def chpasswd(self, user, password):
wok_log.info("In UserModel.chpasswd method")
if isinstance(user, unicode):
user = user.encode('utf-8')
if not isinstance(user, str) or not user.strip():
raise InvalidParameter('GINUSER0002E')
if isinstance(password, unicode):
password = password.encode('utf-8')
if not isinstance(password, str) or not password.strip():
raise InvalidParameter('GINUSER0003E')
adm = libuser.admin()
user_obj = adm.lookupUserByName(user)
if not user_obj:
wok_log.error("User '%s' not found" % user)
raise NotFoundError('GINUSER0011E', {'user': user})
try:
adm.setpassUser(user_obj, password, False)
# False flag indicates that password is not encrypted
wok_log.info("Successfully changed password for user '%s'" % user)
except Exception as e:
err_msg = e.message if e.message else e
wok_log.error("Failed to change password for user '%s'. "
"Error: '%s'" % (user, err_msg))
raise OperationFailed(
'GINUSER0024E', {'user': user, 'err': err_msg})
wok_log.info("End of UserModel.chpasswd method")
def checkUserExists(self, username, root="/mnt/sysimage"):
childpid = os.fork()
if not childpid:
if not root in ["","/"]:
os.chroot(root)
os.chdir("/")
del(os.environ["LIBUSER_CONF"])
self.admin = libuser.admin()
if self.admin.lookupUserByName(username):
os._exit(0)
else:
os._exit(1)
try:
status = os.waitpid(childpid, 0)[1]
except OSError as e:
log.critical("exception from waitpid while creating a user: %s %s", e.errno, e.strerror)
return False
if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0):
return True
else:
return False
def delete_group(groupname):
if not isinstance(groupname, str) or not groupname.strip():
raise InvalidParameter('GINUSER0012E', {'group': groupname})
adm = libuser.admin()
group_id = int(get_group_gid(groupname))
if group_id <= 1000:
wok_log.error('Ignoring deletion of system group "%s" with gid %s' %
(groupname, group_id))
return
group_obj = adm.lookupGroupById(group_id)
if not group_obj:
wok_log.error('Could not locate group "%s" with gid %s' %
(groupname, group_id))
return
if not adm.enumerateUsersByGroup(groupname):
# groups prepend with '%'
if '%' + groupname in get_sudoers(admin_check=False):
raise OperationFailed('GINUSER0017E', {'group': groupname})
try:
adm.deleteGroup(group_obj)
except Exception as e:
raise OperationFailed('GINUSER0029E', {
'group': groupname,
'err': e.__str__()
})
def __init__(self):
self.__bus = dbus.SystemBus()
bus_name = dbus.service.BusName(
"org.mandrivalinux.mcc2.Users",
bus=self.__bus)
dbus.service.Object.__init__(
self,
bus_name,
"/org/mandrivalinux/mcc2/Users")
self.__loop = gobject.MainLoop()
self.__libuser = libuser.admin()
self.__action = 'org.mandrivalinux.mcc2.auth_admin_keep'
config = ConfigParser.ConfigParser()
config.read('/usr/share/mandriva/config/mcc2.cfg')
policy_level = config.get('policy', 'level')
if policy_level == 'application':
self.__action = 'org.mandrivalinux.mcc2.users.auth_admin_keep'
if policy_level == 'method':
self.__action = None
def get_users(exclude_system_users=True):
if exclude_system_users:
return [user.pw_name for user in pwd.getpwall()
if user.pw_uid >= 1000]
admin = libuser.admin()
return admin.enumerateUsers()
def delete_group(groupname):
wok_log.info('in delete_group(). group name: %s' % groupname)
if not isinstance(groupname, str) or not groupname.strip():
wok_log.error('group name is not non-empty string. '
'group name %s' % groupname)
raise InvalidParameter('GINUSER0012E',
{'group': groupname,
'err': 'see log for details'})
adm = libuser.admin()
group_id = int(get_group_gid(groupname))
if group_id <= 1000:
wok_log.error('Ignoring deletion of system group "%s" with gid %s'
% (groupname, group_id))
return
group_obj = adm.lookupGroupById(group_id)
if not group_obj:
wok_log.error('Could not locate group "%s" with gid %s'
% (groupname, group_id))
return
if not adm.enumerateUsersByGroup(groupname):
# groups prepend with '%'
if '%' + groupname in get_sudoers(admin_check=False):
raise OperationFailed('GINUSER0017E', {'group': groupname})
try:
adm.deleteGroup(group_obj)
