use nsscache from within python
111 views
Skip to first unread message
the...@otpme.org
Aug 13, 2015, 6:45:08 PM8/13/15
to nsscache...@googlegroups.com
Hi,
i'm currently writing a PAM module for OTPme (http://otpme.org/) and i
would like to use nsscache for caching user/group data for offline
logins. Although OTPme will come with a simple LDAP server i dont want
to use LDAP to feed nsscache. I intend to use some of nsscache's classes
from within my daemon to update the cache if the user/group db has
changed. i had a quick look at the sources but before trying to figure
it out myself i would like to ask if someone can give me any advice
and/or samples to get started? :)
regards
the2nd
i'm currently writing a PAM module for OTPme (http://otpme.org/) and i
would like to use nsscache for caching user/group data for offline
logins. Although OTPme will come with a simple LDAP server i dont want
to use LDAP to feed nsscache. I intend to use some of nsscache's classes
from within my daemon to update the cache if the user/group db has
changed. i had a quick look at the sources but before trying to figure
it out myself i would like to ask if someone can give me any advice
and/or samples to get started? :)
regards
the2nd
Jamie Wilkinson
Aug 13, 2015, 9:57:10 PM8/13/15
to nsscache...@googlegroups.com
The command.py module contains the main entry points into the nss_cache module, so you can look there; you'll need to construct a config object to pass around but as I remember if you import only nss_cache and its submoduels as you need them, you should be able to use it as a library without much hassle.
https://github.com/google/nsscache/blob/master/nss_cache/command.py#L232 is the main call into the Update code path; the RUn method in the same class sets up the config and flags used.
Hope that helps, let me knwo if there's any more you need to know.
--
You received this message because you are subscribed to the Google Groups "nsscache-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nsscache-discu...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jamie Wilkinson
Aug 13, 2015, 9:57:39 PM8/13/15
to nsscache...@googlegroups.com, the...@otpme.org
Ccing you back as you are probably not on the list!
the...@otpme.org
Aug 19, 2015, 2:59:53 PM8/19/15
to nsscache...@googlegroups.com
Hi,
using the latest master branch from github i was able to generate the
desired cache and index files. :)
my current test code looks like this (mostly copied from the testing
modules :)):
from nss_cache.maps import group
from nss_cache.maps import passwd
from nss_cache.caches import files
config = {'dir': "/tmp/test/"}
cache = files.FilesPasswdMapHandler(config)
entries = []
map_entry = passwd.PasswdMapEntry()
map_entry.name = 'root'
map_entry.passwd = 'x'
map_entry.uid = 0
map_entry.gid = 0
map_entry.gecos = 'Rootsy'
map_entry.dir = '/root'
map_entry.shell = '/bin/bash'
entries.append(map_entry)
pmap = passwd.PasswdMap(entries)
cache.Write(pmap)
cache.WriteIndex()
cache._Commit()
cache = files.FilesGroupMapHandler(config)
entries = []
map_entry = group.GroupMapEntry()
map_entry.name = 'root'
map_entry.passwd = 'x'
map_entry.gid = 0
map_entry.members = ['zero_cool', 'acid_burn']
entries.append(map_entry)
gmap = group.GroupMap(entries)
cache.Write(gmap)
cache.WriteIndex()
cache._Commit()
this looks promising because i now just need to fill in the map_entry
stuff with the user/group data from OTPme.
but i have some other questions now. i've tried to run the same code
with the nsscache version (0.21.14) that was available in portage
(gentoo linux) and got an exception:
Traceback (most recent call last):
File "test_nsscache.py", line 25, in <module>
cache.WriteIndex()
AttributeError: 'FilesPasswdMapHandler' object has no attribute
'WriteIndex'
i havent looked into the details yet but in general i think that it
would be possible to package a fix nsscache version with OTPme instead
of relying on the version that comes with the distribution. i guess that
should not be a big problem as i only use it to create the cache files
(e.g. no network connections involved etc.) and thus the risk of a
security related issue should be low. the main reason beneath the
exception above is that at least on gentoo linux there are some problems
getting nsscacche installed. i stumpled upon these two:
https://bugs.gentoo.org/show_bug.cgi?id=284817
https://bugs.gentoo.org/show_bug.cgi?id=549822
what do you think about a pre packaged nss_cache? any reasons not doing
this?
another question is, how do incremental updates work? my sync daemon
synchronizes only changed objects (users, groups...) and it would be
great to only updated added, deleted and changed users and groups. :)
and the last question is, how do i tell libnss-cache that it should use
cache files from an other directory than /etc/? my daemon runs as user
otpme and i would like to write the cache files to e.g.
/var/cache/otpme/nsscache. my current workaround is to symlink the files
from /var/... to /etc/.
thanks a lot for your help!
regards
the2nd
On 2015-08-14 03:57, 'Jamie Wilkinson' via nsscache-discuss wrote:
> The command.py module contains the main entry points into the
> nss_cache module, so you can look there; you'll need to construct a
> config object to pass around but as I remember if you import only
> nss_cache and its submoduels as you need them, you should be able to
> use it as a library without much hassle.
