summaryrefslogtreecommitdiffstats
path: root/userconfig/unixauthdb.py
diff options
context:
space:
mode:
Diffstat (limited to 'userconfig/unixauthdb.py')
-rwxr-xr-xuserconfig/unixauthdb.py1154
1 files changed, 1154 insertions, 0 deletions
diff --git a/userconfig/unixauthdb.py b/userconfig/unixauthdb.py
new file mode 100755
index 0000000..92ffcc8
--- /dev/null
+++ b/userconfig/unixauthdb.py
@@ -0,0 +1,1154 @@
+#!/usr/bin/python
+###########################################################################
+# Copyright (C) 2004-2006 by Simon Edwards
+#
+# Copyright: See COPYING file that comes with this distribution
+#
+###########################################################################
+# An API for querying and modifying the authorisation database on Unix systems.
+#
+# The first function that you need to use is getContext(). It returns a
+# Context object that contains all relevant information concerning
+# the current authorisation database on this machine.
+
+import crypt
+import random
+import fcntl
+import time
+import os
+import os.path
+import stat
+import shutil
+import codecs
+import locale
+import tempfile
+
+ldaperror = ""
+try:
+ import ldap
+except ImportError:
+ ldaperror = "The LDAP Python Module is not installed, but needed to use LDAP. Install it."
+
+def createTempFile(origfile):
+ origstat = os.stat(origfile)
+ tmp_prefix = os.path.basename(origfile) + "."
+ tmp_dir = os.path.dirname(origfile)
+ try:
+ ret = tempfile.mkstemp(prefix=tmp_prefix, dir=tmp_dir)
+ except:
+ raise IOError, "Unable to create a new temporary file for " + origfile
+ (fd, tmpfile) = ret
+ shutil.copymode(origfile, tmpfile)
+ os.chown(tmpfile, origstat.st_uid, origstat.st_gid)
+
+ return ret
+
+def getContext(editmode=False):
+ """Get a Context object describing the system's authorisation database.
+
+ Parameters:
+
+ editmode - Set to true if you also wish change the information in this
+ context. Root access is required. Defaults to false.
+
+ Returns a Context object.
+
+ If the environmental variable "USERCONFIG_USES_LDAP" is set to "true",
+ userconfig will use LDAP as the backend. This feature is in development
+ and using it is not recommended, it won't work.
+ """
+
+ # Detect what kind of auth system we are running on and create
+ # and initialise the corresponding Context object type.
+
+ # Check for Mandrake
+
+ # Check libuser.conf
+ try:
+ if os.environ["USERCONFIG_USES_LDAP"].lower() == "true":
+ use_ldap = True
+ except KeyError,e:
+ use_ldap = False
+ if not use_ldap:
+ return PwdContext(editmode)
+ else:
+ print "==================================================================="
+ print "Warning:"
+ print "\tYou are using LDAP as backend. This feature is under development"
+ print "\tand it is currently not recommended to use it."
+ print "\tIf you do not want to use LDAP as backend, set the environmental"
+ print "\tvariabale 'USERCONFIG_USES_LDAP' to 'False'."
+ print "==================================================================="
+ return LdapContext(editmode)
+
+###########################################################################
+# Base classes.
+#
+class Context(object):
+ """Contains all of the information about the current authorisation
+ database, plus some useful methods for modify this information.
+
+ """
+ def __init__(self):
+ self._users = []
+ self._groups = []
+ self._shells = None
+ self._setDefaultValues()
+
+ def newUser(self,defaults=False,systemuser=False):
+ """Create a new UnixUser object.
+
+ Creates a new blank UnixUser object. The object is not part of the
+ current Context. You need to add it yourself using addUser().
+
+ Newly allocated UIDs are unique with respect to the list of UnixUser
+ objects in the Context.
+
+ Keyword arguments:
+ defaults -- Set to true if the new object should be filled in with
+ reasonable default values for the UID and username.
+ (default False)
+ systemuser -- Should the new user be allocated a UID from the system
+ range of UIDs. (default is False)
+
+ Returns a new UnixUser object.
+ """
+ newuserobj = self._createUser()
+ if defaults:
+ if systemuser:
+ r = xrange(0,self.last_system_uid)
+ else:
+ r = xrange(self.first_uid,self.last_uid)
+ for candiate in r:
+ for u in self._users:
+ if u.getUID()==candiate:
+ break
+ else:
+ newuserobj.setUID(candiate)
+ break
+
+ if self.lookupUsername(u'new_user') is None:
+ newuserobj.setUsername(u'new_user')
+ else:
+ i = 1
+ while 1:
+ if self.lookupUsername(u'new_user_'+str(i)) is None:
+ newuserobj.setUsername(u'new_user_'+str(i))
+ break
+ i += 1
+ return newuserobj
+
+ def getUsers(self):
+ """Get a list of all existing users.
