def save_users(profiles): # Add custom macros core_custom_macros = [ k for k,o in user_attributes.items() if o.get('add_custom_macro') ] for user in profiles.keys(): for macro in core_custom_macros: if profiles[user].get(macro): profiles[user]['_'+macro] = profiles[user][macro] multisite_custom_values = [ k for k,v in user_attributes.items() if v["domain"] == "multisite" ] # Keys not to put into contact definitions for Check_MK non_contact_keys = [ "roles", "password", "locked", "automation_secret", "language", "serial", "connector", "num_failed", "enforce_pw_change", "last_pw_change", "last_seen", ] + multisite_custom_values # Keys to put into multisite configuration multisite_keys = [ "roles", "locked", "automation_secret", "alias", "language", "connector", ] + multisite_custom_values # Remove multisite keys in contacts. contacts = dict( e for e in [ (id, split_dict(user, non_contact_keys + non_contact_attributes(user.get('connector')), False)) for (id, user) in profiles.items() ]) # Only allow explicitely defined attributes to be written to multisite config users = {} for uid, profile in profiles.items(): users[uid] = dict([ (p, val) for p, val in profile.items() if p in multisite_keys + multisite_attributes(profile.get('connector'))]) # Check_MK's monitoring contacts filename = root_dir + "contacts.mk.new" out = create_user_file(filename, "w") out.write("# Written by Multisite UserDB\n# encoding: utf-8\n\n") out.write("contacts.update(\n%s\n)\n" % pprint.pformat(contacts)) out.close() os.rename(filename, filename[:-4]) # Users with passwords for Multisite filename = multisite_dir + "users.mk.new" make_nagios_directory(multisite_dir) out = create_user_file(filename, "w") out.write("# Written by Multisite UserDB\n# encoding: utf-8\n\n") out.write("multisite_users = \\\n%s\n" % pprint.pformat(users)) out.close() os.rename(filename, filename[:-4]) # Execute user connector save hooks hook_save(profiles) # Write out the users serials serials_file = '%s/auth.serials.new' % os.path.dirname(defaults.htpasswd_file) rename_file = True try: out = create_user_file(serials_file, "w") except: rename_file = False out = create_user_file(serials_file[:-4], "w") def encode_utf8(value): if type(value) == unicode: value = value.encode("utf-8") return value for user_id, user in profiles.items(): out.write('%s:%d\n' % (encode_utf8(user_id), user.get('serial', 0))) out.close() if rename_file: os.rename(serials_file, serials_file[:-4]) # Write user specific files for id, user in profiles.items(): user_dir = defaults.var_dir + "/web/" + id make_nagios_directory(user_dir) # authentication secret for local processes auth_file = user_dir + "/automation.secret" if "automation_secret" in user: create_user_file(auth_file, "w").write("%s\n" % user["automation_secret"]) elif os.path.exists(auth_file): os.remove(auth_file) # Write out user attributes which are written to dedicated files in the user # profile directory. The primary reason to have separate files, is to reduce # the amount of data to be loaded during regular page processing save_custom_attr(id, 'serial', str(user.get('serial', 0))) save_custom_attr(id, 'num_failed', str(user.get('num_failed', 0))) save_custom_attr(id, 'enforce_pw_change', str(int(user.get('enforce_pw_change', False)))) save_custom_attr(id, 'last_pw_change', str(user.get('last_pw_change', int(time.time())))) # Write out the last seent time if 'last_seen' in user: save_custom_attr(id, 'last_seen', repr(user['last_seen'])) # Remove settings directories of non-existant users. # Beware: we removed this since it leads to violent destructions # if the user database is out of the scope of Check_MK. This is # e.g. the case, if mod_ldap is used for user authentication. # dir = defaults.var_dir + "/web" # for e in os.listdir(dir): # if e not in ['.', '..'] and e not in profiles: # entry = dir + "/" + e # if os.path.isdir(entry): # shutil.rmtree(entry) # But for the automation.secret this is ok, since automation users are not # created by other sources in common cases dir = defaults.var_dir + "/web" for user_dir in os.listdir(defaults.var_dir + "/web"): if user_dir not in ['.', '..'] and user_dir not in profiles: entry = dir + "/" + user_dir if os.path.isdir(entry) and os.path.exists(entry + '/automation.secret'): os.unlink(entry + '/automation.secret') # Release the lock to make other threads access possible again asap # This lock is set by load_users() only in the case something is expected # to be written (like during user syncs, wato, ...) release_lock(root_dir + "contacts.mk") # populate the users cache html.set_cache('users', profiles) # Call the users_saved hook hooks.call("users-saved", profiles)
def save_users(profiles): custom_values = user_attributes.keys() # Keys not to put into contact definitions for Check_MK non_contact_keys = [ "roles", "password", "locked", "automation_secret", "language", "serial", "connector", ] + custom_values # Keys to put into multisite configuration multisite_keys = [ "roles", "locked", "automation_secret", "alias", "language", "connector", ] + custom_values # Remove multisite keys in contacts. contacts = dict( e for e in [ (id, split_dict(user, non_contact_keys + non_contact_attributes(user.get('connector')), False)) for (id, user) in profiles.items() ]) # Only allow explicitely defined attributes to be written to multisite config users = {} for uid, profile in profiles.items(): users[uid] = dict([ (p, val) for p, val in profile.items() if p in multisite_keys + multisite_attributes(profile.get('connector'))]) filename = root_dir + "contacts.mk" # Check_MK's monitoring contacts out = create_user_file(filename, "w") out.write("# Written by Multisite UserDB\n# encoding: utf-8\n\n") out.write("contacts.update(\n%s\n)\n" % pprint.pformat(contacts)) out.close() # Users with passwords for Multisite make_nagios_directory(multisite_dir) filename = multisite_dir + "users.mk" out = create_user_file(filename, "w") out.write("# Written by Multisite UserDB\n# encoding: utf-8\n\n") out.write("multisite_users = \\\n%s\n" % pprint.pformat(users)) out.close() # Execute user connector save hooks hook_save(profiles) # Write out the users serials serials_file = '%s/auth.serials' % os.path.dirname(defaults.htpasswd_file) out = create_user_file(serials_file, "w") for user_id, user in profiles.items(): out.write('%s:%d\n' % (user_id, user.get('serial', 0))) out.close() # Write user specific files for id, user in profiles.items(): user_dir = defaults.var_dir + "/web/" + id make_nagios_directory(user_dir) # authentication secret for local processes auth_file = user_dir + "/automation.secret" if "automation_secret" in user: create_user_file(auth_file, "w").write("%s\n" % user["automation_secret"]) elif os.path.exists(auth_file): os.remove(auth_file) # Write out the users serial serial_file = user_dir + '/serial.mk' create_user_file(serial_file, 'w').write('%d\n' % user.get('serial', 0)) # Remove settings directories of non-existant users. # Beware: we removed this since it leads to violent destructions # if the user database is out of the scope of Check_MK. This is # e.g. the case, if mod_ldap is used for user authentication. # dir = defaults.var_dir + "/web" # for e in os.listdir(dir): # if e not in ['.', '..'] and e not in profiles: # entry = dir + "/" + e # if os.path.isdir(entry): # shutil.rmtree(entry) # But for the automation.secret this is ok, since automation users are not # created by other sources in common cases dir = defaults.var_dir + "/web" for user_dir in os.listdir(defaults.var_dir + "/web"): if user_dir not in ['.', '..'] and user_dir not in profiles: entry = dir + "/" + user_dir if os.path.isdir(entry) and os.path.exists(entry + '/automation.secret'): os.unlink(entry + '/automation.secret') # Call the users_saved hook hooks.call("users-saved", users)
def save_users(profiles): custom_values = user_attributes.keys() # Keys not to put into contact definitions for Check_MK non_contact_keys = [ "roles", "password", "locked", "automation_secret", "language", "serial", "connector", ] + custom_values # Keys to put into multisite configuration multisite_keys = [ "roles", "locked", "automation_secret", "alias", "language", "connector", ] + custom_values # Remove multisite keys in contacts. contacts = dict( e for e in [ (id, split_dict(user, non_contact_keys + non_contact_attributes(user.get('connector')), False)) for (id, user) in profiles.items() ]) # Only allow explicitely defined attributes to be written to multisite config users = {} for uid, profile in profiles.items(): users[uid] = dict([ (p, val) for p, val in profile.items() if p in multisite_keys + multisite_attributes(profile.get('connector'))]) filename = root_dir + "contacts.mk" # Check_MK's monitoring contacts out = create_user_file(filename, "w") out.write("# Written by Multisite UserDB\n# encoding: utf-8\n\n") out.write("contacts.update(\n%s\n)\n" % pprint.pformat(contacts)) out.close() # Users with passwords for Multisite make_nagios_directory(multisite_dir) filename = multisite_dir + "users.mk" out = create_user_file(filename, "w") out.write("# Written by Multisite UserDB\n# encoding: utf-8\n\n") out.write("multisite_users = \\\n%s\n" % pprint.pformat(users)) out.close() # Execute user connector save hooks hook_save(profiles) # Write out the users serials serials_file = '%s/auth.serials' % os.path.dirname(defaults.htpasswd_file) out = create_user_file(serials_file, "w") for user_id, user in profiles.items(): out.write('%s:%d\n' % (user_id, user.get('serial', 0))) out.close() # Write user specific files for id, user in profiles.items(): user_dir = defaults.var_dir + "/web/" + id make_nagios_directory(user_dir) # authentication secret for local processes auth_file = user_dir + "/automation.secret" if "automation_secret" in user: create_user_file(auth_file, "w").write("%s\n" % user["automation_secret"]) elif os.path.exists(auth_file): os.remove(auth_file) # Write out the users serial serial_file = user_dir + '/serial.mk' create_user_file(serial_file, 'w').write('%d\n' % user.get('serial', 0)) # Remove settings directories of non-existant users. # Beware: we removed this since it leads to violent destructions # if the user database is out of the scope of Check_MK. This is # e.g. the case, if mod_ldap is used for user authentication. # dir = defaults.var_dir + "/web" # for e in os.listdir(dir): # if e not in ['.', '..'] and e not in profiles: # entry = dir + "/" + e # if os.path.isdir(entry): # shutil.rmtree(entry) # Call the users_saved hook hooks.call("users-saved", users)
def save_users(profiles): # Add custom macros core_custom_macros = [ k for k, o in user_attributes.items() if o.get('add_custom_macro') ] for user in profiles.keys(): for macro in core_custom_macros: if macro in profiles[user]: profiles[user]['_' + macro] = profiles[user][macro] multisite_custom_values = [ k for k, v in user_attributes.items() if v["domain"] == "multisite" ] # Keys not to put into contact definitions for Check_MK non_contact_keys = [ "roles", "password", "locked", "automation_secret", "language", "serial", "connector", "num_failed", "enforce_pw_change", "last_pw_change", "last_seen", ] + multisite_custom_values # Keys to put into multisite configuration multisite_keys = [ "roles", "locked", "automation_secret", "alias", "language", "connector", ] + multisite_custom_values # Remove multisite keys in contacts. contacts = dict( e for e in [(id, split_dict( user, non_contact_keys + non_contact_attributes(user.get('connector')), False)) for (id, user) in profiles.items()]) # Only allow explicitely defined attributes to be written to multisite config users = {} for uid, profile in profiles.items(): users[uid] = dict([(p, val) for p, val in profile.items() if p in multisite_keys + multisite_attributes(profile.get('connector'))]) # Check_MK's monitoring contacts filename = root_dir + "contacts.mk.new" out = create_user_file(filename, "w") out.write("# Written by Multisite UserDB\n# encoding: utf-8\n\n") out.write("contacts.update(\n%s\n)\n" % pprint.pformat(contacts)) out.close() os.rename(filename, filename[:-4]) # Users with passwords for Multisite filename = multisite_dir + "users.mk.new" make_nagios_directory(multisite_dir) out = create_user_file(filename, "w") out.write("# Written by Multisite UserDB\n# encoding: utf-8\n\n") out.write("multisite_users = \\\n%s\n" % pprint.pformat(users)) out.close() os.rename(filename, filename[:-4]) # Execute user connector save hooks hook_save(profiles) # Write out the users serials serials_file = '%s/auth.serials.new' % os.path.dirname( defaults.htpasswd_file) rename_file = True try: out = create_user_file(serials_file, "w") except: rename_file = False out = create_user_file(serials_file[:-4], "w") for user_id, user in profiles.items(): out.write('%s:%d\n' % (make_utf8(user_id), user.get('serial', 0))) out.close() if rename_file: os.rename(serials_file, serials_file[:-4]) # Write user specific files for user_id, user in profiles.items(): user_dir = defaults.var_dir + "/web/" + user_id make_nagios_directory(user_dir) # authentication secret for local processes auth_file = user_dir + "/automation.secret" if "automation_secret" in user: create_user_file(auth_file, "w").write("%s\n" % user["automation_secret"]) else: remove_user_file(auth_file) # Write out user attributes which are written to dedicated files in the user # profile directory. The primary reason to have separate files, is to reduce # the amount of data to be loaded during regular page processing save_custom_attr(user_id, 'serial', str(user.get('serial', 0))) save_custom_attr(user_id, 'num_failed', str(user.get('num_failed', 0))) save_custom_attr(user_id, 'enforce_pw_change', str(int(user.get('enforce_pw_change', False)))) save_custom_attr(user_id, 'last_pw_change', str(user.get('last_pw_change', int(time.time())))) # Write out the last seent time if 'last_seen' in user: save_custom_attr(user_id, 'last_seen', repr(user['last_seen'])) # During deletion of users we don't delete files which might contain user settings # and e.g. customized views which are not easy to reproduce. We want to keep the # files which are the result of a lot of work even when e.g. the LDAP sync deletes # a user by accident. But for some internal files it is ok to delete them. # # Be aware: The user_exists() function relies on these files to be deleted. profile_files_to_delete = [ "automation.secret", "transids.mk", "serial.mk", ] dir = defaults.var_dir + "/web" for user_dir in os.listdir(defaults.var_dir + "/web"): if user_dir not in ['.', '..' ] and user_dir.decode("utf-8") not in profiles: entry = dir + "/" + user_dir if not os.path.isdir(entry): continue for to_delete in profile_files_to_delete: if os.path.exists(entry + '/' + to_delete): os.unlink(entry + '/' + to_delete) # Release the lock to make other threads access possible again asap # This lock is set by load_users() only in the case something is expected # to be written (like during user syncs, wato, ...) release_lock(root_dir + "contacts.mk") # populate the users cache html.set_cache('users', profiles) # Call the users_saved hook hooks.call("users-saved", profiles)