.filterstr or '(objectClass=*)', ) @@ -1522,11 +1432,22 @@ ) +class GSER(DirectoryString): + oid = 'GSER-oid' + desc = 'GSER syntax (see RFC 3641)' + + class UUID(IA5String): oid = '1.3.6.1.1.16.1' desc = 'UUID' reObj = re.compile('^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$') + def sanitizeInput(self,attrValue): + try: + return str(uuid.UUID(attrValue.replace(':',''))) + except ValueError: + return attrValue + class DNSDomain(IA5String): oid = 'DNSDomain-oid' @@ -1535,7 +1456,7 @@ def sanitizeInput(self,attrValue): return '.'.join([ - dc.encode('idna') + dc.lower().encode('idna') for dc in attrValue.decode(self._form.accept_charset).split(u'.') ]) @@ -1626,9 +1547,11 @@ try: # Try to import optional module pisces from pisces import asn1 + except ImportError: - # Well, silently ignore and don't do anything - pass + # Fall-back class is Binary + ASN1Object = Binary + else: class ASN1Object(Binary): @@ -1655,7 +1578,7 @@ pisces_oid = asn1.OID(tuple(map(int,attrValue.split('.')))) desc = mspki.asn1helper.GetOIDDescription( pisces_oid, - w2lapp.viewer.oids, + mspki.asn1helper.oids, includeoid=1 ) except ValueError: diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/viewer.py web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/viewer.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/schema/viewer.py 2012-12-31 17:04:30.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/schema/viewer.py 2013-06-27 19:46:41.000000000 +0000 @@ -10,8 +10,6 @@ This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) - -$Id: viewer.py,v 1.112 2012/12/31 17:04:30 michael Exp $ """ import types,ldap,msbase,w2lapp.gui @@ -162,7 +160,7 @@ ]) else: value_output = ', '.join(displayNameOrOIDList(sid,form,dn,self.s,class_attr_value_list,se_class)) - outf_lines.append('

\n%s\n

\n' % (text,value_output)) + outf_lines.append('

\n%s\n

\n' % (text,value_output)) return outf_lines # displayDetails() def display(self,sid,outf,form,ls,dn): @@ -385,6 +383,20 @@ )) ################################################################### + # Display DIT content rules which reference attributes of this type + ################################################################### + attr_type_ref_list = [] + for oc_oid,object_class_se in self.s.sed[ObjectClass].items(): + object_class_se = self.s.get_obj(ObjectClass,oc_oid) + for dcr_at in object_class_se.must+object_class_se.may: + if dcr_at==at_oid or dcr_at in self.sei.names: + attr_type_ref_list.append(oc_oid) + if attr_type_ref_list: + outf_lines.append('

Directly referencing object classes:

\n%s\n

\n' % ( + ', '.join(displayNameOrOIDList(sid,form,dn,self.s,attr_type_ref_list,ObjectClass)) + )) + + ################################################################### # Display object classes which may contain attributes of this type ################################################################### all_object_classes = self.s.sed[ObjectClass].keys() @@ -394,10 +406,24 @@ if must.has_key(at_oid) or may.has_key(at_oid): attr_type_ref_list.append(oc_oid) if attr_type_ref_list: - outf_lines.append('

Referencing object classes:

\n%s\n

\n' % ( + outf_lines.append('

Usable in these object classes:

\n%s\n

\n' % ( ', '.join(displayNameOrOIDList(sid,form,dn,self.s,attr_type_ref_list,ObjectClass)) )) + ################################################################### + # Display DIT content rules which reference attributes of this type + ################################################################### + attr_type_ref_list = [] + for dcr_oid,dit_content_rule_se in self.s.sed[DITContentRule].items(): + dit_content_rule_se = self.s.get_obj(DITContentRule,dcr_oid) + for dcr_at in dit_content_rule_se.must+dit_content_rule_se.may+dit_content_rule_se.nots: + if dcr_at==at_oid or dcr_at in self.sei.names: + attr_type_ref_list.append(dcr_oid) + if attr_type_ref_list: + outf_lines.append('

Referencing DIT content rules:

