def sync_unix_users_and_groups(min_uid, max_uid, min_gid, max_gid, check_shell): """ Syncs the Hue database with the underlying Unix system, by importing users and groups from 'getent passwd' and 'getent groups'. This should also pull in users who are accessible via NSS. """ global __users_lock, __groups_lock hadoop_groups = dict((group.gr_name, group) for group in grp.getgrall() \ if (group.gr_gid >= min_gid and group.gr_gid < max_gid) or group.gr_name == 'hadoop') user_groups = dict() __users_lock.acquire() __groups_lock.acquire() # Import groups for name, group in hadoop_groups.iteritems(): try: if len(group.gr_mem) != 0: hue_group = Group.objects.get(name=name) except Group.DoesNotExist: hue_group = Group(name=name) hue_group.save() LOG.info("Created group %s" % (hue_group.name,)) # Build a map of user to groups that the user is a member of members = group.gr_mem for member in members: if member not in user_groups: user_groups[member] = [ hue_group ] else: user_groups[member].append(hue_group) # Now let's import the users hadoop_users = dict((user.pw_name, user) for user in pwd.getpwall() \ if (user.pw_uid >= min_uid and user.pw_uid < max_uid) or user.pw_name in grp.getgrnam('hadoop').gr_mem) for username, user in hadoop_users.iteritems(): try: if check_shell: pw_shell = user.pw_shell if subprocess.call([pw_shell, "-c", "echo"], stdout=subprocess.PIPE) != 0: continue hue_user = User.objects.get(username=username) except User.DoesNotExist: hue_user = User(username=username, password='******', is_active=True, is_superuser=False) hue_user.set_unusable_password() # We have to do a save here, because the user needs to exist before we can # access the associated list of groups hue_user.save() if username not in user_groups: hue_user.groups = [] else: # Here's where that user to group map we built comes in handy hue_user.groups = user_groups[username] hue_user.save() LOG.info(_("Synced user %s from Unix") % hue_user.username) __users_lock.release() __groups_lock.release()
def save_user(request): if request.method == 'POST': form = UserForm(request.POST) if form.is_valid(): user = User() user.first_name = request.POST['name'] user.username = request.POST['username'] user.set_password(request.POST['password']) user.save() user.groups = request.POST.getlist('groups') user.save() return redirect('/permissions/user/') else: form = UserForm() return render(request, 'permissions/user/save.html', { 'form':form })
def create(self, validated_data): emp_name = validated_data['emp_name'] username = validated_data['emp_email'] email = validated_data['emp_email'] groups = validated_data['emp_role'] password = validated_data['password1'] emp_code = validated_data['emp_code'] emp_role = validated_data['emp_role'] emp_report = validated_data['emp_report'] emp_datejoin = validated_data['emp_datejoin'] user_obj = User( username = username, email = email, ) user_obj.save() users_group = Group.objects.get(name=groups) user_obj.groups = [users_group] employee_obj = EmployeeEntryData( emp_name = emp_name, emp_email = email, emp_code = emp_code, emp_role = users_group, emp_report = emp_report, emp_datejoin = emp_datejoin, ) user_obj.set_password(password) employee_obj.save() user_obj.save() activate_obj = ActivateModel( emp_email = email ) activate_obj.save() data = Emailcustomclass('http://192.168.0.11:8000/employee/activate/'+str(activate_obj.id)+'/',str(email)) return validated_data
def activate(request, token=None): data, timestamp = _registration_token_factory.parse_token_or_404(token) try: existing_user = User.objects.get(email__iexact=data['email']) return render(request, 'users/registration/already_activated.html', { 'existing_user': existing_user, }) except User.DoesNotExist: pass form = ActivationForm(request.POST or None) if form.is_valid(): user = User( username=form.cleaned_data['username'], first_name=data['first_name'], last_name=data['last_name'], email=data['email'] ) user.set_password(form.cleaned_data['password']) user.save() user.groups = Group.objects.filter(name__in=settings.DEFAULT_USER_GROUPS) # the userprofile is auto-created, we only have to update some fields. UserProfile.objects.filter(user=user).update(gender=data['gender']) return render(request, 'users/registration/activation_complete.html', { 'activated_user': user, }) return render(request, 'users/registration/activation_form.html', { 'form': form, 'data': data, })
