x/python-ganttclient
Code Issues Proposed changes

sanitize all args to strings before sending them to ldap

Browse Source
This commit is contained in:
Vishvananda Ishaya
2011-02-16 12:02:10 -08:00
parent 5ff63cd382
commit ee3d2e34cc
1 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
nova/auth/ldapdriver.py
View File

@@ -73,6 +73,23 @@ LOG = logging.getLogger("nova.ldapdriver")
# creating this now because I'm expecting an auth refactor # creating this now because I'm expecting an auth refactor
# in which we may want to change the interface a bit more. # in which we may want to change the interface a bit more.
def _clean(attr):
"""Clean attr for insertion into ldap"""
if attr is None:
return None
if type(attr) is unicode:
return str(attr)
return attr
def sanitize(fn):
"""Decorator to sanitize all args"""
def _wrapped(self, *args, **kwargs):
args = [_clean(x) for x in args]
kwargs = dict((k, _clean(v)) for (k, v) in kwargs)
return fn(self, *args, **kwargs)
_wrapped.func_name = fn.func_name
return _wrapped
class LdapDriver(object): class LdapDriver(object):
"""Ldap Auth driver """Ldap Auth driver
@@ -106,23 +123,27 @@ class LdapDriver(object):
self.conn.unbind_s() self.conn.unbind_s()
return False return False
@sanitize
def get_user(self, uid): def get_user(self, uid):
"""Retrieve user by id""" """Retrieve user by id"""
attr = self.__get_ldap_user(uid) attr = self.__get_ldap_user(uid)
return self.__to_user(attr) return self.__to_user(attr)
@sanitize
def get_user_from_access_key(self, access): def get_user_from_access_key(self, access):
"""Retrieve user by access key""" """Retrieve user by access key"""
query = '(accessKey=%s)' % access query = '(accessKey=%s)' % access
dn = FLAGS.ldap_user_subtree dn = FLAGS.ldap_user_subtree
return self.__to_user(self.__find_object(dn, query)) return self.__to_user(self.__find_object(dn, query))
@sanitize
def get_project(self, pid): def get_project(self, pid):
"""Retrieve project by id""" """Retrieve project by id"""
dn = self.__project_to_dn(pid) dn = self.__project_to_dn(pid)
attr = self.__find_object(dn, LdapDriver.project_pattern) attr = self.__find_object(dn, LdapDriver.project_pattern)
return self.__to_project(attr) return self.__to_project(attr)
@sanitize
def get_users(self): def get_users(self):
"""Retrieve list of users""" """Retrieve list of users"""
attrs = self.__find_objects(FLAGS.ldap_user_subtree, attrs = self.__find_objects(FLAGS.ldap_user_subtree,
@@ -134,6 +155,7 @@ class LdapDriver(object):
users.append(user) users.append(user)
return users return users
@sanitize
def get_projects(self, uid=None): def get_projects(self, uid=None):
"""Retrieve list of projects""" """Retrieve list of projects"""
pattern = LdapDriver.project_pattern pattern = LdapDriver.project_pattern
@@ -143,6 +165,7 @@ class LdapDriver(object):
pattern) pattern)
return [self.__to_project(attr) for attr in attrs] return [self.__to_project(attr) for attr in attrs]
@sanitize
def create_user(self, name, access_key, secret_key, is_admin): def create_user(self, name, access_key, secret_key, is_admin):
"""Create a user""" """Create a user"""
if self.__user_exists(name): if self.__user_exists(name):
@@ -196,6 +219,7 @@ class LdapDriver(object):
self.conn.add_s(self.__uid_to_dn(name), attr) self.conn.add_s(self.__uid_to_dn(name), attr)
return self.__to_user(dict(attr)) return self.__to_user(dict(attr))
@sanitize
def create_project(self, name, manager_uid, def create_project(self, name, manager_uid,
description=None, member_uids=None): description=None, member_uids=None):
"""Create a project""" """Create a project"""
@@ -231,6 +255,7 @@ class LdapDriver(object):
self.conn.add_s(dn, attr) self.conn.add_s(dn, attr)
return self.__to_project(dict(attr)) return self.__to_project(dict(attr))
@sanitize
def modify_project(self, project_id, manager_uid=None, description=None): def modify_project(self, project_id, manager_uid=None, description=None):