\n%s\n

\n' % ( + ', '.join(displayNameOrOIDList(sid,form,dn,self.s,attr_type_ref_list,DITContentRule)) + )) + ######################################################################## # Display name forms which uses this attribute type for naming an entry ######################################################################## @@ -642,20 +668,22 @@ def OIDInputForm(form,sid,dn,oid=None): + oid_input_field_html = w2lapp.form.OIDInput( + 'oid', + u'OID or descriptive name of schema element', + default=oid + ).inputHTML(oid) + oid_class_select_html = form.field['oid_class'].inputHTML('') return form.formHTML( 'oid','Search',sid,'GET', [('dn',dn)], - extrastr=w2lapp.form.OIDInput( - 'oid', - u'OID or descriptive name of schema element', - default=oid - ).inputHTML(oid) + extrastr='\n'.join((oid_input_field_html,oid_class_select_html)), ) def DisplayAllSchemaelements(sid,outf,form,ls,dn,schema,se_classes,se_list): se_list = se_list or [] - se_classes = filter(None,se_classes or []) + se_classes = filter(None,se_classes or []) or SCHEMA_CLASS_MAPPING.values() w2lapp.gui.TopSection( sid,outf,form,ls,dn,'Schema elements', @@ -690,9 +718,11 @@ schema_elements = oid_dict[schema_class] if not schema_elements: continue - outf.write('

%s

\n' % (SCHEMA_VIEWER_CLASS[schema_class].type_desc)) - outf.write('

found %d

\n' % (len(schema_elements))) - outf.write(', '.join(displayNameOrOIDList(sid,form,dn,schema,schema_elements,schema_class))) + outf.write('

%s

found %d

\n%s\n' % ( + SCHEMA_VIEWER_CLASS[schema_class].type_desc, + len(schema_elements), + ',\n '.join(displayNameOrOIDList(sid,form,dn,schema,schema_elements,schema_class)), + )) else: outf.write("""

Hints:

