j3d1/webvirtcloud
1
0
Fork 0
mirror of https://github.com/retspen/webvirtcloud synced 2026-03-22 02:24:56 +00:00
Code Issues Projects Releases Wiki Activity

Check for ldap3 existence

Browse source
This commit is contained in:
Kendar 2021-05-28 12:55:47 +02:00
parent 881852af05
commit b761faccec
1 changed files with 105 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

203
webvirtcloud/ldapbackend.py
View file

@ -1,109 +1,116 @@
from django.contrib.auth.backends import ModelBackend from django.contrib.auth.backends import ModelBackend
from django.contrib.auth.models import User from django.contrib.auth.models import User
from ldap3 import Server, Connection, ALL
from django.conf import settings from django.conf import settings
from accounts.models import UserAttributes, UserInstance, UserSSHKey from accounts.models import UserAttributes, UserInstance, UserSSHKey
from django.contrib.auth.models import Permission from django.contrib.auth.models import Permission
from logs.models import Logs from logs.models import Logs
import uuid import uuid
#/srv/webvirtcloud/ldap/ldapbackend.py try:
class LdapAuthenticationBackend(ModelBackend): from ldap3 import Server, Connection, ALL
#/srv/webvirtcloud/ldap/ldapbackend.py
def get_LDAP_user(self, username, password, filterString): class LdapAuthenticationBackend(ModelBackend):
print('get_LDAP_user')
try: def get_LDAP_user(self, username, password, filterString):
server = Server(settings.LDAP_URL, port=settings.LDAP_PORT, print('get_LDAP_user')
use_ssl=settings.USE_SSL,get_info=ALL) try:
connection = Connection(server, server = Server(settings.LDAP_URL, port=settings.LDAP_PORT,
settings.LDAP_MASTER_DN, use_ssl=settings.USE_SSL,get_info=ALL)
settings.LDAP_MASTER_PW, auto_bind=True) connection = Connection(server,
settings.LDAP_MASTER_DN,
connection.search(settings.LDAP_ROOT_DN, settings.LDAP_MASTER_PW, auto_bind=True)
'(&({attr}={login})({filter}))'.format(
attr=settings.LDAP_USER_UID_PREFIX, connection.search(settings.LDAP_ROOT_DN,
login=username, '(&({attr}={login})({filter}))'.format(
filter=filterString), attributes=[settings.LDAP_USER_UID_PREFIX]) attr=settings.LDAP_USER_UID_PREFIX,
login=username,
if len(connection.response) == 0: filter=filterString), attributes=[settings.LDAP_USER_UID_PREFIX])
print('get_LDAP_user-no response')
if len(connection.response) == 0:
print('get_LDAP_user-no response')
return None
return connection.response[0]
except:
print('get_LDAP_user-error')
return None return None
return connection.response[0] def authenticate(self, request, username=None, password=None, **kwargs):
except: if not settings.LDAP_ENABLED:
print('get_LDAP_user-error') return None
return None print("authenticate_ldap")
# Get the user information from the LDAP if he can be authenticated
def authenticate(self, request, username=None, password=None, **kwargs): isAdmin = False
if not settings.LDAP_ENABLED: isStaff = False
return None
print("authenticate_ldap")
# Get the user information from the LDAP if he can be authenticated
isAdmin = False
isStaff = False
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_ADMINS) is None:
print("authenticate-not admin")
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_STAFF) is None:
print("authenticate-not staff")
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_USERS) is None:
print("authenticate-not user")
return None
else:
print("authenticate-user")
else:
isStaff = True
print("authenticate-staff")
else:
isAdmin = True
isStaff = True
print("authenticate-admin")
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
print("authenticate-create new user")
user = User(username=username)
user.is_active = True
user.is_staff = isStaff
user.is_superuser = isAdmin
user.set_password(uuid.uuid4().hex)
user.save()
maxInstances = 1
maxCpus = 1
maxMemory = 128
maxDiskSize = 1
if isStaff:
maxMemory = 2048
maxDiskSize = 20
permission = Permission.objects.get(codename='clone_instances')
user.user_permissions.add(permission)
if isAdmin:
maxInstances = -1
maxCpus = -1
maxMemory = -1
maxDiskSize = -1
permission = Permission.objects.get(codename='clone_instances')
user.user_permissions.add(permission)
user.save()
UserAttributes.objects.create(
user=user,
max_instances=maxInstances,
max_cpus=maxCpus,
max_memory=maxMemory,
max_disk_size=maxDiskSize,
)
user.save()
print("authenticate-user created") if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_ADMINS) is None:
return user print("authenticate-not admin")
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_STAFF) is None:
def get_user(self, user_id): print("authenticate-not staff")
if not settings.LDAP_ENABLED: if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_USERS) is None:
return None print("authenticate-not user")
print("get_user_ldap") return None
try: else:
return User.objects.get(pk=user_id) print("authenticate-user")
except User.DoesNotExist: else:
print("get_user-user not found") isStaff = True
print("authenticate-staff")
else:
isAdmin = True
isStaff = True
print("authenticate-admin")
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
print("authenticate-create new user")
user = User(username=username)
user.is_active = True
user.is_staff = isStaff
user.is_superuser = isAdmin
user.set_password(uuid.uuid4().hex)
user.save()
maxInstances = 1
maxCpus = 1
maxMemory = 128
maxDiskSize = 1
if isStaff:
maxMemory = 2048
maxDiskSize = 20
permission = Permission.objects.get(codename='clone_instances')
user.user_permissions.add(permission)
if isAdmin:
maxInstances = -1
maxCpus = -1
maxMemory = -1
maxDiskSize = -1
permission = Permission.objects.get(codename='clone_instances')
user.user_permissions.add(permission)
user.save()
UserAttributes.objects.create(
user=user,
max_instances=maxInstances,
max_cpus=maxCpus,
max_memory=maxMemory,
max_disk_size=maxDiskSize,
)
user.save()
print("authenticate-user created")
return user
def get_user(self, user_id):
if not settings.LDAP_ENABLED:
return None
print("get_user_ldap")
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
print("get_user-user not found")
return None
except:
class LdapAuthenticationBackend(ModelBackend):
def authenticate(self, request, username=None, password=None, **kwargs):
return None
def get_user(self, user_id):
return None return None