def process_user(user_rows): row = user_rows[0] uname = row['entity_name'] tmp = posix_user.illegal_name(uname) if tmp: raise BadUsername, "Bad username %s" % tmp if len(uname) > 8: raise BadUsername, "Bad username %s" % uname passwd = row['auth_data'] if passwd is None: passwd = '*' posix_group.posix_gid = row['posix_gid'] gecos = row['gecos'] if gecos is None: gecos = row['name'] if gecos is None: gecos = "GECOS NOT SET" gecos = latin1_to_iso646_60(gecos) shell = shells[int(row['shell'])] if row['quarantine_type'] is not None: now = mx.DateTime.now() quarantines = [] for qrow in user_rows: if (qrow['start_date'] <= now and (qrow['end_date'] is None or qrow['end_date'] >= now) and (qrow['disable_until'] is None or qrow['disable_until'] < now)): # The quarantine found in this row is currently # active. quarantines.append(qrow['quarantine_type']) qh = QuarantineHandler.QuarantineHandler(db, quarantines) if qh.should_skip(): raise UserSkipQuarantine if qh.is_locked(): passwd = '*locked' qshell = qh.get_shell() if qshell is not None: shell = qshell home=posix_user.resolve_homedir(account_name=uname, home=row['disk_id'], disk_path=diskid2path[int(row['disk_id'])]) if home is None: # TBD: Is this good enough? home = '/' if shadow_file: s.write("%s:%s:::\n" % (uname, passwd)) if not passwd[0] == '*': passwd = "!!" line = ':'.join((uname, passwd, str(row['posix_uid']), str(posix_group.posix_gid), gecos, str(home), shell)) if debug: logger.debug(line) f.write(line+"\n")
def create_netgroup_object(self, group_id): assert group_id not in self.netgroupcache cache = self.groupcache[group_id] entry = {'objectClass': ('top', 'nisNetGroup'), 'cn': LDIFutils.iso2utf(cache['name'],) } if 'description' in cache: entry['description'] = \ latin1_to_iso646_60(cache['description']).rstrip(), self.netgroupcache[group_id] = entry
def create_netgroup_object(self, group_id): assert group_id not in self.netgroupcache cache = self.groupcache[group_id] entry = { 'objectClass': ('top', 'nisNetGroup'), 'cn': LDIFutils.iso2utf(cache['name'], ) } if 'description' in cache: entry['description'] = \ latin1_to_iso646_60(cache['description']).rstrip(), self.netgroupcache[group_id] = entry
def process_user(self, user_rows): row = user_rows[0] uname = row['entity_name'] if posix_user.illegal_name(uname): raise BadUsername, "Bad username %s" % uname passwd = row['auth_data'] if passwd is None: passwd = '*' posix_group.posix_gid = row['posix_gid'] gecos = row['gecos'] if gecos is None: gecos = row['name'] if gecos is None: gecos = uname gecos = latin1_to_iso646_60(gecos) shell = self.shells[int(row['shell'])] if row['quarantine_type'] is not None: now = mx.DateTime.now() quarantines = [] for qrow in user_rows: if (qrow['start_date'] <= now and (qrow['end_date'] is None or qrow['end_date'] >= now) and (qrow['disable_until'] is None or qrow['disable_until'] < now)): # The quarantine found in this row is currently # active. quarantines.append(qrow['quarantine_type']) qh = QuarantineHandler.QuarantineHandler(db, quarantines) if qh.should_skip(): raise UserSkipQuarantine if qh.is_locked(): passwd = '*locked' qshell = qh.get_shell() if qshell is not None: shell = qshell if row['disk_id']: disk_path = self.diskid2path[int(row['disk_id'])] else: disk_path = None home = posix_user.resolve_homedir(account_name=uname, home=row['home'], disk_path=disk_path) if home is None: # TBD: Is this good enough? home = '/' return [ uname, passwd, str(row['posix_uid']), str(posix_group.posix_gid), gecos, str(home), shell ]
def ldif_netgroup(self, is_hostg, group_id, group_members, direct_members): """Create the group-entry attributes""" groups = self.type2groups[is_hostg] # TODO: Can we combine these? name = groups[group_id] entry = {'objectClass': ('top', 'nisNetGroup'), 'cn': (name,), 'nisNetgroupTriple': direct_members, 'memberNisNetgroup': group_members} desc = self.group2desc(group_id) if desc: entry['description'] = (latin1_to_iso646_60(desc),) return ','.join(('cn=' + name, self.ngrp_dn)), entry
