[CalendarServer-changes] [13491] twext/trunk/twext/who/opendirectory

source_changes at macosforge.org source_changes at macosforge.org
Fri May 16 12:51:08 PDT 2014


Revision: 13491
          http://trac.calendarserver.org//changeset/13491
Author:   sagen at apple.com
Date:     2014-05-16 12:51:07 -0700 (Fri, 16 May 2014)
Log Message:
-----------
Allow suppression of system records from OpenDirectory service

Modified Paths:
--------------
    twext/trunk/twext/who/opendirectory/_constants.py
    twext/trunk/twext/who/opendirectory/_service.py

Modified: twext/trunk/twext/who/opendirectory/_constants.py
===================================================================
--- twext/trunk/twext/who/opendirectory/_constants.py	2014-05-16 18:35:25 UTC (rev 13490)
+++ twext/trunk/twext/who/opendirectory/_constants.py	2014-05-16 19:51:07 UTC (rev 13491)
@@ -172,6 +172,11 @@
     nestedGroups = ValueConstant(u"dsAttrTypeStandard:NestedGroups")
     nestedGroups.fieldName = FieldName.nestedGroupsUIDs
 
+    # For determining whether it's a system record
+    uniqueId = ValueConstant(u"dsAttrTypeStandard:UniqueID")
+    primaryGroupId = ValueConstant(u"dsAttrTypeStandard:PrimaryGroupID")
+    isHidden = ValueConstant(u"dsAttrTypeNative:IsHidden")
+
     # # Single value fields
     # AdminLimits = ValueConstant(u"dsAttrTypeStandard:AdminLimits")
     # AppleAliasData = ValueConstant(u"dsAttrTypeStandard:AppleAliasData")
@@ -230,7 +235,6 @@
     # PresetUserIsAdmin = ValueConstant(u"dsAttrTypeStandard:PresetUserIsAdmin")
     # PrimaryComputerGUID = ValueConstant(u"dsAttrTypeStandard:PrimaryComputerGUID")
     # PrimaryComputerList = ValueConstant(u"dsAttrTypeStandard:PrimaryComputerList")
-    # PrimaryGroupID = ValueConstant(u"dsAttrTypeStandard:PrimaryGroupID")
     # Printer1284DeviceID = ValueConstant(u"dsAttrTypeStandard:Printer1284DeviceID")
     # PrinterLPRHost = ValueConstant(u"dsAttrTypeStandard:PrinterLPRHost")
     # PrinterLPRQueue = ValueConstant(u"dsAttrTypeStandard:PrinterLPRQueue")
@@ -263,7 +267,6 @@
     # SetupAssistantLocation = ValueConstant(u"dsAttrTypeStandard:SetupAssistantLocation")
     # Occupation = ValueConstant(u"dsAttrTypeStandard:Occupation")
     # TimeToLive = ValueConstant(u"dsAttrTypeStandard:TimeToLive")
-    # UniqueID = ValueConstant(u"dsAttrTypeStandard:UniqueID")
     # UserCertificate = ValueConstant(u"dsAttrTypeStandard:UserCertificate")
     # UserPKCS12Data = ValueConstant(u"dsAttrTypeStandard:UserPKCS12Data")
     # UserShell = ValueConstant(u"dsAttrTypeStandard:UserShell")

Modified: twext/trunk/twext/who/opendirectory/_service.py
===================================================================
--- twext/trunk/twext/who/opendirectory/_service.py	2014-05-16 18:35:25 UTC (rev 13490)
+++ twext/trunk/twext/who/opendirectory/_service.py	2014-05-16 19:51:07 UTC (rev 13491)
@@ -111,12 +111,21 @@
     fieldName = ConstantsContainer((BaseDirectoryService.fieldName, FieldName))
 
 
-    def __init__(self, nodeName=ODSearchPath.search.value):
+    def __init__(
+        self,
+        nodeName=ODSearchPath.search.value,
+        suppressSystemRecords=False
+    ):
         """
         @param nodeName: the OpenDirectory node to query against.
         @type nodeName: bytes
+
+        @parm suppressSystemRecords: If True, any results returned from this
+            service will not contain Mac OS X "system" records.
+        @type suppressSystemRecords: C{Boolean}
         """
         self._nodeName = nodeName
+        self._suppressSystemRecords = suppressSystemRecords
 
 
     @property
@@ -505,6 +514,69 @@
         return query
 
 
+    def _isSystemRecord(self, odRecord):
+        """
+        Examines the OD record to see if it's a Mac OS X system account record.
+
+        @param odRecord: an OD record object
+
+        @return: True if system account record, False otherwise
+        @rtype: C{Boolean}
+        """
+        details, error = odRecord.recordDetailsForAttributes_error_(None, None)
+
+        if error:
+            self.log.error(
+                "Error while reading OpenDirectory record: {error}",
+                error=error
+            )
+            raise OpenDirectoryDataError(
+                "Unable to read OpenDirectory record", error
+            )
+
+        # GeneratedUID matches a special pattern
+        guid = details.get(ODAttribute.guid.value, (u"",))[0]
+        if guid.lower().startswith("ffffeeee-dddd-cccc-bbbb-aaaa"):
+            return True
+
+        # ISHidden is True
+        isHidden = details.get(ODAttribute.isHidden.value, False)
+        if isHidden:
+            return True
+
+        # Record-type specific indicators...
+        recType = details.get(ODAttribute.recordType.value, (u"",))[0]
+
+        # ...users with UniqueID <= 500
+        if recType == ODRecordType.user.value:
+            uniqueId = int(
+                details.get(ODAttribute.uniqueId.value, (u"0",))[0]
+            )
+            if uniqueId <= 500:
+                return True
+
+        # ...groups with PrimaryGroupID <= 500
+        elif recType == ODRecordType.group.value:
+            primaryGroupId = int(
+                details.get(ODAttribute.primaryGroupId.value, (u"0",))[0]
+            )
+            if primaryGroupId <= 500:
+                return True
+
+        # RecordName matches specific prefixes; if *all* RecordName values for
+        # a record start with either of these prefixes, it's a system record.
+        shortNames = details.get(ODAttribute.shortName.value, (u"",))
+        for shortName in shortNames:
+            if not (
+                shortName.startswith("_") or shortName.startswith("com.apple.")
+            ):
+                break
+        else:
+            return True
+
+        return False
+
+
     def _recordsFromQuery(self, query):
         """
         Executes a query and generates directory records from it.
@@ -536,6 +608,11 @@
 
         result = []
         for odRecord in odRecords:
+
+            # Conditionally suppress system records
+            if self._suppressSystemRecords and self._isSystemRecord(odRecord):
+                continue
+
             try:
                 record = DirectoryRecord(self, odRecord)
             except InvalidDirectoryRecordError as e:
@@ -759,8 +836,14 @@
 
         fields = {}
         for name, values in details.iteritems():
-            if name == ODAttribute.metaRecordName.value:
+            if name in (
                 # We get this field even though we did not ask for it...
+                ODAttribute.metaRecordName.value,
+                # We fetch these records to look for system accounts...
+                ODAttribute.uniqueId.value,
+                ODAttribute.primaryGroupId.value,
+                ODAttribute.isHidden.value,
+            ):
                 continue
 
             try:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20140516/6eabd95d/attachment.html>


More information about the calendarserver-changes mailing list