def load(self, name):
self.__lock.acquire()
try:
passwd_db = PasswdFile(self.__password_file)
passwd_db.load()
if name in passwd_db:
self.__user = passwd_db[name]
else:
self.__user = None
raise EInvalidValue('name', name, 'No such user.')
self.__file_modified = passwd_db.last_modified()
# loading /etc/shadow database
shadow_db = ShadowFile(self.__shadow_file)
shadow_db.load()
if name in shadow_db:
self.__shadow = shadow_db[name]
else:
self.__shadow = None
raise EInvalidValue('User (', name,
') does not exist in shadow')
self.__shadow_file_modified = shadow_db.last_modified()
self.__loaded = 1
finally:
self.__lock.release()
def load(self,name):
self.__lock.acquire()
try:
passwd_db = PasswdFile(self.__password_file)
passwd_db.load()
if name in passwd_db:
self.__user = passwd_db[name]
else:
self.__user = None
raise EInvalidValue('name',name,'No such user.')
self.__file_modified = passwd_db.last_modified()
# loading /etc/shadow database
shadow_db = ShadowFile(self.__shadow_file)
shadow_db.load()
if name in shadow_db:
self.__shadow = shadow_db[name]
else:
self.__shadow = None
raise EInvalidValue('User (' ,name, ') does not exist in shadow')
self.__shadow_file_modified = shadow_db.last_modified()
self.__loaded = 1
finally:
self.__lock.release()
def load(self, name):
self.__lock.acquire()
try:
passwd_db = PasswdFile(self.__password_file)
passwd_db.load()
if name in passwd_db:
self.__user = passwd_db[name]
else:
raise EInvalidValue('name', name, 'No such user.')
shadow_db = ShadowFile(self.__shadow_file)
shadow_db.load()
if name in shadow_db:
self.__shadow = shadow_db[name]
else:
raise EInvalidValue('name', name, 'No such user.')
self.__groups = []
groups_db = GroupFile(self.__group_file)
groups_db.load()
for group_name in self.__user.groups(groups_db):
self.__groups.append(groups_db[group_name])
if not self.__groups:
raise EInvalidValue('name', name, 'User belongs to no groups.')
self.__loaded = 1
finally:
self.__lock.release()
def configure(self, config):
for attrname in self.readonly:
current = getattr(self, attrname, None)
incoming = config.get(attrname)
if None not in (current, incoming) and (current != incoming):
message = 'Attribute "%s" is readonly for User "%s". '
message += 'Overriding new value %s with current value %s.'
message = message % (attrname, self.name, incoming, current)
msglog.log('broadway', msglog.types.WARN, message)
config[attrname] = current
self.description = config.get('description', self.description)
self.homepage = config.get('homepage', self.homepage)
# Ignoring password if all astericks.
password = config.get('password', "")
if config.has_key('old_password') and config.get('old_password') == '':
raise Exception("Invalid Old Password")
old_password = config.get('old_password', None)
if password and (password != len(password) * '*'):
system_users = PasswdFile()
system_users.load()
if old_password and config.get('name', '') in system_users:
system_shadow = ShadowFile()
system_shadow.load()
shadowentry = system_shadow[config.get('name')]
if not shadowentry.password_matches_crypt(old_password):
raise Exception("Invalid Old Password")
self.__set_password(password)
self.password = password
super(User, self).configure(config)
if config.has_key('roles'):
self.set_roles(list(config.get('roles', self.roles)))
def load(self, name):
self.__lock.acquire()
try:
passwd_db = PasswdFile(self.__password_file)
passwd_db.load()
if name in passwd_db:
self.__user = passwd_db[name]
else:
raise EInvalidValue("name", name, "No such user.")
shadow_db = ShadowFile(self.__shadow_file)
shadow_db.load()
if name in shadow_db:
self.__shadow = shadow_db[name]
else:
raise EInvalidValue("name", name, "No such user.")
self.__groups = []
groups_db = GroupFile(self.__group_file)
groups_db.load()
for group_name in self.__user.groups(groups_db):
self.__groups.append(groups_db[group_name])
if not self.__groups:
raise EInvalidValue("name", name, "User belongs to no groups.")