def operating_create(request): permissionss = Permissions.objects.filter(is_del=False) if request.method == "POST": username = request.POST.get('username', '') password = request.POST.get('password', '') permissions = request.POST.get('permissions', 0) joint_venture_account = JointVentureAccount() group_id_list = request.POST.getlist('group_id', '') group_list = Group.objects.filter(id__in=group_id_list) user = User() user.username = username user.set_password(password) user.is_staff = True user.groups = list(group_list) user.save() joint_venture_account.user = user if permissions: ps = Permissions.objects.filter(pk=permissions).first() joint_venture_account.permissions = ps joint_venture_account.save() return HttpResponseRedirect(reverse('web:operating_list')) groups = Group.objects.all() context = { 'module': 'operating', 'permissionss': permissionss, 'DOMAIN': DOMAIN, 'groups': groups, } return render(request, 'super/settings/operating/create.html', context)
def create_user(**kwargs): global counter counter = counter + 1 defaults = { "username": "******" % counter, "first_name": "user%d" % counter, "last_name": "luser%d" % counter, "email": "user%d@luser%d.com" % (counter, counter), "password": "******" % counter, } groups = [] if "groups" in kwargs: groups = kwargs["groups"] del kwargs["groups"] user_permissions = [] if "user_permissions" in kwargs: user_permissions = kwargs["user_permissions"] del kwargs["user_permissions"] defaults.update(kwargs) u = User(**defaults) u.save() u.groups = groups u.user_permissions = user_permissions u.save() return u
def run(self, params, args): # Get Username if len(args) != 1: raise ArgRequired(self, "username") username = args[0] if not username.isalnum(): raise ArgError(self, "username", "must be alphanumeric") # Get Groups that you want the user to belong to (g, admin) = self.fillParams([ ("group", "default"), ("admin", "False"), ]) group_list = g.split(',') # Check to see if username is taken try: u = User.objects.get(username = username) except User.DoesNotExist: u = None if u: raise CommandError(self, "Username %s is already in use" % username) admin = self.str2bool(admin) passwd = self.gen_random_pw() groups = [] for group in group_list: try: g = Group.objects.get(name = group) groups.append(g) except Group.DoesNotExist: raise CommandError(self, "Group %s does not exist." % group ) u = User(username = username) u.set_password(passwd) u.is_superuser = admin u.save() u.groups = groups u.save() hostname = self.getHostnames(['localhost'])[0] domainname = self.getHostAttr('localhost','domainname') if domainname and domainname != '': hostname = "%s.%s" % (hostname, domainname) self.beginOutput() self.addOutput(username, [hostname, passwd]) self.endOutput(header=["username", "hostname","key"])
def create(self, validated_data): groups = validated_data.pop('groups') password = validated_data.pop('password') user = User(**validated_data) if user: user.set_password(password) user.save() Token.objects.create(user=user) if groups: user.groups = groups user.save() return user
def userIntoCaliperDB(request): # create admin user user = User() user.username = '******' user.set_password('zhangxj@123') user.save() admin_group = Group.objects.get(name="admin user") user.groups=[admin_group] # create com user user = User() user.username = '******' user.set_password('123456') user.save() com_group = Group.objects.get(name="com user") user.groups=[com_group] user = User() user.username = '******' user.set_password('hsp') user.save() com_group = Group.objects.get(name="com user") user.groups=[com_group] return HttpResponse("success")
def insert_group(request): if request.method == 'POST': groupname = request.POST.get('name') segment = request.POST.get('segment') if not segment: return render(request, 'passet/insert_group.html', locals()) result = check_ip(segment.split(',')) if result == False: error = "维护标准格式不正确,请输入网段或IP" return render(request, 'passet/insert_group.html', locals()) department = request.POST.get('department') env = request.POST.get('env') manager_str = request.POST.get('manager') managers = manager_str.split(',') if not PGroup.objects.filter(name=groupname): if not Group.objects.filter(name=department): group = Group(name=department) group.save() pgroup = PGroup(name=groupname, segment=segment, department=department, env=env, gtype=1) pgroup.save() for manager in managers: if not User.objects.filter(username=manager): user = User(username=manager) user.save() group_obj = Group.objects.filter(name=department) user.groups = group_obj user.save() else: user = User.objects.get(username=manager) group_obj = Group.objects.get(name=department) user.groups.add(group_obj) user.save() pgroup.manager.add(user) initialise_new() msg = "%s 新建了资产组 %s ,维护标准为 %s ,部门为 %s ,环境为 %s ,管理员为 %s ." % ( request.user, groupname.encode("utf-8"), segment.encode("utf-8"), department.encode("utf-8"), env.encode("utf-8"), manager_str.encode("utf-8")) set_action_log(msg) response = HttpResponseRedirect('/passet') return response return render(request, 'passet/insert_group.html', locals())