+
+ Returns an array of UnixUser objects.
+ """
+ #print "USERS:", self._users
+ return self._users[:]
+
+ def getGroups(self):
+ """Get a list of all existing groups.
+
+ Returns an array of UnixGroup objects.
+ """
+ try:
+ self._groups.remove("new_user")
+ except ValueError:
+ print "no user removed"
+ pass
+ return self._groups[:]
+
+ def newGroup(self,defaults=False,systemgroup=False):
+ """Create a new UnixGroup object.
+
+ Creates a new blank UnixGroup object. The object is not part of the
+ current Context. You need to add it yourself using addGroup().
+
+ Newly allocated GIDs are unique with respect to the list of UnixGroup
+ objects in the Context.
+
+ Keyword arguments:
+ defaults -- Set to true if the new object should be filled in with
+ reasonable default values for the GID and groupname.
+ (default False)
+ systemgroup -- Set to True if the newly allocated GID should come
+ from the pool of system group IDs. (default False)
+
+ Returns a new UnixGroup object.
+ """
+ newgroupobj = self._createGroup()
+ if defaults:
+ if systemgroup:
+ r = xrange(0,self.last_system_gid)
+ else:
+ r = xrange(self.first_gid,self.last_gid)
+ for candiate in r:
+ for u in self._groups:
+ if u.getGID()==candiate:
+ break
+ else:
+ newgroupobj.setGID(candiate)
+ break
+ if self.lookupGroupname(u'new_group') is None:
+ newgroupobj.setGroupname(u'new_group')
+ else:
+ i = 1
+ while 1:
+ if self.lookupGroupname(u'new_user_'+str(i)) is None:
+ newgroupobj.setGroupname(u'new_user_'+str(i))
+ break
+ i += 1
+ return newgroupobj
+
+ def _createGroup(self):
+ raise NotImplementedError, "Context.newGroup()"
+
+ def addUser(self,userobj):
+ """Adds the given user to the authorisation database.
+
+ This change only takes effect after calling context.save().
+
+ Keyword arguments:
+ userobj -- The UnixUser object to add.
+ """
+ self._users.append(userobj)
+
+ def addGroup(self,groupobj):
+ """Adds the given group to the authorisation database.
+
+ This change only takes effect after calling context.save().
+
+ Keyword arguments:
+ groupobj -- The UnixGroup object to add.
+ """
+ if groupobj not in self._groups:
+ self._groups.append(groupobj)
+
+ def removeUser(self,userobj):
+ """Removes the given user object from the authorisation database.
+
+ The user is also removed from all groups.
+
+ This change only takes effect after calling context.save().
+ """
+ for g in userobj.getGroups():
+ userobj.removeFromGroup(g)
+
+ self._users.remove(userobj)
+
+ def removeGroup(self,groupobj):
+ """Removes the given group object from the authorisation database.
+
+ All users are removed from the group.
+
+ This change only takes effect after calling context.save().
+ """
+ for u in groupobj.getUsers():
+ u.removeFromGroup(groupobj)
+
+ self._groups.remove(groupobj)
+
+ def lookupUID(self,uid):
+ """Lookup a UnixUser object by its numeric user ID.
+
+ Keyword arguments:
+ uid -- User ID to lookup, integer.
+
+ Returns the matching UnixUser object or None if it was not found.
+ """
+ for user in self._users:
+ if user.getUID()==uid:
+ return user
+ return None
+
+ def lookupUsername(self,username):
+ """Lookup a UnixUser object by username.
+
+ Keyword arguments:
+ username -- Username to lookup, string.
+
+ Returns the matching UnixUser object or None if it was not found.
+ """
+ for user in self._users:
+ if user.getUsername()==username:
+ return user
+ return None
+
+ def lookupGID(self,gid):
+ """Lookup a UnixGroup object by its numeric group ID.
+
+ Keyword arguments:
+ gid -- Group ID to lookup, integer.
+
+ Returns the matching UnixGroup object or None if it was not found.
+ """
+ for group in self._groups:
+ if group.getGID()==gid:
+ return group
+ return None
+
+ def lookupGroupname(self,groupname):
+ """Lookup a UnixGroup object by groupname.
+
+ Returns the matching UnixGroup object or None if it was not found.
+ """
+ for group in self._groups:
+ if group.getGroupname()==groupname:
+ return group
+ return None
+
+ def getUserShells(self):
+ """Get the list of available login shells.
+
+ Returns an array of strings.
