137 lines
5.4 KiB
Python
137 lines
5.4 KiB
Python
##############################################################################
|
|
#
|
|
# Copyright (c) 2004-2007 TINY SPRL. (http://tiny.be) All Rights Reserved.
|
|
#
|
|
# $Id: account.py 1005 2005-07-25 08:41:42Z nicoe $
|
|
#
|
|
# WARNING: This program as such is intended to be used by professional
|
|
# programmers who take the whole responsability of assessing all potential
|
|
# consequences resulting from its eventual inadequacies and bugs
|
|
# End users who are looking for a ready-to-use solution with commercial
|
|
# garantees and support are strongly adviced to contract a Free Software
|
|
# Service Company
|
|
#
|
|
# This program is Free Software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License
|
|
# as published by the Free Software Foundation; either version 2
|
|
# of the License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
#
|
|
##############################################################################
|
|
|
|
from osv import fields,osv
|
|
from service import security
|
|
import pooler
|
|
|
|
try:
|
|
import ldap
|
|
except ImportError:
|
|
import netsvc
|
|
logger = netsvc.Logger()
|
|
logger.notifyChannel("init", netsvc.LOG_ERROR, "could not import ldap!")
|
|
|
|
class res_company(osv.osv):
|
|
_inherit = "res.company"
|
|
|
|
_columns = {
|
|
'ldap_server': fields.char('LDAP Server address', size=64),
|
|
'ldap_binddn': fields.char('LDAP binddn', size=64),
|
|
'ldap_password': fields.char('LDAP password', size=64),
|
|
'ldap_filter': fields.char('LDAP filter', size=64),
|
|
'ldap_base': fields.char('LDAP base', size=64),
|
|
}
|
|
res_company()
|
|
|
|
def ldap_login(oldfnc):
|
|
def _ldap_login(db, login, passwd):
|
|
cr = pooler.get_db(db).cursor()
|
|
module_obj = pooler.get_pool(cr.dbname).get('ir.module.module')
|
|
module_ids = module_obj.search(cr, 1, [('name', '=', 'users_ldap')])
|
|
if module_ids:
|
|
state = module_obj.read(cr, 1, module_ids, ['state'])[0]['state']
|
|
if state in ('installed', 'to upgrade', 'to remove'):
|
|
cr.execute("select id, name, ldap_server, ldap_binddn, ldap_password, ldap_filter, ldap_base from res_company where ldap_server != '' and ldap_binddn != ''")
|
|
for res_company in cr.dictfetchall():
|
|
try:
|
|
l = ldap.open(res_company['ldap_server'])
|
|
if l.simple_bind(res_company['ldap_binddn'], res_company['ldap_password']):
|
|
base = res_company['ldap_base']
|
|
scope = ldap.SCOPE_SUBTREE
|
|
filter = res_company['ldap_filter']%(login,)
|
|
retrieve_attributes = None
|
|
result_id = l.search(base, scope, filter, retrieve_attributes)
|
|
timeout = 60
|
|
result_type, result_data = l.result(result_id, timeout)
|
|
if not result_data:
|
|
continue
|
|
if result_type == ldap.RES_SEARCH_RESULT and len(result_data) == 1:
|
|
dn=result_data[0][0]
|
|
name=result_data[0][1]['cn']
|
|
if l.bind(dn, passwd):
|
|
cr.execute("select id from res_users where login=%s",(login.encode('utf-8'),))
|
|
res = cr.fetchone()
|
|
if res:
|
|
cr.close()
|
|
return res[0]
|
|
users_obj = pooler.get_pool(cr.dbname).get('res.users')
|
|
action_obj = pooler.get_pool(cr.dbname).get('ir.actions.actions')
|
|
action_id = action_obj.search(cr, 1, [('usage', '=', 'menu')])[0]
|
|
res = users_obj.create(cr, 1, {'name': name, 'login': login.encode('utf-8'), 'company_id': res_company['id'], 'action_id': action_id})
|
|
cr.commit()
|
|
cr.close()
|
|
return res
|
|
except Exception, e:
|
|
continue
|
|
cr.close()
|
|
return oldfnc(db, login, passwd)
|
|
return _ldap_login
|
|
|
|
security.login = ldap_login(security.login)
|
|
|
|
def ldap_check(oldfnc):
|
|
def _ldap_check(db, uid, passwd):
|
|
if security._uid_cache.has_key(uid) and (security._uid_cache[uid]==passwd):
|
|
return True
|
|
cr = pooler.get_db(db).cursor()
|
|
module_obj = pooler.get_pool(cr.dbname).get('ir.module.module')
|
|
module_ids = module_obj.search(cr, 1, [('name', '=', 'users_ldap')])
|
|
if module_ids:
|
|
state = module_obj.read(cr, 1, module_ids, ['state'])[0]['state']
|
|
if state in ('installed', 'to upgrade', 'to remove'):
|
|
users_obj = pooler.get_pool(cr.dbname).get('res.users')
|
|
user = users_obj.browse(cr, 1, uid)
|
|
if user and user.company_id.ldap_server and user.company_id.ldap_binddn:
|
|
company = user.company_id
|
|
try:
|
|
l = ldap.open(company.ldap_server)
|
|
if l.simple_bind(company.ldap_binddn, company.ldap_password):
|
|
base = company['ldap_base']
|
|
scope = ldap.SCOPE_SUBTREE
|
|
filter = company['ldap_filter']%(user.login,)
|
|
retrieve_attributes = None
|
|
result_id = l.search(base, scope, filter, retrieve_attributes)
|
|
timeout = 60
|
|
result_type, result_data = l.result(result_id, timeout)
|
|
if result_data and result_type == ldap.RES_SEARCH_RESULT and len(result_data) == 1:
|
|
dn=result_data[0][0]
|
|
name=result_data[0][1]['cn']
|
|
if l.bind(dn, passwd):
|
|
security._uid_cache[uid] = passwd
|
|
cr.close()
|
|
return True
|
|
except Exception, e:
|
|
pass
|
|
cr.close()
|
|
return oldfnc(db, uid, passwd)
|
|
return _ldap_check
|
|
|
|
security.check = ldap_check(security.check)
|