def add_user_default_password(crate_user, username, email, is_superuser, is_staff, group_list): user = User() user.username = username user.set_password('LeDao;123') user.email = email user.is_superuser = int(is_superuser) user.is_staff = int(is_staff) user.save() user.groups = Group.objects.filter(name__in=group_list) ########################################## 添加堡垒机用户任务 ########################################## # try: # AddFortressUserTask().addTask(crate_user, username=username, email=email) # except: # pass ########################################## 添加堡垒机用户任务 ########################################## return user
def make_user(name, staff, admin, groups=[]): for k in User.objects.filter(username=name): print 'Deleting user "%s"' % k.username k.delete() user = User() user.username = name user.first_name = name.capitalize() user.last_name = name.capitalize() + 'ston' user.email = '*****@*****.**' % name user.is_staff = staff user.is_active = True user.is_superuser = admin user.set_password(user.username) user.save() user.groups = groups user.save() print 'Created user "%s" with password "%s"' % (name, name)
def new_user(request): if request.method == "POST": data = json.loads(request.POST.get('result')) if not data: return HttpResponseRedirect(reverse('bhoma_admin')) user = User() # HACK: all usernames and passwords are lowercased going into the db user.username = data.get("username").lower() user.set_password(data.get("password").lower()) user.first_name = data.get("fname") user.last_name = data.get("lname") user.email = "" user.is_staff = False # Can't log in to admin site user.is_active = True # Activated upon receipt of confirmation user.is_superuser = False # Certainly not user.last_login = datetime(1970,1,1) user.date_joined = datetime.utcnow() user.save() # have to have an object before you're allowed to edit M2M fields # so do groups/roles last role = data.get("role") if role: try: user.groups = [Group.objects.get(name=role)] except Group.DoesNotExist: logging.error("Unable to give role %s to %s -- permissions may " "not work. Did you forget to run syncdb recently?") return render_to_response(request, "auth/user_reg_complete.html", {"new_user": user, "options": TouchscreenOptions.admin() }) return render_to_response(request, "bhoma_touchscreen.html", {'form': {'name': 'add user', 'wfobj': 'wfNewUser'}, 'mode': 'workflow', 'dynamic_scripts': ["%swebapp/javascripts/user_reg.js" %\ settings.STATIC_URL,] })
def _get_updated_user(login, email, firstname, lastname, groups): """Get an updated instance of a user. The following fields are updated: username, email, first_name, last_name, password (to '(not used)') and is_active. Group list are reset, only groups that exist on the Group table are set for the user. If the user does not exist in the database, a new instance is created. Parameters: login: login of the authenticated user (str). email: email of the authenticated user (str). firstname: firstname of the authenticated user (str). lastname: lastname of the authenticated user (str). groups: group list of the authenticated user (list<str>). Returns an instance of the authenticated user (User). """ try: user = User.objects.get(username=login) except User.DoesNotExist: user = User() user.username = login user.is_active = settings.SHIB_SSO_CREATE_ACTIVE user.is_staff = settings.SHIB_SSO_CREATE_STAFF user.is_superuser = settings.SHIB_SSO_CREATE_SUPERUSER user.save() user.email = email user.first_name = firstname user.last_name = lastname user.password = '******' user.groups = filter(None, map(get_group, groups)) user.save() return user
def change_group_info(request): gid = request.GET.get('id') group = PGroup.objects.get(id=gid) depart_group = Group.objects.get(name=group.department) if request.method == 'POST': manager_all_old = [m for m in group.manager.all()] new_managers_str = request.POST.get('manager') segment = request.POST.get('segment') if not segment: return render(request, 'passet/insert_group.html', locals()) result = check_ip(segment.split(',')) if result == False: error = "维护标准格式不正确,请输入网段或IP" return render(request, 'passet/insert_group.html', locals()) group.segment = segment group.save() new_managers = new_managers_str.split(',') for mao in manager_all_old: if mao.username not in new_managers: group.manager.remove(mao) for nm in new_managers: if not User.objects.filter(username=nm): user = User(username=nm) user.save() user.groups = depart_group user.save() else: user = User.objects.get(username=nm) user.groups.add(depart_group) user.save() group.manager.add(user) initialise_new() response = HttpResponseRedirect('/passet') msg = "%s 编辑了资产组 %s ,将管理员改为 %s ." % (request.user, group, new_managers_str.encode("utf-8")) set_action_log(msg) return response return render(request, 'passet/change_group_info.html', locals())