def process_user(self, user_rows): row = user_rows[0] uname = row['entity_name'] if posix_user.illegal_name(uname): raise BadUsername, "Bad username %s" % uname passwd = row['auth_data'] if passwd is None: passwd = '*' posix_group.posix_gid = row['posix_gid'] gecos = row['gecos'] if gecos is None: gecos = row['name'] if gecos is None: gecos = uname gecos = latin1_to_iso646_60(gecos) shell = self.shells[int(row['shell'])] if row['quarantine_type'] is not None: now = mx.DateTime.now() quarantines = [] for qrow in user_rows: if (qrow['start_date'] <= now and (qrow['end_date'] is None or qrow['end_date'] >= now) and (qrow['disable_until'] is None or qrow['disable_until'] < now)): # The quarantine found in this row is currently # active. quarantines.append(qrow['quarantine_type']) qh = QuarantineHandler.QuarantineHandler(db, quarantines) if qh.should_skip(): raise UserSkipQuarantine if qh.is_locked(): passwd = '*locked' qshell = qh.get_shell() if qshell is not None: shell = qshell if row['disk_id']: disk_path = self.diskid2path[int(row['disk_id'])] else: disk_path = None home = posix_user.resolve_homedir(account_name=uname, home=row['home'], disk_path=disk_path) if home is None: # TBD: Is this good enough? home = '/' return [uname, passwd, str(row['posix_uid']), str(posix_group.posix_gid), gecos, str(home), shell]
def ldif_netgroup(self, is_hostg, group_id, group_members, direct_members): """Create the group-entry attributes""" groups = self.type2groups[is_hostg] # TODO: Can we combine these? name = groups[group_id] entry = { 'objectClass': ('top', 'nisNetGroup'), 'cn': (name, ), 'nisNetgroupTriple': direct_members, 'memberNisNetgroup': group_members } desc = self.group2desc(group_id) if desc: entry['description'] = (latin1_to_iso646_60(desc), ) return ','.join(('cn=' + name, self.ngrp_dn)), entry
def gather_user_data(self, row): data = PosixData() data.account_id = int(row['account_id']) data.uname = self.e_id2name[data.account_id] data.uid = str(row['posix_uid']) data.gid = str(self.g_id2gid[row['gid']]) if not row['shell']: self.logger.warn("User %s has no posix-shell!" % data.uname) return None data.shell = self.shell_tab[int(row['shell'])] data.quarantined, data.passwd = False, None if data.account_id in self.quarantines: qh = QuarantineHandler(self.db, self.quarantines[data.account_id]) if qh.should_skip(): return None if qh.is_locked(): data.quarantined, data.passwd = True, '*Locked' qshell = qh.get_shell() if qshell is not None: data.shell = qshell try: home = self.a_id2home[data.account_id] data.home = self.posix_user.resolve_homedir( account_name=data.uname, home=home[3], disk_path=self.disk_tab[home[1]]) except: self.logger.warn("User %s has no home-directory!" % data.uname) return None cn = gecos = row['gecos'] if data.account_id in self.a_id2owner: cn = self.p_id2name.get(self.a_id2owner[data.account_id], gecos) data.cn = cn or data.uname data.gecos = latin1_to_iso646_60(gecos or data.cn) return data
def user_object(self, row): account_id = int(row['account_id']) uname = row['entity_name'] passwd = '{crypt}*Invalid' if row['auth_data']: if self.auth_format[self.user_auth]['format']: passwd = self.auth_format[self.user_auth]['format'] % \ row['auth_data'] else: passwd = row['auth_data'] else: for uauth in [x for x in self.a_meth if x in self.auth_format]: try: if self.auth_format[uauth]['format']: passwd = self.auth_format[uauth]['format'] % \ self.auth_data[account_id][uauth] else: passwd = self.auth_data[account_id][uauth] except KeyError: pass if not row['shell']: self.logger.warn("User %s