@@ -39,6 +42,7 @@ ldap.RES_SEARCH_REFERENCE:None } + class excel_semicolon(csv.excel): """Describe the usual properties of Excel-generated TAB-delimited files.""" delimiter = ';' @@ -166,76 +170,78 @@ sid,outf,command,form,ls,dn, searchform_mode='adv', Msg='', - filterstr='', - scope=ldap.SCOPE_SUBTREE + filterstr=u'', + scope=scope ) return # This should speed up things utf2display = form.utf2display - # Hmm, this retrieves sub schema sub entry for the search root. - # Theoretically it could be different for all search results. - # But what the hey... - sub_schema = ls.retrieveSubSchema(dn,w2lapp.cnf.GetParam(ls,'_schema',None)) - search_output = form.getInputValue('search_output',['table'])[0] search_opattrs = form.getInputValue('search_opattrs',['no'])[0]=='yes' search_root = form.getInputValue('search_root',[dn])[0] + # Hmm, this retrieves sub schema sub entry for the search root. + # Theoretically it could be different for all search results. + # But what the hey... + sub_schema = ls.retrieveSubSchema(search_root,w2lapp.cnf.GetParam(ls,'_schema',None)) + if scope==None: scope = ldap.SCOPE_SUBTREE + search_filter = form.getInputValue('filterstr',[filterstr]) + if ('search_option' in form.inputFieldNames) and \ ('search_attr' in form.inputFieldNames) and \ ('search_string' in form.inputFieldNames): search_mode = form.getInputValue('search_mode',[ur'(&%s)'])[0] search_option = form.getInputValue('search_option',[]) search_attr = form.getInputValue('search_attr',[]) + search_mr = form.getInputValue('search_mr',[None]*len(search_attr)) search_string = form.getInputValue('search_string',[]) - if (len(search_option)==len(search_attr)==len(search_string)): + if (len(search_option)==len(search_attr)==len(search_mr)==len(search_string)): # Get search mode # Build LDAP search filter from input data of advanced search form - search_filter = [] - for i in range(len(form.field['search_option'].value)): - search_string,search_option,search_attr = \ - form.field['search_string'].value[i], \ - form.field['search_option'].value[i], \ - form.field['search_attr'].value[i] - if search_option==r'(%s=*)': - search_filter.append(search_option % (search_attr)) - elif search_string: - for attr_type in search_attr.split(','): - if not '*' in search_option: - # If an exact assertion value is needed we can normalize via plugin class - attr_instance = syntax_registry.attrInstance(None,form,ls,dn,sub_schema,attr_type,None,entry=None) - search_string = attr_instance.sanitizeInput(search_string) - search_filter.append(search_option % ( - attr_type,ldap.filter.escape_filter_chars(search_string) - )) - if len(search_filter)==1: - filterstr = u''.join(search_filter) - elif len(search_filter)>1: - filterstr = search_mode % (u''.join(search_filter)) - else: - w2lapp.searchform.w2l_SearchForm( - sid,outf,command,form,ls,dn, - searchform_mode='adv', - Msg='Empty search form data.', - filterstr='', - scope=ldap.SCOPE_SUBTREE - ) - return + for i in range(len(search_attr)): + if search_option[i]==w2lapp.searchform.SEARCH_OPT_EXISTS: + search_filter.append(search_option.format(at=search_attr[i])) + elif search_string[i]: + if not '*' in search_option[i]: + # If an exact assertion value is needed we can normalize via plugin class + attr_instance = syntax_registry.attrInstance( + None,form,ls,dn,sub_schema,search_attr[i],None,entry=None + ) + search_string[i] = attr_instance.sanitizeInput(search_string[i]) + if search_mr[i]: + search_mr_string = ':%s:' % (search_mr[i]) + else: + search_mr_string = '' + search_filter.append(search_option[i] % ( + ''.join((search_attr[i],search_mr_string)), + escape_ldap_filter_chars(search_string[i]) + )) else: raise w2lapp.core.ErrorExit(u'Invalid search form data.') - else: - filterstr = form.getInputValue( - 'filterstr',[filterstr or u'(objectClass=*)'] - )[0] - search_resminindex = int( - form.getInputValue('search_resminindex',['0'])[0] - ) + # Wipe out all nullable search_filter list items + search_filter = filter(None,search_filter) + + if not search_filter: + w2lapp.searchform.w2l_SearchForm( + sid,outf,command,form,ls,dn, + searchform_mode={True:'adv',False:'exp'}['search_attr' in form.inputFieldNames], + Msg='Empty search values.', + filterstr=u'', + scope=scope + ) + return + elif len(search_filter)==1: + filterstr = search_filter[0] + elif len(search_filter)>1: + filterstr = search_mode % (u''.join(search_filter)) + + search_resminindex = int(form.getInputValue('search_resminindex',['0'])[0]) search_resnumber = int( form.getInputValue( 'search_resnumber', @@ -370,7 +376,10 @@ # Give the user a chance to edit his bad search filter