def import_users(): """ Import des utilisateurs. """ cursor.execute( """ SELECT u.login, u.email, g.nom FROM Utilisateur u, Groupe g WHERE u.idGroupe = g.idGroupe """ ) for row in cursor: if verbose: print("Import de l’utilisateur : {0}".format(row[0])) # Generates a new password password = User.objects.make_random_password() # Creates and saves the new user new_user = User(username=row[0], email=row[1], password=password) new_user.save() # Assigns the right group by filtering on the "groups" list new_user.groups = [Group.objects.get(name=row[2])] new_user.save()
email = sys.argv[1] name = sys.argv[2].title() group = Group.objects.get(name="Redactor") # create user u = User(username=username,email=email,first_name=name) # set staff u.is_staff = True u.is_superuser = False # set password u.set_password(passwd) u.save() # set group u.groups = [group] u.save() # send email # render template content = render_to_string('emails/first_email.html', { 'user': u , 'passwd':passwd}) # send email send_mail('Bienvenido a TheChurchofHorrors', content, u'Rubén Dugo <*****@*****.**>', [email], fail_silently=False)
def initialise(): # 从zeus数据库获取所有asset列表 asset_all # 读config 匹配对应的每个部门分组的网段进行更新 # error = check_conf() if not error: print 'good' else: print error print 'start initialise' cf = ConfigParser.ConfigParser() config = os.path.join(BASE_DIR, 'group.conf') cf.read(config) groups = cf.sections() pgroups = PGroup.objects.filter(gtype=1) for pg in pgroups: if pg.name not in groups: pg.delete() asset_all = get_all_asset_info() delete_user_department() for group in groups: ip_group = [] segments = cf.get(group,"segment").split(",") managers = cf.get(group,"manager").split(",") department = cf.get(group,"department") env = cf.get(group,"env") if not Group.objects.filter(name=department): dgroup = Group(name=department) dgroup.save() for manager in managers: if not User.objects.filter(username=manager): user = User(username=manager) user.save() obj_group = Group.objects.filter(name=department) user.groups = obj_group user.save() else: user = User.objects.get(username=manager) obj_group = Group.objects.get(name=department) user.groups.add(obj_group) user.save() if PGroup.objects.filter(name=group): PGS = PGroup.objects.get(name=group) PGS.department = department PGS.env = env old_manager_users = PGS.manager.all() for o in old_manager_users: if o.username not in managers: PGS.manager.remove(o) for manager in managers: m_user = User.objects.get(username=manager) PGS.manager.add(m_user) PGS.save() group_id = PGS.id else: addpgroup = PGroup(name=group,department=department,env=env,gtype=1) addpgroup.save() for manager in managers: m_user = User.objects.get(username=manager) addpgroup.manager.add(m_user) addpgroup.save() group_id = addpgroup.id ###删除多余ip delete_ip(group_id, segments) ###1.在Zeus中不存在的;2.在网段中不存在的 for segment in segments: for asset in asset_all:#asset (ip,port,hostname) if asset[0] in IPy.IP(segment): if Asset.objects.filter(ip=asset[0]): asset = Asset.objects.get(ip=asset[0]) asset_groups_obj = PGroup.objects.filter(id=group_id) asset.group = asset_groups_obj asset.save() continue new_asset = Asset(ip=asset[0], port=asset[1],hostname=asset[2]) new_asset.save() asset_groups_obj = PGroup.objects.filter(id=group_id) new_asset.group = asset_groups_obj new_asset.save() ip_group.append(asset[0]) print 'initialise finished' return True