have no posix-shell!" % uname) return None, None else: shell = self.shell_tab[int(row['shell'])] if account_id in self.quarantines: self.qh.quarantines = self.quarantines[account_id] if self.qh.should_skip(): return None, None if self.qh.is_locked(): passwd = '{crypt}' + '*Locked' qshell = self.qh.get_shell() if qshell is not None: shell = qshell try: if row['disk_id']: disk_path = self.disk_tab[int(row['disk_id'])] else: disk_path = None home = self.posuser.resolve_homedir(account_name=uname, home=row['home'], disk_path=disk_path) # 22.07.2013: Jira, CRB-98 # Quick fix, treat empty "home" as an error, to make # generate_posix_ldif complete if not home: # This event should be treated the same way as a disk_id # NotFoundError -- it means that a PosixUser has no home # directory set. raise Exception() except (Errors.NotFoundError, Exception): self.logger.warn("User %s has no home-directory!" % uname) return None, None cn = row['name'] or row['gecos'] or uname gecos = latin1_to_iso646_60(row['gecos'] or cn) entry = { 'objectClass': ['top', 'account', 'posixAccount'], 'cn': (LDIFutils.iso2utf(cn), ), 'uid': (uname, ), 'uidNumber': (str(int(row['posix_uid'])), ), 'gidNumber': (str(int(row['posix_gid'])), ), 'homeDirectory': (home, ), 'userPassword': (passwd, ), 'loginShell': (shell, ), 'gecos': (gecos, ) } self.update_user_entry(account_id, entry, row) if not account_id in self.id2uname: self.id2uname[account_id] = uname else: self.logger.warn('Duplicate user-entry: (%s,%s)!', account_id, uname) return None, None dn = ','.join((('uid=' + uname), self.user_dn)) return dn, entry
def user_object(self, row): account_id = int(row['account_id']) uname = row['entity_name'] passwd = '{crypt}*Invalid' if row['auth_data']: if self.auth_format[self.user_auth]['format']: passwd = self.auth_format[self.user_auth]['format'] % \ row['auth_data'] else: passwd = row['auth_data'] else: for uauth in [x for x in self.a_meth if x in self.auth_format]: try: if self.auth_format[uauth]['format']: passwd = self.auth_format[uauth]['format'] % \ self.auth_data[account_id][uauth] else: passwd = self.auth_data[account_id][uauth] except KeyError: pass if not row['shell']: self.logger.warn("User %s have no posix-shell!" % uname) return None, None else: shell = self.shell_tab[int(row['shell'])] if account_id in self.quarantines: self.qh.quarantines = self.quarantines[account_id] if self.qh.should_skip(): return None, None if self.qh.is_locked(): passwd = '{crypt}' + '*Locked' qshell = self.qh.get_shell() if qshell is not None: shell = qshell try: if row['disk_id']: disk_path = self.disk_tab[int(row['disk_id'])] else: disk_path = None home = self.posuser.resolve_homedir(account_name=uname, home=row['home'], disk_path=disk_path) # 22.07.2013: Jira, CRB-98 # Quick fix, treat empty "home" as an error, to make # generate_posix_ldif complete if not home: # This event should be treated the same way as a disk_id # NotFoundError -- it means that a PosixUser has no home # directory set. raise Exception() except (Errors.NotFoundError, Exception): self.logger.warn("User %s has no home-directory!" % uname) return None, None cn = row['name'] or row['gecos'] or uname gecos = latin1_to_iso646_60(row['gecos'] or cn) entry = {'objectClass': ['top', 'account', 'posixAccount'], 'cn': (LDIFutils.iso2utf(cn),), 'uid': (uname,), 'uidNumber': (str(int(row['posix_uid'])),), 'gidNumber': (str(int(row['posix_gid'])),), 'homeDirectory': (home,), 'userPassword': (passwd,), 'loginShell': (shell,), 'gecos': (gecos,)} self.update_user_entry(account_id, entry, row) if not account_id in self.id2uname: self.id2uname[account_id] = uname else: self.logger.warn('Duplicate user-entry: (%s,%s)!', account_id, uname) return None, None dn = ','.join((('uid=' + uname), self.user_dn)) return dn, entry