def merge_data(*files):
"""Merge data from multiple YAML files."""
data = dict()
for file in files:
if os.path.isfile(file):
data = dict_merge(data, read_yaml(file))
return data
def add(ctx, **args):
"""add a netgroup"""
type = args.pop('nisNetgroupType')
data = dict_merge(netgroups.get(type), args)
cn = data.get('cn')
path = data.pop('path', None)
requires = data.pop('requires', None)
dn = "cn=%s,%s" % (cn, dir.get_netgroup_base(type))
netgroup_entry = dir.Entry(dn=dn, attrs=data)
newnetgroup = Netgroup(cn, netgroup_entry)
newnetgroup.add()
def add(ctx, **args):
"""add a group"""
type = args.pop('groupType')
data = dict_merge(groups.get(type), args)
cn = data.get('cn')
path = data.pop('path', None)
requires = data.pop('requires', None)
if not data.get('gidNumber') and 'gidNumber' in requires:
data['gidNumber'] = dir.get_probably_unique_gidnumber()
dn = "cn=%s,%s" % (cn, dir.get_group_base(type))
group_entry = dir.Entry(dn=dn, attrs=data)
newgroup = Group(cn, group_entry)
newgroup.add()
def show(ctx, **args):
names = args.get('uid')
tree = dir.Tree()
query = '(&(objectClass=*)(%s=%s))'
attrs = ['uid', 'cn', 'gecos', 'mail', 'telephoneNumber', 'title',
'o', 'uidNumber', 'gidNumber']
if args.get('verbose'):
attrs += ['objectClass', 'memberOf', 'loginShell', 'homeDirectory',
'modifiersName', 'modifyTimestamp', 'sshPublicKey']
for name in names:
search = tree.search(search_filter=(query % (user_rdn, name)), attributes=attrs)
user = User(name)
for item in search:
groups = {'groups': sorted(flatten([group for group in user.find_groups()]))}
account = {name: dict_merge(dict(item), groups)}
print yaml.safe_dump(account, allow_unicode=True, default_flow_style=False)
def get_access_group(name, priv_level):
"""
Gets a netgroup handle. Creates the group when necessary.
"""
group_type = 'security'
group_data = dict_merge(netgroups.get(group_type), {})
path = group_data.pop('path')
requires = group_data.pop('requires')
group_name = '%s-%s' % (name, priv_level)
description = 'Users with %s access to %s.' % (access_levels[priv_level], name)
dn = 'cn=%s,%s' % (group_name, dir.get_netgroup_base(group_type))
access_group = Netgroup(group_name, dir.Entry(dn=dn,
attrs=group_data,
use_dn=True))
if not access_group.exists:
access_group.add()
access_group.set_description(description)
return access_group
def __init__(self, user_config=True):
progpath = dirname(sys.argv[0])
self.progname = 'cog'
self.profiles = dict()
self.store = dict()
self.cfg_dirs = [pathjoin(dirname(progpath), 'etc', self.progname)]
if user_config:
self.make_conf()
self.cfg_dirs.append(get_app_dir(self.progname, force_posix=True))
self.cfg_files = [pathjoin(cfg_dir, 'settings')
for cfg_dir in self.cfg_dirs if isdir(cfg_dir)]
self.profiles = merge_data(*self.cfg_files)
self.current = self.profiles.pop('profile')
for name, profile in self.profiles.items():
self.profiles[name] = dict_merge(defaults, profile)
self.use(self.current)
def add(ctx, **args):
"""Adds new user to the directory."""
account_type = args.pop('accountType')
user_group = args.pop('userGroup', settings.usergroups)
user_data = dict_merge(accounts.get(account_type), args)
name = user_data.pop('uid')
user_data[user_rdn] = name
path = user_data.pop('path', None)
secondary_groups = user_data.pop('group', None)
requires = user_data.pop('requires', [])
dn = "%s=%s,%s" % (user_rdn, name, dir.get_account_base(account_type))
operator_uid = get_current_uid()
for nameattr in ['cn', 'sn', 'givenName']:
if not user_data.get(nameattr) and nameattr in requires:
user_data[nameattr] = '%s (ask %s to fix me)' % (name, operator_uid)
if 'uidNumber' not in user_data and 'uidNumber' in requires:
user_data['uidNumber'] = dir.get_probably_unique_uidnumber()
if 'homeDirectory' not in user_data and 'homeDirectory' in requires:
user_data['homeDirectory'] = "/home/%s" % user_data['uid']
user_data['userPassword'] = passwd.make_sha512(passwd.random_string())
if 'sshpublickey' in user_data:
ssh_key = read_ssh_keys(user_data.pop('sshpublickey'))
user_data['sshPublicKey'] = ssh_key
user_data['objectClass'].append('ldapPublicKey')
if user_group:
group_type = account_type if account_type in groups else 'generic'
group_dn = "cn=%s,%s" % (name, dir.get_group_base(group_type))
group_id = dir.get_probably_unique_gidnumber()
group_data = {
'objectClass': ['posixGroup', 'top'],
'cn': name,
'description': 'Personal group for %s.' % name,
'gidNumber': group_id}
group_entry = dir.Entry(dn=group_dn, attrs=group_data)
user_data['gidNumber'] = group_id
try:
newgroup = Group(name, group_entry)
newgroup.add()
except ldap.LDAPError as e:
print "A problem occured when creating user group %s – group hasn't been created." % name
user_entry = dir.Entry(dn=dn, attrs=user_data)
newuser = User(name, user_entry, groups=secondary_groups)
newuser.add()
def expand_inheritances(templates):
"""Expand inheritances in object templates."""
# FIXME: v. naive approach. Still.
expanded = dict()
for type, data in templates.items():
expanded.update({type: {}})
for name, template in data.items():
desc = template.get(
'desc', '{} template for {} object'.format(name, type))
attrs = template.get('default', None)
parent = template.get('inherits', None)
parents = []
while True:
if parent and parent not in parents:
parents.append(parent)
parent = data.get(parent).get('inherits', None)
else:
break
for parent in reversed(parents):
parent_attrs = data.get(parent).get('default')
attrs = dict_merge(parent_attrs, attrs)
limits = attrs.pop('limits', None)
expanded[type].update({name: Template(name, desc, limits, attrs)})
return expanded