def get_or_create_user(self, username, password): """ Функция принимает имя пользователя и пароль. Если на LDAP сервере существует подходящий пользователь - проверяется его наличие в локальной базе, если в базе его не оказалось, то пользователь создается в локальной базе(синхронизация с LDAP пользователем) и возвращается как User, попутно присваивая ему группу для доступа к функциям сайта. Если пользователя не существует в LDAP, но существует в локальной базе, проверяем его на принадлежность к супер админу, если супер админ, то логиними если не супер админ - удаляем. """ ldap_connection = LdapConnection(settings.LDAP) ldap_work = LdapWork(ldap_connection) # Филтр запроса на получение объета пользователя # filter = '(&(uid=%s)(objectClass=RUSLANperson)(userPassword=%s))' % (username, password) # аттрибуты, которые будут извлечены для обработки # attrs = ['uid','sn','memberOf','userPassword','mail','telephoneNumber'] # ldap_results = ldap_connection.search_s( settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, filter, attrs ) ldap_users = ldap_work.get_users_by_attr(username=username, password=password) # если пользователь не существет в LDAP # проверяем, существует ли он в локальной базе # если да, то удаляем его if not ldap_users: try: user = User.objects.get(username=(username + username_postfix)) # if user.is_superuser: if user.check_password(password): return user # user.delete() except User.DoesNotExist: pass return None user = None try: user = User.objects.get(username=(username + username_postfix)) except User.DoesNotExist: ldap_user = ldap_users[0] user_name = ldap_user.name.split() first_name = u'' last_name = u'' if len(user_name) == 3: first_name = (user_name[1] + u' ' + user_name[2])[0:30] last_name = user_name[0][0:30] elif len(user_name) == 2: first_name = user_name[1][0:30] last_name = user_name[0][0:30] elif len(user_name) == 1: last_name = user_name[0][0:30] user = User(username=(ldap_user.uid + username_postfix), email=ldap_user.email, first_name=first_name, last_name=last_name) user.is_superuser = False user.set_password(password) user.save() groups = [] for member in ldap_user.member_of: try: group = Group.objects.get(name=(group_prefix + member.lower())) except Group.DoesNotExist: group = Group(name=(group_prefix + member.lower())) group.save() groups.append(group) user.groups = groups orgs = [] if len(ldap_user.dn) > 3: orgs = ldap_work.get_org_by_attr(o=ldap_user.dn[1],node='.') if orgs: org = orgs[0] try: organistion = Organisation.objects.get(name=org.o[0:255]) except Organisation.DoesNotExist: organistion = Organisation(name=org.o[0:255]) organistion.save() #groups = [] for member in org.member_of: try: group = Group.objects.get(name=(group_prefix + member.lower())) except Group.DoesNotExist: group = Group(name=(group_prefix + member.lower())) group.save() if group not in groups: groups.append(group) try: og = OrganisationGroups.objects.get(organistion=organistion, group=group) except OrganisationGroups.DoesNotExist: og = OrganisationGroups(organistion=organistion, group=group) og.save() try: organistion_user = OrganisationUser.objects.get(organistion=organistion , user=organistion) except OrganisationUser.DoesNotExist: organistion_user = OrganisationUser(organistion=organistion, user=user) organistion_user.save() user.groups = groups users_group = Group.objects.get_or_create(name='users') user.groups.add(users_group[0]) return user
def _authenticate_ldap(self, username, password, user=None): record = self.__getRecord(username) if not record: # wrong login return dn = record[0][0] #ldap.set_option(ldap.OPT_DEBUG_LEVEL,4095) ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.certfile) self.ldo = ldap.initialize(self.host) self.ldo.set_option(ldap.OPT_PROTOCOL_VERSION, 3) try: self.ldo.simple_bind_s(dn, password) except ldap.INVALID_CREDENTIALS: # Bad password, credentials are bad. return except ldap.UNWILLING_TO_PERFORM: # Bad password, credentials are bad. return else: self.ldo.unbind_s() first_name = record[0][1]['givenName'][0] last_name = record[0][1]['sn'][0] email = record[0][1]['mail'][0] first_name = force_unicode(first_name) last_name = force_unicode(last_name) # Because the username field on model User is capped to 30 # characters we need to assign a butchered username here. # It's not a problem because the user can be found by email # anyway. # 30 is the default max length of the username field for # django.contrib.auth.models.User if not user: django_username = username if email_re.match(django_username): if isinstance(username, unicode): # md5 chokes on non-ascii characters django_username = username.encode('ascii', 'ignore') django_username = (md5_constructor(django_username) .hexdigest()[:30]) user = User(username=django_username, first_name=first_name, last_name=last_name, email=email) user.set_unusable_password() user.save() if self.__isLocalizer(username): user.groups = (Group.objects.get(name='Localizers'),) else: changed = False if user.first_name != first_name: user.first_name = first_name changed = True if user.last_name != last_name: user.last_name = last_name changed = True if user.email != email: user.email = email changed = True if changed: user.save() return user