self.__loaded = 1
finally:
self.__lock.release()
def set_password(self,password, validate=True):
self.__lock.acquire()
try:
shadow_db = ShadowFile(self.__shadow_file)
shadow_db.load()
shadowentry = shadow_db[self.name()]
shadowentry.passwd(password, validate)
shadow_db[self.name()] = shadowentry
shadow_db.save()
finally:
self.__lock.release()
self.load(self.name())
def save(self):
self.__lock.acquire()
try:
passwd_db = PasswdFile(self.__password_file)
passwd_db.load()
passwd_db[self.name()] = self.password_entry()
passwd_db.save()
# save /etc/shadow content
shadow_db = ShadowFile(self.__shadow_file)
shadow_db.load()
shadow_db[self.name()] = self.shadow_entry()
shadow_db.save()
finally:
self.__lock.release()
self.load(self.name())
def is_dirty(self):
if not self.__loaded:
return 1
self.__lock.acquire()
try:
passwd_db = PasswdFile(self.__password_file)
if not passwd_db.exists():
return 1
else:
return not not (passwd_db.last_modified() > self.__file_modified)
shadow_db = ShadowFile(self.__shadow_file)
if not shadow_db.exists():
return 1
else:
return not not (shadow_db.last_modified() > self.__shadow_file_modified)
finally:
self.__lock.release()
def is_dirty(self):
if not self.__loaded:
return 1
self.__lock.acquire()
try:
passwd_db = PasswdFile(self.__password_file)
if not passwd_db.exists():
return 1
else:
return not not (passwd_db.last_modified() >
self.__file_modified)
shadow_db = ShadowFile(self.__shadow_file)
if not shadow_db.exists():
return 1
else:
return not not (shadow_db.last_modified() >
self.__shadow_file_modified)
finally:
self.__lock.release()
def set_password(self, password, validate=True):
self.__lock.acquire()
try:
shadow_db = ShadowFile(self.__shadow_file)
shadow_db.load()
shadowentry = shadow_db[self.name()]
shadowentry.passwd(password, validate)
shadow_db[self.name()] = shadowentry
shadow_db.save()
finally:
self.__lock.release()
self.load(self.name())
def save(self):
self.__lock.acquire()
try:
passwd_db = PasswdFile(self.__password_file)
passwd_db.load()
passwd_db[self.name()] = self.password_entry()
passwd_db.save()
# save /etc/shadow content
shadow_db = ShadowFile(self.__shadow_file)
shadow_db.load()
shadow_db[self.name()] = self.shadow_entry()
shadow_db.save()
finally:
self.__lock.release()
self.load(self.name())
def __synchronize_system(self, usernode, currentname=None, validate=True):
system_users = PasswdFile()
system_shadow = ShadowFile()
system_groups = GroupFile()
userchange = False
shadowchange = False
groupchange = False
group_is_private = False
system_users.load()
system_shadow.load()
system_groups.load()
flag = 0
#flag will be used to check if system admin is
#being demoted. bug CSCth82465
#if system admin is being demoted,
#it's entry will be removed and added again
if usernode and usernode.name in system_users:
userentry = system_users[usernode.name]
#user is a system administrator, but not mpxadmin,
#and it's current role is not mpxadmin
#i.e. a system administrator other than mpxadmin is being demoted
if userentry.user_type() == 'mpxadmin' \
and usernode.name != 'mpxadmin' \
and self.role_manager.administrator.name not in usernode.roles:
flag = 1
if usernode is None or flag:
# If no usernode is provided, the user with name 'currentname' is
# being removed.
if flag:
currentname = usernode.name
if currentname is None:
raise ValueError('Name must be provided when removing user.')
userentry = system_users[currentname]
# Loop through all groups to which user belongs, removing user.
groups = userentry.groups(system_groups)
for groupentry in groups:
users = groupentry.user_list()
# User is not in user list of private group, so only
# groups in to which user *also* belongs are modified.
if currentname in users:
users.remove(currentname)
groupentry.user_list(users)
groupchange = True
message = 'removed user "%s" from group "%s".'
self.output_message(message %
(currentname, groupentry.group()))
# If a private group was associated with the user--a group
# whose name is the same as the user name and whose member
# list contains no entries--find and remove it to keep clean.
if currentname in system_groups:
groupentry = system_groups[currentname]
if len(groupentry.user_list()) == 0:
# Private group for user entry, remove it.
del (system_groups[currentname])
groupchange = True
self.output_message('removed private group "%s".' %
currentname)
# Finally, delete user itself.
del (system_users[userentry.user()])
userchange = True
# delete user details from /etc/shadow
del (system_shadow[userentry.user()])
shadowchange = True
self.output_message('removed user "%s" from system.' % currentname)
#delete user from the cache
as_node('/services/User Manager').remove_user(currentname)
if usernode:
username = usernode.name
# Name may be being changed. Node reference always has correct
# name, where 'currentname' is the previous name if the name
# is in fact being changed. Rename child operations take
# advantage of this.
if currentname is None:
currentname = username
if currentname in system_users:
# User already exists, must be being updated.
fd = open("/etc/group", "r")
userentry = system_users[currentname]
userid = userentry.uid()
groupid = userentry.gid()
flag = 1
for line in fd.readlines():
if re.search(str(groupid), line, re.IGNORECASE) != None:
flag = 0
break
if flag:
cmd = "addgroup -g "
cmd += str(groupid)
cmd += " "
cmd += currentname
os.system(cmd)
flag = 0
groupentry = system_groups[groupid]
shadowentry = system_shadow[currentname]
else:
# User is completely new and user and private group
# must be created.
userid = system_users.new_uid()
while userid in system_groups:
userid = system_users.new_uid(userid)
else:
groupid = userid
userentry = PasswdEntry()
groupentry = GroupEntry()
shadowentry = ShadowEntry()
message = 'creating user "%s" and group "%s".'