except Exception as e:
raise OperationFailed('GINUSER0012E',
{'group': groupname, 'err': e.__str__()})
wok_log.info('end of delete_group(). group name: %s' % groupname)
def delete(self, user):
adm = libuser.admin()
user_obj = adm.lookupUserByName(user)
# Check if user exist
if user_obj is None:
kimchi_log.error('User "%s" does not exist', user)
raise OperationFailed('GINUSER0011E', {'user': user})
group_obj = adm.lookupGroupById(int(user_obj.get('pw_gid')[0]))
# Delete user with its home and mails too
try:
adm.deleteUser(user_obj, True, True)
except Exception as e:
kimchi_log.error('Could not delete user %s: %s', user, e)
raise OperationFailed('GINUSER0010E', {'user': user})
# Handle user according to its profile
self._delete_profile_settings(user)
# Delete group if no users are assigned to it
# It is not possible to delete user/group at same time
if group_obj is None:
msg = 'Group for user "%s" does not exist for removal' % user
kimchi_log.warn(msg)
raise OperationFailed('GINUSER0013E', {'user': user})
group = group_obj.get('gr_name')[0]
if not adm.enumerateUsersByGroup(group):
try:
adm.deleteGroup(group_obj)
except Exception as e:
kimchi_log.error('Could not delete group "%s": %s', group, e)
raise OperationFailed('GINUSER0012E', {'group': group})
def delete_user(username):
"""
method to delete user
:param username: user name
"""
if not isinstance(username, str) or not username.strip():
raise InvalidParameter('GINUSER0010E', {'user': username})
if username in get_sudoers(admin_check=False):
raise OperationFailed('GINUSER0016E', {'user': username})
adm = libuser.admin()
user_obj = adm.lookupUserByName(username)
if not user_obj:
raise OperationFailed('GINUSER0011E', {'user': username})
groups = adm.enumerateGroupsByUser(username)
for group in groups:
# remove user from all groups
remove_user_from_group(username, group)
f = SUDOERS_FILE % username
if os.path.isfile(f):
try:
os.unlink(f)
except Exception as e:
raise OperationFailed('GINUSER0013E', {'user': username})
try:
adm.deleteUser(user_obj, True, True)
except Exception as e:
raise OperationFailed('GINUSER0031E', {
'user': username,
'err': e.__str__()
})
def checkUserExists(self, username, root=None):
childpid = os.fork()
if root is not None:
rootval = root
else:
rootval = iutil.getSysroot()
if not childpid:
if not rootval in ["", "/"]:
os.chroot(rootval)
os.chdir("/")
del (os.environ["LIBUSER_CONF"])
self.admin = libuser.admin()
try:
if self.admin.lookupUserByName(username):
os._exit(0)
except Exception as e:
log.critical("Error when searching for user: %s" % str(e))
os._exit(1)
try:
(pid, status) = os.waitpid(childpid, 0)
except OSError as e:
log.critical(
"exception from waitpid while creating a user: %s %s" %
(e.errno, e.strerror))
return False
if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0):
return True
else:
return False
def get_users(exclude_system_users=True):
if exclude_system_users:
return [user.pw_name for user in pwd.getpwall()
if user.pw_uid >= 1000]
admin = libuser.admin()
return admin.enumerateUsers()
def remove_user_from_group(user, group):
"""
method to remove user from group
:param user: user name
:param group: group name
"""
if not isinstance(user, str) or not user.strip():
raise InvalidParameter('GINUSER0032E', {'user': user})
if not isinstance(group, str) or not group.strip():
raise InvalidParameter('GINUSER0027E', {'user': user, 'group': group})
try:
adm = libuser.admin()
grpobj = adm.lookupGroupByName(group)
# Remove all ocurrences
members = set(grpobj.get('gr_mem'))
if user in members:
members = set(grpobj.get('gr_mem')) - set([user])
grpobj.set('gr_mem', list(members))
adm.modifyGroup(grpobj)
except Exception as e:
raise OperationFailed('GINUSER0021E', {
'user': user,
'group': group,
'err': e.__str__()
})
def remove_user_from_group(user, group):
"""
method to remove user from group
:param user: user name
:param group: group name
"""
wok_log.info('in remove_user_from_group() method')
if not isinstance(user, str) or not user.strip():
wok_log.error('user name is not non-empty string. name: %s' % user)