"""Modify an existing project""" """Modify an existing project"""
if not manager_uid and not description: if not manager_uid and not description:
@@ -249,21 +274,25 @@ class LdapDriver(object):
dn = self.__project_to_dn(project_id) dn = self.__project_to_dn(project_id)
self.conn.modify_s(dn, attr) self.conn.modify_s(dn, attr)
@sanitize
def add_to_project(self, uid, project_id): def add_to_project(self, uid, project_id):
"""Add user to project""" """Add user to project"""
dn = self.__project_to_dn(project_id) dn = self.__project_to_dn(project_id)
return self.__add_to_group(uid, dn) return self.__add_to_group(uid, dn)
@sanitize
def remove_from_project(self, uid, project_id): def remove_from_project(self, uid, project_id):
"""Remove user from project""" """Remove user from project"""
dn = self.__project_to_dn(project_id) dn = self.__project_to_dn(project_id)
return self.__remove_from_group(uid, dn) return self.__remove_from_group(uid, dn)
@sanitize
def is_in_project(self, uid, project_id): def is_in_project(self, uid, project_id):
"""Check if user is in project""" """Check if user is in project"""
dn = self.__project_to_dn(project_id) dn = self.__project_to_dn(project_id)
return self.__is_in_group(uid, dn) return self.__is_in_group(uid, dn)
@sanitize
def has_role(self, uid, role, project_id=None): def has_role(self, uid, role, project_id=None):
"""Check if user has role """Check if user has role
@@ -273,6 +302,7 @@ class LdapDriver(object):
role_dn = self.__role_to_dn(role, project_id) role_dn = self.__role_to_dn(role, project_id)
return self.__is_in_group(uid, role_dn) return self.__is_in_group(uid, role_dn)
@sanitize
def add_role(self, uid, role, project_id=None): def add_role(self, uid, role, project_id=None):
"""Add role for user (or user and project)""" """Add role for user (or user and project)"""
role_dn = self.__role_to_dn(role, project_id) role_dn = self.__role_to_dn(role, project_id)
@@ -283,11 +313,13 @@ class LdapDriver(object):
else: else:
return self.__add_to_group(uid, role_dn) return self.__add_to_group(uid, role_dn)
@sanitize
def remove_role(self, uid, role, project_id=None): def remove_role(self, uid, role, project_id=None):
"""Remove role for user (or user and project)""" """Remove role for user (or user and project)"""
role_dn = self.__role_to_dn(role, project_id) role_dn = self.__role_to_dn(role, project_id)
return self.__remove_from_group(uid, role_dn) return self.__remove_from_group(uid, role_dn)
@sanitize
def get_user_roles(self, uid, project_id=None): def get_user_roles(self, uid, project_id=None):
"""Retrieve list of roles for user (or user and project)""" """Retrieve list of roles for user (or user and project)"""
if project_id is None: if project_id is None:
@@ -307,6 +339,7 @@ class LdapDriver(object):
roles = self.__find_objects(project_dn, query) roles = self.__find_objects(project_dn, query)
return [role['cn'][0] for role in roles] return [role['cn'][0] for role in roles]
@sanitize
def delete_user(self, uid): def delete_user(self, uid):
"""Delete a user""" """Delete a user"""
if not self.__user_exists(uid): if not self.__user_exists(uid):
@@ -332,12 +365,14 @@ class LdapDriver(object):
# Delete entry # Delete entry
self.conn.delete_s(self.__uid_to_dn(uid)) self.conn.delete_s(self.__uid_to_dn(uid))
@sanitize
def delete_project(self, project_id): def delete_project(self, project_id):
"""Delete a project""" """Delete a project"""
project_dn = self.__project_to_dn(project_id) project_dn = self.__project_to_dn(project_id)
self.__delete_roles(project_dn) self.__delete_roles(project_dn)
self.__delete_group(project_dn) self.__delete_group(project_dn)
@sanitize
def modify_user(self, uid, access_key=None, secret_key=None, admin=None): def modify_user(self, uid, access_key=None, secret_key=None, admin=None):
"""Modify an existing user""" """Modify an existing user"""
if not access_key and not secret_key and admin is None: if not access_key and not secret_key and admin is None: