crans/lc_ldap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[attributs] On ne fait des appels à pgsql que s'il faut effectivement vérifier les données.

Browse source 
Quand on est en red only, en plus d'être inutile, on fait souvent cracher le binding
à cause de vieux enregistrements.
Accessoirement, on rajoute quelques shells valident.
This commit is contained in:
Valentin Samir 2011-10-28 18:28:59 +02:00
parent 88697df427
commit 6dfa3af3ec
1 changed files with 25 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

16
attributs.py
View file

@ -69,6 +69,7 @@ class Attr(object):
ldif: objet contenant l'attribut (permet de faire les validations sur l'environnement) ldif: objet contenant l'attribut (permet de faire les validations sur l'environnement)
ctxt_check: effectue les validations ctxt_check: effectue les validations
""" """
self.ctxt_check=ctxt_check
self.value = None self.value = None
self.conn = conn self.conn = conn
assert isinstance(val, unicode) assert isinstance(val, unicode)
@ -134,11 +135,13 @@ class objectClass(Attr):
optional = False optional = False
legend = "entité" legend = "entité"
def parse_value(self, val, ldif): def parse_value(self, val, ldif):
if val not in [ 'top', 'posixAccount', 'shadowAccount', 'proprio', if val not in [ 'top', 'posixAccount', 'shadowAccount', 'proprio',
'adherent', 'club', 'machine', 'machineCrans', 'adherent', 'club', 'machine', 'machineCrans',
'borneWifi', 'machineWifi', 'machineFixe', 'borneWifi', 'machineWifi', 'machineFixe',
'cransAccount', 'service', 'facture', 'freeMid' ]: 'cransAccount', 'service', 'facture', 'freeMid' ]:
print(val)
raise ValueError("Pourquoi insérer un objectClass=%s ?" % val) raise ValueError("Pourquoi insérer un objectClass=%s ?" % val)
else: else:
self.value = unicode(val) self.value = unicode(val)
@ -254,6 +257,7 @@ class chbre(Attr):
can_modify = ["self", "Cableur", "Nounou"] can_modify = ["self", "Cableur", "Nounou"]
def parse_value(self, val, ldif): def parse_value(self, val, ldif):
if self.ctxt_check: # Si ce n'est pas la peine de vérifier, on ne vérifie pas
if u'club' in ldif['objectClass']: if u'club' in ldif['objectClass']:
if val in annuaires_pg.locaux_clubs(): if val in annuaires_pg.locaux_clubs():
self.value = val self.value = val
@ -295,8 +299,8 @@ class solde(Attr):
can_modify = ["imprimeur", "Nounou", "Tresorier"] can_modify = ["imprimeur", "Nounou", "Tresorier"]
def parse_value(self, solde, ldif): def parse_value(self, solde, ldif):
# on évite les dépassements # on évite les dépassements, sauf si on nous dit de ne pas vérifier
if not (float(solde) >= config.impression.decouvert and float(solde) <= 1024.): if self.ctxt_check and not (float(solde) >= config.impression.decouvert and float(solde) <= 1024.):
raise ValueError("Solde invalide: %s" % solde) raise ValueError("Solde invalide: %s" % solde)
self.value = solde self.value = solde
@ -304,7 +308,7 @@ class dnsAttr(Attr):
def parse_value(self, dns, ldif): def parse_value(self, dns, ldif):
dns = dns.lower() dns = dns.lower()
name, net = dns.split('.', 1) name, net = dns.split('.', 1)
if (net not in ['crans.org', 'wifi.crans.org'] or if self.ctxt_check and (net not in ['crans.org', 'wifi.crans.org'] or
not re.match('[a-z][-_a-z0-9]+', name)): not re.match('[a-z][-_a-z0-9]+', name)):
raise ValueError("Nom d'hote invalide '%s'" % dns) raise ValueError("Nom d'hote invalide '%s'" % dns)
self.value = dns self.value = dns
@ -544,8 +548,12 @@ class loginShell(Attr):
'/usr/bin/rssh', '/usr/bin/rssh',
'/usr/local/bin/disconnect_shell', '/usr/local/bin/disconnect_shell',
'/usr/scripts/surveillance/disconnect_shell', '/usr/scripts/surveillance/disconnect_shell',
'/usr/local/bin/badPassSh',
'/usr/bin/passwd',
'/bin/false',
'/bin//zsh'
''] '']
if (shell not in shells): if self.ctxt_check and (shell not in shells):
raise ValueError("Shell %s invalide" % shell) raise ValueError("Shell %s invalide" % shell)
self.value = shell self.value = shell