raise InvalidParameter('GINUSER0010E',
{'user': user, 'err': 'see log for details'})
if not isinstance(group, str) or not group.strip():
wok_log.error('group name is not non-empty string. '
'group name %s' % group)
raise InvalidParameter('GINUSER0010E',
{'user': user, 'err': 'see log for details'})
try:
adm = libuser.admin()
grpobj = adm.lookupGroupByName(group)
# Remove all ocurrences
members = set(grpobj.get('gr_mem'))
if user in members:
members = set(grpobj.get('gr_mem')) - set([user])
grpobj.set('gr_mem', list(members))
adm.modifyGroup(grpobj)
except Exception as e:
raise OperationFailed('GINUSER0021E', {'user': user, 'group': group,
'err': e.__str__()})
wok_log.info('end of remove_user_from_group() method')
def create(self, params):
params = self._validate_create_params(params)
username = params['name']
passwd = params['password']
profile = params['profile']
groupname = params['group']
no_login = params['no_login']
with RollbackContext() as rollback:
adm = libuser.admin()
if groupname:
group_obj = adm.lookupGroupByName(groupname)
if group_obj:
group_id = group_obj.get('pw_gid')[0]
else:
group_id = create_group(groupname)
rollback.prependDefer(delete_group, groupname)
else:
group_id = create_group(username)
rollback.prependDefer(delete_group, username)
create_user(username, passwd, group_id, no_login=no_login)
rollback.prependDefer(delete_user, username)
if profile == 'virtuser':
self._add_user_to_kvm_group(username)
if profile == 'admin':
self._add_user_to_sudoers(username)
rollback.commitAll()
return username
def checkUserExists(self, username, root="/mnt/sysimage"):
childpid = os.fork()
if not childpid:
if not root in ["","/"]:
os.chroot(root)
os.chdir("/")
del(os.environ["LIBUSER_CONF"])
self.admin = libuser.admin()
if self.admin.lookupUserByName(username):
os._exit(0)
else:
os._exit(1)
try:
status = os.waitpid(childpid, 0)[1]
except OSError as e:
log.critical("exception from waitpid while creating a user: %s %s", e.errno, e.strerror)
return False
if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0):
return True
else:
return False
def delete(self, user):
adm = libuser.admin()
user_obj = adm.lookupUserByName(user)
# Check if user exist
if user_obj is None:
kimchi_log.error('User "%s" does not exist', user)
raise OperationFailed('GINUSER0011E', {'user': user})
group_obj = adm.lookupGroupById(int(user_obj.get('pw_gid')[0]))
# Delete user with its home and mails too
try:
adm.deleteUser(user_obj, True, True)
except Exception as e:
kimchi_log.error('Could not delete user %s: %s', user, e)
raise OperationFailed('GINUSER0010E', {'user': user})
# Handle user according to its profile
self._delete_profile_settings(user)
# Delete group if no users are assigned to it
# It is not possible to delete user/group at same time
if group_obj is None:
msg = 'Group for user "%s" does not exist for removal' % user
kimchi_log.warn(msg)
raise OperationFailed('GINUSER0013E', {'user': user})
group = group_obj.get('gr_name')[0]
if not adm.enumerateUsersByGroup(group):
try:
adm.deleteGroup(group_obj)
except Exception as e:
kimchi_log.error('Could not delete group "%s": %s', group, e)
raise OperationFailed('GINUSER0012E', {'group': group})
def delete_user(username):
"""
method to delete user
:param username: user name
"""
if not isinstance(username, str) or not username.strip():
raise InvalidParameter('GINUSER0010E', {'user': username})
if username in get_sudoers(admin_check=False):
raise OperationFailed('GINUSER0016E', {'user': username})
adm = libuser.admin()
user_obj = adm.lookupUserByName(username)
if not user_obj:
raise OperationFailed('GINUSER0011E', {'user': username})
groups = adm.enumerateGroupsByUser(username)
for group in groups:
# remove user from all groups
remove_user_from_group(username, group)
f = SUDOERS_FILE % username
if os.path.isfile(f):
try:
os.unlink(f)
except Exception as e:
raise OperationFailed('GINUSER0013E', {'user': username})
try:
adm.deleteUser(user_obj, True, True)
except Exception as e:
raise OperationFailed('GINUSER0010E',