>
> https://github.com/google/nsscache/blob/master/nss_cache/command.py#L232
> [3] is the main call into the Update code path; the RUn method in the
>
>
> Links:
> ------
> [1] http://otpme.org/
> [2] https://groups.google.com/d/optout
> [3]
> https://github.com/google/nsscache/blob/master/nss_cache/command.py#L232
using the latest master branch from github i was able to generate the
desired cache and index files. :)
my current test code looks like this (mostly copied from the testing
modules :)):
from nss_cache.maps import group
from nss_cache.maps import passwd
from nss_cache.caches import files
config = {'dir': "/tmp/test/"}
cache = files.FilesPasswdMapHandler(config)
entries = []
map_entry = passwd.PasswdMapEntry()
map_entry.name = 'root'
map_entry.passwd = 'x'
map_entry.uid = 0
map_entry.gid = 0
map_entry.gecos = 'Rootsy'
map_entry.dir = '/root'
map_entry.shell = '/bin/bash'
entries.append(map_entry)
pmap = passwd.PasswdMap(entries)
cache.Write(pmap)
cache.WriteIndex()
cache._Commit()
cache = files.FilesGroupMapHandler(config)
entries = []
map_entry = group.GroupMapEntry()
map_entry.name = 'root'
map_entry.passwd = 'x'
map_entry.gid = 0
map_entry.members = ['zero_cool', 'acid_burn']
entries.append(map_entry)
gmap = group.GroupMap(entries)
cache.Write(gmap)
cache.WriteIndex()
cache._Commit()
this looks promising because i now just need to fill in the map_entry
stuff with the user/group data from OTPme.
but i have some other questions now. i've tried to run the same code
with the nsscache version (0.21.14) that was available in portage
(gentoo linux) and got an exception:
Traceback (most recent call last):
File "test_nsscache.py", line 25, in <module>
cache.WriteIndex()
AttributeError: 'FilesPasswdMapHandler' object has no attribute
'WriteIndex'
i havent looked into the details yet but in general i think that it
would be possible to package a fix nsscache version with OTPme instead
of relying on the version that comes with the distribution. i guess that
should not be a big problem as i only use it to create the cache files
(e.g. no network connections involved etc.) and thus the risk of a
security related issue should be low. the main reason beneath the
exception above is that at least on gentoo linux there are some problems
getting nsscacche installed. i stumpled upon these two:
https://bugs.gentoo.org/show_bug.cgi?id=284817
https://bugs.gentoo.org/show_bug.cgi?id=549822
what do you think about a pre packaged nss_cache? any reasons not doing
this?
another question is, how do incremental updates work? my sync daemon
synchronizes only changed objects (users, groups...) and it would be
great to only updated added, deleted and changed users and groups. :)
and the last question is, how do i tell libnss-cache that it should use
cache files from an other directory than /etc/? my daemon runs as user
otpme and i would like to write the cache files to e.g.
/var/cache/otpme/nsscache. my current workaround is to symlink the files
from /var/... to /etc/.
thanks a lot for your help!
regards
the2nd
On 2015-08-14 03:57, 'Jamie Wilkinson' via nsscache-discuss wrote:
> The command.py module contains the main entry points into the
> nss_cache module, so you can look there; you'll need to construct a
> config object to pass around but as I remember if you import only
> nss_cache and its submoduels as you need them, you should be able to
> use it as a library without much hassle.
>
> https://github.com/google/nsscache/blob/master/nss_cache/command.py#L232
> same class sets up the config and flags used.
>
> Hope that helps, let me knwo if there's any more you need to know.
>
> On 14 August 2015 at 07:12, <the...@otpme.org> wrote:
>
>> Hi,
>>
>> i'm currently writing a PAM module for OTPme (http://otpme.org/
>> [1]) and i would like to use nsscache for caching user/group data
>
> Hope that helps, let me knwo if there's any more you need to know.
>
> On 14 August 2015 at 07:12, <the...@otpme.org> wrote:
>
>> Hi,
>>
>> i'm currently writing a PAM module for OTPme (http://otpme.org/
>> for offline logins. Although OTPme will come with a simple LDAP
>> server i dont want to use LDAP to feed nsscache. I intend to use
>> some of nsscache's classes from within my daemon to update the cache
>> if the user/group db has changed. i had a quick look at the sources
>> but before trying to figure it out myself i would like to ask if
>> someone can give me any advice and/or samples to get started? :)
>>
>> regards
>> the2nd
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "nsscache-discuss" group.
>> To unsubscribe from this group and stop receiving emails from it,
>> send an email to nsscache-discu...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout [2].
>> server i dont want to use LDAP to feed nsscache. I intend to use
>> some of nsscache's classes from within my daemon to update the cache
>> if the user/group db has changed. i had a quick look at the sources
>> but before trying to figure it out myself i would like to ask if
>> someone can give me any advice and/or samples to get started? :)
>>
>> regards
>> the2nd
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "nsscache-discuss" group.
>> To unsubscribe from this group and stop receiving emails from it,
>> send an email to nsscache-discu...@googlegroups.com.
>
> --
> You received this message because you are subscribed to the Google
> Groups "nsscache-discuss" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to nsscache-discu...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout [2].
> --
> You received this message because you are subscribed to the Google
> Groups "nsscache-discuss" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to nsscache-discu...@googlegroups.com.
>
>
> Links:
> ------
> [1] http://otpme.org/
> [2] https://groups.google.com/d/optout
> [3]
> https://github.com/google/nsscache/blob/master/nss_cache/command.py#L232
the...@otpme.org
Aug 19, 2015, 9:24:54 PM8/19/15
to nsscache...@googlegroups.com
Replying to myself as i figured it out how to do a incremental sync. I
just use the .GetMap() method to get all current entries of the cache
file and merge them with the new//changed/removed entries i get from my
sync method. its easy and fast. :)
btw. i was on the list so no need to cc me
just use the .GetMap() method to get all current entries of the cache
file and merge them with the new//changed/removed entries i get from my
sync method. its easy and fast. :)
btw. i was on the list so no need to cc me
Reply all
Reply to author
Forward
0 new messages