w2lapp.searchform.w2l_SearchForm( sid,outf,command,form,ls,dn,searchform_mode='exp', - Msg=w2lapp.gui.LDAPError2ErrMsg(e,form,charset=ls.charset), + Msg=' '.join(( + w2lapp.gui.LDAPError2ErrMsg(e,form,charset=ls.charset), + form.utf2display(filterstr2), + )), filterstr=filterstr, scope=scope ) @@ -396,21 +405,15 @@ # Retrieve the overall number of search results by resending the # search request without size limit but with the SearchNoOpControl attached if SearchNoOpControl.controlType in ls.rootDSE.get('supportedControl',[]): - msg_id = ls.l.search_ext( - search_root.encode(ls.charset), - scope, - filterstr=filterstr2.encode(ls.charset), - attrlist=['1.1'], - serverctrls=[SearchNoOpControl()], - ) - _,_,_,search_response_ctrls = ls.l.result3(msg_id,all=1) - noop_srch_ctrl = [ - c - for c in search_response_ctrls - if c.controlType==SearchNoOpControl.controlType - ] - if noop_srch_ctrl: - _,num_all_search_results,num_all_search_continuations = noop_srch_ctrl[0].resultCode,noop_srch_ctrl[0].numSearchResults,noop_srch_ctrl[0].numSearchContinuations + try: + num_all_search_results,num_all_search_continuations = ls.l.noop_search_st( + search_root.encode(ls.charset), + scope, + filterstr=filterstr2.encode(ls.charset), + timeout=SEARCH_NOOP_TIMEOUT, + ) + except LDAPLimitErrors,e: + pass except (ldap.FILTER_ERROR,ldap.INAPPROPRIATE_MATCHING),e: # Give the user a chance to edit his bad search filter w2lapp.searchform.w2l_SearchForm( @@ -695,14 +698,7 @@ tableentry_attrs = template_attrs.intersection(entry.data.keys()) if tableentry_attrs: # Output entry with the help of pre-defined templates - tableentry = msbase.CaseinsensitiveStringKeyDict(default='') - for attr in tableentry_attrs: - tableentry[attr] = [] - for value in entry[attr]: - tableentry[attr].append( - w2lapp.gui.DataStr(sid,form,ls,dn,sub_schema,attr,value,commandbutton=0) - ) - tableentry[attr] = ', '.join(tableentry[attr]) + tableentry = w2lapp.read.DisplayEntry(sid,form,ls,dn,sub_schema,entry,'searchSep',0) tdlist = [] for oc in tdtemplate_oc: tdlist.append(search_tdtemplate[oc] % tableentry) @@ -775,8 +771,12 @@ command_table.append(form.applAnchor( 'search','Down',sid, - [('dn',dn),('scope',str(ldap.SCOPE_ONELEVEL))], - title=u'\r\n'.join(down_title_list) + ( + ('dn',dn), + ('scope',w2lapp.searchform.SEARCH_SCOPE_STR_ONELEVEL), + ('filterstr',u'(objectClass=*)'), + ), + title=u'\r\n'.join(down_title_list), )) else: diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/searchform.py web2ldap-1.1.43~dfsg/pylib/w2lapp/searchform.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/searchform.py 2012-04-07 13:51:58.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/searchform.py 2013-08-27 20:52:51.000000000 +0000 @@ -10,8 +10,6 @@ This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) - -$Id: searchform.py,v 1.62 2012/04/07 13:51:58 michael Exp $ """ import types,ldap,pyweblib.forms,w2lapp.core,w2lapp.gui,w2lapp.cnf @@ -22,33 +20,48 @@ 'exp':'Expert', } +SEARCH_OPT_CONTAINS = ur'(%s=*%s*)' +SEARCH_OPT_EXISTS = ur'(%s=*)' +SEARCH_OPT_DOESNT_CONTAIN = ur'(!(%s=*%s*))' +SEARCH_OPT_IS_EQUAL = ur'(%s=%s)' +SEARCH_OPT_IS_NOT = ur'(!(%s=%s))' +SEARCH_OPT_BEGINS_WITH = ur'(%s=%s*)' +SEARCH_OPT_ENDS_WITH = ur'(%s=*%s)' +SEARCH_OPT_SOUNDS_LIKE = ur'(%s~=%s)' +SEARCH_OPT_GE_THAN = ur'(%s>=%s)' +SEARCH_OPT_LE_THAN = ur'(%s<=%s)' + search_options = ( - (r'(%s=*%s*)',u'contains'), - (r'(%s=*)',u'exists'), - (r'(!(%s=*%s*))',u"doesn't contain"), - (r'(%s=%s)',u'is'), - (r'(!(%s=%s))',u'is not'), - (r'(%s=%s*)',u'begins with'), - (r'(%s=*%s)',u'ends with'), - (r'(%s~=%s)',u'sounds like'), - (r'(%s>=%s)',u'greater equal than'), - (r'(%s<=%s)',u'lesser equal than') + (SEARCH_OPT_CONTAINS,u'contains'), + (SEARCH_OPT_EXISTS,u'exists'), + (SEARCH_OPT_DOESNT_CONTAIN,u"doesn't contain"), + (SEARCH_OPT_IS_EQUAL,u'is'), + (SEARCH_OPT_IS_NOT,u'is not'), + (SEARCH_OPT_BEGINS_WITH,u'begins with'), + (SEARCH_OPT_ENDS_WITH,u'ends with'), + (SEARCH_OPT_SOUNDS_LIKE,u'sounds like'), + (SEARCH_OPT_GE_THAN,u'greater equal than'), + (SEARCH_OPT_LE_THAN,u'lesser equal than') ) +SEARCH_SCOPE_STR_BASE = u'0' +SEARCH_SCOPE_STR_ONELEVEL = u'1' +SEARCH_SCOPE_STR_SUBTREE = u'2' + +SEARCH_SCOPE_OPTIONS = ( + (SEARCH_SCOPE_STR_BASE,u'Base'), + (SEARCH_SCOPE_STR_ONELEVEL,u'One level'), + (SEARCH_SCOPE_STR_SUBTREE,u'Sub tree'), +) -def SearchForm_exp(sid,outf,command,form,ls,dn,sub_schema,Msg,filterstr=''): +def SearchForm_exp(sid,outf,command,form,ls,dn,sub_schema,filterstr=''): """Output expert search form""" # expert search form for using LDAP filters filterstr = form.getInputValue('filterstr',[filterstr])[0] result = """

