def add_pf_user(self, pf, name):
     pe = PasswdEntry()
     pe.user(name)
     pe.crypt(self.user_crypt_credentials(name))
     pe.uid(TestCase._tmp_id)
     pe.gid(TestCase._tmp_id*10)
     TestCase._tmp_id += 1
     pe.directory(os.path.join(os.environ['TMP_DIR'],name))
     pe.shell('/bin/sh')
     pf[pe.user()] = pe
     return
def _update_superuser(username,
                      directory='/root',
                      shell='/sbin/nologin',
                      crypt=None,
                      uid=None,
                      gid=None):
    if crypt is None:
        crypt = ''
    if uid is None:
        uid = 0
    users = PasswdFile()
    users.load()
    groups = GroupFile()
    groups.load()
    if username not in groups:
        group = GroupEntry()
        group.group(username)
        group.crypt("*")
        if gid is None:
            gid = users.new_uid()
            while gid in groups:
                gid = users.new_uid(gid)
        group.gid(gid)
        group.user_list((username, ))
        groups[username] = group
        groups.save()
    gid = groups[username].gid()
    if username in users:
        user = users[username]
    else:
        user = PasswdEntry()
        user.crypt(crypt)
    user.gid(gid)
    user.uid(uid)
    user.user(username)
    user.shell(shell)
    user.directory(directory)
    if crypt:
        user.crypt(crypt)
    users[username] = user
    users.save()
    user = users[username]
    if user.gid() != gid:
        user.gid(gid)
        users[user.user()] = user
        users.save()
    return
Exemple #3
0
def _update_superuser(username, directory="/root", shell="/sbin/nologin", crypt=None, uid=None, gid=None):
    if crypt is None:
        crypt = ""
    if uid is None:
        uid = 0
    users = PasswdFile()
    users.load()
    groups = GroupFile()
    groups.load()
    if username not in groups:
        group = GroupEntry()
        group.group(username)
        group.crypt("*")
        if gid is None:
            gid = users.new_uid()
            while gid in groups:
                gid = users.new_uid(gid)
        group.gid(gid)
        group.user_list((username,))
        groups[username] = group
        groups.save()
    gid = groups[username].gid()
    if username in users:
        user = users[username]
    else:
        user = PasswdEntry()
        user.crypt(crypt)
    user.gid(gid)
    user.uid(uid)
    user.user(username)
    user.shell(shell)
    user.directory(directory)
    if crypt:
        user.crypt(crypt)
    users[username] = user
    users.save()
    user = users[username]
    if user.gid() != gid:
        user.gid(gid)
        users[user.user()] = user
        users.save()
    return
Exemple #4
0
    def __synchronize_system(self, usernode, currentname=None, validate=True):
        system_users = PasswdFile()
        system_shadow = ShadowFile()
        system_groups = GroupFile()
        userchange = False
        shadowchange = False
        groupchange = False
        group_is_private = False
        system_users.load()
        system_shadow.load()
        system_groups.load()
        flag = 0
        #flag will be used to check if system admin is
        #being demoted. bug CSCth82465
        #if system admin is being demoted,
        #it's entry will be removed and added again

        if usernode and usernode.name in system_users:
            userentry = system_users[usernode.name]

            #user is a system administrator, but not mpxadmin,
            #and it's current role is not mpxadmin
            #i.e. a system administrator other than mpxadmin is being demoted
            if userentry.user_type() == 'mpxadmin' \
                    and usernode.name != 'mpxadmin' \
                    and self.role_manager.administrator.name not in usernode.roles:
                flag = 1

        if usernode is None or flag:
            # If no usernode is provided, the user with name 'currentname' is
            #   being removed.
            if flag:
                currentname = usernode.name
            if currentname is None:
                raise ValueError('Name must be provided when removing user.')
            userentry = system_users[currentname]

            # Loop through all groups to which user belongs, removing user.
            groups = userentry.groups(system_groups)
            for groupentry in groups:
                users = groupentry.user_list()
                # User is not in user list of private group, so only
                #   groups in to which user *also* belongs are modified.
                if currentname in users:
                    users.remove(currentname)
                    groupentry.user_list(users)
                    groupchange = True
                    message = 'removed user "%s" from group "%s".'
                    self.output_message(message %
                                        (currentname, groupentry.group()))

            # If a private group was associated with the user--a group
            #   whose name is the same as the user name and whose member
            #   list contains no entries--find and remove it to keep clean.
            if currentname in system_groups:
                groupentry = system_groups[currentname]
                if len(groupentry.user_list()) == 0:
                    # Private group for user entry, remove it.
                    del (system_groups[currentname])
                    groupchange = True
                    self.output_message('removed private group "%s".' %
                                        currentname)

            # Finally, delete user itself.
            del (system_users[userentry.user()])
            userchange = True

            # delete user details from /etc/shadow
            del (system_shadow[userentry.user()])
            shadowchange = True
            self.output_message('removed user "%s" from system.' % currentname)