{'user': username, 'err': e.__str__()})
def create(self, params):
params = self._validate_create_params(params)
username = params['name']
passwd = params['password']
profile = params['profile']
groupname = params['group']
no_login = params['no_login']
with RollbackContext() as rollback:
adm = libuser.admin()
if groupname:
group_obj = adm.lookupGroupByName(groupname)
if group_obj:
group_id = group_obj.get('pw_gid')[0]
else:
group_id = create_group(groupname)
rollback.prependDefer(delete_group, groupname)
else:
group_id = create_group(username)
rollback.prependDefer(delete_group, username)
create_user(username, passwd, group_id, no_login=no_login)
rollback.prependDefer(delete_user, username)
if profile == 'virtuser':
self._add_user_to_kvm_group(username)
if profile == 'admin':
self._add_user_to_sudoers(username)
rollback.commitAll()
return username
def create_group(groupname):
"""
method to create user group
:param groupname: non-empty string
:return: group id(gid)
"""
wok_log.info('in create_group() method. group name: %s' % groupname)
if not isinstance(groupname, str) or not groupname.strip():
wok_log.error('group name is not non-empty string. '
'group name %s' % groupname)
raise InvalidParameter('GINUSER0014E',
{'group': groupname,
'err': 'see log for details'})
adm = libuser.admin()
if adm.lookupGroupByName(groupname):
raise OperationFailed('GINUSER0018E', {'group': groupname})
try:
new_group = adm.initGroup(groupname)
if new_group[libuser.GIDNUMBER][0] < 1000:
new_group.set(libuser.GIDNUMBER, adm.getFirstUnusedGid(1000))
adm.addGroup(new_group)
wok_log.info('successfully created group. group name: %s.' % groupname)
return new_group[libuser.GIDNUMBER][0]
except Exception as e:
raise OperationFailed('GINUSER0014E', {'group': groupname, 'err': e})
def create_user(name, plain_passwd, gid, no_login=False):
"""
method to create user
:param name: user name
:param plain_passwd: password for user
:param gid: primary group id for user
:param no_login: True/False for log in shell
"""
if not isinstance(name, str) or not name.strip():
raise InvalidParameter('GINUSER0009E', {'user': name})
if not type(gid) in [int, int]:
raise InvalidParameter('GINUSER0025E', {'user': name, 'gid': gid})
if not isinstance(no_login, bool):
raise InvalidParameter('GINUSER0026E', {
'user': name,
'no_login': no_login
})
adm = libuser.admin()
if adm.lookupUserByName(name):
raise OperationFailed('GINUSER0008E', {'user': name})
if not adm.lookupGroupById(gid):
raise OperationFailed('GINUSER0030E', {
'user': name,
'err': "group with id %s doesn't exist" % gid
})
try:
new_user = adm.initUser(name)
# Ensure user is normal and not system user
if new_user[libuser.UIDNUMBER][0] < 1000:
new_user.set(libuser.UIDNUMBER, adm.getFirstUnusedUid(1000))
new_user.set(libuser.GIDNUMBER, gid)
if no_login:
new_user[libuser.LOGINSHELL] = '/sbin/nologin'
adm.addUser(new_user)
# Setting user password. Crypt in Python 3.3 and some 2.7 backports
# bring mksalt function, so, use it or use our self salt generator
# Creates strongest encryption (SHA512 + 16 bytes SALT)
if hasattr(crypt, "mksalt"):
salt = crypt.mksalt(crypt.METHOD_SHA512)
else:
salt = gen_salt()
enc_pwd = crypt.crypt(plain_passwd, salt)
adm.setpassUser(new_user, enc_pwd, True)
except UnicodeEncodeError as ue:
err_msg = ue.message if ue.message else 'Username / password \
has NON - ASCII charater'
raise OperationFailed('GINUSER0030E', {'user': name, 'err': err_msg})
except Exception as e:
err_msg = e.message if e.message else e
raise OperationFailed('GINUSER0030E', {'user': name, 'err': err_msg})
def __init__(self):
ConfigScreen.__init__(self, "Create A User Account")
self.__username = None
self.__password = None
self.__confirm = None
self.__adminuser = None
self.__useradmin = libuser.admin()
self.__user_worker = UserWorker()
def get_group_gid(groupname):
adm = libuser.admin()
if isinstance(groupname, unicode):
groupname = groupname.encode('utf-8')
group = adm.lookupGroupByName(groupname)
if group is None:
return None
return group.get('pw_gid')[0]