+ """
+ if self._shells is None:
+ self._shells = []
+ fhandle = codecs.open('/etc/shells','r',locale.getpreferredencoding())
+ for l in fhandle.readlines():
+ # TODO: strangely this lets some comented lines slip through
+ if len(l.strip()) > 1 and l.strip()[0] is not "#":
+ # Only show existing shells
+ if os.path.isfile(l.strip()):
+ self._shells.append(l.strip())
+ fhandle.close()
+ return self._shells[:]
+
+ def save(self):
+ """Synchronises the Context with the underlying operating system.
+
+ After a successful save, any changes to the Context will be reflected
+ system wide.
+ """
+ raise NotImplementedError, "Context.save()"
+
+ def createHomeDirectory(self,userobj):
+ if os.path.exists(userobj.getHomeDirectory()):
+ raise IOError, u"Home directory %s already exists." % userobj.getHomeDirectory()
+
+ # Copy the skeleton directory over
+ shutil.copytree(self._getSkeletonDirectory(),userobj.getHomeDirectory(),True)
+
+ # Fix the file ownership stuff
+ uid = userobj.getUID()
+ gid = userobj.getPrimaryGroup().getGID()
+ os.chmod(userobj.getHomeDirectory(),self.dir_mode)
+ #os.system("chmod "+self.dir_mode+" "+userobj.getHomeDirectory())
+ #print "Setting permissions:", userobj.getHomeDirectory(),self.dir_mode
+ os.lchown(userobj.getHomeDirectory(),uid,gid)
+ for root,dirs,files in os.walk(userobj.getHomeDirectory()):
+ for d in dirs:
+ os.lchown(os.path.join(root,d),uid,gid)
+ for f in files:
+ os.lchown(os.path.join(root,f),uid,gid)
+
+ def removeHomeDirectory(self,userobj):
+ if os.path.exists(userobj.getHomeDirectory()):
+ shutil.rmtree(userobj.getHomeDirectory())
+
+ def _createUser(self):
+ raise NotImplementedError, "Context._createUser()"
+
+ def _sanityCheck(self):
+ userids = []
+ for u in self._users:
+ if isinstance(u,UnixUser)==False:
+ raise TypeError,"Found an object in the list of users that is not a UnixUser object."
+ uid = u.getUID()
+ if uid in userids:
+ raise ValueError, "User ID %i appears more than once." % uid
+ userids.append(uid)
+ u._sanityCheck()
+
+ groupids = []
+ for g in self._groups:
+ if isinstance(g,UnixGroup)==False:
+ raise TypeError,"Found an object in the list of groups that is not a UnixGroup object."
+ gid = g.getGID()
+ if gid in groupids:
+ raise ValueError, "Group ID %i appears more than once." % gid
+ groupids.append(gid)
+ g._sanityCheck()
+
+ def _getSkeletonDirectory(self):
+ return self.skel
+
+ def _readAdduserConf(self):
+ """ Fill a dictionary with the values from /etc/adduser.conf
+ which then can be used as default values, if the file exists
+ at least.
+ Attention: We're not validating!"""
+ self.defaults = {}
+ self.adduserconf = '/etc/adduser.conf'
+ if not os.path.isfile(self.adduserconf):
+ return
+ fhandle = codecs.open(self.adduserconf,'r',locale.getpreferredencoding())
+ for line in fhandle.readlines():
+ line = line.strip()
+ parts = line.split("=")
+ if len(parts) == 2:
+ self.defaults[str(parts[0].strip())] = parts[1].strip()
+
+ def _setDefaultValues(self):
+ """ Set a lot of default values for UIDs and GIDs, try to use the values
+ from /etc/adduser.conf."""
+ self._readAdduserConf()
+
+ try:
+ self.skel = self.defaults["SKEL"]
+ except KeyError:
+ self.skel = '/etc/skel'
+
+ # IDs for new users and groups.
+ try:
+ self.first_uid = int(self.defaults['FIRST_UID'])
+ except (KeyError,ValueError):
+ self.first_uid = 1000
+
+ try:
+ self.last_uid = int(self.defaults["LAST_UID"])
+ except (KeyError,ValueError):
+ self.last_uid = 29999
+
+ try:
+ self.first_gid = int(self.defaults["FIRST_GID"])
+ except (KeyError,ValueError):
+ self.first_gid = 1000
+
+ try:
+ self.last_gid = int(self.defaults["LAST_GID"])
+ except (KeyError,ValueError):
+ self.last_gid = 65534
+
+ # Which IDs are system user and system groups?
+ try:
+ self.first_system_uid = int(self.defaults["FIRST_SYSTEM_UID"])
+ except (KeyError,ValueError):
+ self.first_system_uid = 500
+
+ try:
+ self.last_system_uid = int(self.defaults["LAST_SYSTEM_UID"])
+ except (KeyError,ValueError):
+ self.last_system_uid = 65534
+
+ try:
+ self.first_system_gid = int(self.defaults["FIRST_SYSTEM_GID"])
+ except (KeyError,ValueError):
+ self.first_system_gid = 500
+
+ try:
+ self.last_system_gid = int(self.defaults["LAST_SYSTEM_GID"])
+ except (KeyError,ValueError):
+ self.last_system_gid = 65534
+
+ # More defaults which might make sense.
+ try:
+ self.dir_mode = int(self.defaults["DIR_MODE"],8)
+ except (KeyError,ValueError):
+ self.dir_mode = int("0755",8)
+ print "Didn't read default DIR_MODE"
+
+ try:
+ self.dhome = self.defaults["DHOME"]
+ except KeyError:
+ self.dhome = "/home"
+
+ try:
+ self.dshell = self.defaults["DSHELL"]
+ except KeyError:
+ # Will be set in showNewUser()
+ self.dshell = None
+
+###########################################################################
+class UnixUser(object):
+ def __init__(self,context):
+ self._context = context
+ self._uid = None
+ self._username = None
+
+ # UnixGroup object.
+ self._primarygroup = None
+
+ # List of UnixGroup objects.
+ self._groups = []
+
+ self._gecos = None
+ self._homedirectory = None
+ self._loginshell = None
+
+ self._islocked = False
+
+ self._encpass = ""
+
+ # FIXME : This should actually be days since epoch or something like this
+ self._passlastchange = 0
+ self._passminimumagebeforechange = 0
+ self._passmaximumage = None
+ self._passexpirewarn = 7
+ self._passexpiredisabledays = None
+ self._disableddays = None
+
+ def polish(self):
+ primary_group = self._context.lookupGID(self._gid)
+ if primary_group is None:
+ # The GID didn't match an existing group. Quickly make a new group.
+ new_group = self._context.newGroup()
+ new_group.setGID(self._gid)
+
+ new_group_name = u"group%i" % self._gid
+ i = 0
+ while self._context.lookupGroupname(new_group_name) is not None:
+ i += 1
+ new_group_name = u"group%i_%i" % (self._gid,i)
+ new_group.setGroupname(new_group_name)
+
+ self._context.addGroup(new_group)
+ primary_group = new_group
+
+ self.setPrimaryGroup(primary_group)
+ for group in self._context._groups:
+ if group.contains(self):
+ self._groups.append(group)
+
+ def getUID(self):
+ """Get the unix user ID.
+
+ Returns the integer.
+ """
+ return self._uid
+
+ def setUID(self,uid):
+ """Set the unix user ID.
+
+ Keyword arguments:
+ uid -- Integer user id.
+ """
+ uid = int(uid)
+ if uid<0:
+ raise ValueError, "User ID (%i) is a negative number." % uid
+ self._uid = uid
+
+ def isSystemUser(self):
+ """See if this user is a system user.
+
+ Returns True or False.
+ """
+ return not (self._context.first_uid <= self._uid < self._context.last_uid)
+
+ def getUsername(self): return self._username
+
+ def setUsername(self,username): self._username = username
+
+ def getPrimaryGroup(self):
+ """Get the primary group for this user.
+
+ Returns a UnixGroup object.
+ """
+ return self._primarygroup
+
+ def setPrimaryGroup(self,groupobj):
+ """Set the primary group for this user.
+
+ If the given group is not part of this user's list of groups, then
+ it will be added.
+
+ Keyword arguments:
+ groupobj -- The group to set as the primary group.
+ """
+ self.addToGroup(groupobj)
+ self._primarygroup = groupobj
+
+ def getGroups(self):
+ """Get the list of groups that this user belongs to.
+
+ The user's primary group is also included in the returned list.
+
+ Returns a list of UnixGroup objects. Modify the list does not affect
+ this UnixUser object.
+ """
+ return self._groups[:]
+
+ def addToGroup(self,groupobj):
+ """Add this user to the given group.
+
+ Keyword arguments:
+ groupobj -- UnixGroup object.
+ """
+ groupobj._addUser(self)
+ if groupobj not in self._groups:
+ self._groups.append(groupobj)
+
+ def removeFromGroup(self,groupobj):
+ """Remove this user from the given group.
+
+ If group is current this user's primary group, then
+
+ Keyword arguments:
+ groupobj -- UnixGroup object.
+ """
+ groupobj._removeUser(self)
+ try:
+ self._groups.remove(groupobj)
+ except ValueError:
+ pass
+ if self._primarygroup is groupobj:
+ if len(self._groups)==0:
+ self._primarygroup = None
+ else:
+ self._primarygroup = self._groups[0]
+
+ def setPassword(self,password):
+ # Make some salt.
+ space = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQSRTUVWXYZ0123456789./'
+ salt = ""
+ for x in range(8):
+ salt += space[random.randint(0,len(space)-1)]
+ self._encpass = crypt.crypt(password,'$1$'+salt+'$')
+
+ def isLocked(self): return self._islocked
+ def setLocked(self,locked): self._islocked = locked
+
+ def getRealName(self):
+ if not self._gecos:
+ return ""
+ try:
+ return self._gecos.split(",")[0]
+ except AttributeError:
+ return self._gecos
+
+ def setRealName(self,realname): self._gecos = realname
+ def getHomeDirectory(self): return self._homedirectory
+ def setHomeDirectory(self,homedirectory): self._homedirectory = homedirectory
+ def getLoginShell(self): return self._loginshell
+ def setLoginShell(self,loginshell): self._loginshell = loginshell
+
+ # 'None' means that there is no maximum password age.
+ def getMaximumPasswordAge(self): return self._passmaximumage
+ def setMaximumPasswordAge(self,days): self._passmaximumage = days
+
+ def getMinimumPasswordAgeBeforeChange(self): return self._passminimumagebeforechange
+ def setMinimumPasswordAgeBeforeChange(self,days): self._passminimumagebeforechange = days
+ def getPasswordDisableAfterExpire(self): return self._passexpiredisabledays
+ def setPasswordDisableAfterExpire(self,days): self._passexpiredisabledays = days
+ def getPasswordExpireWarning(self): return self._passexpirewarn
+ def setPasswordExpireWarning(self,days): self._passexpirewarn = days
+ def getLastPasswordChange(self): return self._passlastchange
+ def getExpirationDate(self): return self._disableddays
+ def setExpirationDate(self,unixdate): self._disableddays = unixdate
+
+ def __str__(self):
+ return "%s(%i)" % (self._username,self._uid)
+
+ def _sanityCheck(self):
+ if self._primarygroup is None:
+ raise ValueError,"Userobj has no primary group!"
+ if self._uid is None:
+ raise ValueError,"Userobj has no UID!"
+
+###########################################################################
+class UnixGroup(object):
+ def __init__(self,context):
+ self._context = context
+
+ # List of UnixUser objects.
+ self._members = []
+
+ self._gid = None
+ self._groupname = None
+
+ def contains(self,userobj):
+ """Check if a the given user is a member of this group.
+
+ Returns True or False.
+ """
+ return userobj in self._members
+
+ def polish(self): pass
+ def isSystemGroup(self):
+ """Check if this group is a system group.
+
+ Returns True or False.
+ """
+ return not (self._context.first_gid <= self._gid < self._context.last_gid)
+ #return not (500 <= self._gid < 65534)
+
+ def getGID(self):
+ """Get the unix group ID.
+
+ Returns the integer group id.
+ """
+ return self._gid
+
+ def setGID(self,gid):
+ """Set the unix group ID.
+
+ Keyword arguments:
+ gid -- new group id, integer.
+ """
+ self._gid = gid
+
+ def getGroupname(self): return self._groupname
+ def setGroupname(self,groupname): self._groupname = groupname
+ def getUsers(self): return self._members[:]
+ def _addUser(self,userobj):
+ if not self.contains(userobj):
+ self._members.append(userobj)
+
+ def _removeUser(self,userobj):
+ try:
+ self._members.remove(userobj)
+ except ValueError:
+ pass
+
+ def __str__(self):
+ # FIXME encoding
+ return str(self._groupname) + " (" + str(self._gid) + ") " + str([str(u) for u in self._members])
+
+ def _sanityCheck(self):
+ pass
+
+###########################################################################
+class PwdContext(Context):
+ #def __init__(self,editmode,passwordfile="etc-passwd",groupfile='etc-group',shadowfile="etc-shadow"):
+ def __init__(self,editmode,passwordfile="/etc/passwd",groupfile='/etc/group',shadowfile="/etc/shadow"):
+ Context.__init__(self)
+ self.__editmode = editmode
+ self.__passwordfile = passwordfile
+ self.__groupfile = groupfile
+ self.__shadowfile = shadowfile
+ self._setDefaultValues()
+
+ # Read in the password file
+ fhandle = codecs.open(passwordfile,'r',locale.getpreferredencoding())
+ if LockFDRead(fhandle.fileno())==False:
+ raise IOError,"Unable to lock the "+passwordfile+" file."
+ try:
+ for line in fhandle.readlines():
+ if line.strip()!="":
+ newuserobj = self.newUser(False)
+ newuserobj._initString(line)
+ self._users.append(newuserobj)
+ finally:
+ UnlockFD(fhandle.fileno())
+ fhandle.close()
+
+ # Read the group file
+ fhandle = codecs.open(groupfile,'r',locale.getpreferredencoding())
+ if LockFDRead(fhandle.fileno())==False:
+ raise IOError,"Unable to lock the "+groupfile+" file."
+ try:
+ for line in fhandle.readlines():
+ if line.strip()!="":
+ newgroupobj = self.newGroup(False)
+ newgroupobj._initString(line)
+ self._groups.append(newgroupobj)
+ finally:
+ UnlockFD(fhandle.fileno())
+ fhandle.close()
+
+ if self.__editmode:
+ # Load up the info from the shadow file too.
+ fhandle = codecs.open(shadowfile,'r',locale.getpreferredencoding())
+ if LockFDRead(fhandle.fileno())==False:
+ raise IOError,"Unable to lock the "+shadowfile+" file."
+ try:
+ for line in fhandle.readlines():
+ if line.strip()!="":
+ try:
+ (username,encpass,passlastchange,passminimumagebeforechange,passmaximumage, \
+ passexpirewarn,passexpiredisabledays,disableddays,reserve) = \
+ tuple(line.strip().split(":"))
+ userobj = self.lookupUsername(username)
+ if userobj is not None:
+ if encpass=="":
+ encpass = u"*"
+ userobj._encpass = encpass
+ if userobj._encpass[0]=='!':
+ userobj._islocked = True
+ userobj._encpass = userobj._encpass[1:]
+ else:
+ userobj._islocked = False
+ # FIXME : set time
+ if passlastchange and passlastchange!=u"None":
+ userobj._passlastchange = int(passlastchange)
+ else:
+ passlastchange = 0
+
+ if passminimumagebeforechange=="":
+ passminimumagebeforechange = None
+ else:
+ passminimumagebeforechange = int(passminimumagebeforechange)
+ if passminimumagebeforechange>=99999:
+ passminimumagebeforechange = None
+ userobj._passminimumagebeforechange = passminimumagebeforechange
+
+ if passmaximumage=="":
+ passmaximumage = None
+ else:
+ passmaximumage = int(passmaximumage)
+ if passmaximumage>=99999:
+ passmaximumage = None
+ userobj._passmaximumage = passmaximumage
+
+ if passexpirewarn=="":
+ passexpirewarn = None
+ else:
+ passexpirewarn = int(passexpirewarn)
+ if passexpirewarn>=99999:
+ passexpirewarn = None
+ userobj._passexpirewarn = passexpirewarn
+
+ if passexpiredisabledays=="":
+ userobj._passexpiredisabledays = None
+ else:
+ userobj._passexpiredisabledays = int(passexpiredisabledays)
+
+ if disableddays=="" or disableddays==u"99999":
+ userobj._disableddays = None
+ else:
+ userobj._disableddays = int(disableddays)
+
+ userobj._reserve = reserve
+ else:
+ print "Couldn't find",username
+ except ValueError:
+ pass
+ finally:
+ UnlockFD(fhandle.fileno())
+ fhandle.close()
+
+ for group in self._groups:
+ group.polish()
+ for user in self._users:
+ user.polish()
+
+ def _createUser(self):
+ return PwdUser(self)
+
+ def _createGroup(self):
+ return PwdGroup(self)
+
+ def save(self):
+ if self.__editmode==False:
+ raise IOError, "Can't save, the context was created Read only."
+
+ self._sanityCheck()
+
+ # Write out the new password file.
+ (fd, tmpname) = createTempFile(self.__passwordfile)
+ for u in self._users:
+ os.write(fd, u._getPasswdEntry().encode(locale.getpreferredencoding(),'replace'))
+ #print u._getPasswdEntry()
+ os.close(fd)
+
+ # Update the passwd file
+ passwordlock = os.open(self.__passwordfile, os.O_WRONLY) # FIXME encoding
+ if LockFDWrite(passwordlock)==False:
+ raise IOError,"Couldn't get a write lock on "+self.__passwordfile
+ try:
+ os.rename(tmpname, self.__passwordfile)
+ finally:
+ UnlockFD(passwordlock)
+ os.close(passwordlock)
+
+ # Write out the new group file
+ (fd, tmpname) = createTempFile(self.__groupfile)
+ origstat = os.stat(self.__groupfile)
+ for g in self._groups:
+ os.write(fd,g._getGroupFileEntry().encode(locale.getpreferredencoding()))
+ #print g._getGroupFileEntry()[:-1]
+ os.close(fd)
+ os.chown(tmpname, origstat.st_uid, origstat.st_gid)
+
+ # Update the group file.
+ grouplock = os.open(self.__groupfile, os.O_WRONLY)
+ if LockFDWrite(grouplock)==False:
+ raise IOError,"Couldn't get write lock on "+self.__groupfile
+ try:
+ os.rename(tmpname, self.__groupfile)
+ finally:
+ UnlockFD(grouplock)
+ os.close(grouplock)
+
+ # Write out the new shadow file
+ origstat = os.stat(self.__shadowfile)
+ (fd, tmpname) = createTempFile(self.__shadowfile)
+ for u in self._users:
+ os.write(fd,u._getShadowEntry().encode(locale.getpreferredencoding()))
+ #print u._getShadowEntry()[:-1]
+ os.close(fd)
+
+ # Update the shadow file.
+
+ # Make sure that it is writable.
+ if (origstat.st_mode & stat.S_IWUSR)==0:
+ os.chmod(self.__shadowfile,origstat.st_mode|stat.S_IWUSR)
+
+ shadowlock = os.open(self.__shadowfile, os.O_WRONLY)
+ if LockFDWrite(shadowlock)==False:
+ raise IOError,"Couldn't get write lock on "+self.__shadowfile
+ try:
+ os.rename(tmpname, self.__shadowfile)
+ finally:
+ UnlockFD(shadowlock)
+ os.close(shadowlock)
+
+ # set the permissions back to thier default.
+ if (origstat.st_mode & stat.S_IWUSR)==0:
+ os.chmod(self.__shadowfile,origstat.st_mode)
+
+###########################################################################
+class LdapContext(Context):
+
+ def __init__(self,editmode,server="localhost",admin_dn="",admin_pass=""):
+ """ Connect to the LDAP server and invoke further actions.
+ """
+ Context.__init__(self)
+ # admin_dn is DistinguishedName? (or dn, for short)
+ self.server = server
+ self.baseDN = "dc=vizZzion,dc=net"
+
+ self.url = "ldap://"+self.server
+
+ self.ldapserver = ldap.initialize(self.url)
+ self.ldapserver.protocol_version = ldap.VERSION3
+
+ self.editmode = editmode
+ if not self.editmode:
+ self.ldapserver.simple_bind("admin",admin_pass)
+ print "Connected to ", self.url
+
+ self._users = self._getUsers()
+
+ def _getUsers(self):
+ """ Retrieve a list of users from the LDAP server.
+ """
+ _users = []
+ print "LdapContext._getUsers"
+ searchScope = ldap.SCOPE_SUBTREE
+ retrieveAttributes = None
+ searchFilter = "cn=*"
+ try:
+ ldap_result_id = self.ldapserver.search(self.baseDN, searchScope, searchFilter, retrieveAttributes)
+ result_set = []
+ while 1:
+ result_type, result_data = self.ldapserver.result(ldap_result_id, 0)
+ if (result_data == []):
+ break
+ else:
+ if result_type == ldap.RES_SEARCH_ENTRY:
+ #print result_data[0][1]
+ #print " --------------------- "
+ result_set.append(result_data[0][1])
+ #print result_set
+ except ldap.LDAPError, e:
+ print "ERROR: ",e
+
+ if len(result_set) == 0:
+ print "No Results."
+ return
+ count = 0
+ """
+ for entry in result_set:
+ for d in entry.keys():
+ print d, "::", entry[d]
+ print "======== Next User =============="
+ """
+ # Walk through result_set and create users.
+ for entry in result_set:
+ try:
+ name = entry['cn'][0]
+ login = entry['uid'][0]
+ loginshell = entry['loginShell'][0]
+ homedirectory = entry['homeDirectory'][0]
+ uid = entry['uidNumber'][0]
+ gid = entry['gidNumber'][0]
+ count = count + 1
+ #print "\n%d. User: %s\n\tName: %s\n\tShell: %s\n\tHomeDir: %s\n\tUID: %s\n\tGID: %s\n" %\
+ # (count, login, name, loginshell, homedirectory, uid, gid)
+ # Create a new userobject
+ new_user = self._createUser()
+ new_user.setHomeDirectory(homedirectory)
+ new_user.setUID(uid)
+ new_user.setRealName(name)
+ new_user.setLoginShell(loginshell)
+ new_user.setUsername(login)
+ _users.append(new_user)
+ print "Number of Users:", len(self._users)
+
+ except KeyError, e:
+ # Debugging output...
+ print "ERR:: ",e
+ print 'err:: ',entry
+ return _users
+
+ def _createUser(self):
+ return LdapUser(self)
+
+ def _createGroup(self):
+ return LdapGroup(self)
+
+ def save(self):
+ print "LdapContext.save() does nothing yet."