self.output_message(message % (username, username))
# A private group has the same name as the associated
# user account.
group_is_private = False
if groupentry.group() == userentry.user():
group_is_private = True
# If username has changed: change entry and flag.
if userentry.user() != username:
groups = []
if userentry.user() is not None:
# New users cause exception when doing
# group lookup before name is set.
groups = userentry.groups(system_groups)
currentname = userentry.user()
userentry.user(username, validate)
userchange = True
shadowentry.user(username, validate)
shadowchange = True
message = 'changed user name from "%s" to "%s".'
self.output_message(message % (currentname, username))
# Modify groups to which user belongs to reflect updated name.
for group in groups:
users = group.user_list()
if currentname in users and username not in users:
users[users.index(currentname)] = username
group.user_list(users)
groupchange = True
message = 'changed user "%s" in group "%s" to "%s".'
self.output_message(
message % (currentname, group.group(), username))
# If group is only for this user and group name isn't username,
# change and flag.
if group_is_private and groupentry.group() != username:
currentgroup = groupentry.group()
groupentry.group(username)
groupchange = True
message = 'changed group name from "%s" to "%s".'
self.output_message(message % (currentgroup, username))
# Change user-entry's password if doesn't match user node's.
password = usernode.password
if len(password
) and not shadowentry.password_matches_crypt(password):
shadowentry.user(username, validate)
shadowentry.passwd(password, validate)
userentry.passwd('x', False)
shadowentry.lstchg()
shadowchange = True
userchange = True
self.output_message('changed password for user "%s".' %
username)
# Set user-entry UID to calulated UID (used for new entries).
if not userentry.uid() == userid:
currentuid = userentry.uid()
userentry.uid(userid)
userchange = True
message = 'changed UID for user "%s" from %s to %s.'
self.output_message(message % (username, currentuid, userid))
# Set user-entry GID to calculated GID (used for new entries).
if userentry.gid() != groupid:
currentgid = userentry.gid()
userentry.gid(groupid)
userchange = True
message = 'changed GID for user "%s" from %s to %s.'
self.output_message(message % (username, currentgid, groupid))
if not userentry.gecos():
currentgecos = userentry.gecos()
userentry.gecos('ROLE=user')
userchange = True
message = 'changed gecos for user "%s" from %s to %s.'
self.output_message(message %
(username, currentgecos, 'ROLE=user'))
# Set group-entry GID to calculated GID (should match whether private or not).
if groupentry.gid() != groupid:
currentgid = groupentry.gid()
groupentry.gid(groupid)
groupchange = True
message = 'changed GID for group "%s" from %s to %s.'
self.output_message(message %
(groupentry.group(), currentgid, groupid))
if userchange:
# Passwd file changed, set user into user dicationary
# in case user was newly created, and save back file.
system_users[userentry.user()] = userentry
system_users.save()
userchange = False
as_node('/services/User Manager').remove_user(usernode.name)
if shadowchange:
# /etc/shadow file changed, set user into user dicationary
# in case user was newly created, and save back file.
system_shadow[shadowentry.user()] = shadowentry
system_shadow.save()
shadowchange = False
if groupchange:
# Group file changed, set user into groups dicationary
# in case group was newly created, and save back file.
system_groups[groupentry.group()] = groupentry
system_groups.save()
groupchange = False
roles = usernode.roles[:]
if self.role_manager.administrator.name in roles:
if userentry.user_type() != 'mpxadmin':
userchange = True
shadowchange = True
groupchange = True
userentry.user_type('mpxadmin', system_users,
system_groups)
self.output_message(
'made user "%s" into "mpxadmin" type.' % username)
if username in system_groups:
group = system_groups[username]
if userentry.gid() != group.gid():
users = group.user_list()
if len(users) == 0:
del (system_groups[username])
groupchange = True
message = 'removed group "%s". ' % username
message += 'Group no longer referenced.'
else:
message = 'not removing group "%s". ' % username
message += 'Still has users %s.' % (users, )
self.output_message(message)
elif userentry.user_type() == 'mpxadmin':
message = 'System Administrator cannot be demoted. '
message += 'User "%s" must be removed in order to demote.'
raise TypeError(message % username)
if userchange:
system_users.save()
userchange = False
username = usernode.name if usernode else currentname
as_node('/services/User Manager').remove_user(username)
if shadowchange:
system_shadow.save()
shadowchange = False
if groupchange:
system_groups.save()
userchange = False
return (userchange or groupchange or shadowchange)