- Search filter parameters -

LDAP filter string: - -

+ LDAP filter string +

1: - fewer_button = '' - else: - fewer_button = '' + if not len(search_option_list)==len(search_attr_list)==len(search_string_list): + raise w2lapp.core.ErrorExit(u'Invalid search form data.') search_mode = form.getInputValue('search_mode',[ur'(&%s)'])[0] @@ -101,63 +120,74 @@ default=search_mode ) search_mode_select.setCharset(form.accept_charset) - search_attrs = [ - unicode(attr_type) - for attr_type in w2lapp.cnf.GetParam(ls,'search_attrs',('cn','mail','uid','o')) - ] - search_option_list = form.getInputValue('search_option',[]) - search_attr_list = form.getInputValue('search_attr',[]) - search_string_list = form.getInputValue('search_string',[]) + mr_list = [u''] + mr_list.extend(sorted([unicode(mr) for mr in sub_schema.name2oid[ldap.schema.MatchingRule].keys()])) search_attr_options = [] - for attr_type in search_attrs: + for attr_type in w2lapp.cnf.GetParam(ls,'search_attrs',[]) or sub_schema.sed[ldap.schema.AttributeType].keys(): attr_type_se = sub_schema.get_obj(ldap.schema.AttributeType,attr_type) - if attr_type_se and attr_type_se.desc: - search_attr_options.append((attr_type,attr_type,attr_type_se.desc)) + if attr_type_se: + if attr_type_se.names: + attr_type_name = unicode(attr_type_se.names[0],ls.charset) + else: + attr_type_name = unicode(attr_type) + if attr_type_se.desc: + attr_type_desc = unicode(attr_type_se.desc,ls.charset) + else: + attr_type_desc = None + search_attr_options.append(( + attr_type_name, + attr_type_name, + attr_type_desc + )) else: search_attr_options.append((attr_type,attr_type,None)) search_attr_options.sort() + search_attrs = [ attr_type for attr_type,_,_ in search_attr_options ] + # Create a select field instance for attribute type name search_attr_select = pyweblib.forms.Select( 'search_attr',u'Search attribute type', w2lapp.cnf.misc.max_searchparams, - options=search_attr_options + options=sorted(list(set(search_attr_options+filter(None,search_attr_list)))), ) search_attr_select.setCharset(form.accept_charset) + # Create a select field instance for matching rule name + search_mr_select = pyweblib.forms.Select( + 'search_mr',u'Search attribute type', + w2lapp.cnf.misc.max_searchparams, + options=mr_list, + ) + search_mr_select.setCharset(form.accept_charset) + search_fields_html_list = [] # Output a row of the search form - for i in range(rows): - try: - search_attr_default = search_attr_list[i] - search_option_default = search_option_list[i] - search_string_default = search_string_list[i] - except IndexError: - search_attr_default = search_attrs[i % len(search_attrs)] - search_option_default = u'' - search_string_default = u'' + for i in range(len(search_attr_list)): search_fields_html_list.append('\n'.join(( - search_attr_select.inputHTML(default=search_attr_default).encode('ascii'), - form.field['search_option'].inputHTML(default=search_option_default), - form.field['search_string'].inputHTML(default=search_string_default), - '
' + '\n', + '' % (i), + '' % (i), + '\n', + search_attr_select.inputHTML(default=search_attr_list[i]), + search_mr_select.inputHTML(default=search_mr_list[i]), + form.field['search_option'].inputHTML(default=search_option_list[i]), + '\n', + form.field['search_string'].inputHTML(default=search_string_list[i]), + '', ))) # Eigentliches Suchformular ausgeben result = """ - %s

Search filter parameters -

%s %s search parameters

Match %s of the following.
- %s + %s

""" % ( - form.hiddenFieldHTML('search_params',unicode(rows),u''), - more_button,fewer_button, search_mode_select.inputHTML(), '\n'.join(search_fields_html_list), ) @@ -183,7 +213,11 @@ searchform_mode = form.getInputValue('searchform_mode',[searchform_mode])[0] search_root = form.getInputValue('search_root',[search_root or ls.getSearchRoot(dn)])[0] - search_root_field = w2lapp.gui.SearchRootField(form,ls,dn,name='search_root') + search_root_field = w2lapp.gui.SearchRootField( + form,ls,dn, + name='search_root', + search_root_searchurl=w2lapp.cnf.GetParam(ls,'searchform_search_root_url',None) + ) search_root_field.setDefault(search_root) ContextMenuList = [ @@ -219,13 +253,20 @@ if searchform_mode == 'base': # base search form with fixed input fields - inner_searchform_html = SearchForm_base(sid,outf,command,form,ls,dn,sub_schema,Msg) + try: + inner_searchform_html = SearchForm_base(sid,outf,command,form,ls,dn,sub_schema) + except IOError: + msg_html = '\n'.join(( + msg_html, + '

I/O error while loading search form template!

' + )) + inner_searchform_html = SearchForm_adv(sid,outf,command,form,ls,dn,sub_schema) elif searchform_mode == 'exp': # expert search form with single filter input field - inner_searchform_html = SearchForm_exp(sid,outf,command,form,ls,dn,sub_schema,Msg,filterstr) + inner_searchform_html = SearchForm_exp(sid,outf,command,form,ls,dn,sub_schema,filterstr) elif searchform_mode == 'adv': # base search form with fixed input fields - inner_searchform_html = SearchForm_adv(sid,outf,command,form,ls,dn,sub_schema,Msg) + inner_searchform_html = SearchForm_adv(sid,outf,command,form,ls,dn,sub_schema) searchoptions_template_filename = w2lapp.gui.GetVariantFilename( w2lapp.cnf.GetParam(ls,'searchoptions_template',None), @@ -241,31 +282,36 @@ ) outf.write(""" -

- %s +

+ {msg_html} + {form_search_html}

- %s - %s - %s - %s - + {inner_searchform_html} + {form_dn_html} + {searchoptions_template_str} +