def get_users_from_group(groupname):
adm = libuser.admin()
if isinstance(groupname, str):
groupname = groupname.encode('utf-8')
group_obj = adm.lookupGroupById(int(get_group_gid(groupname)))
if group_obj is not None:
return adm.enumerateUsersByGroup(groupname)
return None
def __init__(self):
Module.__init__(self)
self.priority = 10000
self.sidebarTitle = N_("Create Service VMs")
self.title = N_("Create Service VMs")
self.icon = "qubes.png"
self.admin = libuser.admin()
self.default_template = 'fedora-21'
def __init__(self):
ConfigScreen.__init__(self, "Create A User Account")
self.__username = None
self.__password = None
self.__confirm = None
self.__adminuser = None
self.__useradmin = libuser.admin()
self.__user_worker = UserWorker()
def get_users_from_group(groupname):
adm = libuser.admin()
group_obj = adm.lookupGroupById(
int(get_group_gid(groupname))
)
if group_obj is not None:
return adm.enumerateUsersByGroup(groupname)
return None
def __init__(self):
Module.__init__(self)
self.priority = 102
self.sidebarTitle = _("Root User")
self.title = _("Root User Settings")
self.icon = "smolt.png"
self.admin = libuser.admin()
def set_password(password, user):
admin = libuser.admin()
root = admin.lookupUserByName(user)
passwd = cryptPassword(password)
unmount_config("/etc/shadow")
admin.setpassUser(root, passwd, "is_crypted")
ovirt_store_config("/etc/shadow")
return True
def get_group_gid(groupname):
adm = libuser.admin()
if isinstance(groupname, str):
groupname = groupname.encode('utf-8')
group = adm.lookupGroupByName(groupname)
if group is None:
return None
return group.get('pw_gid')[0]
def set_password(password, user):
admin = libuser.admin()
root = admin.lookupUserByName(user)
passwd = cryptPassword(password)
_functions.unmount_config("/etc/shadow")
admin.setpassUser(root, passwd, "is_crypted")
_functions.ovirt_store_config("/etc/shadow")
return True
def get_users_from_group(groupname):
adm = libuser.admin()
group_obj = adm.lookupGroupById(
int(get_group_gid(groupname))
)
if group_obj is not None:
return adm.enumerateUsersByGroup(groupname)
return None
def create_group(groupname):
adm = libuser.admin()
group = adm.lookupGroupByName(groupname)
if not group:
new_group = adm.initGroup(groupname)
gid = new_group[libuser.GIDNUMBER]
adm.addGroup(new_group)
return gid[0]
return group.get('pw_gid')[0]
def __init__(self):
Module.__init__(self)
self.priority = 10000
self.sidebarTitle = N_("Create VMs")
self.title = N_("Create VMs")
self.icon = "qubes.png"
self.admin = libuser.admin()
self.default_template = 'fedora-23'
self.choices = []
def add_user(self, username, uid, gid, name, surname, homedir, project):
newuser = libuser.admin().initUser(username)
newuser[libuser.UIDNUMBER] = long(uid)
newuser[libuser.GIDNUMBER] = long(gid)
newuser[libuser.HOMEDIRECTORY] = [homedir]
self.set_user_comment(newuser, name, surname, project)
try:
ret = libuser.admin().addUser(newuser, False, True)
except RuntimeError as excp:
if 'entry already present' in excp.message:
# silent about it
return None
else:
self.logger.warning(excp)
return False
return ret
def create_group(groupname, gid):
adm = libuser.admin()
group = adm.lookupGroupByName(groupname)
if not group:
new_group = adm.initGroup(groupname)
new_group.set(libuser.GIDNUMBER, gid)
adm.addGroup(new_group)
return gid
else:
return group.get('pw_gid')[0]
def create_group(groupname, gid):
adm = libuser.admin()
group = adm.lookupGroupByName(groupname)
if not group:
new_group = adm.initGroup(groupname)
new_group.set(libuser.GIDNUMBER, gid)
adm.addGroup(new_group)
return gid
else:
return group.get('pw_gid')[0]
def get_users_from_group(groupname):
adm = libuser.admin()
if isinstance(groupname, unicode):
groupname = groupname.encode('utf-8')
group_obj = adm.lookupGroupById(
int(get_group_gid(groupname))
)
if group_obj is not None:
return adm.enumerateUsersByGroup(groupname)
return None
def __init__ (self, anaconda):
self.anaconda = anaconda
self.admin = libuser.admin()
self.rootPassword = { "isCrypted": False, "password": "", "lock": False }