+
+###########################################################################
+class LdapUser(UnixUser):
+
+ def __str__(self):
+ return "LdapUser: %s(%i)" % (self._username,self._uid)
+
+
+###########################################################################
+class LdapGroup(UnixGroup):
+
+ def __str__(self):
+ return "LdapGroup: %s(%i)" % (self._username,self._uid)
+
+
+###########################################################################
+class PwdUser(UnixUser):
+ def __init__(self,context):
+ UnixUser.__init__(self,context)
+ self._reserve = u""
+
+ def _initString(self,line):
+ (self._username,x,self._uid,self._gid,self._gecos,self._homedirectory, \
+ self._loginshell) = tuple(line.strip().split(":"))
+ self._uid = int(self._uid)
+ self._gid = int(self._gid)
+
+ def _getPasswdEntry(self):
+ return u":".join( [self._username,
+ u"x",
+ unicode(self._uid),
+ unicode(self._primarygroup.getGID()),
+ self._gecos,
+ self._homedirectory,
+ self._loginshell ] ) + u"\n"
+
+ def _getShadowEntry(self):
+ if self._islocked:
+ encpass = u'!' + self._encpass
+ else:
+ encpass = self._encpass
+
+ if self._passminimumagebeforechange==None:
+ passminimumagebeforechange = ""
+ else:
+ passminimumagebeforechange = str(self._passminimumagebeforechange)
+
+ if self._passmaximumage==None:
+ passmaximumage = u"99999"
+ else:
+ passmaximumage = unicode(self._passmaximumage)
+
+ if self._disableddays==None:
+ disableddays = u""
+ else:
+ disableddays = unicode(self._disableddays)
+
+ if self._passexpiredisabledays==None:
+ passexpiredisabledays = u""
+ else:
+ passexpiredisabledays = unicode(self._passexpiredisabledays)
+
+ if self._passexpirewarn==None:
+ passexpirewarn = u""
+ else:
+ passexpirewarn = unicode(self._passexpirewarn)
+
+ return u":".join( [self._username,
+ encpass,
+ unicode(self._passlastchange),
+ passminimumagebeforechange,
+ passmaximumage,
+ passexpirewarn,
+ passexpiredisabledays,
+ disableddays,
+ self._reserve ])+ u"\n"
+
+###########################################################################
+class PwdGroup(UnixGroup):
+ def __init__(self,context):
+ UnixGroup.__init__(self,context)
+ self._memberids = u""
+ self._encpass = u""
+
+ def _initString(self,line):
+ (self._groupname,self._encpass,self._gid,self._memberids) = tuple(line.strip().split(":"))
+ self._gid = int(self._gid)
+
+ def polish(self):
+ membernames = self._memberids.split(",")
+ for username in membernames:
+ userobj = self._context.lookupUsername(username)
+ if userobj!=None:
+ self._members.append(userobj)
+
+ def _getGroupFileEntry(self):
+ return u":".join( [ self._groupname,
+ self._encpass,
+ unicode(self._gid),
+ u",".join([u.getUsername() for u in self._members if u.getPrimaryGroup() is not self])]) + u"\n"
+
+###########################################################################
+def LockFDRead(fd):
+ retries = 6
+ while retries!=0:
+ try:
+ fcntl.lockf(fd,fcntl.LOCK_SH | fcntl.LOCK_NB)
+ return True
+ except IOError:
+ # Wait a moment
+ time.sleep(1)
+ return False
+
+def LockFDWrite(fd):
+ retries = 6
+ while retries!=0:
+ try:
+ fcntl.lockf(fd,fcntl.LOCK_EX | fcntl.LOCK_NB)
+ return True
+ except IOError:
+ # Wait a moment
+ time.sleep(1)
+ return False
+
+def UnlockFD(fd):
+ fcntl.lockf(fd,fcntl.LOCK_UN)
+
+###########################################################################
+
+if __name__=='__main__':
+ print "Testing"
+ context = getContext(True)
+
+ print "Stopping here..."
+ #import sys
+ #sys.exit(0) ## Remove.
+ #print "Users:"
+ #for user in context.getUsers():
+ for user in context._users:
+ print "--------------------------------------------------"
+ print "UID:",user.getUID()
+ print "Is system user:",user.isSystemUser()
+ print "Username:",user.getUsername()
+ print "Primary Group:",str(user.getPrimaryGroup())
+ print "Groups:",[str(u) for u in user.getGroups()]
+ print "Is locked:",user.isLocked()
+ print "Real name:",user.getRealName()
+ print "Home Dir:",user.getHomeDirectory()
+ print "Maximum password age:",user.getMaximumPasswordAge()
+ print "Minimum password age before change:",user.getMinimumPasswordAgeBeforeChange()
+ print "Expire warning:",user.getPasswordExpireWarning()
+ print "Disable after Expire:",user.getPasswordDisableAfterExpire()
+ #print user._getPasswdEntry()
+
+ print "Groups"
+ for group in context.getGroups():
+ print str(group)
+ #print group._getGroupFileEntry()
+
+ print "Saving"
+ context.save()