- """ % ( - form.beginFormHTML('search',sid,'GET'), - msg_html, - inner_searchform_html, - form.hiddenFieldHTML('dn',dn,u''), - searchoptions_template_str.format( + """.format( + form_search_html=form.beginFormHTML('search',sid,'GET'), + msg_html=msg_html, + inner_searchform_html=inner_searchform_html, + form_dn_html=form.hiddenFieldHTML('dn',dn,u''), + searchoptions_template_str=searchoptions_template_str.format( search_root_field.inputHTML(), - form.field['scope'].inputHTML(default=form.getInputValue('scope',[unicode(scope)])[0]), - form.field['search_resnumber'].inputHTML(default=unicode(w2lapp.cnf.GetParam(ls,'search_resultsperpage',10))), - form.field['search_lastmod'].inputHTML(default=form.getInputValue('search_lastmod',[unicode(-1)])[0]), + form.field['scope'].inputHTML( + default=form.getInputValue('scope',[unicode(scope)])[0] + ), + form.field['search_resnumber'].inputHTML( + default=unicode(w2lapp.cnf.GetParam(ls,'search_resultsperpage',10)) + ), + form.field['search_lastmod'].inputHTML( + default=form.getInputValue('search_lastmod',[unicode(-1)])[0] + ), form.utf2display(form.getInputValue('search_attrs',[''])[0]), ), )) w2lapp.gui.PrintFooter(outf,form) - diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/session.py web2ldap-1.1.43~dfsg/pylib/w2lapp/session.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/session.py 2010-12-20 08:24:08.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/session.py 2013-06-22 15:38:52.000000000 +0000 @@ -10,8 +10,6 @@ This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) - -$Id: session.py,v 1.6 2010/12/20 08:24:08 michael Exp $ """ import sys,time,\ diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/srvrr.py web2ldap-1.1.43~dfsg/pylib/w2lapp/srvrr.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/srvrr.py 2011-05-18 09:22:19.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/srvrr.py 2013-06-22 15:38:52.000000000 +0000 @@ -10,8 +10,6 @@ This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) - -$Id: srvrr.py,v 1.7 2011/05/18 09:22:19 michael Exp $ """ import pyweblib.forms,w2lapp.gui diff -Nru web2ldap-1.1.31~dfsg/pylib/w2lapp/viewer.py web2ldap-1.1.43~dfsg/pylib/w2lapp/viewer.py --- web2ldap-1.1.31~dfsg/pylib/w2lapp/viewer.py 2013-02-05 20:12:26.000000000 +0000 +++ web2ldap-1.1.43~dfsg/pylib/w2lapp/viewer.py 2013-08-31 23:44:39.000000000 +0000 @@ -10,8 +10,6 @@ This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) - -$Id: viewer.py,v 1.47 2013/02/05 20:12:26 michael Exp $ """ import hashlib,binascii,sndhdr, \ @@ -85,13 +83,15 @@ except ImportError: try: - import M2Crypto + import M2Crypto,M2Crypto.X509 except ImportError: CRLDisplayer = None CertificateDisplayer = None else: + CertificateParserError = M2Crypto.X509.X509Error + class M2CertificateDisplayer: def __init__(self,buf): @@ -117,11 +117,14 @@ else: +# CertificateParserError = ValueError + CertificateParserError = None + # Get OID dictionary try: - oids = asn1helper.ParseCfg(w2lapp.cnf.misc.dumpasn1cfg) + asn1helper.oids = asn1helper.ParseCfg(w2lapp.cnf.misc.dumpasn1cfg) except IOError: - oids = {} + asn1helper.oids = {} class PiscesCRLDisplayer(x509v3.CRL): @@ -153,24 +156,6 @@ ), ] ) - - revokedCertificates = self.revokedCertificates() - if revokedCertificates: - revokedCertificates_str = """ - - %s -

Serial Number	Revocation date

- """ % '\n'.join( - [ - '%d%s\n' % ( - i[0],i[1] - ) - for i in revokedCertificates - ] - ) - else: - revokedCertificates_str = '

No revoked certificates.

' - # Get the extensions as string-keyed dict but with # numeric string representation of OIDs extensions = self.crlExtensions() @@ -189,32 +174,53 @@ ) ) else: - extensions_html_list = ['No extensions.'] + extensions_html_list = ['No CRL extensions.'] + # Display a table of revoked certificates + revokedCertificates = self.revokedCertificates() + if revokedCertificates: + revokedCertificates_tr_items = [] + for i in revokedCertificates: + userCertificate,revocationDate,crlEntryExtensions = i + if crlEntryExtensions!=None: + crlEntryExtensions_html = x509v3.htmlize(crlEntryExtensions) + else: + crlEntryExtensions_html = '' + revokedCertificates_tr_items.append( + '%d%s%s\n' % ( + userCertificate,revocationDate,crlEntryExtensions_html + ) + ) + revokedCertificates_str = """ + + %s +

Serial Number	Revocation date	Extensions

+ """ % ('\n'.join(revokedCertificates_tr_items)) + else: + revokedCertificates_str = '

No revoked certificates.