# dict composed by username as key
# 'fullname' => full name
# 'password' => password
# 'groups' => list of groups
# 'group' => main group
self.otherUsers = {}
def create_user(name, plain_passwd, gid, no_login=False):
"""
method to create user
:param name: user name
:param plain_passwd: password for user
:param gid: primary group id for user
:param no_login: True/False for log in shell
"""
if not isinstance(name, str) or not name.strip():
raise InvalidParameter('GINUSER0009E', {'user': name})
if not type(gid) in [int, long]:
raise InvalidParameter('GINUSER0025E', {'user': name, 'gid': gid})
if not isinstance(no_login, bool):
raise InvalidParameter('GINUSER0026E', {'user': name,
'no_login': no_login})
adm = libuser.admin()
if adm.lookupUserByName(name):
raise OperationFailed('GINUSER0008E', {'user': name})
if not adm.lookupGroupById(gid):
raise OperationFailed(
'GINUSER0009E', {'user': name,
'err': "group with id %s doesn't exist" % gid})
try:
new_user = adm.initUser(name)
# Ensure user is normal and not system user
if new_user[libuser.UIDNUMBER][0] < 1000:
new_user.set(libuser.UIDNUMBER, adm.getFirstUnusedUid(1000))
new_user.set(libuser.GIDNUMBER, gid)
if no_login:
new_user[libuser.LOGINSHELL] = '/sbin/nologin'
adm.addUser(new_user)
# Setting user password. Crypt in Python 3.3 and some 2.7 backports
# bring mksalt function, so, use it or use our self salt generator
# Creates strongest encryption (SHA512 + 16 bytes SALT)
if hasattr(crypt, "mksalt"):
salt = crypt.mksalt(crypt.METHOD_SHA512)
else:
salt = gen_salt()
enc_pwd = crypt.crypt(plain_passwd, salt)
adm.setpassUser(new_user, enc_pwd, True)
except UnicodeEncodeError as ue:
err_msg = ue.message if ue.message else 'Username / password \
has NON - ASCII charater'
raise OperationFailed('GINUSER0009E', {'user': name, 'err': err_msg})
except Exception as e:
err_msg = e.message if e.message else e
raise OperationFailed('GINUSER0009E', {'user': name, 'err': err_msg})
def _get_user_profile(self, user):
# ADMIN: Check /etc/sudoers.d
if os.path.isfile(SUDOERS_FILE % user):
return 'admin'
# VIRTUSER: Check kvm group
adm = libuser.admin()
kvmgrp = adm.lookupGroupByName('kvm')
if user in kvmgrp.get('gr_mem'):
return 'virtuser'
# KIMCHIUSER: If not any before
return 'kimchiuser'
def _get_user_profile(self, user):
# ADMIN: Check /etc/sudoers.d
if os.path.isfile(SUDOERS_FILE % user):
return 'admin'
# VIRTUSER: Check kvm group
adm = libuser.admin()
kvmgrp = adm.lookupGroupByName('kvm')
if user in kvmgrp.get('gr_mem'):
return 'virtuser'
# KIMCHIUSER: If not any before
return 'kimchiuser'
def _add_user_to_kvm_group(self, user):
# Add new user to KVM group
if not isinstance(user, str) or not user.strip():
raise InvalidParameter('GINUSER0009E', {'user': user})
adm = libuser.admin()
kvmgrp = get_group_obj('kvm')
if isinstance(user, str):
user = user.encode('utf-8')
kvmgrp.add('gr_mem', user)
ret = adm.modifyGroup(kvmgrp)
if ret != 1:
raise OperationFailed('GINUSER0006E', {'user': user})
def _add_user_to_kvm_group(self, user):
# Add new user to KVM group
adm = libuser.admin()
kvmgrp = get_group_obj('kvm')
kvmgrp.add('gr_mem', user)
ret = adm.modifyGroup(kvmgrp)
if ret != 1:
UserModel().delete(user)
msg = ('Could not add user %s to kvm group. Operation failed.'
% user)
wok_log.error(msg)
raise OperationFailed('GINUSER0006E', {'user': user})
def delete_user(username):
adm = libuser.admin()
user_obj = adm.lookupUserByName(username)
if user_obj is None:
kimchi_log.error('User "%s" does not exist', username)
raise OperationFailed('GINUSER0011E', {'user': username})
try:
adm.deleteUser(user_obj, True, True)
except Exception as e:
kimchi_log.error('Could not delete user %s: %s', username, e)
raise OperationFailed('GINUSER0010E', {'user': username})
def _add_user_to_kvm_group(self, user):
# Add new user to KVM group
adm = libuser.admin()
kvmgrp = get_group_obj('kvm')
kvmgrp.add('gr_mem', user)
ret = adm.modifyGroup(kvmgrp)
if ret != 1:
UserModel().delete(user)
msg = ('Could not add user %s to kvm group. Operation failed.'