            #delete user from the cache
            as_node('/services/User Manager').remove_user(currentname)

        if usernode:
            username = usernode.name
            # Name may be being changed.  Node reference always has correct
            #   name, where 'currentname' is the previous name if the name
            #   is in fact being changed.  Rename child operations take
            #   advantage of this.
            if currentname is None:
                currentname = username
            if currentname in system_users:
                # User already exists, must be being updated.
                fd = open("/etc/group", "r")
                userentry = system_users[currentname]
                userid = userentry.uid()
                groupid = userentry.gid()
                flag = 1
                for line in fd.readlines():
                    if re.search(str(groupid), line, re.IGNORECASE) != None:
                        flag = 0
                        break
                if flag:
                    cmd = "addgroup -g "
                    cmd += str(groupid)
                    cmd += " "
                    cmd += currentname
                    os.system(cmd)
                    flag = 0
                groupentry = system_groups[groupid]
                shadowentry = system_shadow[currentname]
            else:
                # User is completely new and user and private group
                #   must be created.
                userid = system_users.new_uid()
                while userid in system_groups:
                    userid = system_users.new_uid(userid)
                else:
                    groupid = userid
                userentry = PasswdEntry()
                groupentry = GroupEntry()
                shadowentry = ShadowEntry()
                message = 'creating user "%s" and group "%s".'
                self.output_message(message % (username, username))

            # A private group has the same name as the associated
            #   user account.
            group_is_private = False
            if groupentry.group() == userentry.user():
                group_is_private = True

            # If username has changed: change entry and flag.
            if userentry.user() != username:
                groups = []
                if userentry.user() is not None:
                    # New users cause exception when doing
                    #   group lookup before name is set.
                    groups = userentry.groups(system_groups)
                currentname = userentry.user()
                userentry.user(username, validate)
                userchange = True
                shadowentry.user(username, validate)
                shadowchange = True
                message = 'changed user name from "%s" to "%s".'
                self.output_message(message % (currentname, username))
                # Modify groups to which user belongs to reflect updated name.
                for group in groups:
                    users = group.user_list()
                    if currentname in users and username not in users:
                        users[users.index(currentname)] = username
                        group.user_list(users)
                        groupchange = True
                        message = 'changed user "%s" in group "%s" to "%s".'
                        self.output_message(
                            message % (currentname, group.group(), username))

            # If group is only for this user and group name isn't username,
            #   change and flag.
            if group_is_private and groupentry.group() != username:
                currentgroup = groupentry.group()
                groupentry.group(username)
                groupchange = True
                message = 'changed group name from "%s" to "%s".'
                self.output_message(message % (currentgroup, username))

            # Change user-entry's password if doesn't match user node's.
            password = usernode.password
            if len(password
                   ) and not shadowentry.password_matches_crypt(password):
                shadowentry.user(username, validate)
                shadowentry.passwd(password, validate)
                userentry.passwd('x', False)
                shadowentry.lstchg()
                shadowchange = True
                userchange = True
                self.output_message('changed password for user "%s".' %
                                    username)

            # Set user-entry UID to calulated UID (used for new entries).
            if not userentry.uid() == userid:
                currentuid = userentry.uid()
                userentry.uid(userid)
                userchange = True
                message = 'changed UID for user "%s" from %s to %s.'
                self.output_message(message % (username, currentuid, userid))

            # Set user-entry GID to calculated GID (used for new entries).
            if userentry.gid() != groupid:
                currentgid = userentry.gid()
                userentry.gid(groupid)
                userchange = True
                message = 'changed GID for user "%s" from %s to %s.'
                self.output_message(message % (username, currentgid, groupid))

            if not userentry.gecos():
                currentgecos = userentry.gecos()
                userentry.gecos('ROLE=user')
                userchange = True
                message = 'changed gecos for user "%s" from %s to %s.'
                self.output_message(message %
                                    (username, currentgecos, 'ROLE=user'))

            # Set group-entry GID to calculated GID (should match whether private or not).
            if groupentry.gid() != groupid:
                currentgid = groupentry.gid()
                groupentry.gid(groupid)
                groupchange = True
                message = 'changed GID for group "%s" from %s to %s.'
                self.output_message(message %
                                    (groupentry.group(), currentgid, groupid))

            if userchange:
                # Passwd file changed, set user into user dicationary
                #   in case user was newly created, and save back file.
                system_users[userentry.user()] = userentry
                system_users.save()
                userchange = False
                as_node('/services/User Manager').remove_user(usernode.name)

            if shadowchange:
                # /etc/shadow file changed, set user into user dicationary
                #   in case user was newly created, and save back file.
                system_shadow[shadowentry.user()] = shadowentry
                system_shadow.save()
                shadowchange = False

            if groupchange:
                # Group file changed, set user into groups dicationary
                #   in case group was newly created, and save back file.
                system_groups[groupentry.group()] = groupentry
                system_groups.save()
                groupchange = False

            roles = usernode.roles[:]
            if self.role_manager.administrator.name in roles:
                if userentry.user_type() != 'mpxadmin':
                    userchange = True
                    shadowchange = True
                    groupchange = True
                    userentry.user_type('mpxadmin', system_users,
                                        system_groups)
                    self.output_message(
                        'made user "%s" into "mpxadmin" type.' % username)
                    if username in system_groups:
                        group = system_groups[username]
                        if userentry.gid() != group.gid():
                            users = group.user_list()
                            if len(users) == 0:
                                del (system_groups[username])
                                groupchange = True
                                message = 'removed group "%s".  ' % username
                                message += 'Group no longer referenced.'
                            else:
                                message = 'not removing group "%s".  ' % username
                                message += 'Still has users %s.' % (users, )
                            self.output_message(message)
            elif userentry.user_type() == 'mpxadmin':
                message = 'System Administrator cannot be demoted.  '
                message += 'User "%s" must be removed in order to demote.'
                raise TypeError(message % username)

        if userchange:
            system_users.save()
            userchange = False
            username = usernode.name if usernode else currentname
            as_node('/services/User Manager').remove_user(username)

        if shadowchange:
            system_shadow.save()
            shadowchange = False
        if groupchange:
            system_groups.save()
            userchange = False
        return (userchange or groupchange or shadowchange)