' outf.write(""" +

X.509 CRL attributes

This CRL was issued by:
This CRL was issued by:: %s
CRL Version:
CRL Version:: %d
This CRL is valid from %s until %s.
Signature Algorithm:: %s
Revoked certificates: %d
This CRL is valid from %s until %s.
Signature Algorithm:: %s

- CRL extensions:
-

- %s - +

X.509v3 CRL extensions

+ %s +

%d revoked certificates

+ %s """ % ( - self.issuer().__html__(oids,form.accept_charset), + self.issuer().html(asn1helper.oids,form.accept_charset), self.version(), self.thisUpdate(), self.nextUpdate(), - asn1helper.GetOIDDescription(self.signatureAlgorithm(),oids), + asn1helper.GetOIDDescription(self.signatureAlgorithm(),asn1helper.oids), + '\n'.join(extensions_html_list), len(revokedCertificates), revokedCertificates_str, - '\n'.join(extensions_html_list), )) @@ -269,7 +275,7 @@ '

%s (%s)

' % ( e.extnValue.__class__.__name__, str(e.extnId), - e.extnValue.__html__(nsBaseUrl,hex(self.serialNumber())[2:-1]) + e.extnValue.html(nsBaseUrl,hex(self.serialNumber())[2:-1]) ) ) else: @@ -284,36 +290,24 @@ extensions_html_list = ['No extensions.'] outf.write(""" - - - - - - - - -

X.509 certificate attributes:

This certificate belongs to:
This certificate belongs to:: %s

This certificate was issued by:
This certificate was issued by:: %s

Certificate Version:

Serial Number:

Validity Period:

not before: %s
not after: %s

Fingerprint:

MD5: %s
SHA-256: %s

Signature Algorithm:

- X.509v3 certificate extensions: +

X.509v3 certificate extensions:

%s -

""" % ( - self.subject().__html__(oids,form.accept_charset), - self.issuer().__html__(oids,form.accept_charset), + self.subject().html(asn1helper.oids,form.accept_charset), + self.issuer().html(asn1helper.oids,form.accept_charset), self.version(), self.serialNumber(), notBefore, @@ -341,7 +332,7 @@ self.fingerprint('md5'), self.fingerprint('sha1'), self.fingerprint('sha256'), - asn1helper.GetOIDDescription(self.signatureAlgorithm(),oids), + asn1helper.GetOIDDescription(self.signatureAlgorithm(),asn1helper.oids), '\n'.join(extensions_html_list), )) @@ -349,28 +340,41 @@ CertificateDisplayer = PiscesCertificateDisplayer -def DisplayX509Certificate_base64(sid,outf,command,form,dn,attr,entry,index=None): +def DisplayX509Certificate(sid,outf,command,form,dn,attr,entry,index=None): """Display a base64-encoded X.509 certificate attribute""" - outf.write('

%s

' % (attr)) - for index in range(len(entry[attr])): - CertificateDisplayer(x509_prep(entry[attr][index])).htmlDetailView( - sid,outf,form,dn,attr,index, - ) - return None + outf.write('

%s

' % (unicode(attr,'ascii'))) + attr_value_count = len(entry[attr]) + for i in range(attr_value_count): + if attr_value_count>1: + outf.write('

%d. / %d

' % (i+1,attr_value_count)) + try: + CertificateDisplayer(x509_prep(entry[attr][i])).htmlDetailView( + sid,outf,form,dn,attr,index, + ) + except CertificateParserError: + outf.write('

Error parsing certificate.

') + return # DisplayX509Certificate() -def DisplayCRL_base64(sid,outf,command,form,dn,attr,entry,index=None): +def DisplayCRL(sid,outf,command,form,dn,attr,entry,index=None): """Display a base64-encoded CRL attribute""" - outf.write('

%s

' % (attr)) - for i in range(len(entry[attr])): - CRLDisplayer(x509_prep(entry[attr][index])).htmlDetailView( - sid,outf,form,dn,attr,i, - ) - return None + outf.write('

%s

' % (unicode(attr,'ascii'))) + attr_value_count = len(entry[attr]) + for i in range(attr_value_count): + if attr_value_count>1: + outf.write('

%d. / %d

' % (i+1,attr_value_count)) + try: + CRLDisplayer(x509_prep(entry[attr][index])).htmlDetailView( + sid,outf,form,dn,attr,i, + ) + except CertificateParserError: + outf.write('

Error parsing CRL.