% user)
kimchi_log.error(msg)
raise OperationFailed('GINUSER0006E', {'user': user})
def delete_user(username):
adm = libuser.admin()
user_obj = adm.lookupUserByName(username)
if user_obj is None:
wok_log.error('User "%s" does not exist', username)
raise OperationFailed('GINUSER0011E', {'user': username})
try:
adm.deleteUser(user_obj, True, True)
except Exception as e:
wok_log.error('Could not delete user %s: %s', username, e)
raise OperationFailed('GINUSER0010E', {'user': username})
def _add_user_to_kvm_group(self, user):
# Add new user to KVM group
if not isinstance(user, str) or not user.strip():
raise InvalidParameter('GINUSER0009E', {'user': user})
adm = libuser.admin()
kvmgrp = get_group_obj('kvm')
if isinstance(user, unicode):
user = user.encode('utf-8')
kvmgrp.add('gr_mem', user)
ret = adm.modifyGroup(kvmgrp)
if ret != 1:
raise OperationFailed('GINUSER0006E', {'user': user})
def __init__(self):
Module.__init__(self)
self.priority = 90
self.sidebarTitle = N_("Create User")
self.title = N_("Create User")
self.icon = "create-user.png"
self.admin = libuser.admin()
self.nisFlag = None
self._problemFiles = []
self._count = 0
def __init__(self):
Module.__init__(self)
self.priority = 90
self.sidebarTitle = N_("Create User")
self.title = N_("Create User")
self.icon = "create-user.png"
self.admin = libuser.admin()
self.nisFlag = None
self._problemFiles = []
self._count = 0
def setUserPassword(self,
username,
password,
isCrypted,
lock,
algo=None,
root=None):
childpid = os.fork()
if root is not None:
rootval = root
else:
rootval = iutil.getSysroot()
if not childpid:
if not rootval in ["", "/"]:
os.chroot(rootval)
os.chdir("/")
del (os.environ["LIBUSER_CONF"])
self.admin = libuser.admin()
try:
user = self.admin.lookupUserByName(username)
if isCrypted:
self.admin.setpassUser(user, password, True)
else:
self.admin.setpassUser(user,
cryptPassword(password, algo=algo),
True)
if lock:
self.admin.lockUser(user)
self.admin.modifyUser(user)
os._exit(0)
except Exception as e:
log.critical("Error when setting user password: %s" % str(e))
os._exit(1)
try:
(pid, status) = os.waitpid(childpid, 0)
except OSError as e:
log.critical(
"exception from waitpid while creating a user: %s %s" %
(e.errno, e.strerror))
return False
if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0):
return True
else:
return False
def delete_group(groupname):
adm = libuser.admin()
group_obj = adm.lookupGroupById(int(get_group_gid(groupname)))
if group_obj is None:
wok_log.error('Could not delete group "%s"', groupname)
raise OperationFailed('GINUSER0012E', {'group': groupname})
if not adm.enumerateUsersByGroup(groupname):
try:
adm.deleteGroup(group_obj)
except Exception as e:
wok_log.error('Could not delete group "%s": %s', groupname, e)
raise OperationFailed('GINUSER0012E', {'group': groupname})
def set_password(password, user):
admin = libuser.admin()
root = admin.lookupUserByName(user)
passwd = cryptPassword(password)
try:
_functions.unmount_config("/etc/shadow")
_functions.unmount_config("/etc/passwd")
admin.setpassUser(root, passwd, "is_crypted")
except:
raise
finally:
_functions.ovirt_store_config("/etc/shadow")
_functions.ovirt_store_config("/etc/passwd")
return True
def createGroup(self, group_name, **kwargs):
"""Create a new user on the system with the given name. Optional kwargs:
gid -- The GID for the new user. If none is given, the next
available one is used.
root -- The directory of the system to create the new user
in. homedir will be interpreted relative to this.
Defaults to /mnt/sysimage.