') + return # DisplayCRL() + # register viewer functions by syntax OID if CertificateDisplayer: - viewer_func['1.3.6.1.4.1.1466.115.121.1.8'] = DisplayX509Certificate_base64 - viewer_func['CACertificate-oid'] = DisplayX509Certificate_base64 + viewer_func['1.3.6.1.4.1.1466.115.121.1.8'] = DisplayX509Certificate + viewer_func['CACertificate-oid'] = DisplayX509Certificate if CRLDisplayer: - viewer_func['1.3.6.1.4.1.1466.115.121.1.9'] = DisplayCRL_base64 + viewer_func['1.3.6.1.4.1.1466.115.121.1.9'] = DisplayCRL diff -Nru web2ldap-1.1.31~dfsg/sbin/checkinst.py web2ldap-1.1.43~dfsg/sbin/checkinst.py --- web2ldap-1.1.31~dfsg/sbin/checkinst.py 2012-12-21 16:56:00.000000000 +0000 +++ web2ldap-1.1.43~dfsg/sbin/checkinst.py 2013-06-22 15:51:05.000000000 +0000 @@ -3,13 +3,12 @@ """ This script checks all the prerequisites for running a particular release version of web2ldap. - -$Id: checkinst.py,v 1.35 2012/12/21 16:56:00 michael Exp $ """ import sys,os,imp,socket,pprint +from distutils.version import StrictVersion -MINIMUM_PYTHON_VERSION = '2.6' +MINIMUM_PYTHON_VERSION = (2,6,0) print '*** Checking installation prerequisites for web2ldap ***' @@ -25,8 +24,11 @@ print 'sys.prefix',repr(sys.prefix) print 'sys.exec_prefix',repr(sys.exec_prefix) print 'sys.version',repr(sys.version) -if sys.version < MINIMUM_PYTHON_VERSION: - print 'Python %s.x or newer is required! Detected %s.' % (MINIMUM_PYTHON_VERSION,repr(sys.version)) +minimum_major,minimum_minor,minimum_micro = MINIMUM_PYTHON_VERSION +if sys.version_info.major > minimum_major: + print 'Python 3 not supported.' +if not (sys.version_info.major==minimum_major and sys.version_info.minor>=minimum_minor): + print 'Python %s or newer is required! Detected %s.' % ('.'.join(map(str,MINIMUM_PYTHON_VERSION)),repr(sys.version)) print 'sys.platform',repr(sys.platform) print 'os.name',repr(os.name) @@ -95,7 +97,7 @@ version = modules[m].__version__ except AttributeError: version = 'unspecified' - if min_version!=None and version!='unspecified' and version

Time after which a password is no longer valid (password expiry):	%(pwdMaxAge)s seconds	%(pwdMaxAge)s
Time before password expiry a warning message is returned:	%(pwdExpireWarning)s seconds	%(pwdExpireWarning)s
Maximum number of times that an expired password may be used:
Time for password lockout:	%(pwdLockoutDuration)s seconds	%(pwdLockoutDuration)s
Number of failed bind attempts for lockout:
Time after which failed bind attempts are purged:	%(pwdFailureCountInterval)s seconds	%(pwdFailureCountInterval)s

Time after which a password is no longer valid (password expiry):	%(pwdMaxAge)s seconds	%(pwdMaxAge)s
Time before password expiry a warning message is returned:	%(pwdExpireWarning)s seconds	%(pwdExpireWarning)s
Maximum number of times that an expired password may be used:
Duration of password lockout:	%(pwdLockoutDuration)s seconds	%(pwdLockoutDuration)s
Number of failed bind attempts for lockout:
Time after which failed bind attempts are purged:	%(pwdFailureCountInterval)s seconds	%(pwdFailureCountInterval)s

Delete mode:	%s
Delete mode:	{field_delete_scope}
Use tree delete control:	- +
Additional controls:	%s
Additional controls:	{field_delete_ctrl}

Password policy

Password policy %(cn)s

Password change parameters

1.1.43

1.1.42

1.1.41

1.1.40

1.1.39

1.1.38

1.1.37

1.1.36

1.1.35

1.1.34

1.1.33

1.1.32

1.1.31

1.1

1.2

1.2

SSL

Found SRV RRs

%s

%s

%s

X.509 CRL attributes

X.509v3 CRL extensions

%d revoked certificates

X.509 certificate attributes:

X.509v3 certificate extensions:

%s

%s

%d. / %d

%s

%s

%d. / %d