"""
childpid = os.fork()
root = kwargs.get("root", ROOT_PATH)
if not childpid:
if not root in ["", "/"]:
os.chroot(root)
os.chdir("/")
del (os.environ["LIBUSER_CONF"])
self.admin = libuser.admin()
if self.admin.lookupGroupByName(group_name):
log.error("Group %s already exists, not creating.", group_name)
os._exit(1)
groupEnt = self.admin.initGroup(group_name)
if kwargs.get("gid", -1) >= 0:
groupEnt.set(libuser.GIDNUMBER, kwargs["gid"])
try:
self.admin.addGroup(groupEnt)
except RuntimeError as e:
log.critical("Error when creating new group: %s", e)
os._exit(1)
os._exit(0)
try:
status = os.waitpid(childpid, 0)[1]
except OSError as e:
log.critical(
"exception from waitpid while creating a group: %s %s",
e.errno, e.strerror)
return False
if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0):
return True
else:
return False
def _add_user_to_kvm_group(self, user):
# Add new user to KVM group
if not isinstance(user, str) or not user.strip():
wok_log.error('username is not non-empty string. name: %s' % user)
raise InvalidParameter('GINUSER0009E',
{'user': user,
'err': 'see log for details'})
adm = libuser.admin()
kvmgrp = get_group_obj('kvm')
if isinstance(user, unicode):
user = user.encode('utf-8')
kvmgrp.add('gr_mem', user)
ret = adm.modifyGroup(kvmgrp)
if ret != 1:
raise OperationFailed('GINUSER0006E', {'user': user})
def createGroup (self, group_name, **kwargs):
"""Create a new user on the system with the given name. Optional kwargs:
gid -- The GID for the new user. If none is given, the next
available one is used.
root -- The directory of the system to create the new user
in. homedir will be interpreted relative to this.
Defaults to /mnt/sysimage.
"""
childpid = os.fork()
root = kwargs.get("root", "/mnt/sysimage")
if not childpid:
if not root in ["","/"]:
os.chroot(root)
os.chdir("/")
del(os.environ["LIBUSER_CONF"])
self.admin = libuser.admin()
if self.admin.lookupGroupByName(group_name):
log.error("Group %s already exists, not creating.", group_name)
os._exit(1)
groupEnt = self.admin.initGroup(group_name)
if kwargs.get("gid", -1) >= 0:
groupEnt.set(libuser.GIDNUMBER, kwargs["gid"])
try:
self.admin.addGroup(groupEnt)
except RuntimeError as e:
log.critical("Error when creating new group: %s", e)
os._exit(1)
os._exit(0)
try:
status = os.waitpid(childpid, 0)[1]
except OSError as e:
log.critical("exception from waitpid while creating a group: %s %s", e.errno, e.strerror)
return False
if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0):
return True
else:
return False
def _prepareChroot(self, root):
# Unfortunately libuser doesn't have an API to operate on a
# chroot, so we hack it here by forking a child and calling
# chroot() in that child's context.
childpid = os.fork()
if not childpid:
if not root in ["", "/"]:
os.chroot(root)
os.chdir("/")
# This is ok because it's after a fork
del (os.environ["LIBUSER_CONF"]) # pylint: disable=environment-modify
self.admin = libuser.admin()
return childpid
def _prepareChroot(self, root):
# Unfortunately libuser doesn't have an API to operate on a
# chroot, so we hack it here by forking a child and calling
# chroot() in that child's context.
childpid = os.fork()
if not childpid:
if not root in ["", "/"]:
os.chroot(root)
os.chdir("/")
# This is ok because it's after a fork
del(os.environ["LIBUSER_CONF"]) # pylint: disable=environment-modify
self.admin = libuser.admin()
return childpid
def checkUserExists(self, username, root="/mnt/sysimage"):
childpid = os.fork()
if not childpid:
if not root in ["","/"]:
os.chroot(root)
del(os.environ["LIBUSER_CONF"])
self.admin = libuser.admin()
try:
if self.admin.lookupUserByName(username):
os._exit(0)
except Exception, e:
log.critical("Error when searching for user: %s" % str(e))
os._exit(1)
def _get_user_profile(self, user):
# ADMIN: Check /etc/sudoers.d
adm = libuser.admin()
if os.path.isfile(SUDOERS_FILE % user):
return 'admin'
else:
wheelgrp = adm.lookupGroupByName('wheel')
if wheelgrp is not None and user in wheelgrp.get('gr_mem'):
return 'admin'
sudogrp = adm.lookupGroupByName('sudo')
if sudogrp is not None and user in sudogrp.get('gr_mem'):
return 'admin'
# VIRTUSER: Check kvm group
kvmgrp = adm.lookupGroupByName('kvm')
if user in kvmgrp.get('gr_mem'):
return 'virtuser'
# KIMCHIUSER: If not any before
return 'kimchiuser'